3816 matches found
zlib: Multiple vulnerabilities
Background zlib is a widely used free and patent unencumbered data compression library. Description Multiple vulnerabilities have been discovered in zlib. Please review the CVE identifiers referenced below for details. Impact An attacker could cause a Denial of Service condition. Workaround There...
Expat: Multiple vulnerabilities
Background Expat is a set of XML parsing libraries. Description Multiple vulnerabilities have been discovered in Expat. Please review the CVE identifiers referenced below for details. Impact A remote attacker, by enticing a user to process a specially crafted XML file, could execute arbitrary cod...
Chicken: Multiple vulnerabilities
Background Chicken is a scheme interpreter and native scheme to C compiler. Description Multiple vulnerabilities have been discovered in Chicken. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of t...
PHP: Multiple vulnerabilities
Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact An attacker can...
PuTTY: Multiple vulnerabilities
Background PuTTY is a telnet and SSH client. Description Multiple vulnerabilities have been discovered in PuTTY. Please review the CVE identifiers referenced below for details. Impact Stack-based buffer overflow in the SCP command-line utility allows remote servers to execute arbitrary code or...
libjpeg-turbo: Multiple vulnerabilities
Background libjpeg-turbo is a MMX, SSE, and SSE2 SIMD accelerated JPEG library Description libjpeg-turbo does not check for certain duplications of component data during the reading of segments that follow Start Of Scan SOS JPEG markers. Impact Remote attackers could obtain sensitive information...
OpenSSH: Multiple vulnerabilities
Background OpenSSH is a complete SSH protocol implementation that includes an SFTP client and server support. Description Multiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers referenced below for details. Impact Workaround There is no known workaround at thi...
libpng: Multiple vulnerabilities
Background libpng is a standard library used to process PNG Portable Network Graphics images. It is used by several programs, including web browsers and potentially server processes. Description Multiple vulnerabilities have been discovered in libpng: The “embeddedprofilelen” function in pngwutil...
Sun JDK/JRE: Multiple vulnerabilities
Background The Sun Java Development Kit JDK and the Sun Java Runtime Environment JRE provide the Sun Java platform. Description Multiple vulnerabilities have been discovered in Sun Java: Daniel Soeder discovered that a long codebase attribute string in a JNLP file will overflow a stack variable...
Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Microsoft Edge is a browser that combines a minimal design with...
WebkitGTK+: Multiple vulnerabilities
Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Description Multiple vulnerabilities have been discovered in WebkitGTK+. Please review the CVE...
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in chromium, and...
polkit: Privilege escalation
Background polkit is a toolkit for managing policies related to unprivileged processes communicating with privileged process. Description The function polkitsystembusnamegetcredssync was called without checking for error, and as such temporarily treats the authentication request as coming from...
ClamAV: Multiple vulnerabilities
Background ClamAV is a GPL virus scanner. Description Multiple vulnerabilities have been discovered in ClamAV. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...
Cacti: Multiple vulnerabilities
Background Cacti is a complete frontend to rrdtool. Description Multiple vulnerabilities have been discovered in Cacti. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this...
Perl: Multiple vulnerabilities
Background Perl is a highly capable, feature-rich programming language. Description Multiple vulnerabilities have been discovered in Perl. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...
libTIFF: Multiple vulnerabilities
Background The TIFF library contains encoding and decoding routines for the Tag Image File Format. It is called by numerous programs, including GNOME and KDE applications, to interpret TIFF images. Description Multiple vulnerabilities have been discovered in libTIFF. Please review the CVE...
Oracle JRE/JDK: Multiple vulnerabilities
Background Java Platform, Standard Edition Java SE lets you develop and deploy Java applications on desktops and servers, as well as in today’s demanding embedded environments. Java offers the rich user interface, performance, versatility, portability, and security that today’s applications...
OpenSSL: Multiple vulnerabilities
Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been discovered in OpenSSL. Please review the upstream advisory and CVE...
MediaWiki: Multiple vulnerabilities
Background MediaWiki is a collaborative editing software used by large projects such as Wikipedia. Description Multiple vulnerabilities have been discovered in MediaWiki. Please review the CVE identifiers and MediaWiki announcement referenced below for details. Impact A remote attacker may be abl...
mod_fcgid: Multiple vulnerabilities
Background modfcgid is a binary-compatible alternative to modfastcgi with better process management. Description Multiple vulnerabilities have been found in modfcgid: An error in the "fcgidheaderbucketread" function in fcgidbucket.c could cause a stack-based buffer overflow CVE-2010-3872. An erro...
mDNSResponder: Multiple vulnerabilities
Background mDNSResponder is a component of Apple's Bonjour, an initiative for zero-configuration networking. Description Multiple vulnerabilities have been discovered in mDNSResponder. Please review the CVE identifiers referenced below for details. Impact A local or remote attacker may be able to...
Oracle JRE/JDK: Multiple vulnerabilities
Background The Oracle Java Development Kit JDK formerly known as Sun JDK and the Oracle Java Runtime Environment JRE formerly known as Sun JRE provide the Oracle Java platform formerly known as Sun Java Platform. Description Multiple vulnerabilities have been reported in the Oracle Java...
Apache 2, mod_dav: Multiple vulnerabilities
Background The Apache HTTP server is one of most popular web servers on the internet. modssl provides SSL v2/v3 and TLS v1 support for it and moddav is the Apache module for Distributed Authoring and Versioning DAV. Description A potential infinite loop has been found in the input filter of modss...
Xpdf: Multiple Vulnerabilities
Background Xpdf is an X viewer for PDF files. Description Multiple vulnerabilities have been discovered in Xpdf. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...
json-c: Buffer Overflow
Background json-c is a JSON implementation in C. Description Please review the CVE identifier referenced below for details. Impact A stack-buffer-overflow exists in the auxiliary sample program jsonparse which is located in the function parseit. Workaround There is no known workaround at this tim...
Singularity: Remote code execution
Background Singularity is the container platform for performance sensitive workloads. Description Singularity always uses the default remote endpoint, ‘cloud.syslabs.io’, for action commands using the ‘library://’ URI rather than the configured remote endpoint. Impact An attacker that that can pu...
blktrace: Buffer overflow
Background blktrace shows detailed information about what is happening on a block device IO queue. Description A crafted file could cause a buffer overflow in the ‘devmapread’ function because the device and devno arrays are too small. Impact A remote attacker could entice a user to open a...
GRUB: Multiple vulnerabilities
Background GNU GRUB is a multiboot boot loader used by most Linux systems. Description Multiple vulnerabilities have been discovered in GRUB. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no kno...
Wireshark: Multiple vulnerabilities
Background Wireshark is a network protocol analyzer formerly known as ethereal. Description Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There...
FreeXL: Multiple vulnerabilities
Background FreeXL is an open source library to extract valid data from within an Excel .xls spreadsheet. Description Multiple vulnerabilities have been discovered in FreeXL. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...
libvorbis: Multiple vulnerabilities
Background libvorbis is the reference implementation of the Xiph.org Ogg Vorbis audio file format. It is used by many applications for playback of Ogg Vorbis files. Description Multiple vulnerabilities have been discovered in libvorbis. Please review the CVE identifiers referenced below for...
Oniguruma: Multiple vulnerabilities
Background Oniguruma is a regular expression library. Description Multiple vulnerabilities have been discovered in Oniguruma. Please review the CVE identifiers referenced below for details. Impact A remote attacker, by enticing a user to process a specially crafted string using an application...
sudo: Privilege escalation
Background sudo su “do” allows a system administrator to delegate authority to give certain users or groups of users the ability to run some or all commands as root or another user while providing an audit trail of the commands and their arguments. Description Qualys discovered a vulnerability in...
Xen: Multiple vulnerabilities
Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers and Xen Security Advisory referenced below for details. Impact A local attacker could potentially execute arbitrary code with privileges of Xen QEMU proce...
GNU C Library: Multiple vulnerabilities
Background The GNU C library is the standard C library used by Gentoo Linux systems. Description Multiple vulnerabilities have been discovered in the GNU C Library. Please review the CVE identifiers referenced below for details. Impact A local attacker may be able to execute arbitrary code or cau...
Samba: Multiple vulnerabilities
Background Samba is a suite of SMB and CIFS client/server programs. Description Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker may be able to execute arbitrary code, cause a Denial of...
cURL: Multiple vulnerabilities
Background cURL is a command line tool for transferring files with URL syntax, supporting numerous protocols. Description Multiple vulnerabilities have been found in cURL: When zlib is enabled, the amount of data sent to an application for automatic decompression is not restricted CVE-2010-0734...
WebP: Multiple vulnerabilities
Background WebP is an image format employing both lossy and lossless compression. Description Multiple vulnerabilities have been discovered in WebP. Please review the CVE identifiers referenced below for details. Impact Please review the CVE identifiers referenced below for details. Workaround...
Apache Tomcat: Multiple Vulnerabilities
Background Apache Tomcat is a Servlet-3.0/JSP-2.2 Container. Description Multiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
PostSRSd: Denial of service
Background PostSRSd is a Postfix sender rewriting scheme daemon Description Multiple vulnerabilities have been discovered in PostSRSd. Please review the CVE identifiers referenced below for details. Impact An attacker could cause a possible Denial of Service condition. Workaround There is no know...
Squid: Multiple vulnerabilities
Background Squid is a full-featured Web proxy cache designed to run on Unix systems. It supports proxying and caching of HTTP, FTP, and other URLs, as well as SSL support, cache hierarchies, transparent caching, access control lists and many other features. Description Multiple vulnerabilities ha...
Mozilla Thunderbird: Multiple vulnerabilities
Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...
Mozilla Firefox: Multiple vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
Xen: Multiple vulnerabilities
Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...
Mozilla Firefox: Multiple vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
TRE: Multiple vulnerabilities
Background TRE is the free and portable approximate regex matching library. Description Multiple vulnerabilities have been discovered in TRE. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no kno...
Mozilla Firefox: Multiple vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to view a specially...
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...