3816 matches found
GNU Binutils: Multiple Vulnerabilities
Background The GNU Binutils are a collection of tools to create, modify and analyse binary files. Many of the files use BFD, the Binary File Descriptor library, to do low-level manipulation. Description Multiple vulnerabilities have been discovered in GNU Binutils. Please review the CVE identifie...
JHead: Multiple Vulnerabilities
Background JHead is an EXIF JPEG header manipulation tool. Description Multiple vulnerabilities have been discovered in JHead. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround a...
ISC BIND: Multiple Vulnerabilities
Background ISC BIND is the Internet Systems Consortium implementation of the Domain Name System DNS protocol. Description Multiple vulnerabilities have been discovered in ISC BIND. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers...
Rizin: Multiple Vulnerabilities
Background Rizin is a reverse engineering framework for binary analysis. Description Multiple vulnerabilities have been discovered in Rizin. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no know...
OpenJDK: Multiple Vulnerabilities
Background OpenJDK is an open source implementation of the Java programming language. Description Multiple vulnerabilities have been discovered in OpenJDK. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround...
Mozilla Firefox: Multiple Vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
BusyBox: Denial of service
Background BusyBox is a set of tools for embedded systems and is a replacement for GNU Coreutils. Description It was discovered that BusyBox mishandled the error bit on the huftbuild result pointer when decompressing GZIP compressed data. Impact A remote attacker could entice a user to open a...
Mutt, NeoMutt: Denial of service
Background Mutt is a small but very powerful text-based mail client. NeoMutt is a command line mail reader or MUA. It’s a fork of Mutt with added features. Description It was discovered that Mutt, and NeoMutt did not properly handle certain situations where an IMAP sequence set ends with a comma...
HAProxy: Arbitrary code execution
Background HAProxy is a TCP/HTTP reverse proxy for high availability environments. Description It was discovered that HAProxy incorrectly handled certain HTTP/2 headers. Impact A remote attacker, by sending a specially crafted HTTP/2 request, could possibly execute arbitrary code with the...
OpenSSL: Denial of service
Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1/v1.1/v1.2/v1.3 as well as a general purpose cryptography library. Description A null pointer dereference flaw was found in OpenSSL. Impact A remote attacker, able to...
D-Bus: Denial of service
Background D-Bus is a message bus system which processes can use to talk to each other. Description D-Bus does not correctly dispose of old connections meaning that it is possible for D-Bus to hit a connection limit. Impact An attacker could cause a possible Denial of Service condition. Workaroun...
LHa: Buffer overflow
Background LHa is a console-based program for packing and unpacking LHarc archives. Description A buffer overflow in LHa’s compression code was discovered which can be triggered by a crafted input file. Impact A remote attacker could send a specially crafted file possibly resulting in a Denial of...
Haml: Arbitrary code execution
Background Haml is a templating engine for HTML. Description It was discovered that Haml was not correctly filtering out special characters which may be used for attributes. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of...
netqmail: Multiple vulnerabilities
Background qmail is a secure, reliable, efficient, simple message transfer agent. Description Multiple vulnerabilities have been discovered in netqmail. Please review the CVE identifiers referenced below for details. Impact In the default configuration, these vulnerabilities are only local. Pleas...
Samba: Multiple vulnerabilities
Background Samba is a suite of SMB and CIFS client/server programs. Description Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
OpenJDK, IcedTea: Multiple vulnerabilities
Background OpenJDK is a free and open-source implementation of the Java Platform, Standard Edition. IcedTea’s aim is to provide OpenJDK in a form suitable for easy configuration, compilation and distribution with the primary goal of allowing inclusion in GNU/Linux distributions. Description...
GNU Mailutils: Privilege escalation
Background The GNU Mailutils are a collection of mail-related utilities, including an IMAP4 server imap4d. Description GNU Mailutils runs maidag by default with setuid root permissions. Impact An attacker can use this to write to arbitrary files as root. Workaround There is no known workaround at...
mod_gnutls: Certificate validation error
Background modgnutls is an extension for Apache’s httpd. It uses the GnuTLS library to provide HTTPS. It supports some protocols and features that modssl does not. Description It was discovered that the authentication hook in modgnutls does not validate client’s certificates even when option...
Perl: Race condition vulnerability
Background File::Path module provides a convenient way to create directories of arbitrary depth and to delete an entire directory subtree from the filesystem. Description A race condition occurs within concurrent environments. This condition was discovered by The cPanel Security Team in the rmtre...
Xen: Privilege Escalation
Background Xen is a bare-metal hypervisor. Description In CIRRUSBLTMODEMEMSYSSRC mode the bitblit copy routine cirrusbitbltcputovideo fails to check wethehr the specified memory region is safe. Impact A local attacker could potentially execute arbitrary code with privileges of Xen QEMU process on...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
PPP: Buffer overflow
Background PPP is a Unix implementation of the Point-to-Point Protocol Description A buffer overflow was discovered in the rcmksid function in plugins/radius/util.c in PPP when the PID for pppd is greater than 65535. Impact A remote attacker could cause a Denial of Service condition. Workaround...
MiniUPnPc: Buffer overflow
Background UPnP client library and a simple UPnP client. Description An out-of-bounds read was discovered in the getHTTPResponse function in miniwget.c in MiniUPnPc. Impact Remote attackers, through specially crafted headers, could cause a Denial of Service condition. Workaround There is no known...
systemd: Multiple vulnerabilities
Background A system and service manager. Description Multiple vulnerabilities have been discovered in systemd. Please review the CVE identifiers referenced below for details. Impact An attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service...
Poppler: Multiple vulnerabilities
Background Poppler is a PDF rendering library based on the xpdf-3.0 code base. Description Multiple vulnerabilities have been discovered in Poppler. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted PDF using...
GNU C Library: Multiple vulnerabilities
Background The GNU C library is the standard C library used by Gentoo Linux systems. Description Multiple vulnerabilities have been discovered in the GNU C Library: The Google Security Team and Red Hat discovered a stack-based buffer overflow in the senddg and sendvc functions due to a buffer...
Oracle JRE/JDK: Multiple vulnerabilities
Background The Oracle Java Development Kit JDK and the Oracle Java Runtime Environment JRE provide the Oracle Java platform. Description Multiple vulnerabilities have been discovered in Oracle JRE/JDK. Please review the CVE identifiers referenced below for details. Impact An context-dependent...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple unspecified vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A...
phpMyAdmin: Multiple vulnerabilities
Background phpMyAdmin is a web-based management tool for MySQL databases. Description Multiple vulnerabilities have been discovered in phpMyAdmin. Please review the CVE identifiers referenced below for details. Impact A remote authenticated attacker could exploit these vulnerabilities to execute...
Tor: Multiple vulnerabilities
Background Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service. Description Multiple vulnerabilities have been discovered in Tor. Please review the CVE identifiers referenced below for details. Impact A remote unauthenticated attack...
VLC: Multiple vulnerabilities
Background VLC is a cross-platform media player and streaming server. Description Multiple vulnerabilities were found in VLC: Michal Luczaj and Luigi Auriemma reported that VLC contains boundary errors when handling subtitles in the ParseMicroDvd, ParseSSA, and ParseVplayer functions in the...
VMware Workstation and Player: Multiple vulnerabilities
Background VMware Workstation is a virtual machine for developers and system administrators. VMware Player is a freeware virtualization software that can run guests produced by other VMware products. Description Multiple vulnerabilities have been discovered in several VMware products. Neel Mehta...
MadWifi: Multiple vulnerabilities
Background The MadWifi driver provides support for Atheros based IEEE 802.11 Wireless Lan cards. Description The driver does not properly process Channel Switch Announcement Information Elements, allowing for an abnormal channel change. The ieee80211input function does not properly handle AUTH...
phpMyAdmin: Multiple vulnerabilities
Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the web. Description Stefan Esser from Hardened-PHP reported about multiple vulnerabilties found in phpMyAdmin. The $GLOBALS variable allows modifying the global variable importblacklist to open...
Apache: Buffer overflow in mod_ssl
Background Apache is the most popular Web server on the Internet. modssl provides Secure Sockets Layer encryption and authentication to Apache 1.3. Apache 2 contains the functionality of modssl. Description A bug in the function sslutiluuencodebinary in sslutil.c may lead to a remote buffer...
libvpx: Multiple Vulnerabilities
Background libvpx is the VP8 codec SDK used to encode and decode video streams, typically within a WebM format media file. Description Multiple vulnerabilities have been discovered in libvpx. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...
FreeRDP: Multiple Vulnerabilities
Background FreeRDP is a free implementation of the remote desktop protocol. Description Multiple vulnerabilities have been discovered in FreeRDP. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...
stunnel: Improper certificate validation
Background The stunnel program is designed to work as an SSL/TLS encryption wrapper between a client and a local or remote server. Description It was discovered that stunnel did not correctly verified the client certificate when options “redirect” and “verifyChain” are used. Impact A remote...
Apache Ant: Insecure temporary file
Background Ant is a Java-based build tool similar to ‘make’ that uses XML configuration files. Description A previous fix for a security vulnerability involving insecure temporary files has been found to be incomplete. Impact A local attacker could perform symlink attacks to overwrite arbitrary...
Mozilla Thunderbird: Multiple vulnerabilities
Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...
AWStats: Multiple vulnerabilities
Background AWStats is an advanced log file analyzer and statistics generator. Description Multiple vulnerabilities have been discovered in AWStats. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is ...
NTFS-3G: Remote code execution, possible privilege escalation
Background NTFS-3G is a stable, full-featured, read-write NTFS driver for various operating systems. Description An integer underflow issue exists in NTFS-3G which may cause a heap buffer overflow with crafted input. Impact A remote attacker may be able to execute arbitrary code while a local...
Mozilla Thunderbird: Multiple vulnerabilities
Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...
libu2f-host: Multiple vulnerabilities
Background Yubico Universal 2nd Factor U2F Host C Library. Description Multiple vulnerabilities have been discovered in libu2f-host. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to plug-in a malicious USB device, possibly resulting i...
BlueZ: Security bypass
Background Set of tools to manage Bluetooth devices for Linux. Description It was discovered that the HID and HOGP profiles implementations in BlueZ did not specifically require bonding between the device and the host. Impact A remote attacker with adjacent access could impersonate an existing HI...
VirtualBox: Multiple vulnerabilities
Background VirtualBox is a powerful virtualization product from Oracle. Description Multiple vulnerabilities have been discovered in VirtualBox. Please review the CVE identifiers referenced below for details. Impact An attacker could take control of VirtualBox resulting in the execution of...
ImageMagick: Multiple vulnerabilities
Background A collection of tools and libraries for many image formats. Description Multiple vulnerabilities have been discovered in ImageMagick. Please review the referenced CVE identifiers for details. Impact Remote attackers, by enticing a user to process a specially crafted file, could obtain...
RAR, UnRAR: Multiple vulnerabilities
Background RAR and UnRAR provide command line interfaces for compressing and decompressing RAR files. Description Multiple vulnerabilities have been discovered in RAR and UnRAR. Please review the referenced CVE identifiers for details. Impact A remote attacker, by enticing a user to open a...
Mozilla Thunderbird: Multiple vulnerabilities
Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact A remote attacker, by enticing a user to open a...
Chromium: Multiple vulnerabilities
Background Chromium is the open-source web browser project behind Google Chrome Description Multiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code wit...