3816 matches found
polkit: Privilege escalation
Background polkit is a toolkit for managing policies related to unprivileged processes communicating with privileged process. Description The function polkitsystembusnamegetcredssync was called without checking for error, and as such temporarily treats the authentication request as coming from...
blktrace: Buffer overflow
Background blktrace shows detailed information about what is happening on a block device IO queue. Description A crafted file could cause a buffer overflow in the ‘devmapread’ function because the device and devno arrays are too small. Impact A remote attacker could entice a user to open a...
GNU Screen: User-assisted execution of arbitrary code
Background GNU Screen is a full-screen window manager that multiplexes a physical terminal between several processes, typically interactive shells. Description It was discovered that GNU screen did not properly handle certain UTF-8 character sequences. Impact A remote attacker could entice a user...
e2fsprogs: Arbitrary code execution
Background e2fsprogs is a set of utilities for maintaining the ext2, ext3 and ext4 file systems. Description It was discovered that e2fsprogs incorrectly handled certain ext4 partitions. Impact A remote attacker could entice a user to process a specially crafted corrupted file system using e2fsck...
Pacemaker: Multiple vulnerabilities
Background Pacemaker is an Open Source, High Availability resource manager suitable for both small and large clusters. Description Multiple vulnerabilities have been discovered in Pacemaker. Please review the referenced CVE identifiers for details. Impact A remote attacker could execute arbitrary...
Redis: Multiple vulnerabilities
Background Redis is an open source BSD licensed, in-memory data structure store, used as a database, cache and message broker. Description Multiple vulnerabilities have been discovered in Redis. Please review the CVE identifiers referenced below for details. Impact A remote attacker, able to...
zlib: Multiple vulnerabilities
Background zlib is a widely used free and patent unencumbered data compression library. Description Multiple vulnerabilities have been discovered in zlib. Please review the CVE identifiers referenced below for details. Impact An attacker could cause a Denial of Service condition. Workaround There...
Expat: Multiple vulnerabilities
Background Expat is a set of XML parsing libraries. Description Multiple vulnerabilities have been discovered in Expat. Please review the CVE identifiers referenced below for details. Impact A remote attacker, by enticing a user to process a specially crafted XML file, could execute arbitrary cod...
Chicken: Multiple vulnerabilities
Background Chicken is a scheme interpreter and native scheme to C compiler. Description Multiple vulnerabilities have been discovered in Chicken. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of t...
PHP: Multiple vulnerabilities
Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact An attacker can...
PuTTY: Multiple vulnerabilities
Background PuTTY is a telnet and SSH client. Description Multiple vulnerabilities have been discovered in PuTTY. Please review the CVE identifiers referenced below for details. Impact Stack-based buffer overflow in the SCP command-line utility allows remote servers to execute arbitrary code or...
libjpeg-turbo: Multiple vulnerabilities
Background libjpeg-turbo is a MMX, SSE, and SSE2 SIMD accelerated JPEG library Description libjpeg-turbo does not check for certain duplications of component data during the reading of segments that follow Start Of Scan SOS JPEG markers. Impact Remote attackers could obtain sensitive information...
OpenSSL: Multiple vulnerabilities
Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been discovered in OpenSSL. Please review the upstream advisory and CVE...
OpenSSH: Multiple vulnerabilities
Background OpenSSH is a complete SSH protocol implementation that includes an SFTP client and server support. Description Multiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers referenced below for details. Impact Workaround There is no known workaround at thi...
libpng: Multiple vulnerabilities
Background libpng is a standard library used to process PNG Portable Network Graphics images. It is used by several programs, including web browsers and potentially server processes. Description Multiple vulnerabilities have been discovered in libpng: The “embeddedprofilelen” function in pngwutil...
Sun JDK/JRE: Multiple vulnerabilities
Background The Sun Java Development Kit JDK and the Sun Java Runtime Environment JRE provide the Sun Java platform. Description Multiple vulnerabilities have been discovered in Sun Java: Daniel Soeder discovered that a long codebase attribute string in a JNLP file will overflow a stack variable...
Xpdf: Multiple Vulnerabilities
Background Xpdf is an X viewer for PDF files. Description Multiple vulnerabilities have been discovered in Xpdf. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...
WebP: Multiple vulnerabilities
Background WebP is an image format employing both lossy and lossless compression. Description Multiple vulnerabilities have been discovered in WebP. Please review the CVE identifiers referenced below for details. Impact Please review the CVE identifiers referenced below for details. Workaround...
Singularity: Remote code execution
Background Singularity is the container platform for performance sensitive workloads. Description Singularity always uses the default remote endpoint, ‘cloud.syslabs.io’, for action commands using the ‘library://’ URI rather than the configured remote endpoint. Impact An attacker that that can pu...
Mozilla Thunderbird: Multiple vulnerabilities
Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...
Mozilla Firefox: Multiple vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
GRUB: Multiple vulnerabilities
Background GNU GRUB is a multiboot boot loader used by most Linux systems. Description Multiple vulnerabilities have been discovered in GRUB. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no kno...
Wireshark: Multiple vulnerabilities
Background Wireshark is a network protocol analyzer formerly known as ethereal. Description Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There...
ClamAV: Multiple vulnerabilities
Background ClamAV is a GPL virus scanner. Description Multiple vulnerabilities have been discovered in ClamAV. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...
Cacti: Multiple vulnerabilities
Background Cacti is a complete frontend to rrdtool. Description Multiple vulnerabilities have been discovered in Cacti. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this...
Perl: Multiple vulnerabilities
Background Perl is a highly capable, feature-rich programming language. Description Multiple vulnerabilities have been discovered in Perl. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...
libTIFF: Multiple vulnerabilities
Background The TIFF library contains encoding and decoding routines for the Tag Image File Format. It is called by numerous programs, including GNOME and KDE applications, to interpret TIFF images. Description Multiple vulnerabilities have been discovered in libTIFF. Please review the CVE...
GNU C Library: Multiple vulnerabilities
Background The GNU C library is the standard C library used by Gentoo Linux systems. Description Multiple vulnerabilities have been discovered in the GNU C Library. Please review the CVE identifiers referenced below for details. Impact A local attacker may be able to execute arbitrary code or cau...
MediaWiki: Multiple vulnerabilities
Background MediaWiki is a collaborative editing software used by large projects such as Wikipedia. Description Multiple vulnerabilities have been discovered in MediaWiki. Please review the CVE identifiers and MediaWiki announcement referenced below for details. Impact A remote attacker may be abl...
mod_fcgid: Multiple vulnerabilities
Background modfcgid is a binary-compatible alternative to modfastcgi with better process management. Description Multiple vulnerabilities have been found in modfcgid: An error in the "fcgidheaderbucketread" function in fcgidbucket.c could cause a stack-based buffer overflow CVE-2010-3872. An erro...
mDNSResponder: Multiple vulnerabilities
Background mDNSResponder is a component of Apple's Bonjour, an initiative for zero-configuration networking. Description Multiple vulnerabilities have been discovered in mDNSResponder. Please review the CVE identifiers referenced below for details. Impact A local or remote attacker may be able to...
Oracle JRE/JDK: Multiple vulnerabilities
Background The Oracle Java Development Kit JDK formerly known as Sun JDK and the Oracle Java Runtime Environment JRE formerly known as Sun JRE provide the Oracle Java platform formerly known as Sun Java Platform. Description Multiple vulnerabilities have been reported in the Oracle Java...
Apache 2, mod_dav: Multiple vulnerabilities
Background The Apache HTTP server is one of most popular web servers on the internet. modssl provides SSL v2/v3 and TLS v1 support for it and moddav is the Apache module for Distributed Authoring and Versioning DAV. Description A potential infinite loop has been found in the input filter of modss...
json-c: Buffer Overflow
Background json-c is a JSON implementation in C. Description Please review the CVE identifier referenced below for details. Impact A stack-buffer-overflow exists in the auxiliary sample program jsonparse which is located in the function parseit. Workaround There is no known workaround at this tim...
Squid: Multiple vulnerabilities
Background Squid is a full-featured Web proxy cache designed to run on Unix systems. It supports proxying and caching of HTTP, FTP, and other URLs, as well as SSL support, cache hierarchies, transparent caching, access control lists and many other features. Description Multiple vulnerabilities ha...
FreeXL: Multiple vulnerabilities
Background FreeXL is an open source library to extract valid data from within an Excel .xls spreadsheet. Description Multiple vulnerabilities have been discovered in FreeXL. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...
libvorbis: Multiple vulnerabilities
Background libvorbis is the reference implementation of the Xiph.org Ogg Vorbis audio file format. It is used by many applications for playback of Ogg Vorbis files. Description Multiple vulnerabilities have been discovered in libvorbis. Please review the CVE identifiers referenced below for...
Oniguruma: Multiple vulnerabilities
Background Oniguruma is a regular expression library. Description Multiple vulnerabilities have been discovered in Oniguruma. Please review the CVE identifiers referenced below for details. Impact A remote attacker, by enticing a user to process a specially crafted string using an application...
sudo: Privilege escalation
Background sudo su “do” allows a system administrator to delegate authority to give certain users or groups of users the ability to run some or all commands as root or another user while providing an audit trail of the commands and their arguments. Description Qualys discovered a vulnerability in...
Xen: Multiple vulnerabilities
Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers and Xen Security Advisory referenced below for details. Impact A local attacker could potentially execute arbitrary code with privileges of Xen QEMU proce...
Samba: Multiple vulnerabilities
Background Samba is a suite of SMB and CIFS client/server programs. Description Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker may be able to execute arbitrary code, cause a Denial of...
cURL: Multiple vulnerabilities
Background cURL is a command line tool for transferring files with URL syntax, supporting numerous protocols. Description Multiple vulnerabilities have been found in cURL: When zlib is enabled, the amount of data sent to an application for automatic decompression is not restricted CVE-2010-0734...
Apache Tomcat: Multiple Vulnerabilities
Background Apache Tomcat is a Servlet-3.0/JSP-2.2 Container. Description Multiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
libpano13: Format string vulnerability
Background libpano13 is Helmut Dersch’s panorama toolbox library. Description A format string issue exists within panoFileOutputNamesCreate where unvalidated input is passed directly into the formatter. Impact A remote attacker could entice a user to open a specially crafted file using libpano1...
PostSRSd: Denial of service
Background PostSRSd is a Postfix sender rewriting scheme daemon Description Multiple vulnerabilities have been discovered in PostSRSd. Please review the CVE identifiers referenced below for details. Impact An attacker could cause a possible Denial of Service condition. Workaround There is no know...
QEMU: Multiple vulnerabilities
Background QEMU is a generic and open source machine emulator and virtualizer. Description Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...
Xen: Multiple vulnerabilities
Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...
Mozilla Firefox: Multiple vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
TRE: Multiple vulnerabilities
Background TRE is the free and portable approximate regex matching library. Description Multiple vulnerabilities have been discovered in TRE. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no kno...