3816 matches found
GNOME Shell: Information disclosure
Background GNOME Shell provides core user interface functions for the GNOME 3 desktop, like switching to windows and launching applications. Description It was discovered that GNOME Shell incorrectly handled the login screen password dialog. Impact Please review the referenced CVE identifiers for...
LIVE555 Media Server: Multiple vulnerabilities
Background LIVE555 Media Server is a set of libraries for multimedia streaming. Description Multiple vulnerabilities have been discovered in LIVE555 Media Server. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact Please review th...
libxslt: Multiple vulnerabilities
Background libxslt is the XSLT C library developed for the GNOME project. XSLT is an XML language to define transformations for XML. Description Multiple vulnerabilities have been discovered in libxslt. Please review the CVE identifiers referenced below for details. Impact A remote attacker, via ...
OpenSSL: Multiple vulnerabilities
Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers and the...
RPM: Multiple vulnerabilities
Background The Red Hat Package Manager RPM is a command line driven package management system capable of installing, uninstalling, verifying, querying, and updating computer software packages. Description Multiple vulnerabilities have been discovered in RPM. Please review the CVE identifiers...
ImageMagick: Command injection
Background A collection of tools and libraries for many image formats. Description A flaw in ImageMagick’s handling of password protected PDFs was discovered. Impact A remote attacker could entice a user to open a specially crafted PDF using ImageMagick possibly resulting in execution of arbitrar...
Firejail: Multiple vulnerabilities
Background A SUID program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf. Description Multiple vulnerabilities have been discovered in Firejail. Please review the CVE identifiers referenced below f...
QEMU: Multiple vulnerabilities
Background QEMU is a generic and open source machine emulator and virtualizer. Description Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Impact An attacker could possibly execute arbitrary code with the privileges of the...
Poppler: Multiple vulnerabilities
Background Poppler is a PDF rendering library based on the xpdf-3.0 code base. Description Multiple vulnerabilities have been discovered in Poppler. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is...
PHP: Multiple vulnerabilities
Background PHP is an open source general-purpose scripting language that is especially suited for web development. Description Multiple vulnerabilities have been discovered in PHP. Please review the referenced CVE identifiers for details. Impact An attacker could cause a Denial of Service conditi...
Apache: Multiple vulnerabilities
Background The Apache HTTP server is one of the most popular web servers on the Internet. Description Multiple vulnerabilities have been discovered in Apache. Please review the referenced CVE identifiers for details. Impact The Optionsbleed vulnerability can leak arbitrary memory from the server...
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices Description Multiple vulnerabilities have been discovered in Chromium and...
RAR and UnRAR: User-assisted execution of arbitrary code
Background RAR and UnRAR provide command line interfaces for compressing and decompressing RAR files. Description A VMSFDELTA memory corruption was discovered in which an integer overflow can be caused in DataSize+CurChannel. The result is a negative value of the “DestPos” variable which allows...
ISC DHCP: dhcpd Denial of service
Background ISC DHCP is the reference implementation of the Dynamic Host Configuration Protocol as specified in RFC 2131. Description Christoph Biedl discovered that dhcpd does not properly handle certain DHCP requests when configured both using "dhcp-client-identifier" and "hardware ethernet"...
Pango: Buffer overflow
Background Pango is a library for layout and rendering of internationalized text. Description A buffer overflow has been discovered in Pango’s pangolog2visgetembeddinglevels function. Impact A remote attacker could entice a user to process a specially crafted string with functions like...
Unbound: Multiple vulnerabilities
Background Unbound is a validating, recursive, and caching DNS resolver. Description Multiple vulnerabilities have been discovered in Unbound. Please review the referenced bugs for details. Impact Please review the referenced bugs for details. Workaround There is no known workaround at this time...
SpamAssassin: Multiple vulnerabilities
Background SpamAssassin is an extensible email filter used to identify junk email. Description Multiple vulnerabilities have been discovered in SpamAssassin. Please review the referenced CVE identifiers for details. Impact A remote attacker could execute arbitrary code, escalate privileges, or...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
Samba: Multiple buffer overflows
Background Samba is a package which allows nix systems to act as file servers for Windows computers. It also allows nix systems to mount shares exported by a Samba/CIFS/Windows server. The Samba Web Administration Tool SWAT is a web-based configuration tool part of the Samba package. Description...
OpenJDK: Multiple vulnerabilities
Background OpenJDK is a free and open-source implementation of the Java Platform, Standard Edition. Description Multiple vulnerabilities have been discovered in OpenJDK. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
QEMU: Multiple vulnerabilities
Background QEMU is a generic and open source machine emulator and virtualizer. Description Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Impact Remote server can cause a crash in the client causing execution of arbitrary cod...
cURL: Multiple vulnerabilities
Background cURL is a tool and libcurl is a library for transferring data with URL syntax. Description Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers and bug reports referenced for details. Impact Remote attackers could conduct a Man-in-the-Middle attack t...
Sun JDK/JRE: Applet privilege escalation
Background Sun's JDK and JRE provide interpreters for Java Applets in a sandboxed environment. These implementations provide the Java Web Start technology that can be used for easy client-side deployment of Java applications. Description Applets executed using JRE or JDK can use "reflection" APIs...
PEAR Archive_Tar: Directory traversal
Background This class provides handling of tar files in PHP. Description Multiple vulnerabilities have been discovered in PEAR ArchiveTar. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
Python: Multiple vulnerabilities
Background Python is an interpreted, interactive, object-oriented programming language. Description Multiple vulnerabilities have been discovered in Python. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround...
OpenSSH: Integer overflow
Background OpenSSH is a complete SSH protocol implementation that includes SFTP client and server support. Description OpenSSH, when built with “xmss” USE flag enabled, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. NOTE: This USE flag is...
RubyGems: Multiple vulnerabilities
Background RubyGems is a sophisticated package manager for Ruby. Description Multiple vulnerabilities have been discovered in RubyGems. Please review the referenced CVE identifiers for details. Impact A remote attacker, by enticing a user to install a specially crafted gem, could possibly execute...
Postfix: Privilege escalation
Background Postfix is a mail server and an alternative to the widely-used Sendmail program. Description By default, Berkeley DB reads a DBCONFIG configuration file from the current working directory. This is an undocumented behavior. Impact A local attacker, by using a specially crafted DGCONFIG...
JasPer: Multiple vulnerabilities
Background JasPer is a software-based implementation of the codec specified in the JPEG-2000 Part-1 standard. Description Multiple vulnerabilities have been discovered in JasPer. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a...
Bash: Code Injection (Updated fix for GLSA 201409-09)
Background Bash is the standard GNU Bourne Again SHell. Description Stephane Chazelas reported that Bash incorrectly handles function definitions, allowing attackers to inject arbitrary code CVE-2014-6271. Gentoo Linux informed about this issue in GLSA 201409-09. Tavis Ormandy reported that the...
Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Microsoft Edge is a browser that combines a minimal design with...
Schism Tracker: Multiple vulnerabilities
Background Schism Tracker is a free implementation of Impulse Tracker, a tool used to create high quality music. Description Multiple vulnerabilities have been discovered in Schism Tracker. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...
UnZip: User-assisted execution of arbitrary code
Background Info-ZIP’s UnZip is a tool to list and extract files inside PKZIP compressed files. Description Multiple vulnerabilities have been discovered in UnZip. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially craft...
mbed TLS: Multiple vulnerabilites
Background mbed TLS previously PolarSSL is an “easy to understand, use, integrate and expand” implementation of the TLS and SSL protocols and the respective cryptographic algorithms and support code required. Description Multiple vulnerabilities have been discovered in mbed TLS. Please review the...
OpenJPEG: Multiple vulnerabilities
Background OpenJPEG is an open-source JPEG 2000 library. Description Multiple vulnerabilities have been discovered in OpenJPEG. Please review the references below for details. Impact A remote attacker, via a crafted BMP, PDF, or j2k document, could execute arbitrary code, cause a Denial of Servic...
CVS: Command injection
Background CVS Concurrent Versions System is an open-source network-transparent version control system. It contains both a client utility and a server. Description It was discovered that when CVS is configured to use SSH for remote repositories it allows remote attackers to execute arbitrary code...
LibreOffice, OpenOffice: Multiple vulnerabilities
Background Apache OpenOffice is the leading open-source office software suite for word processing, spreadsheets, presentations, graphics, databases and more. LibreOffice is a powerful office suite; its clean interface and powerful tools let you unleash your creativity and grow your productivity...
OpenOffice.org: Multiple vulnerabilities
Background OpenOffice.org is an open source office productivity suite, including word processing, spreadsheet, presentation, drawing, data charting, formula editing, and file conversion facilities. Description Internal security audits by OpenOffice.org have discovered three security vulnerabiliti...
OpenSSL: Multiple Vulnerabilities
Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple buffer overflows exist in OpenSSL's handling of TLS certificates for client authentication. Impa...
MuPDF: Multiple vulnerabilities
Background MuPDF is a lightweight PDF viewer and toolkit written in portable C. Description Multiple vulnerabilities have been discovered in MuPDF. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted PDF document...
glibc: Multiple vulnerabilities
Background glibc is a package that contains the GNU C library. Description Multiple vulnerabilities have been discovered in glibc. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workarou...
gdb: Buffer overflow
Background gdb is the GNU project’s debugger, facilitating the analysis and debugging of applications. The BFD library provides a uniform method of accessing a variety of object file formats. Description It was discovered that gdb didn’t properly validate the ELF section sizes from input file...
CouchDB: Multiple vulnerabilities
Background Apache CouchDB is a distributed, fault-tolerant and schema-free document-oriented database. Description Multiple vulnerabilities have been discovered in CouchDB. Please review the CVE identifiers referenced below for details. Impact A remote attacker could execute arbitrary code or...
PCRE: Multiple vulnerabilities
Background The PCRE Library provides functions for Perl-compatible regular expressions. Description Multiple vulnerabilities have been discovered in The PCRE Library. Please review the references below for details. Impact A remote attacker could possibly cause a Denial of Service condition or oth...
feh: Arbitrary remote code execution
Background feh is an X11 image viewer aimed mostly at console users. Description Tobias Stoeckmann discovered it was possible to trigger an out-of-boundary heap write with the image viewer feh while receiving an IPC message. Impact A remote attacker, pretending to be the E17 window manager, could...
nginx: Multiple vulnerabilities
Background nginx is a robust, small, and high performance HTTP and reverse proxy server. Description Multiple vulnerabilities have been found in nginx: The TLS protocol does not properly handle session renegotiation requests CVE-2009-3555. The "ngxhttpprocessrequestheaders" function in...
Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Microsoft Edge is a browser that combines a minimal design with...
GLib: Multiple vulnerabilities
Background GLib is a library providing a number of GNOME’s core objects and functions. Description Multiple vulnerabilities have been discovered in GLib. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround The...
VirtualBox: Multiple vulnerabilities
Background VirtualBox is a powerful virtualization product from Oracle. Description Multiple vulnerabilities have been discovered in VirtualBox. Please review the CVE identifiers referenced below for details. Impact An attacker could take control of VirtualBox resulting in the execution of...