Mozilla Thunderbird: Multiple vulnerabilities

Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to execute arbitrar...

Mozilla Firefox: Multiple vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to view a specially...

Long Range ZIP: Multiple vulnerabilities

Background Optimized for compressing large files Description Multiple vulnerabilities have been discovered in Long Range ZIP. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted archive file possibly resulting in...

Squid: Multiple vulnerabilities

Background Squid is a full-featured Web proxy cache designed to run on Unix systems. It supports proxying and caching of HTTP, FTP, and other URLs, as well as SSL support, cache hierarchies, transparent caching, access control lists and many other features. Description Multiple vulnerabilities ha...

QEMU: Multiple vulnerabilities

Background QEMU is a generic and open source machine emulator and virtualizer. Description Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...

Cacti: Multiple vulnerabilities

Background Cacti is a complete frontend to rrdtool. Description Multiple vulnerabilities have been discovered in Cacti. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this...

libu2f-host: Multiple vulnerabilities

Background Yubico Universal 2nd Factor U2F Host C Library. Description Multiple vulnerabilities have been discovered in libu2f-host. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to plug-in a malicious USB device, possibly resulting i...

FontForge: Multiple vulnerabilities

Background FontForge is a PostScript font editor and converter. Description Multiple vulnerabilities have been discovered in FontForge. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted font using FontForge,...

Django: Multiple vulnerabilities

Background Django is a Python-based web framework. Description Multiple vulnerabilities have been discovered in Django. Please review the CVE identifiers referenced below for details. Impact A remote attacker, by sending specially crafted input, could possibly cause a Denial of Service condition,...

Chromium, Google Chrome: Multiple vulnerabilities

Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...

Mozilla Firefox: Multiple vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to view a specially...

Git: Information disclosure

Background Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Description Multiple vulnerabilities have been discovered in Git. Please review the CVE identifiers referenced below for details...

OpenSSL: Multiple vulnerabilities

Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1/v1.1/v1.2/v1.3 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifier...

libssh: Denial of service

Background libssh is a multiplatform C library implementing the SSHv2 protocol on client and server side. Description It was discovered that libssh could crash when AES-CTR ciphers are used. Impact A remote attacker running a malicious client or server could possibly crash the counterpart...

Chromium, Google Chrome: Multiple vulnerabilities

Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...

Mozilla Firefox: Multiple vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to view a specially...

GnuTLS: DTLS protocol regression

Background GnuTLS is an Open Source implementation of the TLS and SSL protocols. Description It was discovered that DTLS client did not contribute any randomness to the DTLS negotiation. Impact Please review the referenced advisory for details. Workaround There is no known workaround at this time...

ledger: Multiple vulnerabilities

Background Ledger is a powerful, double-entry accounting system that is accessed from the UNIX command-line. Description Multiple vulnerabilities have been discovered in ledger. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to process...

Qt WebEngine: Arbitrary code execution

Background Library for rendering dynamic web content in Qt5 C++ and QML applications. Description A use-after-free vulnerability has been found in the audio component of Qt WebEngine. Impact A remote attacker could entice a user to open a specially crafted media file in an application linked...

HAProxy: Remote execution of arbitrary code

Background HAProxy is a TCP/HTTP reverse proxy for high availability environments. Description It was discovered that HAProxy incorrectly handled certain HTTP/2 headers. Impact A remote attacker could send a specially crafted HTTP/2 header, possibly resulting in execution of arbitrary code with t...

VirtualBox: Multiple vulnerabilities

Background VirtualBox is a powerful virtualization product from Oracle. Description Multiple vulnerabilities have been discovered in VirtualBox. Please review the CVE identifiers referenced below for details. Impact An attacker could take control of VirtualBox resulting in the execution of...

GPL Ghostscript: Multiple vulnerabilities

Background Ghostscript is an interpreter for the PostScript language and for PDF. Description Multiple vulnerabilities have been discovered in GPL Ghostscript. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to process a specially craft...

GNU IDN Library 2: Multiple vulnerabilities

Background GNU IDN Library 2 is an implementation of the IDNA2008 + TR46 specifications RFC 5890, RFC 5891, RFC 5892, RFC 5893, TR 46. Description Multiple vulnerabilities have been discovered in GNU IDN Library 2. Please review the CVE identifiers referenced below for details. Impact A remote...

GNU Screen: Buffer overflow

Background GNU Screen is a full-screen window manager that multiplexes a physical terminal between several processes, typically interactive shells. Description A buffer overflow was found in the way GNU Screen treated the special escape OSC 49. Impact A remote attacker, by writing a specially...

QEMU: Multiple vulnerabilities

Background QEMU is a generic and open source machine emulator and virtualizer. Description Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Impact An attacker could possibly execute arbitrary code with the privileges of the...

libxls: Multiple vulnerabilities

Background libxls is a C library for reading Excel files in the nasty old binary OLE format, plus a command-line tool for converting XLS to CSV. Description Multiple vulnerabilities have been discovered in libxls. Please review the CVE identifiers referenced below for details. Impact A remote...

FFmpeg: Multiple vulnerabilities

Background FFmpeg is a complete, cross-platform solution to record, convert and stream audio and video. Description Multiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user or automated...

QtCore: Multiple vulnerabilities

Background The Qt toolkit is a comprehensive C++ application development framework. Description Multiple vulnerabilities have been discovered in QtCore. Please review the CVE identifiers referenced below for details. Impact An attacker could possibly execute arbitrary code with the privileges of...

PHP: Multiple vulnerabilities

Background PHP is an open source general-purpose scripting language that is especially suited for web development. Description Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact An attacker could possibly execute arbitrary...

Adobe Flash Player: Remote execution of arbitrary code

Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description A critical type confusion vulnerability was discovered in Adobe Flash Player. Impact A remote attacker could possibly execute arbitrary code with the...

UnZip: User-assisted execution of arbitrary code

Background Info-ZIP’s UnZip is a tool to list and extract files inside PKZIP compressed files. Description Multiple vulnerabilities have been discovered in UnZip. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially craft...

libvpx: User-assisted execution of arbitrary code

Background libvpx is the VP8 codec SDK used to encode and decode video streams, typically within a WebM format media file. Description Multiple vulnerabilities have been discovered in libvpx. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a...

Tor: Multiple vulnerabilities

Background Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service. Description Multiple vulnerabilities have been discovered in Tor, and tor. Please review the CVE identifiers referenced below for details. Impact A remote attacker coul...

WeeChat: Multiple vulnerabilities

Background Wee Enhanced Environment for Chat WeeChat is a light and extensible console IRC client. Description Multiple vulnerabilities have been discovered in WeeChat. Please review the CVE identifiers referenced below for details. Impact A remote attacker, by sending a specially crafted IRC...

BlueZ: Security bypass

Background Set of tools to manage Bluetooth devices for Linux. Description It was discovered that the HID and HOGP profiles implementations in BlueZ did not specifically require bonding between the device and the host. Impact A remote attacker with adjacent access could impersonate an existing HI...

Chromium, Google Chrome: Multiple vulnerabilities

Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...

Pure-FTPd: Multiple vulnerabilities

Background Pure-FTPd is a fast, production-quality and standards-compliant FTP server. Description Multiple vulnerabilities have been discovered in Pure-FTPd. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly cause a Denial of Service conditio...

Samba: Multiple vulnerabilities

Background Samba is a suite of SMB and CIFS client/server programs. Description Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code, cause a Denial of Service...

Zsh: Privilege escalation

Background A shell designed for interactive use, although it is also a powerful scripting language. Description It was discovered that Zsh was insecure dropping privileges when unsetting PRIVILEGED option. Impact An attacker could escalate privileges. Workaround There is no known workaround at th...

Xen: Multiple vulnerabilities

Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the referenced CVE identifiers for details. Impact A local attacker could potentially gain privileges on the host system or cause a Denial of Service condition. Workaround...

Exim: Heap-based buffer overflow

Background Exim is a message transfer agent MTA designed to be a a highly configurable, drop-in replacement for sendmail. Description It was discovered that Exim incorrectly handled certain string operations. Impact A remote attacker, able to connect to a vulnerable Exim instance, could possibly...

Node.js: Multiple vulnerabilities

Background Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript engine. Description Multiple vulnerabilities have been discovered in Node.js. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly write arbitrary files, cause a Denial of...

libgit2: Multiple vulnerabilities

Background libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API. Description Multiple vulnerabilities have been discovered in libgit2. Please review the CVE identifiers referenced below for details. Impact An attacker coul...

PECL Imagick: Arbitrary code execution

Background Imagick is a PHP extension to create and modify images using the ImageMagick library. Description An out-of-bounds write vulnerability was discovered in the Imagick PHP extension. Impact A remote attacker, able to upload specially crafted images which will get processed by Imagick, cou...

GNU FriBidi: Heap-based buffer overflow

Background The Free Implementation of the Unicode Bidirectional Algorithm. Description A heap-based buffer overflow vulnerability was found in GNU FriBidi. Impact A remote attacker could possibly cause a memory corruption, execute arbitrary code with the privileges of the process or cause a Denia...

Binary diff: Heap-based buffer overflow

Background bsdiff and bspatch are tools for building and applying patches to binary files. Description It was discovered that the implementation of bspatch did not check for a negative value on numbers of bytes read from the diff and extra streams. Impact A remote attacker could entice a user to...

ClamAV: Multiple vulnerabilities

Background ClamAV is a GPL virus scanner. Description Multiple vulnerabilities have been discovered in ClamAV. Please review the CVE identifiers referenced below for details. Impact A remote attacker could cause ClamAV to scan a specially crafted file, possibly resulting in a Denial of Service...

PyYAML: Arbitrary code execution

Background PyYAML is a YAML parser and emitter for Python. Description It was found that using yaml.load API on untrusted input could lead to arbitrary code execution. Impact A remote attacker could entice a user to process specially crafted input in an application using yaml.load from PyYAML,...

Apache Tomcat: Multiple vulnerabilities

Background Apache Tomcat is a Servlet-3.0/JSP-2.2 Container. Description Multiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details. Impact An attacker could possibly smuggle HTTP requests or execute arbitrary code. Workaround...

phpMyAdmin: SQL injection

Background phpMyAdmin is a web-based management tool for MySQL databases. Description PhpMyAdmin was vulnerable to an SQL injection attack through the designer feature. Impact An authenticated remote attacker, by specifying a specially crafted database/table name, could trigger an SQL injection...