libssh: Denial of service

Background libssh is a multiplatform C library implementing the SSHv2 protocol on client and server side. Description libssh was found to have a NULL pointer dereference in tftpserver.c if the function sshbuffernew returns NULL. Impact An attacker could cause a possible Denial of Service conditio...

Fossil: Multiple vulnerabilities

Background Fossil is a simple, high-reliability, distributed software configuration management system. Description Multiple vulnerabilities have been discovered in Fossil. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a...

BlueZ: Arbitrary code execution

Background Set of tools to manage Bluetooth devices for Linux. Description It was discovered that there was a double-free vulnerability in Bluez after the service discovery which occurs after a Bluetoth Low Energy BLE connection has been established to a device. Impact A remote attacker, by...

KPMCore: Root privilege escalation

Background KPMcore, the KDE Partition Manager core, is a library for examining and modifying partitions, disk devices, and filesystems on a Linux system. It provides a unified programming interface over top of external system-manipulation tools. Description Improper checks on the D-Bus request...

Mozilla Firefox, Mozilla Thunderbird: Multiple vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox and Mozilla Thunderbird. Please review the CVE...

FreeType: Arbitrary code execution

Background FreeType is a high-quality and portable font engine. Description A flaw in FreeType’s handling of embedded PNG bitmaps was discovered where the image height and width was not checked to be within bounds. Impact A remote attacker could entice a user to open a specially crafted font file...

libxml2: Multiple vulnerabilities

Background libxml2 is the XML eXtended Markup Language C parser and toolkit initially developed for the Gnome project. Description Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

LibRaw: Multiple vulnerabilities

Background LibRaw is a library for reading RAW files obtained from digital photo cameras. Description Multiple vulnerabilities have been discovered in LibRaw. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted...

Ark: Arbitrary code execution

Background Ark is a graphical file compression/decompression utility with support for multiple formats. Description It was discovered that Ark incorrectly handled symbolic links in tar archive files. Impact A remote attacker could entice a user to open a specially crafted archive using Ark,...

libjpeg-turbo: Information disclosure

Background libjpeg-turbo is a MMX, SSE, and SSE2 SIMD accelerated JPEG library. Description It was discovered that libjpeg-turbo incorrectly handled certain PPM files. Impact A remote attacker could entice a user to open a specially crafted PPM file using an application linked against...

Mozilla Firefox, Mozilla Thunderbird: Multiple vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox and Mozilla Thunderbird. Please review the CVE...

Chromium, Google Chrome: Multiple vulnerabilities

Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...

Bitcoin: Multiple vulnerabilities

Background Bitcoin Core consists of both “full-node” software for fully validating the blockchain as well as a bitcoin wallet. Description Multiple vulnerabilities have been discovered in Bitcoin. Please review the CVE identifiers referenced below for details. Impact Please review the referenced...

libuv: Buffer overflow

Background libuv is a multi-platform support library with a focus on asynchronous I/O. Description libuv used an incorrect buffer size for paths, causing a buffer overflow. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of...

gpsd: Arbitrary code execution

Background gpsd is a GPS daemon and library for USB/serial GPS devices and GPS/mapping clients. Description A stack-based buffer overflow was discovered in gpsd on port 2947/TCP or crafted JSON inputs. Impact A remote attacker could possibly execute arbitrary code with the privileges of the...

Xen: Buffer overflow

Background Xen is a bare-metal hypervisor. Description An out-of-bounds read/write access issue was found in the USB emulator when using QEMU. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround There...

Chromium, Google Chrome: Multiple vulnerabilities

Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...

LinuxCIFS: Shell injection

Background The LinuxCIFS utils are a collection of tools for managing Linux CIFS Client Filesystems. Description The mount.cifs utility had a shell injection issue where one can embed shell commands via the username mount option. Those commands will be run via popen in the context of the user...

GNOME File Roller: Directory traversal

Background File Roller is an archive manager for the GNOME desktop environment. Description It was discovered that GNOME File Roller incorrectly handled symlinks. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time. Resolution All...

Perl DBI: Multiple vulnerabilities

Background A database access module for the Perl programming language. Description Multiple vulnerabilities have been discovered in the Perl module DBI. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround Ther...

ZeroMQ: Denial of service

Background Looks like an embeddable networking library but acts like a concurrency framework. Description It was discovered that ZeroMQ does not properly handle connecting peers before a handshake is completed. Impact An unauthenticated remote attacker able to connect to a ZeroMQ endpoint, even...

ProFTPD: Denial of service

Background ProFTPD is an advanced and very configurable FTP server. Description It was found that ProFTPD did not properly handle invalid SCP commands. Impact An authenticated remote attacker could issue invalid SCP commands, possibly resulting in a Denial of Service condition. Workaround There i...

Qt GUI: Buffer overflow

Background The GUI module and platform plugins for the Qt5 framework. Description It was discovered that Qt GUI’s XBM parser did not properly handle X BitMap files. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time. Resolution Al...

GStreamer RTSP Server: Denial of service

Background RTSP server library based on GStreamer. Description It was discovered that GStreamer RTSP Server did not properly handle authentication. Impact A remote attacker, by sending specially crafted authentication requests, could possibly cause a Denial of Service condition. Workaround There ...

GNOME Shell: Information disclosure

Background GNOME Shell provides core user interface functions for the GNOME 3 desktop, like switching to windows and launching applications. Description It was discovered that GNOME Shell incorrectly handled the login screen password dialog. Impact Please review the referenced CVE identifiers for...

PHP: Denial of service

Background PHP is an open source general-purpose scripting language that is especially suited for web development. Description It was discovered that PHP did not properly handle PHAR files. Impact A remote attacker could entice a user to open a specially crafted PHAR file using PHP, possibly...

Nextcloud Desktop Sync client: Multiple vulnerabilities

Background Nextcloud Desktop Sync client can synchronize one or more directories to Nextcloud server. Description Multiple vulnerabilities have been discovered in Nextcloud Desktop Sync client. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

Chromium, Google Chrome: Multiple vulnerabilities

Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...

GnuTLS: Denial of service

Background GnuTLS is an Open Source implementation of the TLS and SSL protocols. Description It was found that GnuTLS didn’t handle “norenegotiation” alert properly. Impact A remote attacker could entice a user to connect to a malicious TLS endpoint using an application linked against GnuTLS,...

Dovecot: Multiple vulnerabilities

Background Dovecot is an open source IMAP and POP3 email server. Description It was discovered that Dovecot incorrectly handled deeply nested MIME parts, incorrectly handled memory when using NTLM, and incorrectly handled zero-length messages. Impact A remote attacker could send a specially craft...

chrony: Symlink vulnerability

Background chrony is a versatile implementation of the Network Time Protocol NTP. Description It was found that chrony did not check whether its PID file was a symlink. Impact A local attacker could perform symlink attacks to overwrite arbitrary files with root privileges. Workaround There is no...

Kleopatra: Remote code execution

Background Kleopatra is a certificate manager and a universal crypto GUI. It supports managing X.509 and OpenPGP certificates in the GpgSM keybox and retrieving certificates from LDAP servers. Description Kleopatra did not safely escape command line parameters provided by URLs, which it configure...

OpenJDK: Multiple vulnerabilities

Background OpenJDK is a free and open-source implementation of the Java Platform, Standard Edition. Description Multiple vulnerabilities have been discovered in OpenJDK. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

targetcli-fb: Multiple vulnerabilities

Background Tool for managing the Linux LIO kernel target. Description Multiple vulnerabilities have been discovered in targetcli-fb. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

BIND: Multiple vulnerabilities

Background BIND Berkeley Internet Name Domain is a Name Server. Description Multiple vulnerabilities have been discovered in BIND. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workarou...

GPL Ghostscript: Multiple vulnerabilities

Background Ghostscript is an interpreter for the PostScript language and for PDF. Description Multiple vulnerabilities have been discovered in GPL Ghostscript. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workarou...

Mozilla Firefox, Mozilla Thunderbird: Multiple vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox and Mozilla Thunderbird. Please review the CVE...

X.Org X11 library: Multiple vulnerabilities

Background X.Org is an implementation of the X Window System. The X.Org X11 library provides the X11 protocol library files. Description Multiple vulnerabilities have been discovered in X.org X11 library. Please review the CVE identifiers referenced below for details. Impact Please review the...

Redis: Multiple vulnerabilities

Background Redis is an open source BSD licensed, in-memory data structure store, used as a database, cache and message broker. Description Multiple vulnerabilities have been discovered in Redis. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CV...

Net-SNMP: Multiple vulnerabilities

Background Net-SNMP bundles software for generating and retrieving SNMP data. Description Multiple vulnerabilities have been discovered in Net-SNMP. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is...

Wireshark: Denial of service

Background Wireshark is a network protocol analyzer formerly known as ethereal. Description A double free error was discovered in Wireshark’s Kafka dissector. Impact A remote attacker could exploit these vulnerabilities by sending a malformed packet or enticing a user to read a malformed packet...

PostgreSQL: Multiple vulnerabilities

Background PostgreSQL is an open source object-relational database management system. Description Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaroun...

Docker: Information disclosure

Background Docker is the world’s leading software containerization platform. Description It was found that Docker created network bridges which by default accept IPv6 router advertisements. Impact An attacker who gained access to a container with CAPNETRAW capability may be able to to spoof route...

Chromium, Google Chrome: Multiple vulnerabilities

Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...

Shadow: Privilege escalation

Background Shadow is a set of tools to deal with user accounts. Description When Shadow was installed with the PAM use flag, setuid binaries provided by Shadow were not properly restricted. Impact A local attacker could escalate privileges to root. Workaround There is no known workaround at this...

Chromium, Google Chrome: Heap buffer overflow

Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description A buffer overflow has been discovered in Chromium and Google...

Mozilla Network Security Service (NSS): Multiple vulnerabilities

Background The Mozilla Network Security Service NSS is a library implementing security features like SSL v.2/v.3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME and X.509 certificates. Description Multiple vulnerabilities have been discovered in NSS. Please review the CVE identifiers referenced...

Chromium, Google Chrome: Multiple vulnerabilities

Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...

iproute2: Denial of service

Background iproute2 is a set of tools for managing Linux network routing and advanced features. Description iproute2 was found to contain a use-after-free in getnetnsidfromname in ip/ipnetns.c. Impact A remote attacker, able to feed iproute2 crafted data, may be able to cause a Denial of Service...

GNU GLOBAL: Arbitrary code execution

Background GNU GLOBAL is a source code tagging system that works the same way across diverse environments, such as Emacs editor, Vi editor, Less viewer, Bash shell, various web browsers, etc. Description A vulnerability was found in an undocumented function of gozilla. Impact A remote attacker...