3816 matches found
Zabbix: Root privilege escalation
Background Zabbix is software for monitoring applications, networks, and servers. Description It was discovered that Gentoo’s Zabbix ebuild did not properly set permissions or placed the pid file in an unsafe directory. Impact A local attacker could escalate privileges. Workaround There is no kno...
Asterisk: Multiple vulnerabilities
Background A Modular Open Source PBX System. Description Multiple vulnerabilities have been discovered in Asterisk. Please review the security advisories referenced below for details. Impact An attacker could cause a possible Denial of Service condition. Workaround There is no known workaround at...
VirtualBox: Multiple vulnerabilities
Background VirtualBox is a powerful virtualization product from Oracle. Description Multiple vulnerabilities have been discovered in VirtualBox. Please review the CVE identifiers referenced below for details. Impact An attacker could take control of VirtualBox resulting in the execution of...
Ark: Symlink vulnerability
Background Ark is a graphical file compression/decompression utility with support for multiple formats. Description KDE Ark did not fully verify symlinks contained within tar archives. Impact A remote attacker could entice a user to open a specially crafted tar archive using KDE Ark, possibly...
NodeJS: Multiple vulnerabilities
Background Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript engine. Description Multiple vulnerabilities have been discovered in NodeJS. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There...
Pillow: Multiple vulnerabilities
Background Python Imaging Library fork Description Multiple vulnerabilities have been discovered in Pillow. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...
Dovecot: Multiple vulnerabilities
Background Dovecot is an open source IMAP and POP3 email server. Description Multiple vulnerabilities have been discovered in Dovecot. Please review the CVE identifiers referenced below for details. Impact A remote attacker could send a specially crafted mail or send a specially crafted IMAP...
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...
Mozilla Firefox: Remote code execution
Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description A use-after-free bug was discovered in Mozilla Firefox’s handling of SCTP. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of...
Firejail: Multiple vulnerabilities
Background A SUID program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf. Description Multiple vulnerabilities have been discovered in Firejail. Please review the CVE identifiers referenced below f...
ipmitool: Multiple vulnerabilities
Background Utility for controlling IPMI enabled devices. Description Multiple vulnerabilities have been discovered in ipmiool. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process or cause...
Apache Tomcat: Information disclosure
Background Apache Tomcat is a Servlet-3.0/JSP-2.2 Container. Description It was discovered that Apache Tomcat could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. Impact A remote attacker, by...
HAProxy: Arbitrary code execution
Background HAProxy is a TCP/HTTP reverse proxy for high availability environments. Description It was discovered that HAProxy incorrectly handled certain HTTP/2 headers. Impact A remote attacker, by sending a specially crafted HTTP/2 request, could possibly execute arbitrary code with the...
Samba: Multiple vulnerabilities
Background Samba is a suite of SMB and CIFS client/server programs. Description Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
Mozilla Network Security Service (NSS): Denial of service
Background The Mozilla Network Security Service NSS is a library implementing security features like SSL v.2/v.3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME and X.509 certificates. Description A flaw was found in the way Mozilla Network Security Service NSS handled CCS ChangeCipherSpec message...
PowerDNS: information disclosure
Background The PowerDNS nameserver is an authoritative-only nameserver which uses a flexible backend architecture. Description It was discovered that PowerDNS did not properly handle certain unknown records. Impact An authorized attacker with the ability to insert crafted records into a zone migh...
OpenSSL: Denial of service
Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1/v1.1/v1.2/v1.3 as well as a general purpose cryptography library. Description A null pointer dereference flaw was found in OpenSSL. Impact A remote attacker, able to...
Mozilla Firefox, Mozilla Thunderbird: Multiple vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox and Mozilla Thunderbird. Please review the CVE...
D-Bus: Denial of service
Background D-Bus is a message bus system which processes can use to talk to each other. Description It was discovered that D-Bus did not properly handle the situation when two usernames have the same numeric UID. Impact An attacker could possibly cause a Denial of Service condition or trigger oth...
Cherokee: Multiple vulnerabilities
Background Cherokee is an extra-light web server. Description Multiple vulnerabilities have been discovered in Cherokee. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this...
libass: User-assisted execution of arbitrary code
Background libass is a portable subtitle renderer for the ASS/SSA Advanced Substation Alpha/Substation Alpha subtitle format. Description It was discovered that libass did not properly handle Advanced Substation Alpha/Substation Alpha subtitle format files. Impact A remote attacker could entice a...
WebkitGTK+: Multiple vulnerabilities
Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Description Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE...
cURL: Multiple vulnerabilities
Background A command line tool and library for transferring data with URLs. Description Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...
PowerDNS Recursor: Denial of service
Background PowerDNS Recursor is a high-end, high-performance resolving name server. Description It was discovered that it was possible to update the DNSSEC validation state to a bogus state for a cached record via DNS ANY query. Impact A remote attacker could send specially crafted DNS queries to...
PHP: Multiple vulnerabilities
Background PHP is an open source general-purpose scripting language that is especially suited for web development. Description Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers and change log referenced below for details. Impact An attacker could cause a Deni...
c-ares: Denial of service
Background c-ares is an asynchronous resolver library. Description It was discovered that c-ares incorrectly handled certain DNS requests. Impact A remote attacker, able to trigger a DNS request for a host of their choice by an application linked against c-ares, could possibly cause a Denial of...
GDK-PixBuf: Denial of service
Background GDK-PixBuf is an image loading library for GTK+. Description It was discovered that the GDK-PixBuf library did not properly handle certain GIF images. Impact A remote attacker could entice a user to open a specially crafted GIF image in an application linked against GDK-PixBuf library,...
X.Org X Server: Multiple vulnerabilities
Background The X Window System is a graphical windowing system based on a client/server model. Description Multiple vulnerabilities have been discovered in X.org X Server. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...
MariaDB: Multiple vulnerabilities
Background MariaDB is an enhanced, drop-in replacement for MySQL. Description Multiple vulnerabilities have been discovered in MariaDB. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
PostgreSQL: Multiple vulnerabilities
Background PostgreSQL is an open source object-relational database management system. Description Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly obtain sensitive information, alte...
SeaMonkey: Multiple vulnerabilities
Background The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as “Mozilla Application Suite”. Description Multiple vulnerabilities have been discovered in SeaMonkey. Please review referenced release notes for more...
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...
Mozilla Thunderbird: Multiple vulnerabilities
Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the referenced Mozilla Foundation Security Advisories and CVE identifiers below for details. Impact Please...
Linux-PAM: Authentication bypass
Background Linux-PAM Pluggable Authentication Modules is an architecture allowing the separation of the development of privilege granting software from the development of secure and appropriate authentication schemes. Description A flaw was found in Linux-Pam in the way it handle empty passwords...
Mozilla Firefox: Multiple vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
MIT Kerberos 5: Denial of service
Background The MIT Kerberos 5 implementation provides a command line telnet client which is used for remote login via the telnet protocol. Description It was discovered that MIT Kerberos network authentication system, krb5, did not properly handle ASN.1-encoded Kerberos messages. Impact A remote...
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...
libexif: Multiple vulnerabilities
Background libexif is a library for parsing, editing and saving Exif metadata from images. Description Multiple vulnerabilities have been discovered in libexif. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
Apache Ant: Insecure temporary file
Background Ant is a Java-based build tool similar to ‘make’ that uses XML configuration files. Description A previous fix for a security vulnerability involving insecure temporary files has been found to be incomplete. Impact A local attacker could perform symlink attacks to overwrite arbitrary...
libmaxminddb: Denial of service
Background The libmaxminddb library provides a C library for reading MaxMind DB files, including the GeoIP2 databases from MaxMind. Description libmaxminddb used uninitialised memory when reading from a corrupt database file. Impact A remote attacker could entice a user to use a specially crafted...
Mozilla Firefox: Remote code execution
Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Invalid assumptions when emitting the the MCallGetProperty opcode in the JavaScript JIT may result in a use-after-free condition. Impact A remote attacker could possibly execute arbitrary code wi...
tmux: Buffer overflow
Background tmux is a terminal multiplexer. Description A flaw in tmux’s handling of escape characters was discovered which may allow a buffer overflow. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition...
Salt: Multiple vulnerabilities
Background Salt is a remote execution and configuration manager. Description Multiple vulnerabilities have been discovered in Salt. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...
Xen: Multiple vulnerabilities
Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...
Wireshark: Multiple vulnerabilities
Background Wireshark is a network protocol analyzer formerly known as ethereal. Description Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There...
Blueman: Local privilege escalation
Background Blueman is a simple and intuitive GTK+ Bluetooth Manager. Description Where Polkit is not used and the default permissions have been changed on a specific rule file, control of a local DHCP daemon may be possible. Impact A local attacker may be able to achieve root privilege escalation...
QEMU: Multiple vulnerabilities
Background QEMU is a generic and open source machine emulator and virtualizer. Description Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...
MariaDB: Remote code execution
Background MariaDB is an enhanced, drop-in replacement for MySQL. Description It was discovered that MariaDB did not properly validate the content of a packet received from a server. Impact A remote attacker could send a specially crafted packet to WSREP service, possibly resulting in execution o...
OpenDMARC: Heap-based buffer overflow
Background OpenDMARC is an open source DMARC implementation. Description It was found that OpenDMARC did not properly handle DMARC aggregate reports. Impact A remote attacker, by sending a specially crafted DMARC aggregate report, could possibly cause a Denial of Service condition and depending o...