3816 matches found
Mozilla Thunderbird: Multiple vulnerabilities
Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...
Icinga: Root privilege escalation
Background Icinga is an open source computer system and network monitoring application. It was originally created as a fork of the Nagios system monitoring application in 2009. Description It was discovered that Icinga’s installed files have insecure permissions, possibly allowing root privilege...
CUPS: Multiple vulnerabilities
Background CUPS, the Common Unix Printing System, is a full-featured print server. Description Multiple vulnerabilities have been discovered in CUPS. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There i...
Poppler: Multiple vulnerabilities
Background Poppler is a PDF rendering library based on the xpdf-3.0 code base. Description Multiple vulnerabilities have been discovered in Poppler. Please review the CVE identifiers referenced below for details. Impact A remote attacker, by enticing a user to open a specially crafted PDF, could...
LXC: Remote security bypass
Background LinuX Containers userspace utilities Description Previous versions of lxc-attach ran a shell or the specified command without allocating a pseudo terminal making it vulnerable to input faking via a TIOCSTI ioctl call. Impact Remote attackers can escape the container and perform...
Chromium: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Description Multiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details...
DirectFB: Multiple vulnerabilities
Background DirectFB Direct Frame Buffer is a set of graphics APIs implemented on top of the Linux Frame Buffer fbdev abstraction layer. Description Multiple vulnerabilities have been discovered in DirectFB. Please review the CVE identifiers referenced below for details. Impact Remote attackers...
file: Multiple vulnerabilities
Background file is a utility that guesses a file format by scanning binary data for patterns. Description Multiple vulnerabilities have been discovered in file. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user or automated system to...
flex: Potential insecure code generation
Background flex is a programming tool used to generate scanners programs which recognize lexical patterns in text. Description A heap-based buffer overflow in the yygetnextbuffer function in Flex might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary co...
Xen: Multiple vulnerabilities
Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact A malicious guest administrator could escalate their privileges on the host system or cause a Denial of Service...
Groovy: Arbitrary code execution
Background A multi-faceted language for the Java platform Description Groovy’s MethodClosure class, in runtime/MethodClosure.java, is vulnerable to a crafted serialized object. Impact Remote attackers could potentially execute arbitrary code, or cause Denial of Service condition Workaround A...
Commons-BeanUtils: Arbitrary code execution
Background Commons-beanutils provides easy-to-use wrappers around Reflection and Introspection APIs Description Apache Commons BeanUtils does not suppress the class property, which allows for the manipulation of the ClassLoader. Impact Remote attackers could potentially execute arbitrary code wit...
Apache Tomcat: Multiple vulnerabilities
Background Apache Tomcat is a Servlet-3.0/JSP-2.2 Container. Description Multiple vulnerabilities have been discovered in Tomcat. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to cause a Denial of Service condition as well as obtain sensitive...
nginx: Arbitrary code execution
Background nginx is a robust, small, and high performance HTTP and reverse proxy server. Description A bug in the SPDY implementation in nginx was found which might cause a heap memory buffer overflow in a worker process by using a specially crafted request. The SPDY implementation is not enabled...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
sudo: Privilege escalation
Background sudo allows a system administrator to give users the ability to run commands as other users. Access to commands may also be granted on a range to hosts. Description Multiple vulnerabilities have been found in sudo: sudo does not correctly validate the controlling terminal on a system...
Perl: Multiple vulnerabilities
Background Perl is Larry Wall’s Practical Extraction and Report Language. Description Multiple vulnerabilities have been discovered in Perl. Please review the CVE identifiers referenced below for details. Impact A local attacker could cause a Denial of Service condition or perform symlink attacks...
FreeRADIUS: Multiple vulnerabilities
Background FreeRADIUS is an open source RADIUS authentication server. Description Multiple vulnerabilities have been discovered in FreeRADIUS. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of the...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
Cyrus IMAP Server: Multiple vulnerabilities
Background The Cyrus IMAP Server is an efficient, highly-scalable IMAP e-mail server. Description Multiple vulnerabilities have been discovered in the Cyrus IMAP Server. Please review the CVE identifiers referenced below for details. Impact An unauthenticated local or remote attacker may be able ...
Wireshark: Multiple vulnerabilities
Background Wireshark is a versatile network protocol analyzer. Description Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact A remote attacker could send specially crafted packets on a network being monitored by...
PDFlib: Multiple buffer overflows
Background PDFlib is a library for generating PDF on the fly. Description poplix reported multiple boundary errors in the pdcfsearchfopen function when processing overly long filenames. Impact A remote attacker could send specially crafted content to a vulnerable application using PDFlib, possibl...
OpenSSH: Security bypass
Background OpenSSH is a complete SSH protocol implementation that includes an SFTP client and server support. Description Jan Pechanec discovered that OpenSSH uses a trusted X11 cookie when it cannot create an untrusted one. Impact An attacker could bypass the SSH client security policy and gain...
Seamonkey: Multiple vulnerabilities
Background The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as 'Mozilla Application Suite'. Description A number of vulnerabilities have been found and fixed in Seamonkey. For details please consult the referenc...
Mozilla Suite: Multiple vulnerabilities
Background The Mozilla Suite is a popular all-in-one web browser that includes a mail and news reader. Description The following vulnerabilities were found and fixed in the Mozilla Suite: Mark Dowd from ISS X-Force reported an exploitable heap overrun in the GIF processing of obsolete Netscape...
Mozilla, Firefox, Thunderbird, Epiphany: New releases fix vulnerabilities
Background Mozilla is a popular web browser that includes a mail and newsreader. Epiphany is a web browser that uses Gecko, the Mozilla rendering engine. Mozilla Firefox and Mozilla Thunderbird are respectively the next-generation browser and mail client from the Mozilla project. Description...
Apache 1.3: Multiple vulnerabilities
Background The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems. The goal of this project is to provide a secure, efficient and extensible server that provides services in tune with the current HTTP standards. Description On...
Apache Commons BCEL: Remote Code Execution
Background The Byte Code Engineering Library Apache Commons BCEL™ is intended to give users a convenient way to analyze, create, and manipulate binary Java class files those ending with .class. Description A vulnerability has been discovered in U-Boot tools. Please review the CVE identifier...
Mozilla Firefox: Multiple Vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
OpenImageIO: Multiple Vulnerabilities
Background OpenImageIO is a library for reading and writing images. Description Multiple vulnerabilities have been discovered in OpenImageIO. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no kno...
NTFS-3G: Multiple Vulnerabilities
Background NTFS-3G is a stable, full-featured, read-write NTFS driver for various operating systems. Description Multiple vulnerabilities have been discovered in NTFS-3G. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for detail...
protobuf-java: Denial of Service
Background protobuf-java contains the Java bindings for Google's Protocol Buffers. Description Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back and forth between mutable and immutable forms, resulting in...
curl: Multiple Vulnerabilities
Background A command line tool and library for transferring data with URLs. Description Multiple vulnerabilities have been discovered in curl. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...
Lighttpd: Denial of Service
Background Lighttpd is a lightweight high-performance web server. Description Lighttpd's modwstunnel does not initialize a handler function pointer if an invalid HTTP request websocket handshake is received. Impact An attacker can trigger a denial of service via making Lighttpd try to call an...
libarchive: Multiple Vulnerabilities
Background libarchive is a library for manipulating different streaming archive formats, including certain tar variants, several cpio formats, and both BSD and GNU ar variants. Description Multiple vulnerabilities have been discovered in libarchive. Please review the CVE identifiers referenced...
Nettle: Denial of service
Background Nettle is a cryptographic library that is designed to fit easily in almost any context: In cryptographic toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like lsh or GnuPG, or even in kernel space. Description It was discovered that Nettle incorrect...
Ark: Arbitrary code execution
Background Ark is a graphical file compression/decompression utility with support for multiple formats. Description A maliciously crafted archive with “../” in the file paths could install files anywhere in the user’s home directory upon extraction. Impact A remote attacker could entice a user to...
rsync: Multiple vulnerabilities
Background File transfer program to keep remote files into sync. Description Multiple vulnerabilities have been discovered in rsync within bundled zlib. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround Ther...
OCaml: Arbitrary code execution
Background OCaml is a high-level, strongly-typed, functional, and object-oriented programming language from the ML family of languages Description The camlbadeserialize function in byterun/bigarray.c in the standard library of OCaml has an integer overflow. Impact A remote attacker could possibly...
Sarg: Local privilege escalation
Background Sarg Squid Analysis Report Generator is a tool that provides many informations about the Squid web proxy server users activities: time, sites, traffic, etc. Description A flaw in Sarg’s handling of temporary directories was discovered. Impact A local attacker may be able to escalate...
rssh: Multiple vulnerabilities
Background rssh is a restricted shell, allowing only a few commands like scp or sftp. It is often used as a complement to OpenSSH to provide limited access to users. Description Multiple vulnerabilities have been discovered in rssh. Please review the CVE identifiers referenced below for details...
spice: Arbitrary code execution
Background Provides a complete open source solution for remote access to virtual machines in a seamless way so you can play videos, record audio, share USB devices, and share folders without complications. Description A flaw in spice’s memory handling code has been discovered, allowing an out of...
Adobe Flash Player: Remote execution of arbitrary code
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description A critical type confusion vulnerability was discovered in Adobe Flash Player. Impact A remote attacker could possibly execute arbitrary code with the...
GNU Wget: Multiple vulnerabilities
Background GNU Wget is a free software package for retrieving files using HTTP, HTTPS and FTP, the most widely-used Internet protocols. Description Multiple vulnerabilities have been discovered in Wget. Please review the referenced CVE identifiers for details. Impact A remote attacker, by enticin...
FileZilla: Buffer overflow
Background FileZilla is an open source FTP client. Description FileZilla is affected by the same vulnerability as reported in “GLSA 201703-03” because the package included a vulnerable copy of PuTTY. Please read the GLSA for PuTTY referenced below for details. Impact A remote attacker, utilizing...
FreeType: Multiple vulnerabilities
Background FreeType is a high-quality and portable font engine. Description Multiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to use a specially crafted font file using FreeType,...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
Pidgin: Multiple vulnerabilities
Background Pidgin is a client for a variety of instant messaging protocols. Description Multiple vulnerabilities have been discovered in Pidgin. Please review the CVE identifiers referenced below for details. Impact A remote attacker might send specially crafted data using the MXit protocol,...
Pillow: Multiple vulnerabilities
Background The friendly PIL fork. Description Multiple vulnerabilities have been discovered in Pillow. Please review the CVE identifiers referenced below for details. Impact A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the...
Openfire: Multiple vulnerabilities
Background Openfire formerly Wildfire is a cross-platform real-time collaboration server based on the XMPP Jabber protocol. Description Multiple vulnerabilities have been discovered in Openfire. Please review the CVE identifiers referenced below for details. Impact A remote attacker could bypass...