3816 matches found
mpv: Remote code execution
Background Video player based on MPlayer/mplayer2 Description A vulnerability was discovered in mpv with the handling of HTML documents containing VIDEO elements. Additionally, mpv accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdlhook.lua. Impact A remote...
rsync: Arbitrary command execution
Background File transfer program to keep remote files into sync. Description A vulnerability was discovered in rsync’s parsearguments function in options.c. Impact Remote attackers could possibly execute arbitrary commands with the privilege of the process. Workaround There is no known workaround...
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...
MariaDB, MySQL: Multiple vulnerabilities
Background MariaDB is an enhanced, drop-in replacement for MySQL. MySQL is a popular multi-threaded, multi-user SQL server. MySQL is a popular multi-threaded, multi-user SQL server Description Multiple vulnerabilities have been discovered in MariaDB and MySQL. Please review the CVE identifiers...
nginx: Remote code execution
Background nginx is a robust, small, and high performance HTTP and reverse proxy server. Description It was discovered that nginx did not properly handle DNS responses when “resolver” directive is used. Impact A remote attacker, able to provide DNS responses to a nginx instance, could cause the...
Exim: Multiple vulnerabilities
Background Exim is a message transfer agent MTA designed to be a a highly configurable, drop-in replacement for sendmail. Description Multiple vulnerabilities have been discovered in Exim. Please review the CVE identifiers referenced below for details. Impact A remote attacker, by connecting to t...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
libofx: Multiple vulnerabilities
Background A library to support the Open Financial eXchange XML format Description Multiple vulnerabilities have been discovered in libofx. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to process a specially crafted file using an...
Nautilus: Security bypass
Background Default file manager for the GNOME desktop Description A vulnerability was discovered in Nautilus which allows an attacker to escape the sandbox. Impact A local attacker could possibly bypass sandbox protection. Workaround There is no known workaround at this time. Resolution All...
hostapd and wpa_supplicant: Denial of service
Background wpasupplicant is a WPA Supplicant with support for WPA and WPA2 IEEE 802.11i / RSN. hostapd is a user space daemon for access point and authentication servers. Description A vulnerability was discovered in hostapd’s and wpasupplicant’s eapserver/eapserverpwd.c and eappeer/eappwd.c file...
VLC: Multiple vulnerabilities
Background VLC is a cross-platform media player and streaming server. Description Multiple vulnerabilities have been discovered in VLC. Please review the CVE identifiers referenced below for details. Impact Remote attackers, by enticing a user to execute a specially crafted media file, could caus...
Dovecot: Multiple vulnerabilities
Background Dovecot is an open source IMAP and POP3 email server. Description Multiple vulnerabilities have been discovered in Dovecot. Please review the CVE identifiers referenced below for details. Impact An unauthenticated remote attacker could send a specially crafted mail or use crafted IMAP...
Patch: Multiple vulnerabilities
Background Patch takes a patch file containing a difference listing produced by the diff program and applies those differences to one or more original files, producing patched versions. Description Multiple vulnerabilities have been discovered in Patch. Please review the CVE identifiers reference...
GNOME desktop library: Security bypass
Background Library with common API for various GNOME modules. Description A vulnerability was discovered in the GNOME desktop library which allows an attacker to escape the sandbox. Impact A local attacker could possibly bypass sandbox protection. Workaround There is no known workaround at this...
ProFTPD: Local privilege escalation
Background ProFTPD is a powerful, configurable, and free FTP daemon. Description A flaw exists in the modctrls module of ProFTPD, normally used to allow FTP server administrators to configure the daemon at runtime. Impact An FTP server administrator permitted to interact with modctrls could...
Keepalived: Multiple vulnerabilities
Background Keepalived is a strong & robust keepalive facility to the Linux Virtual Server project. Description Multiple vulnerabilities have been discovered in keepalived. Please review the CVE identifiers referenced below for details. Impact A remote attacker could send a specially crafted reque...
memcached: Multiple vulnerabilities
Background memcached is a high-performance, distributed memory object caching system Description Multiple integer overflow vulnerabilities were discovered in memcached. Please review the CVE identifiers and Cisco TALOS reports referenced below for details. Impact A remote attacker could abuse...
OpenSSH: Multiple vulnerabilities
Background OpenSSH is a complete SSH protocol implementation that includes SFTP client and server support. Description Multiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers referenced below for details. Impact A remote attacker could overwrite arbitrary files...
Python: Buffer overflow
Background Python is an interpreted, interactive, object-oriented programming language. Description A buffer overflow was discovered in Python’s PyStringDecodeEscape function in stringobject.c. Impact Remote attackers, by enticing a user to process a specially crafted file, could execute arbitrar...
hesiod: Root privilege escalation
Background DNS functionality to access to DB of information that changes infrequently. Description Multiple vulnerabilities have been discovered in hesiod that have remained unaddressed. Please review the referenced CVE identifiers for details. Impact A remote or local attacker may be able to...
Zsh: User-assisted execution of arbitrary code
Background A shell designed for interactive use, although it is also a powerful scripting language. Description Two input validation errors have been discovered in how Zsh parses scripts: Parsing a malformed shebang line could cause Zsh to call a program listed in the second line CVE-2018-0502...
rsync: Multiple vulnerabilities
Background File transfer program to keep remote files into sync. Description Multiple vulnerabilities have been discovered in rsync. Please review the CVE identifiers referenced below for details. Impact A remote attacker could bypass intended access restrictions or cause a Denial of Service...
xinetd: Privilege escalation
Background xinetd is a secure replacement for inetd. Description Xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root. Impact Attackers could escalate privileges outside of the running process. Workaround There is n...
Chromium: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Description Multiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the referenced CVE identifiers and Google Chrom...
lighttpd: Multiple vulnerabilities
Background lighttpd is a lightweight high-performance web server. Description Multiple vulnerabilities have been discovered in lighttpd. Please review the CVE identifiers referenced below for details. Impact A remote attacker could create a Denial of Service condition. Futhermore, a remote attack...
GPL Ghostscript: Multiple vulnerabilities
Background Ghostscript is an interpreter for the PostScript language and for PDF. Description Multiple vulnerabilities have been discovered in GPL Ghostscript. Please review the CVE identifiers referenced below for additional information. Impact A context-dependent attacker could entice a user to...
Icinga Web 2: Multiple Vulnerabilities
Background Icinga Web 2 is a frontend for icinga2. Description Multiple vulnerabilities have been discovered in Icinga Web 2. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at...
hostapd and wpa_supplicant: Key Reinstallation (KRACK) attacks
Background wpasupplicant is a WPA Supplicant with support for WPA and WPA2 IEEE 802.11i / RSN. hostapd is a user space daemon for access point and authentication servers. Description WiFi Protected Access WPA and WPA2 and it’s associated technologies are all vulnerable to the KRACK attacks. Pleas...
NTP: Multiple vulnerabilities
Background NTP contains software for the Network Time Protocol. Description Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details. Impact An attacker could cause a Denial of Service condition, escalate privileges, or remotely execute...
ProFTPD: Multiple vulnerabilities
Background ProFTPD is an advanced and very configurable FTP server. Description Multiple vulnerabilities have been discovered in ProFTPD. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker could possibly execute arbitrary code with the privileges o...
Exiv2: Multiple vulnerabilities
Background Exiv2 is a C++ library and a command line utility to manage image metadata. Description Multiple vulnerabilities have been discovered in Exiv2. Please review the CVE identifiers referenced below for details. Impact A remote attacker could cause a Denial of Service condition or obtain...
Apache HTTP Server: Multiple vulnerabilities
Background Apache HTTP Server is one of the most popular web servers on the Internet. Description Multiple vulnerabilities have been found in Apache HTTP Server. Please review the CVE identifiers and research paper referenced below for details. Impact A remote attacker could send a specially...
Apache: Privilege escalation
Background The Apache HTTP server is one of the most popular web servers on the Internet. Description A vulnerability was discovered in Apache with MPM event, worker, or prefork. Impact An attacker could escalate privileges. Workaround There is no known workaround at this time. Resolution All...
BIND: Multiple vulnerabilities
Background BIND Berkeley Internet Name Domain is a Name Server. Description Multiple vulnerabilities have been discovered in BIND. Please review the CVE identifiers referenced below for details. Impact BIND can improperly permit recursive query service to unauthorized clients possibly resulting i...
Mozilla Firefox: Multiple vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to view a specially...
OpenSSL: Multiple vulnerabilities
Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced...
Mozilla Thunderbird: Multiple vulnerabilities
Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the referenced Mozilla Foundation Security Advisories and CVE identifiers below for details. Impact A remo...
cURL: Multiple vulnerabilities
Background A command line tool and library for transferring data with URLs. Description Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details. Impact Remote attackers could cause a Denial of Service condition. Workaround There is no...
DokuWiki: PHP code injection
Background DokuWiki is a simple to use wiki targeted at developer teams, workgroups and small companies. Description Stefan Esser discovered that the DokuWiki spell checker fails to properly sanitize PHP's "complex curly syntax". Impact A unauthenticated remote attacker may execute arbitrary PHP...
Exim: Remote command execution
Background Exim is a message transfer agent MTA designed to be a a highly configurable, drop-in replacement for sendmail. Description A vulnerability was discovered in how Exim validates recipient addresses in the delivermessage function. Impact A remote attacker could execute arbitrary commands ...
sudo: Unauthorized privilege escalation in sudoedit
Background sudo su “do” allows a system administrator to delegate authority to give certain users or groups of users the ability to run some or all commands as root or another user while providing an audit trail of the commands and their arguments. Description sudoedit in sudo is vulnerable to th...
XRootD: Remote code execution
Background A project that aims at giving high performance, scalable, and fault tolerant access to data repositories of many kinds. Description A shell command injection was discovered in XRootD. Impact A remote attacker could execute arbitrary code. Workaround There is no known workaround at this...
Oracle JDK/JRE: Multiple vulnerabilities
Background Java Platform, Standard Edition Java SE lets you develop and deploy Java applications on desktops and servers, as well as in today’s demanding embedded environments. Java offers the rich user interface, performance, versatility, portability, and security that today’s applications...
Asterisk: Multiple vulnerabilities
Background A Modular Open Source PBX System. Description Multiple vulnerabilities have been discovered in Asterisk. Please review the referenced CVE identifiers for details. Impact A remote attacker could cause a Denial of Service condition or conduct information gathering. Workaround There is no...
AutoTrace: Multiple vulnerabilities
Background AutoTrace converts bitmap to vector graphics. Description Heap-based buffer overflows have been discovered in the pstoeditsuffixtableinit and pnmloadrawpbm functions of AutoTrace. Impact Remote attackers, by enticing a user to process a crafted bmp image file, could cause a Denial of...
Apache: Multiple vulnerabilities
Background The Apache HTTP server is one of the most popular web servers on the Internet. Description Multiple vulnerabilities have been discovered in Apache. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaroun...
jbig2dec: User-assisted execution of arbitrary code
Background jbig2dec is a decoder implementation of the JBIG2 image compression format. Description Integer overflow errors have been discovered in the jbig2decodesymboldict, jbig2buildhuffmantable, and jbig2imagecompose functions of jbig2dec. Impact A remote attacker, by enticing a user to open a...
Apache: Multiple vulnerabilities
Background The Apache HTTP server is one of the most popular web servers on the Internet. Description Multiple vulnerabilities have been discovered in Apache. Please review the CVE identifiers referenced below for details. Impact A remote attacker can possibly cause a Denial of Service condition ...
Mozilla Thunderbird: Multiple Vulnerabilities
Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...
runC: Multiple vulnerabilities
Background RunC is a CLI tool for spawning and running containers according to the OCI specification. Description Multiple vulnerabilities have been discovered in runC. Please review the CVE identifiers referenced below for details. Impact An attacker, by running a malicious Docker image, could...