Several issues have been found in faad2, a freeware Advanced Audio Decoder player. They are related to heap buffer overflows or null pointer dereferences, which both might allow an attacker to execute code by
Tenable discovered that in Babel, a set of tools for internationalizing Python applications, Babel.Locale allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution. This
Richard Weinberger reported that unsquashfs in squashfs-tools, the tools to create and extract Squashfs filesystems, does not check for duplicate filenames within a directory. An attacker can take advantage of this flaw
A regression was introduced in DLA-2768-1, where the uwsgi proxy module for Apache2 (mod_proxy_uwsgi) interprets incorrect Apache configurations in a less forgiving way, causing existing setups to fail after upgrade.
The security update of smarty3, the compiling PHP template engine, issued as DLA 2618-1 introduced a regression in the smarty_security class when secure directories are evaluated. Updated smarty3 packages are now available to correct this issue.
Redmine, a project management web application, may disclose the names of users on activity views due to an insufficient access filter. An attacker may infer information of users working on private projects.