3816 matches found
Dropbear: Multiple vulnerabilities
Background Dropbear is an SSH server and client designed with a small memory footprint. Description Multiple vulnerabilities have been discovered in Dropbear. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with root...
FFmpeg: Multiple vulnerabilities
Background FFmpeg is a complete, cross-platform solution to record, convert and stream audio and video. Description Multiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers referenced below for details. Impact Remote attackers could cause a Denial of Service...
FreeImage: Multiple vulnerabilities
Background FreeImage is an Open Source library project for developers who would like to support popular graphics image formats like PNG, BMP, JPEG, TIFF and others as needed by today’s multimedia applications. Description Multiple vulnerabilities have been discovered in in FreeImage. Please revie...
D-Bus: Format string vulnerability
Background D-Bus is a message bus system, a simple way for applications to talk to one another. Description It was discovered that D-Bus incorrectly handles certain format strings. The impact of this new vulnerability is believed to not be exploitable if D-Bus is patched against CVE-2015-0245. Th...
Roundcube: Arbitrary code execution
Background Free and open source webmail software for the masses, written in PHP. Description Roundcube, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line. Impact An authenticated...
IcedTea: Multiple vulnerabilities
Background IcedTea’s aim is to provide OpenJDK in a form suitable for easy configuration, compilation and distribution with the primary goal of allowing inclusion in GNU/Linux distributions. Description Various OpenJDK attack vectors in IcedTea, such as 2D, Corba, Hotspot, Libraries, and JAXP,...
Apache: Multiple vulnerabilities
Background Apache HTTP Server is one of the most popular web servers on the Internet. Description Multiple vulnerabilities have been discovered in Apache HTTP Server. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to execute arbitrary code or...
OpenSSL: Multiple vulnerabilities
Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced...
Ruby: Denial of service
Background Ruby is an object-oriented scripting language. Description Multiple vulnerabilities have been discovered in Ruby. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker could possibly execute arbitrary code with the privileges of the process...
Ansible: Privilege escalation
Background Ansible is a radically simple IT automation platform. Description Multiple vulnerabilities have been discovered in Ansible. Please review the CVE identifiers referenced below for details. Impact A local attacker could possibly execute arbitrary code with the privileges of the process,...
Wireshark: Multiple vulnerabilities
Background Wireshark is a versatile network protocol analyzer. Description Multiple vulnerabilities have been discovered in Wireshark: David Maciejak discovered a vulnerability in packet-usb.c in the USB dissector via a malformed USB Request Block URB CVE-2008-4680. Florent Drouin and David...
MPlayer: Multiple Vulnerabilities
Background MPlayer is a media player capable of handling multiple multimedia file formats. Description Multiple vulnerabilities have been discovered in MPlayer. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...
Apache Tomcat: Information disclosure
Background Apache Tomcat is a Servlet-3.0/JSP-2.2 Container. Description It was discovered that Apache Tomcat could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. Impact A remote attacker, by...
Bitcoin: Multiple vulnerabilities
Background Bitcoin Core consists of both “full-node” software for fully validating the blockchain as well as a bitcoin wallet. Description Multiple vulnerabilities have been discovered in Bitcoin. Please review the CVE identifiers referenced below for details. Impact Please review the referenced...
Mozilla Network Security Service (NSS): Multiple vulnerabilities
Background The Mozilla Network Security Service NSS is a library implementing security features like SSL v.2/v.3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME and X.509 certificates. Description Multiple vulnerabilities have been discovered in NSS. Please review the CVE identifiers referenced...
sysstat: Arbitrary code execution
Background sysstat is a package containing a number of performance monitoring utilities for Linux, including sar, mpstat, iostat and sa tools. Description A double-free in sysstat’s checkfileactlst function was discovered. Impact A local attacker could possibly execute arbitrary code with the...
Apache Tomcat: Remote code execution
Background Apache Tomcat is a Servlet-3.0/JSP-2.2 Container. Description Apache Tomcat improperly handles deserialization of files under specific circumstances. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service conditio...
Samba: Multiple vulnerabilities
Background Samba is a suite of SMB and CIFS client/server programs. Description Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code, cause a Denial of Service...
QEMU: Multiple vulnerabilities
Background QEMU is a generic and open source machine emulator and virtualizer. Description Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Impact An attacker could execute arbitrary code, cause a Denial of Service condition, o...
Supervisor: command injection vulnerability
Background Supervisor is a client/server system that allows its users to monitor and control a number of processes on UNIX-like operating systems. Description A vulnerability in Supervisor was discovered in which an authenticated client could send malicious XML-RPC requests and supervidord will r...
Chromium: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Description Multiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details...
phpBB: Multiple vulnerabilities
Background phpBB is an Open Source bulletin board package. Description Multiple vulnerabilities have been discovered in phpBB. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to change settings, inject arbitrary web script or HTML, or conduct...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
encfs: Multiple vulnerabilities
Background Encfs is an implementation of encrypted filesystem in user-space using FUSE. Description Multiple vulnerabilities have been discovered in encfs. Please review the CVE identifiers referenced below for details. Impact A local attacker can utilize a possible buffer overflow in the...
OpenSSL: Multiple vulnerabilities
Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been found in OpenSSL. Please review the CVE identifiers and the upstream...
Chromium: Multiple vulnerabilities
Background Chromium is an open-source web browser project. Description Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to execute arbitrary code with the privileges of the process or...
PHP: Multiple vulnerabilities
Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact A...
Chromium, V8: Multiple vulnerabilities
Background Chromium is an open source web browser project. V8 is Google's open source JavaScript engine. SPDY is an experimental networking protocol. Description Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below...
Oracle JRE/JDK: Multiple vulnerabilities
Background The Oracle Java Development Kit JDK formerly known as Sun JDK and the Oracle Java Runtime Environment JRE formerly known as Sun JRE provide the Oracle Java platform formerly known as Sun Java Platform. Description Multiple vulnerabilities have been reported in the Oracle Java...
Openfire: Multiple vulnerabilities
Background Ignite Realtime Openfire is a fast real-time collaboration server. Description Two vulnerabilities have been reported by Federico Muttis, from CORE IMPACT's Exploit Writing Team: Multiple missing or incomplete input validations in several .jsps CVE-2009-0496. Incorrect input validation...
Ruby: Multiple vulnerabilities
Background Ruby is an interpreted object-oriented programming language. The elaborate standard library includes an HTTP server "WEBRick" and a class for XML parsing "REXML". Description Multiple vulnerabilities have been discovered in the Ruby interpreter and its standard libraries. Drew Yao of...
PHP: Multiple vulnerabilities
Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description Several vulnerabilities were found in PHP by the Hardened-PHP Project and other researchers. These vulnerabilities include a heap-based buffe...
Linux Kernel: Multiple information leaks
Background The Linux kernel is responsible for managing the core aspects of a GNU/Linux system, providing an interface for core system applications as well as providing the essential structure and capability to access hardware that is needed for a running system. Description The Linux kernel allo...
MoinMoin: Group ACL bypass
Background MoinMoin is a Python clone of WikiWiki, based on PikiPiki. Description MoinMoin contains a bug in the code handling administrative group ACLs. A user created with the same name as an administrative group gains the privileges of the administrative group. Impact If an administrative grou...
Expat: Multiple Vulnerabilities
Background Expat is a set of XML parsing libraries. Description Multiple vulnerabilities have been discovered in Expat. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this...
LittleCMS: User-assisted execution of arbitrary code
Background LittleCMS, or short lcms, is a color management system for working with ICC profiles. It is used by many applications including GIMP, Firefox and Chromium. Description It was discovered that LittleCMS aka Little Color Management System had an integer overflow in the AllocateDataSet...
Telegram Desktop: Multiple vulnerabilities
Background Telegram is a messaging app with a focus on speed and security. Description Multiple vulnerabilities have been discovered in Telegram Desktop. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround The...
Pillow: Multiple vulnerabilities
Background Python Imaging Library fork Description Multiple vulnerabilities have been discovered in Pillow. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...
Dovecot: Multiple vulnerabilities
Background Dovecot is an open source IMAP and POP3 email server. Description It was discovered that Dovecot incorrectly handled deeply nested MIME parts, incorrectly handled memory when using NTLM, and incorrectly handled zero-length messages. Impact A remote attacker could send a specially craft...
OSSEC: Multiple vulnerabilities
Background OSSEC is a full platform to monitor and control your systems. Description Multiple vulnerabilities have been discovered in OSSEC. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no know...
QtCore: Multiple vulnerabilities
Background The Qt toolkit is a comprehensive C++ application development framework. Description Multiple vulnerabilities have been discovered in QtCore. Please review the CVE identifiers referenced below for details. Impact An attacker could possibly execute arbitrary code with the privileges of...
PyYAML: Arbitrary code execution
Background PyYAML is a YAML parser and emitter for Python. Description It was found that using yaml.load API on untrusted input could lead to arbitrary code execution. Impact A remote attacker could entice a user to process specially crafted input in an application using yaml.load from PyYAML,...
Vim, gVim: Remote execution of arbitrary code
Background Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim. Description It was found that the :source! command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text fil...
GnuTLS: Denial of service
Background GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. Description A null pointer dereference while decoding a status response TLS extension with valid contents was discovered in GnuTLS. Impact A remote attacker could possib...
GNU Libtasn1: Multiple vulnerabilities
Background A library that provides Abstract Syntax Notation One ASN.1, as specified by the X.680 ITU-T recommendation parsing and structures management, and Distinguished Encoding Rules DER, as per X.690 encoding and decoding functions. Description Multiple vulnerabilities have been discovered in...
GNU C Library: Multiple vulnerabilities
Background The GNU C library is the standard C library used by Gentoo Linux systems. Description Multiple vulnerabilities have been discovered in the GNU C Library. Please review the CVE identifiers and Qualys’ security advisory referenced below for details. Impact An attacker could possibly...
HarfBuzz: Multiple vulnerabilities
Background HarfBuzz is an OpenType text shaping engine. Description Multiple vulnerabilities have been discovered in HarfBuzz. Please review the CVE identifiers referenced below for details. Impact Remote attackers, through the use of crafted data, could cause a Denial of Service condition or hav...
c-ares: Heap-based buffer overflow
Background c-ares is a C library for asynchronous DNS requests including name resolves. Description A hostname with an escaped trailing dot such as “hello\.” would have its size calculated incorrectly leading to a single byte written beyond the end of a buffer on the heap. Impact A remote...
Oracle JRE/JDK: Multiple vulnerabilities
Background Java Platform, Standard Edition Java SE lets you develop and deploy Java applications on desktops and servers, as well as in today’s demanding embedded environments. Java offers the rich user interface, performance, versatility, portability, and security that today’s applications...