3816 matches found
MPlayer, xine-lib: vulnerabilities in RTSP stream handling
Background MPlayer is a movie player capable of handling multiple multimedia file formats. xine-lib is a multimedia player library used by several graphical user interfaces, including xine-ui. They both use the same code to handle Real-Time Streaming Protocol RTSP streams from RealNetworks server...
Util-linux login may leak sensitive data
Background Util-linux is a suite of essential system utilites, including login, agetty, fdisk. Description In some situations the login program could leak sensitive data due to an incorrect usage of a reallocated pointer. NOTE: Only users who have PAM support disabled on their systems i.e. -PAM i...
GnuPG: ElGamal signing keys compromised and format string vulnerability
Background GnuPG is a popular open source signing and encryption tool. Description Two flaws have been found in GnuPG 1.2.3. First, ElGamal signing keys can be compromised. These keys are not commonly used, but this is "a significant security failure which can lead to a compromise of almost all...
ytnef: Multiple Vulnerabilities
Background ytnef is a TNEF stream reader for reading winmail.dat files. Description The TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service and potentially code execution due to a double free which can be triggered via a crafted file. The SwapWord...
Dalli: Code Injection
Background Dalli is a high performance pure Ruby client for accessing memcached servers. Description A vulnerability was found in Dalli. Affected is the function self.metaset of the file lib/dalli/protocol/meta/requestformatter.rb of the component Meta Protocol Handler. The manipulation leads to...
CUPS: Multiple Vulnerabilities
Background CUPS, the Common Unix Printing System, is a full-featured print server. Description Multiple vulnerabilities have been discovered in CUPS. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There i...
OpenSSL: Multiple Vulnerabilities
Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced...
libgit2: Privilege Escalation Vulnerability
Background libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API. Description A vulnerability has been discovered in libgit2. Please review the CVE identifier referenced below for details. Impact Usages of a malicious craft...
libssh: Multiple Vulnerabilities
Background libssh is a multiplatform C library implementing the SSHv2 protocol on client and server side. Description Multiple vulnerabilities have been discovered in libssh. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...
multipath-tools: Multiple Vulnerabilities
Background multipath-tools are used to drive the Device Mapper multipathing driver. Description Multiple vulnerabilities have been discovered in multipath-tools. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
glibc: Multiple vulnerabilities
Background glibc is a package that contains the GNU C library. Description Multiple vulnerabilities have been discovered in glibc. Please review the CVE identifiers referenced below for details. Impact An attacker could elevate privileges from a local user to root. Workaround There is no known...
Oracle VirtualBox: Multiple Vulnerabilities
Background VirtualBox is a powerful virtualization product from Oracle. Description Multiple vulnerabilities have been discovered in VirtualBox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...
libebml: Heap buffer overflow vulnerability
Background libebml is a C++ library to parse EBML files. Description On 32bit builds of libebml, the length of a string is miscalculated, potentially leading to an exploitable heap overflow. Impact An attacker able to provide arbitrary input to libebml could achieve arbitrary code execution...
Puma: Multiple Vulnerabilities
Background Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack. Description Multiple vulnerabilities have been discovered in Puma. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
Mozilla Firefox: Multiple vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
OpenConnect: Multiple vulnerabilities
Background OpenConnect is a free client for Cisco AnyConnect SSL VPN software. Description Multiple vulnerabilities have been discovered in OpenConnect. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround Ther...
PEAR Archive_Tar: Remote code execution vulnerability
Background This class provides handling of tar files in PHP. Description An issue was discovered in the PEAR module ArchiveTar’s handling of file paths within Tar achives. Impact A local or remote attacker could possibly execute arbitrary code with the privileges of the process. Workaround Avoid...
GNU Readline: Multiple vulnerabilities
Background The GNU Readline library provides a set of functions for use by applications that allow users to edit command lines as they are typed in. Description Multiple vulnerabilities have been discovered in GNU Readline. Please review the CVE identifiers referenced below for details. Impact...
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...
HAProxy: Remote execution of arbitrary code
Background HAProxy is a TCP/HTTP reverse proxy for high availability environments. Description It was discovered that HAProxy incorrectly handled certain HTTP/2 headers. Impact A remote attacker could send a specially crafted HTTP/2 header, possibly resulting in execution of arbitrary code with t...
libvpx: User-assisted execution of arbitrary code
Background libvpx is the VP8 codec SDK used to encode and decode video streams, typically within a WebM format media file. Description Multiple vulnerabilities have been discovered in libvpx. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a...
ClamAV: Multiple vulnerabilities
Background ClamAV is a GPL virus scanner. Description Multiple vulnerabilities have been discovered in ClamAV. Please review the CVE identifiers referenced below for details. Impact A remote attacker could cause ClamAV to scan a specially crafted file, possibly resulting in a Denial of Service...
Patch: Multiple vulnerabilities
Background Patch takes a patch file containing a difference listing produced by the diff program and applies those differences to one or more original files, producing patched versions. Description Multiple vulnerabilities have been discovered in Patch. Please review the CVE identifiers reference...
util-linux: User-assisted execution of arbitrary code
Background util-linux is a suite of Linux programs including mount and umount, programs used to mount and unmount filesystems. Description It was discovered that the umount bash-completion as provided by util-linux does not escap mount point paths. Impact An attacker controlling a volume label...
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the referenced CVE identifiers and Adobe Security Bulletin for details...
LibXfont, LibXfont2: Multiple vulnerabilities
Background X.Org Xfont library Description Multiple vulnerabilities have been discovered in LibXfont and LibXfont2. Please review the referenced CVE identifiers for details. Impact Local attackers could obtain sensitive information or possibly cause a Denial of Service condition. Workaround There...
libTIFF: Multiple vulnerabilities
Background The TIFF library contains encoding and decoding routines for the Tag Image File Format. It is called by numerous programs, including GNOME and KDE applications, to interpret TIFF images. Description Multiple vulnerabilities have been discovered in LibTIFF. Please review the referenced...
LibVNCServer/LibVNCClient: Multiple vulnerabilities
Background LibVNCServer/LibVNCClient are cross-platform C libraries that allow you to easily implement VNC server or client functionality in your program. Description Multiple vulnerabilities have been discovered in LibVNCServer and LibVNCClient. Please review the CVE identifiers referenced below...
TigerVNC: Buffer overflow
Background TigerVNC is a high-performance VNC server/client. Description A buffer overflow vulnerability in ModifiablePixelBuffer::fillRect in vncviewer was found. Impact A remote attacker, utilizing a malicious VNC server, could execute arbitrary code with the privileges of the user running the...
WebP: Multiple vulnerabilities
Background WebP is an image format employing both lossy and lossless compression. Description Multiple vulnerabilities have been discovered in WebP’s gif2webp tool. Please review the CVE identifier and bug reference for details. Impact A remote attacker, by enticing a user to process a specially...
CVS: Heap-based overflow
Background CVS Concurrent Versions System is an open-source network-transparent version control system. It contains both a client utility and a server. Description A heap-based buffer overflow was discovered in the proxyconnect function in src/client.c in CVS. Impact An attacker, utilizing a remo...
w3m: Multiple vulnerabilities
Background w3m is a text based WWW browser. Description Multiple vulnerabilities have been discovered in w3m. Please review the CVE identifiers referenced below for details. Impact A remote attacker could execute arbitrary code with the privileges of the process or cause a Denial of Service...
Bash: Arbitrary code execution
Background Bash is the standard GNU Bourne Again SHell. Description A vulnerability was found in the way Bash expands $HOSTNAME. Injecting malicious code into $HOSTNAME could cause it to run each time Bash expands \h in the prompt string. Impact A remote attacker controlling the system’s hostname...
Coreutils: Arbitrary code execution
Background The GNU Core Utilities are the basic file, shell and text manipulation utilities of the GNU operating system. Description A memory corruption flaw in GNU Coreutils’ parsedatetime function was reported. Applications using parsedatetime, such as touch or date, may accepted untrusted inpu...
MySQL and MariaDB: Multiple vulnerabilities
Background MySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an enhanced, drop-in replacement for MySQL. Description Multiple vulnerabilities have been discovered in MySQL and MariaDB. Please review the CVE identifiers referenced below for details. Impact A remote attacker coul...
Cacti: Multiple vulnerabilities
Background Cacti is a complete frontend to rrdtool. Description Multiple vulnerabilities have been discovered in Cacti. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process, or remote...
Wireshark: Multiple vulnerabilities
Background Wireshark is a network protocol analyzer formerly known as ethereal. Description Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact Remote attackers could cause Denial of Service and local attackers could...
Libreswan: Multiple Vulnerabilities
Background Libreswan is a free software implementation of the most widely supported and standarized VPN protocol based on “IPsec” and the Internet Key Exchange “IKE”. Description The pluto IKE daemon in Libreswan, when built with NSS, allows remote attackers to cause a Denial of Service assertion...
Roundcube: Multiple Vulnerabilities
Background Free and open source webmail software for the masses, written in PHP. Description Remote authenticated users with certain permissions can read arbitrary files or possibly execute arbitrary code via .. in the skin parameter to index.php. Additionally, a cross-site scripting XSS...
WebKitGTK+: Multiple vulnerabilities
Background WebKitGTK+ is a full-featured port of the WebKit rendering engine. Description Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details. Impact A remote attack can use multiple vectors to execute arbitrary code or cause...
tcpdump: Multiple vulnerabilities
Background tcpdump is a Tool for network monitoring and data acquisition. Description Multiple vulnerabilities have been discovered in tcpdump. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of the...
libgadu: Multiple vulnerabilities
Background libgadu is a library that implements the client side of the Gadu-Gadu protocol. Description libgadu contains multiple vulnerabilities: X.509 certificates are not properly validated CVE-2013-4488 A integer overflow error could lead to a buffer overflow CVE-2013-6487 Malformed responses...
MySQL: Multiple vulnerabilities
Background MySQL is a fast, multi-threaded, multi-user SQL database server. Description Multiple vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details. Impact A remote attacker could send a specially crafted request, possibly resulting in...
GNU cpio: Multiple vulnerabilities
Background GNU cpio copies files into or out of a cpio or tar archive. Description Two vulnerabilities have been discovered in GNU cpio: The listfile function in GNU cpio contains a heap-based buffer overflow vulnerability CVE-2014-9112 A directory traversal vulnerability has been found in GNU cp...
stunnel: Information disclosure
Background The stunnel program is designed to work as an SSL encryption wrapper between a client and a local or remote server. Description stunnel does not properly update the state of the pseudo-random generator after fork-threading which causes subsequent children with the same process ID to us...
Poppler: Multiple vulnerabilities
Background Poppler is a cross-platform PDF rendering library originally based on Xpdf. Description Multiple vulnerabilities have been discovered in Poppler. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted PDF...
libxslt: Denial of service
Background libxslt is the XSLT C library developed for the GNOME project. XSLT is an XML language to define transformations for XML. Description Multiple vulnerabilities have been found in libxslt: Multiple errors exist in pattern.c and functions.c CVE-2012-2870, CVE-2012-6139. A double-free erro...
Monkey HTTP Daemon: Multiple vulnerabilities
Background Monkey HTTP Daemon is a lightweight and powerful web server for GNU/Linux. Description Multiple vulnerabilities have been discovered in Monkey HTTP Daemon. Please review the CVE identifiers referenced below for details. Impact A remote attacker could send a specially crafted request,...
ISC DHCP: Denial of service
Background ISC DHCP is a Dynamic Host Configuration Protocol DHCP client/server. Description Multiple vulnerabilities have been discovered in ISC DHCP. Please review the CVE identifiers referenced below for details. Impact The vulnerabilities might allow remote attackers to execute arbitrary code...