D-Bus: Denial of service

Background D-Bus is a message bus system which processes can use to talk to each other. Description D-Bus does not correctly dispose of old connections meaning that it is possible for D-Bus to hit a connection limit. Impact An attacker could cause a possible Denial of Service condition. Workaroun...

Xen: Multiple vulnerabilities

Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...

Chromium, Google Chrome: Multiple vulnerabilities

Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...

Transmission: Remote code execution

Background Transmission is a cross-platform BitTorrent client. Description Transmission mishandles some memory management which may allow manipulation of the heap. Impact A remote attacker could entice a user to open a specially crafted torrent file using Transmission, possibly resulting in...

NTP: Multiple vulnerabilities

Background NTP contains software for the Network Time Protocol. Description Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaroun...

netqmail: Multiple vulnerabilities

Background qmail is a secure, reliable, efficient, simple message transfer agent. Description Multiple vulnerabilities have been discovered in netqmail. Please review the CVE identifiers referenced below for details. Impact In the default configuration, these vulnerabilities are only local. Pleas...

QtNetwork: Denial of service

Background QtNetwork provides a set of APIs for programming applications that use TCP/IP. It is part of the Qt framework. Description A flaw was discovered in QtNetwork’s handling of OpenSSL protocol errors. Impact An attacker could cause a possible Denial of Service condition. Workaround There i...

JHead: Multiple vulnerabilities

Background JHead is an exif jpeg header manipulation tool. Description Multiple vulnerabilities have been discovered in JHead. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround a...

Mozilla Firefox: Multiple vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

yaml-cpp: Denial of service

Background yaml-cpp is a YAML parser and emitter in C++. Description The function Scanner::peek in scanner.cpp may have an assertion failure. Impact An attacker could cause a possible Denial of Service condition. Workaround There is no known workaround at this time. Resolution All yaml-cpp users...

Samba: Multiple vulnerabilities

Background Samba is a suite of SMB and CIFS client/server programs. Description Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

HylaFAX: Multiple vulnerabilities

Background HylaFAX is an enterprise-class system for sending and receiving facsimile messages and for sending alpha-numeric pages. Description Multiple vulnerabilities have been discovered in HylaFAX. Please review the CVE identifiers referenced below for details. Impact Please review the...

Mozilla Thunderbird: Multiple vulnerabilities

Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

Cacti: Multiple vulnerabilities

Background Cacti is a complete frontend to rrdtool. Description Multiple vulnerabilities have been discovered in Cacti. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this...

cURL: Multiple vulnerabilities

Background A command line tool and library for transferring data with URLs. Description Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...

WebKitGTK+: Multiple vulnerabilities

Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Description Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE...

libexif: Multiple vulnerabilities

Background libexif is a library for parsing, editing and saving Exif metadata from images. Description Multiple vulnerabilities have been discovered in libexif. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

Wireshark: Multiple vulnerabilities

Background Wireshark is a network protocol analyzer formerly known as ethereal. Description Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There...

fwupd, libjcat: Multiple vulnerabilities

Background fwupd aims to make updating firmware on Linux automatic, safe and reliable. libjcat is a library and tool for reading and writing Jcat files. Description Multiple vulnerabilities have been discovered in fwupd and libjcat. Please review the CVE identifiers referenced below for details...

Asterisk: Root privilege escalation

Background A Modular Open Source PBX System. Description It was discovered that Gentoo’s Asterisk ebuild does not properly set permissions on its data directories. This only affects OpenRC systems, as the flaw was exploitable via the init script. Impact A local attacker could escalate privileges...

Cyrus IMAP Server: Access restriction bypass

Background The Cyrus IMAP Server is an efficient, highly-scalable IMAP e-mail server. Description An issue was discovered in Cyrus IMAP Server where sieve script uploading is excessively trusted. Impact A user can use a sieve script to create any mailbox with administrator privileges. Workaround...

Bubblewrap: Arbitrary code execution

Background Bubblewrap is an unprivileged sandboxing tool namespaces-powered chroot-like solution. Description Bubblewrap misuses temporary directories in /tmp as a mount point. Impact This flaw may allow possible execution of code or prevention of running Bubblewrap. Workaround There is no known...

Apache Tomcat: Remote code execution

Background Apache Tomcat is a Servlet-3.0/JSP-2.2 Container. Description Apache Tomcat improperly handles deserialization of files under specific circumstances. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service conditio...

PCRE2: Denial of service

Background PCRE2 is a project based on PCRE Perl Compatible Regular Expressions which has a new and revised API. Description PCRE2 has a flaw when handling JIT-compiled regex using the \X pattern. Impact An attacker could cause a possible Denial of Service condition. Workaround There is no known...

json-c: Multiple vulnerabilities

Background json-c is a JSON implementation in C. Description Multiple vulnerabilities have been discovered in json-c. Please review the CVE identifiers referenced below for details. Impact A remote/local attacker could send a specially crafted file possibly resulting in a Denial of Service...

OpenConnect: Multiple vulnerabilities

Background OpenConnect is a free client for Cisco AnyConnect SSL VPN software. Description Multiple vulnerabilities have been discovered in OpenConnect. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround Ther...

FAAD2: Multiple vulnerabilities

Background FAAD2 is an open source MPEG-4 and MPEG-2 AAC decoder. Description Multiple vulnerabilities have been discovered in FAAD2. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

Mozilla Thunderbird: Multiple vulnerabilities

Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

PEAR Archive_Tar: Remote code execution vulnerability

Background This class provides handling of tar files in PHP. Description An issue was discovered in the PEAR module ArchiveTar’s handling of file paths within Tar achives. Impact A local or remote attacker could possibly execute arbitrary code with the privileges of the process. Workaround Avoid...

OpenJDK, IcedTea: Multiple vulnerabilities

Background OpenJDK is a free and open-source implementation of the Java Platform, Standard Edition. IcedTea’s aim is to provide OpenJDK in a form suitable for easy configuration, compilation and distribution with the primary goal of allowing inclusion in GNU/Linux distributions. Description...

GNU Mailutils: Privilege escalation

Background The GNU Mailutils are a collection of mail-related utilities, including an IMAP4 server imap4d. Description GNU Mailutils runs maidag by default with setuid root permissions. Impact An attacker can use this to write to arbitrary files as root. Workaround There is no known workaround at...

Nokogiri: Command injection

Background Nokogiri is an HTML, XML, SAX, and Reader parser. Description A command injection vulnerability in Nokogiri allows commands to be executed in a subprocess by Ruby’s Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizerloadfile is being...

glibc: Multiple vulnerabilities

Background glibc is a package that contains the GNU C library. Description Multiple vulnerabilities have been discovered in glibc. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workarou...

GNU Readline: Multiple vulnerabilities

Background The GNU Readline library provides a set of functions for use by applications that allow users to edit command lines as they are typed in. Description Multiple vulnerabilities have been discovered in GNU Readline. Please review the CVE identifiers referenced below for details. Impact...

Adobe Flash Player: Arbitrary code execution

Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description An unspecified flaw has been discovered in Adobe Flash Player. Impact This flaw can be exploited by attackers for remote code execution. Workaround There is...

WebKitGTK+: Multiple vulnerabilities

Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Description Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE...

Mozilla Firefox: Multiple vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

Ansible: Multiple vulnerabilities

Background Ansible is a radically simple IT automation platform. Description Multiple vulnerabilities have been discovered in Ansible. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

ssvnc: Multiple vulnerabilities

Background The Enhanced TightVNC Viewer, SSVNC, adds encryption security to VNC connections. Description Multiple vulnerabilities have been discovered in ssvnc. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

Perl: Multiple vulnerabilities

Background Perl is a highly capable, feature-rich programming language. Description Multiple vulnerabilities have been discovered in Perl. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

Chromium, Google Chrome: Multiple vulnerabilities

Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...

GnuTLS: Information disclosure

Background GnuTLS is an Open Source implementation of the TLS and SSL protocols. Description A flaw was reported in the TLS session ticket key construction in GnuTLS. Impact A remote attacker could recover previous conversations in TLS 1.2 and obtain sensitive information or conduct a...

VLC: Buffer overflow

Background VLC is a cross-platform media player and streaming server. Description A buffer overflow in DecodeBlock in sdlimage.c was discovered. Impact A remote user could craft a specifically crafted image file that could execute arbitrary code or cause denial of service. Workaround The user...

LIVE555 Media Server: Multiple vulnerabilities

Background LIVE555 Media Server is a set of libraries for multimedia streaming. Description Multiple vulnerabilities have been discovered in LIVE555 Media Server. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

Xen: Multiple vulnerabilities

Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...

libmicrodns: Multiple vulnerabilities

Background libmicrodns is an mDNS library, focused on being simple and cross-platform. Description Multiple vulnerabilities have been discovered in libmicrodns. Please review the CVE identifiers and the upstream advisory referenced below for details. Impact Please review the referenced CVE...

FreeRDP: Multiple vulnerabilities

Background FreeRDP is a free implementation of the Remote Desktop Protocol. Description Multiple vulnerabilities have been discovered in FreeRDP. Please review the CVE identifiers referenced below for details. Impact An attacker could possibly cause a Denial of Service condition. Workaround There...

OpenSLP: Multiple vulnerabilities

Background OpenSLP is an open-source implementation of Service Location Protocol SLP. Description Multiple vulnerabilities have been discovered in OpenSLP. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround...

Chromium, Google Chrome: Multiple vulnerabilities

Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...

Python: Denial of service

Background Python is an interpreted, interactive, object-oriented programming language. Description An issue was discovered in urllib.request.AbstractBasicAuthHandler which allowed a remote attacker to send malicious data causing extensive regular expression backtracking. Impact An attacker could...