3816 matches found
QtNetwork: Denial of service
Background QtNetwork provides a set of APIs for programming applications that use TCP/IP. It is part of the Qt framework. Description A flaw was discovered in QtNetwork’s handling of OpenSSL protocol errors. Impact An attacker could cause a possible Denial of Service condition. Workaround There i...
libexif: Multiple vulnerabilities
Background libexif is a library for parsing, editing and saving Exif metadata from images. Description Multiple vulnerabilities have been discovered in libexif. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
libmicrodns: Multiple vulnerabilities
Background libmicrodns is an mDNS library, focused on being simple and cross-platform. Description Multiple vulnerabilities have been discovered in libmicrodns. Please review the CVE identifiers and the upstream advisory referenced below for details. Impact Please review the referenced CVE...
WeeChat: Multiple vulnerabilities
Background Wee Enhanced Environment for Chat WeeChat is a light and extensible console IRC client. Description Multiple vulnerabilities have been discovered in WeeChat. Please review the CVE identifiers referenced below for details. Impact A remote attacker, by sending a specially crafted IRC...
libarchive: Multiple vulnerabilities
Background libarchive is a library for manipulating different streaming archive formats, including certain tar variants, several cpio formats, and both BSD and GNU ar variants. Description Multiple vulnerabilities have been discovered in libarchive. Please review the CVE identifiers referenced...
glibc: Multiple vulnerabilities
Background glibc is a package that contains the GNU C library. Description Multiple vulnerabilities have been discovered in glibc. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workarou...
Rust: Multiple vulnerabilities
Background A systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. Description Multiple vulnerabilities have been discovered in Rust. Please review the CVE identifiers referenced below for details. Impact A remote attacker able to control the val...
PostgreSQL: SQL injection
Background PostgreSQL is an open source object-relational database management system. Description A vulnerability was discovered in PostgreSQL’s pgupgrade and pgdump. Impact An attacker, by enticing a user to process a specially crafted trigger definition, can execute arbitrary SQL statements wit...
libvirt: Multiple vulnerabilities
Background libvirt is a C toolkit for manipulating virtual machines. Description Multiple vulnerabilities have been discovered in libvirt. Please review the CVE identifiers referenced below for details. Impact A local privileged attacker could execute arbitrary commands or cause a Denial of Servi...
WebKitGTK+: Multiple Vulnerabilities
Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, offers Webkit’s full functionality and is used on a wide range of systems. Description Multiple vulnerabilities have been discovered in WebkitGTK+. Please...
KAuth and KDELibs: Privilege escalation
Background KAuth provides a convenient, system-integrated way to offload actions that need to be performed as a privileged user root, for example to small hopefully secure helper utilities. The KDE libraries, basis of KDE and used by many open source projects. Description KAuth and KDELibs contai...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
Patch: Denial of service
Background Patch takes a patch file containing a difference listing produced by the diff program and applies those differences to one or more original files, producing patched versions. Description Due to a flaw in Patch, the application can enter an infinite loop when processing a specially...
polkit: Heap-corruption on duplicate IDs
Background polkit is a toolkit for managing policies relating to unprivileged processes communicating with privileged processes. Description A vulnerability was discovered in polkit’s polkitbackendactionpoolinit function due to duplicate action IDs in action descriptions. Impact Local attackers a...
Bugzilla: Multiple vulnerabilities
Background Bugzilla is the bug-tracking system from the Mozilla project. Description Multiple vulnerabilities have been discovered in Bugzilla. Please review the CVE identifiers referenced below for details. Impact Privileged account holders could execute system level commands, and the new user...
QtGui: Multiple vulnerabilities
Background QtGui is the GUI module and platform plugins for the Qt framework Description Multiple buffer overflow vulnerabilities have been discovered in QtGui. It is possible for remote attackers to construct specially crafted BMP, ICO, or GIF images that lead to buffer overflows. After...
ClamAV: Multiple vulnerabilities
Background ClamAV is a GPL virus scanner. Description Multiple vulnerabilities have been discovered in ClamAV. Please review the CVE identifiers referenced below for details. Impact A remote attacker could cause ClamAV to scan a specially crafted file, possibly resulting in a Denial of Service...
cups-filters: Multiple vulnerabilities
Background cups-filters is an OpenPrinting CUPS Filters. Description Multiple vulnerabilities have been discovered in cups-filters. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted print job using cups-filters...
e2fsprogs: Arbitrary code execution
Background e2fsprogs is a set of utilities for maintaining the ext2, ext3 and ext4 file systems. Description e2fsprogs has a heap-based buffer overflow in closefs.c in the libext2fs library. Impact A local attacker could execute arbitrary code via a specially crafted block group descriptor...
GnuTLS: Multiple vulnerabilities
Background GnuTLS is an Open Source implementation of the TLS and SSL protocols. Description Multiple vulnerabilities have been discovered in GnuTLS. Please review the CVE identifiers and external references below for details. Impact A context-dependent attacker can cause a denial of service...
sudo: Information disclosure
Background sudo allows a system administrator to give users the ability to run commands as other users. Access to commands may also be granted on a range to hosts. Description sudo does not handle the TZ environment variable properly. Impact A local attacker may be able to read arbitrary files or...
grep: Denial of service
Background grep is the GNU regular expression matcher. Description A heap buffer overrun has been fixed in the bmexectrans function in kwset.c. Impact A local user can cause Denial of Service. Workaround There is no known workaround at this time. Resolution All grep users should upgrade to the...
nginx: Information disclosure
Background nginx is a robust, small, and high performance HTTP and reverse proxy server. Description An SSL session fixation vulnerability has been found in nginx when multiple servers use the same shared sslsessioncache or sslsessionticketkey. Impact A remote attacker may be able to obtain...
file: Denial of service
Background The file utility attempts to identify a file’s format by scanning binary data for patterns. Description An issue with the ELF parser used by the file utility can cause a resource consumption when reading a specially-crafted ELF binary. Impact A context-dependent attacker may be able to...
sendmail: Information disclosure
Background sendmail is a widely-used Mail Transport Agent MTA. Description The smcloseonexec function in conf.c has arguments in the wrong order. Impact A local attacker could get access to unintended high-numbered file descriptors via a specially crafted program. Workaround There is no known...
MCollective: Privilege escalation
Background MCollective is a framework to build server orchestration or parallel job execution systems. Description Two vulnerabilities have been found in MCollective: An untrusted search path vulnerability exists in MCollective CVE-2014-3248 MCollective does not properly validate server...
CouchDB: Denial of service
Background Apache CouchDB is a distributed, fault-tolerant and schema-free document-oriented database. Description CouchDB does not properly sanitize the count parameter for Universally Unique Identifiers UUID requests. Impact A remote attacker could send a specially crafted request to CouchDB,...
Xfig: User-assisted execution of arbitrary code
Background Xfig is an interactive drawing tool. Description A stack-based buffer overflow and a stack consumption vulnerability have been found in Xfig. Impact A remote attacker could entice a user to open a specially-crafted file, potentially resulting in arbitrary code execution or a Denial of...
libxml2: Denial of service
Background libxml2 is the XML C parser and toolkit developed for the Gnome project. Description A vulnerability in the xmlParserHandlePEReference function of parser.c, when expanding entity references, can be exploited to consume large amounts of memory and cause a crash or hang. Impact A remote...
Libgcrypt: Side-channel attack
Background Libgcrypt is a general purpose cryptographic library derived out of GnuPG. Description A vulnerability in the implementation of ElGamal decryption procedures of Libgcrypt leaks information to various side-channels. Impact A physical side-channel attack allows a remote attacker to fully...
Jinja2: Multiple vulnerabilities
Background Jinja2 is a template engine written in pure Python. Description Multiple vulnerabilities have been discovered in Jinja2. Please review the CVE identifiers referenced below for details. Impact A local attacker could gain escalated privileges via a specially crafted cache file or...
GNU Libtasn1: Multiple vulnerabilities
Background The ASN.1 library used in GNUTLS. Description Multiple vulnerabilities have been discovered in GNU Libtasn1. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker could possibly cause a Denial of Service condition. Workaround There is no...
libpng: Multiple vulnerabilities
Background libpng is a standard library used to process PNG Portable Network Graphics images. It is used by several programs, including web browsers and potentially server processes. Description The pngpushreadchunk function in pngpread.c in the progressive decoder enters an infinite loop, when i...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
Mono: Denial of service
Background Mono is an open source implementation of Microsoft’s .NET Framework. Description Mono does not properly randomize hash functions for form posts to protect against hash collision attacks. Impact A remote attacker could send specially crafted parameters, possibly resulting in a Denial of...
Symfony: Information disclosure
Background Symfony is a professional, open-source PHP5 web development framework. Description Symfony does not properly sanitize input for upload requests. Impact A remote attacker could send a specially crafted file upload request, possibly resulting in disclosure of sensitive information...
GnuPG, Libgcrypt: Multiple vulnerabilities
Background The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software. Libgcrypt is a cryptographic library based on GnuPG. Description Multiple vulnerabilities have been discovered in GnuPG and Libgcrypt. Please review the CVE identifiers referenced below for...
MIT Kerberos 5: Multiple vulnerabilities
Background MIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. Description Multiple vulnerabilities have been discovered in the Key Distribution Center in MIT Kerberos 5. Please review the CVE identifiers referenced below for details. Impact A remote attacker...
Namazu: Multiple vulnerabilities
Background Namazu is a full-text search engine intended for easy use. Description Multiple vulnerabilities have been discovered in Namazu. Please review the CVE identifiers referenced below for details. Impact A remote attacker could execute arbitrary code or cause a Denial of Service condition...
cpio: Arbitrary code execution
Background GNU cpio copies files into or out of a cpio or tar archive. Description Cpio contains a heap-based buffer overflow in the rmtread function in lib/rtapelib.c. Impact A remote server could sending more data than was requested, related to archive filenames that contain a : colon character...
Perl Parallel-ForkManager Module: Insecure temporary file usage
Background Parallel-ForkManager is a simple parallel processing fork manager for Perl. Description The Perl Parallel-ForkManager module does not handle temporary files securely. Impact A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user...
Adobe Reader: Arbitrary Code Execution
Background Adobe Reader is a closed-source PDF reader. Description An unspecified vulnerability exists in Adobe Reader. Impact An attacker could execute arbitrary code or cause a Denial of Service condition. Workaround There is no known workaround at this time. Resolution All Adobe Reader users...
strongSwan: Multiple vulnerabilities
Background strongSwan is an IPSec implementation for Linux. Description Multiple vulnerabilities have been discovered in strongSwan. Please review the CVE identifiers referenced below for details. Impact A remote attacker could use ECDSA to authenticate as another user with an invalid signature...
qemu-kvm: Multiple vulnerabilities
Background qemu-kvm provides QEMU and Kernel-based Virtual Machine userland tools. Description Multiple vulnerabilities have been discovered in qemu-kvm. Please review the CVE identifiers referenced below for details. Impact These vulnerabilities allow a remote attacker to cause a Denial of Servi...
sendmail: X.509 NULL spoofing vulnerability
Background sendmail is a widely-used Mail Transport Agent MTA. Description A vulnerability has been discovered in sendmail. Please review the CVE identifier referenced below for details. Impact A remote attacker might employ a specially crafted certificate to conduct man-in-the-middle attacks on...
NVIDIA Drivers: Privilege escalation
Background The NVIDIA drivers provide X11 and GLX support for NVIDIA graphic boards. Description A vulnerability has been found in the way NVIDIA drivers handle read/write access to GPU device nodes, allowing access to arbitrary system memory locations. NOTE: Exposure to this vulnerability is...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
Asterisk: Multiple vulnerabilities
Background Asterisk is an open source telephony engine and toolkit. Description Multiple vulnerabilities have been found in Asterisk: An error in manager.c allows shell access through the MixMonitor application, GetVar, or Status CVE-2012-2414. An error in chanskinny.c could cause a heap-based...
tftp-hpa: Remote buffer overflow
Background tftp-hpa is the port of the OpenBSD TFTP server. Description A vulnerability has been discovered in tftp-hpa. Please review the CVE identifier referenced below for details. Impact The vulnerability might allow remote attackers to execute arbitrary code. Workaround There is no known...
Perl Safe module: Arbitrary Perl code injection
Background Safe is a Perl module to compile and execute code in restricted compartments. Description Unsafe code evaluation prevents the Safe module from properly restricting the code of implicitly called methods on implicitly blessed objects. Impact A remote attacker could entice a user to load ...