(Oct 10) Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed Real, MV, RL2, ASF, Apple HLS, Phantom Cine, MXF, NSV, MOV or RTP H.264 files/streams are processed.
(Oct 8) Christian Boxd?rfer discovered a vulnerability in the handling of FreeDesktop.org .desktop files in Nautilus, a file manager for the GNOME desktop environment. An attacker can craft a .desktop file intended to run malicious commands but displayed as a innocuous document file in Nautilus. An
(Oct 6) It was discovered that the Tor onion service could leak sensitive information to log files if the “SafeLogging” option is set to “0”. The oldstable distribution (jessie) is not affected.
(Oct 6) Several vulnerabilities have been discovered in cURL, an URL transfer library. The Common Vulnerabilities and Exposures project identifies the following problems:
(Sep 21) Multiple vulnerabilities were discovered in the implementation of the Perl programming language. The Common Vulnerabilities and Exposures project identifies the following problems:
(Sep 30) An integer overflow vulnerability was discovered in decode_digit() in libidn2-0, the GNU library for Internationalized Domain Names (IDNs), allowing a remote attacker to cause a denial of service against an application using the library (application crash).
(Sep 29) Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service, cross-site scripting or bypass of
(Sep 29) Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service if a specially crafted Postscript file is processed.
(Sep 28) Several vulnerabilities have been discovered in the chromium web browser. CVE-2017-5111
(Sep 26) joernchen discovered that the git-cvsserver subcommand of Git, a distributed version control system, suffers from a shell command injection vulnerability due to unsafe use of the Perl backtick operator. The git-cvsserver subcommand is reachable from the