FUSE: Multiple Vulnerabilities

Background FUSE Filesystem in Userspace is an interface for userspace programs to export a filesystem to the Linux kernel. Description The following vulnerabilities have been discovered in FUSE: a NULL pointer dereference when running with the NUMA architecture and a use-after-free. The worst of...

DTrace: Arbitrary file creation via dtprobed

Background DTrace is a dynamic tracing tool for analysing or debugging the whole system. Specifically, dtprobed is a component of the DTrace system that keeps track of USDT probes within running processes, parsing and storing the DOF they provide for later consumption by dtrace proper. Descriptio...

Exiv2: Multiple Vulnerabilities

Background Exiv2 is a C++ library and set of tools for parsing, editing and saving Exif and IPTC metadata from images. Description The following vulnerabilities have been discovered in Exiv2: 2 out of bounds reads, an integer overflow, and an uncaught exception. The worst of which can lead to a...

Asterisk: Multiple Vulnerabilities

Background Asterisk is an open source telephony engine and toolkit. Description Multiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

GIMP: Arbitrary Code Execution

Background GIMP is the GNU Image Manipulation Program. XCF is the native image file format used by GIMP. Description A vulnerability has been discovered in GIMP. Please review the CVE identifier referenced below for details. Impact This vulnerability allows remote attackers to execute arbitrary...

Commons-BeanUtils: Arbitary Code Execution

Background Commons-beanutils provides easy-to-use wrappers around Reflection and Introspection APIs Description Multiple vulnerabilities have been discovered in Commons-BeanUtils. Please review the CVE identifiers referenced below for details. Impact A special BeanIntrospector class was added in...

inetutils: Remote Code Execution

Background Inetutils is a collection of common network programs including a telnet client and server. Description The telnetd server invokes /usr/bin/login normally running as root passing the value of the USER environment variable received from the client as the last parameter. If the client...

Vim, gVim: Multiple Vulnerabilities

Background Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim. Description Multiple vulnerabilities have been discovered in Vim, gVim. Please review the CVE identifiers referenced below for details. Impact Please review the...

GnuPG: Arbitrary Code Execution

Background The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software. Description A vulnerability has been discovered in GnuPG's armor parser. Impact A remote attacker could entice a user or automated system to process a specially crafted signature file,...

libpng: Multiple vulnerabilities

Background libpng is the official PNG reference library used to read, write and manipulate PNG images. Description Multiple vulnerabilities have been discovered in libpng. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

librnp: Weak random number generation

Background librnp is a high performance C++ OpenPGP library. Description The affected librnp version generated weak session keys for its public key encryption PKESK mode. Impact Messages encrypted using the affected librnp version might be readable by an attacker with just the public key...

UDisks: Multiple Vulnerabilities

Background UDisks provides a daemon, tools and libraries to access and manipulate disks, storage devices and technologies. Description Multiple vulnerabilities have been discovered in UDisks. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

qtsvg: Multiple Vulnerabilities

Background qtsvg is a SVG rendering library for the Qt framework. Description Multiple vulnerabilities have been discovered in qtsvg. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

Chromium, Google Chrome, Microsoft Edge. Opera: Multiple Vulnerabilities

Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Microsoft Edge is a browser that combines a minimal design with...

redict, redis: Multiple Vulnerabilities

Background Redis is an open source BSD licensed, in-memory data structure store, used as a database, cache and message broker. Description Multiple vulnerabilities have been discovered in Redis. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CV...

WebKitGTK+: Multiple Vulnerabilities

Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Description Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE...

ProFTPd: SSH Terrapin vulnerability

Background ProFTPD is an advanced and very configurable FTP server. Description A vulnerability has been discovered in ProFTPd. Please review the CVE identifier referenced below for details. Impact The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other...

Plex Media Server: Incorrect resource transfer

Background Plex media server is a media library that is intended for use with a plex client. Description A vulnerability has been discovered in glibc. Please review the CVE identifier referenced below for details. Impact Please review the referenced CVE identifier for details. Workaround There is...

Poppler: Multiple Vulnerabilities

Background Poppler is a PDF rendering library based on the xpdf-3.0 code base. Description Multiple vulnerabilities have been discovered in Poppler. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is...

Spidermonkey: Multiple Vulnerabilities

Background SpiderMonkey is Mozilla’s JavaScript and WebAssembly Engine, used in Firefox, Servo and various other projects. It is written in C++, Rust and JavaScript. You can embed it into C++ and Rust projects, and it can be run as a stand-alone shell. Description Multiple vulnerabilities have be...

Django: Multiple Vulnerabilities

Background Django is a Python-based web framework. Description Multiple vulnerabilities have been discovered in Django. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this...

glibc: Multiple Vulnerabilities

Background glibc is a package that contains the GNU C library. Description Multiple vulnerabilities have been discovered in glibc. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workarou...

libvpx: Use after free

Background libvpx is the VP8 codec SDK used to encode and decode video streams, typically within a WebM format media file. Description A vulnerability has been discovered in libvpx. Please review the CVE identifier referenced below for details. Impact Please review the referenced CVE identifier f...

GnuTLS: Multiple Vulnerabilities

Background GnuTLS is a secure communications library implementing the SSL, TLS, and DTLS protocols Description Multiple vulnerabilities have been discovered in GnuTLS. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

GPL Ghostscript: Multiple Vulnerabilities

Background Ghostscript is an interpreter for the PostScript language and for PDF. Description Multiple vulnerabilities have been discovered in GPL Ghostscript. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workarou...

Spreadsheet-ParseExcel: Arbitrary Code Execution

Background Spreadsheet::ParseExcel is a perl module to extract information from Excel files. Description A vulnerability has been discovered in Spreadsheet::ParseExcel. Please review the CVE identifier referenced below for details. Impact Please review the referenced CVE identifier for details...

Composer: Multiple Vulnerabilities

Background Composer is a dependency manager for the PHP programming language. Description Integrators using Composer code to call VcsDriver::getFileContent can have a code injection vulnerability if the user can control the $file or $identifier argument. This leads to a vulnerability on...

PAM: Multiple Vulnerabilities

Background PAM Pluggable Authentication Modules is an architecture allowing the separation of the development of privilege granting software from the development of secure and appropriate authentication schemes. Description Multiple vulnerabilities have been discovered in PAM. Please review the C...

Mozilla Network Security Service (NSS): TLS RSA decryption timing attack

Background The Mozilla Network Security Service is a library implementing security features like SSL v.2/v.3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME and X.509 certificates. Description A vulnerability has been discovered in Mozilla Network Security Service NSS. Please review the CVE...

FontForge: Arbitrary Code Execution

Background FontForge is a PostScript font editor and converter. Description A vulnerabilitiy has been discovered in FontForge. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround a...

Roundcube: Multiple Vulnerabilities

Background Free and open source webmail software for the masses, written in PHP. Description Multiple vulnerabilities have been discovered in Roundcube. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround Ther...

openh264: Heap Overflow

Background OpenH264 is a codec library which supports H.264 encoding and decoding. It is suitable for use in real time applications such as WebRTC. Description A vulnerability has been discovered in openh264. Please review the CVE identifiers referenced below for details. Impact A vulnerability i...

Chromium, Google Chrome, Microsoft Edge. Opera: Multiple Vulnerabilities

Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Microsoft Edge is a browser that combines a minimal design with...

Git: Multiple Vulnerabilities

Background Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Description Multiple vulnerabilities have been discovered in Git. Please review the CVE identifiers referenced below for details...

REXML: Multiple Vulnerabilities

Background REXML is an XML toolkit for Ruby. Description Multiple vulnerabilities have been discovered in REXML. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...

ClamAV: Multiple Vulnerabilities

Background ClamAV is a GPL virus scanner. Description Multiple vulnerabilities have been discovered in ClamAV. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...

NTP: Multiple Vulnerabilities

Background NTP contains software for the Network Time Protocol. Description Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details. Impact The first four of these CVEs affect a function in libntp that is only used by ntpq, but not by...

strongSwan: Buffer Overflow

Background strongSwan is an IPSec implementation for Linux. Description Multiple vulnerabilities have been discovered in strongSwan. Please review the CVE identifiers referenced below for details. Impact A vulnerability in charon-tkm related to processing DH public values was discovered in...

UDisks, libblockdev: Privilege escalation

Background UDisks provides a daemon, tools and libraries to access and manipulate disks, storage devices and technologies. libblockdev is a library for manipulating block devices. Description Multiple vulnerabilities have been discovered in UDisks and libblockdev. Please review the CVE identifier...

sudo: Privilege escalation

Background sudo allows a system administrator to give users the ability to run commands as other users. Description Multiple vulnerabilities have been discovered in sudo. Please review the CVE identifiers referenced below for details. Impact An attacker can escalate privileges to root by providin...

Konsole: Code execution

Background Konsole is KDE's terminal emulator. Description Konsole supports loading URLs from the scheme handlers such as telnet://URL. This can be executed regardless of whether the telnet binary is available. It would fallback to bash in that case and execute arbitrary code. Impact Clicking a...

sysstat: Arbitrary Code Execution

Background sysstat is a package containing a number of performance monitoring utilities for Linux, including sar, mpstat, iostat and sa tools. Description A vulnerability has been discovered in sysstat. Please review the CVE identifier referenced below for details. This CVE improves on an...

YAML-LibYAML: Shell injection

Background YAML-LibYAML provides YAML Serialization using XS and libyaml for Perl. Description YAML-LibYAML uses the legacy '2-arg' open call which is susceptible to shell injection via malicious filenames. Impact Shell injection may be used to execute arbitrary code using a malicious filename...

Qt: Multiple Vulnerabilities

Background Qt is a cross-platform application development framework. Description Multiple vulnerabilities have been discovered in Qt. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

File-Find-Rule: Shell Injection

Background File-Find-Rule is an alternative interface to File::Find. Description File-Find-Rule uses the legacy '2-arg' open call which is susceptible to shell injection via malicious filenames. Impact Shell injection may be used to execute arbitrary code using a malicious filename. Workaround...

Node.js: Multiple Vulnerabilities

Background Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript engine. Description Multiple vulnerabilities have been discovered in Node.js. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround Ther...

LibreOffice: Multiple Vulnerabilities

Background LibreOffice is a powerful office suite; its clean interface and powerful tools let you unleash your creativity and grow your productivity. Description Multiple vulnerabilities have been discovered in LibreOffice. Please review the CVE identifiers referenced below for details. Impact...

GStreamer, GStreamer Plugins: Multiple Vulnerabilities

Background GStreamer is an open source multimedia framework. Description Multiple vulnerabilities have been discovered in GStreamer, GStreamer Plugins. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There...

GTK+ 3: Search path vulnerability

Background GTK+ GIMP Toolkit + is a toolkit for creating graphical user interfaces. Description A vulnerability has been discovered in GTK+ 3. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifier for details. Workaround There is no kno...

Emacs: Multiple Vulnerabilities

Background Emacs is the extensible, customizable, self-documenting real-time display editor. org-mode is an Emacs mode for notes and project planning. Description Multiple vulnerabilities have been discovered in Emacs, org-mode. Please review the CVE identifiers referenced below for details. Impa...