cURL: Multiple vulnerabilities

Background A command line tool and library for transferring data with URLs. Description Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...

Nextcloud Desktop Client: User-assisted execution of arbitrary code

Background The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. Description It was discovered that Nextcloud Desktop Client did not validate URLs. Impact A remote attacker could entice a user to connect to a malicious Nextcloud server to cause the...

OpenSSH: Multiple vulnerabilities

Background OpenSSH is a complete SSH protocol implementation that includes SFTP client and server support. Description Multiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers referenced below for details. Impact A remote attacker, able to access the socket of t...

nginx: Remote code execution

Background nginx is a robust, small, and high performance HTTP and reverse proxy server. Description It was discovered that nginx did not properly handle DNS responses when “resolver” directive is used. Impact A remote attacker, able to provide DNS responses to a nginx instance, could cause the...

Ceph: Multiple vulnerabilities

Background Ceph is a distributed network file system designed to provide excellent performance, reliability, and scalability. Description Multiple vulnerabilities have been discovered in Ceph. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

Firejail: Privilege escalation

Background A SUID program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf. Description It was discovered that a flaw in Firejail’s OverlayFS code allowed restricted programs to escape sandbox. Impac...

Exim: Multiple vulnerabilities

Background Exim is a message transfer agent MTA designed to be a a highly configurable, drop-in replacement for sendmail. Description Multiple vulnerabilities have been discovered in Exim. Please review the CVE identifiers referenced below for details. Impact A remote attacker, by connecting to t...

Git: User-assisted execution of arbitrary code

Background Git is a distributed version control system designed. Description It was discovered that Git could be fooled into running remote code during a clone on case-insensitive file systems with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filte...

X.Org X Server: Privilege escalation

Background The X Window System is a graphical windowing system based on a client/server model. Description It was discovered that X.Org X Server did not sufficiently check the length of the XInput extension’s ChangeFeedbackControl request. Impact An authorized attacker could possibly escalate...

Python: Multiple vulnerabilities

Background Python is an interpreted, interactive, object-oriented programming language. Description Multiple vulnerabilities have been discovered in Python. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround...

WebkitGTK+: Multiple vulnerabilities

Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Description Multiple vulnerabilities have been discovered in WebkitGTK+. Please review the CVE...

Chromium, Google Chrome: Multiple vulnerabilities

Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...

Mozilla Thunderbird: Multiple vulnerabilities

Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

GRUB: Multiple vulnerabilities

Background GNU GRUB is a multiboot boot loader used by most Linux systems. Description Multiple vulnerabilities have been discovered in GRUB. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no kno...

Mozilla Firefox: Multiple vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

libTIFF: Multiple vulnerabilities

Background The TIFF library contains encoding and decoding routines for the Tag Image File Format. It is called by numerous programs, including GNOME and KDE applications, to interpret TIFF images. Description Multiple vulnerabilities have been discovered in LibTIFF. Please review the referenced...

ClamAV: Denial of service

Background ClamAV is a GPL virus scanner. Description A vulnerability has been discovered in ClamAV. Please review the CVE identifier referenced below for details. Impact A remote attacker could cause ClamAV to scan a specially crafted file, possibly resulting a Denial of Service condition...

Redis: Remote code execution

Background Redis is an open source BSD licensed, in-memory data structure store, used as a database, cache and message broker. Description It was discovered that there were a number of integer overflow issues in Redis. Impact A remote attacker, able to connect to a Redis instance, could send a...

SQLite: Remote code execution

Background SQLite is a C library that implements an SQL database engine. Description It was discovered that SQLite incorrectly handled certain sub-queries. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition...

OpenSSL: Multiple vulnerabilities

Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1/v1.1/v1.2/v1.3 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifier...

Salt: Multiple vulnerabilities

Background Salt is a fast, intelligent and scalable automation engine. Description Multiple vulnerabilities have been discovered in Salt. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary commands via salt-api, cause a Denial...

Mozilla Thunderbird: Multiple vulnerabilities

Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

Mozilla Firefox: Multiple vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

NSD: Symbolic link traversal

Background An authoritative only, high performance, open source name server Description A local vulnerability was discovered that would allow for a local symlink attack due to how NSD handles PID files. Impact A local attacker could cause a Denial of Service condition. Workaround There is no know...

ImageMagick: Command injection

Background A collection of tools and libraries for many image formats. Description A flaw in ImageMagick’s handling of password protected PDFs was discovered. Impact A remote attacker could entice a user to open a specially crafted PDF using ImageMagick possibly resulting in execution of arbitrar...

VLC: Buffer overflow

Background VLC is a cross-platform media player and streaming server. Description VLC was found to have a buffer overflow when handling crafted MKV files. Impact A remote attacker could entice a user to open a specially crafted MKV file using VLC possibly resulting in execution of arbitrary code...

Telegram Desktop: Multiple vulnerabilities

Background Telegram is a messaging app with a focus on speed and security. Description Multiple vulnerabilities have been discovered in Telegram Desktop. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround The...

phpMyAdmin: Multiple vulnerabilities

Background phpMyAdmin is a web-based management tool for MySQL databases. Description Multiple vulnerabilities have been discovered in phpMyAdmin. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is n...

Mutt: Denial of service

Background Mutt is a small but very powerful text-based mail client. Description A memory leak could occur when a crafted email message is received. Impact An attacker could cause a possible Denial of Service condition. Workaround There is no known workaround at this time. Resolution All Mutt use...

libvirt: Unintended access to /dev/mapper/control

Background libvirt is a C toolkit for manipulating virtual machines. Description A file descriptor for /dev/mapper/control was insufficiently protected. Impact A local attacker may be able to escalate to root privileges. Workaround There is no known workaround at this time. Resolution All libvirt...

f2fs-tools: Multiple vulnerabilities

Background Tools for Flash-Friendly File System F2FS. Description Multiple vulnerabilities have been discovered in f2fs-tools. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround a...

cfitsio: Multiple vulnerabilities

Background A C and Fortran library for manipulating FITS files. Description Multiple vulnerabilities have been discovered in cfitsio. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

ncurses: Multiple vulnerabilities

Background A console display library. Description Multiple vulnerabilities have been discovered in ncurses. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...

OpenJPEG: Multiple vulnerabilities

Background OpenJPEG is an open-source JPEG 2000 library. Description Multiple vulnerabilities have been discovered in OpenJPEG. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround ...

PEAR Archive_Tar: Directory traversal

Background This class provides handling of tar files in PHP. Description Multiple vulnerabilities have been discovered in PEAR ArchiveTar. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

FreeRADIUS: Root privilege escalation

Background FreeRADIUS is a modular, high performance free RADIUS suite. Description It was discovered that Gentoo’s FreeRADIUS systemd unit set permissions on an unsafe directory on start. Impact A local attacker could escalate privileges. Workaround There is no known workaround at this time...

Qt WebEngine: Multiple vulnerabilities

Background Library for rendering dynamic web content in Qt5 C++ and QML applications. Description Multiple vulnerabilities have been discovered in Qt WebEngine. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

Cacti: Remote code execution

Background Cacti is a complete frontend to rrdtool. Description The sideid parameter in datadebug.php does not properly verify input allowing SQL injection. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition...

Mutt, NeoMutt: Information disclosure

Background Mutt is a small but very powerful text-based mail client. NeoMutt is a command line mail reader or MUA. It’s a fork of Mutt with added features. Description A weakness in TLS handshake handling was found which may allow information disclosure. Impact A remote attacker may be able to...

sudo: Multiple vulnerabilities

Background sudo su “do” allows a system administrator to delegate authority to give certain users or groups of users the ability to run some or all commands as root or another user while providing an audit trail of the commands and their arguments. Description Multiple vulnerabilities have been...

glibc: Multiple vulnerabilities

Background glibc is a package that contains the GNU C library. Description Multiple vulnerabilities have been discovered in glibc. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workarou...

Flatpak: Sandbox escape

Background Flatpak is a Linux application sandboxing and distribution framework. Description A bug was discovered in the flatpak-portal service that can allow sandboxed applications to execute arbitrary code on the host system a sandbox escape. Impact A remote attacker could entice a user to open...

OpenJDK: Multiple vulnerabilities

Background OpenJDK is a free and open-source implementation of the Java Platform, Standard Edition. Description Multiple vulnerabilities have been discovered in OpenJDK. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

Python: Multiple vulnerabilities

Background Python is an interpreted, interactive, object-oriented programming language. Description Multiple vulnerabilities have been discovered in Python. Please review the bugs referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of t...

Mozilla Thunderbird: Remote code execution

Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description A use-after-free bug was discovered in Mozilla Thunderbird handling of SCTP. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Deni...

KDE Connect: Denial of service

Background KDE Connect is a project that enables all your devices to communicate with each other. Description Multiple issues causing excessive resource consumption were found in KDE Connect. Impact An attacker could cause a possible Denial of Service condition. Workaround There is no known...

Wireshark: Multiple vulnerabilities

Background Wireshark is a network protocol analyzer formerly known as ethereal. Description Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There...

Chromium, Google Chrome: Multiple vulnerabilities

Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...

Dnsmasq: Multiple vulnerabilities

Background Dnsmasq is a lightweight and easily-configurable DNS forwarder and DHCP server. Description Multiple vulnerabilities have been discovered in Dnsmasq. Please review the references below for details. Impact An attacker, by sending specially crafted DNS replies, could possibly execute...

VirtualBox: Multiple vulnerabilities

Background VirtualBox is a powerful virtualization product from Oracle. Description Multiple vulnerabilities have been discovered in VirtualBox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...