3816 matches found
MariaDB and MySQL: Multiple vulnerabilities
Background MySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an enhanced, drop-in replacement for MySQL. Description Multiple vulnerabilities have been discovered in MariaDB and MySQL. Please review the CVE identifiers referenced below for details. Impact Attackers could execut...
BusyBox: Multiple vulnerabilities
Background BusyBox is a set of tools for embedded systems and is a replacement for GNU Coreutils. Description Multiple vulnerabilities have been discovered in BusyBox. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code wi...
Portage: Man-in-the-middle attack
Background Portage is the package management and distribution system for Gentoo. Description Portage does not verify X.509 SSL certificates properly if HTTPS is used. Impact A remote attacker can spoof servers and modify binary package lists via specially crafted certificates. Workaround There is...
MySQL: Denial of service
Background MySQL is a popular multi-threaded, multi-user SQL server. Description Jean-David Maillefer discovered a format string vulnerability in time.cc where MySQL fails to properly handle specially formatted user input to the dateformat function. Impact By specifying a format string as the fir...
Linux Kernel: Multiple vulnerabilities
Background The Linux kernel is responsible for managing the core aspects of a GNU/Linux system, providing an interface for core system applications as well as providing the essential structure and capability to access hardware that is needed for a running system. Description Multiple flaws have...
VLC: Buffer overflow
Background VLC is a cross-platform media player and streaming server. Description VLC was found to have a buffer overflow when handling crafted MKV files. Impact A remote attacker could entice a user to open a specially crafted MKV file using VLC possibly resulting in execution of arbitrary code...
PostgreSQL: Multiple vulnerabilities
Background PostgreSQL is an open source object-relational database management system. Description Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly obtain sensitive information, alte...
SQLite: Multiple vulnerabilities
Background SQLite is a C library that implements an SQL database engine. Description Multiple vulnerabilities have been discovered in SQLite. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no kno...
Roundcube: Multiple vulnerabilities
Background Free and open source webmail software for the masses, written in PHP. Description Multiple vulnerabilities have been discovered in Roundcube. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround Ther...
WebKitGTK+: Multiple vulnerabilities
Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Description Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE...
sudo: Privilege escalation
Background sudo su “do” allows a system administrator to delegate authority to give certain users or groups of users the ability to run some or all commands as root or another user while providing an audit trail of the commands and their arguments. Description The fix present in...
Gajim: Information disclosure
Background Gajim is a Jabber/XMPP client which uses GTK+. Description Gajim unconditionally implements the “XEP-0146: Remote Controlling Clients” extension. Impact Remote attackers, by enticing a user to connect to a malicious XMPP server, could extract plaintext from Off The Record OTR encrypted...
PHP: Multiple vulnerabilities
Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact A...
OpenOffice.org: Heap overflow in included libcurl
Background OpenOffice.org is an office productivity suite, including word processing, spreadsheet, presentation, data charting, formula editing and file conversion facilities. libcurl, which is included in OpenOffice.org, is a free and easy-to-use client-side library for transferring files with U...
OpenMotif: Multiple vulnerabilities in libXpm
Background OpenMotif provides a free version of the Motif toolkit for open source applications. Description Multiple vulnerabilities, such as buffer overflows, out of bounds memory access or directory traversals, have been discovered in libXpm that is shipped as a part of the X Window System see...
Apache Velocity: Multiple vulnerabilities
Background Apache Velocity is a general purpose template engine. Description Multiple vulnerabilities have been discovered in Apache Velocity. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...
PyCharm Community, Professional: Remote code execution
Background PyCharm is the Python IDE for professional developers. Description Insufficient validation exists within PyCharm’s checks for fetching projects from VCS. Impact If a victim can be enticed into fetching a VCS project via PyCharm, a remote attacker could achieve remote code execution...
Dovecot: Multiple vulnerabilities
Background Dovecot is an open source IMAP and POP3 email server. Description Multiple vulnerabilities have been discovered in Dovecot. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
ConnMan: Multiple vulnerabilities
Background ConnMan provides a daemon for managing Internet connections. Description Multiple vulnerabilities have been discovered in connman. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no kno...
cfitsio: Multiple vulnerabilities
Background A C and Fortran library for manipulating FITS files. Description Multiple vulnerabilities have been discovered in cfitsio. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
RabbitMQ C client: Arbitrary code execution
Background A C-language AMQP client library for use with v2.0+ of the RabbitMQ broker. Description It was discovered that RabbitMQ C client incorrectly handled certain inputs. Impact A remote attacker, by sending a specially crafted request, could possibly execute arbitrary code with the privileg...
DBD::mysql: Multiple vulnerabilities
Background MySQL driver for the Perl5 Database Interface DBI Description Multiple vulnerabilities have been discovered in DBD::mysql. Please review the CVE identifiers referenced below for details. Impact An attacker could cause a Denial of Service condition, execute arbitrary code, or have other...
Chromium, V8: Multiple vulnerabilities
Background Chromium is an open-source web browser project. V8 is Google’s open source JavaScript engine. Description Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact A context-dependent...
MySQL: Multiple vulnerabilities
Background MySQL is a fast, multi-threaded, multi-user SQL database server. Description Multiple vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details. Impact A remote attacker could send a specially crafted request, possibly resulting in...
Samba: Multiple vulnerabilities
Background Samba is a suite of SMB and CIFS client/server programs. Description Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with root privileges, cause a Deni...
OpenSSH: Remote Code Execution
Background OpenSSH is a free application suite consisting of server and clients that replace tools like telnet, rlogin, rcp and ftp with more secure versions offering additional functionality. Description A vulnerability has been discovered in OpenSSH. Please review the CVE identifier referenced...
IBM Spectrum Protect: Multiple Vulnerabilities
Background TSM provides the client and the API for IBM Spectrum Protect formerly known as Tivoli Storage Manager, a backup and archival client/server solution targetting large tape libraries. Description Multiple vulnerabilities have been discovered in IBM Spectrum Protect. Please review the CVE...
ncurses: Multiple vulnerabilities
Background A console display library. Description Multiple vulnerabilities have been discovered in ncurses. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...
BIND: Multiple vulnerabilities
Background BIND Berkeley Internet Name Domain is a Name Server. Description Multiple vulnerabilities have been discovered in BIND. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workarou...
Mozilla Firefox: Multiple vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
PostgreSQL: Multiple vulnerabilities
Background PostgreSQL is an open source object-relational database management system. Description Multiple vulnerabilities have been discovered in PostgreSQL. Please review the referenced CVE identifiers for details. Impact A remote attacker could escalate privileges, cause a Denial of Service...
Oracle JDK/JRE: Multiple vulnerabilities
Background Java Platform, Standard Edition Java SE lets you develop and deploy Java applications on desktops and servers, as well as in today’s demanding embedded environments. Java offers the rich user interface, performance, versatility, portability, and security that today’s applications...
PyCrypto: Remote execution of arbitrary code
Background The Python Cryptography Toolkit PyCrypto is a collection of both secure hash functions such as SHA256 and RIPEMD160, and various encryption algorithms AES, DES, RSA, ElGamal, etc.. Description A heap-based buffer overflow vulnerability has been discovered in PyCrypto. Please review the...
Salt: Multiple vulnerabilities
Background Salt is a fast, intelligent and scalable automation engine. Description Multiple vulnerabilities have been discovered in Salt. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary commands via salt-api, cause a Denial...
Dovecot: Multiple vulnerabilities
Background Dovecot is an open source IMAP and POP3 email server. Description Multiple vulnerabilities have been discovered in Dovecot. Please review the CVE identifiers referenced below for details. Impact A remote attacker could send a specially crafted mail or send a specially crafted IMAP...
Node.js: Multiple vulnerabilities
Background Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript engine. Description Multiple vulnerabilities have been discovered in Node.js. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly write arbitrary files, cause a Denial of...
Dnsmasq: Multiple vulnerabilities
Background Dnsmasq is a lightweight and easily-configurable DNS forwarder and DHCP server. Description Multiple vulnerabilities have been discovered in Dnsmasq. Please review the references below for details. Impact A remote attacker could execute arbitrary code or cause a Denial of Service...
Exim: Local privilege escalation
Background Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. Description Exim supports the use of multiple “-p” command line arguments causing a memory leak. This could lead to a stack-clash in user-space and as result...
IcedTea: Multiple vulnerabilities
Background IcedTea’s aim is to provide OpenJDK in a form suitable for easy configuration, compilation and distribution with the primary goal of allowing inclusion in GNU/Linux distributions. Description Multiple vulnerabilities have been discovered in IcedTea. Please review the CVE identifiers...
Okular: Arbitrary code execution
Background Okular is a universal document viewer based on KPDF for KDE 4. Description Okular contains a heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function in generators/plucker/inplug/image.cpp. Impact A remote attacker could entice a user ...
Mozilla Firefox: Various vulnerabilities
Background Mozilla Firefox is the popular next-generation browser from the Mozilla project. Description The following vulnerabilities were found and fixed in Mozilla Firefox: Michael Krax reported that plugins can be used to load privileged content and trick the user to interact with it...
AWStats: Remote code execution
Background AWStats is an advanced log file analyzer and statistics generator. Description When 'awstats.pl' is run as a CGI script, it fails to validate specific inputs which are used in a Perl open function call. Furthermore, a user could read log file content even when plugin rawlog was not...
Mozilla Thunderbird: Multiple Vulnerabilities
Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...
FFmpeg: Multiple vulnerabilities
Background FFmpeg is a complete, cross-platform solution to record, convert and stream audio and video. Description Multiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a...
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...
OpenSSL: Multiple vulnerabilities
Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1/v1.1/v1.2/v1.3 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifier...
GnuTLS: Multiple vulnerabilities
Background GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. Description Multiple vulnerabilities have been discovered in GnuTLS. Please review the CVE identifiers referenced below for details. Impact Please review the CVE...
Scala: Privilege escalation
Background Scala combines object-oriented and functional programming in one concise, high-level language. Description It was discovered that Scala’s compilation daemon does not properly manage permissions for private files. Impact A local attacker could escalate privileges. Workaround There is no...
virglrenderer: Multiple vulnerabilities
Background A virtual 3D GPU library, that allows the guest operating system to use the host GPU to accelerate 3D rendering. Description Multiple vulnerabilities have been discovered in virglrenderer. Please review the CVE identifiers referenced below for details. Impact A local attacker could cau...
Libtirpc and RPCBind: Denial of Service
Background The RPCBind utility is a server that converts RPC program numbers into universal addresses. Libtirpc is a port of Suns Transport-Independent RPC library to Linux. Description It was found that due to the way RPCBind uses libtirpc libntirpc, a memory leak can occur when parsing speciall...