3816 matches found
HashiCorp Vault: Multiple Vulnerabilities
Background HashiCorp Vault is a tool for managing secrets. Description Multiple vulnerabilities have been discovered in HashiCorp Vault. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
SQLite: Remote code execution
Background SQLite is a C library that implements an SQL database engine. Description It was discovered that SQLite incorrectly handled certain sub-queries. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition...
NodeJS: Multiple vulnerabilities
Background Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript engine. Description Multiple vulnerabilities have been discovered in NodeJS. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There...
FFmpeg: Multiple vulnerabilities
Background FFmpeg is a complete, cross-platform solution to record, convert and stream audio and video. Description Multiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user or automated...
OpenSSL: Multiple vulnerabilities
Background OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Description Multiple vulnerabilities have been discovered in OpenSSL. Please review the referenced CVE identifiers for details. Impact A remote...
Subversion: Arbitrary code execution
Background Subversion is a version control system intended to eventually replace CVS. Like CVS, it has an optional client-server architecture where the server can be an Apache server running modsvn, or an ssh program as in CVS’s :ext: method. In addition to supporting the features found in CVS,...
BIND: Denial of service
Background BIND Berkeley Internet Name Domain is a Name Server. Description A vulnerability has been discovered in BIND’s named utility leading to a Denial of Service condition. Impact A remote attacker may be able to cause Denial of Service condition via specially constructed zone data. Workarou...
Mozilla Products: Multiple vulnerabilities
Background Mozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the ‘Mozilla...
TCPDump: Decoding routines Denial of Service vulnerability
Background TCPDump is a tool for network monitoring and data acquisition. Description TCPDump improperly handles and decodes ISIS CAN-2005-1278, BGP CAN-2005-1267, CAN-2005-1279, LDP CAN-2005-1279 and RSVP CAN-2005-1280 packets. TCPDump might loop endlessly after receiving malformed packets. Impa...
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one, fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...
MariaDB: Remote code execution
Background MariaDB is an enhanced, drop-in replacement for MySQL. Description It was discovered that MariaDB did not properly validate the content of a packet received from a server. Impact A remote attacker could send a specially crafted packet to WSREP service, possibly resulting in execution o...
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...
Go: Multiple vulnerabilities
Background Go is an open source programming language that makes it easy to build simple, reliable, and efficient software. Description Multiple vulnerabilities have been discovered in Go. Please review the references below for details. Impact Remote attackers could execute arbitrary Go commands o...
BIND: Multiple vulnerabilities
Background BIND Berkeley Internet Name Domain is a Name Server. Description Multiple vulnerabilities have been discovered in BIND. Please review the CVE identifiers referenced below for details. Impact A remote attacker could send a specially crafted DNS request to the BIND resolver resulting in ...
libcroco: Multiple vulnerabilities
Background libcroco is a standalone CSS2 parsing and manipulation library. Description Multiple vulnerabilities have been discovered in libcroco. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted CSS file...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
Multiple packages, Multiple vulnerabilities fixed in 2011
Background For more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild. Description Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. FMOD Studio PEAR Mail LVM...
Bash: Multiple vulnerabilities
Background Bash is the standard GNU Bourne Again SHell. Description Florian Weimer, Todd Sabin, Michal Zalewski et al. discovered further parsing flaws in Bash. The unaffected Gentoo packages listed in this GLSA contain the official patches to fix the issues tracked as CVE-2014-6277, CVE-2014-718...
X.Org X Server: Multiple vulnerabilities
Background The X Window System is a graphical windowing system based on a client/server model. Description Multiple vulnerabilities have been discovered in X.Org X Server. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker could execute arbitrary...
Quagga: Multiple vulnerabilities
Background Quagga is a free routing daemon replacing Zebra supporting RIP, OSPF and BGP. Description Multiple vulnerabilities have been discovered in Quagga. Please review the CVE identifiers referenced below for details. Impact A BGP peer could send a Route-Refresh message with specially-crafted...
MariaDB: Multiple vulnerabilities
Background MariaDB is an enhanced, drop-in replacement for MySQL. Description Multiple vulnerabilities have been discovered in MariaDB. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
OpenSMTPD: Multiple vulnerabilities
Background OpenSMTPD is a lightweight but featured SMTP daemon from OpenBSD. Description Multiple vulnerabilities have been discovered in OpenSMTPD. Please review the CVE identifiers referenced below for details. Impact A remote attacker, by connecting to the SMTP listener daemon, could possibly...
SpamAssassin: Arbitrary command execution
Background SpamAssassin is an extensible email filter used to identify junk email. Description It was discovered that SpamAssassin incorrectly handled certain CF files. Impact A remote attacker could entice a user or automated system to process a specially crafted CF file using SpamAssassin,...
Mutt: Denial of service
Background Mutt is a small but very powerful text-based mail client. Description A memory leak could occur when a crafted email message is received. Impact An attacker could cause a possible Denial of Service condition. Workaround There is no known workaround at this time. Resolution All Mutt use...
sudo: Multiple vulnerabilities
Background sudo su “do” allows a system administrator to delegate authority to give certain users or groups of users the ability to run some or all commands as root or another user while providing an audit trail of the commands and their arguments. Description Multiple vulnerabilities have been...
WebKitGTK+: Multiple vulnerabilities
Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Description Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE...
Adobe Flash Player: Arbitrary code execution
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description An unspecified flaw has been discovered in Adobe Flash Player. Impact This flaw can be exploited by attackers for remote code execution. Workaround There is...
libxls: Multiple vulnerabilities
Background libxls is a C library for reading Excel files in the nasty old binary OLE format, plus a command-line tool for converting XLS to CSV. Description Multiple vulnerabilities have been discovered in libxls. Please review the CVE identifiers referenced below for details. Impact A remote...
Ruby: Multiple vulnerabilities
Background Ruby is an interpreted object-oriented programming language. The elaborate standard library includes an HTTP server “WEBRick” and a class for XML parsing “REXML”. Description Multiple vulnerabilities have been discovered in Ruby. Please review the CVE identifiers referenced below for...
librelp: Remote code execution
Background A reliable logging program. Description A buffer overflow was discovered in librelp with the handling of x509 certificates. Impact A remote attacker, by sending a specially crafted x509 certificate, could execute arbitrary code. Workaround There is no known workaround at this time...
WebKitGTK+: Multiple Vulnerabilities
Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Description Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the...
PolarSSL: Multiple vulnerabilities
Background PolarSSL is a cryptographic library for embedded systems. Description Multiple vulnerabilities have been discovered in PolarSSL. Please review the CVE identifiers referenced below for details. Impact A remote attacker might be able to execute arbitrary code, cause Denial of Service...
Adobe Flash Player: Remote execution of arbitrary code
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description A critical type confusion vulnerability was discovered in Adobe Flash Player. Impact A remote attacker could execute arbitrary code. Workaround There is no...
Munin: Arbitrary file write
Background Munin is an open source server monitoring tool. Description When Munin is compiled with CGI graphics enabled then the files accessible to the www-data user can be overwritten. Impact A local attacker, by setting multiple upperlimit GET parameters, could overwrite files accessible to th...
Game Music Emu: Multiple vulnerabilities
Background Game Music Emu is a multi-purpose console music emulator and player library. Description Multiple vulnerabilities have been discovered in Game Music Emu. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially...
Mozilla Network Security Service (NSS): Multiple vulnerabilities
Background The Mozilla Network Security Service NSS is a library implementing security features like SSL v.2/v.3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME and X.509 certificates. Description Multiple vulnerabilities have been discovered in NSS. Please review the CVE identifiers referenced...
Transmission: Multiple vulnerabilities
Background Transmission is a cross-platform BitTorrent client. Description Multiple stack-based buffer overflows in the trmagnetParse function in libtransmission/magnet.c have been discovered. Impact A remote attacker could cause a Denial of Service or possibly execute arbitrary code via a crafte...
Apache: Multiple vulnerabilities
Background The Apache HTTP server is one of the most popular web servers on the Internet. Description Multiple vulnerabilities have been discovered in the Apache HTTP server: Jonathan Peatfield reported that the "Options=IncludesNoEXEC" argument to the "AllowOverride" directive is not processed...
Ubiquiti UniFi: remote code execution via bundled log4j
Background Ubiquiti UniFi is a Management Controller for Ubiquiti Networks UniFi APs. Description A bundled version of log4j could facilitate remote code execution. Please review the CVE identifier referenced below for details. Impact An attacker with permission to modify the logging configuratio...
OpenSSL: Multiple Vulnerabilities
Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced...
InspIRCd: Information disclosure
Background InspIRCd is a modular Internet Relay Chat IRC server written in C++ which was created from scratch to be stable, modern and lightweight. Description InspIRCd incorrectly handled malformed PONG messages, resulting in access of freed memory. Impact A remote attacker could send crafted...
Nextcloud Desktop Client: User-assisted execution of arbitrary code
Background The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. Description It was discovered that Nextcloud Desktop Client did not validate URLs. Impact A remote attacker could entice a user to connect to a malicious Nextcloud server to cause the...
GNU Screen: User-assisted execution of arbitrary code
Background GNU Screen is a full-screen window manager that multiplexes a physical terminal between several processes, typically interactive shells. Description It was discovered that GNU screen did not properly handle certain UTF-8 character sequences. Impact A remote attacker could entice a user...
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...
Mozilla Firefox, Mozilla Thunderbird: Multiple vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox and Mozilla Thunderbird. Please review the CVE...
FreeType: Arbitrary code execution
Background FreeType is a high-quality and portable font engine. Description A flaw in FreeType’s handling of embedded PNG bitmaps was discovered where the image height and width was not checked to be within bounds. Impact A remote attacker could entice a user to open a specially crafted font file...
Pacemaker: Multiple vulnerabilities
Background Pacemaker is an Open Source, High Availability resource manager suitable for both small and large clusters. Description Multiple vulnerabilities have been discovered in Pacemaker. Please review the referenced CVE identifiers for details. Impact A remote attacker could execute arbitrary...
QEMU: Multiple vulnerabilities
Background QEMU is a generic and open source machine emulator and virtualizer. Description Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Impact A remote attacker might cause a Denial of Service or gain escalated privileges...
Redis: Multiple vulnerabilities
Background Redis is an open source BSD licensed, in-memory data structure store, used as a database, cache and message broker. Description Multiple vulnerabilities have been discovered in Redis. Please review the CVE identifiers referenced below for details. Impact A remote attacker, able to...
zlib: Multiple vulnerabilities
Background zlib is a widely used free and patent unencumbered data compression library. Description Multiple vulnerabilities have been discovered in zlib. Please review the CVE identifiers referenced below for details. Impact An attacker could cause a Denial of Service condition. Workaround There...