● Live advisory feed
Security Advisory Fusion for CSIRTs, SOCs & Defenders
Security advisories from 24 sources — CISA, CERT-EU, NCSC-UK, BSI, CERT-FR, NCSC-NL, JPCERT/CC, JVN, HKCERT, the Canadian Cyber Centre, NVD, GitHub, Microsoft, Cisco, Fortinet, Palo Alto Networks and more — normalized, translated to English and flagged against the CISA KEV catalog. One global feed for CSIRTs, SOCs and defenders.
Kate Deplaix reported that .install file directives were insufficiently restricted in OPAM, a package manager for OCaml. Installing files through .install files did not check symlinks resolution on the target path, which could result in directory traversal out of the package area…
Guillaume Winter discovered that pgextwlist, an extension for PostgreSQL implementing a whitelist mechanism for PostgreSQL extensions, was susceptible to SQL injection via crafted schema and user names. https://security-tracker.debian.org/tracker/DSA-6385-1
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. https://security-tracker.debian.org/tracker/DSA-6384-1
Multiple security vulnerabilities were discovered in the Postfix mail transport agent, which could result in denial of service. https://security-tracker.debian.org/tracker/DSA-6382-1
Multiple security vulnerabilities were discovered in imagemagick, a software suite used for editing and manipulating digital images, which could lead to denial of service, information disclosure or potentially arbitrary code execution if malformed images are processed. https://se…
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. https://security-tracker.debian.org/tracker/DSA-6378-1
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. https://security-tracker.debian.org/tracker/DSA-6381-1
Multiple security vulnerabilities were discovered in the BIRD internet routing daemon, which could result in denial of service. https://security-tracker.debian.org/tracker/DSA-6379-1
Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in information disclosure, code execution via unsafe deserialisation or cross-site scripting. https://security-tracker.debian.org/tracker/DSA-6380-1
It was discovered that a buffer overflow in the implementation of AES Key Wrap with Padding in the openssl extension of PHP, a widely-used open source general purpose scripting language, could result in memory corruption. https://security-tracker.debian.org/tracker/DSA-6377-1
Multiple security vulnerabilities were discovered in OpenVPN, which could result in denial of service. https://security-tracker.debian.org/tracker/DSA-6376-1
Multiple security issues have been discovered in FastNetMon, a fast DDoS analyzer: TLS connections were insufficently validated and malformed Netflow/sFlow traffic could result in denial of service. https://security-tracker.debian.org/tracker/DSA-6375-1
Multiple vulnerabilities were discoverd in Nginx, a high-performance web and reverse proxy server, which could result in remote code execution, denial of service or memory disclosure. https://security-tracker.debian.org/tracker/DSA-6374-1
Multiple security vulnerabilities were discovered in Tor, a connection- based low-latency anonymous communication system, would could result in denial of service. https://security-tracker.debian.org/tracker/DSA-6372-1
Multiple security issues were discovered in LXD, a system container and virtual machine manager, which could result in a bypass of security restrictions or the execution of arbitrary commands. https://security-tracker.debian.org/tracker/DSA-6373-1
Several vulnerabilities were discovered in the Xorg X server, which may result in privilege escalation if the X server is running privileged. https://security-tracker.debian.org/tracker/DSA-6370-1
Multiple security vulnerabilities were discovered in the dnsdist DNS loadbalancer, which could result in denial of service, information disclosure or bypass of security rules. https://security-tracker.debian.org/tracker/DSA-6367-1
It was discovered that incorrect request handling in the internal web server of the PowerDNS DNS server could result in denial of service. https://security-tracker.debian.org/tracker/DSA-6368-1
Multiple vulnerabiliites have been discovered in PDNS Recursor, a resolving name server which could result in denial of service, cache poisoning or information disclosure. https://security-tracker.debian.org/tracker/DSA-6369-1
Multiple security vulnerabilities were discovered in the SOGo groupware server, which could result in cross-site scripting or SQL injection. https://security-tracker.debian.org/tracker/DSA-6366-1
Multiple security vulnerabilities were discovered in libssh2, a client-side C library implementing the SSH2 protocol which could result in memory disclosure, denial of service or potentially the execution of arbitrary code. https://security-tracker.debian.org/tracker/DSA-6365-1
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. https://security-tracker.debian.org/tracker/DSA-6364-1
It was discovered that the urllib3 Python HTTP library didn't sanitise some cross-origin redirects, which could result in information disclosure. https://security-tracker.debian.org/tracker/DSA-6363-1
Multiple security vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened. https://security-tracker.debian.or…
Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed. https://security-tracker.debian.org/tracker/DSA-6361-1
Multiple security issues were discovered in the Squid proxy caching server, which could result in information disclosure or denial of service. https://security-tracker.debian.org/tracker/DSA-6360-1
Multiple security vulnerabilities have been discovered in Pillow, a Python imaging library, which could result in denial of service or the execution of arbitrary code if malformed files are processed. https://security-tracker.debian.org/tracker/DSA-6357-1
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. https://security-tracker.debian.org/tracker/DSA-6355-1
Multiple security vulnerabilities were discovered in imagemagick, a software suite used for editing and manipulating digital images, which could lead to denial of service, information disclosure or potentially arbitrary code execution if malformed images are processed. https://se…
A flaw was discovered in libhttp-daemon-perl, a simple http server class for Perl, which may result in the execution of arbitrary shell commands or file overwrite when processing specially crafted input. https://security-tracker.debian.org/tracker/DSA-6358-1
Multiple security vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened. https://security-tracker.debian.or…