3816 matches found
QtGui: Multiple Vulnerabilities
Background QtGui is a module for the Qt toolkit. Description Multiple vulnerabilities have been discovered in QtGui. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this tim...
libssh: Multiple Vulnerabilities
Background libssh is a multiplatform C library implementing the SSHv2 protocol on client and server side. Description Multiple vulnerabilities have been discovered in libssh. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...
Rack: Multiple Vulnerabilities
Background Rack is a modular Ruby web server interface. Description Multiple vulnerabilities have been discovered in Rack. Please review the CVE identifiers referenced below for details. Impact A possible denial of service vulnerability was found in the multipart parsing component of Rack. A...
Pillow: Multiple Vulnerabilities
Background The friendly PIL fork. Description Multiple vulnerabilities have been discovered in Pillow. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time. Resolution...
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one, fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...
Mozilla Firefox: Multiple vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
OpenConnect: Multiple vulnerabilities
Background OpenConnect is a free client for Cisco AnyConnect SSL VPN software. Description Multiple vulnerabilities have been discovered in OpenConnect. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround Ther...
PEAR Archive_Tar: Remote code execution vulnerability
Background This class provides handling of tar files in PHP. Description An issue was discovered in the PEAR module ArchiveTar’s handling of file paths within Tar achives. Impact A local or remote attacker could possibly execute arbitrary code with the privileges of the process. Workaround Avoid...
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...
HAProxy: Remote execution of arbitrary code
Background HAProxy is a TCP/HTTP reverse proxy for high availability environments. Description It was discovered that HAProxy incorrectly handled certain HTTP/2 headers. Impact A remote attacker could send a specially crafted HTTP/2 header, possibly resulting in execution of arbitrary code with t...
libvpx: User-assisted execution of arbitrary code
Background libvpx is the VP8 codec SDK used to encode and decode video streams, typically within a WebM format media file. Description Multiple vulnerabilities have been discovered in libvpx. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a...
ClamAV: Multiple vulnerabilities
Background ClamAV is a GPL virus scanner. Description Multiple vulnerabilities have been discovered in ClamAV. Please review the CVE identifiers referenced below for details. Impact A remote attacker could cause ClamAV to scan a specially crafted file, possibly resulting in a Denial of Service...
LibreOffice: Multiple vulnerabilities
Background LibreOffice is a powerful office suite; its clean interface and powerful tools let you unleash your creativity and grow your productivity. Description Multiple vulnerabilities have been discovered in LibreOffice. Please review the CVE identifiers referenced below for details. Impact...
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...
Back In Time: Command injection
Background A simple backup tool for Linux, inspired by “flyback project”. Description ‘Back in Time’ did improper escaping/quoting of file paths used as arguments to the ‘notify-send’ command leading to some parts of file paths being executed as shell commands within an os.system call. Impact A...
WebKitGTK+: Multiple vulnerabilities
Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Description Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the referenced CVE identifiers and Adobe Security Bulletin for details...
LibXfont, LibXfont2: Multiple vulnerabilities
Background X.Org Xfont library Description Multiple vulnerabilities have been discovered in LibXfont and LibXfont2. Please review the referenced CVE identifiers for details. Impact Local attackers could obtain sensitive information or possibly cause a Denial of Service condition. Workaround There...
X.Org Server: Multiple vulnerabilities
Background The X.Org project provides an open source implementation of the X Window System. Description Multiple vulnerabilities have been discovered in X.Org Server. Please review the referenced CVE identifiers for details. Impact Attackers could execute arbitrary code or cause a Denial of Servi...
LibVNCServer/LibVNCClient: Multiple vulnerabilities
Background LibVNCServer/LibVNCClient are cross-platform C libraries that allow you to easily implement VNC server or client functionality in your program. Description Multiple vulnerabilities have been discovered in LibVNCServer and LibVNCClient. Please review the CVE identifiers referenced below...
TigerVNC: Buffer overflow
Background TigerVNC is a high-performance VNC server/client. Description A buffer overflow vulnerability in ModifiablePixelBuffer::fillRect in vncviewer was found. Impact A remote attacker, utilizing a malicious VNC server, could execute arbitrary code with the privileges of the user running the...
WebP: Multiple vulnerabilities
Background WebP is an image format employing both lossy and lossless compression. Description Multiple vulnerabilities have been discovered in WebP’s gif2webp tool. Please review the CVE identifier and bug reference for details. Impact A remote attacker, by enticing a user to process a specially...
w3m: Multiple vulnerabilities
Background w3m is a text based WWW browser. Description Multiple vulnerabilities have been discovered in w3m. Please review the CVE identifiers referenced below for details. Impact A remote attacker could execute arbitrary code with the privileges of the process or cause a Denial of Service...
libmms: Remote execution of arbitrary code
Background libmms is a library for downloading streaming media files using the mmst and mmsh protocols. Description A heap-based buffer overflow was discovered in the getanswer function within mmsh.c of libmms. Impact A remote attacker might send a specially crafted MMS over HTTP MMSH response,...
MySQL and MariaDB: Multiple vulnerabilities
Background MySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an enhanced, drop-in replacement for MySQL. Description Multiple vulnerabilities have been discovered in MySQL and MariaDB. Please review the CVE identifiers referenced below for details. Impact A remote attacker coul...
Exim: Arbitrary code execution
Background Exim is a message transfer agent MTA designed to be a a highly configurable, drop-in replacement for sendmail. Description Vulnerabilities have been discovered in Exim’s implementation of set-uid root and when using ‘perlstartup’. These vulnerabilities require a user account on the Exi...
GNU cpio: Multiple vulnerabilities
Background GNU cpio copies files into or out of a cpio or tar archive. Description Two vulnerabilities have been discovered in GNU cpio: The listfile function in GNU cpio contains a heap-based buffer overflow vulnerability CVE-2014-9112 A directory traversal vulnerability has been found in GNU cp...
Asterisk: Multiple vulnerabilities
Background Asterisk is an open source telephony engine and toolkit. Description Multiple unspecified vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers referenced below for details. Impact Unauthenticated remote attackers can cause Denial of Service or bypass...
Wireshark: Multiple vulnerabilities
Background Wireshark is a network protocol analyzer formerly known as ethereal. Description Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact A remote attacker can cause a Denial of Service condition via specially...
LittleCMS: Denial of service
Background LittleCMS, or short lcms, is a color management system for working with ICC profiles. It is used by many applications including GIMP and Firefox. Description Multiple stack-based buffer overflows and a profile parser error have been found in LittleCMS. Impact A remote attacker could...
Clam AntiVirus: Denial of service
Background Clam AntiVirus is an open source GPL anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Description A heap-based buffer overflow exists in the cliscanpe function in libclamav/pe.c in ClamAV. Impact A remote attacker could possibly cause a Denial of...
Squid: Multiple vulnerabilities
Background Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Description An assertion failure in processing of SSL-Bump has been found in Squid. Heap based overflow is discovered when processing SNMP requests. Impact A remote attacker could send a specially crafted...
OpenLDAP: Multiple vulnerabilities
Background OpenLDAP is an LDAP suite of application and development tools. Description Multiple vulnerabilities have been discovered in OpenLDAP. Please review the CVE identifiers referenced below for details. Impact A remote attacker might employ a specially crafted certificate to conduct...
Pango: Multiple vulnerabilities
Background Pango is an internationalized text layout and rendering library Description Multiple vulnerabilities have been discovered in Pango. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker could entice a user to load specially crafted text usi...
Asterisk: Denial of service
Background Asterisk is an open source telephony engine and toolkit. Description Multiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers and Asterisk Project Security Advisories referenced below for details. Impact A remote attacker could possibly cause a Denia...
Opera: Multiple vulnerabilities
Background Opera is a fast web browser that is available free of charge. Description Multiple vulnerabilities have been discovered in Opera. Please review the CVE identifiers and Opera Release Notes referenced below for details. Impact A remote attacker could entice a user to open a specially...
Postfix: Multiple vulnerabilities
Background Postfix is Wietse Venema’s mailer that attempts to be fast, easy to administer, and secure, as an alternative to the widely-used Sendmail program. Description A vulnerability have been discovered in Postfix. Please review the CVE identifier referenced below for details. Impact An...
virtualenv: Insecure temporary file usage
Background virtualenv is a virtual Python environment builder. Description The virtualenv.py script in virtualenv does not handle temporary files securely. Impact A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application...
HPLIP: Multiple vulnerabilities
Background The Hewlett-Packard Linux Imaging and Printing system HPLIP provides drivers for HP's inkjet and laser printers, scanners and fax machines. Description Two vulnerabilities have been found in HPLIP: The "hpmudgetpml" function in pml.c contains a boundary error which could cause a...
Rack: Denial of service
Background Rack is a modular Ruby web server interface. Description Rack does not properly randomize hash functions to protect against hash collision attacks. Impact A remote attacker could send a specially crafted form post, possibly resulting in a Denial of Service condition. Workaround There i...
JasPer: User-assisted execution of arbitrary code
Background The JasPer Project is an open-source initiative to provide a free software-based reference implementation of the codec specified in the JPEG-2000 Part-1 jpeg2k standard. Description Two vulnerabilities have been found in JasPer: The jpccoxgetcompparms function in libjasper/jpc/jpccs.c...
Evince: Multiple vulnerabilities
Background Evince is a document viewer for multiple document formats, including PostScript. Description Multiple vulnerabilities have been discovered in Evince. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to load a DVI file with a...
feh: Multiple vulnerabilities
Background feh is a fast, lightweight imageviewer using imlib2. Description Multiple vulnerabilities have been discovered in feh. Please review the CVE identifiers referenced below for details. Impact A malicious entity might entice a user to visit a URL using the --wget-timestamp option, thus...
IO::Socket::SSL: Certificate validation error
Background IO::Socket::SSL is a Perl class implementing an object oriented interface to SSL sockets. Description The vendor reported that IO::Socket::SSL does not properly handle Common Name CN fields. Impact A remote attacker might employ a specially crafted certificate to conduct...
OpenAFS: Arbitrary code execution
Background OpenAFS is a distributed file system. Description Two vulnerabilities were discovered: Simon Wilkinson discovered from a bug report by Toby Blake that the cache manager of OpenAFS contains a heap-based buffer overflow which is related to the use of the ERRPTR macro CVE-2009-1250. A...
GD: User-assisted execution of arbitrary code
Background GD is a graphic library for fast image creation. Description Tomas Hoger reported that the gdGetColors function in gdgd.c does not properly verify the colorsTotal struct member, possibly leading to a buffer overflow. Impact A remote attacker could entice a user to open a specially...
NTP: Denial of service
Background NTP is a set of the Network Time Protocol programs. Description Robin Park and Dmitri Vinokurov discovered that ntprequest.c in ntpd does not handle MODEPRIVATE packets correctly, causing a continuous exchange of MODEPRIVATE error responses between two NTP daemons or causing high CPU...
Dnsmasq: Multiple vulnerabilities
Background Dnsmasq is a lightweight, easy to configure DNS forwarder and DHCP server. It includes support for Trivial FTP TFTP. Description Multiple vulnerabilities have been reported in the TFTP functionality included in Dnsmasq: Pablo Jorge and Alberto Solino discovered a heap-based buffer...
Wireshark: Denial of service
Background Wireshark is a versatile network protocol analyzer. Description Multiple vulnerabilities were discovered in Wireshark: A buffer overflow in the IPMI dissector related to an array index error CVE-2009-2559. Multiple unspecified vulnerabilities in the Bluetooth L2CAP, RADIUS, and MIOP...
libTIFF: User-assisted execution of arbitrary code
Background libTIFF provides support for reading and manipulating TIFF Tagged Image File Format images. Description Two vulnerabilities have been reported in libTIFF: wololo reported a buffer underflow in the LZWDecodeCompat function CVE-2009-2285. Tielei Wang of ICST-ERCIS, Peking University...