3816 matches found
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...
VirtualBox: Multiple vulnerabilities
Background VirtualBox is a powerful virtualization product from Oracle. Description Multiple vulnerabilities have been discovered in VirtualBox. Please review the CVE identifiers referenced below for details. Impact An attacker could take control of VirtualBox resulting in the execution of...
Fossil: User-assisted execution of arbitrary code
Background Fossil is a simple, high-reliability, distributed software configuration management system. Description Fossil does not properly validate SSH sync protocol URLs. Impact A remote attacker, by enticing a user to open a specially crafted URL, could possibly execute arbitrary commands with...
ClamAV: Multiple vulnerabilities
Background ClamAV is a GPL virus scanner. Description Multiple vulnerabilities have been discovered in ClamAV. Please review the CVE identifiers referenced below for details. Impact A remote attacker could cause ClamAV to scan a specially crafted file, possibly resulting in execution of arbitrary...
Newsbeuter: User-assisted execution of arbitrary code
Background Newsbeuter is a RSS/Atom feed reader for the text console. Description Newsbeuter does not properly escape shell meta-characters in the title and description of RSS feeds when bookmarking. Impact A remote attacker, by enticing a user to open a feed with specially crafted URLs, could...
rsync: Multiple vulnerabilities
Background File transfer program to keep remote files into sync. Description Multiple vulnerabilities have been discovered in rsync. Please review the CVE identifiers referenced below for details. Impact A remote attacker could bypass intended access restrictions or cause a Denial of Service...
Poppler: Multiple vulnerabilities
Background Poppler is a PDF rendering library based on the xpdf-3.0 code base. Description Multiple vulnerabilities have been discovered in Poppler. Please review the CVE identifiers referenced below for details. Impact A remote attacker, by enticing a user to open a specially crafted PDF, could...
PolarSSL: Multiple vulnerabilities
Background PolarSSL is a cryptographic library for embedded systems. Description Multiple vulnerabilities have been discovered in PolarSSL. Please review the CVE identifiers referenced below for details. Impact A remote attacker might be able to execute arbitrary code, cause Denial of Service...
Xen: Multiple vulnerabilities
Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the referenced CVE identifiers for details. Impact A local attacker could potentially execute arbitrary code with the privileges of the Xen QEMU process on the host, gain...
TigerVNC: Multiple vulnerabilities
Background TigerVNC is a high-performance VNC server/client. Description Multiple vulnerabilities have been discovered in TigerVNC. Please review the referenced CVE Identifiers for details. Impact An attacker could execute arbitrary code or cause a Denial of Service condition. Workaround There is...
icoutils: Multiple vulnerabilities
Background A set of command-line programs for extracting and converting images in Microsoft WindowsR icon and cursor files. Description Multiple vulnerabilities have been discovered in icoutils. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice ...
PySAML2: Security bypass
Background PySAML2 is a pure python implementation of SAML2 Description It was found that the PySAML2 relies on an assert statement to check the user’s password. A python optimizations might remove this assertion. Impact A remote attacker could bypass security restrictions and access any...
LibXfont, LibXfont2: Arbitrary file access
Background X.Org Xfont library. Description It was discovered that libXfont incorrectly followed symlinks when opening font files. Impact A local unprivileged user could use this flaw to cause the X server to access arbitrary files, including special device files. Workaround There is no known...
OpenSSH: Permission issue
Background OpenSSH is a complete SSH protocol implementation that includes SFTP client and server support. Description The processopen function in sftp-server.c in OpenSSH did not properly prevent write operations in readonly mode. Impact A remote attacker could cause the creation of zero-length...
Back In Time: Command injection
Background A simple backup tool for Linux, inspired by “flyback project”. Description ‘Back in Time’ did improper escaping/quoting of file paths used as arguments to the ‘notify-send’ command leading to some parts of file paths being executed as shell commands within an os.system call. Impact A...
WebkitGTK+: Multiple vulnerabilities
Background WebKitGTK+ is a full-featured port of the WebKit rendering engine. Description Multiple vulnerabilities have been discovered in WebkitGTK+. Please review the referenced CVE Identifiers for details. Impact An attacker, by enticing a user to visit maliciously crafted web content, may be...
MiniUPnPc: Arbitrary code execution
Background The client library, enabling applications to access the services provided by an UPnP “Internet Gateway Device” present on the network. Description An exploitable buffer overflow vulnerability exists in the XML parser functionality of the MiniUPnP library. Impact A remote attacker, by...
LibXcursor: User-assisted execution of arbitrary code
Background X.Org X11 libXcursor runtime library. Description It was discovered that libXcursor is prone to several heap overflows when parsing malicious files. Impact A remote attacker, by enticing a user to process a specially crafted cursor file, could possibly execute arbitrary code with the...
GNU Emacs: Command injection
Background GNU Emacs is a highly extensible and customizable text editor. Description A command injection flaw within the Emacs “enriched mode” handling has been discovered. Impact A remote attacker, by enticing a user to open a specially crafted file, could execute arbitrary commands with the...
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices Description Multiple vulnerabilities have been discovered in Chromium and...
OptiPNG: Multiple vulnerabilities
Background OptiPNG is a PNG optimizer that re-compresses image files to a smaller size, without losing any information. Description Multiple vulnerabilities have been discovered in OptiPNG. Please review the referenced CVE identifiers for details. Impact A remote attacker could entice a user to...
Binutils: Multiple vulnerabilities
Background The GNU Binutils are a collection of tools to create, modify and analyse binary files. Many of the files use BFD, the Binary File Descriptor library, to do low-level manipulation. Description Multiple vulnerabilities have been discovered in Binutils. Please review the referenced CVE...
OpenCV: Multiple vulnerabilities
Background OpenCV Open Source Computer Vision Library is an open source computer vision and machine learning software library. Description Multiple vulnerabilities have been discovered in OpenCV. Please review the referenced CVE identifiers for details. Impact An attacker can cause a denial of...
cURL: Multiple vulnerabilities
Background A command line tool and library for transferring data with URLs. Description Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details. Impact Remote attackers could cause a Denial of Service condition, disclose sensitive...
OpenSSL: Multiple vulnerabilities
Background OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Description Multiple vulnerabilities have been discovered in OpenSSL. Please review the referenced CVE identifiers for details. Impact A remote...
WebKitGTK+: Multiple vulnerabilities
Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Description Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the...
CouchDB: Multiple vulnerabilities
Background Apache CouchDB is a distributed, fault-tolerant and schema-free document-oriented database. Description Multiple vulnerabilities have been discovered in CouchDB. Please review the CVE identifiers referenced below for details. Impact A remote attacker could execute arbitrary shell...
PHPUnit: Remote code execution
Background PHPUnit is a programmer-oriented testing framework for PHP. It is an instance of the xUnit architecture for unit testing frameworks. Description When PHPUnit is installed in a production environment via composer and these modules are in a web accessible directory, the eval-stdin.php fi...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the referenced CVE identifiers and Adobe Security Bulletin for details...
IcedTea: Multiple vulnerabilities
Background IcedTea’s aim is to provide OpenJDK in a form suitable for easy configuration, compilation and distribution with the primary goal of allowing inclusion in GNU/Linux distributions. Description Multiple vulnerabilities have been discovered in IcedTea. Please review the referenced CVE...
VDE: Privilege escalation
Background VDE is an ethernet compliant virtual network that can be spawned over a set of physical computer over the Internet. Description It was discovered that Gentoo’s default VDE installation suffered from a privilege escalation vulnerability in the init script. This script calls an unsafe...
eGroupWare: Remote code execution
Background eGroupWare is a suite of web-based group applications including calendar, address book, messenger and email. Description It was found that eGroupWare contains multiple code injection vulnerabilities in multiple parameters and routes because of improper input sanitization. Impact A remo...
LibXfont, LibXfont2: Multiple vulnerabilities
Background X.Org Xfont library Description Multiple vulnerabilities have been discovered in LibXfont and LibXfont2. Please review the referenced CVE identifiers for details. Impact Local attackers could obtain sensitive information or possibly cause a Denial of Service condition. Workaround There...
LXC: Remote security bypass
Background LinuX Containers userspace utilities Description Previous versions of lxc-attach ran a shell or the specified command without allocating a pseudo terminal making it vulnerable to input faking via a TIOCSTI ioctl call. Impact Remote attackers can escape the container and perform...
ImageMagick: Multiple vulnerabilities
Background A collection of tools and libraries for many image formats. Description Multiple vulnerabilities have been discovered in ImageMagick. Please review the referenced CVE identifiers for details. Impact Remote attackers, by enticing a user to process a specially crafted file, could obtain...
GNU Wget: Multiple vulnerabilities
Background GNU Wget is a free software package for retrieving files using HTTP, HTTPS and FTP, the most widely-used Internet protocols. Description Multiple vulnerabilities have been discovered in Wget. Please review the referenced CVE identifiers for details. Impact A remote attacker, by enticin...
Cacti: Multiple vulnerabilities
Background Cacti is a complete frontend to rrdtool. Description Multiple vulnerabilities have been discovered in Cacti. Please review the CVE identifiers referenced below for details. Impact Remote attackers could execute arbitrary code or bypass intended access restrictions. Workaround There is ...
libxml2: Multiple vulnerabilities
Background libxml2 is the XML eXtended Markup Language C parser and toolkit initially developed for the Gnome project. Description Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details. Impact A remote attacker, by enticing a user...
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices Description Multiple vulnerabilities have been discovered in Chromium and...
hostapd and wpa_supplicant: Key Reinstallation (KRACK) attacks
Background wpasupplicant is a WPA Supplicant with support for WPA and WPA2 IEEE 802.11i / RSN. hostapd is a user space daemon for access point and authentication servers. Description WiFi Protected Access WPA and WPA2 and it’s associated technologies are all vulnerable to the KRACK attacks. Pleas...
MariaDB, MySQL: Root privilege escalation
Background MySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an enhanced, drop-in replacement for MySQL. Description The Gentoo installation scripts before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging...
X.Org Server: Multiple vulnerabilities
Background The X.Org project provides an open source implementation of the X Window System. Description Multiple vulnerabilities have been discovered in X.Org Server. Please review the referenced CVE identifiers for details. Impact Attackers could execute arbitrary code or cause a Denial of Servi...
Jython: Arbitrary code execution
Background An implementation of Python written in Java. Description It was found that Jython is vulnerable to arbitrary code execution by sending a serialized function to the deserializer. Impact Remote execution of arbitrary code by enticing a user to execute malicious code. Workaround There is ...
X.Org Server: Multiple vulnerabilities
Background The X.Org project provides an open source implementation of the X Window System. Description Multiple vulnerabilities have been discovered in X.Org Server. Please review the referenced CVE identifiers for details. Impact A local attacker could cause a global buffer overflow or a Denial...
Asterisk: Multiple vulnerabilities
Background A Modular Open Source PBX System. Description Multiple vulnerabilities have been discovered in Asterisk. Please review the referenced CVE identifiers for details. Impact A remote attacker could execute arbitrary code, cause a denial of service condition, or cause an unauthorized data...
Apache: Multiple vulnerabilities
Background The Apache HTTP server is one of the most popular web servers on the Internet. Description Multiple vulnerabilities have been discovered in Apache. Please review the referenced CVE identifiers for details. Impact The Optionsbleed vulnerability can leak arbitrary memory from the server...
Oracle JDK/JRE: Multiple vulnerabilities
Background Java Platform, Standard Edition Java SE lets you develop and deploy Java applications on desktops and servers, as well as in today’s demanding embedded environments. Java offers the rich user interface, performance, versatility, portability, and security that today’s applications...
Dnsmasq: Multiple vulnerabilities
Background Dnsmasq is a lightweight and easily-configurable DNS forwarder and DHCP server. Description Multiple vulnerabilities have been discovered in Dnsmasq. Please review the references below for details. Impact A remote attacker could execute arbitrary code or cause a Denial of Service...
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices Description Multiple vulnerabilities have been discovered in Chromium and...
PCRE: Multiple vulnerabilities
Background The PCRE Library provides functions for Perl-compatible regular expressions. Description Multiple vulnerabilities have been discovered in The PCRE Library. Please review the references below for details. Impact A remote attacker could possibly cause a Denial of Service condition or oth...