3816 matches found
Qt WebEngine: Multiple vulnerabilities
Background Library for rendering dynamic web content in Qt5 C++ and QML applications. Description Multiple vulnerabilities have been discovered in Qt WebEngine. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
ClamAV: Multiple vulnerabilities
Background ClamAV is a GPL virus scanner. Description Multiple vulnerabilities have been discovered in ClamAV. Please review the CVE identifiers referenced below for details. Impact A remote attacker, through multiple vectors, could execute arbitrary code, cause a Denial of Service condition, or...
Quagga: Multiple vulnerabilities
Background Quagga is a free routing daemon replacing Zebra supporting RIP, OSPF and BGP. Description Multiple vulnerabilities have been discovered in Quagga. Please review the CVE identifiers referenced below for details. Impact A remote attacker, by sending specially crafted packets, could execu...
corosync: Denial of service
Background The Corosync Cluster Engine is a Group Communication System with additional features for implementing high availability within applications. Description It was discovered that corosync allowed an unauthenticated user to cause a Denial of Service by application crash. Impact A remote...
systemd: Heap use-after-free
Background A system and service manager. Description It was found that systemd incorrectly handled certain Polkit queries. Impact A local unprivileged user, by sending a specially crafted Polkit query, could possibly execute arbitrary code with the privileges of the process, escalate privileges o...
WebkitGTK+: Multiple vulnerabilities
Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Description Multiple vulnerabilities have been discovered in WebkitGTK+. Please review the CVE...
GPL Ghostscript: Multiple vulnerabilities
Background Ghostscript is an interpreter for the PostScript language and for PDF. Description Multiple vulnerabilities have been discovered in GPL Ghostscript. Please review the CVE identifiers referenced below for additional information. Impact A context-dependent attacker could entice a user to...
Apache Tomcat: Multiple Vulnerabilities
Background Apache Tomcat is a Servlet-3.0/JSP-2.2 Container. Description Multiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
Git: Information disclosure
Background Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Description Multiple vulnerabilities have been discovered in Git. Please review the CVE identifiers referenced below for details...
Libical: Multiple vulnerabilities
Background An Open Source implementation of the iCalendar protocols and protocol data units. Description Multiple vulnerabilities have been discovered in Libical. Please review the referenced CVE identifiers for details. Impact Please review the referenced CVE identifiers for details. Workaround...
containerd: Multiple vulnerabilities
Background Containerd is a daemon with an API and a command line client, to manage containers on one machine. It uses runC to run containers according to the OCI specification. Description Multiple vulnerabilities have been discovered in containerd. Please review the CVE identifiers referenced...
libTIFF: Multiple vulnerabilities
Background The TIFF library contains encoding and decoding routines for the Tag Image File Format. It is called by numerous programs, including GNOME and KDE applications, to interpret TIFF images. Description Multiple vulnerabilities have been discovered in libTIFF. Please review the CVE...
Mozilla Firefox: Multiple vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
D-Bus: Authentication bypass
Background D-Bus is a message bus system which processes can use to talk to each other. Description It was discovered that a local attacker could manipulate symbolic links in their own home directory to bypass authentication and connect to a DBusServer with elevated privileges. Impact A local...
Git: Multiple vulnerabilities
Background Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Description Multiple vulnerabilities have been discovered in Git. Please review the referenced CVE identifiers for details Impact...
cabextract, libmspack: Multiple vulnerabilities
Background cabextract is free software for extracting Microsoft cabinet files. libmspack is a portable library for some loosely related Microsoft compression formats Description Multiple vulnerabilities have been discovered in cabextract and libmspack. Please review the CVE identifiers referenced...
libjpeg-turbo: User-assisted execution of arbitrary code
Background libjpeg-turbo is a MMX, SSE, and SSE2 SIMD accelerated JPEG library. Description It was discovered that libjpeg-turbo incorrectly handled certain JPEG images. Impact A remote attacker could entice a user to open a specially crafted JPEG file in an application linked against...
libarchive: Multiple vulnerabilities
Background libarchive is a library for manipulating different streaming archive formats, including certain tar variants, several cpio formats, and both BSD and GNU ar variants. Description Multiple vulnerabilities have been discovered in libarchive. Please review the CVE identifiers referenced...
bzip2: Denial of service
Background bzip2 is a high-quality data compressor used extensively by Gentoo Linux. Description A use-after-free flaw was found in bzip2recover, leading to a null pointer dereference, or a write to a closed file descriptor. Please review the CVE identifier referenced below for details. Impact A...
Docker: Multiple vulnerabilities
Background Docker is the world’s leading software containerization platform. Description Multiple vulnerabilities have been discovered in Docker. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...
Apache HTTPD: Multiple Vulnerabilities
Background The Apache HTTP server is one of the most popular web servers on the Internet. Description Multiple vulnerabilities have been discovered in Apache HTTPD. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
runC: Container breakout
Background runC is a CLI tool for spawning and running containers according to the OCI specification. Description A vulnerability in runC could allow an attacker to achieve privilege escalation if specific mount configuration prerequisites are satisfied. Impact An attacker may be able to escalati...
FreeImage: Multiple vulnerabilities
Background FreeImage is an Open Source library project for developers who would like to support popular graphics image formats like PNG, BMP, JPEG, TIFF and others as needed by today’s multimedia applications. Description Multiple vulnerabilities have been discovered in FreeImage. Please review t...
Mozilla Firefox: Multiple vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to view a specially...
strongSwan: Multiple vulnerabilities
Background strongSwan is an IPSec implementation for Linux. Description Multiple vulnerabilities have been discovered in strongSwan. Please review the CVE identifiers referenced below for details. Impact A remote attacker could cause a Denial of Service condition or impersonate a user. Workaround...
libsndfile: Multiple vulnerabilities
Background libsndfile is a C library for reading and writing files containing sampled sound. Description Multiple vulnerabilities have been discovered in libsndfile. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially...
Asterisk: Multiple Vulnerabilities
Background Asterisk is an open source telephony engine and toolkit. Description Multiple unspecified vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers referenced below for details. Impact A remote attacker could exploit the vulnerabilities to cause a man in the...
MediaWiki: Multiple vulnerabilities
Background MediaWiki is a collaborative editing software used by large projects such as Wikipedia. Description Multiple vulnerabilities have been discovered in MediaWiki. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for detail...
SDL2_Image: Multiple vulnerabilities
Background SDLimage is an image file library that loads images as SDL surfaces, and supports various formats like BMP, GIF, JPEG, LBM, PCX, PNG, PNM, TGA, TIFF, XCF, XPM, and XV. Description Multiple vulnerabilities have been discovered in SDL2Image. Please review the CVE identifiers referenced...
Apache: Multiple vulnerabilities
Background The Apache HTTP server is one of the most popular web servers on the Internet. Description Multiple vulnerabilities have been discovered in Apache. Please review the CVE identifiers, upstream Apache Software Foundation documentation, and HTTPoxy website referenced below for details...
Apache HTTPD: Multiple Vulnerabilities
Background The Apache HTTP server is one of the most popular web servers on the Internet. Description Multiple vulnerabilities have been discovered in Apache HTTPD. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
GNU C Library: Multiple Vulnerabilities
Background The GNU C library is the standard C library used by Gentoo Linux systems. It provides programs with basic facilities and interfaces to system calls. ld.so is the dynamic linker which prepares dynamically linked programs for execution by resolving runtime dependencies and related...
Libgcrypt: Side-channel attack
Background Libgcrypt is a general purpose cryptographic library derived out of GnuPG. Description A timing attack was found in the way ECCDSA was implemented in Libgcrypt. Impact A local man-in-the-middle attacker, during signature generation, could possibly recover the private key. Workaround...
urllib3: Multiple vulnerabilities
Background The urllib3 library is an HTTP library with thread-safe connection pooling, file post, and more. Description Multiple vulnerabilities have been discovered in urllib3. Please review the CVE identifiers referenced below for details. Impact An attacker could cause a possible Denial of...
musl: x87 floating-point stack adjustment imbalance
Background musl is an implementation of the C standard library built on top of the Linux system call API, including interfaces defined in the base language standard, POSIX, and widely agreed-upon extensions. Description A flaw in musl libc’s arch-specific math assembly code for i386 was found whi...
Expat: Multiple vulnerabilities
Background Expat is a set of XML parsing libraries. Description Multiple vulnerabilities have been discovered in Expat. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this...
PHP: Multiple vulnerabilities
Background PHP is an open source general-purpose scripting language that is especially suited for web development. Description Multiple vulnerabilities have been discovered in PHP. Please review the referenced CVE identifiers for details. Impact A remote attacker could execute arbitrary code with...
OpenID library for Ruby: Server-Side Request Forgery
Background A Ruby library for verifying and serving OpenID identities. Description It was discovered that OpenID library for Ruby performed discovery first, and then verification. Impact A remote attacker could possibly change the URL used for discovery and trick the server into connecting to the...
IcedTea JDK: Multiple vulnerabilities
Background IcedTea is a distribution of the Java OpenJDK source code built with free build tools. Description Multiple vulnerabilities have been discovered in the IcedTea JDK. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary...
PHP: Multiple vulnerabilities
Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact A...
OpenSSH: Remote Code Execution
Background OpenSSH is a free application suite consisting of server and clients that replace tools like telnet, rlogin, rcp and ftp with more secure versions offering additional functionality. Description Multiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers...
Oracle JDK/JRE: Multiple vulnerabilities
Background Java Platform, Standard Edition Java SE lets you develop and deploy Java applications on desktops and servers, as well as in today’s demanding embedded environments. Java offers the rich user interface, performance, versatility, portability, and security that today’s applications...
Mozilla Firefox: Multiple vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the referenced CVE identifiers for details. Impact A remote attacker could entice a user to view a specially crafte...
SDL 2: Multiple vulnerabilities
Background Simple DirectMedia Layer is a cross-platform development library designed to provide low level access to audio, keyboard, mouse, joystick, and graphics hardware via OpenGL and Direct3D. Description Multiple vulnerabilities have been discovered in SDL 2. Please review the CVE identifier...
ZeroMQ: Code execution
Background Looks like an embeddable networking library but acts like a concurrency framework Description Please reference the CVE for details. Impact Please reference the CVE for details. Workaround There is no known workaround at this time. Resolution All ZeroMQ users should upgrade to the lates...
Samba: Multiple Vulnerabilities
Background Samba is a suite of SMB and CIFS client/server programs. Description Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
Leptonica: Multiple vulnerabilities
Background Leptonica is a C library for image processing and analysis. Description Multiple vulnerabilities have been discovered in Leptonica. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...
Apache Tomcat: Multiple vulnerabilities
Background Apache Tomcat is a Servlet-3.0/JSP-2.2 Container. Description Multiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details. Impact An attacker could possibly smuggle HTTP requests or execute arbitrary code. Workaround...
Perl: Multiple vulnerabilities
Background Perl is a highly capable, feature-rich programming language. Description Multiple vulnerabilities have been discovered in Perl. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...