3816 matches found
Pillow: Multiple vulnerabilities
Background The friendly PIL fork. Description Multiple vulnerabilities have been discovered in Pillow. Please review the CVE identifiers referenced below for details. Impact A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the...
Icinga: Privilege escalation
Background Icinga is an open source computer system and network monitoring application. It was originally created as a fork of the Nagios system monitoring application in 2009. Description Icinga daemon was found to perform unsafe operations when handling the log file. Impact A local attacker, wh...
Openfire: Multiple vulnerabilities
Background Openfire formerly Wildfire is a cross-platform real-time collaboration server based on the XMPP Jabber protocol. Description Multiple vulnerabilities have been discovered in Openfire. Please review the CVE identifiers referenced below for details. Impact A remote attacker could bypass...
Node.js: Multiple vulnerabilities
Background Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript engine. Description Multiple vulnerabilities have been discovered in Node.js. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly cause a Denial of Service condition, or...
SoX: User-assisted execution of arbitrary code
Background SoX is a command line utility that can convert various formats of computer audio files in to other formats. Description A heap-based buffer overflow can be triggered when processing a malicious NIST Sphere or WAV audio file. Impact A remote attacker could coerce the victim to run SoX...
MIT Kerberos 5: Multiple vulnerabilities
Background MIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. Description Multiple vulnerabilities have been discovered in MIT Kerberos 5. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly cause a Denial of...
tnftp: Arbitrary code execution
Background tnftp is a NetBSD FTP client with several advanced features. Description The fetchurl function in usr.bin/ftp/fetch.c allows remote attackers to execute arbitrary commands via a Impact A remote attacker could possibly execute arbitrary code with the privileges of the process. Workaroun...
Subversion, Serf: Multiple Vulnerabilities
Background Subversion is a version control system intended to eventually replace CVS. Like CVS, it has an optional client-server architecture where the server can be an Apache server running modsvn, or an ssh program as in CVS’s :ext: method. In addition to supporting the features found in CVS,...
BIND: Multiple vulnerabilities
Background BIND Berkeley Internet Name Domain is a Name Server. Description Multiple vulnerabilities have been discovered in BIND. Please review the CVE identifiers referenced below for details. Impact A remote attacker could cause a Denial of Service condition through multiple attack vectors...
cURL: Multiple vulnerabilities
Background cURL is a tool and libcurl is a library for transferring data with URL syntax. Description Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly obtain sensitive information, or cau...
Cacti: Multiple vulnerabilities
Background Cacti is a complete frontend to rrdtool Description Multiple vulnerabilities have been discovered in cacti. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Deni...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
Chromium: Multiple vulnerabilities
Background Chromium is an open-source web browser project. Description Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to cause a Denial of Service condition or possibly have other...
spice-gtk: Privilege escalation
Background spice-gtk is a set of GObject and Gtk objects for connecting to Spice servers and a client GUI. Description spice-gtk does not properly sanitize the DBUSSYSTEMBUSADDRESS environment variable. Impact A local attacker may be able to gain escalated privileges. Workaround There is no known...
Mozilla Products: Multiple vulnerabilities
Background Mozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the ‘Mozilla...
MoinMoin: Multiple vulnerabilities
Background MoinMoin is a Python WikiEngine. Description Multiple vulnerabilities have been discovered in MoinMoin. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to execute arbitrary code with the privileges of the process, overwrite arbitrary...
MoinMoin: Multiple vulnerabilities
Background MoinMoin is a Python WikiEngine. Description Multiple vulnerabilities have been discovered in MoinMoin. Please review the CVE identifiers referenced below for details. Impact These vulnerabilities in MoinMoin allow remote users to inject arbitrary web script or HTML, to obtain sensitiv...
SILC: Multiple vulnerabilities
Background SILC Secure Internet Live Conferencing protocol Toolkit is a software development kit for use in clients, and SILC Client is an IRSSI-based text client. Description Multiple vulnerabilities were discovered in SILC Toolkit and SILC Client. For further information please consult the CVE...
CUPS: Multiple vulnerabilities
Background CUPS, the Common Unix Printing System, is a full-featured print server. Description The following issues were reported in CUPS: iDefense reported an integer overflow in the cupsImageReadTIFF function in the "imagetops" filter, leading to a heap-based buffer overflow CVE-2009-0163. Aaro...
Dovecot: Multiple vulnerabilities
Background Dovecot is an IMAP and POP3 server written with security primarily in mind. Description Several vulnerabilities were found in Dovecot: The "k" right in the aclplugin does not work as expected CVE-2008-4577, CVE-2008-4578 The dovecot.conf is world-readable, providing improper protection...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the popular SWF file format, which is commonly used to provide interactive websites, digital experiences and mobile content. Description Multiple vulnerabilities have been discovered in Adobe Flash: Secunia Research and Zero Day Initiative...
MIT Kerberos 5: Multiple vulnerabilities
Background MIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. kadmind is the MIT Kerberos 5 administration daemon, KDC is the Key Distribution Center. Description Two vulnerabilities were found in the Kerberos 4 support in KDC: A global variable is not set for...
Win32 binary codecs: Multiple vulnerabilities
Background Win32 binary codecs provide support for video and audio playback. Description Multiple buffer overflow, heap overflow, and integer overflow vulnerabilities were discovered in the Quicktime plugin when processing MOV, FLC, SGI, H.264 and FPX files. Impact A remote attacker could entice ...
Mozilla products: Multiple vulnerabilities
Background Mozilla Firefox is an open-source web browser from the Mozilla Project, and Mozilla Thunderbird an email client. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the 'Mozilla Application Suite'...
Openswan, IPsec-Tools: Vulnerabilities in ISAKMP Protocol implementation
Background Openswan is an implementation of IPsec for Linux. IPsec-Tools is a port of KAME's implementation of the IPsec utilities, including racoon, an Internet Key Exchange daemon. Internet Key Exchange version 1 IKEv1, a derivate of ISAKMP, is an important part of IPsec. IPsec is widely used t...
TikiWiki, eGroupWare: Arbitrary command execution through XML-RPC
Background TikiWiki is a full featured Free Software Wiki, CMS and Groupware written in PHP. eGroupWare is a web-based collaboration software suite. Both TikiWiki and eGroupWare include a PHP library to handle XML-RPC requests. Description The XML-RPC library shipped in TikiWiki and eGroupWare...
Bugzilla: Unauthorized access and information disclosure
Background Bugzilla is a web-based bug-tracking system used by many projects. Description Bugzilla allows any user to modify the flags of any bug CAN-2005-2173. Bugzilla inserts bugs into the database before marking them as private, in connection with MySQL replication this could lead to a race...
kdelibs, kdebase: Multiple vulnerabilities
Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. The KDE core libraries kdebase and kdelibs provide native support for many protocols. Konqueror is the KDE web browser and filemanager. Description Daniel Fabian discovered that the KDE core...
FreeRADIUS: Multiple Denial of Service vulnerabilities
Background FreeRADIUS is an open source RADIUS authentication server implementation. Description There are undisclosed defects in the way FreeRADIUS handles incorrect received packets. Impact A remote attacker could send specially-crafted packets to the FreeRADIUS server to deny service to other...
Multiple remote overflows and vulnerabilities in Ethereal
Background Quote from http://www.ethereal.com "Ethereal is used by network professionals around the world for troubleshooting, analysis, software and protocol development, and education. It has all of the standard features you would expect in a protocol analyzer, and several features not seen in...
Pacemaker: Multiple Vulnerabilities
Background Pacemaker is an Open Source, High Availability resource manager suitable for both small and large clusters. Description Multiple vulnerabilities have been discovered in Pacemaker. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...
squashfs-tools: Multiple Vulnerabilities
Background Squashfs is a compressed read-only filesystem for Linux. Squashfs is intended for general read-only filesystem use, for archival use i.e. in cases where a .tar.gz file may be used, and in constrained block device/memory systems e.g. embedded systems where low overhead is needed...
Mbed TLS: Multiple Vulnerabilities
Background Mbed TLS previously PolarSSL is an “easy to understand, use, integrate and expand” implementation of the TLS and SSL protocols and the respective cryptographic algorithms and support code required. Description Multiple vulnerabilities have been discovered in Mbed TLS. Please review the...
libgcrypt: Multiple Vulnerabilities
Background libgcrypt is a general purpose cryptographic library derived out of GnuPG. Description Multiple vulnerabilities have been discovered in libgcrypt. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround...
libxml2: Multiple Vulnerabilities
Background libxml2 is the XML C parser and toolkit developed for the GNOME project. Description Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround The...
Dnsmasq: DNS cache poisoning
Background Dnsmasq is a lightweight and easily-configurable DNS forwarder and DHCP server. Description It was discovered that Dnsmasq, when configured with --server=@ or similar e.g. through dbus, configured a fixed UDP port for all outgoing queries to the specified upstream DNS server. Impact An...
Ceph: Multiple vulnerabilities
Background Ceph is a distributed network file system designed to provide excellent performance, reliability, and scalability. Description Multiple vulnerabilities have been discovered in Ceph. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...
Git: User-assisted execution of arbitrary code
Background Git is a distributed version control system designed. Description It was discovered that Git could be fooled into running remote code during a clone on case-insensitive file systems with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filte...
KDE Connect: Denial of service
Background KDE Connect is a project that enables all your devices to communicate with each other. Description Multiple issues causing excessive resource consumption were found in KDE Connect. Impact An attacker could cause a possible Denial of Service condition. Workaround There is no known...
Ark: Arbitrary code execution
Background Ark is a graphical file compression/decompression utility with support for multiple formats. Description It was discovered that Ark incorrectly handled symbolic links in tar archive files. Impact A remote attacker could entice a user to open a specially crafted archive using Ark,...
Mozilla Firefox, Mozilla Thunderbird: Multiple vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox and Mozilla Thunderbird. Please review the CVE...
WebKitGTK+: Multiple vulnerabilities
Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Description Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE...
Libreswan: Denial of service
Background Libreswan is a free software implementation of the most widely supported and standarized VPN protocol based on “IPsec” and the Internet Key Exchange “IKE”. Description As a result of a bug in handling certain bogus encrypted IKEv1, while building a log message that the packet has been...
json-c: Multiple vulnerabilities
Background json-c is a JSON implementation in C. Description Multiple vulnerabilities have been discovered in json-c. Please review the CVE identifiers referenced below for details. Impact A remote/local attacker could send a specially crafted file possibly resulting in a Denial of Service...
VLC: Buffer overflow
Background VLC is a cross-platform media player and streaming server. Description A buffer overflow in DecodeBlock in sdlimage.c was discovered. Impact A remote user could craft a specifically crafted image file that could execute arbitrary code or cause denial of service. Workaround The user...
Oracle JDK/JRE: Multiple vulnerabilities
Background Java Platform, Standard Edition Java SE lets you develop and deploy Java applications on desktops and servers, as well as in today’s demanding embedded environments. Java offers the rich user interface, performance, versatility, portability, and security that today’s applications...
TNEF: Multiple vulnerabilities
Background TNEF is a program for unpacking MIME attachments of type “application/ms-tnef”. Description Multiple vulnerabilities have been discovered in TNEF. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to process a specially crafted...
GStreamer plug-ins: User-assisted execution of arbitrary code
Background The GStreamer plug-ins provide decoders to the GStreamer open source media framework. Description Multiple vulnerabilities have been discovered in various GStreamer plug-ins. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user or...
NTFS-3G: Privilege escalation
Background NTFS-3G is a stable, full-featured, read-write NTFS driver for various operating systems. Description The NTFS-3G driver does not properly clear environment variables before invoking mount or umount. This flaw is similar to the vulnerability described in “GLSA-201701-19” and...
Quagga: Multiple vulnerabilities
Background Quagga is a free routing daemon replacing Zebra supporting RIP, OSPF and BGP. Description Multiple vulnerabilities have been discovered in Quagga. Please review the CVE identifiers referenced below for details. Impact A remote attacker could send a specially crafted packet possibly...