3816 matches found
MuPDF: Multiple vulnerabilities
Background A lightweight PDF, XPS, and E-book viewer. Description Multiple vulnerabilities have been discovered in MuPDF. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted PDF document using MuPDF possibly...
NTFS-3G: Privilege escalation
Background NTFS-3G is a stable, full-featured, read-write NTFS driver for various operating systems. Description The NTFS-3G driver does not properly clear environment variables before invoking mount or umount. This flaw is similar to the vulnerability described in “GLSA-201701-19” and...
GNU C Library: Multiple vulnerabilities
Background The GNU C library is the standard C library used by Gentoo Linux systems. Description Multiple vulnerabilities have been discovered in the GNU C Library. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker could possibly execute arbitrary...
ImageMagick: Multiple vulnerabilities
Background ImageMagick is a collection of tools and libraries for many image formats. Description Multiple vulnerabilities have been discovered in ImageMagick. Please review the CVE identifiers referenced below for details. Impact A remote attacker, by enticing a user to process a specially craft...
VirtualBox: Multiple vulnerabilities
Background VirtualBox is a powerful virtualization product from Oracle. Description Multiple vulnerabilities have been discovered in VirtualBox. Please review the CVE identifiers referenced below for details. Impact An attacker could cause a Denial of Service condition. Additionally, an attacker...
OpenSSL: Multiple vulnerabilities
Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced...
Graphviz: Multiple vulnerabilities
Background Graphviz is an open source graph visualization software. Description Multiple vulnerabilities in Graphviz were discovered. Please review the CVE identifiers referenced below for details. Impact A remote attacker, able to control input matched against a regular expression or by enticing...
Lsyncd: Remote execution of arbitrary code
Background A daemon to synchronize local directories using rsync. Description default-rsyncssh.lua in Lsyncd performed insufficient sanitising of filenames. Impact An attacker, able to control files processed by Lsyncd, could possibly execute arbitrary code with the privileges of the process or...
GnuTLS: Multiple vulnerabilities
Background GnuTLS is an Open Source implementation of the TLS and SSL protocols. Description Multiple heap and stack overflows and double free vulnerabilities have been discovered in GnuTLS by the OSS-Fuzz project. Please review the CVE identifiers referenced below for details. Impact A remote...
Firejail: Privilege escalation
Background A SUID program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf. Description The unaffected packages listed in GLSA 201612-48 had an incomplete fix as reported by Sebastian Krahmer of SuSE...
RTMPDump: Multiple vulnerabilities
Background RTMPDump is an RTMP client intended to stream audio or video flash content Description Multiple vulnerabilities have been discovered in RTMPDump. The following is a list of vulnerabilities fixed: Additional decode input size checks Ignore zero-length packets Potential integer overflow ...
PCSC-Lite: Multiple vulnerabilities
Background PCSC-Lite is a middleware to access a smart card using the SCard API PC/SC. Description The SCardReleaseContext function normally releases resources associated with the given handle including “cardsList” and clients should cease using this handle. However, a malicious client can make t...
Ansible: Remote execution of arbitrary code
Background Ansible is a radically simple IT automation platform. Description An input validation vulnerability was found in Ansible’s handling of data sent from client systems. Impact An attacker with control over a client system being managed by Ansible and the ability to send facts back to the...
HarfBuzz: Multiple vulnerabilities
Background HarfBuzz is an OpenType text shaping engine. Description Multiple vulnerabilities have been discovered in HarfBuzz. Please review the CVE identifiers referenced below for details. Impact Remote attackers, through the use of crafted data, could cause a Denial of Service condition or hav...
Firewalld: Improper authentication methods
Background Firewalld provides a dynamically managed firewall with support for network/firewall zones to define the trust level of network connections or interfaces. Description A flaw in Firewalld allows any locally logged in user to tamper with or change firewall settings. This is due to how...
a2ps: Arbitrary code execution
Background a2ps is an Any to PostScript filter. Description a2ps’ fixps script does not invoke gs with the -dSAFER option. Impact Remote attackers, by enticing a user to process a specially crafted PostScript file, could delete arbitrary files or execute arbitrary code with the privileges of the...
Ark: Unintended execution of scripts and executable files
Background Ark is a graphical file compression/decompression utility with support for multiple formats. Description A vulnerability was discovered in how Ark handles executable files while browsing a compressed archive. A user could unintentionally execute a malicious script which has the...
SQUASHFS: Multiple vulnerabilities
Background Squashfs is a compressed read-only filesystem for Linux. Squashfs is intended for general read-only filesystem use, for archival use i.e. in cases where a .tar.gz file may be used, and in constrained block device/memory systems e.g. embedded systems where low overhead is needed...
libpng: Remote execution of arbitrary code
Background libpng is a standard library used to process PNG Portable Network Graphics images. It is used by several programs, including web browsers and potentially server processes. Description A null pointer dereference was discovered in libpng in the pngpushsavebuffer function. In order to be...
libXpm: Remote execution of arbitrary code
Background The X PixMap image format is an extension of the monochrome X BitMap format specified in the X protocol, and is commonly used in traditional X applications. Description An integer overflow was discovered in libXpm’s src/CrDatFrI.c file. On 64 bit systems, this allows an overflow to occ...
Perl: Multiple vulnerabilities
Background Perl is a highly capable, feature-rich programming language. Description Multiple vulnerabilities have been discovered in Perl. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of the...
FreeImage: Multiple vulnerabilities
Background FreeImage is an Open Source library project for developers who would like to support popular graphics image formats like PNG, BMP, JPEG, TIFF and others as needed by today’s multimedia applications. Description Multiple vulnerabilities have been discovered in in FreeImage. Please revie...
Chromium: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Description Multiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details...
FFmpeg: Multiple vulnerabilities
Background FFmpeg is a complete, cross-platform solution to record, convert and stream audio and video. Description Multiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers referenced below for details. Impact Remote attackers could cause a Denial of Service...
Oracle JRE/JDK: Multiple vulnerabilities
Background Java Platform, Standard Edition Java SE lets you develop and deploy Java applications on desktops and servers, as well as in today’s demanding embedded environments. Java offers the rich user interface, performance, versatility, portability, and security that today’s applications...
X.Org X Server: Multiple vulnerabilities
Background The X Window System is a graphical windowing system based on a client/server model. Description Multiple vulnerabilities have been discovered in X.Org X Server. Please review the CVE identifiers referenced below for details. Impact An authenticated attacker could possibly cause a Denia...
Firejail: Multiple vulnerabilities
Background A SUID program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf. Description Multiple vulnerabilities have been discovered in Firejail. Please review the CVE identifiers referenced below f...
LibRaw: Multiple vulnerabilities
Background LibRaw is a library for reading RAW files obtained from digital photo cameras. Description Multiple vulnerabilities have been discovered in LibRaw. Please review the CVE identifiers referenced below for details. Impact An attacker could execute arbitrary code, cause a Denial of Service...
ICU: Multiple vulnerabilities
Background ICU is a mature, widely used set of C/C++ and Java libraries providing Unicode and Globalization support for software applications. Description Multiple vulnerabilities have been discovered in ICU. Please review the CVE identifiers referenced below for details. Impact Remote attackers...
WebP: Multiple vulnerabilities
Background WebP is an image format employing both lossy and lossless compression. Description Multiple vulnerabilities have been discovered in WebP’s gif2webp tool. Please review the CVE identifier and bug reference for details. Impact A remote attacker, by enticing a user to process a specially...
ADOdb: Multiple vulnerabilities
Background ADOdb is an abstraction library for PHP creating a common API for a wide range of database backends. Description Multiple vulnerabilities have been discovered in ADOdb. Please review the CVE identifiers referenced below for details. Impact A remote attacker, through the use of SQL...
Graphite: Multiple vulnerabilities
Background Graphite is a “smart font” system developed specifically to handle the complexities of lesser-known languages of the world. Description Multiple vulnerabilities have been discovered in Graphite. Please review the CVE identifiers referenced below for details. Impact A remote attacker...
libupnp: Multiple vulnerabilities
Background libupnp is a portable, open source, UPnP development kit. Description Multiple vulnerabilities have been discovered in libupnp. Please review the CVE identifiers referenced below for details. Impact A remote attack could arbitrarily write files to a users file system, cause a Denial of...
zlib: Multiple vulnerabilities
Background zlib is a widely used free and patent unencumbered data compression library. Description Multiple vulnerabilities have been discovered in zlib. Please review the CVE identifiers referenced below for details. Impact An attacker could cause a Denial of Service condition. Workaround There...
DCRaw: Buffer overflow
Background Command-line decoder for raw digital photos. Description An integer overflow was discovered in the ljpegstart function in DCRaw. Impact Remote attackers, by enticing a user to open a specially crafted image, could cause a Denial of Service condition. Workaround There is no known...
PPP: Buffer overflow
Background PPP is a Unix implementation of the Point-to-Point Protocol Description A buffer overflow was discovered in the rcmksid function in plugins/radius/util.c in PPP when the PID for pppd is greater than 65535. Impact A remote attacker could cause a Denial of Service condition. Workaround...
DirectFB: Multiple vulnerabilities
Background DirectFB Direct Frame Buffer is a set of graphics APIs implemented on top of the Linux Frame Buffer fbdev abstraction layer. Description Multiple vulnerabilities have been discovered in DirectFB. Please review the CVE identifiers referenced below for details. Impact Remote attackers...
T1Lib: : Multiple vulnerabilities
Background T1Lib is a library for rasterizing bitmaps from Adobe Type 1 fonts. Description Multiple vulnerabilities have been discovered in T1Lib. Please review the CVE identifiers referenced below for details. Impact Remote attackers, by coercing users to process specially crafted AFM font or PD...
Lua: Buffer overflow
Background Lua is a powerful, efficient, lightweight, embeddable scripting language. It supports procedural programming, object-oriented programming, functional programming, data-driven programming, and data description. Description A buffer overflow was discovered in the vararg functions in ldo....
QEMU: Multiple vulnerabilities
Background QEMU is a generic and open source machine emulator and virtualizer. Description Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Impact A privileged user/process within a guest QEMU environment can cause a Denial of...
DBD::mysql: Multiple vulnerabilities
Background MySQL driver for the Perl5 Database Interface DBI Description Multiple vulnerabilities have been discovered in DBD::mysql. Please review the CVE identifiers referenced below for details. Impact An attacker could cause a Denial of Service condition, execute arbitrary code, or have other...
Quagga: Multiple vulnerabilities
Background Quagga is a free routing daemon replacing Zebra supporting RIP, OSPF and BGP. Description Multiple vulnerabilities have been discovered in Quagga. Please review the CVE identifiers referenced below for details. Impact A remote attacker could send a specially crafted packet possibly...
irssi: Multiple vulnerabilities
Background irssi is a modular textUI IRC client with IPv6 support. Description Multiple vulnerabilities have been discovered in irssi. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process ...
IcedTea: Multiple vulnerabilities
Background IcedTea’s aim is to provide OpenJDK in a form suitable for easy configuration, compilation and distribution with the primary goal of allowing inclusion in GNU/Linux distributions. Description Various OpenJDK attack vectors in IcedTea, such as 2D, Corba, Hotspot, Libraries, and JAXP,...
CVS: Heap-based overflow
Background CVS Concurrent Versions System is an open-source network-transparent version control system. It contains both a client utility and a server. Description A heap-based buffer overflow was discovered in the proxyconnect function in src/client.c in CVS. Impact An attacker, utilizing a remo...
Mozilla Network Security Service (NSS): Multiple vulnerabilities
Background The Mozilla Network Security Service NSS is a library implementing security features like SSL v.2/v.3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME and X.509 certificates. Description Multiple vulnerabilities have been discovered in NSS. Please review the CVE identifiers and technical...
cURL: Multiple vulnerabilities
Background cURL is a tool and libcurl is a library for transferring data with URL syntax. Description Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers and bug reports referenced for details. Impact Remote attackers could conduct a Man-in-the-Middle attack t...
VLC: Buffer overflow
Background VLC is a cross-platform media player and streaming server. Description A buffer overflow was discovered in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in the VideoLAN VLC media player. Impact Remote attackers, by enticing a user to execute a specially crafted QuickTime IMA...
xdelta: User-assisted execution of arbitrary code
Background Xdelta is a C library and command-line tool for delta compression using VCDIFF/RFC 3284 streams. Description A buffer overflow can be triggered within xdelta when ran against a malicious input file. Impact A remote attacker could coerce the victim to run xdelta against a malicious inpu...
MiniUPnPc: Buffer overflow
Background UPnP client library and a simple UPnP client. Description An out-of-bounds read was discovered in the getHTTPResponse function in miniwget.c in MiniUPnPc. Impact Remote attackers, through specially crafted headers, could cause a Denial of Service condition. Workaround There is no known...