3816 matches found
Chromium: Multiple vulnerabilities
Background Chromium is an open-source web browser project. Description Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to cause a Denial of Service condition or possibly have other...
spice-gtk: Privilege escalation
Background spice-gtk is a set of GObject and Gtk objects for connecting to Spice servers and a client GUI. Description spice-gtk does not properly sanitize the DBUSSYSTEMBUSADDRESS environment variable. Impact A local attacker may be able to gain escalated privileges. Workaround There is no known...
Mozilla Products: Multiple vulnerabilities
Background Mozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the ‘Mozilla...
MoinMoin: Multiple vulnerabilities
Background MoinMoin is a Python WikiEngine. Description Multiple vulnerabilities have been discovered in MoinMoin. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to execute arbitrary code with the privileges of the process, overwrite arbitrary...
MoinMoin: Multiple vulnerabilities
Background MoinMoin is a Python WikiEngine. Description Multiple vulnerabilities have been discovered in MoinMoin. Please review the CVE identifiers referenced below for details. Impact These vulnerabilities in MoinMoin allow remote users to inject arbitrary web script or HTML, to obtain sensitiv...
SILC: Multiple vulnerabilities
Background SILC Secure Internet Live Conferencing protocol Toolkit is a software development kit for use in clients, and SILC Client is an IRSSI-based text client. Description Multiple vulnerabilities were discovered in SILC Toolkit and SILC Client. For further information please consult the CVE...
CUPS: Multiple vulnerabilities
Background CUPS, the Common Unix Printing System, is a full-featured print server. Description The following issues were reported in CUPS: iDefense reported an integer overflow in the cupsImageReadTIFF function in the "imagetops" filter, leading to a heap-based buffer overflow CVE-2009-0163. Aaro...
Dovecot: Multiple vulnerabilities
Background Dovecot is an IMAP and POP3 server written with security primarily in mind. Description Several vulnerabilities were found in Dovecot: The "k" right in the aclplugin does not work as expected CVE-2008-4577, CVE-2008-4578 The dovecot.conf is world-readable, providing improper protection...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the popular SWF file format, which is commonly used to provide interactive websites, digital experiences and mobile content. Description Multiple vulnerabilities have been discovered in Adobe Flash: Secunia Research and Zero Day Initiative...
MIT Kerberos 5: Multiple vulnerabilities
Background MIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. kadmind is the MIT Kerberos 5 administration daemon, KDC is the Key Distribution Center. Description Two vulnerabilities were found in the Kerberos 4 support in KDC: A global variable is not set for...
Win32 binary codecs: Multiple vulnerabilities
Background Win32 binary codecs provide support for video and audio playback. Description Multiple buffer overflow, heap overflow, and integer overflow vulnerabilities were discovered in the Quicktime plugin when processing MOV, FLC, SGI, H.264 and FPX files. Impact A remote attacker could entice ...
Mozilla products: Multiple vulnerabilities
Background Mozilla Firefox is an open-source web browser from the Mozilla Project, and Mozilla Thunderbird an email client. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the 'Mozilla Application Suite'...
Seamonkey: Multiple vulnerabilities
Background The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as 'Mozilla Application Suite'. Description A number of vulnerabilities have been found and fixed in Seamonkey. For details please consult the referenc...
Openswan, IPsec-Tools: Vulnerabilities in ISAKMP Protocol implementation
Background Openswan is an implementation of IPsec for Linux. IPsec-Tools is a port of KAME's implementation of the IPsec utilities, including racoon, an Internet Key Exchange daemon. Internet Key Exchange version 1 IKEv1, a derivate of ISAKMP, is an important part of IPsec. IPsec is widely used t...
TikiWiki, eGroupWare: Arbitrary command execution through XML-RPC
Background TikiWiki is a full featured Free Software Wiki, CMS and Groupware written in PHP. eGroupWare is a web-based collaboration software suite. Both TikiWiki and eGroupWare include a PHP library to handle XML-RPC requests. Description The XML-RPC library shipped in TikiWiki and eGroupWare...
Bugzilla: Unauthorized access and information disclosure
Background Bugzilla is a web-based bug-tracking system used by many projects. Description Bugzilla allows any user to modify the flags of any bug CAN-2005-2173. Bugzilla inserts bugs into the database before marking them as private, in connection with MySQL replication this could lead to a race...
kdelibs, kdebase: Multiple vulnerabilities
Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. The KDE core libraries kdebase and kdelibs provide native support for many protocols. Konqueror is the KDE web browser and filemanager. Description Daniel Fabian discovered that the KDE core...
FreeRADIUS: Multiple Denial of Service vulnerabilities
Background FreeRADIUS is an open source RADIUS authentication server implementation. Description There are undisclosed defects in the way FreeRADIUS handles incorrect received packets. Impact A remote attacker could send specially-crafted packets to the FreeRADIUS server to deny service to other...
Multiple remote overflows and vulnerabilities in Ethereal
Background Quote from http://www.ethereal.com "Ethereal is used by network professionals around the world for troubleshooting, analysis, software and protocol development, and education. It has all of the standard features you would expect in a protocol analyzer, and several features not seen in...
Apache Commons BCEL: Remote Code Execution
Background The Byte Code Engineering Library Apache Commons BCEL™ is intended to give users a convenient way to analyze, create, and manipulate binary Java class files those ending with .class. Description A vulnerability has been discovered in U-Boot tools. Please review the CVE identifier...
Xen: Multiple Vulnerabilities
Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...
FreeRDP: Multiple Vulnerabilities
Background FreeRDP is a free implementation of the remote desktop protocol. Description Multiple vulnerabilities have been discovered in FreeRDP. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...
Mozilla Firefox: Multiple Vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
Pacemaker: Multiple Vulnerabilities
Background Pacemaker is an Open Source, High Availability resource manager suitable for both small and large clusters. Description Multiple vulnerabilities have been discovered in Pacemaker. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...
NTFS-3G: Multiple Vulnerabilities
Background NTFS-3G is a stable, full-featured, read-write NTFS driver for various operating systems. Description Multiple vulnerabilities have been discovered in NTFS-3G. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for detail...
protobuf-java: Denial of Service
Background protobuf-java contains the Java bindings for Google's Protocol Buffers. Description Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back and forth between mutable and immutable forms, resulting in...
Mbed TLS: Multiple Vulnerabilities
Background Mbed TLS previously PolarSSL is an “easy to understand, use, integrate and expand” implementation of the TLS and SSL protocols and the respective cryptographic algorithms and support code required. Description Multiple vulnerabilities have been discovered in Mbed TLS. Please review the...
libgcrypt: Multiple Vulnerabilities
Background libgcrypt is a general purpose cryptographic library derived out of GnuPG. Description Multiple vulnerabilities have been discovered in libgcrypt. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround...
Ceph: Multiple vulnerabilities
Background Ceph is a distributed network file system designed to provide excellent performance, reliability, and scalability. Description Multiple vulnerabilities have been discovered in Ceph. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...
Dnsmasq: DNS cache poisoning
Background Dnsmasq is a lightweight and easily-configurable DNS forwarder and DHCP server. Description It was discovered that Dnsmasq, when configured with --server=@ or similar e.g. through dbus, configured a fixed UDP port for all outgoing queries to the specified upstream DNS server. Impact An...
Git: User-assisted execution of arbitrary code
Background Git is a distributed version control system designed. Description It was discovered that Git could be fooled into running remote code during a clone on case-insensitive file systems with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filte...
KDE Connect: Denial of service
Background KDE Connect is a project that enables all your devices to communicate with each other. Description Multiple issues causing excessive resource consumption were found in KDE Connect. Impact An attacker could cause a possible Denial of Service condition. Workaround There is no known...
Ark: Arbitrary code execution
Background Ark is a graphical file compression/decompression utility with support for multiple formats. Description It was discovered that Ark incorrectly handled symbolic links in tar archive files. Impact A remote attacker could entice a user to open a specially crafted archive using Ark,...
Mozilla Firefox, Mozilla Thunderbird: Multiple vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox and Mozilla Thunderbird. Please review the CVE...
Ark: Arbitrary code execution
Background Ark is a graphical file compression/decompression utility with support for multiple formats. Description A maliciously crafted archive with “../” in the file paths could install files anywhere in the user’s home directory upon extraction. Impact A remote attacker could entice a user to...
WebKitGTK+: Multiple vulnerabilities
Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Description Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE...
Sarg: Local privilege escalation
Background Sarg Squid Analysis Report Generator is a tool that provides many informations about the Squid web proxy server users activities: time, sites, traffic, etc. Description A flaw in Sarg’s handling of temporary directories was discovered. Impact A local attacker may be able to escalate...
VLC: Buffer overflow
Background VLC is a cross-platform media player and streaming server. Description A buffer overflow in DecodeBlock in sdlimage.c was discovered. Impact A remote user could craft a specifically crafted image file that could execute arbitrary code or cause denial of service. Workaround The user...
Oracle JDK/JRE: Multiple vulnerabilities
Background Java Platform, Standard Edition Java SE lets you develop and deploy Java applications on desktops and servers, as well as in today’s demanding embedded environments. Java offers the rich user interface, performance, versatility, portability, and security that today’s applications...
GStreamer plug-ins: User-assisted execution of arbitrary code
Background The GStreamer plug-ins provide decoders to the GStreamer open source media framework. Description Multiple vulnerabilities have been discovered in various GStreamer plug-ins. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user or...
NTFS-3G: Privilege escalation
Background NTFS-3G is a stable, full-featured, read-write NTFS driver for various operating systems. Description The NTFS-3G driver does not properly clear environment variables before invoking mount or umount. This flaw is similar to the vulnerability described in “GLSA-201701-19” and...
Quagga: Multiple vulnerabilities
Background Quagga is a free routing daemon replacing Zebra supporting RIP, OSPF and BGP. Description Multiple vulnerabilities have been discovered in Quagga. Please review the CVE identifiers referenced below for details. Impact A remote attacker could send a specially crafted packet possibly...
CyaSSL: Multiple vulnerabilities
Background CyaSSL is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud. Description Multiple vulnerabilities have been discovered in CyaSSL. Please review the CVE identifiers referenced below for details. Impact An attacker could possibly execute arbitrary code...
Chromium: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Description Multiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details...
BIND: Multiple vulnerabilities
Background BIND Berkeley Internet Name Domain is a Name Server. Description Multiple vulnerabilities have been discovered in BIND. Please review the CVE identifiers referenced below for details. Impact A remote attacker could cause a Denial of Service condition through multiple attack vectors...
NTP: Multiple vulnerablities
Background NTP contains software for the Network Time Protocol. Description Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process, or...
VLC: Multiple vulnerabilities
Background VLC is a cross-platform media player and streaming server. Description Multiple vulnerabilities have been discovered in VLC. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted media file using VLC,...
NRPE: Multiple Vulnerabilities
Background Nagios Remote Plugin Executor NRPE remotely executes Nagios plugins on other Linux/Unix machines. Description Multiple vulnerabilities have been discovered in NRPE. Please review the CVE identifiers referenced below for details. Impact A remote attacker can utilize multiple vectors to...
Exim: Multiple vulnerabilities
Background Exim is a highly configurable, drop-in replacement for sendmail. Description Multiple vulnerabilities have been discovered in Exim. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with root privileges, or...
VirtualBox: Multiple Vulnerabilities
Background VirtualBox is a powerful virtualization product from Oracle. Description Multiple vulnerabilities have been discovered in Virtualbox. Please review the CVE identifiers referenced below for details. Impact A local attacker in a guest virtual machine may be able to escalate privileges or...