3816 matches found
Nagios: Multiple vulnerabilities
Background Nagios is an open source host, service and network monitoring program. Description Multiple vulnerabilities have been discovered in Nagios. Please review the referenced CVE identifiers for details. Impact A remote attacker could possibly escalate privileges to root, thus allowing the...
QEMU: Multiple vulnerabilities
Background QEMU is a generic and open source machine emulator and virtualizer. Description Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Impact A privileged user/process within a guest QEMU environment can cause a Denial of...
libarchive: Multiple vulnerabilities
Background libarchive is a library for manipulating different streaming archive formats, including certain tar variants, several cpio formats, and both BSD and GNU ar variants. Description Multiple vulnerabilities have been discovered in libarchive. Please review the CVE identifiers referenced...
Xerces-C++: Multiple vulnerabilities
Background Xerces-C++ is a validating XML parser written in a portable subset of C++. Description Multiple vulnerabilities have been discovered in Xerces-C++. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to process a specially crafte...
jq: Buffer overflow
Background jq is a lightweight and flexible command-line JSON processor. Description An off-by-one error was discovered in the tokenadd function in jvparse.c which triggers a heap-based buffer overflow. Impact A remote attacker could trick a victim into processing a specially crafted JSON file,...
NTP: Multiple vulnerabilities
Background NTP contains software for the Network Time Protocol. Description Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly cause a Denial of Service condition. Workaround There is no kno...
Mozilla Products: Multiple vulnerabilities
Background Mozilla Firefox is an open-source web browser, Mozilla Thunderbird an open-source email client, and the Network Security Service NSS is a library implementing security features like SSL v.2/v.3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME and X.509 certificates. The SeaMonkey project...
IcedTea: Multiple vulnerabilities
Background IcedTea’s aim is to provide OpenJDK in a form suitable for easy configuration, compilation and distribution with the primary goal of allowing inclusion in GNU/Linux distributions. Description Various OpenJDK attack vectors in IcedTea, such as 2D, Corba, Hotspot, Libraries, and JAXP,...
Chromium: Multiple vulnerabilities
Background Chromium is an open-source web browser project. Description Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to cause a Denial of Service condition, gain privileges via a...
Libav: Multiple vulnerabilities
Background Libav is a complete solution to record, convert and stream audio and video. Description Multiple vulnerabilities have been discovered in Libav. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted media...
VMware Player, Server, Workstation: Multiple vulnerabilities
Background VMware Player, Server, and Workstation allow emulation of a complete PC on a PC without the usual performance overhead of most emulators. Description Multiple vulnerabilities have been discovered in VMware Player, Server, and Workstation. Please review the CVE identifiers referenced...
Mantis: Multiple vulnerabilities
Background Mantis is a PHP/MySQL/Web based bugtracking system. Description Antonio Parata and Francesco Ongaro reported a Cross-Site Request Forgery vulnerability in manageusercreate.php CVE-2008-2276, a Cross-Site Scripting vulnerability in returndynamicfilters.php CVE-2008-3331, and an...
PHP: Multiple vulnerabilities
Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description Several vulnerabilities were found in PHP, most of them during the Month Of PHP Bugs MOPB by Stefan Esser. The most severe of these...
glibc: Multiple Vulnerabilities
Background glibc is a package that contains the GNU C library. Description Multiple vulnerabilities have been discovered in glibc. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workarou...
HashiCorp Consul: Multiple Vulnerabilities
Background HashiCorp Consul is a tool for service discovery, monitoring and configuration. Description Multiple vulnerabilities have been discovered in HashiCorp Consul. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
X.Org X11 library: Denial of service
Background X.Org is an implementation of the X Window System. The X.Org X11 library provides the X11 protocol library files. Description It was discovered that XLookupColor and other X.Org X11 library functions lacked proper validation of the length of their string parameters. Impact An attacker...
GPT fdisk: Integer underflow
Background GPT fdisk consisting of the gdisk, cgdisk, sgdisk, and fixparts programs is a set of text-mode partitioning tools for Linux, FreeBSD, Mac OS X, and Windows. Description It was discovered that ReadLogicalParts function in basicmbr.cc was missing a bounds check. Impact A local attacker...
Mozilla Firefox, Mozilla Thunderbird: Multiple vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox and Mozilla Thunderbird. Please review the CVE...
Net-SNMP: Multiple vulnerabilities
Background Net-SNMP bundles software for generating and retrieving SNMP data. Description Multiple vulnerabilities have been discovered in Net-SNMP. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is...
Django: Multiple vulnerabilities
Background Django is a Python-based web framework. Description Multiple vulnerabilities have been discovered in Django. Please review the CVE identifiers referenced below for details. Impact A remote attacker, by sending specially crafted input, could possibly cause a Denial of Service condition,...
GPL Ghostscript: Multiple vulnerabilities
Background Ghostscript is an interpreter for the PostScript language and for PDF. Description Multiple vulnerabilities have been discovered in GPL Ghostscript. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to process a specially craft...
Zend Framework: Multiple vulnerabilities
Background Zend Framework is a high quality and open source framework for developing Web Applications. Description Multiple vulnerabilities have been discovered in Zend Framework that have remain unaddressed. Please review the referenced CVE identifiers for details. Impact Remote attackers could...
Ruby: Multiple vulnerabilities
Background Ruby is an interpreted object-oriented programming language. The elaborate standard library includes an HTTP server “WEBRick” and a class for XML parsing “REXML”. Description Multiple vulnerabilities have been discovered in Ruby. Please review the referenced CVE identifiers for details...
VirtualBox: Multiple vulnerabilities
Background VirtualBox is a powerful virtualization product from Oracle. Description Multiple vulnerabilities have been discovered in VirtualBox. Please review the CVE identifiers referenced below for details. Impact An attacker could cause a Denial of Service condition. Additionally, an attacker...
Graphite: Multiple vulnerabilities
Background Graphite is a “smart font” system developed specifically to handle the complexities of lesser-known languages of the world. Description Multiple vulnerabilities have been discovered in Graphite. Please review the CVE identifiers referenced below for details. Impact A remote attacker...
ICU: Multiple vulnerabilities
Background ICU is a mature, widely used set of C/C++ and Java libraries providing Unicode and Globalization support for software applications. Description Multiple vulnerabilities have been discovered in ICU. Please review the CVE identifiers referenced below for details. Impact Remote attackers...
libotr, Pidgin OTR: Remote execution of arbitrary code
Background Pidgin Off-the-Record OTR messaging allows you to have private conversations over instant messaging. libotr is a portable off-the-record messaging library. Description Multiple vulnerabilities exist in both libotr and Pidgin OTR. Please review the CVE identifiers for more information...
BusyBox: Denial of service
Background BusyBox is a set of tools for embedded systems and is a replacement for GNU Coreutils. Description The recvandprocessclientpkt function in networking/ntpd.c in BusyBox allows remote attackers to cause a Denial of Service CPU and bandwidth consumption via a forged NTP packet, which...
WebKitGTK+: Multiple vulnerabilities
Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. It offers WebKit’s full functionality and is useful in a wide range of systems from desktop...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
hostapd and wpa_supplicant: Multiple vulnerabilities
Background wpasupplicant is a WPA Supplicant with support for WPA and WPA2 IEEE 802.11i / RSN. hostapd is a user space daemon for access point and authentication servers. Description Multiple vulnerabilities exist in both hostapd and wpasupplicant. Please review the CVE identifiers for more...
MediaWiki: Multiple vulnerabilities
Background MediaWiki is a collaborative editing software used by large projects such as Wikipedia. Description Multiple vulnerabilities have been discovered in MediaWiki. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to create a Denial of...
Multiple packages, Multiple vulnerabilities fixed in 2010
Background For more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild. Description Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. Insight Perl Tk Module...
Multiple packages, Multiple vulnerabilities fixed in 2012
Background For more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild. Description Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. EGroupware VTE Layer Four...
dhcpcd: Denial of service
Background dhcpcd is a fully featured, yet light weight RFC2131 compliant DHCP client. Description A vulnerability has been discovered in dhcpcd. A malicious dhcp server can set flags as part of the dhcp reply that can cause a Denial of Service condition. Impact A remote attacker can cause a Deni...
Adobe Reader: Multiple vulnerabilities
Background Adobe Reader is a closed-source PDF reader. Description Multiple vulnerabilities have been discovered in Adobe Reader. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted PDF file, possibly resulting i...
Opera: Multiple vulnerabilities
Background Opera is a fast web browser that is available free of charge. Description Multiple vulnerabilities have been discovered in Opera. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted web page, possibly...
MIT Kerberos 5: Multiple vulnerabilities
Background MIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. Description Multiple vulnerabilities have been discovered in MIT Kerberos 5. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to execute arbitrary...
Tor: Multiple vulnerabilities
Background Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service. Description Theo de Raadt reported that the application does not properly drop privileges to the primary groups of the user specified via the "User" configuration optio...
PHP: Multiple vulnerabilities
Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description Several vulnerabilitites were found in PHP: PHP ships a vulnerable version of the PCRE library which allows for the circumvention of security...
unarj: Long filenames buffer overflow and a path traversal vulnerability
Background unarj is an ARJ archive decompressor. Description unarj has a bounds checking vulnerability within the handling of long filenames in archives. It also fails to properly sanitize paths when extracting an archive if the "x" option is used to preserve paths. Impact An attacker could trigg...
zlib: Denial of service vulnerability
Background zlib is a general-purpose data-compression library. Description zlib contains a bug in the handling of errors in the "inflate" and "inflateBack" functions. Impact An attacker could exploit this vulnerability to launch a Denial of Service attack on any application using the zlib library...
HTMLDOC: Multiple Vulnerabilities
Background HTMLDOC is a HTML indexer and HTML to PS and PDF converter. Description Multiple vulnerabilities have been discovered in HTMLDOC. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no know...
GPL Ghostscript: Multiple Vulnerabilities
Background Ghostscript is an interpreter for the PostScript language and for PDF. Description Multiple vulnerabilities have been discovered in GPL Ghostscript. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workarou...
PostgreSQL: Multiple vulnerabilities
Background PostgreSQL is an open source object-relational database management system. Description Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact An authenticated remote attacker, by executing malicious crafted...
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...
QtGui: Arbitrary code execution
Background QtGui is a module for the Qt toolkit. Description QtGui’s setMarkdown has a use-after-free related to QTextMarkdownImporter::insertBlock. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition. Workaroun...
GNU FriBidi: Heap-based buffer overflow
Background The Free Implementation of the Unicode Bidirectional Algorithm. Description A heap-based buffer overflow vulnerability was found in GNU FriBidi. Impact A remote attacker could possibly cause a memory corruption, execute arbitrary code with the privileges of the process or cause a Denia...
Binary diff: Heap-based buffer overflow
Background bsdiff and bspatch are tools for building and applying patches to binary files. Description It was discovered that the implementation of bspatch did not check for a negative value on numbers of bytes read from the diff and extra streams. Impact A remote attacker could entice a user to...
Xen: Multiple vulnerabilities
Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the referenced CVE identifiers for details. Impact A local attacker could potentially execute arbitrary code with the privileges of the Xen QEMU process on the host, gain...