Poppler: Multiple Vulnerabilities

Background Poppler is a PDF rendering library based on the xpdf-3.0 code base. Description Multiple vulnerabilities have been discovered in Poppler. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is...

GStreamer, GStreamer Plugins: Multiple Vulnerabilities

Background GStreamer is an open source multimedia framework. Description Multiple vulnerabilities have been discovered in GStreamer, GStreamer Plugins. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There...

RDoc: Remote Code Execution

Background RDoc produces HTML and command-line documentation for Ruby projects. Description A vulnerability has been discovered in RDoc. Please review the CVE identifier referenced below for details. Impact When parsing .rdocoptions used for configuration in RDoc as a YAML file, object injection...

LibRaw: Heap Buffer Overflow

Background LibRaw is a library for reading RAW files obtained from digital photo cameras. Description A vulnerability has been discovered in LibRaw. Please review the CVE identifier referenced below for details. Impact A heap-buffer-overflow in raw2imageex caused by a maliciously crafted file may...

Twisted: Multiple Vulnerabilities

Background Twisted is an asynchronous networking framework written in Python. Description Multiple vulnerabilities have been discovered in Twisted. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is ...

Alpine: Multiple Vulnerabilities

Background Alpine is an easy to use text-based based mail and news client. Description Multiple vulnerabilities have been discovered in Alpine. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...

Chromium, Google Chrome: Multiple vulnerabilities

Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...

Python: Multiple vulnerabilities

Background Python is an interpreted, interactive, object-oriented programming language. Description Multiple vulnerabilities have been discovered in Python. Please review the bugs referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of t...

Wireshark: Multiple vulnerabilities

Background Wireshark is a network protocol analyzer formerly known as ethereal. Description Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There...

GLSA-202011-03 : KPMCore: Root privilege escalation

The remote host is affected by the vulnerability described in GLSA-202011-03 KPMCore: Root privilege escalation Improper checks on the D-Bus request received resulted in improper protection for /etc/fstab. Impact : An attacker could esclate privileges to root by exploiting this vulnerability...

NTFS-3G: Remote code execution, possible privilege escalation

Background NTFS-3G is a stable, full-featured, read-write NTFS driver for various operating systems. Description An integer underflow issue exists in NTFS-3G which may cause a heap buffer overflow with crafted input. Impact A remote attacker may be able to execute arbitrary code while a local...

sudo: Multiple vulnerabilities

Background sudo su “do” allows a system administrator to delegate authority to give certain users or groups of users the ability to run some or all commands as root or another user while providing an audit trail of the commands and their arguments. Description Multiple vulnerabilities have been...

Vim, gVim: Remote execution of arbitrary code

Background Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim. Description It was found that the :source! command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text fil...

SpamAssassin: Multiple vulnerabilities

Background SpamAssassin is an extensible email filter used to identify junk email. Description Multiple vulnerabilities have been discovered in SpamAssassin. Please review the referenced CVE identifiers for details. Impact A remote attacker could execute arbitrary code, escalate privileges, or...

Adobe Flash Player: Multiple vulnerabilities

Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the referenced CVE identifiers for details. Impact A remote attacker coul...

GLSA-201707-13 : libcroco: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201707-13 libcroco: Multiple vulnerabilities Multiple vulnerabilities have been discovered in libcroco. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a...

Ruby Archive::Tar::Minitar: Directory traversal

Background Archive::Tar::Minitar is a pure-Ruby library and command-line utility that provides the ability to deal with POSIX tar1 archive files. Description Michal Marek discovered that Ruby Archive::Tar::Minitar is vulnerable to a directory traversal vulnerability. Impact A remote attacker coul...

ICU: Multiple vulnerabilities

Background ICU is a mature, widely used set of C/C++ and Java libraries providing Unicode and Globalization support for software applications. Description Multiple vulnerabilities have been discovered in ICU. Please review the CVE identifiers referenced below for details. Impact Remote attackers...

OptiPNG: Multiple vulnerabilities

Background OptiPNG is a PNG optimizer that recompresses image files to a smaller size, without losing any information. Description Multiple vulnerabilities have been discovered in OptiPNG. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user...

file: Denial of service

Background The file utility attempts to identify a file’s format by scanning binary data for patterns. Description An issue with the ELF parser used by the file utility can cause a resource consumption when reading a specially-crafted ELF binary. Impact A context-dependent attacker may be able to...