3816 matches found
Zsh: Multiple vulnerabilities
Background A shell designed for interactive use, although it is also a powerful scripting language. Description Multiple vulnerabilities have been discovered in Zsh. Please review the CVE identifiers referenced below for details. Impact A local attacker could execute arbitrary code, escalate...
Shadow: security bypass
Background Shadow is a set of tools to deal with user accounts. Description A local attacker could possibly bypass security restrictions if an administrator used “group blacklisting” to restrict access to file system paths. Impact A local attacker could possibly bypass security restrictions...
VirtualBox: Multiple vulnerabilities
Background VirtualBox is a powerful virtualization product from Oracle. Description Multiple vulnerabilities have been discovered in VirtualBox. Please review the CVE identifiers referenced below for details. Impact An attacker could take control of VirtualBox resulting in the execution of...
Samba: Multiple vulnerabilities
Background Samba is a suite of SMB and CIFS client/server programs. Description Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code, cause a Denial of Service...
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...
mpv: Remote code execution
Background Video player based on MPlayer/mplayer2 Description A vulnerability was discovered in mpv with the handling of HTML documents containing VIDEO elements. Additionally, mpv accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdlhook.lua. Impact A remote...
rsync: Arbitrary command execution
Background File transfer program to keep remote files into sync. Description A vulnerability was discovered in rsync’s parsearguments function in options.c. Impact Remote attackers could possibly execute arbitrary commands with the privilege of the process. Workaround There is no known workaround...
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...
Python: Buffer overflow
Background Python is an interpreted, interactive, object-oriented programming language. Description A buffer overflow was discovered in Python’s PyStringDecodeEscape function in stringobject.c. Impact Remote attackers, by enticing a user to process a specially crafted file, could execute arbitrar...
hesiod: Root privilege escalation
Background DNS functionality to access to DB of information that changes infrequently. Description Multiple vulnerabilities have been discovered in hesiod that have remained unaddressed. Please review the referenced CVE identifiers for details. Impact A remote or local attacker may be able to...
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...
librelp: Remote code execution
Background A reliable logging program. Description A buffer overflow was discovered in librelp with the handling of x509 certificates. Impact A remote attacker, by sending a specially crafted x509 certificate, could execute arbitrary code. Workaround There is no known workaround at this time...
Quagga: Multiple vulnerabilities
Background Quagga is a free routing daemon replacing Zebra supporting RIP, OSPF and BGP. Description Multiple vulnerabilities have been discovered in Quagga. Please review the CVE identifiers referenced below for details. Impact A remote attacker, by sending specially crafted packets, could execu...
tenshi: Privilege escalation
Background A log monitoring program, designed to watch one or more log files for lines matching user defined regular expressions and report on the matches. Description It was discovered that the tenshi ebuild creates a tenshi.pid file after dropping privileges to a non-root account. Impact A loca...
unADF: Remote code execution
Background An unzip like for .ADF files. Description Multiple vulnerabilities were discovered in unADF that can lead to remote code execution. Please review the CVE identifiers referenced below for details. Impact A remote attacker, by enticing a user to process a specially crafted file, could...
ClamAV: Multiple vulnerabilities
Background ClamAV is a GPL virus scanner. Description Multiple vulnerabilities have been discovered in ClamAV. Please review the CVE identifiers referenced below for details. Impact A remote attacker, through multiple vectors, could execute arbitrary code, cause a Denial of Service condition, or...
mbed TLS: Multiple vulnerabilites
Background mbed TLS previously PolarSSL is an “easy to understand, use, integrate and expand” implementation of the TLS and SSL protocols and the respective cryptographic algorithms and support code required. Description Multiple vulnerabilities have been discovered in mbed TLS. Please review the...
GDK-PixBuf: Remote code execution
Background GDK-PixBuf is an image loading library for GTK+. Description Several integer overflows were discovered in GDK-PixBuf’s gifgetlzw function. Impact A remote attacker, by enticing a user to process a specially crafted image file, could execute arbitrary code or cause a Denial of Service...
ncurses: Multiple vulnerabilities
Background Free software emulation of curses in System V. Description Multiple vulnerabilities have been discovered in ncurses. Please review the CVE identifiers referenced below for details. Impact A remote attacker, by enticing the user to process untrusted terminfo or other data, could execute...
Evince: Command injection
Background Evince is a document viewer for multiple document formats, including PostScript. Description A vulnerability was discovered in Evince’s handling of filenames while printing PDF files. Impact A remote attacker, by enticing the user to process a specially crafted file, could execute...
Go: Arbitrary code execution
Background Go is an open source programming language that makes it easy to build simple, reliable, and efficient software. Description A vulnerability in Go was discovered which does not validate the import path of remote repositories. Impact Remote attackers, by enticing a user to import from a...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
Zend Framework: Multiple vulnerabilities
Background Zend Framework is a high quality and open source framework for developing Web Applications. Description Multiple vulnerabilities have been discovered in Zend Framework that have remain unaddressed. Please review the referenced CVE identifiers for details. Impact Remote attackers could...
cURL: Multiple vulnerabilities
Background A command line tool and library for transferring data with URLs. Description Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details. Impact Remote attackers could cause a Denial of Service condition, obtain sensitive...
Poppler: Multiple vulnerabilities
Background Poppler is a PDF rendering library based on the xpdf-3.0 code base. Description Multiple vulnerabilities have been discovered in Poppler. Please review the CVE identifiers referenced below for details. Impact A remote attacker, by enticing a user to open a specially crafted PDF, could...
SPICE VDAgent: Arbitrary command injection
Background Provides a complete open source solution for remote access to virtual machines in a seamless way so you can play videos, record audio, share USB devices and share folders without complications. Description SPICE VDAgent does not properly escape save directory before passing to shell...
libvirt: Multiple vulnerabilities
Background libvirt is a C toolkit for manipulating virtual machines. Description Multiple vulnerabilities have been discovered in libvirt. Please review the CVE identifiers referenced below for details. Impact A local privileged attacker could execute arbitrary commands or cause a Denial of Servi...
mailx: Multiple vulnerabilities
Background A utility program for sending and receiving mail, also known as a Mail User Agent program. Description Multiple vulnerabilities have been discovered in mailx. Please review the CVE identifiers referenced below for details. Impact A remote attacker could execute arbitrary commands...
ISC DHCP: Multiple vulnerabilities
Background ISC DHCP is a Dynamic Host Configuration Protocol DHCP client/server. Description Multiple vulnerabilities have been discovered in ISC DHCP. Please review the CVE identifiers referenced below for details. Impact Remote attackers could execute arbitrary code, cause a Denial of Service...
QEMU: Multiple vulnerabilities
Background QEMU is a generic and open source machine emulator and virtualizer. Description Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Impact An attacker could execute arbitrary code, cause a Denial of Service condition, o...
glibc: Multiple vulnerabilities
Background glibc is a package that contains the GNU C library. Description Multiple vulnerabilities have been discovered in glibc. Please review the CVE identifiers referenced below for details. Impact An attacker could possibly execute arbitrary code, escalate privileges, cause a Denial of Servi...
libxslt: Multiple vulnerabilities
Background libxslt is the XSLT C library developed for the GNOME project. XSLT is an XML language to define transformations for XML. Description Multiple vulnerabilities have been discovered in libxslt. Please review the CVE identifiers referenced below for details. Impact A remote attacker, via ...
Mozilla Thunderbird: Multiple vulnerabilities
Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the referenced Mozilla Foundation Security Advisories and CVE identifiers below for details. Impact A remo...
PLIB: User-assisted execution of arbitrary code
Background PLIB includes sound effects, music, a complete 3D engine, font rendering, a simple Windowing library, a game scripting language, a GUI, networking, 3D math library and a collection of handy utility functions. Description A stack-based buffer overflow within the error function of...
BusyBox: Multiple vulnerabilities
Background BusyBox is a set of tools for embedded systems and is a replacement for GNU Coreutils. Description Multiple vulnerabilities have been discovered in BusyBox. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code wi...
WebKitGTK+: Multiple Vulnerabilities
Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Description Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the...
collectd: Multiple vulnerabilities
Background collectd is a daemon which collects system and application performance metrics periodically and provides mechanisms to store the values in a variety of ways, for example in RRD files. Description Multiple vulnerabilities have been found in Gentoo’s collectd package. Please review the...
Oracle JDK/JRE: Multiple vulnerabilities
Background Java Platform, Standard Edition Java SE lets you develop and deploy Java applications on desktops and servers, as well as in today’s demanding embedded environments. Java offers the rich user interface, performance, versatility, portability, and security that today’s applications...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
KDE Plasma Workspaces: Multiple vulnerabilities
Background KDE Plasma workspace is a widget based desktop environment designed to be fast and efficient. Description Multiple vulnerabilities have been discovered in KDE Plasma Workspaces. Please review the referenced CVE identifiers for details. Impact An attacker could execute arbitrary command...
JabberD 2.x: Multiple vulnerabilities
Background JabberD 2.x is an open source Jabber server written in C. Description Multiple vulnerabilities have been discovered in Gentoo’s JabberD 2.x ebuild. Please review the referenced CVE identifiers for details. Impact An attacker could possibly escalate privileges by owning system binaries ...
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...
Newsbeuter: User-assisted execution of arbitrary code
Background Newsbeuter is a RSS/Atom feed reader for the text console. Description Newsbeuter does not properly escape shell meta-characters in an RSS item with a media enclosure in the podcast playback function of Podbeuter. Impact A remote attacker, by enticing a user to open a feed with a...
util-linux: User-assisted execution of arbitrary code
Background util-linux is a suite of Linux programs including mount and umount, programs used to mount and unmount filesystems. Description It was discovered that the umount bash-completion as provided by util-linux does not escap mount point paths. Impact An attacker controlling a volume label...
Go: User-assisted execution of arbitrary code
Background Go is an open source programming language that makes it easy to build simple, reliable, and efficient software. Description A command injection flaw was discovered in the source code build phase because of the “go get” command, which does not block -fplugin= and -plugin arguments. Impa...
Exim: Multiple vulnerabilities
Background Exim is a message transfer agent MTA designed to be a a highly configurable, drop-in replacement for sendmail. Description Multiple vulnerabilities have been discovered in Exim. Please review the CVE identifiers referenced below for details. Impact A remote attacker, by connecting to t...
LibreOffice: Information disclosure
Background LibreOffice is a powerful office suite; its clean interface and powerful tools let you unleash your creativity and grow your productivity. Description It was discovered that missing restrictions in the implementation of the WEBSERVICE function in LibreOffice could result in the...
Ruby: Command injection
Background Ruby is an interpreted object-oriented programming language. The elaborate standard library includes an HTTP server “WEBRick” and a class for XML parsing “REXML”. Description A command injection flaw was discovered in Net::FTP which impacts Ruby. Impact A remote attacker, by enticing a...
MySQL: Multiple vulnerabilities
Background A fast, multi-threaded, multi-user SQL database server. Description Multiple vulnerabilities have been discovered in MySQL. Please review the referenced CVE identifiers for details. Impact A remote attacker could execute arbitrary code without authentication or cause a partial denial o...
Mozilla Firefox: Multiple vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the referenced CVE identifiers for details. Impact A remote attacker could entice a user to view a specially crafte...