3816 matches found
VLC: Multiple vulnerabilities
Background VLC is a cross-platform media player and streaming server. Description Multiple vulnerabilities have been discovered in VLC. Please review the CVE identifiers referenced below for details. Impact A remote attacker, by enticing a user to open a specially crafted subtitles file, could...
Go: Multiple Vulnerabilities
Background Go is an open source programming language that makes it easy to build simple, reliable, and efficient software. Description Multiple vulnerabilities have been discovered in Go. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...
Firejail: Privilege escalation
Background A SUID program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf. Description It was discovered that a flaw in Firejail’s OverlayFS code allowed restricted programs to escape sandbox. Impac...
libvirt: Unintended access to /dev/mapper/control
Background libvirt is a C toolkit for manipulating virtual machines. Description A file descriptor for /dev/mapper/control was insufficiently protected. Impact A local attacker may be able to escalate to root privileges. Workaround There is no known workaround at this time. Resolution All libvirt...
ProFTPd: Multiple vulnerabilities
Background ProFTPD is an advanced and very configurable FTP server. Description Multiple vulnerabilities have been discovered in ProFTPd. Please review the CVE identifiers referenced below for details. Impact A remote attacker, by interrupting the data transfer channel, could possibly execute...
GStreamer Base Plugins: Heap-based buffer overflow
Background A well-groomed and well-maintained collection of GStreamer plug-ins and elements, spanning the range of possible types of elements one would want to write for GStreamer. Description It was discovered that GStreamer Base Plugins did not correctly handle certain malformed RTSP streams...
collectd: Multiple vulnerabilities
Background collectd is a daemon which collects system and application performance metrics periodically and provides mechanisms to store the values in a variety of ways, for example in RRD files. Description Multiple vulnerabilities have been found in Gentoo’s collectd package. Please review the...
Tor: Multiple vulnerabilities
Background Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service. Description Multiple vulnerabilities have been discovered in Tor. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CV...
Mozilla Firefox: Multiple vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
VirtualBox: Multiple vulnerabilities
Background VirtualBox is a powerful virtualization product from Oracle. Description Multiple vulnerabilities have been discovered in VirtualBox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...
ipmitool: Multiple vulnerabilities
Background Utility for controlling IPMI enabled devices. Description Multiple vulnerabilities have been discovered in ipmiool. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process or cause...
libssh: Arbitrary command execution
Background libssh is a multiplatform C library implementing the SSHv2 protocol on client and server side. Description It was discovered that libssh incorrectly handled certain scp commands. Impact A remote attacker could trick a victim into using a specially crafted scp command, possibly resultin...
JasPer: Multiple vulnerabilities
Background JasPer is a software-based implementation of the codec specified in the JPEG-2000 Part-1 standard. Description Multiple vulnerabilities have been discovered in JasPer. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers fo...
RPM: Multiple vulnerabilities
Background The Red Hat Package Manager RPM is a command line driven package management system capable of installing, uninstalling, verifying, querying, and updating computer software packages. Description Multiple vulnerabilities have been discovered in RPM. Please review the CVE identifiers...
Mercurial: Multiple vulnerabilities
Background Mercurial is a distributed source control management system. Description Multiple vulnerabilities have been discovered in Mercurial. Please review the referenced CVE identifiers for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of the...
RoundCube: Security bypass
Background Free and open source webmail software for the masses, written in PHP. Description Authenticated users can arbitrarily reset passwords due to a problem caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin. Impact Authenticated users can...
Mozilla Products: Multiple vulnerabilities
Background Mozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox and Mozilla Thunderbird. Please review the CVE identifiers referenced below for...
Apache HTTP Server: Multiple vulnerabilities
Background Apache HTTP Server is one of the most popular web servers on the Internet. Description Multiple vulnerabilities have been discovered in Apache HTTP Server. Please review the CVE identifiers referenced below for details. Impact A remote attacker might obtain sensitive information, gain...
Rust: Multiple Vulnerabilities
Background A systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. Description Multiple vulnerabilities have been discovered in Rust. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...
X.Org X Server: Multiple vulnerabilities
Background The X Window System is a graphical windowing system based on a client/server model. Description Multiple vulnerabilities have been discovered in X.org X Server. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...
VLC: Multiple vulnerabilities
Background VLC is a cross-platform media player and streaming server. Description Multiple vulnerabilities have been discovered in VLC. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
libpng: Multiple vulnerabilities
Background libpng is a standard library used to process PNG Portable Network Graphics images. It is used by several programs, including web browsers and potentially server processes. Description Multiple vulnerabilities have been discovered in libpng. Please review the CVE identifiers referenced...
Cairo: Denial of service
Background Cairo is a 2D vector graphics library with cross-device output support. Description Multiple vulnerabilities have been discovered in Cairo. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There ...
Go: Multiple vulnerabilities
Background Go is an open source programming language that makes it easy to build simple, reliable, and efficient software. Description Multiple vulnerabilities have been discovered in Go. Please review the CVE identifiers referenced below for details. Impact A remote attacker could cause arbitrar...
Mozilla Firefox, Thunderbird: Multiple vulnerabilities
Background Mozilla Firefox is a cross-platform web browser from Mozilla. The Mozilla Thunderbird mail client is a redesign of the Mozilla Mail component. The goal is to produce a cross-platform stand-alone mail application using XUL XML User Interface Language. Description Multiple vulnerabilitie...
Flatpak: Sandbox escape
Background Flatpak is a Linux application sandboxing and distribution framework. Description A bug was discovered in the flatpak-portal service that can allow sandboxed applications to execute arbitrary code on the host system a sandbox escape. Impact A remote attacker could entice a user to open...
Mozilla Firefox: Remote code execution
Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description A use-after-free bug was discovered in Mozilla Firefox’s handling of SCTP. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of...
SQLite: Remote code execution
Background SQLite is a C library that implements an SQL database engine. Description An integer overflow was discovered in SQLite’s FTS3 extension. Impact A remote attacker could, by executing arbitrary SQL statements against a vulnerable host, execute arbitrary code. Workaround There is no known...
tenshi: Privilege escalation
Background A log monitoring program, designed to watch one or more log files for lines matching user defined regular expressions and report on the matches. Description It was discovered that the tenshi ebuild creates a tenshi.pid file after dropping privileges to a non-root account. Impact A loca...
MySQL: Multiple vulnerabilities
Background A fast, multi-threaded, multi-user SQL database server. Description Multiple vulnerabilities have been discovered in MySQL. Please review the referenced CVE identifiers for details. Impact A remote attacker could execute arbitrary code without authentication or cause a partial denial o...
libxml2: Multiple vulnerabilities
Background libxml2 is the XML eXtended Markup Language C parser and toolkit initially developed for the Gnome project. Description Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details. Impact A remote attacker, by enticing a user...
mbed TLS: Multiple vulnerabilities
Background mbed TLS previously PolarSSL is an “easy to understand, use, integrate and expand” implementation of the TLS and SSL protocols and the respective cryptographic algorithms and support code required. Description Multiple vulnerabilities have been discovered in mbed TLS. Please review the...
FFmpeg: Multiple vulnerabilities
Background FFmpeg is a complete solution to record, convert and stream audio and video. Description Multiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers and FFmpeg changelogs referenced below for details. Impact A remote attacker could entice a user to open a...
PHP: Multiple vulnerabilities
Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description Several vulnerabilities were found in PHP. Mattias Bengtsson and Philip Olausson reported integer overflows in the gdImageCreate and...
FreeRADIUS: Root privilege escalation
Background FreeRADIUS is a modular, high performance free RADIUS suite. Description It was discovered that Gentoo’s FreeRADIUS systemd unit set permissions on an unsafe directory on start. Impact A local attacker could escalate privileges. Workaround There is no known workaround at this time...
Mozilla Network Security Service: Multiple vulnerabilities
Background The Mozilla Network Security Service NSS is a library implementing security features like SSL v.2/v.3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME and X.509 certificates. Description Multiple vulnerabilities have been discovered in Mozilla Network Security Service NSS. Please review...
Oracle JDK/JRE: Multiple vulnerabilities
Background Java Platform, Standard Edition Java SE lets you develop and deploy Java applications on desktops and servers, as well as in today’s demanding embedded environments. Java offers the rich user interface, performance, versatility, portability, and security that today’s applications...
Kodi: Arbitrary code execution
Background Kodi is a free and open source media-center and entertainment hub previously known as XBMC. Description Kodi is vulnerable due to shipping with an embedded version of UnRAR. Please review the referenced CVE identifier for details. Impact A remote attacker, by enticing a user to process...
Firejail: Local Privilege Escalation
Background A SUID program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf. Description Firejail does not sufficiently validate the user's environment prior to using it as the root user when using th...
Vim, gVim: Multiple Vulnerabilities
Background Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim. Description Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details. Impact Please review the...
Redis: Multiple vulnerabilities
Background Redis is an open source BSD licensed, in-memory data structure store, used as a database, cache and message broker. Description Multiple vulnerabilities have been discovered in Redis. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CV...
Bash: Privilege escalation
Background Bash is the standard GNU Bourne Again SHell. Description It was discovered that Bash incorrectly dropped privileges by setting its effective UID to its real UID. Impact A local attacker could possibly escalate privileges. Workaround There is no known workaround at this time. Resolution...
OpenSSL: Multiple vulnerabilities
Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced...
Binutils: Multiple vulnerabilities
Background The GNU Binutils are a collection of tools to create, modify and analyse binary files. Many of the files use BFD, the Binary File Descriptor library, to do low-level manipulation. Description Multiple vulnerabilities have been discovered in Binutils. Please review the referenced CVE...
Subversion: Denial of service
Background Subversion is a version control system intended to eventually replace CVS. Like CVS, it has an optional client-server architecture where the server can be an Apache server running modsvn, or an ssh program as in CVS’s :ext: method. In addition to supporting the features found in CVS,...
libxslt: Multiple vulnerabilities
Background libxslt is the XSLT C library developed for the GNOME project. XSLT is an XML language to define transformations for XML. Description Multiple vulnerabilities have been discovered in libxslt. Please review the CVE identifiers referenced below for details. Impact A remote attacker, via ...
JabberD 2.x: Multiple vulnerabilities
Background JabberD 2.x is an open source Jabber server written in C. Description Multiple vulnerabilities have been discovered in Gentoo’s JabberD 2.x ebuild. Please review the referenced CVE identifiers for details. Impact An attacker could possibly escalate privileges by owning system binaries ...
KDE Plasma Workspaces: Multiple vulnerabilities
Background KDE Plasma workspace is a widget based desktop environment designed to be fast and efficient. Description Multiple vulnerabilities have been discovered in KDE Plasma Workspaces. Please review the referenced CVE identifiers for details. Impact An attacker could execute arbitrary command...
Chromium: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Description Multiple vulnerabilities have been discovered in Chromium. Please review the referenced CVE identifiers for details. Impact A remote...
IcedTea: Multiple vulnerabilities
Background IcedTea’s aim is to provide OpenJDK in a form suitable for easy configuration, compilation and distribution with the primary goal of allowing inclusion in GNU/Linux distributions. Description Various OpenJDK attack vectors in IcedTea, such as 2D, Corba, Hotspot, Libraries, and JAXP,...