3816 matches found
faac: Denial of service
Background faac contains free MPEG-4 audio codecs by AudioCoding.com. Description An invalid pointer can be dereferenced in the huffcode function of libfaac/huff2.c, leading to a crash. Impact An attacker with the ability to provide crafted input to faac could cause a denial of service. Workaroun...
isync: Multiple Vulnerabilities
Background isync is an IMAP and MailDir mailbox synchronizer. Description Multiple vulnerabilities have been discovered in isync. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaroun...
Babel: Remote code execution
Background Babel is a collection of tools for internationalizing Python applications. Description Babel does not properly restrict which sources a locale can be loaded from. If Babel loads an attacker-controlled .dat file, arbitrary code execution can be achieved via unsafe Pickle deserialization...
Icinga Web 2: Multiple Vulnerabilities
Background Icinga Web 2 is a frontend for icinga2. Description Multiple vulnerabilities have been discovered in Icinga Web 2. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at...
libmcpp: Denial of service
Background libmcpp is a portable C/C++ preprocessor. Description A buffer overflow and an out-of-bounds read vulnerability have been discovered in libmcpp, which could be exploited for denial of service. Impact An attacker that can provide crafted input to libmcpp could achieve denial of service...
3MF Consortium lib3mf: Remote code execution
Background lib3mf is an implementation of the 3D Manufacturing Format file standard. Description Incorrect memory handling within lib3mf could result in a use-after-free. Impact An attacker that can provide malicious input to an application using 3MF Consortium's lib3mf could achieve remote code...
Go: Multiple Vulnerabilities
Background Go is an open source programming language that makes it easy to build simple, reliable, and efficient software. Description Multiple vulnerabilities have been discovered in Go. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...
HashiCorp Vault: Multiple Vulnerabilities
Background HashiCorp Vault is a tool for managing secrets. Description Multiple vulnerabilities have been discovered in HashiCorp Vault. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
Mozilla Firefox: Multiple vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one, fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...
WebkitGTK+: Multiple vulnerabilities
Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Description Multiple vulnerabilities have been discovered in WebkitGTK+. Please review the CVE...
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one, fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...
Polkit: Local privilege escalation
Background polkit is a toolkit for managing policies related to unprivileged processes communicating with privileged process. Description Flawed input validation of arguments was discovered in the 'pkexec' program's main function. Impact A local attacker could achieve root privilege escalation...
SDL 2: Multiple vulnerabilities
Background Simple DirectMedia Layer is a cross-platform development library designed to provide low level access to audio, keyboard, mouse, joystick, and graphics hardware via OpenGL and Direct3D. Description Multiple vulnerabilities have been discovered in SDL 2. Please review the CVE identifier...
Leptonica: Multiple vulnerabilities
Background Leptonica is a C library for image processing and analysis. Description Multiple vulnerabilities have been discovered in Leptonica. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...
libyang: Multiple vulnerabilities
Background YANG data modeling language library. Description Multiple vulnerabilities have been discovered in libyang. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this...
Apache Velocity: Multiple vulnerabilities
Background Apache Velocity is a general purpose template engine. Description Multiple vulnerabilities have been discovered in Apache Velocity. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...
IcedTeaWeb: Multiple vulnerabilities
Background FOSS Java browser plugin and Web Start implementation. Description Multiple vulnerabilities have been discovered in IcedTeaWeb. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
Singularity: Remote code execution
Background Singularity is the container platform for performance sensitive workloads. Description Singularity always uses the default remote endpoint, ‘cloud.syslabs.io’, for action commands using the ‘library://’ URI rather than the configured remote endpoint. Impact An attacker that that can pu...
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in chromium, and...
PyCharm Community, Professional: Remote code execution
Background PyCharm is the Python IDE for professional developers. Description Insufficient validation exists within PyCharm’s checks for fetching projects from VCS. Impact If a victim can be enticed into fetching a VCS project via PyCharm, a remote attacker could achieve remote code execution...
PJSIP: Multiple vulnerabilities
Background PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Description Multiple vulnerabilities have been discovered in PJSIP. Please review the CVE identifiers referenced belo...
systemd: Multiple vulnerabilities
Background A system and service manager. Description Multiple vulnerabilities have been discovered in systemd. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...
libslirp: Multiple vulnerabilities
Background libslirp is a TCP/IP emulator used to provide virtual networking services. Description Multiple vulnerabilities have been discovered in libslirp. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround...
libpano13: Format string vulnerability
Background libpano13 is Helmut Dersch’s panorama toolbox library. Description A format string issue exists within panoFileOutputNamesCreate where unvalidated input is passed directly into the formatter. Impact A remote attacker could entice a user to open a specially crafted file using libpano1...
RPM: Multiple vulnerabilities
Background The Red Hat Package Manager RPM is a command line driven package management system capable of installing, uninstalling, verifying, querying, and updating computer software packages. Description Multiple vulnerabilities have been discovered in RPM. Please review the CVE identifiers...
mpv: Format string vulnerability
Background Video player based on MPlayer/mplayer2. Description mpv uses untrusted input within format strings. Impact A remote attacker could entice a user to open a specially crafted m3u playlist file using mpv, possibly resulting in execution of arbitrary code with the privileges of the process...
Dovecot: Multiple vulnerabilities
Background Dovecot is an open source IMAP and POP3 email server. Description Multiple vulnerabilities have been discovered in Dovecot. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
Apache: Multiple vulnerabilities
Background The Apache HTTP server is one of the most popular web servers on the Internet. Description Multiple vulnerabilities have been discovered in Apache. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaroun...
Apache Commons FileUpload: Multiple vulnerabilities
Background The Apache Commons FileUpload package makes it easy to add robust, high-performance, file upload capability to your servlets and web applications. Description Multiple vulnerabilities have been discovered in Apache Commons FileUpload. Please review the CVE identifiers referenced below...
MediaWiki: Multiple vulnerabilities
Background MediaWiki is a collaborative editing software used by large projects such as Wikipedia. Description Multiple vulnerabilities have been discovered in MediaWiki. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for detail...
Apache Commons Collections: Remote code execution
Background Apache Commons Collections extends the JCF classes with new interfaces, implementations and utilities. Description Some classes in the Apache Commons Collections functor package deserialized potentially untrusted input by default. Impact Deserializing untrusted input using Apache Commo...
FluidSynth: Remote code execution
Background FluidSynth is a real-time synthesizer based on the Soundfont 2 specifications. Description FluidSynth contains a use-after-free in sfloader/fluidsffile.c which occurs when parsing Soundfile 2 files. Impact A remote attacker could entice a user to open a specially crafted Soundfont 2 fi...
OpenSCAD: Buffer overflow
Background OpenSCAD is the programmer’s solid 3D CAD modeller. Description A buffer overflow exists in OpenSCAD when parsing STL files. Impact A remote attacker could entice a user to open a specially crafted STL file using OpenSCAD, possibly resulting in execution of arbitrary code with the...
urllib3: Multiple vulnerabilities
Background The urllib3 library is an HTTP library with thread-safe connection pooling, file post, and more. Description Multiple vulnerabilities have been discovered in urllib3. Please review the CVE identifiers referenced below for details. Impact An attacker could cause a possible Denial of...
Apache Thrift: Multiple vulnerabilities
Background Apache Thrift is a software framework that combines a software stack with a code generation engine to build services that work efficiently and seamlessly between many languages. Description Multiple vulnerabilities have been discovered in Apache Thrift. Please review the CVE identifier...
Pillow: Multiple vulnerabilities
Background Python Imaging Library fork Description Multiple vulnerabilities have been discovered in Pillow. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...
polkit: Privilege escalation
Background polkit is a toolkit for managing policies related to unprivileged processes communicating with privileged process. Description The function polkitsystembusnamegetcredssync was called without checking for error, and as such temporarily treats the authentication request as coming from...
GNU Chess: Buffer overflow
Background GNU Chess is a console based chess interfae. Description The cmdpgnload and cmdpgnreplay functions in cmd.cc in GNU Chess to not sufficiently validate PGN file input, potentially resulting in a buffer overflow. Impact A remote attacker could entice a user to open a specially crafted PG...
ConnMan: Multiple vulnerabilities
Background ConnMan provides a daemon for managing Internet connections. Description Multiple vulnerabilities have been discovered in connman. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no kno...
Xen: Multiple vulnerabilities
Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...
OpenEXR: Multiple vulnerabilities
Background OpenEXR is a high dynamic-range HDR image file format developed by Industrial Light & Magic for use in computer imaging applications. Description Multiple vulnerabilities have been discovered in OpenEXR. Please review the CVE identifiers referenced below for details. Impact Please revi...
Binutils: Multiple vulnerabilities
Background The GNU Binutils are a collection of tools to create, modify and analyse binary files. Many of the files use BFD, the Binary File Descriptor library, to do low-level manipulation. Description Multiple vulnerabilities have been discovered in Binutils. Please review the CVE identifiers...
runC: Container breakout
Background runC is a CLI tool for spawning and running containers according to the OCI specification. Description A vulnerability in runC could allow an attacker to achieve privilege escalation if specific mount configuration prerequisites are satisfied. Impact An attacker may be able to escalati...
Tor: Multiple vulnerabilities
Background Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service. Description Multiple vulnerabilities have been discovered in Tor. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CV...
Docker: Multiple vulnerabilities
Background Docker is the world’s leading software containerization platform. Description Multiple vulnerabilities have been discovered in Docker. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...
InspIRCd: Information disclosure
Background InspIRCd is a modular Internet Relay Chat IRC server written in C++ which was created from scratch to be stable, modern and lightweight. Description InspIRCd incorrectly handled malformed PONG messages, resulting in access of freed memory. Impact A remote attacker could send crafted...
Wireshark: Multiple vulnerabilities
Background Wireshark is a network protocol analyzer formerly known as ethereal. Description Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There...
Redis: Multiple vulnerabilities
Background Redis is an open source BSD licensed, in-memory data structure store, used as a database, cache and message broker. Description Multiple vulnerabilities have been discovered in Redis. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CV...
rclone: Weak random number generation
Background rclone is a problem to sync files to and from various cloud storage providers. Description Passwords generated with rclone were insecurely generated and are vulnerable to brute force attacks. Impact Data kept secret with a password generated by rclone may be disclosed to a local...