3816 matches found
Apache Tomcat: Multiple vulnerabilities
Background Apache Tomcat is a Servlet-3.0/JSP-2.2 Container. Description Multiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details. Impact An attacker could possibly smuggle HTTP requests or execute arbitrary code. Workaround...
Mozilla Network Security Service (NSS): Multiple vulnerabilities
Background The Mozilla Network Security Service NSS is a library implementing security features like SSL v.2/v.3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME and X.509 certificates. Description Multiple vulnerabilities have been discovered in NSS. Please review the CVE identifiers and technical...
Mozilla Thunderbird: Multiple vulnerabilities
Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to execute arbitrar...
BURP: Root privilege escalation
Background A network backup and restore program. Description It was discovered that Gentoo’s BURP ebuild does not properly set permissions or place the pid file in a safe directory. Additionally, the first set of patches did not completely address this. As such, a revision has been made available...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the referenced CVE identifiers for details. Impact A remote attacker coul...
phpMyAdmin: Multiple vulnerabilities
Background phpMyAdmin is a web-based management tool for MySQL databases. Description Multiple vulnerabilities have been discovered in phpMyAdmin. Please review the CVE identifiers referenced below for details. Impact A authenticated remote attacker could exploit these vulnerabilities to execute...
OpenSSL: Multiple vulnerabilities
Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1/v1.1/v1.2/v1.3 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifier...
f2fs-tools: Multiple vulnerabilities
Background Tools for Flash-Friendly File System F2FS. Description Multiple vulnerabilities have been discovered in f2fs-tools. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround a...
Python: Multiple vulnerabilities
Background Python is an interpreted, interactive, object-oriented programming language. Description Multiple vulnerabilities have been discovered in Python. Please review the bugs referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of t...
WebkitGTK+: Multiple vulnerabilities
Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Description Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE...
Cherokee: Multiple vulnerabilities
Background Cherokee is an extra-light web server. Description Multiple vulnerabilities have been discovered in Cherokee. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this...
glibc: Multiple vulnerabilities
Background glibc is a package that contains the GNU C library. Description Multiple vulnerabilities have been discovered in glibc. Please review the CVE identifiers referenced below for details. Impact An attacker could possibly execute arbitrary code, escalate privileges, cause a Denial of Servi...
Redis: Multiple Vulnerabilities
Background Redis is an open source BSD licensed, in-memory data structure store, used as a database, cache and message broker. Description Multiple vulnerabilities have been discovered in Redis. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CV...
Xen: Multiple Vulnerabilities
Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the referenced XSA security advisories. Impact Please review the referenced XSA security advisories for details. Workaround There is no known workaround at this time...
PCRE2: Multiple vulnerabilities
Background PCRE2 is a project based on PCRE Perl Compatible Regular Expressions which has a new and revised API. Description Multiple vulnerabilities have been discovered in PCRE2. Please review the referenced CVE identifiers for details. Impact A remote attacker could possibly execute arbitrary...
VirtualBox: Multiple vulnerabilities
Background VirtualBox is a powerful virtualization product from Oracle. Description Multiple vulnerabilities have been discovered in VirtualBox. Please review the CVE identifiers referenced below for details. Impact Local attackers could cause a Denial of Service condition, execute arbitrary code...
nginx: Multiple vulnerabilities
Background nginx is a robust, small, and high performance HTTP and reverse proxy server. Description Multiple vulnerabilities have been discovered in nginx. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly cause a Denial of Service condition...
libxml2: Multiple vulnerabilities
Background libxml2 is the XML eXtended Markup Language C parser and toolkit initially developed for the GNOME project. Description Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user...
libqb: Insecure temporary file
Background libqb is a library with the primary purpose of providing high-performance, reusable features for client-server architecture, such as logging, tracing, inter-process communication IPC, and polling. Description It was discovered that libqb used predictable filenames under /dev/shm and /t...
MariaDB: Multiple vulnerabilities
Background MariaDB is an enhanced, drop-in replacement for MySQL. Description Multiple vulnerabilities have been discovered in MariaDB. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
atftp: Multiple vulnerabilities
Background atftp is a client/server implementation of the TFTP protocol that implements RFCs 1350, 2090, 2347, 2348, and 2349. Description Multiple vulnerabilities have been discovered in atftp. Please review the CVE identifiers referenced below for details. Impact A remote attacker could send a...
phpMyAdmin: Multiple vulnerabilities
Background phpMyAdmin is a web-based management tool for MySQL databases. Description Multiple vulnerabilities have been discovered in phpMyAdmin. Please review the CVE identifiers referenced below for details. Impact Please review the CVE identifiers referenced below for details. Workaround Ther...
PHPUnit: Remote code execution
Background PHPUnit is a programmer-oriented testing framework for PHP. It is an instance of the xUnit architecture for unit testing frameworks. Description When PHPUnit is installed in a production environment via composer and these modules are in a web accessible directory, the eval-stdin.php fi...
Oracle JRE/JDK: Multiple vulnerabilities
Background The Oracle Java Development Kit JDK formerly known as Sun JDK and the Oracle Java Runtime Environment JRE formerly known as Sun JRE provide the Oracle Java platform formerly known as Sun Java Platform. Description Multiple vulnerabilities have been reported in the Oracle Java...
GNU Chess: Buffer overflow
Background GNU Chess is a console based chess interfae. Description The cmdpgnload and cmdpgnreplay functions in cmd.cc in GNU Chess to not sufficiently validate PGN file input, potentially resulting in a buffer overflow. Impact A remote attacker could entice a user to open a specially crafted PG...
PHP: Multiple vulnerabilities
Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact An attacker can...
Polkit: Local privilege escalation
Background polkit is a toolkit for managing policies related to unprivileged processes communicating with privileged process. Description Flawed input validation of arguments was discovered in the 'pkexec' program's main function. Impact A local attacker could achieve root privilege escalation...
cURL: Multiple vulnerabilities
Background A command line tool and library for transferring data with URLs. Description Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...
Oracle JDK/JRE, IcedTea: Multiple vulnerabilities
Background Java Platform, Standard Edition Java SE lets you develop and deploy Java applications on desktops and servers, as well as in today’s demanding embedded environments. Java offers the rich user interface, performance, versatility, portability, and security that today’s applications...
ImageMagick: Multiple vulnerabilities
Background ImageMagick is a collection of tools and libraries for many image formats. Description Multiple vulnerabilities have been discovered in ImageMagick. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the...
Apache Tomcat: Multiple vulnerabilities
Background Apache Tomcat is a Servlet-3.0/JSP-2.2 Container. Description Multiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details. Impact The vulnerabilities allow an attacker to cause a Denial of Service, to hijack a session, ...
Node.js: Multiple Vulnerabilities
Background Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript engine. Description Multiple vulnerabilities have been discovered in Node.js. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround Ther...
libyang: Multiple vulnerabilities
Background YANG data modeling language library. Description Multiple vulnerabilities have been discovered in libyang. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this...
OpenJPEG: Multiple vulnerabilities
Background OpenJPEG is an open-source JPEG 2000 library. Description Multiple vulnerabilities have been discovered in OpenJPEG. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround ...
OpenSSL: Multiple vulnerabilities
Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been discovered in OpenSSL. Please review the OpenSSL Security Advisory 05...
Mono: Multiple vulnerabilities
Background Mono is an open source implementation of Microsoft's .NET Framework. Description Multiple vulnerabilities have been discovered in Mono and Mono debugger. Please review the CVE identifiers referenced below for details. Impact A remote attacker could execute arbitrary code, bypass genera...
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...
Apache: Multiple vulnerabilities
Background The Apache HTTP server is one of the most popular web servers on the Internet. Description Multiple vulnerabilities have been discovered in Apache. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaroun...
PHP: Multiple vulnerabilities
Background PHP is an open source general-purpose scripting language that is especially suited for web development. Description Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact An attacker could possibly execute arbitrary...
file: Heap-based buffer overflow
Background file is a utility that guesses a file format by scanning binary data for patterns. Description It was discovered that file incorrectly handled certain malformed files. Impact A remote attacker could entice a user to process a specially crafted file via libmagic or file, possibly...
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...
UnrealIRCd: Multiple vulnerabilities
Background UnrealIRCd is an Internet Relay Chat IRC daemon. Description Multiple vulnerabilities have been reported in UnrealIRCd: The vendor reported a buffer overflow in the user authorization code CVE-2009-4893. The vendor reported that the distributed source code of UnrealIRCd was compromised...
PJSIP: Multiple Vulnerabilities
Background PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Description Multiple vulnerabilities have been discovered in PJSIP. Please review the CVE identifiers referenced belo...
lxml: Multiple Vulnerabilities
Background lxml is a Pythonic binding for the libxml2 and libxslt libraries. Description Multiple vulnerabilities have been discovered in lxml. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...
Wireshark: Multiple vulnerabilities
Background Wireshark is a network protocol analyzer formerly known as ethereal. Description Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There...
Mozilla Firefox: Multiple vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to view a specially...
Squid: Multiple vulnerabilities
Background Squid is a full-featured Web proxy cache designed to run on Unix systems. It supports proxying and caching of HTTP, FTP, and other URLs, as well as SSL support, cache hierarchies, transparent caching, access control lists and many other features. Description Multiple vulnerabilities ha...
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...
VLC: Multiple vulnerabilities
Background VLC is a cross-platform media player and streaming server. Description Multiple vulnerabilities have been discovered in VLC. Please review the CVE identifiers referenced below for details. Impact A remote attacker, by enticing a user to open a specially crafted subtitles file, could...