3816 matches found
Pidgin: Arbitrary code execution
Background Pidgin is a GTK Instant Messenger client for a variety of instant messaging protocols. Description Joseph Bisch discovered that Pidgin incorrectly handled certain xml messages. Impact A remote attacker could send a specially crafted instant message, possibly resulting in execution of...
QEMU: Multiple vulnerabilities
Background QEMU is a generic and open source machine emulator and virtualizer. Description Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Impact A remote attacker might cause a Denial of Service or gain escalated privileges...
FreeType: Multiple vulnerabilities
Background FreeType is a high-quality and portable font engine. Description Multiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to use a specially crafted font file using FreeType,...
Shadow: Multiple vulnerabilities
Background Shadow is a set of tools to deal with user accounts. Description Multiple vulnerabilities have been discovered in Shadow. Please review the CVE identifiers referenced below for details. Impact A local attacker could possibly cause a Denial of Service condition, gain privileges via...
sudo: Privilege escalation
Background sudo su “do” allows a system administrator to delegate authority to give certain users or groups of users the ability to run some or all commands as root or another user while providing an audit trail of the commands and their arguments. Description Qualys discovered a vulnerability in...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
Smb4K: Arbitrary command execution as root
Background Smb4K is a SMB/CIFS Windows share browser for KDE. Description Smb4k contains a logic flaw in which mount helper binary does not properly verify the mount command it is being asked to run. Impact A local user can execute commands with the root privilege due to the mount helper being...
Xen: Multiple vulnerabilities
Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers and Xen Security Advisory referenced below for details. Impact A local attacker could potentially execute arbitrary code with privileges of Xen QEMU proce...
Teeworlds: Remote execution of arbitrary code on client
Background Teeworlds is an online multi-player platform 2D shooter. Description Teeworlds client contains a vulnerability allowing a malicious server to execute arbitrary code, or write to arbitrary physical memory via the CClient::ProcessServerPacket method. Impact A remote malicious server can...
Apache Tomcat: Multiple vulnerabilities
Background Apache Tomcat is a Servlet-3.0/JSP-2.2 Container. Description Multiple vulnerabilities have been discovered in Tomcat. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to cause a Denial of Service condition, obtain sensitive...
GStreamer plug-ins: User-assisted execution of arbitrary code
Background The GStreamer plug-ins provide decoders to the GStreamer open source media framework. Description Multiple vulnerabilities have been discovered in various GStreamer plug-ins. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user or...
Mozilla Thunderbird: Multiple vulnerabilities
Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact A remote attacker, by enticing a user to open a...
Mozilla Firefox: Multiple vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code wi...
libav: Multiple vulnerabilities
Background Libav is a complete solution to record, convert and stream audio and video. Description Multiple vulnerabilities have been discovered in libav. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted media...
FFmpeg: Multiple vulnerabilities
Background FFmpeg is a complete, cross-platform solution to record, convert and stream audio and video. Description Multiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers referenced below for details. gst-plugins-libav is affected because this package is bundli...
Chromium: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Description Multiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details...
Oracle JDK/JRE: Multiple vulnerabilities
Background Java Platform, Standard Edition Java SE lets you develop and deploy Java applications on desktops and servers, as well as in today’s demanding embedded environments. Java offers the rich user interface, performance, versatility, portability, and security that today’s applications...
libevent: Multiple vulnerabilities
Background libevent is a library to execute a function when a specific event occurs on a file descriptor. Description Multiple vulnerabilities have been discovered in libevent. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrar...
Mozilla Network Security Service (NSS): Multiple vulnerabilities
Background The Mozilla Network Security Service NSS is a library implementing security features like SSL v.2/v.3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME and X.509 certificates. Description Multiple vulnerabilities have been discovered in NSS. Please review the CVE identifiers referenced...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
QEMU: Multiple vulnerabilities
Background QEMU is a generic and open source machine emulator and virtualizer. Description Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Impact Remote server can cause a crash in the client causing execution of arbitrary cod...
X.Org: Multiple vulnerabilities
Background X.Org X servers Description Multiple vulnerabilities have been discovered in X.Org server and libraries. Please review the CVE identifiers referenced below for details. Impact A local or remote users can utilize the vulnerabilities to attach to the X.Org session as a user and execute...
Chromium: Multiple vulnerabilities
Background Chromium is the open-source web browser project behind Google Chrome Description Multiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code wit...
Deluge: Remote execution of arbitrary code
Background Deluge is a BitTorrent client. Description A CSRF vulnerability was discovered in the web UI of Deluge. Impact A remote attacker could entice a user currently logged in into Deluge web UI to visit a malicious web page which uses forged requests to make Deluge download and install a...
cURL: Certificate validation error
Background cURL is a tool and libcurl is a library for transferring data with URL syntax. Description cURL and applications linked against libcurl support “OCSP stapling”, also known as the TLS Certificate Status Request extension using the CURLOPTSSLVERIFYSTATUS option. When telling cURL to use...
Xen: Privilege Escalation
Background Xen is a bare-metal hypervisor. Description In CIRRUSBLTMODEMEMSYSSRC mode the bitblit copy routine cirrusbitbltcputovideo fails to check wethehr the specified memory region is safe. Impact A local attacker could potentially execute arbitrary code with privileges of Xen QEMU process on...
GNU Libtasn1: Denial of service
Background A library that provides Abstract Syntax Notation One ASN.1, as specified by the X.680 ITU-T recommendation parsing and structures management, and Distinguished Encoding Rules DER, as per X.690 encoding and decoding functions. Description Libtasn1 does not correctly handle certain...
PuTTY: Buffer overflow
Background PuTTY is a free implementation of Telnet and SSH for Windows and Unix platforms, along with an xterm terminal emulator. Description A heap-corrupting buffer overflow bug in the sshagentchanneldata function of PuTTY was found. Impact A remote attacker, utilizing the SSH agent forwarding...
OpenOffice: User-assisted execution of arbitrary code
Background Apache OpenOffice is an open-source office software suite for word processing, spreadsheets, presentations, graphics, databases and more. Description An exploitable out-of-bounds vulnerability exists in OpenOffice Impress when handling MetaActions. Impact A remote attacker could entice...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
Ruby Archive::Tar::Minitar: Directory traversal
Background Archive::Tar::Minitar is a pure-Ruby library and command-line utility that provides the ability to deal with POSIX tar1 archive files. Description Michal Marek discovered that Ruby Archive::Tar::Minitar is vulnerable to a directory traversal vulnerability. Impact A remote attacker coul...
GPL Ghostscript: Multiple vulnerabilities
Background Ghostscript is an interpreter for the PostScript language and for PDF. Description Multiple vulnerabilities have been discovered in GPL Ghostscript and the bundled OpenJPEG. Please review the CVE identifiers and GLSA-201612-26 OpenJPEG referenced below for additional information. Note:...
Xen: Multiple vulnerabilities
Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers and Xen Security Advisory referenced below for details. Impact A local attacker could potentially execute arbitrary code with privileges of Xen QEMU proce...
QEMU: Multiple vulnerabilities
Background QEMU is a generic and open source machine emulator and virtualizer. Description Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Impact A local attacker could potentially execute arbitrary code with privileges of QEM...
Nagios: Multiple vulnerabilities
Background Nagios is an open source host, service and network monitoring program. Description Multiple vulnerabilities have been discovered in Nagios. Please review the CVE identifiers referenced below for details. Impact A local attacker, who either is already Nagios’s system user or belongs to...
PHP: Multiple vulnerabilities
Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact An attacker coul...
tcpdump: Multiple vulnerabilities
Background tcpdump is a tool for network monitoring and data acquisition. Description Multiple vulnerabilities have been discovered in tcpdump. Please review the CVE identifiers referenced below for details. Impact A remote attacker, by sending a specially crafted network package, could possibly...
Redis: Multiple vulnerabilities
Background Redis is an open source BSD licensed, in-memory data structure store, used as a database, cache and message broker. Description Multiple vulnerabilities have been discovered in Redis. Please review the CVE identifiers referenced below for details. Impact A remote attacker, able to...
Mozilla Thunderbird: Multiple vulnerabilities
Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact A remote attacker, by enticing a user to open a...
PyCrypto: Remote execution of arbitrary code
Background The Python Cryptography Toolkit PyCrypto is a collection of both secure hash functions such as SHA256 and RIPEMD160, and various encryption algorithms AES, DES, RSA, ElGamal, etc.. Description A heap-based buffer overflow vulnerability has been discovered in PyCrypto. Please review the...
Mozilla Firefox: Multiple vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code wi...
LibVNCServer/LibVNCClient: Multiple vulnerabilities
Background LibVNCServer/LibVNCClient are cross-platform C libraries that allow you to easily implement VNC server or client functionality in your program. Description Multiple vulnerabilities have been discovered in LibVNCServer and LibVNCClient. Please review the CVE identifiers referenced below...
Opus: User-assisted execution of arbitrary code
Background Opus is a totally open, royalty-free, highly versatile audio codec. Description A large NLSF values could cause the stabilization code in silk/NLSFstabilize.c to wrap-around and have the last value in NLSFQ15 to be negative, close to -32768. Under normal circumstances, the code will...
OCaml: Buffer overflow and information disclosure
Background OCaml is a high-level, strongly-typed, functional, and object-oriented programming language from the ML family of languages. Description It was discovered that OCaml was vulnerable to a runtime bug that, on 64-bit platforms, causes size arguments to internal memmove calls to be...
libass: Multiple vulnerabilities
Background libass is a portable subtitle renderer for the ASS/SSA Advanced Substation Alpha/Substation Alpha subtitle format. Description Multiple vulnerabilities have been discovered in libass. Please review the CVE identifiers referenced below for details. Impact A remote attacker could cause a...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
TigerVNC: Buffer overflow
Background TigerVNC is a high-performance VNC server/client. Description A buffer overflow vulnerability in ModifiablePixelBuffer::fillRect in vncviewer was found. Impact A remote attacker, utilizing a malicious VNC server, could execute arbitrary code with the privileges of the user running the...
Dropbear: Multiple vulnerabilities
Background Dropbear is an SSH server and client designed with a small memory footprint. Description Multiple vulnerabilities have been discovered in Dropbear. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with root...
MySQL: Multiple vulnerabilities
Background MySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an enhanced, drop-in replacement for MySQL. Description Multiple vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details. Impact An attacker could possibly escalat...
MariaDB: Multiple vulnerabilities
Background MariaDB is an enhanced, drop-in replacement for MySQL. Description Multiple vulnerabilities have been discovered in MariaDB. Please review the CVE identifiers referenced below for details. Impact An attacker could possibly escalate privileges, gain access to critical data or complete...