3816 matches found
Cacti: Multiple vulnerabilities
Background Cacti is a complete frontend to rrdtool. Description Multiple vulnerabilities have been discovered in Cacti. Please review the CVE identifiers referenced below for details. Impact Remote attackers could execute arbitrary code or bypass intended access restrictions. Workaround There is ...
ProFTPd: Multiple vulnerabilities
Background ProFTPD is an advanced and very configurable FTP server. Description Multiple vulnerabilities have been discovered in ProFTPd. Please review the CVE identifiers referenced below for details. Impact A remote attacker, by interrupting the data transfer channel, could possibly execute...
Mozilla Network Security Service: Multiple vulnerabilities
Background The Mozilla Network Security Service NSS is a library implementing security features like SSL v.2/v.3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME and X.509 certificates. Description Multiple vulnerabilities have been discovered in Mozilla Network Security Service NSS. Please review...
libvorbis: Multiple vulnerabilities
Background libvorbis is the reference implementation of the Xiph.org Ogg Vorbis audio file format. It is used by many applications for playback of Ogg Vorbis files. Description Multiple vulnerabilities have been discovered in libvorbis. Please review the CVE identifiers referenced below for...
Squid: Multiple vulnerabilities
Background Squid is a full-featured Web proxy cache designed to run on Unix systems. It supports proxying and caching of HTTP, FTP, and other URLs, as well as SSL support, cache hierarchies, transparent caching, access control lists and many other features. Description Multiple vulnerabilities ha...
cURL: Multiple vulnerabilities
Background A command line tool and library for transferring data with URLs. Description Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of the...
nfdump: Multiple vulnerabilities
Background nfdump is a toolset in order to collect and process netflow and sflow data, sent from netflow/sflow compatible devices. Description Multiple vulnerabilities have been discovered in nfdump. Please review the CVE identifiers referenced below for details. Impact A remote attacker, by...
PPP: Buffer overflow
Background PPP is a Unix implementation of the Point-to-Point Protocol. Description It was discovered that bounds check in PPP for the rhostname was improperly constructed in the EAP request and response functions. Impact A remote attacker, by sending specially crafted authentication data, could...
file: Heap-based buffer overflow
Background file is a utility that guesses a file format by scanning binary data for patterns. Description It was discovered that file incorrectly handled certain malformed files. Impact A remote attacker could entice a user to process a specially crafted file via libmagic or file, possibly...
libjpeg-turbo: User-assisted execution of arbitrary code
Background libjpeg-turbo is a MMX, SSE, and SSE2 SIMD accelerated JPEG library. Description It was discovered that libjpeg-turbo incorrectly handled certain JPEG images. Impact A remote attacker could entice a user to open a specially crafted JPEG file in an application linked against...
gdb: Buffer overflow
Background gdb is the GNU project’s debugger, facilitating the analysis and debugging of applications. The BFD library provides a uniform method of accessing a variety of object file formats. Description It was discovered that gdb didn’t properly validate the ELF section sizes from input file...
Libgcrypt: Side-channel attack
Background Libgcrypt is a general purpose cryptographic library derived out of GnuPG. Description A timing attack was found in the way ECCDSA was implemented in Libgcrypt. Impact A local man-in-the-middle attacker, during signature generation, could possibly recover the private key. Workaround...
GStreamer Base Plugins: Heap-based buffer overflow
Background A well-groomed and well-maintained collection of GStreamer plug-ins and elements, spanning the range of possible types of elements one would want to write for GStreamer. Description It was discovered that GStreamer Base Plugins did not correctly handle certain malformed RTSP streams...
libssh: Arbitrary command execution
Background libssh is a multiplatform C library implementing the SSHv2 protocol on client and server side. Description It was discovered that libssh incorrectly handled certain scp commands. Impact A remote attacker could trick a victim into using a specially crafted scp command, possibly resultin...
libarchive: Multiple vulnerabilities
Background libarchive is a library for manipulating different streaming archive formats, including certain tar variants, several cpio formats, and both BSD and GNU ar variants. Description Multiple vulnerabilities have been discovered in libarchive. Please review the CVE identifiers referenced...
Git: Multiple vulnerabilities
Background Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Description Multiple vulnerabilities have been discovered in Git. Please review the CVE identifiers referenced below for details...
systemd: Heap use-after-free
Background A system and service manager. Description It was found that systemd incorrectly handled certain Polkit queries. Impact A local unprivileged user, by sending a specially crafted Polkit query, could possibly execute arbitrary code with the privileges of the process, escalate privileges o...
WebkitGTK+: Multiple vulnerabilities
Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Description Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the...
Python: Multiple vulnerabilities
Background Python is an interpreted, interactive, object-oriented programming language. Description Multiple vulnerabilities have been discovered in Python. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly perform a CRLF injection attack,...
runC: Multiple vulnerabilities
Background RunC is a CLI tool for spawning and running containers according to the OCI specification. Description Multiple vulnerabilities have been discovered in runC. Please review the CVE identifiers referenced below for details. Impact An attacker, by running a malicious Docker image, could...
SQLite: Multiple vulnerabilities
Background SQLite is a C library that implements an SQL database engine. Description Multiple vulnerabilities have been discovered in SQLite. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of the...
ICU: Integer overflow
Background ICU is a mature, widely used set of C/C++ and Java libraries providing Unicode and Globalization support for software applications. Description It was discovered that ICU’s UnicodeString::doAppend function is vulnerable to an integer overflow. Please review the CVE identifiers referenc...
libTIFF: Multiple vulnerabilities
Background The TIFF library contains encoding and decoding routines for the Tag Image File Format. It is called by numerous programs, including GNOME and KDE applications, to interpret TIFF images. Description Multiple vulnerabilities have been discovered in libTIFF. Please review the CVE...
libvirt: Multiple vulnerabilities
Background libvirt is a C toolkit for manipulating virtual machines. Description Multiple vulnerabilities have been discovered in libvirt. Please review the CVE identifiers referenced below for details. Impact A local privileged attacker could execute arbitrary commands, escalate privileges or...
sudo: Multiple vulnerabilities
Background sudo su “do” allows a system administrator to delegate authority to give certain users or groups of users the ability to run some or all commands as root or another user while providing an audit trail of the commands and their arguments. Description Multiple vulnerabilities have been...
Mozilla Thunderbird: Multiple vulnerabilities
Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to execute arbitrar...
OpenID library for Ruby: Server-Side Request Forgery
Background A Ruby library for verifying and serving OpenID identities. Description It was discovered that OpenID library for Ruby performed discovery first, and then verification. Impact A remote attacker could possibly change the URL used for discovery and trick the server into connecting to the...
musl: x87 floating-point stack adjustment imbalance
Background musl is an implementation of the C standard library built on top of the Linux system call API, including interfaces defined in the base language standard, POSIX, and widely agreed-upon extensions. Description A flaw in musl libc’s arch-specific math assembly code for i386 was found whi...
atftp: Multiple vulnerabilities
Background atftp is a client/server implementation of the TFTP protocol that implements RFCs 1350, 2090, 2347, 2348, and 2349. Description Multiple vulnerabilities have been discovered in atftp. Please review the CVE identifiers referenced below for details. Impact A remote attacker could send a...
SVG Salamander: Server-Side Request Forgery
Background SVG Salamander is a light weight SVG renderer and animator for Java. Description A Server-Side Request Forgery was discovered in SVG Salamander. Impact An attacker, by sending a specially crafted SVG file, can conduct SSRF. Workaround There is no known workaround at this time. Resoluti...
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...
RabbitMQ C client: Arbitrary code execution
Background A C-language AMQP client library for use with v2.0+ of the RabbitMQ broker. Description It was discovered that RabbitMQ C client incorrectly handled certain inputs. Impact A remote attacker, by sending a specially crafted request, could possibly execute arbitrary code with the privileg...
e2fsprogs: Arbitrary code execution
Background e2fsprogs is a set of utilities for maintaining the ext2, ext3 and ext4 file systems. Description It was discovered that e2fsprogs incorrectly handled certain ext4 partitions. Impact A remote attacker could entice a user to process a specially crafted corrupted file system using e2fsck...
Ruby: Multiple vulnerabilities
Background Ruby is an interpreted object-oriented programming language. The elaborate standard library includes an HTTP server “WEBRick” and a class for XML parsing “REXML”. Description Multiple vulnerabilities have been discovered in Ruby. Please review the CVE identifiers referenced below for...
Vim, gVim: Remote execution of arbitrary code
Background Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim. Description It was found that the :source! command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text fil...
Mozilla Firefox: Multiple vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to view a specially...
PostgreSQL: Multiple vulnerabilities
Background PostgreSQL is an open source object-relational database management system. Description Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the...
Groovy: Arbitrary code execution
Background A multi-faceted language for the Java platform Description It was discovered that there was a vulnerability within the Java serialization/deserialization process. Impact An attacker, by crafting a special serialized object, could execute arbitrary code. Workaround There is no known...
Expat: Multiple vulnerabilities
Background Expat is a set of XML parsing libraries. Description Multiple vulnerabilities have been discovered in Expat. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact Please review th...
Mozilla Firefox: Multiple vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...
OpenSSH: Integer overflow
Background OpenSSH is a complete SSH protocol implementation that includes SFTP client and server support. Description OpenSSH, when built with “xmss” USE flag enabled, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. NOTE: This USE flag is...
Oniguruma: Multiple vulnerabilities
Background Oniguruma is a regular expression library. Description Multiple vulnerabilities have been discovered in Oniguruma. Please review the CVE identifiers referenced below for details. Impact A remote attacker, by enticing a user to process a specially crafted string using an application...
pump: User-assisted execution of arbitrary code
Background BOOTP and DHCP client for automatic IP configuration. Description It was discovered that there was an arbitrary code execution vulnerability in the pump DHCP/BOOTP client. Impact A remote attacker, by enticing a user to connect to a malicious server, could cause the execution of...
OpenSSL: Multiple vulnerabilities
Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced...
PHP: Arbitrary code execution
Background PHP is an open source general-purpose scripting language that is especially suited for web development. Description A underflow in envpathinfo in PHP-FPM under certain configurations can be exploited to gain remote code execution. Impact A remote attacker, by sending special crafted HT...
Simple DirectMedia Layer: Multiple vulnerabilities
Background Simple DirectMedia Layer is a cross-platform development library designed to provide low level access to audio, keyboard, mouse, joystick, and graphics hardware via OpenGL and Direct3D. Description Multiple vulnerabilities have been discovered in Simple DirectMedia Layer. Please review...
D-Bus: Authentication bypass
Background D-Bus is a message bus system which processes can use to talk to each other. Description It was discovered that a local attacker could manipulate symbolic links in their own home directory to bypass authentication and connect to a DBusServer with elevated privileges. Impact A local...
Exim: Multiple vulnerabilities
Background Exim is a message transfer agent MTA designed to be a a highly configurable, drop-in replacement for sendmail. Description Multiple vulnerabilities have been discovered in Exim. Please review the CVE identifiers referenced below for details. Impact A remote attacker, by connecting to t...