3816 matches found
c-ares: Heap-based buffer overflow
Background c-ares is a C library for asynchronous DNS requests including name resolves. Description A hostname with an escaped trailing dot such as “hello\.” would have its size calculated incorrectly leading to a single byte written beyond the end of a buffer on the heap. Impact A remote...
Oracle JRE/JDK: Multiple vulnerabilities
Background Java Platform, Standard Edition Java SE lets you develop and deploy Java applications on desktops and servers, as well as in today’s demanding embedded environments. Java offers the rich user interface, performance, versatility, portability, and security that today’s applications...
Wireshark: Multiple vulnerabilities
Background Wireshark is a network protocol analyzer formerly known as ethereal. Description Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly cause a Denial of Service condition...
MySQL: Multiple vulnerabilities
Background MySQL is a popular multi-threaded, multi-user SQL server. Description Multiple vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details. Impact A local attacker could possibly gain escalated privileges. A remote attacker could send a...
NTP: Traffic amplification
Background NTP is a protocol designed to synchronize the clocks of computers over a network. The net-misc/ntp package contains the official reference implementation by the NTP Project. Description ntpd is susceptible to a reflected Denial of Service attack. Please review the CVE identifiers and...
Chromium: Multiple vulnerabilities
Background Chromium is an open source web browser project. Description Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details. Impact A remote attacker could entice a user to open a specially crafted web site usi...
BIND: Multiple vulnerabilities
Background BIND is the Berkeley Internet Name Domain Server. Description Multiple vulnerabilities have been discovered in BIND. Please review the CVE identifiers referenced below for details. Impact The vulnerabilities allow remote attackers to cause a Denial of Service daemon crash via a DNS...
GNU C library: Multiple vulnerabilities
Background The GNU C library is the standard C library used by Gentoo Linux systems. Description Multiple vulnerabilities were found in glibc, amongst others the widely-known recent LDAUDIT and $ORIGIN issues. For further information please consult the CVE entries referenced below. Impact A local...
PHP: Multiple vulnerabilities
Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below and the associated PHP release notes...
BIND: Cache poisoning
Background ISC BIND is the Internet Systems Consortium implementation of the Domain Name System DNS protocol. Description Dan Kaminsky of IOActive has reported a weakness in the DNS protocol related to insufficient randomness of DNS transaction IDs and query source ports. Impact An attacker could...
OpenSSH: Privilege escalation
Background OpenSSH is a complete SSH protocol implementation that includes an SFTP client and server support. Description Two issues have been discovered in OpenSSH: Timo Juhani Lindfors discovered that OpenSSH sets the DISPLAY variable in SSH sessions using X11 forwarding even when it cannot bin...
Opera: Multiple vulnerabilities
Background Opera is a multi-platform web browser. Description Opera contains several vulnerabilities: fails to properly validate Content-Type and filename. fails to properly validate date: URIs. uses kfmclient exec as the Default Application to handle downloaded files when integrated with KDE...
IcedTeaWeb: Multiple vulnerabilities
Background FOSS Java browser plugin and Web Start implementation. Description Multiple vulnerabilities have been discovered in IcedTeaWeb. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
Ark: Symlink vulnerability
Background Ark is a graphical file compression/decompression utility with support for multiple formats. Description KDE Ark did not fully verify symlinks contained within tar archives. Impact A remote attacker could entice a user to open a specially crafted tar archive using KDE Ark, possibly...
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...
ssvnc: Multiple vulnerabilities
Background The Enhanced TightVNC Viewer, SSVNC, adds encryption security to VNC connections. Description Multiple vulnerabilities have been discovered in ssvnc. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
Ansible: Multiple vulnerabilities
Background Ansible is a radically simple IT automation platform. Description Multiple vulnerabilities have been discovered in Ansible. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
Cacti: Multiple vulnerabilities
Background Cacti is a complete frontend to rrdtool. Description Multiple vulnerabilities have been discovered in Cacti. Please review the CVE identifiers referenced below for details. Impact Remote attackers could execute arbitrary code or bypass intended access restrictions. Workaround There is ...
PostgreSQL: Multiple vulnerabilities
Background PostgreSQL is an open source object-relational database management system. Description Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the...
LibVNCServer: Multiple vulnerabilities
Background LibVNCServer/LibVNCClient are cross-platform C libraries that allow you to easily implement VNC server or client functionality in your program. Description Multiple vulnerabilities have been discovered in LibVNCServer. Please review the CVE identifiers referenced below for details...
NTFS-3G: Privilege escalation
Background NTFS-3G is a stable, full-featured, read-write NTFS driver for various operating systems. Description NTFS-3G is affected by the same vulnerability as reported in “GLSA 201603-04” when the bundled fuse-lite implementation is used. Impact A local user could gain root privileges...
Dropbear: Privilege escalation
Background Dropbear is a relatively small SSH server and client. Description A CRLF injection vulnerability in Dropbear SSH allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data. Impact A remote authenticated user could execute arbitrary...
claws-mail: Multiple Vulnerabilities
Background Claws Mail is a GTK based e-mail client. Description Multiple vulnerabilities have been discovered in claws-mail. Please review the CVE identifiers referenced below for details. Impact An attacker could possibly intercept communications due to the default implementation of SSL 3.0...
FFmpeg: Multiple vulnerabilities
Background FFmpeg is a complete, cross-platform solution to record, convert and stream audio and video. Description Multiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary co...
Oracle JRE/JDK: Multiple vulnerabilities
Background Oracle’s Java SE Development Kit and Runtime Environment Description Multiple vulnerabilities have been discovered in Oracle’s Java SE Development Kit and Runtime Environment. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker may be abl...
Bash: Code Injection
Background Bash is the standard GNU Bourne Again SHell. Description Stephane Chazelas reported that Bash incorrectly handles function definitions, allowing attackers to inject arbitrary code. Impact A remote attacker could exploit this vulnerability to execute arbitrary commands even in restricte...
Apache HTTP Server: Multiple vulnerabilities
Background Apache HTTP Server is one of the most popular web servers on the Internet. Description Multiple vulnerabilities have been found in Apache HTTP Server. Please review the CVE identifiers referenced below for details. Impact A remote attacker could send a specially crafted request to...
util-linux: Multiple vulnerabilities
Background util-linux is a suite of Linux programs including mount and umount, programs used to mount and unmount filesystems. Description Multiple vulnerabilities have been discovered in util-linux. Please review the CVE identifiers referenced below for details. Impact A local attacker may be ab...
nbd: Multiple vulnerabilities
Background nbd is a userland client/server for kernel network block device. Description Multiple vulnerabilities have been discovered in nbd. Please review the CVE identifiers referenced below for details. Impact nbd allows remote attackers to cause a denial of service NULL pointer dereference an...
phpMyAdmin: Local file inclusion vulnerability
Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the web. Description Maksymilian Arciemowicz reported that in libraries/grabglobals.lib.php, the $redirect parameter was not correctly validated. Systems running PHP in safe mode are not affected...
Heimdal: Multiple Vulnerabilities
Background Heimdal is a free implementation of Kerberos 5. Description Multiple vulnerabilities have been discovered in Heimdal, the worst of which could lead to remote code execution on a Kerberos Domain Controller. Please review the CVE identifiers referenced below for details. Impact Please...
MediaWiki: Multiple Vulnerabilities
Background MediaWiki is a collaborative editing software, used by big projects like Wikipedia. Description Multiple vulnerabilities have been discovered in MediaWiki. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
Oracle VirtualBox: Multiple Vulnerabilities
Background VirtualBox is a powerful virtualization product from Oracle. Description Multiple vulnerabilities have been discovered in Oracle VirtualBox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There...
PHP: Multiple Vulnerabilities
Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact Please review th...
xterm: Multiple Vulnerabilities
Background xterm is a terminal emulator for the X Window system. Description Multiple vulnerabilities have been discovered in xterm. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
phpMyAdmin: Multiple vulnerabilities
Background phpMyAdmin is a web-based management tool for MySQL databases. Description Multiple vulnerabilities have been discovered in phpMyAdmin. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is n...
fuseiso: Multiple vulnerabilities
Background FuseISO is a FUSE module to mount ISO filesystem images .iso, .nrg, .bin, .mdf and .img files. Description Multiple vulnerabilities have been discovered in fuseiso. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a...
FAAD2: Multiple vulnerabilities
Background FAAD2 is an open source MPEG-4 and MPEG-2 AAC decoder. Description Multiple vulnerabilities have been discovered in FAAD2. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
Nokogiri: Command injection
Background Nokogiri is an HTML, XML, SAX, and Reader parser. Description A command injection vulnerability in Nokogiri allows commands to be executed in a subprocess by Ruby’s Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizerloadfile is being...
Nagios: Multiple vulnerabilities
Background Nagios is an open source host, service and network monitoring program. Description Multiple vulnerabilities have been discovered in Nagios. Please review the referenced CVE identifiers for details. Impact A remote attacker could possibly escalate privileges to root, thus allowing the...
libarchive: Multiple vulnerabilities
Background libarchive is a library for manipulating different streaming archive formats, including certain tar variants, several cpio formats, and both BSD and GNU ar variants. Description Multiple vulnerabilities have been discovered in libarchive. Please review the CVE identifiers referenced...
Xerces-C++: Multiple vulnerabilities
Background Xerces-C++ is a validating XML parser written in a portable subset of C++. Description Multiple vulnerabilities have been discovered in Xerces-C++. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to process a specially crafte...
Samba: Multiple vulnerabilities
Background Samba is a suite of SMB and CIFS client/server programs. Description Multiple vulnerabilities have been discovered in samba. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with root privileges, cause a Deni...
jq: Buffer overflow
Background jq is a lightweight and flexible command-line JSON processor. Description An off-by-one error was discovered in the tokenadd function in jvparse.c which triggers a heap-based buffer overflow. Impact A remote attacker could trick a victim into processing a specially crafted JSON file,...
NTP: Multiple vulnerabilities
Background NTP contains software for the Network Time Protocol. Description Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly cause a Denial of Service condition. Workaround There is no kno...
Mozilla Products: Multiple vulnerabilities
Background Mozilla Firefox is an open-source web browser, Mozilla Thunderbird an open-source email client, and the Network Security Service NSS is a library implementing security features like SSL v.2/v.3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME and X.509 certificates. The SeaMonkey project...
IcedTea: Multiple vulnerabilities
Background IcedTea’s aim is to provide OpenJDK in a form suitable for easy configuration, compilation and distribution with the primary goal of allowing inclusion in GNU/Linux distributions. Description Various OpenJDK attack vectors in IcedTea, such as 2D, Corba, Hotspot, Libraries, and JAXP,...
Chromium: Multiple vulnerabilities
Background Chromium is an open-source web browser project. Description Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to cause a Denial of Service condition, gain privileges via a...
Libav: Multiple vulnerabilities
Background Libav is a complete solution to record, convert and stream audio and video. Description Multiple vulnerabilities have been discovered in Libav. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted media...
Mantis: Multiple vulnerabilities
Background Mantis is a PHP/MySQL/Web based bugtracking system. Description Antonio Parata and Francesco Ongaro reported a Cross-Site Request Forgery vulnerability in manageusercreate.php CVE-2008-2276, a Cross-Site Scripting vulnerability in returndynamicfilters.php CVE-2008-3331, and an...