libssh: Multiple Vulnerabilities

Background libssh is a multiplatform C library implementing the SSHv2 protocol on client and server side. Description Multiple vulnerabilities have been discovered in libssh. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

libyang: Multiple vulnerabilities

Background YANG data modeling language library. Description Multiple vulnerabilities have been discovered in libyang. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this...

GLSA-202006-01 : GnuTLS: Information disclosure

The remote host is affected by the vulnerability described in GLSA-202006-01 GnuTLS: Information disclosure A flaw was reported in the TLS session ticket key construction in GnuTLS. Impact : A remote attacker could recover previous conversations in TLS 1.2 and obtain sensitive information or...

GnuTLS: Information disclosure

Background GnuTLS is an Open Source implementation of the TLS and SSL protocols. Description A flaw was reported in the TLS session ticket key construction in GnuTLS. Impact A remote attacker could recover previous conversations in TLS 1.2 and obtain sensitive information or conduct a...

GLSA-201908-05 : LibVNCServer: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201908-05 LibVNCServer: Multiple vulnerabilities Multiple vulnerabilities have been discovered in LibVNCServer. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers...

GLSA-201904-14 : GnuTLS: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201904-14 GnuTLS: Multiple vulnerabilities Multiple vulnerabilities have been discovered in GnuTLS. Please review the CVE identifiers referenced below for details. Impact : Please review the CVE identifiers referenced below for...

GLSA-201903-22 : ZeroMQ: Code execution

The remote host is affected by the vulnerability described in GLSA-201903-22 ZeroMQ: Code execution Please reference the CVE for details. Impact : Please reference the CVE for details. Workaround : There is no known workaround at this time. C Tenable Network Security, Inc. The descriptive text an...

GLSA-201903-12 : WebkitGTK+: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201903-12 WebkitGTK+: Multiple vulnerabilities Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details. Impact : An attacker could execute arbitrary code or conduct...

WebkitGTK+: Multiple vulnerabilities

Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Description Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the...

GLSA-201812-04 : WebkitGTK+: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201812-04 WebkitGTK+: Multiple vulnerabilities Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details. Impact : A remote attacker could execute arbitrary commands or...

WebkitGTK+: Multiple vulnerabilities

Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Description Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the...

libsoup: Arbitrary remote code execution

Background libsoup is an HTTP client/server library for GNOME. Description A stack based buffer overflow vulnerability was discovered in libsoup. Impact A remote attacker, by using specially crafted HTTP requests, could execute arbitrary code with the privileges of the process. Workaround There i...

MiniUPnPc: Buffer overflow

Background UPnP client library and a simple UPnP client. Description An out-of-bounds read was discovered in the getHTTPResponse function in miniwget.c in MiniUPnPc. Impact Remote attackers, through specially crafted headers, could cause a Denial of Service condition. Workaround There is no known...

GLSA-201612-41 : WebKitGTK+: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201612-41 WebKitGTK+: Multiple vulnerabilities Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details. Impact : A remote attacker can use multiple vectors to...

Node.js: Multiple vulnerabilities

Background Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript engine. Description Multiple vulnerabilities have been discovered in Node.js. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly cause a Denial of Service condition, or...

libssh and libssh2: Multiple vulnerabilities

Background libssh is a mulitplatform C library implementing the SSHv2 and SSHv1 protocol on client and server side. Description libssh and libssh2 both have a bits/bytes confusion bug and generate an abnormaly short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key...

Gentoo Security Advisory GLSA 201408-03

Gentoo Linux Local Security Checks GLSA 201408-03 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

GnuTLS: Multiple vulnerabilities

Background GnuTLS is an Open Source implementation of the TLS 1.2 and SSL 3.0 protocols. Description Multiple vulnerabilities have been discovered in GnuTLS. Please review the CVE identifiers referenced below for details. Impact A remote attacker could utilize multiple vectors to spoof arbitrary...

libssh: Arbitrary code execution

Background libssh is a C library providing SSHv2 and SSHv1. Description Multiple buffer overflow, double free, and integer overflow vulnerabilities have been discovered in libssh. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial o...

libgssglue: Privilege escalation

Background libgssglue exports a GSSAPI interface which calls other random GSSAPI libraries. Description libgssglue does not securely use getenv when loading a library for a setuid application. Impact A local attacker could gain escalated privileges. Workaround There is no known workaround at this...