ISC BIND: Multiple Vulnerabilities

Background ISC BIND is the Internet Systems Consortium implementation of the Domain Name System DNS protocol. Description Multiple vulnerabilities have been discovered in ISC BIND. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers...

Net-SNMP: Multiple Vulnerabilities

Background Net-SNMP is a suite of applications used to implement the Simple Network Management Protocol. Description Multiple vulnerabilities have been discovered in Net-SNMP. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

Libtirpc: Denial of Service

Background Libtirpc is a port of Sun's Transport-Independent RPC library to Linux. Description Currently svcrun does not handle poll timeout and rendezvousrequest does not handle EMFILE error returned from accept2 as it used to. These two missing functionality were removed by commit b2c9430f46c4...

Shadow: TOCTOU Race

Background Shadow contains utilities to deal with user accounts Description A TOCTOU race condition was discovered in shadow. A local attacker with write privileges in a directory removed or copied by usermod/userdel could potentially exploit this flaw when the administrator invokes...

FreeRDP: Multiple Vulnerabilities

Background FreeRDP is a free implementation of the remote desktop protocol. Description Multiple vulnerabilities have been discovered in FreeRDP. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...

OpenEXR: Multiple Vulnerabilities

Background OpenEXR is a high dynamic-range HDR image file format developed by Industrial Light & Magic for use in computer imaging applications. Description Multiple vulnerabilities have been discovered in OpenEXR. Please review the CVE identifiers referenced below for details. Impact Please revi...

open-vm-tools: Local Privilege Escalation

Background open-vm-tools contains tools for VMware guests. Description A pipe accessible to unprivileged users in the VMWare guest does not sufficiently sanitize input. Impact An unprivileged guest user could achieve root privileges within the guest. Workaround There is no known workaround at thi...

JHead: Multiple Vulnerabilities

Background JHead is an EXIF JPEG header manipulation tool. Description Multiple vulnerabilities have been discovered in JHead. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround a...

libksba: Remote Code Execution

Background Libksba is a X.509 and CMS PKCS7 library. Description An integer overflow in parsing ASN.1 objects could lead to a buffer overflow. Impact Crafted ASN.1 objects could trigger an integer overflow and buffer overflow to result in remote code execution. Workaround There is no known...

X.Org X server, XWayland: Multiple Vulnerabilities

Background The X Window System is a graphical windowing system based on a client/server model. Description Multiple vulnerabilities have been discovered in X.Org X server and XWayland. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

Apptainer: Lack of Digital Signature Hash Verification

Background Apptainer is the container system for secure high-performance computing. Description The Go module "sif" version 2.8.0 and older, which is a statically linked dependency of Apptainer, does not verify that the hash algorithms used are cryptographically secure when verifying digital...

Nicotine+: Denial of Service

Background Nicotine+ is a fork of nicotine, a Soulseek client in Python. Description Nicotine+ does not sufficiently validate file path in download requests. Impact A file path in a download request which contains a null character will cause a crash of Nicotine+. Workaround There is no known...

Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities

Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Microsoft Edge is a browser that combines a minimal design with...

RPM: Multiple Vulnerabilities

Background The Red Hat Package Manager RPM is a command line driven package management system capable of installing, uninstalling, verifying, querying, and updating computer software packages. Description Multiple vulnerabilities have been discovered in RPM. Please review the CVE identifiers...

Sofia-SIP: Multiple Vulnerabilities

Background Sofia-SIP is an RFC3261 compliant SIP User-Agent library. Description Multiple vulnerabilities have been discovered in Sofia-SIP. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no know...

GDAL: Heap Buffer Overflow

Background GDAL is a geospatial data abstraction library. Description GDAL does not sufficiently sanitize input when loading PCIDSK binary segments. Impact Loading crafted PCIDSK data via GDAL could result in denial of service. Workaround There is no known workaround at this time. Resolution All...

libgcrypt: Multiple Vulnerabilities

Background libgcrypt is a general purpose cryptographic library derived out of GnuPG. Description Multiple vulnerabilities have been discovered in libgcrypt. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround...

Gitea: Multiple Vulnerabilities

Background Gitea is a painless self-hosted Git service. Description Multiple vulnerabilities have been discovered in Gitea. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at...

Lighttpd: Denial of Service

Background Lighttpd is a lightweight high-performance web server. Description Lighttpd's modwstunnel does not initialize a handler function pointer if an invalid HTTP request websocket handshake is received. Impact An attacker can trigger a denial of service via making Lighttpd try to call an...

schroot: Denial of Service

Background schroot is a utility to execute commands in a chroot environment. Description schroot is unecessarily permissive in rules regarding chroot and session names. Impact A crafted chroot or session name can break the internal state of the schroot service, leading to denial of service...

LibTIFF: Multiple Vulnerabilities

Background LibTIFF provides support for reading and manipulating TIFF Tagged Image File Format images. Description Multiple vulnerabilities have been discovered in LibTIFF. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

hiredis, hiredis-py: Multiple Vulnerabilities

Background hiredis is a minimalistic C client library for the Redis database. hiredis-py is a Python extension that wraps hiredis. Description Hiredis is vulnerable to integer overflow if provided maliciously crafted or corrupted RESP mult-bulk protocol data. When parsing multi-bulk array-like...

Mozilla Thunderbird: Multiple Vulnerabilities

Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

Mozilla Firefox: Multiple Vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

Expat: Denial of Service

Background Expat is a set of XML parsing libraries. Description In certain out-of-memory situations, Expat may free memory before it should, leading to a use-after-free. Impact A use-after-free can result in denial of service. Workaround There is no known workaround at this time. Resolution All...

zlib: Multiple vulnerabilities

Background zlib is a widely used free and patent unencumbered data compression library. Description Multiple vulnerabilities have been discovered in zlib. Please review the CVE identifiers referenced below for details. Impact Maliciously crafted input handled by zlib may result in remote code...

libxml2: Multiple Vulnerabilities

Background libxml2 is the XML C parser and toolkit developed for the GNOME project. Description Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround The...

SQLite: Multiple Vulnerabilities

Background SQLite is a C library that implements an SQL database engine. Description Multiple vulnerabilities have been discovered in SQLite. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no kno...

PJSIP: Multiple Vulnerabilities

Background PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Description Multiple vulnerabilities have been discovered in PJSIP. Please review the CVE identifiers referenced belo...

libjxl: Denial of Service

Background libjxl is the JPEG XL image format reference implementation. Description libjxl contains an unecessary assertion in jxl::LowMemoryRenderPipeline::Init. Impact An attacker can cause a denial of service of the libjxl process via a crafted input file. Workaround There is no known workarou...

android-tools: Multiple Vulnerabilities

Background android-tools contains Android platform tools adb, fastboot, and mkbootimg. Description Multiple vulnerabilities have been discovered in android-tools. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

FasterXML jackson-databind: Multiple vulnerabilities

Background FasterXML jackson-databind is a general data-binding package for Jackson 2.x which works on streaming API core implementations. Description Multiple vulnerabilities have been discovered in FasterXML jackson-databind. Please review the CVE identifiers referenced below for details. Impac...

Open Asset Import Library ("assimp"): Multiple Vulnerabilities

Background Open Asset Import Library is a library to import and export various 3d-model-formats including scene-post-processing to generate missing render data. Description Multiple vulnerabilities have been discovered in Fetchmail, the worst of which could result in email disclosure to third...

Deluge: Cross-Site Scripting

Background Deluge is a BitTorrent client. Description Deluge does not sufficiently sanitize crafted torrent file data, leading to the application interpreting untrusted data as HTML. Impact An attacker can achieve XSS via a crafted torrent file. Workaround There is no known workaround at this tim...

Tcpreplay: Multiple Vulnerabilities

Background Tcpreplay is a suite of utilities for UNIX systems for editing and replaying network traffic which was previously captured by tools like tcpdump and ethereal/wireshark. Description Multiple vulnerabilities have been discovered in Tcpreplay. Please review the CVE identifiers referenced...

virglrenderer: Multiple vulnerabilities

Background A virtual 3D GPU library, that allows the guest operating system to use the host GPU to accelerate 3D rendering. Description Multiple vulnerabilities have been discovered in virglrenderer. Please review the CVE identifiers referenced below for details. Impact Please review the referenc...

libxml2: Multiple Vulnerabilities

Background libxml2 is the XML C parser and toolkit developed for the GNOME project. Description Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround The...

Wireshark: Multiple Vulnerabilities

Background Wireshark is a versatile network protocol analyzer. Description Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

OpenSSL: Multiple Vulnerabilities

Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced...

libvirt: Multiple Vulnerabilities

Background libvirt is a C toolkit for manipulating virtual machines. Description Multiple vulnerabilities have been discovered in libvirt. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

Rust: Multiple Vulnerabilities

Background A systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. Description Multiple vulnerabilities have been discovered in Rust. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

Poppler: Arbitrary Code Execution

Background Poppler is a PDF rendering library based on the xpdf-3.0 code base. Description Multiple vulnerabilities have been discovered in Poppler. Please review the CVE identifiers referenced below for details. Impact Processing a specially crafted PDF file or JBIG2 image could lead to a crash ...

PHP: Multiple Vulnerabilities

Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact Please review th...

Mozilla Firefox: Multiple Vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

Mozilla Thunderbird: Multiple Vulnerabilities

Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

GraphicsMagick: Multiple Vulnerabilities

Background GraphicsMagick is a collection of tools and libraries which support reading, writing, and manipulating images in many major formats. Description Multiple vulnerabilities have been discovered in GraphicsMagick. Please review the CVE identifiers referenced below for details. Impact Pleas...

BlueZ: Multiple Vulnerabilities

Background BlueZ is the canonical bluetooth tools and system daemons package for Linux. Description Multiple vulnerabilities have been discovered in BlueZ. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround...

Redis: Multiple Vulnerabilities

Background Redis is an open source BSD licensed, in-memory data structure store, used as a database, cache and message broker. Description Multiple vulnerabilities have been discovered in Redis. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CV...

Expat: Multiple Vulnerabilities

Background Expat is a set of XML parsing libraries. Description Multiple vulnerabilities have been discovered in Expat. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this...

Kitty: Arbitrary Code Execution

Background Kitty is a fast, feature-rich, GPU-based terminal. Description Carter Sande discovered that maliciously constructed control sequences can cause Kitty to display a notification that, when clicked, can cause Kitty to execute arbitrary commands. Impact Kitty can produce notifications that...