3816 matches found
file: Multiple vulnerabilities
Background file is a utility that guesses a file format by scanning binary data for patterns. Description Multiple vulnerabilities have been discovered in file. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user or automated system to...
Pidgin: Multiple vulnerabilities
Background Pidgin is a client for a variety of instant messaging protocols. Description Multiple vulnerabilities have been discovered in Pidgin. Please review the CVE identifiers referenced below for details. Impact A remote attacker might send specially crafted data using the MXit protocol,...
libxml2: Multiple vulnerabilities
Background libxml2 is the XML eXtended Markup Language C parser and toolkit initially developed for the Gnome project. Description Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user...
Apache: Multiple vulnerabilities
Background The Apache HTTP server is one of the most popular web servers on the Internet. Description Multiple vulnerabilities have been discovered in Apache. Please review the CVE identifiers, upstream Apache Software Foundation documentation, and HTTPoxy website referenced below for details...
Mozilla SeaMonkey: Multiple vulnerabilities
Background Mozilla SeaMonkey is a free and open-source Internet suite. It is the continuation of the former Mozilla Application Suite, based on the same source code. Description Multiple vulnerabilities have been discovered in Mozilla SeaMonkey. Please review the CVE identifiers referenced below...
PostgreSQL: Multiple vulnerabilities
Background PostgreSQL is an open source object-relational database management system. Description Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the...
runC: Privilege escalation
Background RunC is a CLI tool for spawning and running containers according to the OCI specification. Description A vulnerability was discovered in runC that allows additional container processes via ‘runc exec’ to be ptraced by the pid 1 of the container. This allows the main processes of the...
flex: Potential insecure code generation
Background flex is a programming tool used to generate scanners programs which recognize lexical patterns in text. Description A heap-based buffer overflow in the yygetnextbuffer function in Flex might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary co...
PgBouncer: Multiple vulnerabilities
Background PgBouncer is a lightweight connection pooler for PostgreSQL. Description Multiple vulnerabilities have been discovered in PgBouncer. Please review the CVE identifiers referenced below for details. Impact A remote attacker might send a specially crafted package possibly resulting in a...
Vim, gVim: Remote execution of arbitrary code
Background Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim. Description Vim and gVim do not properly validate values for the ‘filetype’, ‘syntax’, and ‘keymap’ options. Impact A remote attacker could entice a user to open a...
D-Bus: Format string vulnerability
Background D-Bus is a message bus system, a simple way for applications to talk to one another. Description It was discovered that D-Bus incorrectly handles certain format strings. The impact of this new vulnerability is believed to not be exploitable if D-Bus is patched against CVE-2015-0245. Th...
BIND: Denial of service
Background BIND Berkeley Internet Name Domain is a Name Server. Description A defect in BIND’s handling of responses containing a DNAME answer can cause a resolver to exit after encountering an assertion failure in db.c or resolver.c. Impact A remote attacker could send a specially crafted DNS...
NGINX: Privilege escalation
Background nginx is a robust, small, and high performance HTTP and reverse proxy server. Description It was discovered that Gentoo’s default NGINX installation applied similar problematic permissions on “/var/log/nginx” as Debian DSA-3701 and is therefore vulnerable to the same attack described i...
NTFS-3G: Privilege escalation
Background NTFS-3G is a stable, full-featured, read-write NTFS driver for various operating systems. Description NTFS-3G is affected by the same vulnerability as reported in “GLSA 201603-04” when the bundled fuse-lite implementation is used. Impact A local user could gain root privileges...
7-Zip: Multiple vulnerabilities
Background 7-Zip is an open-source file archiver, an application used primarily to compress files. 7-Zip uses its own 7z archive format, but can read and write several other archive formats. Description Multiple vulnerabilities have been discovered in 7-Zip. Please review the CVE identifiers...
vzctl: Security bypass
Background vzctl is a set of control tools for the OpenVZ server virtualization solution. Description It was discovered that vzctl determined the virtual environment VE layout based on the presence of root.hdd/DiskDescriptor.xml in the VE private directory. This allows local simfs container CT ro...
phpBB: Multiple vulnerabilities
Background phpBB is an Open Source bulletin board package. Description Multiple vulnerabilities have been discovered in phpBB. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to change settings, inject arbitrary web script or HTML, or conduct...
Botan: Multiple vulnerabilities
Background Botan Japanese for peony is a cryptography library written in C++11. Description Multiple vulnerabilities have been discovered in Botan. Please review the CVE identifiers referenced below for details. Impact A remote attacker might obtain ECDSA secret keys via a timing side-channel...
Expat: Multiple vulnerabilities
Background Expat is a set of XML parsing libraries. Description Multiple vulnerabilities have been discovered in Expat. Please review the CVE identifiers referenced below for details. Impact A remote attacker, by enticing a user to process a specially crafted XML file, could execute arbitrary cod...
c-ares: Heap-based buffer overflow
Background c-ares is a C library for asynchronous DNS requests including name resolves. Description A hostname with an escaped trailing dot such as “hello\.” would have its size calculated incorrectly leading to a single byte written beyond the end of a buffer on the heap. Impact A remote...
phpMyAdmin: Multiple vulnerabilities
Background phpMyAdmin is a web-based management tool for MySQL databases. Description Multiple vulnerabilities have been discovered in phpMyAdmin. Please review the CVE identifiers referenced below for details. Impact A authenticated remote attacker could exploit these vulnerabilities to execute...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
Python: Multiple vulnerabilities
Background Python is an interpreted, interactive, object-oriented programming language. Description Multiple vulnerabilities have been discovered in Python. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted ind...
libTIFF: Multiple vulnerabilities
Background The TIFF library contains encoding and decoding routines for the Tag Image File Format. It is called by numerous programs, including GNOME and KDE applications, to interpret TIFF images. Description Multiple vulnerabilities have been discovered in libTIFF. Please review the CVE...
Mozilla Firefox, Thunderbird: Multiple vulnerabilities
Background Mozilla Firefox is a cross-platform web browser from Mozilla. The Mozilla Thunderbird mail client is a redesign of the Mozilla Mail component. The goal is to produce a cross-platform stand-alone mail application using XUL XML User Interface Language. Description Multiple vulnerabilitie...
libotr, Pidgin OTR: Remote execution of arbitrary code
Background Pidgin Off-the-Record OTR messaging allows you to have private conversations over instant messaging. libotr is a portable off-the-record messaging library. Description Multiple vulnerabilities exist in both libotr and Pidgin OTR. Please review the CVE identifiers for more information...
HDF5: Multiple vulnerabilities
Background HDF5 technology suite includes a data model, library, and file format for storing and managing data. Description Multiple arbitrary code execution vulnerabilities have been discovered in HDF5. Please review the CVE identifiers referenced below for details. Impact An attacker could...
musl: Integer overflow
Background musl is a “libc”, an implementation of the standard library functionality described in the ISO C and POSIX standards, plus common extensions, intended for use on Linux-based systems. Description A vulnerability was discovered in musl’s tretnfarunparallel function buffer overflow logic,...
LZO: Multiple vulnerabilities
Background LZO is an extremely fast compression and decompression library Description LZO is vulnerable to an integer overflow condition in the “lzo1xdecompresssafe” function which could result in a possible buffer overrun when processing maliciously crafted compressed input data. Impact A remote...
memcached: Multiple vulnerabilities
Background memcached is a high-performance, distributed memory object caching system Description Multiple integer overflow vulnerabilities were discovered in memcached. Please review the CVE identifiers and Cisco TALOS reports referenced below for details. Impact A remote attacker could abuse...
Bash: Multiple vulnerabilities
Background Bash is the standard GNU Bourne Again SHell. Description Multiple vulnerabilities have been discovered in Bash. Please review the CVE identifiers referenced below for details. Impact A local attacker could possibly execute arbitrary code with the privileges of the process, or cause a...
Xdg-Utils: Command injection
Background Xdg-Utils is a set of tools allowing all applications to easily integrate with the Free Desktop configuration. Description An eval injection vulnerability was discovered in Xdg-Utils. Impact A context-dependent attacker could execute arbitrary code via the URL argument to xdg-open...
Open vSwitch: Remote execution of arbitrary code
Background Open vSwitch is a production quality multilayer virtual switch. Description A buffer overflow was discovered in lib/flow.c in ovs-vswitchd. Impact A remote attacker, using a specially crafted MPLS packet, could execute arbitrary code. Workaround There is no known workaround at this tim...
e2fsprogs: Heap-based buffer overflow
Background e2fsprogs is a set of utilities for maintaining the ext2, ext3 and ext4 file systems. Description A heap-based buffer overflow was discovered in openfs.c in the libext2fs library in e2fsprogs. Impact A remote attacker could entice a user to use ext2fs library for example, fsck on a...
w3m: Multiple vulnerabilities
Background w3m is a text based WWW browser. Description Multiple vulnerabilities have been discovered in w3m. Please review the CVE identifiers referenced below for details. Impact A remote attacker could execute arbitrary code with the privileges of the process or cause a Denial of Service...
BusyBox: Denial of service
Background BusyBox is a set of tools for embedded systems and is a replacement for GNU Coreutils. Description The recvandprocessclientpkt function in networking/ntpd.c in BusyBox allows remote attackers to cause a Denial of Service CPU and bandwidth consumption via a forged NTP packet, which...
Mutt: Heap-based buffer overflow
Background Mutt is a small but very powerful text-based mail client. Description A heap-based buffer overflow was discovered in Mutt’s muttsubstrdup function. Impact A remote attacker could cause a Denial of Service condition. Workaround There is no known workaround at this time. Resolution All...
MariaDB and MySQL: Multiple vulnerabilities
Background MySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an enhanced, drop-in replacement for MySQL. Description Multiple vulnerabilities have been discovered in MariaDB and MySQL. Please review the CVE identifiers referenced below for details. Impact Attackers could execut...
libarchive: Multiple vulnerabilities
Background libarchive is a library for manipulating different streaming archive formats, including certain tar variants, several cpio formats, and both BSD and GNU ar variants. Description Multiple vulnerabilities have been discovered in libarchive. Please review the CVE identifiers referenced...
Icinga: Privilege escalation
Background Icinga is an open source computer system and network monitoring application. It was originally created as a fork of the Nagios system monitoring application in 2009. Description Icinga daemon was found to perform unsafe operations when handling the log file. Impact A local attacker, wh...
Openfire: Multiple vulnerabilities
Background Openfire formerly Wildfire is a cross-platform real-time collaboration server based on the XMPP Jabber protocol. Description Multiple vulnerabilities have been discovered in Openfire. Please review the CVE identifiers referenced below for details. Impact A remote attacker could bypass...
libjpeg-turbo: User-assisted execution of arbitrary code
Background libjpeg-turbo is a JPEG image codec that uses SIMD instructions MMX, SSE2, NEON, AltiVec to accelerate baseline JPEG compression and decompression. Description The accelerated Huffman decoder was previously invoked if there were 128 bytes in the input buffer. However, it is possible to...
Chicken: Multiple vulnerabilities
Background Chicken is a scheme interpreter and native scheme to C compiler. Description Multiple vulnerabilities have been discovered in Chicken. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of t...
Pillow: Multiple vulnerabilities
Background The friendly PIL fork. Description Multiple vulnerabilities have been discovered in Pillow. Please review the CVE identifiers referenced below for details. Impact A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the...
CyaSSL: Multiple vulnerabilities
Background CyaSSL is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud. Description Multiple vulnerabilities have been discovered in CyaSSL. Please review the CVE identifiers referenced below for details. Impact An attacker could possibly execute arbitrary code...
Xen: Multiple vulnerabilities
Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact A local attacker could possibly execute arbitrary code with the privileges of the process, could gain privileges on t...
mod_wsgi: Privilege escalation
Background modwsgi is an Apache2 module for running Python WSGI applications. Description modwsgi, when creating a daemon process group, does not properly handle dropping group privileges. Impact Context-dependent attackers could escalate privileges due to the improper handling of group privilege...
Firejail: Multiple vulnerabilities
Background A SUID program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf. Description Multiple vulnerabilities have been discovered in Firejail. Please review upstream’s release notes below for...
Roundcube: Arbitrary code execution
Background Free and open source webmail software for the masses, written in PHP. Description Roundcube, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line. Impact An authenticated...
Samba: Multiple vulnerabilities
Background Samba is a suite of SMB and CIFS client/server programs. Description Multiple vulnerabilities have been discovered in samba. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with root privileges, cause a Deni...