3816 matches found
Perl: Multiple Vulnerabilities
Background Perl is Larry Wall’s Practical Extraction and Report Language. Description Multiple vulnerabilities have been discovered in Perl. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no know...
Neat VNC: Authentication Bypass
Background Neat VNC is a liberally licensed VNC server library that's intended to be fast and neat. Description Neat VNC allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is...
EditorConfig core C library: arbitrary stack write
Background EditorConfig core library written in C for use by plugins supporting EditorConfig parsing Description A vulnerability has been discovered in EditorConfig Core C library. Please review the CVE identifier referenced below for details. Impact Please review the referenced CVE identifier fo...
Ubiquiti UniFi: Privilege Escalation
Background Ubiquiti UniFi is a Management Controller for Ubiquiti Networks UniFi APs. Description A vulnerability has been discovered in Ubiquiti UniFi. Please review the CVE identifier referenced below for details. Impact The vulnerability allows a malicious actor with a local operational system...
Flatpak: Sandbox Escape
Background Flatpak is a Linux application sandboxing and distribution framework. Description A vulnerability has been discovered in Flatpak. Please review the CVE identifier referenced below for details. Impact A malicious or compromised Flatpak app using persistent directories could read and wri...
libgit2: Multiple Vulnerabilities
Background libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language that supports C bindings. Description Multiple vulnerabilities have been discovere...
Docker: Multiple Vulnerabilities
Background Docker contains the the core functions you need to create Docker images and run Docker containers Description Multiple vulnerabilities have been discovered in Docker. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...
HashiCorp Consul: Multiple Vulnerabilities
Background HashiCorp Consul is a tool for service discovery, monitoring and configuration. Description Multiple vulnerabilities have been found in HashiCorp Consul. Please review the CVE identifiers referenced below for details. Impact Please review the CVE identifiers referenced below for detail...
tmux: Null Pointer Dereference
Background tmux is a terminal multiplexer. Description A null pointer dereference issue was discovered in function windowpanesetevent in window.c in which allows attackers to cause denial of service or other unspecified impacts. Impact Manipulating tmux window state could result in a null pointer...
IcedTea: Multiple Vulnerabilities
Background IcedTea’s aim is to provide OpenJDK in a form suitable for easy configuration, compilation and distribution with the primary goal of allowing inclusion in GNU/Linux distributions. Description Multiple vulnerabilities have been discovered in IcedTea. Please review the CVE identifiers...
Apache HTTPD: Multiple Vulnerabilities
Background The Apache HTTP server is one of the most popular web servers on the Internet. Description Multiple vulnerabilities have been discovered in Apache HTTPD. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
nginx: Multiple Vulnerabilities
Background nginx is a robust, small, and high performance HTTP and reverse proxy server. Description Multiple vulnerabilities have been discovered in nginx. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround...
yt-dlp: Multiple Vulnerabilities
Background yt-dlp is a youtube-dl fork with additional features and fixes. Description Multiple vulnerabilities have been found in yt-dlp. Please review the referenced CVE identifiers for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
Xpdf: Multiple Vulnerabilities
Background Xpdf is an X viewer for PDF files. Description Multiple vulnerabilities have been discovered in Xpdf. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...
Tor: Multiple Vulnerabilities
Background Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service. Description Multiple vulnerabilities have been discovered in Tor. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CV...
Hunspell: Multiple Vulnerabilities
Background Hunspell is the spell checker of LibreOffice, OpenOffice.org, Mozilla Firefox & Thunderbird, Google Chrome. Description Malicious input to the hunspell spell checker could result in an application crash or other unspecified behavior. Impact Malicious input to the hunspell spell checker...
GCC: Flawed Code Generation
Background The GNU Compiler Collection includes front ends for C, C++, Objective-C, Fortran, Ada, Go, D and Modula-2 as well as libraries for these languages libstdc++,.... Description A vulnerability has been discovered in GCC. Please review the CVE identifier referenced below for details. Impac...
ZNC: Remote Code Execution
Background ZNC is an advanced IRC bouncer. Description ZNC's modtcl could allow for remote code execution via a KICK. Impact A vulnerable ZNC with the modtcl module loaded could be exploited for remote code execution. Workaround Unload the modtcl module. Resolution All ZNC users should upgrade to...
curl: Multiple Vulnerabilities
Background A command line tool and library for transferring data with URLs. Description Multiple vulnerabilities have been discovered in curl. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...
pypy, pypy3: Multiple Vulnerabilities
Background A fast, compliant alternative implementation of the Python language. Description Multiple vulnerabilities have been discovered in pypy. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is n...
stb: Multiple Vulnerabilities
Background A set of single-file public domain or MIT licensed libraries for C/C++ Description Multiple vulnerabilities have been discovered in stb. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is ...
gst-plugins-good: Multiple Vulnerabilities
Background gst-plugins-good contains a set of plugins for the GStreamer open source multimedia framework. Description Multiple vulnerabilities have been discovered in gst-plugins-good. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...
OpenVPN: Multiple Vulnerabilities
Background OpenVPN is a multi-platform, full-featured SSL VPN solution. Description Multiple vulnerabilities have been discovered in OpenVPN. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no kno...
Portage: Unverified PGP Signatures
Background Portage is the default Gentoo package management system. Description Multiple vulnerabilities have been discovered in Portage. Please review the CVE identifiers referenced below for details. Impact When using the webrsync mechanism to sync the tree the PGP signatures that protect the...
Oracle VirtualBox: Multiple Vulnerabilities
Background VirtualBox is a powerful virtualization product from Oracle. Description Multiple vulnerabilities have been discovered in Oracle VirtualBox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There...
Slurm: Multiple Vulnerabilities
Background Slurm is a highly scalable resource manager. Description Multiple vulnerabilities have been discovered in Slurm. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at...
GPL Ghostscript: Multiple Vulnerabilities
Background Ghostscript is an interpreter for the PostScript language and for PDF. Description Multiple vulnerabilities have been discovered in GPL Ghostscript. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workarou...
Mbed TLS: Multiple Vulnerabilities
Background Mbed TLS previously PolarSSL is an “easy to understand, use, integrate and expand” implementation of the TLS and SSL protocols and the respective cryptographic algorithms and support code required. Description Multiple vulnerabilities have been discovered in Mbed TLS. Please review the...
Xen: Multiple Vulnerabilities
Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...
Emacs, org-mode: Command Execution Vulnerability
Background Emacs is the extensible, customizable, self-documenting real-time display editor. org-mode is an Emacs mode for notes and project planning. Description %... link abbreviations could specify unsafe functions. Impact Opening a malicious org-mode file could result in arbitrary code...
calibre: Multiple Vulnerabilities
Background calibre is a powerful and easy to use e-book manager. Description Multiple vulnerabilities have been discovered in calibre. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
PostgreSQL: Privilege Escalation
Background PostgreSQL is an open source object-relational database management system. Description A vulnerability has been discovered in PostgreSQL. Please review the CVE identifier referenced below for details. Impact An attacker able to create and drop non-temporary objects could inject SQL cod...
Exo: Arbitrary Code Execution
Background Exo is an Xfce library targeted at application development, originally developed by os-cillation. It contains various custom widgets and APIs extending the functionality of GLib and GTK. It also has some helper applications that are used throughout the entire Xfce desktop to manage...
file: Stack Buffer Overread
Background The file utility attempts to identify a file’s format by scanning binary data for patterns. Description Multiple vulnerabilities have been discovered in file. Please review the CVE identifiers referenced below for details. Impact File has an stack-based buffer over-read in filecopystr ...
VLC: Multiple Vulnerabilities
Background VLC is a cross-platform media player and streaming server. Description Multiple vulnerabilities have been discovered in VLC. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
Rust: Multiple Vulnerabilities
Background A systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. Description Multiple vulnerabilities have been discovered in Rust. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...
PJSIP: Heap Buffer Overflow
Background PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Description Please review the CVE identifier referenced below for details. Impact Please review the CVE identifier...
liblouis: Multiple Vulnerabilities
Background liblouis is an open-source braille translator and back-translator. Description Multiple vulnerabilities have been discovered in liblouis. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is...
MuPDF: Multiple Vulnerabilities
Background A lightweight PDF, XPS, and E-book viewer. Description Multiple vulnerabilities have been discovered in MuPDF. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at thi...
protobuf-c: Multiple Vulnerabilities
Background protobuf-c is a protocol buffers implementation in C. Description Multiple denial of service vulnerabilities have been discovered in protobuf-c. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time. Resolution All...
protobuf, protobuf-python: Denial of Service
Background Google's Protocol Buffers are an extensible mechanism for serializing structured data. Description A vulnerability has been discovered in protobuf and protobuf-python. Please review the CVE identifiers referenced below for details. Impact A parsing vulnerability for the MessageSet type...
PHP: Multiple Vulnerabilities
Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact Please review th...
dpkg: Directory Traversal
Background Debian package management system. Description Please review the CVE indentifier referenced below for details. Impact Dpkg::Source::Archive in dpkg, the Debian package management system, is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and...
matio: Multiple Vulnerabilities
Background matio is a library for reading and writing matlab files. Description Multiple vulnerabilities have been discovered in matio. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
rsyslog: Heap Buffer Overflow
Background rsyslog is an enhanced multi-threaded syslogd with database support and more. Description Multiple vulnerabilities have been discovered in rsyslog. Please review the CVE identifiers referenced below for details. Impact Modules for TCP syslog reception have a heap buffer overflow when...
Ruby on Rails: Remote Code Execution
Background Ruby on Rails is a free web framework used to develop database-driven web applications. Description Multiple vulnerabilities have been discovered in Ruby on Rails. Please review the CVE identifiers referenced below for details. Impact When serialized columns that use YAML the default a...
AFLplusplus: Arbitrary Code Execution
Background The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicornmode, and a lot more! Description In AFL++ 4.05c, the CmpLog component uses the current working directory to resolv...
runc: Multiple Vulnerabilities
Background runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. Description Multiple vulnerabilities have been discovered in runc. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...
GnuPG: Multiple Vulnerabilities
Background The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software. Description Multiple vulnerabilities have been discovered in GnuPG. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...
Bundler: Multiple Vulnerabilities
Background Bundler provides a consistent environment for Ruby projects by tracking and installing the exact gems and versions that are needed. Description Multiple vulnerabilities have been discovered in Bundler. Please review the CVE identifiers referenced below for details. Impact Please review...