3816 matches found
iproute2: Denial of service
Background iproute2 is a set of tools for managing Linux network routing and advanced features. Description iproute2 was found to contain a use-after-free in getnetnsidfromname in ip/ipnetns.c. Impact A remote attacker, able to feed iproute2 crafted data, may be able to cause a Denial of Service...
Twisted: Access restriction bypasses
Background Twisted is an asynchronous networking framework written in Python. Description Multiple vulnerabilities have been discovered in Twisted. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is ...
PECL Imagick: Arbitrary code execution
Background Imagick is a PHP extension to create and modify images using the ImageMagick library. Description An out-of-bounds write vulnerability was discovered in the Imagick PHP extension. Impact A remote attacker, able to upload specially crafted images which will get processed by Imagick, cou...
LibreOffice: Information disclosure
Background LibreOffice is a powerful office suite; its clean interface and powerful tools let you unleash your creativity and grow your productivity. Description It was discovered that missing restrictions in the implementation of the WEBSERVICE function in LibreOffice could result in the...
cURL: Multiple vulnerabilities
Background cURL is a tool and libcurl is a library for transferring data with URL syntax. Description Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details. Impact Remote attackers could cause a Denial of Service condition, obtain...
LibreOffice: Multiple vulnerabilities
Background LibreOffice is a powerful office suite; its clean interface and powerful tools let you unleash your creativity and grow your productivity. Description Multiple vulnerabilities have been discovered in LibreOffice. Please review the CVE identifiers referenced below for details. Impact A...
Chromium: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Description Multiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details...
libupnp: Multiple vulnerabilities
Background libupnp is a portable, open source, UPnP development kit. Description Multiple vulnerabilities have been discovered in libupnp. Please review the CVE identifiers referenced below for details. Impact A remote attack could arbitrarily write files to a users file system, cause a Denial of...
Mozilla SeaMonkey: Multiple vulnerabilities
Background Mozilla SeaMonkey is a free and open-source Internet suite. It is the continuation of the former Mozilla Application Suite, based on the same source code. Description Multiple vulnerabilities have been discovered in Mozilla SeaMonkey. Please review the CVE identifiers referenced below...
PostgreSQL: Multiple vulnerabilities
Background PostgreSQL is an open source object-relational database management system. Description Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the...
GD: Multiple vulnerabilities
Background GD is a graphic library for fast image creation. Description Multiple vulnerabilities have been discovered in GD. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause ...
libuv: Privilege escalation
Background libuv is a multi-platform support library with a focus on asynchronous I/O. Description It was discovered that libuv does not call setgroups before calling setuid/setgid. If this is not called, then even though the uid has been dropped, there may still be groups associated that permit...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
Chromium: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Description Multiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details...
libxml2: Multiple vulnerabilities
Background libxml2 is the XML C parser and toolkit developed for the Gnome project. Description Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted docume...
MySQL: Multiple vulnerabilities
Background MySQL is a popular open-source multi-threaded, multi-user SQL database server. Description Multiple vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details. Impact An unauthenticated remote attacker may be able to execute arbitrary...
NTP: Remote execution of arbitrary code
Background NTP contains the client and daemon implementations for the Network Time Protocol. Description Multiple vulnerabilities have been found in the programs included in the NTP package: Apple Product Security reported a boundary error in the cookedprint function in ntpq/ntpq.c, possibly...
PostgreSQL: SQL injection
Background PostgreSQL is an open source object-relational database management system. Description PostgreSQL contains a flaw in the string parsing routines that allows certain backslash-escaped characters to be bypassed with some multibyte character encodings. This vulnerability was discovered by...
Mozilla Firefox: Multiple vulnerabilities
Background Mozilla Firefox is the next-generation web browser from the Mozilla project. Description Several vulnerabilities were found in Mozilla Firefox. Versions 1.0.8 and 1.5.0.2 were released to fix them. Impact A remote attacker could craft malicious web pages that would leverage these issue...
Mozilla, Firefox, Thunderbird, Galeon, Epiphany: New releases fix vulnerabilities
Background Mozilla is a popular web browser that includes a mail and newsreader. Galeon and Epiphany are both web browsers that use gecko, the Mozilla rendering engine. Mozilla Firefox is the next-generation browser from the Mozilla project that incorporates advanced features that are yet to be...
FasterXML jackson-databind: Multiple vulnerabilities
Background FasterXML jackson-databind is a general data-binding package for Jackson 2.x which works on streaming API core implementations. Description Multiple vulnerabilities have been discovered in FasterXML jackson-databind. Please review the CVE identifiers referenced below for details. Impac...
QEMU: Multiple Vulnerabilities
Background QEMU is a generic and open source machine emulator and virtualizer. Description Multiple vulnerabilities have been discovered in QEMU.Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...
faac: Denial of service
Background faac contains free MPEG-4 audio codecs by AudioCoding.com. Description An invalid pointer can be dereferenced in the huffcode function of libfaac/huff2.c, leading to a crash. Impact An attacker with the ability to provide crafted input to faac could cause a denial of service. Workaroun...
Privoxy: Multiple vulnerabilities
Background Privoxy is a web proxy with advanced filtering capabilities for enhancing privacy. Description Multiple vulnerabilities have been discovered in privoxy. Please review the CVE identifiers referenced below for details. Impact An attacker could cause a possible Denial of Service condition...
Telegram: Security bypass
Background Telegram is a cloud-based mobile and desktop messaging app with a focus on security and speed. Description It was discovered that Telegram failed to invalidate a recently active session. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
cURL: Multiple vulnerabilities
Background A command line tool and library for transferring data with URLs. Description Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...
WavPack: Multiple vulnerabilities
Background WavPack is a set of hybrid lossless audio compression tools. Description Multiple vulnerabilities have been discovered in WavPack. Please review the CVE identifiers referenced below for details. Impact A remote attacker could send a specially crafted audio file possibly resulting in a...
re2c: Buffer overflow
Background re2c is a tool for generating C-based recognizers from regular expressions. Description A heap buffer overflow vulnerability was discovered in re2c. Impact An attacker could possibly cause a Denial of Service condition. Workaround There is no known workaround at this time. Resolution A...
FileZilla: Untrusted search path
Background FileZilla is an open source FTP client. Description It was discovered that FileZilla uses an untrusted search path. Impact An attacker could use a malicious binary to escalate privileges. Workaround There is no known workaround at this time. Resolution All FileZilla users should upgrad...
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...
GNU IDN Library 2: Multiple vulnerabilities
Background GNU IDN Library 2 is an implementation of the IDNA2008 + TR46 specifications RFC 5890, RFC 5891, RFC 5892, RFC 5893, TR 46. Description Multiple vulnerabilities have been discovered in GNU IDN Library 2. Please review the CVE identifiers referenced below for details. Impact A remote...
Mailman: Multiple vulnerabilities
Background Mailman is a Python based mailing list server with an extensive web interface. Description Multiple vulnerabilities have been discovered in Mailman. Please review the referenced CVE identifier for details. Impact Please review the referenced CVE identifiers for details. Workaround Ther...
X.Org: Multiple vulnerabilities
Background X.Org X servers Description Multiple vulnerabilities have been discovered in X.Org server and libraries. Please review the CVE identifiers referenced below for details. Impact A local or remote users can utilize the vulnerabilities to attach to the X.Org session as a user and execute...
tcpdump: Multiple vulnerabilities
Background tcpdump is a tool for network monitoring and data acquisition. Description Multiple vulnerabilities have been discovered in tcpdump. Please review the CVE identifiers referenced below for details. Impact A remote attacker, by sending a specially crafted network package, could possibly...
PgBouncer: Multiple vulnerabilities
Background PgBouncer is a lightweight connection pooler for PostgreSQL. Description Multiple vulnerabilities have been discovered in PgBouncer. Please review the CVE identifiers referenced below for details. Impact A remote attacker might send a specially crafted package possibly resulting in a...
CrackLib: Buffer overflow
Background CrackLib is a library used to enforce strong passwords by comparing user selected passwords to words in chosen word lists. Description A stack-based buffer overflow was discovered in the FascistGecosUser function of lib/fascist.c. Impact A local attacker could set a specially crafted...
GD: Multiple vulnerabilities
Background GD is a graphic library for fast image creation. Description Multiple vulnerabilities have been discovered in GD. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause ...
VLC: Multiple vulnerabilities
Background VLC is a cross-platform media player and streaming server. Description Multiple vulnerabilities have been discovered in VLC. Please review the CVE identifiers referenced below for details. Impact Remote attackers could possibly execute arbitrary code or cause Denial of Service...
libvirt: Multiple vulnerabilities
Background libvirt is a C toolkit for manipulating virtual machines. Description Multiple vulnerabilities have been discovered in libvirt. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to cause a Denial of Service or cause information leakage...
Chromium, V8: Multiple vulnerabilities
Background Chromium is an open-source web browser project. V8 is Google’s open source JavaScript engine. Description Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact A context-dependent...
Poppler: Multiple vulnerabilities
Background Poppler is a cross-platform PDF rendering library originally based on Xpdf. Description Multiple vulnerabilities have been discovered in Poppler. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted PDF...
Tomcat: Multiple vulnerabilities
Background Tomcat is the Apache Jakarta Project's official implementation of Java Servlets and Java Server Pages. Description The following vulnerabilities were reported: Delian Krustev discovered that the JULI logging component does not properly enforce access restrictions, allowing web...
Apache: Multiple vulnerabilities
Background The Apache HTTP server is one of the most popular web servers on the Internet. Description Adrian Pastor and Amir Azam ProCheckUp reported that the HTTP Method specifier header is not properly sanitized when the HTTP return code is "413 Request Entity too large" CVE-2007-6203. The...
X.Org X server and Xfont library: Multiple vulnerabilities
Background The X Window System is a graphical windowing system based on a client/server model. Description regenrecht reported multiple vulnerabilities in various X server extension via iDefense: The XFree86-Misc extension does not properly sanitize a parameter within a PassMessage request,...
Apache: Multiple vulnerabilities
Background The Apache HTTP server is one of the most popular web servers on the Internet. Description Multiple cross-site scripting vulnerabilities have been discovered in modstatus and modautoindex CVE-2006-5752, CVE-2007-4465. An error has been discovered in the recallheaders function in...
Apache mod_security: Rule bypass
Background modsecurity is an Apache module designed for enhancing the security of the Apache web server. Description Stefan Esser discovered that modsecurity processes NULL characters as terminators in POST requests using the application/x-www-form-urlencoded encoding type, while other parsers us...
PHP: Multiple vulnerabilities
Background PHP is a general-purpose scripting language widely used to develop web-based applications. It can run inside a web server using the modphp module or the CGI version of PHP, or can run stand-alone in a CLI. Description An integer overflow and an unbound recursion were discovered in the...
Sun Java: Web Start argument injection vulnerability
Background Sun provides implementations of Java Development Kits JDK and Java Runtime Environments JRE. These implementations provide the Java Web Start technology that can be used for easy client-side deployment of Java applications. Description Jouko Pynnonen discovered that Java Web Start...
Zeppelin: Multiple Vulnerabilities
Background Apache Zeppelin is a web-based notebook that enables data-driven, interactive data analytics and collaborative documents with SQL, Scala, Python, R and more. Description Multiple vulnerabilities have been discovered in Zeppelin. Please review the CVE identifiers referenced below for...
curl: Multiple Vulnerabilities
Background A command line tool and library for transferring data with URLs. Description Multiple vulnerabilities have been discovered in curl. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Note that the risk of...