#debian

ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7u_ZRD_GR2_A68 suffers from an authentication bypass vulnerability when alternate HTTP methods are leveraged.

ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7u_ZRD_GR2_A68 remote stack buffer overflow exploit that causes a denial of service condition.

Debian Linux Security Advisory 5285-1 - Multiple security vulnerabilities have been found in Asterisk, an Open Source Private Branch Exchange. Buffer overflows and other programming errors could be exploited for information disclosure or the execution of arbitrary code.

Debian Linux Security Advisory 5284-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.

Debian Linux Security Advisory 5283-1 - Several flaws were discovered in jackson-databind, a fast and powerful JSON library for Java.

Debian Linux Security Advisory 5279-2 - Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform SQL injection, create open redirects, bypass authorization access, or perform Cross-Site Request Forgery (CSRF) or Cross-Site Scripting (XSS) attacks. The wordpress package released in DSA-5279-1 had incorrect dependencies that could not be satisfied in Debian stable. This update corrects the problem.

Debian Linux Security Advisory 5282-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure, spoofing or bypass of the SameSite cookie policy.

Red Hat Security Advisory 2022-8506-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include code execution, cross site scripting, denial of service, remote SQL injection, and traversal vulnerabilities.

BKG Professional NtripCaster 2.0.39 allows querying information over the UDP protocol without authentication. The NTRIP sourcetable is typically quite long (tens of kBs) and can be requested with a packet of only 30 bytes. This presents a vector that can be used for UDP amplification attacks. Normally, only authenticated streaming data will be provided over UDP and not the sourcetable.

Debian Linux Security Advisory 5281-1 - It was discovered that parsing errors in the mp4 module of Nginx, a high-performance web and reverse proxy server, could result in denial of service, memory disclosure or potentially the execution of arbitrary code when processing a malformed mp4 file.