3816 matches found
cURL: Multiple vulnerabilities
Background cURL is a command line tool for transferring files with URL syntax, supporting numerous protocols. Description Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user or automate...
OpenSSL: Multiple vulnerabilities
Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced...
Gallery: Multiple vulnerabilities
Background Gallery is an open source web based photo album organizer. Description Multiple vulnerabilities have been discovered in Gallery 1 and 2: Digital Security Research Group reported a directory traversal vulnerability in contrib/phpBB2/modules.php in Gallery 1, when registerglobals is...
OpenSSL, AMD64 x86 emulation base libraries: RSA signature forgery
Background OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. The x86 emulation base libraries for AMD64 contain a vulnerable version of OpenSSL. Description Daniel Bleichenbacher discovered that it might be...
TikiWiki: Arbitrary command execution through XML-RPC
Background TikiWiki is a web-based groupware and content management system CMS, using PHP, ADOdb and Smarty. TikiWiki includes vulnerable PHP XML-RPC code. Description TikiWiki is vulnerable to arbitrary command execution as described in GLSA 200507-01. Impact A remote attacker could exploit this...
Go: Multiple Vulnerabilities
Background Go is an open source programming language that makes it easy to build simple, reliable, and efficient software. Description Multiple vulnerabilities have been discovered in Go. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...
libpano13: Format string vulnerability
Background libpano13 is Helmut Dersch’s panorama toolbox library. Description A format string issue exists within panoFileOutputNamesCreate where unvalidated input is passed directly into the formatter. Impact A remote attacker could entice a user to open a specially crafted file using libpano1...
Prosŏdy IM: Multiple vulnerabilities
Background Prosŏdy IM is a modern XMPP communication server. It aims to be easy to set up and configure, and efficient with system resources. Description Multiple vulnerabilities have been discovered in Prosŏdy IM. Please review the CVE identifiers referenced below for details. Impact Please revi...
Mozilla Firefox: Multiple vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
libmaxminddb: Denial of service
Background The libmaxminddb library provides a C library for reading MaxMind DB files, including the GeoIP2 databases from MaxMind. Description libmaxminddb used uninitialised memory when reading from a corrupt database file. Impact A remote attacker could entice a user to use a specially crafted...
QEMU: Multiple vulnerabilities
Background QEMU is a generic and open source machine emulator and virtualizer. Description Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...
GnuTLS: Denial of service
Background GnuTLS is an Open Source implementation of the TLS and SSL protocols. Description It was found that GnuTLS didn’t handle “norenegotiation” alert properly. Impact A remote attacker could entice a user to connect to a malicious TLS endpoint using an application linked against GnuTLS,...
libTIFF: Denial of service
Background The TIFF library contains encoding and decoding routines for the Tag Image File Format. It is called by numerous programs, including GNOME and KDE applications, to interpret TIFF images. Description Please review the CVE identifier referenced below for details. Impact Please review the...
file: Stack-based buffer overflow
Background file is a utility that guesses a file format by scanning binary data for patterns. Description An issue discovered in file allows attackers to write 20 bytes to the stack buffer via a specially crafted .notes section. Impact A remote attacker, by using a specially crafted .notes sectio...
OCaml: Privilege escalation
Background OCaml is a high-level, strongly-typed, functional, and object-oriented programming language from the ML family of languages. Description A bad sanitization of environment variables: CAMLCPLUGINS, CAMLNATIVECPLUGINS and CAMLBYTECPLUGINS in the OCaml compiler allows the execution of rais...
GDK-PixBuf: Multiple vulnerabilities
Background GDK-PixBuf is an image loading library for GTK+. Description Multiple vulnerabilities have been discovered in GDK-PixBuf. Please review the referenced CVE identifiers for details. Impact A remote attacker, by sending a specially crafted TIFF, JPEG, or URL, could execute arbitrary code...
PHP: Multiple vulnerabilities
Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact An attacker coul...
MySQL: Multiple vulnerabilities
Background MySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an enhanced, drop-in replacement for MySQL. Description Multiple vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details. Impact An attacker could possibly escalat...
Lua: Buffer overflow
Background Lua is a powerful, efficient, lightweight, embeddable scripting language. It supports procedural programming, object-oriented programming, functional programming, data-driven programming, and data description. Description A buffer overflow was discovered in the vararg functions in ldo....
VLC: Buffer overflow
Background VLC is a cross-platform media player and streaming server. Description A buffer overflow was discovered in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in the VideoLAN VLC media player. Impact Remote attackers, by enticing a user to execute a specially crafted QuickTime IMA...
Mercurial: Multiple vulnerabilities
Background Mercurial is a distributed source control management system. Description Multiple vulnerabilities have been discovered in Mercurial. Please review the CVE identifier and bug reports referenced for details. Impact A remote attacker could possibly execute arbitrary code with the privileg...
FFmpeg: Multiple vulnerabilities
Background FFmpeg is a complete, cross-platform solution to record, convert and stream audio and video. Description Multiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary co...
OpenSSL: Multiple vulnerabilities
Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced...
dnsmasq: Denial of Service and DNS spoofing
Background Dnsmasq is a lightweight and easily-configurable DNS forwarder and DHCP server. Description Dan Kaminsky of IOActive reported that dnsmasq does not randomize UDP source ports when forwarding DNS queries to a recursing DNS server CVE-2008-1447. Carlos Carvalho reported that dnsmasq in t...
Honeyd remote detection vulnerability via a probe packet
Background Honeyd is a virtual honeypot daemon that can simulate virtual hosts on unallocated IP addresses. Description A bug in handling NMAP fingerprints caused Honeyd to reply to TCP packets with both the SYN and RST flags set. Watching for replies, it is possible to detect IP addresses...
WebKitGTK+: Multiple Vulnerabilities
Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Description Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE...
Xen: Multiple Vulnerabilities
Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...
Mozilla Firefox: Multiple vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
Mumble: User-assisted execution of arbitrary code
Background Mumble is low-latency voice chat software intended for use with gaming. Description Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted server list web page using Mumble, possibly resulting in executio...
Xen: Multiple vulnerabilities
Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...
Binutils: Multiple vulnerabilities
Background The GNU Binutils are a collection of tools to create, modify and analyse binary files. Many of the files use BFD, the Binary File Descriptor library, to do low-level manipulation. Description Multiple vulnerabilities have been discovered in Binutils. Please review the CVE identifiers...
TRE: Multiple vulnerabilities
Background TRE is the free and portable approximate regex matching library. Description Multiple vulnerabilities have been discovered in TRE. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no kno...
Newsbeuter: User-assisted execution of arbitrary code
Background Newsbeuter is a RSS/Atom feed reader for the text console. Description Newsbeuter does not properly escape shell meta-characters in an RSS item with a media enclosure in the podcast playback function of Podbeuter. Impact A remote attacker, by enticing a user to open a feed with a...
MariaDB: Multiple vulnerabilities
Background MariaDB is an enhanced, drop-in replacement for MySQL. Description Multiple vulnerabilities have been discovered in MariaDB. Please review the CVE identifiers referenced below for details. Impact An attacker could possibly escalate privileges, gain access to critical data or complete...
Oracle JRE/JDK: Multiple vulnerabilities
Background Java Platform, Standard Edition Java SE lets you develop and deploy Java applications on desktops and servers, as well as in today’s demanding embedded environments. Java offers the rich user interface, performance, versatility, portability, and security that today’s applications...
QEMU: Multiple vulnerabilities
Background QEMU is a generic and open source machine emulator and virtualizer. Description Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Impact A remote attacker might cause a Denial of Service or gain escalated privileges...
Ruby: Denial of service
Background Ruby is an object-oriented scripting language. Description Multiple vulnerabilities have been discovered in Ruby. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker could possibly execute arbitrary code with the privileges of the process...
libupnp: Arbitrary code execution
Background libupnp is a portable, open source, UPnP development kit. Description Multiple buffer overflow vulnerabilities have been discovered in libupnp. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the...
Xen: Multiple vulnerabilities
Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact Guest domains could possibly gain privileges, execute arbitrary code, or cause a Denial of Service on the host domain...
Squid: Multiple vulnerabilities
Background Squid is a full-featured web proxy cache. Description Multiple vulnerabilities have been discovered in Squid. Please review the CVE identifiers referenced below for details. Impact Remote unauthenticated attackers may be able to execute arbitrary code with the privileges of the Squid...
Opera: Multiple vulnerabilities
Background Opera is a fast web browser that is available free of charge. Description Multiple vulnerabilities have been discovered in Opera: Opera does not restrict the ability of a framed web page to change the address associated with a different frame CVE-2008-4195. Chris Weber Casaba Security...
QtWebEngine: Multiple Vulnerabilities
Background QtWebEngine is a library for rendering dynamic web content in Qt5 and Qt6 C++ and QML applications. Description Multiple vulnerabilities have been discovered in QtWebEngine. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...
Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Microsoft Edge is a browser that combines a minimal design with...
Mozilla Firefox: Multiple vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
OpenSCAD: Buffer overflow
Background OpenSCAD is the programmer’s solid 3D CAD modeller. Description A buffer overflow exists in OpenSCAD when parsing STL files. Impact A remote attacker could entice a user to open a specially crafted STL file using OpenSCAD, possibly resulting in execution of arbitrary code with the...
Smarty: Multiple vulnerabilities
Background Smarty is a template engine for PHP. Description Multiple vulnerabilities have been discovered in Smarty template engine. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
Apache Tomcat: Information disclosure
Background Apache Tomcat is a Servlet-3.0/JSP-2.2 Container. Description It was discovered that Apache Tomcat could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. Impact A remote attacker, by...
Mozilla Firefox: Multiple vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
sysstat: Arbitrary code execution
Background sysstat is a package containing a number of performance monitoring utilities for Linux, including sar, mpstat, iostat and sa tools. Description A double-free in sysstat’s checkfileactlst function was discovered. Impact A local attacker could possibly execute arbitrary code with the...