3816 matches found
Mozilla SeaMonkey: Multiple vulnerabilities
Background Mozilla SeaMonkey is a free and open-source Internet suite. It is the continuation of the former Mozilla Application Suite, based on the same source code. Description Multiple vulnerabilities have been discovered in Mozilla SeaMonkey. Please review the CVE identifiers referenced below...
PostgreSQL: Multiple vulnerabilities
Background PostgreSQL is an open source object-relational database management system. Description Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the...
GD: Multiple vulnerabilities
Background GD is a graphic library for fast image creation. Description Multiple vulnerabilities have been discovered in GD. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause ...
libuv: Privilege escalation
Background libuv is a multi-platform support library with a focus on asynchronous I/O. Description It was discovered that libuv does not call setgroups before calling setuid/setgid. If this is not called, then even though the uid has been dropped, there may still be groups associated that permit...
Chromium: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Description Multiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
libxml2: Multiple vulnerabilities
Background libxml2 is the XML C parser and toolkit developed for the Gnome project. Description Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted docume...
MySQL: Multiple vulnerabilities
Background MySQL is a popular open-source multi-threaded, multi-user SQL database server. Description Multiple vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details. Impact An unauthenticated remote attacker may be able to execute arbitrary...
NTP: Remote execution of arbitrary code
Background NTP contains the client and daemon implementations for the Network Time Protocol. Description Multiple vulnerabilities have been found in the programs included in the NTP package: Apple Product Security reported a boundary error in the cookedprint function in ntpq/ntpq.c, possibly...
PostgreSQL: SQL injection
Background PostgreSQL is an open source object-relational database management system. Description PostgreSQL contains a flaw in the string parsing routines that allows certain backslash-escaped characters to be bypassed with some multibyte character encodings. This vulnerability was discovered by...
Mozilla Firefox: Multiple vulnerabilities
Background Mozilla Firefox is the next-generation web browser from the Mozilla project. Description Several vulnerabilities were found in Mozilla Firefox. Versions 1.0.8 and 1.5.0.2 were released to fix them. Impact A remote attacker could craft malicious web pages that would leverage these issue...
FasterXML jackson-databind: Multiple vulnerabilities
Background FasterXML jackson-databind is a general data-binding package for Jackson 2.x which works on streaming API core implementations. Description Multiple vulnerabilities have been discovered in FasterXML jackson-databind. Please review the CVE identifiers referenced below for details. Impac...
QEMU: Multiple Vulnerabilities
Background QEMU is a generic and open source machine emulator and virtualizer. Description Multiple vulnerabilities have been discovered in QEMU.Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...
faac: Denial of service
Background faac contains free MPEG-4 audio codecs by AudioCoding.com. Description An invalid pointer can be dereferenced in the huffcode function of libfaac/huff2.c, leading to a crash. Impact An attacker with the ability to provide crafted input to faac could cause a denial of service. Workaroun...
Privoxy: Multiple vulnerabilities
Background Privoxy is a web proxy with advanced filtering capabilities for enhancing privacy. Description Multiple vulnerabilities have been discovered in privoxy. Please review the CVE identifiers referenced below for details. Impact An attacker could cause a possible Denial of Service condition...
Telegram: Security bypass
Background Telegram is a cloud-based mobile and desktop messaging app with a focus on security and speed. Description It was discovered that Telegram failed to invalidate a recently active session. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
GNOME Autoar: User-assisted execution of arbitrary code
Background GNOME Autoar provides functions and widgets for GNOME applications which want to use archives as a method to transfer directories over the internet. Description It was discovered that GNOME Autoar could extract files outside of the intended directory. Impact A remote attacker could...
cURL: Multiple vulnerabilities
Background A command line tool and library for transferring data with URLs. Description Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...
re2c: Buffer overflow
Background re2c is a tool for generating C-based recognizers from regular expressions. Description A heap buffer overflow vulnerability was discovered in re2c. Impact An attacker could possibly cause a Denial of Service condition. Workaround There is no known workaround at this time. Resolution A...
GNU IDN Library 2: Multiple vulnerabilities
Background GNU IDN Library 2 is an implementation of the IDNA2008 + TR46 specifications RFC 5890, RFC 5891, RFC 5892, RFC 5893, TR 46. Description Multiple vulnerabilities have been discovered in GNU IDN Library 2. Please review the CVE identifiers referenced below for details. Impact A remote...
PECL Imagick: Arbitrary code execution
Background Imagick is a PHP extension to create and modify images using the ImageMagick library. Description An out-of-bounds write vulnerability was discovered in the Imagick PHP extension. Impact A remote attacker, able to upload specially crafted images which will get processed by Imagick, cou...
Mailman: Multiple vulnerabilities
Background Mailman is a Python based mailing list server with an extensive web interface. Description Multiple vulnerabilities have been discovered in Mailman. Please review the referenced CVE identifier for details. Impact Please review the referenced CVE identifiers for details. Workaround Ther...
LibreOffice: Information disclosure
Background LibreOffice is a powerful office suite; its clean interface and powerful tools let you unleash your creativity and grow your productivity. Description It was discovered that missing restrictions in the implementation of the WEBSERVICE function in LibreOffice could result in the...
cURL: Multiple vulnerabilities
Background cURL is a tool and libcurl is a library for transferring data with URL syntax. Description Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details. Impact Remote attackers could cause a Denial of Service condition, obtain...
X.Org: Multiple vulnerabilities
Background X.Org X servers Description Multiple vulnerabilities have been discovered in X.Org server and libraries. Please review the CVE identifiers referenced below for details. Impact A local or remote users can utilize the vulnerabilities to attach to the X.Org session as a user and execute...
tcpdump: Multiple vulnerabilities
Background tcpdump is a tool for network monitoring and data acquisition. Description Multiple vulnerabilities have been discovered in tcpdump. Please review the CVE identifiers referenced below for details. Impact A remote attacker, by sending a specially crafted network package, could possibly...
PgBouncer: Multiple vulnerabilities
Background PgBouncer is a lightweight connection pooler for PostgreSQL. Description Multiple vulnerabilities have been discovered in PgBouncer. Please review the CVE identifiers referenced below for details. Impact A remote attacker might send a specially crafted package possibly resulting in a...
CrackLib: Buffer overflow
Background CrackLib is a library used to enforce strong passwords by comparing user selected passwords to words in chosen word lists. Description A stack-based buffer overflow was discovered in the FascistGecosUser function of lib/fascist.c. Impact A local attacker could set a specially crafted...
GD: Multiple vulnerabilities
Background GD is a graphic library for fast image creation. Description Multiple vulnerabilities have been discovered in GD. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause ...
VLC: Multiple vulnerabilities
Background VLC is a cross-platform media player and streaming server. Description Multiple vulnerabilities have been discovered in VLC. Please review the CVE identifiers referenced below for details. Impact Remote attackers could possibly execute arbitrary code or cause Denial of Service...
libvirt: Multiple vulnerabilities
Background libvirt is a C toolkit for manipulating virtual machines. Description Multiple vulnerabilities have been discovered in libvirt. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to cause a Denial of Service or cause information leakage...
Chromium, V8: Multiple vulnerabilities
Background Chromium is an open-source web browser project. V8 is Google’s open source JavaScript engine. Description Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact A context-dependent...
Poppler: Multiple vulnerabilities
Background Poppler is a cross-platform PDF rendering library originally based on Xpdf. Description Multiple vulnerabilities have been discovered in Poppler. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted PDF...
Apache: Multiple vulnerabilities
Background The Apache HTTP server is one of the most popular web servers on the Internet. Description Adrian Pastor and Amir Azam ProCheckUp reported that the HTTP Method specifier header is not properly sanitized when the HTTP return code is "413 Request Entity too large" CVE-2007-6203. The...
X.Org X server and Xfont library: Multiple vulnerabilities
Background The X Window System is a graphical windowing system based on a client/server model. Description regenrecht reported multiple vulnerabilities in various X server extension via iDefense: The XFree86-Misc extension does not properly sanitize a parameter within a PassMessage request,...
Apache: Multiple vulnerabilities
Background The Apache HTTP server is one of the most popular web servers on the Internet. Description Multiple cross-site scripting vulnerabilities have been discovered in modstatus and modautoindex CVE-2006-5752, CVE-2007-4465. An error has been discovered in the recallheaders function in...
Apache mod_security: Rule bypass
Background modsecurity is an Apache module designed for enhancing the security of the Apache web server. Description Stefan Esser discovered that modsecurity processes NULL characters as terminators in POST requests using the application/x-www-form-urlencoded encoding type, while other parsers us...
PHP: Multiple vulnerabilities
Background PHP is a general-purpose scripting language widely used to develop web-based applications. It can run inside a web server using the modphp module or the CGI version of PHP, or can run stand-alone in a CLI. Description An integer overflow and an unbound recursion were discovered in the...
Sun Java: Web Start argument injection vulnerability
Background Sun provides implementations of Java Development Kits JDK and Java Runtime Environments JRE. These implementations provide the Java Web Start technology that can be used for easy client-side deployment of Java applications. Description Jouko Pynnonen discovered that Java Web Start...
Mozilla, Firefox, Thunderbird, Galeon, Epiphany: New releases fix vulnerabilities
Background Mozilla is a popular web browser that includes a mail and newsreader. Galeon and Epiphany are both web browsers that use gecko, the Mozilla rendering engine. Mozilla Firefox is the next-generation browser from the Mozilla project that incorporates advanced features that are yet to be...
Zeppelin: Multiple Vulnerabilities
Background Apache Zeppelin is a web-based notebook that enables data-driven, interactive data analytics and collaborative documents with SQL, Scala, Python, R and more. Description Multiple vulnerabilities have been discovered in Zeppelin. Please review the CVE identifiers referenced below for...
GNU Binutils: Multiple Vulnerabilities
Background The GNU Binutils are a collection of tools to create, modify and analyse binary files. Many of the files use BFD, the Binary File Descriptor library, to do low-level manipulation. Description Multiple vulnerabilities have been discovered in GNU Binutils. Please review the CVE identifie...
JHead: Multiple Vulnerabilities
Background JHead is an EXIF JPEG header manipulation tool. Description Multiple vulnerabilities have been discovered in JHead. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround a...
LibTIFF: Multiple Vulnerabilities
Background LibTIFF provides support for reading and manipulating TIFF Tagged Image File Format images. Description Multiple vulnerabilities have been discovered in LibTIFF. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...
ISC BIND: Multiple Vulnerabilities
Background ISC BIND is the Internet Systems Consortium implementation of the Domain Name System DNS protocol. Description Multiple vulnerabilities have been discovered in ISC BIND. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers...
Mozilla Firefox: Multiple Vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
BusyBox: Denial of service
Background BusyBox is a set of tools for embedded systems and is a replacement for GNU Coreutils. Description It was discovered that BusyBox mishandled the error bit on the huftbuild result pointer when decompressing GZIP compressed data. Impact A remote attacker could entice a user to open a...
HAProxy: Arbitrary code execution
Background HAProxy is a TCP/HTTP reverse proxy for high availability environments. Description It was discovered that HAProxy incorrectly handled certain HTTP/2 headers. Impact A remote attacker, by sending a specially crafted HTTP/2 request, could possibly execute arbitrary code with the...
FileZilla: Untrusted search path
Background FileZilla is an open source FTP client. Description It was discovered that FileZilla uses an untrusted search path. Impact An attacker could use a malicious binary to escalate privileges. Workaround There is no known workaround at this time. Resolution All FileZilla users should upgrad...
LHa: Buffer overflow
Background LHa is a console-based program for packing and unpacking LHarc archives. Description A buffer overflow in LHa’s compression code was discovered which can be triggered by a crafted input file. Impact A remote attacker could send a specially crafted file possibly resulting in a Denial of...