#debian

Tech giant Microsoft released its last set of monthly security updates for 2022 with fixes for 49 vulnerabilities across its software products. Of the 49 bugs, six are rated Critical, 40 are rated Important, and three are rated Moderate in severity. The updates are in addition to 24 vulnerabilities that have been addressed in the Chromium-based Edge browser since the start of the month.

Google on Tuesday announced the open source availability of OSV-Scanner, a scanner that aims to offer easy access to vulnerability information about various projects. The Go-based tool, powered by the Open Source Vulnerabilities (OSV) database, is designed to connect "a project's list of dependencies with the vulnerabilities that affect them," Google software engineer Rex Pan in a post shared

Debian Linux Security Advisory 5300-1 - Multiple security issues were discovered in pngcheck, a tool to verify the integrity of PNG, JNG and MNG files, which could potentially result in the execution of arbitrary code.

Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on the HEAD HTTP method allowing everyone to bypass the Basic Authorization mechanism.

ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7u_ZRD_GR2_A68 is vulnerable to remote stack buffer overflow.

ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7u_ZRD_GR2_A68 is vulnerable to remote stack buffer overflow.

Debian Linux Security Advisory 5299-1 - Multiple security vulnerabilities have been found in OpenEXR, command-line tools and a library for the OpenEXR image format. Buffer overflows or out-of-bound reads could lead to a denial of service (application crash) if a malformed image file is processed.

Debian Linux Security Advisory 5298-1 - Two security vulnerabilities have been discovered in Cacti, a web interface for graphing of monitoring systems, which could result in unauthenticated command injection or LDAP authentication bypass.

Debian Linux Security Advisory 5297-1 - A buffer overflow was discovered in the VNC module of the VLC media player, which could result in the execution of arbitrary code.

Debian Linux Security Advisory 5296-1 - Robin Peraglie and Johannes Moritz discovered an argument injection bug in the xfce4-mime-helper component of xfce4-settings, which can be exploited using the xdg-open common tool. Since xdg-open is used by multiple standard applications for opening links, this bug could be exploited by an attacker to run arbitrary code on an user machine by providing a malicious PDF file with specifically crafted links.