3816 matches found
UDisks, libblockdev: Privilege escalation
Background UDisks provides a daemon, tools and libraries to access and manipulate disks, storage devices and technologies. libblockdev is a library for manipulating block devices. Description Multiple vulnerabilities have been discovered in UDisks and libblockdev. Please review the CVE identifier...
OpenImageIO: Multiple Vulnerabilities
Background OpenImageIO is a library for reading and writing images. Description Multiple vulnerabilities have been discovered in OpenImageIO. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no kno...
Orc: Arbitrary Code Execution
Background Orc is a library and set of tools for compiling and executing very simple programs that operate on arrays of data. The "language" is a generic assembly language that represents many of the features available in SIMD architectures, including saturated addition and subtraction, and many...
pip: arbitrary configuration injection
Background pip is a tool for installing and managing Python packages. Description Multiple vulnerabilities have been discovered in pip. Please review the CVE identifiers referenced below for details. Impact When installing a package from a Mercurial VCS URL ie "pip install hg+...", the specified...
Neat VNC: Authentication Bypass
Background Neat VNC is a liberally licensed VNC server library that's intended to be fast and neat. Description Neat VNC allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is...
Tor: Multiple Vulnerabilities
Background Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service. Description Multiple vulnerabilities have been discovered in Tor. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CV...
Spidermonkey: Multiple Vulnerabilities
Background SpiderMonkey is Mozilla’s JavaScript and WebAssembly Engine, used in Firefox, Servo and various other projects. It is written in C++, Rust and JavaScript. You can embed it into C++ and Rust projects, and it can be run as a stand-alone shell. Description Multiple vulnerabilities have be...
GnuTLS: Multiple Vulnerabilities
Background GnuTLS is a secure communications library implementing the SSL, TLS, and DTLS protocols Description Multiple vulnerabilities have been discovered in GnuTLS. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
glibc: Multiple Vulnerabilities
Background glibc is a package that contains the GNU C library. Description Multiple vulnerabilities have been discovered in glibc. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workarou...
Mozilla Network Security Service (NSS): TLS RSA decryption timing attack
Background The Mozilla Network Security Service is a library implementing security features like SSL v.2/v.3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME and X.509 certificates. Description A vulnerability has been discovered in Mozilla Network Security Service NSS. Please review the CVE...
Spreadsheet-ParseExcel: Arbitrary Code Execution
Background Spreadsheet::ParseExcel is a perl module to extract information from Excel files. Description A vulnerability has been discovered in Spreadsheet::ParseExcel. Please review the CVE identifier referenced below for details. Impact Please review the referenced CVE identifier for details...
openh264: Heap Overflow
Background OpenH264 is a codec library which supports H.264 encoding and decoding. It is suitable for use in real time applications such as WebRTC. Description A vulnerability has been discovered in openh264. Please review the CVE identifiers referenced below for details. Impact A vulnerability i...
GStreamer, GStreamer Plugins: Multiple Vulnerabilities
Background GStreamer is an open source multimedia framework. Description Multiple vulnerabilities have been discovered in GStreamer, GStreamer Plugins. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There...
libuv: Hostname Truncation
Background libuv is a multi-platform support library with a focus on asynchronous I/O. Description Multiple vulnerabilities have been discovered in libuv. Please review the CVE identifiers referenced below for details. Impact The uvgetaddrinfo function in src/unix/getaddrinfo.c truncates hostname...
GnuTLS: Multiple Vulnerabilities
Background GnuTLS is a secure communications library implementing the SSL, TLS, and DTLS protocols Description Multiple vulnerabilities have been discovered in GnuTLS. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
Hunspell: Multiple Vulnerabilities
Background Hunspell is the spell checker of LibreOffice, OpenOffice.org, Mozilla Firefox & Thunderbird, Google Chrome. Description Malicious input to the hunspell spell checker could result in an application crash or other unspecified behavior. Impact Malicious input to the hunspell spell checker...