Mozilla Firefox: Multiple Vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

GraphicsMagick: Multiple Vulnerabilities

Background GraphicsMagick is a collection of tools and libraries which support reading, writing, and manipulating images in many major formats. Description Multiple vulnerabilities have been discovered in GraphicsMagick. Please review the CVE identifiers referenced below for details. Impact Pleas...

Expat: Multiple Vulnerabilities

Background Expat is a set of XML parsing libraries. Description Multiple vulnerabilities have been discovered in Expat. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this...

Oracle JDK/JRE: Multiple vulnerabilities

Background Java Platform, Standard Edition Java SE lets you develop and deploy Java applications on desktops and servers, as well as in today's demanding embedded environments. Java offers the rich user interface, performance, versatility, portability, and security that today's applications...

HarfBuzz: Multiple vulnerabilities

Background HarfBuzz is an OpenType text shaping engine. Description Multiple vulnerabilities have been discovered in HarfBuzz. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround a...

Smokeping: Multiple vulnerabilities

Background Smokeping is a powerful latency measurement tool Description Multiple vulnerabilities have been discovered in Smokeping. Please review the CVE identifiers referenced below for details. Impact A local attacker which gains access to the smokeping user could gain root privileges. Workarou...

Logcheck: Root privilege escalation

Background Logcheck mails anomalies in the system logfiles to the administrator. Description The pkgpostinst phase of the Logcheck ebuilds recursively chown the /etc/logcheck and /var/lib/logcheck directories. If the logcheck adds hardlinks to other files in these directories, the chown call will...

Mrxvt: Arbitrary Code Execution

Background Mrxvt is a multi-tabbed rxvt clone with XFT, transparent background and CJK support. Description Mrxvt mishandles certain escape sequences, some of which allow for shell command execution. Impact An attacker with sufficient access to write arbitrary text to the Mrxvt terminal could...

Fetchmail: Multiple Vulnerabilities

Background Fetchmail is a remote mail retrieval and forwarding utility. Description Multiple vulnerabilities have been discovered in Fetchmail. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...

GRUB: Multiple Vulnerabilities

Background GNU GRUB is a multiboot boot loader used by most Linux systems. Description Multiple vulnerabilities have been discovered in GRUB. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no kno...

Rizin: Multiple Vulnerabilities

Background Rizin is a reverse engineering framework for binary analysis. Description Multiple vulnerabilities have been discovered in Rizin. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no know...

Smarty: Multiple vulnerabilities

Background Smarty is a template engine for PHP. The "template security" feature of Smarty is designed to help reduce the risk of a system compromise when you have untrusted parties editing templates. Description Multiple vulnerabilities have been discovered in Smarty. Please review the CVE...

libaacplus: Denial of Service

Background libaacplus is an HE-AAC+ v2 library, based on the reference implementation. Description Multiple vulnerabilities have been discovered in libaacplus. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workarou...

OpenSC: Multiple Vulnerabilities

Background OpenSC contains tools and libraries for smart cards. Description Multiple vulnerabilities have been discovered in OpenSC. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

OpenJDK: Multiple Vulnerabilities

Background OpenJDK is an open source implementation of the Java programming language. Description Multiple vulnerabilities have been discovered in OpenJDK. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround...

OpenJPEG: Multiple Vulnerabilities

Background OpenJPEG is an open-source JPEG 2000 library. Description Multiple vulnerabilities have been discovered in OpenJPEG. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround ...

GNU Gzip, XZ Utils: Arbitrary file write

Background GNU Gzip is a popular data compression program. XZ Utils is free general-purpose data compression software with a high compression ratio. Description GNU Gzip and XZ Utils' grep helpers do not sufficiently validate certain multi-line file names. Impact In some cases, writing to arbitra...

IBM Spectrum Protect: Multiple Vulnerabilities

Background TSM provides the client and the API for IBM Spectrum Protect formerly known as Tivoli Storage Manager, a backup and archival client/server solution targetting large tape libraries. Description Multiple vulnerabilities have been discovered in IBM Spectrum Protect. Please review the CVE...

Oracle VirtualBox: Multiple Vulnerabilities

Background VirtualBox is a powerful virtualization product from Oracle. Description Multiple vulnerabilities have been discovered in VirtualBox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...

Mozilla Thunderbird: Multiple Vulnerabilities

Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

Mozilla Firefox: Multiple Vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

WebKitGTK+: Multiple Vulnerabilities

Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Description Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE...

Gnome Shell, gettext, libcroco: Multiple Vulnerabilities

Background GNOME Shell provides core user interface functions for the GNOME desktop, like switching to windows and launching applications. gettext contains the GNU locale utilities. libcroco is a standalone CSS2 parsing and manipulation library. Description The crparserparseanycore function in...

Apache Tomcat: Multiple Vulnerabilities

Background Apache Tomcat is a Servlet-3.0/JSP-2.2 Container. Description Multiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities

Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Microsoft Edge is a browser that combines a minimal design with...

Vim, gVim: Multiple Vulnerabilities

Background Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim. Description Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details. Impact Please review the...

libarchive: Multiple Vulnerabilities

Background libarchive is a library for manipulating different streaming archive formats, including certain tar variants, several cpio formats, and both BSD and GNU ar variants. Description Multiple vulnerabilities have been discovered in libarchive. Please review the CVE identifiers referenced...

Nokogiri: Multiple Vulnerabilities

Background Nokogiri is an HTML, XML, SAX, and Reader parser. Description Multiple vulnerabilities have been discovered in Nokogiri. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

Apache HTTPD: Multiple Vulnerabilities

Background The Apache HTTP server is one of the most popular web servers on the Internet. Description Multiple vulnerabilities have been discovered in Apache HTTPD. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

libebml: Heap buffer overflow vulnerability

Background libebml is a C++ library to parse EBML files. Description On 32bit builds of libebml, the length of a string is miscalculated, potentially leading to an exploitable heap overflow. Impact An attacker able to provide arbitrary input to libebml could achieve arbitrary code execution...

GStreamer, GStreamer Plugins: Multiple Vulnerabilities

Background GStreamer is an open source multimedia framework. Description Multiple vulnerabilities have been found in GStreamer and its plugins. Please review the CVE and GStreamer-SA identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

QEMU: Multiple Vulnerabilities

Background QEMU is a generic and open source machine emulator and virtualizer. Description Multiple vulnerabilities have been discovered in QEMU.Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...

Xen: Multiple Vulnerabilities

Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...

GNU C Library: Multiple Vulnerabilities

Background The GNU C library is the standard C library used by Gentoo Linux systems. It provides programs with basic facilities and interfaces to system calls. ld.so is the dynamic linker which prepares dynamically linked programs for execution by resolving runtime dependencies and related...

xterm: Multiple Vulnerabilities

Background xterm is a terminal emulator for the X Window system. Description Multiple vulnerabilities have been discovered in xterm. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

GNU Binutils: Multiple Vulnerabilities

Background The GNU Binutils are a collection of tools to create, modify and analyse binary files. Many of the files use BFD, the Binary File Descriptor library, to do low-level manipulation. Description Multiple vulnerabilities have been discovered in GNU Binutils. Please review the CVE identifie...

Chromium, Google Chrome, Microsoft Edge, QtWebEngine: Multiple Vulnerabilities

Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Microsoft Edge is a browser that combines a minimal design with...

Puma: Multiple Vulnerabilities

Background Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack. Description Multiple vulnerabilities have been discovered in Puma. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

LibRaw: Stack buffer overread

Background LibRaw is a library for reading RAW files obtained from digital photo cameras. Description LibRaw incorrectly handles parsing DNG fields in some cases, potentially resulting in a buffer overread leading to denial of service. Impact An attacker capable of providing crafted input to LibR...

libass: Denial of service

Background libass is a portable subtitle renderer for the ASS/SSA Advanced Substation Alpha/Substation Alpha subtitle format. Description A one-byte buffer overwrite in ASS font decoding could trigger an assertion failure resulting in denial of service. Impact An attacker with control over the AS...

Motion: Denial of service

Background Motion is a program that monitors the video signal from one or more cameras and is able to detect motions. Description The Motion HTTP server does not correctly perform URL decoding. If the HTTP server receives a request for a URL containing an incomplete percent-encoded character, a...

HashiCorp Consul: Multiple Vulnerabilities

Background HashiCorp Consul is a tool for service discovery, monitoring and configuration. Description Multiple vulnerabilities have been discovered in HashiCorp Consul. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

lxml: Multiple Vulnerabilities

Background lxml is a Pythonic binding for the libxml2 and libxslt libraries. Description Multiple vulnerabilities have been discovered in lxml. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...

mdbtools: Multiple Vulnerabilities

Background mdbtools is a set of libraries and utilities for reading Microsoft Access database MDB files. Description Multiple vulnerabilities have been discovered in mdbtools. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

Yubico pam-u2f: Local PIN Bypass vulnerability

Background Yubico pam-u2f is a PAM module for FIDO2 and U2F keys. Description A logic issue in Yubico pam-u2f could result in the bypass of a PIN entry requirement when authenticating with FIDO2. Impact An attacker with local access to certain applications using pam-u2f for authentication could...

Nextcloud: Multiple Vulnerabilities

Background Nextcloud is a personal cloud that runs on your own server. Description Multiple vulnerabilities have been discovered in Nextcloud. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...

aiohttp: Open redirect vulnerability

Background aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Description A bug in aiohttp.webmiddlewares.normalizepathmiddleware creates an open redirect vulnerability. Impact An attacker use this vulnerability to craft a link that, while appearing to be a link to an...

Spice Server: Multiple Vulnerabilities

Background Provides a complete open source solution for remote access to virtual machines in a seamless way so you can play videos, record audio, share USB devices and share folders without complications. Description Multiple vulnerabilities have been discovered in Spice Server, please review the...

isync: Multiple Vulnerabilities

Background isync is an IMAP and MailDir mailbox synchronizer. Description Multiple vulnerabilities have been discovered in isync. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaroun...

Mozilla Firefox: Multiple Vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...