3816 matches found
Redis: Multiple Vulnerabilities
Background Redis is an open source BSD licensed, in-memory data structure store, used as a database, cache and message broker. Description Multiple vulnerabilities have been discovered in Redis. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CV...
containerd: Multiple Vulnerabilities
Background containerd is a daemon with an API and a command line client, to manage containers on one machine. It uses runC to run containers according to the OCI specification. Description Multiple vulnerabilities have been discovered in containerd. Please review the CVE identifiers referenced...
Buildah: Multiple Vulnerabilities
Background Buildah is a tool that facilitates building Open Container Initiative OCI container images Description Please review the referenced CVE identifiers for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...
PuTTY: Multiple Vulnerabilities
Background PuTTY is a free implementation of Telnet and SSH for Windows and Unix platforms, along with an xterm terminal emulator. Description Multiple vulnerabilities have been discovered in PuTTY. Please review the CVE identifiers referenced below for details. Impact Please review the reference...
Epiphany: Buffer Overflow
Background Epiphany is a GNOME webbrowser based on the Mozilla rendering engine Gecko. Description A vulnerability has been discovered in Epiphany. Please review the CVE identifier referenced below for details. Impact In GNOME Epiphany an HTML document can trigger a client buffer overflow in...
systemd: Multiple Vulnerabilities
Background A system and service manager. Description Multiple vulnerabilities have been discovered in systemd. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...
Mozilla Thunderbird: Multiple Vulnerabilities
Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...
GNU Tar: Out of Bounds Read
Background The GNU Tar program provides the ability to create tar archives, as well as various other kinds of manipulation. Description A vulnerability have been discovered in GNU Tar. Please review the CVE identifier referenced below for details. Impact GNU Tar has a one-byte out-of-bounds read...
libaom: Multiple Vulnerabilities
Background libaom is the Alliance for Open Media's AV1 Codec SDK. Description Multiple vulnerabilities have been discovered in libaom. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
GOCR: Multiple Vulnerabilities
Background GOCR is an OCR Optical Character Recognition program, developed under the GNU Public License. It converts scanned images of text back to text files. Description Multiple vulnerabilities have been discovered in GOCR. Please review the CVE identifiers referenced below for details. Impact...
Mozilla Thunderbird: Multiple Vulnerabilities
Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...
Kitty: Arbitrary Code Execution
Background Kitty is a fast, feature-rich, GPU-based terminal. Description Carter Sande discovered that maliciously constructed control sequences can cause Kitty to display a notification that, when clicked, can cause Kitty to execute arbitrary commands. Impact Kitty can produce notifications that...
HarfBuzz: Multiple vulnerabilities
Background HarfBuzz is an OpenType text shaping engine. Description Multiple vulnerabilities have been discovered in HarfBuzz. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround a...
Motion: Denial of service
Background Motion is a program that monitors the video signal from one or more cameras and is able to detect motions. Description The Motion HTTP server does not correctly perform URL decoding. If the HTTP server receives a request for a URL containing an incomplete percent-encoded character, a...
Mechanize: Command injection
Background Mechanize is a Ruby library used for automating interaction with websites. Description Mechanize does not neutralize filename input and could allow arbitrary code execution if an attacker can control filenames used by Mechanize. Impact Please review the referenced CVE identifiers for...
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...
Claws Mail: Improper STARTTLS handling
Background Claws Mail is a GTK based e-mail client. Description It was discovered that Claws Mail was not properly handling state within the STARTTLS protocol handshake. Impact There may be a breach of integrity or confidentiality in connections made using Claws Mail with STARTTLS. Workaround The...
Asterisk: Root privilege escalation
Background A Modular Open Source PBX System. Description It was discovered that Gentoo’s Asterisk ebuild does not properly set permissions on its data directories. This only affects OpenRC systems, as the flaw was exploitable via the init script. Impact A local attacker could escalate privileges...
SPICE VDAgent: Arbitrary command injection
Background Provides a complete open source solution for remote access to virtual machines in a seamless way so you can play videos, record audio, share USB devices and share folders without complications. Description SPICE VDAgent does not properly escape save directory before passing to shell...
Urban Terror: Multiple vulnerabilities
Background Urban Terror is a free multiplayer first person shooter developed by FrozenSand, that will run on any Quake III Arena compatible engine. Description Multiple vulnerabilities have been discovered in Urban Terror. Please review the CVE identifiers referenced below for details. Impact A...
e2fsprogs: Heap-based buffer overflow
Background e2fsprogs is a set of utilities for maintaining the ext2, ext3 and ext4 file systems. Description A heap-based buffer overflow was discovered in openfs.c in the libext2fs library in e2fsprogs. Impact A remote attacker could entice a user to use ext2fs library for example, fsck on a...
Varnish: Multiple vulnerabilities
Background Varnish is a web application accelerator. Description Varnish fails to properly validate input from HTTP headers, and does not deny requests with multiple Content-Length headers. Impact Remote attackers could conduct an HTTP response splitting attack, which may further enable them to...
rsync: Multiple vulnerabilities
Background File transfer program to keep remote files into sync. Description Multiple vulnerabilities have been discovered in rsync. Please review the CVE identifiers referenced below for details. Impact Remote attackers could write arbitrary files via symlink attacks. Workaround There is no know...
mpg123: User-assisted execution of arbitrary code
Background mpg123 is a realtime MPEG 1.0/2.0/2.5 audio player for layers 1, 2 and 3. Description An issue has been found in mpg123 when decoding specifically crafted MP3 file, that causes a heap-based buffer overflow. Impact A remote attacker could entice a user to open a specially crafted MPEG...
getmail: Information disclosure
Background getmail is a POP3 mail retriever with reliable Maildir and mbox delivery. Description Multiple vulnerabilities have been discovered in getmail. Please review the CVE identifiers referenced below for details. Impact A remote attacker could cause a man-in-the-middle attack via multiple...
DenyHosts: Denial of service
Background DenyHosts is a script intended to be run by Linux system administrators to help thwart SSH server attacks. Description DenyHosts does not properly define the regular expressions used when parsing SSH authentication logs. Impact A remote attacker could possibly cause a Denial of Service...
Mutt: Arbitrary code execution
Background Mutt is a small but powerful text-based mail client. Description A heap-based buffer overflow has been discovered in the muttcopyhdr function. Impact A remote attacker could send a specially crafted message, possibly resulting in execution of arbitrary code with the privileges of the...
Charybdis, ShadowIRCd: Denial of service
Background Charybdis is the Atheme Project’s IRC daemon based on ratbox. ShadowIRCd is an IRC daemon based on Charybdis that adds several useful features. Description A vulnerability has been discovered in Charybdis and ShadowIRCd. Please review the CVE identifier referenced below for details...
Chrony: Multiple vulnerabilities
Background Chrony is a pair of programs which are used to maintain the accuracy of the system clock on a computer. Description Multiple vulnerabilities have been discovered in Chrony. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly cause a...
pidgin-knotify: Arbitrary code execution
Background pidgin-knotify is a Pidgin plug-in to display message notifications in KDE. Description pidgin-knotify does not properly sanitize shell metacharacters from received messages. Impact A remote attacker could send a specially crafted instant message, possibly resulting in execution of...
libXfont: Multiple vulnerabilities
Background libXfont is an X11 font rasterisation library. Description Multiple vulnerabilities have been discovered in libXfont. Please review the CVE identifiers referenced below for details. Impact A local attacker could use a specially crafted file to gain privileges or cause a Denial of Servi...
International Components for Unicode: Denial of service
Background International Components for Unicode is a set of C/C++ and Java libraries providing Unicode and Globalization support for software applications. Description Multiple vulnerabilities have been discovered in International Components for Unicode. Please review the CVE identifiers referenc...
Banshee: Arbitrary code execution
Background Banshee is a multimedia management and playback application for GNOME. Description Banshee places a zero-length directory name in PATH, which allows libraries to be loaded from the working directory. Impact A local attacker could put specially crafted library into working directory of...
GNUstep Base library: Multiple vulnerabilities
Background GNUstep Base library is a free software package implementing the API of the OpenStep Foundation Kit tm, including later additions. Description Multiple vulnerabilities have been discovered in GNUstep Base library. Please review the CVE identifiers referenced below for details. Impact A...
Libgdiplus: Arbitrary code execution
Background Libgdiplus is the Mono library that provide a GDI+ comptible API on non-Windows operating systems. Description An integer overflow flaw has been discovered in Libgdiplus. Impact A remote attacker could entice a user to open a specially-crafted TIFF/JPEG/BMP file, potentially resulting ...
libvirt: Multiple vulnerabilities
Background libvirt is a C toolkit for manipulating virtual machines. Description An error in the virNetMessageFree function in rpc/virnetserverclient.c can lead to a use-after-free. Additionally, a socket leak in the remoteDispatchStoragePoolListAllVolumes command can lead to file descriptor...
Snack: User-assisted execution of arbitrary code
Background Snack is a sound toolkit for creating multi-platform audio applications with scripting languages. Description The GetWavHeader function in jkSoundFile.c does not have boundary checks when parsing format sub-chunks or unknown sub-chunks. Impact A remote attacker could entice a user to...
GIMP: Multiple vulnerabilities
Background GIMP is the GNU Image Manipulation Program. Description Multiple vulnerabilities have been discovered in GIMP. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a...
msmtp: X.509 NULL spoofing vulnerability
Background msmtp is an SMTP client and SMTP plugin for mail user agents such as Mutt. Description A vulnerability have been discovered in msmtp. Please review the CVE identifier referenced below for details. Impact A remote attacker might employ a specially crafted certificate to conduct...
libmikmod: User-assisted execution of arbitrary code
Background libmikmod is a library to play a wide range of module formats. Description Multiple boundary errors have been found in loadit.c in libmikmod, which may cause a buffer overflow. Impact A remote attacker could entice a user to open specially crafted files in an application linked against...
iSCSI Enterprise Target: Arbitrary code execution
Background iSCSI Enterprise Target is an open source iSCSI target with professional features. Description Multiple functions in usr/iscsi/isns.c of iSCSI Enterprise Target contain format string errors. Impact A remote attacker could send a specially-crafted Internet Storage Name Service iSNS...
radvd: Multiple vulnerabilities
Background radvd is an IPv6 router advertisement daemon for Linux and BSD. Description Multiple vulnerabilities have been discovered in radvd. Please review the CVE identifiers referenced below for details. Impact A remote unauthenticated attacker may be able to gain escalated privileges, escalat...
dstat: Untrusted search path
Background dstat is a versatile system resource monitor written in Python. Description Robert Buchholz of the Gentoo Security Team reported that dstat includes the current working directory and subdirectories in the Python module search path sys.path before calling "import". Impact A local attack...
libsndfile: User-assisted execution of arbitrary code
Background libsndfile is a C library for reading and writing files containing sampled sound. Description The following vulnerabilities have been found in libsndfile: Tobias Klein reported that the headerread function in src/common.c uses user input for calculating a buffer size, possibly leading ...
Scilab: Insecure temporary file usage
Background Scilab is a scientific software package for numerical computations. Description Dmitry E. Oboukhov reported an insecure temporary file usage within the scilink, scidoc and scidem scripts. Impact A local attacker could perform symlink attacks to overwrite arbitrary files with the...
ClamAV: Multiple vulnerabilities
Background Clam AntiVirus is a free anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Description Moritz Jodeit reported an off-by-one error within the getunicodename function in libclamav/vbaextract.c when processing VBA project files CVE-2008-5050. Ilja van...
Git: User-assisted execution of arbitrary code
Background Git is a distributed version control system. Description Multiple boundary errors in the functions diffaddremove and diffchange when processing overly long repository path names were reported. Impact A remote attacker could entice a user to run commands like "git-diff" or "git-grep" on...
Wireshark: Multiple Denials of Service
Background Wireshark is a network protocol analyzer with a graphical front-end. Description The following vulnerabilities were reported: Multiple buffer overflows in the NCP dissector CVE-2008-3146. Infinite loop in the NCP dissector CVE-2008-3932. Invalid read in the tvbuncompress function when...
Newsbeuter: User-assisted execution of arbitrary code
Background Newsbeuter is a RSS/Atom feed reader for the text console. Description J.H.M. Dassen reported that the open-in-browser command does not properly escape shell metacharacters in the URL before passing it to system. Impact A remote attacker could entice a user to open a feed with speciall...
R: Insecure temporary file creation
Background R is a GPL licensed implementation of S, a language and environment for statistical computing and graphics. Description Dmitry E. Oboukhov reported that the "javareconf" script uses temporary files in an insecure manner. Impact A local attacker could exploit this vulnerability to...