3816 matches found
Chromium, Google Chrome, Microsoft Edge. Opera: Multiple Vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Microsoft Edge is a browser that combines a minimal design with...
ZNC: Remote Code Execution
Background ZNC is an advanced IRC bouncer. Description ZNC's modtcl could allow for remote code execution via a KICK. Impact A vulnerable ZNC with the modtcl module loaded could be exploited for remote code execution. Workaround Unload the modtcl module. Resolution All ZNC users should upgrade to...
rsyslog: Heap Buffer Overflow
Background rsyslog is an enhanced multi-threaded syslogd with database support and more. Description Multiple vulnerabilities have been discovered in rsyslog. Please review the CVE identifiers referenced below for details. Impact Modules for TCP syslog reception have a heap buffer overflow when...
Minitube: Insecure temporary file usage
Background Minitube is a Qt4 YouTube desktop client. Description Tomáš Pružina reported that Minitube does not handle temporary files securely. Impact A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application. Workaround...
GOffice: Multiple vulnerabilities
Background GOffice is a library of document-centric objects and utilities based on GTK. Description GOffice includes a copy of PCRE which is vulnerable to multiple buffer overflows and memory corruptions vulnerabilities GLSA 200711-30. Impact An attacker could entice a user to open specially...
AMD64 x86 emulation GTK+ library: User-assisted execution of arbitrary code
Background Cairo is a 2D vector graphics library with cross-device output support. The AMD64 x86 emulation GTK+ library packages Cairo libraries for 32bit x86 emulation on AMD64. Description The Cairo versions used by the AMD64 x86 emulation GTK+ libraries were vulnerable to integer overflow...
Trac: File upload vulnerability
Background Trac is a minimalistic web-based project management, wiki and bug tracking system including a Subversion interface. Description Stefan Esser of the Hardened-PHP project discovered that Trac fails to validate the "id" parameter when uploading attachments to the wiki or the bug tracking...
libpng: Multiple vulnerabilities
Background libpng is the official PNG reference library used to read, write and manipulate PNG images. Description Multiple vulnerabilities have been discovered in libpng. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...
qtsvg: Multiple Vulnerabilities
Background qtsvg is a SVG rendering library for the Qt framework. Description Multiple vulnerabilities have been discovered in qtsvg. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
Django: Multiple Vulnerabilities
Background Django is a Python-based web framework. Description Multiple vulnerabilities have been discovered in Django. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this...
Qt: Multiple Vulnerabilities
Background Qt is a cross-platform application development framework. Description Multiple vulnerabilities have been discovered in Qt. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
OpenSSH: Multiple Vulnerabilities
Background OpenSSH is a free application suite consisting of server and clients that replace tools like telnet, rlogin, rcp and ftp with more secure versions offering additional functionality. Description Multiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers...
Glances: Arbitrary Code Execution
Background Glances is an open-source system cross-platform monitoring tool. It allows real-time monitoring of various aspects of your system such as CPU, memory, disk, network usage etc. Description A vulnerability in XML parsing may lead to a variety of XML attacks. Impact A vulnerability in XML...
abcm2ps: Buffer overflow vulnerability
Background abcm2ps is a utility used to convert ABC music sheet files into PostScript format. Description Limin Wang has located a buffer overflow inside the putwords function in the abcm2ps code. Impact A remote attacker could convince the victim to download a specially-crafted ABC file. Upon...
PHP: Memory disclosure and arbitrary location file upload
Background PHP is a general-purpose scripting language widely used to develop web-based applications. It can run inside a web server using the modphp module or the CGI version of PHP, or can run stand-alone in a CLI. Description Stefano Di Paola discovered two bugs in PHP. The first is a parse...
FUSE: Multiple Vulnerabilities
Background FUSE Filesystem in Userspace is an interface for userspace programs to export a filesystem to the Linux kernel. Description The following vulnerabilities have been discovered in FUSE: a NULL pointer dereference when running with the NUMA architecture and a use-after-free. The worst of...
GIMP: Arbitrary Code Execution
Background GIMP is the GNU Image Manipulation Program. XCF is the native image file format used by GIMP. Description A vulnerability has been discovered in GIMP. Please review the CVE identifier referenced below for details. Impact This vulnerability allows remote attackers to execute arbitrary...
librnp: Weak random number generation
Background librnp is a high performance C++ OpenPGP library. Description The affected librnp version generated weak session keys for its public key encryption PKESK mode. Impact Messages encrypted using the affected librnp version might be readable by an attacker with just the public key...
Chromium, Google Chrome, Microsoft Edge. Opera: Multiple Vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Microsoft Edge is a browser that combines a minimal design with...
ProFTPd: SSH Terrapin vulnerability
Background ProFTPD is an advanced and very configurable FTP server. Description A vulnerability has been discovered in ProFTPd. Please review the CVE identifier referenced below for details. Impact The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other...
Composer: Multiple Vulnerabilities
Background Composer is a dependency manager for the PHP programming language. Description Integrators using Composer code to call VcsDriver::getFileContent can have a code injection vulnerability if the user can control the $file or $identifier argument. This leads to a vulnerability on...
FontForge: Arbitrary Code Execution
Background FontForge is a PostScript font editor and converter. Description A vulnerabilitiy has been discovered in FontForge. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround a...
REXML: Multiple Vulnerabilities
Background REXML is an XML toolkit for Ruby. Description Multiple vulnerabilities have been discovered in REXML. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...
File-Find-Rule: Shell Injection
Background File-Find-Rule is an alternative interface to File::Find. Description File-Find-Rule uses the legacy '2-arg' open call which is susceptible to shell injection via malicious filenames. Impact Shell injection may be used to execute arbitrary code using a malicious filename. Workaround...
LibreOffice: Multiple Vulnerabilities
Background LibreOffice is a powerful office suite; its clean interface and powerful tools let you unleash your creativity and grow your productivity. Description Multiple vulnerabilities have been discovered in LibreOffice. Please review the CVE identifiers referenced below for details. Impact...
NVIDIA Drivers: Multiple Vulnerabilities
Background NVIDIA Drivers are NVIDIA's accelerated graphics driver. Description A vulnerability has been discovered in NVIDIA Drivers. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifier for details. Workaround There is no known...
GPL Ghostscript: Multiple Vulnerabilities
Background Ghostscript is an interpreter for the PostScript language and for PDF. Description Multiple vulnerabilities have been discovered in GPL Ghostscript. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workarou...
Yubico pam-u2f: Partial Authentication Bypass
Background Yubico pam-u2f is a PAM module for FIDO2 and U2F keys. Description Multiple vulnerabilities have been discovered in Yubico pam-u2f. Please review the CVE identifiers referenced below for details. Impact Depending on specific settings and usage scenarios the result of the pam-u2f module...
PHP: Multiple Vulnerabilities
Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact Please review th...
GIMP: Multiple Vulnerabilities
Background GIMP is the GNU Image Manipulation Program. XCF is the native image file format used by GIMP. Description Multiple vulnerabilities have been discovered in GIMP. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...
rsync: Multiple Vulnerabilities
Background rsync is a server and client utility that provides fast incremental file transfers. It is used to efficiently synchronize files between hosts and is used by emerge to fetch Gentoo's Portage tree. Description Multiple vulnerabilities have been discovered in rsync. Please review the CVE...
Distrobox: Arbitrary Code Execution
Background Use any Linux distribution inside your terminal. Enable both backward and forward compatibility with software and freedom to use whatever distribution you’re more comfortable with. Distrobox uses podman, docker or lilipod to create containers using the Linux distribution of your choice...
Mozilla Thunderbird: Multiple Vulnerabilities
Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...
EditorConfig core C library: arbitrary stack write
Background EditorConfig core library written in C for use by plugins supporting EditorConfig parsing Description A vulnerability has been discovered in EditorConfig Core C library. Please review the CVE identifier referenced below for details. Impact Please review the referenced CVE identifier fo...
Stellarium: Arbitrary File Write
Background Stellarium is a free open source planetarium for your computer. It shows a realistic sky in 3D, just like what you see with the naked eye, binoculars or a telescope. Description A vulnerability has been discovered in Stellarium. Please review the CVE identifier referenced below for...
Vim, gVim: Multiple Vulnerabilities
Background Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim. Description Multiple vulnerabilities have been discovered in Vim, gVim. Please review the CVE identifiers referenced below for details. Impact Please review the...
UDisks: Multiple Vulnerabilities
Background UDisks provides a daemon, tools and libraries to access and manipulate disks, storage devices and technologies. Description Multiple vulnerabilities have been discovered in UDisks. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...
Plex Media Server: Incorrect resource transfer
Background Plex media server is a media library that is intended for use with a plex client. Description A vulnerability has been discovered in glibc. Please review the CVE identifier referenced below for details. Impact Please review the referenced CVE identifier for details. Workaround There is...
GPL Ghostscript: Multiple Vulnerabilities
Background Ghostscript is an interpreter for the PostScript language and for PDF. Description Multiple vulnerabilities have been discovered in GPL Ghostscript. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workarou...
PAM: Multiple Vulnerabilities
Background PAM Pluggable Authentication Modules is an architecture allowing the separation of the development of privilege granting software from the development of secure and appropriate authentication schemes. Description Multiple vulnerabilities have been discovered in PAM. Please review the C...
strongSwan: Buffer Overflow
Background strongSwan is an IPSec implementation for Linux. Description Multiple vulnerabilities have been discovered in strongSwan. Please review the CVE identifiers referenced below for details. Impact A vulnerability in charon-tkm related to processing DH public values was discovered in...
X.Org X server, XWayland: Multiple Vulnerabilities
Background The X Window System is a graphical windowing system based on a client/server model. Description Multiple vulnerabilities have been discovered in X.Org X server and XWayland. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...
Atop: Heap Corruption
Background Atop is an ASCII full-screen performance monitor for Linux that is capable of reporting the activity of all processes even if processes have finished during the interval, daily logging of system and process activity for long-term analysis, highlighting overloaded system resources by...
Qt: Buffer Overflow
Background Qt is a cross-platform application development framework. Description When given specifically crafted data then QXmlStreamReader can end up causing a buffer overflow and subsequently a crash or freeze or get out of memory on recursive entity expansion, with DTD tokens in XML body. Impa...
libgsf: Multiple Vulnerabilities
Background The GNOME Structured File Library is an I/O library that can read and write common file types and handle structured formats that provide file-system-in-a-file semantics. Description Multiple vulnerabilities have been discovered in libgsf. Please review the CVE identifiers referenced...
Mozilla Firefox: Multiple Vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
tmux: Null Pointer Dereference
Background tmux is a terminal multiplexer. Description A null pointer dereference issue was discovered in function windowpanesetevent in window.c in which allows attackers to cause denial of service or other unspecified impacts. Impact Manipulating tmux window state could result in a null pointer...
Poppler: Multiple Vulnerabilities
Background Poppler is a PDF rendering library based on the xpdf-3.0 code base. Description Multiple vulnerabilities have been discovered in Poppler. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is...
Git: Multiple Vulnerabilities
Background Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Description Multiple vulnerabilities have been discovered in Git. Please review the CVE identifiers referenced below for details...
UDisks, libblockdev: Privilege escalation
Background UDisks provides a daemon, tools and libraries to access and manipulate disks, storage devices and technologies. libblockdev is a library for manipulating block devices. Description Multiple vulnerabilities have been discovered in UDisks and libblockdev. Please review the CVE identifier...