3816 matches found
WavPack: Multiple vulnerabilities
Background WavPack is a set of hybrid lossless audio compression tools. Description Multiple vulnerabilities have been discovered in WavPack. Please review the CVE identifiers referenced below for details. Impact A remote attacker could send a specially crafted audio file possibly resulting in a...
netqmail: Multiple vulnerabilities
Background qmail is a secure, reliable, efficient, simple message transfer agent. Description Multiple vulnerabilities have been discovered in netqmail. Please review the CVE identifiers referenced below for details. Impact In the default configuration, these vulnerabilities are only local. Pleas...
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...
Binutils: Multiple vulnerabilities
Background The GNU Binutils are a collection of tools to create, modify and analyse binary files. Many of the files use BFD, the Binary File Descriptor library, to do low-level manipulation. Description Multiple vulnerabilities have been discovered in Binutils. Please review the referenced CVE...
mod_gnutls: Certificate validation error
Background modgnutls is an extension for Apache’s httpd. It uses the GnuTLS library to provide HTTPS. It supports some protocols and features that modssl does not. Description It was discovered that the authentication hook in modgnutls does not validate client’s certificates even when option...
Perl: Race condition vulnerability
Background File::Path module provides a convenient way to create directories of arbitrary depth and to delete an entire directory subtree from the filesystem. Description A race condition occurs within concurrent environments. This condition was discovered by The cPanel Security Team in the rmtre...
Xen: Privilege Escalation
Background Xen is a bare-metal hypervisor. Description In CIRRUSBLTMODEMEMSYSSRC mode the bitblit copy routine cirrusbitbltcputovideo fails to check wethehr the specified memory region is safe. Impact A local attacker could potentially execute arbitrary code with privileges of Xen QEMU process on...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
PPP: Buffer overflow
Background PPP is a Unix implementation of the Point-to-Point Protocol Description A buffer overflow was discovered in the rcmksid function in plugins/radius/util.c in PPP when the PID for pppd is greater than 65535. Impact A remote attacker could cause a Denial of Service condition. Workaround...
MiniUPnPc: Buffer overflow
Background UPnP client library and a simple UPnP client. Description An out-of-bounds read was discovered in the getHTTPResponse function in miniwget.c in MiniUPnPc. Impact Remote attackers, through specially crafted headers, could cause a Denial of Service condition. Workaround There is no known...
systemd: Multiple vulnerabilities
Background A system and service manager. Description Multiple vulnerabilities have been discovered in systemd. Please review the CVE identifiers referenced below for details. Impact An attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service...
Poppler: Multiple vulnerabilities
Background Poppler is a PDF rendering library based on the xpdf-3.0 code base. Description Multiple vulnerabilities have been discovered in Poppler. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted PDF using...
GNU C Library: Multiple vulnerabilities
Background The GNU C library is the standard C library used by Gentoo Linux systems. Description Multiple vulnerabilities have been discovered in the GNU C Library: The Google Security Team and Red Hat discovered a stack-based buffer overflow in the senddg and sendvc functions due to a buffer...
Oracle JRE/JDK: Multiple vulnerabilities
Background The Oracle Java Development Kit JDK and the Oracle Java Runtime Environment JRE provide the Oracle Java platform. Description Multiple vulnerabilities have been discovered in Oracle JRE/JDK. Please review the CVE identifiers referenced below for details. Impact An context-dependent...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple unspecified vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A...
phpMyAdmin: Multiple vulnerabilities
Background phpMyAdmin is a web-based management tool for MySQL databases. Description Multiple vulnerabilities have been discovered in phpMyAdmin. Please review the CVE identifiers referenced below for details. Impact A remote authenticated attacker could exploit these vulnerabilities to execute...
VLC: Multiple vulnerabilities
Background VLC is a cross-platform media player and streaming server. Description Multiple vulnerabilities were found in VLC: Michal Luczaj and Luigi Auriemma reported that VLC contains boundary errors when handling subtitles in the ParseMicroDvd, ParseSSA, and ParseVplayer functions in the...
VMware Workstation and Player: Multiple vulnerabilities
Background VMware Workstation is a virtual machine for developers and system administrators. VMware Player is a freeware virtualization software that can run guests produced by other VMware products. Description Multiple vulnerabilities have been discovered in several VMware products. Neel Mehta...
phpMyAdmin: Multiple vulnerabilities
Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the web. Description Stefan Esser from Hardened-PHP reported about multiple vulnerabilties found in phpMyAdmin. The $GLOBALS variable allows modifying the global variable importblacklist to open...
curl: Multiple Vulnerabilities
Background A command line tool and library for transferring data with URLs. Description Multiple vulnerabilities have been discovered in curl. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Note that the risk of...
libvpx: Multiple Vulnerabilities
Background libvpx is the VP8 codec SDK used to encode and decode video streams, typically within a WebM format media file. Description Multiple vulnerabilities have been discovered in libvpx. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...
FreeRDP: Multiple Vulnerabilities
Background FreeRDP is a free implementation of the remote desktop protocol. Description Multiple vulnerabilities have been discovered in FreeRDP. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...
Rizin: Multiple Vulnerabilities
Background Rizin is a reverse engineering framework for binary analysis. Description Multiple vulnerabilities have been discovered in Rizin. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no know...
OpenJDK: Multiple Vulnerabilities
Background OpenJDK is an open source implementation of the Java programming language. Description Multiple vulnerabilities have been discovered in OpenJDK. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround...
Mutt, NeoMutt: Denial of service
Background Mutt is a small but very powerful text-based mail client. NeoMutt is a command line mail reader or MUA. It’s a fork of Mutt with added features. Description It was discovered that Mutt, and NeoMutt did not properly handle certain situations where an IMAP sequence set ends with a comma...
stunnel: Improper certificate validation
Background The stunnel program is designed to work as an SSL/TLS encryption wrapper between a client and a local or remote server. Description It was discovered that stunnel did not correctly verified the client certificate when options “redirect” and “verifyChain” are used. Impact A remote...
Apache Ant: Insecure temporary file
Background Ant is a Java-based build tool similar to ‘make’ that uses XML configuration files. Description A previous fix for a security vulnerability involving insecure temporary files has been found to be incomplete. Impact A local attacker could perform symlink attacks to overwrite arbitrary...
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...
AWStats: Multiple vulnerabilities
Background AWStats is an advanced log file analyzer and statistics generator. Description Multiple vulnerabilities have been discovered in AWStats. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is ...
NTFS-3G: Remote code execution, possible privilege escalation
Background NTFS-3G is a stable, full-featured, read-write NTFS driver for various operating systems. Description An integer underflow issue exists in NTFS-3G which may cause a heap buffer overflow with crafted input. Impact A remote attacker may be able to execute arbitrary code while a local...
Haml: Arbitrary code execution
Background Haml is a templating engine for HTML. Description It was discovered that Haml was not correctly filtering out special characters which may be used for attributes. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of...
D-Bus: Denial of service
Background D-Bus is a message bus system which processes can use to talk to each other. Description D-Bus does not correctly dispose of old connections meaning that it is possible for D-Bus to hit a connection limit. Impact An attacker could cause a possible Denial of Service condition. Workaroun...
Mozilla Thunderbird: Multiple vulnerabilities
Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...
OpenJDK, IcedTea: Multiple vulnerabilities
Background OpenJDK is a free and open-source implementation of the Java Platform, Standard Edition. IcedTea’s aim is to provide OpenJDK in a form suitable for easy configuration, compilation and distribution with the primary goal of allowing inclusion in GNU/Linux distributions. Description...
GNU Mailutils: Privilege escalation
Background The GNU Mailutils are a collection of mail-related utilities, including an IMAP4 server imap4d. Description GNU Mailutils runs maidag by default with setuid root permissions. Impact An attacker can use this to write to arbitrary files as root. Workaround There is no known workaround at...
libu2f-host: Multiple vulnerabilities
Background Yubico Universal 2nd Factor U2F Host C Library. Description Multiple vulnerabilities have been discovered in libu2f-host. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to plug-in a malicious USB device, possibly resulting i...
VirtualBox: Multiple vulnerabilities
Background VirtualBox is a powerful virtualization product from Oracle. Description Multiple vulnerabilities have been discovered in VirtualBox. Please review the CVE identifiers referenced below for details. Impact An attacker could take control of VirtualBox resulting in the execution of...
ImageMagick: Multiple vulnerabilities
Background A collection of tools and libraries for many image formats. Description Multiple vulnerabilities have been discovered in ImageMagick. Please review the referenced CVE identifiers for details. Impact Remote attackers, by enticing a user to process a specially crafted file, could obtain...
RAR, UnRAR: Multiple vulnerabilities
Background RAR and UnRAR provide command line interfaces for compressing and decompressing RAR files. Description Multiple vulnerabilities have been discovered in RAR and UnRAR. Please review the referenced CVE identifiers for details. Impact A remote attacker, by enticing a user to open a...
LibreOffice: Multiple vulnerabilities
Background LibreOffice is a powerful office suite; its clean interface and powerful tools let you unleash your creativity and grow your productivity. Description Multiple vulnerabilities have been discovered in LibreOffice. Please review the CVE identifiers referenced below for details. Impact A...
Mozilla Thunderbird: Multiple vulnerabilities
Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact A remote attacker, by enticing a user to open a...
Chromium: Multiple vulnerabilities
Background Chromium is the open-source web browser project behind Google Chrome Description Multiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code wit...
Python: Multiple vulnerabilities
Background Python is an interpreted, interactive, object-oriented programming language. Description Multiple vulnerabilities have been discovered in Python. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted ind...
Xen: Multiple vulnerabilities
Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact A local attacker could possibly execute arbitrary code with the privileges of the process, could gain privileges on t...
Munin: Multiple vulnerabilities
Background Munin is an open source server monitoring tool. Description Multiple vulnerabilities have been discovered in Munin. Please review the CVE identifiers referenced below for details. Impact A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of...
PHP: Multiple vulnerabilities
Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
mini_httpd: Arbitrary code execution
Background minihttpd is a small webserver with optional SSL and IPv6 support. Description minihttpd does not properly check for shell escapes when parsing HTTP requests. Impact A remote attacker could send specially crafted HTTP requests, possibly resulting in execution of arbitrary code with the...
Tor: Multiple vulnerabilities
Background Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service. Description Multiple vulnerabilities have been discovered in Tor. Please review the CVE identifiers referenced below for details. Impact A remote unauthenticated attack...
Ruby on Rails: Multiple vulnerabilities
Background Ruby on Rails is a web-application and persistence framework. Description The following vulnerabilities were discovered: sameer reported that lib/actioncontroller/cgiprocess.rb removes the :cookieonly attribute from the default session options CVE-2007-6077, due to an incomplete fix fo...
POV-Ray: User-assisted execution of arbitrary code
Background POV-Ray is a well known open-source ray tracer. Description POV-Ray uses a statically linked copy of libpng to view and output PNG files. The version shipped with POV-Ray is vulnerable to CVE-2008-3964, CVE-2008-1382, CVE-2006-3334, CVE-2006-0481, CVE-2004-0768. A bug in POV-Ray's buil...