3816 matches found
Opera: Multiple vulnerabilities
Background Opera is a fast web browser that is available free of charge. Description Multiple vulnerabilities have been discovered in Opera. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted web page, possibly...
PHP: Multiple vulnerabilities
Background PHP is a general-purpose scripting language widely used to develop web-based applications. It can run inside a web server using the modphp module or the CGI version and also stand-alone in a CLI. Description Multiple vulnerabilities have been found and fixed in PHP: a possible $GLOBALS...
Apache, mod_ssl: Multiple vulnerabilities
Background The Apache HTTP server is one of the most popular web servers on the Internet. modssl provides SSL v2/v3 and TLS v1 support for Apache 1.3 and is also included in Apache 2. Description modssl contains a security issue when "SSLVerifyClient optional" is configured in the global virtual...
GPL Ghostscript: Multiple Vulnerabilities
Background Ghostscript is an interpreter for the PostScript language and for PDF. Description Multiple vulnerabilities have been discovered in GPL Ghostscript. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workarou...
HashiCorp Consul: Multiple Vulnerabilities
Background HashiCorp Consul is a tool for service discovery, monitoring and configuration. Description Multiple vulnerabilities have been discovered in HashiCorp Consul. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
PostgreSQL: Multiple vulnerabilities
Background PostgreSQL is an open source object-relational database management system. Description Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact An authenticated remote attacker, by executing malicious crafted...
Salt: Multiple vulnerabilities
Background Salt is a remote execution and configuration manager. Description Multiple vulnerabilities have been discovered in Salt. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
Docker: Information disclosure
Background Docker is the world’s leading software containerization platform. Description It was found that Docker created network bridges which by default accept IPv6 router advertisements. Impact An attacker who gained access to a container with CAPNETRAW capability may be able to to spoof route...
Mozilla Firefox: Multiple vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to view a specially...
Xen: Multiple vulnerabilities
Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the referenced CVE identifiers for details. Impact A local attacker could potentially execute arbitrary code with the privileges of the Xen QEMU process on the host, gain...
OpenSSH: Permission issue
Background OpenSSH is a complete SSH protocol implementation that includes SFTP client and server support. Description The processopen function in sftp-server.c in OpenSSH did not properly prevent write operations in readonly mode. Impact A remote attacker could cause the creation of zero-length...
Binutils: Multiple vulnerabilities
Background The GNU Binutils are a collection of tools to create, modify and analyse binary files. Many of the files use BFD, the Binary File Descriptor library, to do low-level manipulation. Description Multiple vulnerabilities have been discovered in Binutils. Please review the referenced CVE...
IcedTea: Multiple vulnerabilities
Background IcedTea’s aim is to provide OpenJDK in a form suitable for easy configuration, compilation and distribution with the primary goal of allowing inclusion in GNU/Linux distributions. Description Multiple vulnerabilities have been discovered in IcedTea. Please review the referenced CVE...
SquirrelMail: Remote Code Execution
Background SquirrelMail is a webmail package written in PHP. It supports IMAP and SMTP and can optionally be installed with SQL support. Description It was discovered that the sendmail.cf file is mishandled in a popen call. Impact A remote attacker, by enticing a user to open an e-mail attachment...
WebKitGTK+: Multiple vulnerabilities
Background WebKitGTK+ is a full-featured port of the WebKit rendering engine. Description Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details. Impact A remote attack can use multiple vectors to execute arbitrary code or cause...
OpenOffice: User-assisted execution of arbitrary code
Background Apache OpenOffice is an open-source office software suite for word processing, spreadsheets, presentations, graphics, databases and more. Description An exploitable out-of-bounds vulnerability exists in OpenOffice Impress when handling MetaActions. Impact A remote attacker could entice...
PuTTY: Buffer overflow
Background PuTTY is a free implementation of Telnet and SSH for Windows and Unix platforms, along with an xterm terminal emulator. Description A heap-corrupting buffer overflow bug in the sshagentchanneldata function of PuTTY was found. Impact A remote attacker, utilizing the SSH agent forwarding...
OpenSSL: Multiple vulnerabilities
Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced...
Firejail: Privilege escalation
Background A SUID program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf. Description The unaffected packages listed in GLSA 201612-48 had an incomplete fix as reported by Sebastian Krahmer of SuSE...
Perl: Multiple vulnerabilities
Background Perl is a highly capable, feature-rich programming language. Description Multiple vulnerabilities have been discovered in Perl. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of the...
DCRaw: Buffer overflow
Background Command-line decoder for raw digital photos. Description An integer overflow was discovered in the ljpegstart function in DCRaw. Impact Remote attackers, by enticing a user to open a specially crafted image, could cause a Denial of Service condition. Workaround There is no known...
libxml2: Multiple vulnerabilities
Background libxml2 is the XML eXtended Markup Language C parser and toolkit initially developed for the Gnome project. Description Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user...
OpenJPEG: Multiple vulnerabilities
Background OpenJPEG is an open-source JPEG 2000 library. Description Multiple vulnerabilities have been discovered in OpenJPEG. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted JPEG file, possibly resulting in...
QEMU: Multiple vulnerabilities
Background QEMU is a generic and open source machine emulator and virtualizer. Description Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Impact A privileged user /process within a guest QEMU environment can cause a Denial of...
Apache: Multiple vulnerabilities
Background Apache HTTP Server is one of the most popular web servers on the Internet. Description Multiple vulnerabilities have been discovered in Apache HTTP Server. Please review the CVE identifiers referenced below for details. Impact Remote attackers could bypass intended access restrictions,...
libpcre: Multiple Vulnerabilities
Background libpcre is a library providing functions for Perl-compatible regular expressions. Description Multiple vulnerabilities have been discovered in libpcre. Please review the CVE identifiers referenced below for details. Impact An attacker can possibly execute arbitrary code or create a...
Xen: Multiple vulnerabilities
Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact A local attacker could possibly cause a Denial of Service condition or obtain sensitive information. Workaround There...
OpenSSL: Multiple vulnerabilities
Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been discovered in OpenSSL, the worst being a cross-protocol attack called...
SQLite: Multiple vulnerabilities
Background SQLite is a C library that implements an SQL database engine. Description Multiple vulnerabilities have been discovered in SQLite. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker could possibly cause a Denial of Service condition...
Ruby on Rails: Multiple vulnerabilities
Background Ruby on Rails is a web-application and persistence framework. Description Multiple vulnerabilities have been discovered in Ruby on Rails. Please review the CVE identifiers referenced below for details. Impact A remote attacker could execute arbitrary code or cause a Denial of Service...
GNU C Library: Multiple vulnerabilities
Background The GNU C library is the standard C library used by Gentoo Linux systems. Description Multiple vulnerabilities have been discovered in GNU C Library. Please review the CVE identifiers referenced below for details. Impact A local attacker could trigger vulnerabilities in dynamic library...
GraphicsMagick: Multiple vulnerabilities
Background GraphicsMagick is the Swiss army knife of image processing. Description Multiple vulnerabilities have been discovered in GraphicsMagick. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially-crafted image file,...
phpMyAdmin: Multiple vulnerabilities
Background phpMyAdmin is a web-based management tool for MySQL databases. Description Multiple vulnerabilities have been discovered in phpMyAdmin. Please review the CVE identifiers and phpMyAdmin Security Advisories referenced below for details. Impact Remote attackers might be able to insert and...
PostgreSQL: Multiple vulnerabilities
Background PostgreSQL is an open source object-relational database management system. Description Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact A remote authenticated attacker could send a specially crafted SQL...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the popular SWF file format, which is commonly used to provide interactive websites, digital experiences and mobile content. Description Multiple vulnerabilities have been discovered in Adobe Flash Player: The access scope of SystemsetClipboard...
TikiWiki: Arbitrary command execution
Background TikiWiki is an open source content management system written in PHP. Description ShAnKaR reported that input passed to the "f" array parameter in tiki-graphformula.php is not properly verified before being used to execute PHP functions. Impact An attacker could execute arbitrary code...
Opera: Multiple vulnerabilities
Background Opera is a multi-platform web browser. Description An error known as "a virtual function call on an invalid pointer" has been discovered in the JavaScript engine CVE-2007-4367. Furthermore, iDefense Labs reported that an already-freed pointer may be still used under unspecified...
phpGroupWare, eGroupWare: PHP script injection vulnerability
Background phpGroupWare and eGroupWare are web based collaboration software suites. Description The XML-RPC implementations of phpGroupWare and eGroupWare fail to sanitize input sent to the XML-RPC server using the "POST" method. Impact A remote attacker could exploit the XML-RPC vulnerability to...
zgv: Multiple buffer overflows
Background zgv is a console image viewer based on svgalib. Description Multiple arithmetic overflows have been detected in the image processing code of zgv. Impact An attacker could entice a user to open a specially-crafted image file, potentially resulting in execution of arbitrary code with the...
zlib: Denial of service vulnerability
Background zlib is a general-purpose data-compression library. Description zlib contains a bug in the handling of errors in the "inflate" and "inflateBack" functions. Impact An attacker could exploit this vulnerability to launch a Denial of Service attack on any application using the zlib library...
QtWebEngine: Multiple Vulnerabilities
Background QtWebEngine is a library for rendering dynamic web content in Qt5 and Qt6 C++ and QML applications. Description Multiple vulnerabilities have been discovered in QtWebEngine. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...
Apache Commons Text: Arbitrary Code Execution
Background Apache Commons Text is a library focused on algorithms working on strings. Description Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to...
PHP: Multiple Vulnerabilities
Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact Please review th...
LibTIFF: Multiple Vulnerabilities
Background LibTIFF provides support for reading and manipulating TIFF Tagged Image File Format images. Description Multiple vulnerabilities have been discovered in LibTIFF. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...
Apache Thrift: Multiple vulnerabilities
Background Apache Thrift is a software framework that combines a software stack with a code generation engine to build services that work efficiently and seamlessly between many languages. Description Multiple vulnerabilities have been discovered in Apache Thrift. Please review the CVE identifier...
GNOME Autoar: User-assisted execution of arbitrary code
Background GNOME Autoar provides functions and widgets for GNOME applications which want to use archives as a method to transfer directories over the internet. Description It was discovered that GNOME Autoar could extract files outside of the intended directory. Impact A remote attacker could...
Python: Multiple vulnerabilities
Background Python is an interpreted, interactive, object-oriented programming language. Description Multiple vulnerabilities have been discovered in Python. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround...
Mozilla Thunderbird: Remote code execution
Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description A use-after-free bug was discovered in Mozilla Thunderbird handling of SCTP. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Deni...
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...