3816 matches found
ICU: Integer overflow
Background ICU is a mature, widely used set of C/C++ and Java libraries providing Unicode and Globalization support for software applications. Description It was discovered that ICU’s UnicodeString::doAppend function is vulnerable to an integer overflow. Please review the CVE identifiers referenc...
runC: Multiple vulnerabilities
Background RunC is a CLI tool for spawning and running containers according to the OCI specification. Description Multiple vulnerabilities have been discovered in runC. Please review the CVE identifiers referenced below for details. Impact An attacker, by running a malicious Docker image, could...
Binutils: Multiple vulnerabilities
Background The GNU Binutils are a collection of tools to create, modify and analyse binary files. Many of the files use BFD, the Binary File Descriptor library, to do low-level manipulation. Description Multiple vulnerabilities have been discovered in Binutils. Please review the referenced CVE...
Webmin, Usermin: File Disclosure
Background Webmin is a web-based interface for Unix-like systems. Usermin is a simplified version of Webmin designed for use by normal users rather than system administrators. Description A vulnerability in both Webmin and Usermin has been discovered by Kenny Chen, wherein simplifypath is called...
SQLite: Multiple vulnerabilities
Background SQLite is a C library that implements an SQL database engine. Description Multiple vulnerabilities have been discovered in SQLite. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of the...
PPP: Buffer overflow
Background PPP is a Unix implementation of the Point-to-Point Protocol. Description It was discovered that bounds check in PPP for the rhostname was improperly constructed in the EAP request and response functions. Impact A remote attacker, by sending specially crafted authentication data, could...
OpenEXR: Multiple vulnerabilities
Background OpenEXR is a high dynamic-range HDR image file format developed by Industrial Light & Magic for use in computer imaging applications. Description Multiple vulnerabilities have been discovered in OpenEXR. Please review the CVE identifiers referenced below for details. Impact Please revi...
WebkitGTK+: Multiple vulnerabilities
Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Description Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the...
Libav: Multiple vulnerabilities
Background Libav is a complete solution to record, convert and stream audio and video. Description Multiple vulnerabilities have been discovered in Libav. Please review the CVE identifiers referenced below for details. Impact A remote attacker, via a crafted Smacker stream, could cause a Denial o...
Axel: Vulnerability in HTTP redirection handling
Background Axel is a console-based FTP/HTTP download accelerator. Description A possible buffer overflow has been reported in the HTTP redirection handling code in conn.c. Impact A remote attacker could exploit this vulnerability by setting up a malicious site and enticing a user to connect to it...
Chromium: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Description Multiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the referenced CVE identifiers and Google Chrom...
systemd: Multiple vulnerabilities
Background A system and service manager. Description Multiple vulnerabilities have been discovered in systemd. Please review the CVE identifiers referenced below for details. Impact An attacker could cause a Denial of Service condition or possibly execute arbitrary code. Workaround There is no...
libvirt: Multiple vulnerabilities
Background libvirt is a C toolkit for manipulating virtual machines. Description Multiple vulnerabilities have been discovered in libvirt. Please review the CVE identifiers referenced below for details. Impact A local privileged attacker could execute arbitrary commands, escalate privileges or...
WebkitGTK+: Multiple vulnerabilities
Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Description Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the...
GNU C Library: Arbitrary descriptor allocation
Background The GNU C library is the standard C library used by Gentoo Linux systems. Description A vulnerability was discovered in the GNU C Library functions xdrbytes and xdrstring. Impact A remote attacker, by sending a crafted UDP packet, could cause a Denial of Service condition. Workaround...
MAN DB: Privilege escalation
Background MAN DB is a man replacement that utilizes BerkelyDB instead of flat files. Description The /var/cache/man directory as part of the MAN DB package has group permissions set to root. Impact A local user who does not belong to the root group, but has the ability to modify the /var/cache/m...
Python: Multiple vulnerabilities
Background Python is an interpreted, interactive, object-oriented programming language. Description Multiple vulnerabilities have been discovered in Python. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly perform a CRLF injection attack,...
PHP: Arbitrary code execution
Background PHP is an open source general-purpose scripting language that is especially suited for web development. Description A underflow in envpathinfo in PHP-FPM under certain configurations can be exploited to gain remote code execution. Impact A remote attacker, by sending special crafted HT...
Apache: Multiple vulnerabilities
Background The Apache HTTP server is one of the most popular web servers on the Internet. Description Multiple vulnerabilities have been discovered in Apache. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaroun...
GD: Multiple vulnerabilities
Background GD is a graphic library for fast image creation. Description Multiple vulnerabilities have been discovered in GD. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to process a specially crafted image, possibly resulting in...
NGINX: Privilege escalation
Background nginx is a robust, small, and high performance HTTP and reverse proxy server. Description It was discovered that Gentoo’s default NGINX installation applied similar problematic permissions on “/var/log/nginx” as Debian DSA-3701 and is therefore vulnerable to the same attack described i...
Apache Commons FileUpload: Multiple vulnerabilities
Background The Apache Commons FileUpload package makes it easy to add robust, high-performance, file upload capability to your servlets and web applications. Description Multiple vulnerabilities have been discovered in Apache Commons FileUpload. Please review the CVE identifiers referenced below...
NASM: Multiple vulnerabilities
Background NASM is a 80x86 assembler that has been created for portability and modularity. NASM supports Pentium, P6, SSE MMX, and 3DNow extensions. It also supports a wide range of objects formats ELF, a.out, COFF, etc, and has its own disassembler. Description Multiple vulnerabilities have been...
libssh and libssh2: Multiple vulnerabilities
Background libssh is a mulitplatform C library implementing the SSHv2 and SSHv1 protocol on client and server side. Description libssh and libssh2 both have a bits/bytes confusion bug and generate an abnormaly short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key...
nfdump: Multiple vulnerabilities
Background nfdump is a toolset in order to collect and process netflow and sflow data, sent from netflow/sflow compatible devices. Description Multiple vulnerabilities have been discovered in nfdump. Please review the CVE identifiers referenced below for details. Impact A remote attacker, by...
Tar: Denial of service
Background The Tar program provides the ability to create and manipulate tar archives. Description The sparsedumpregion function in sparse.c file in Tar allows an infinite loop using the --sparse option. Impact A local attacker could cause a Denial of Service condition by modifying a file that is...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
GNU Wget: Password and metadata leak
Background GNU Wget is a free software package for retrieving files using HTTP, HTTPS and FTP, the most widely-used Internet protocols. Description A vulnerability was discovered in GNU Wget’s filemetadata in xattr.c. Impact A local attacker could obtain sensitive information to include...
spice-gtk: Remote code execution
Background spice-gtk is a set of GObject and Gtk objects for connecting to Spice servers and a client GUI. Description A vulnerability was found in spice-gtk client due to the incorrect use of integer types and missing overflow checks. Impact An attacker, by enticing the user to join a malicious...
Tablib: Arbitrary command execution
Background Tablib is an MIT Licensed format-agnostic tabular dataset library, written in Python. It allows you to import, export, and manipulate tabular data sets. Description A vulnerability was discovered in Tablib’s Databook loading functionality, due to improper input validation. Impact A...
Xen: Multiple vulnerabilities
Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...
Binutils: Multiple vulnerabilities
Background The GNU Binutils are a collection of tools to create, modify and analyse binary files. Many of the files use BFD, the Binary File Descriptor library, to do low-level manipulation. Description Multiple vulnerabilities have been discovered in Binutils. Please review the CVE identifiers...
OpenVPN: Authentication bypass
Background OpenVPN is a multi-platform, full-featured SSL VPN solution. Description It was discovered that OpenVPN incorrectly handled deferred authentication. Impact A remote attacker could bypass authentication and access control channel data and trigger further information leaks. Workaround...
MuPDF: Multiple vulnerabilities
Background A lightweight PDF, XPS, and E-book viewer. Description Multiple vulnerabilities have been discovered in MuPDF. Please review the CVE identifiers referenced below for details. Impact A remote attacker, by enticing a user to process a specially crafted file, could possibly execute...
MySQL: Multiple vulnerabilities
Background MySQL is a popular multi-threaded, multi-user SQL server. Description Multiple vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details. Impact An attacker could possibly execute arbitrary code with the privileges of the process,...
rdesktop: Multiple vulnerabilities
Background rdesktop is a Remote Desktop Protocol RDP Client. Description Multiple vulnerabilities have been discovered in rdesktop. Please review the CVE identifiers referenced below for details. Impact A remote attacker could cause a Denial of Service condition, obtain sensitive information, or...
NVIDIA Drivers: Multiple Vulnerabilities
Background NVIDIA Drivers are NVIDIA's accelerated graphics driver. Description Multiple vulnerabilities have been discovered in NVIDIA Drivers. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...
Apache Commons Collections: Remote code execution
Background Apache Commons Collections extends the JCF classes with new interfaces, implementations and utilities. Description Some classes in the Apache Commons Collections functor package deserialized potentially untrusted input by default. Impact Deserializing untrusted input using Apache Commo...
Background Graphviz is an open source graph visualization software. Description Multiple vulnerabilities have been discovered in Graphviz. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to process a specially crafted file using Graphvi...
Mozilla Thunderbird and Firefox: Multiple vulnerabilities
Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird and Firefox. Please review the referenced...
glibc: Multiple vulnerabilities
Background glibc is a package that contains the GNU C library. Description Multiple vulnerabilities have been discovered in glibc. Please review the CVE identifiers referenced below for details. Impact An attacker could cause a possible Denial of Service condition. Workaround There is no known...
OpenSLP: Multiple vulnerabilities
Background OpenSLP is an open-source implementation of Service Location Protocol SLP. Description Multiple vulnerabilities have been discovered in OpenSLP. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly cause a Denial of Service condition o...
OpenSSH: Multiple vulnerabilities
Background OpenSSH is a complete SSH protocol implementation that includes SFTP client and server support. Description Multiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers referenced below for details. Impact Remote attackers could cause Denial of Service an...
OpenSSH: Multiple vulnerabilities
Background OpenSSH is a complete SSH protocol implementation that includes an SFTP client and server support. Description Multiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers referenced below for details. Impact A remote attacker could execute arbitrary code...
Chromium, Google Chrome, Microsoft Edge, QtWebEngine: Multiple Vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Microsoft Edge is a browser that combines a minimal design with...
Git: Multiple vulnerabilities
Background Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Description Multiple vulnerabilities have been discovered in Git. Please review the CVE identifiers referenced below for details...
cURL: Multiple vulnerabilities
Background A command line tool and library for transferring data with URLs. Description Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of the...
sudo: Multiple vulnerabilities
Background sudo su “do” allows a system administrator to delegate authority to give certain users or groups of users the ability to run some or all commands as root or another user while providing an audit trail of the commands and their arguments. Description Multiple vulnerabilities have been...
Simple DirectMedia Layer: Multiple vulnerabilities
Background Simple DirectMedia Layer is a cross-platform development library designed to provide low level access to audio, keyboard, mouse, joystick, and graphics hardware via OpenGL and Direct3D. Description Multiple vulnerabilities have been discovered in Simple DirectMedia Layer. Please review...
GlusterFS: Multiple Vulnerabilities
Background A free and open source software scalable network filesystem. Description Multiple vulnerabilities have been discovered in GlusterFS. Please review the referenced CVE identifiers for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...