3816 matches found
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
Poppler: Multiple vulnerabilities
Background Poppler is a PDF rendering library based on the xpdf-3.0 code base. Description Multiple vulnerabilities have been discovered in Poppler. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted PDF using...
Chromium: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Description Multiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details...
MongoDB: Denial of service
Background MongoDB from “humongous” is a scalable, high-performance, open source, schema-free, document-oriented database. Description MongoDB’s ‘mongod’ server fails to validate some cases of malformed BSON. Impact A remote attacker could send a specially crafted BSON request possibly resulting ...
imlib2: Multiple vulnerabilities
Background imlib2 is an advanced replacement for image manipulation libraries such as libXpm. It is utilized by numerous programs, including gkrellm and several window managers, to display images. Description Multiple vulnerabilities have been discovered in imlib2. Please review the CVE identifie...
MIT Kerberos 5: Multiple vulnerabilities
Background MIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. Description Multiple vulnerabilities have been discovered in MIT Kerberos 5. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly cause a Denial of...
QEMU: Multiple vulnerabilities
Background QEMU is a generic and open source machine emulator and virtualizer. Description Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Impact A privileged user /process within a guest QEMU environment can cause a Denial of...
libuv: Privilege escalation
Background libuv is a multi-platform support library with a focus on asynchronous I/O. Description It was discovered that libuv does not call setgroups before calling setuid/setgid. If this is not called, then even though the uid has been dropped, there may still be groups associated that permit...
tnftp: Arbitrary code execution
Background tnftp is a NetBSD FTP client with several advanced features. Description The fetchurl function in usr.bin/ftp/fetch.c allows remote attackers to execute arbitrary commands via a Impact A remote attacker could possibly execute arbitrary code with the privileges of the process. Workaroun...
polkit: Heap-corruption on duplicate IDs
Background polkit is a toolkit for managing policies relating to unprivileged processes communicating with privileged processes. Description A vulnerability was discovered in polkit’s polkitbackendactionpoolinit function due to duplicate action IDs in action descriptions. Impact Local attackers a...
xinetd: Privilege escalation
Background xinetd is a secure replacement for inetd. Description Xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root. Impact Attackers could escalate privileges outside of the running process. Workaround There is n...
Xen: Multiple vulnerabilities
Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact A malicious guest administrator could escalate their privileges on the host system or cause a Denial of Service...
libpng: Multiple vulnerabilities
Background libpng is a standard library used to process PNG Portable Network Graphics images. It is used by several other programs, including web browsers and potentially server processes. Description Multiple vulnerabilities were found in libpng. Please review the referenced CVE’s for additional...
LibreOffice, OpenOffice: Multiple vulnerabilities
Background LibreOffice is a powerful office suite; its clean interface and powerful tools let you unleash your creativity and grow your productivity. Apache OpenOffice is the leading open-source office software suite for word processing, spreadsheets, presentations, graphics, databases and more...
Oracle JRE/JDK: Multiple vulnerabilities
Background Java Platform, Standard Edition Java SE lets you develop and deploy Java applications on desktops and servers, as well as in today’s demanding embedded environments. Java offers the rich user interface, performance, versatility, portability, and security that today’s applications...
OpenVPN: Multiple vulnerabilities
Background OpenVPN is a multi-platform, full-featured SSL VPN solution. Description Multiple vulnerabilities have been discovered in OpenVPN. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to recover plaintext from encrypted communications...
UnZip: Multiple vulnerabilities
Background Info-ZIP’s UnZip is a tool to list and extract files inside PKZIP compressed files. Description Multiple vulnerabilities were found in UnZip. Please review the referenced CVE’s for additional information. Impact Remote attackers could execute arbitrary code or cause Denial of Service...
GNU Wget: Multiple vulnerabilities
Background GNU Wget is a free software package for retrieving files using HTTP, HTTPS and FTP, the most widely-used Internet protocols. Description Multiple vulnerabilities have been discovered in Wget. Please review the CVE identifier and bug reports referenced for details. Impact A remote...
Chromium: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Description Multiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
Oracle JRE/JDK: Multiple vulnerabilities
Background Java Platform, Standard Edition Java SE lets you develop and deploy Java applications on desktops and servers, as well as in today’s demanding embedded environments. Java offers the rich user interface, performance, versatility, portability, and security that today’s applications...
Subversion, Serf: Multiple Vulnerabilities
Background Subversion is a version control system intended to eventually replace CVS. Like CVS, it has an optional client-server architecture where the server can be an Apache server running modsvn, or an ssh program as in CVS’s :ext: method. In addition to supporting the features found in CVS,...
MySQL and MariaDB: Multiple vulnerabilities
Background MySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an enhanced, drop-in replacement for MySQL. Description Multiple vulnerabilities have been discovered in MySQL and MariaDB. Please review the CVE identifiers referenced below for details. Impact A remote attacker coul...
BIND: Multiple vulnerabilities
Background BIND Berkeley Internet Name Domain is a Name Server. Description Multiple vulnerabilities have been discovered in BIND. Please review the CVE identifiers referenced below for details. Impact A remote attacker could cause a Denial of Service condition through multiple attack vectors...
Quagga: Arbitrary code execution
Background Quagga is a free routing daemon replacing Zebra supporting RIP, OSPF and BGP. Description A memcpy function in the VPNv4 NLRI parser of bgpmplsvpn.c does not properly check the upper-bound length of received Labeled-VPN SAFI routes data, which may allow for arbitrary code execution on...
libgcrypt: Multiple vulnerabilities
Background libgcrypt is a general purpose cryptographic library derived out of GnuPG. Description Multiple vulnerabilities have been discovered in libgcrypt. Please review the CVE identifiers referenced below for details. Impact Side-channel attacks can leak private key information. A separate...
Groovy: Arbitrary code execution
Background A multi-faceted language for the Java platform Description Groovy’s MethodClosure class, in runtime/MethodClosure.java, is vulnerable to a crafted serialized object. Impact Remote attackers could potentially execute arbitrary code, or cause Denial of Service condition Workaround A...
Apache: Multiple vulnerabilities
Background Apache HTTP Server is one of the most popular web servers on the Internet. Description Multiple vulnerabilities have been discovered in Apache HTTP Server. Please review the CVE identifiers referenced below for details. Impact Remote attackers could bypass intended access restrictions,...
Bundler: Insecure installation
Background Bundler provides a consistent environment for Ruby projects by tracking and installing the exact gems and versions that are needed. Description Bundler, allows the installation of gems from different sources with the same names, when multiple top-level gem sources are used. Impact Remo...
QEMU: Multiple vulnerabilities
Background QEMU is a generic and open source machine emulator and virtualizer. Description Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Impact Local users within a guest QEMU environment can execute arbitrary code within th...
OptiPNG: Multiple vulnerabilities
Background OptiPNG is a PNG optimizer that recompresses image files to a smaller size, without losing any information. Description Multiple vulnerabilities have been discovered in OptiPNG. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user...
BeanShell: Arbitrary code execution
Background BeanShell is a small, free, embeddable Java source interpreter with object scripting language features, written in Java. Description An application that includes BeanShell on the classpath may be vulnerable if another part of the application uses Java serialization or XStream to...
NTP: Multiple vulnerabilities
Background NTP contains software for the Network Time Protocol. Description Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly cause a Denial of Service condition. Workaround There is no kno...
Ansible: Privilege escalation
Background Ansible is a radically simple IT automation platform. Description The createscript function in the lxccontainer module of Ansible uses predictable temporary file names, making it vulnerable to a symlink attack. Impact Local attackers could write arbitrary files or gain escalated...
Exim: Arbitrary code execution
Background Exim is a message transfer agent MTA designed to be a a highly configurable, drop-in replacement for sendmail. Description Vulnerabilities have been discovered in Exim’s implementation of set-uid root and when using ‘perlstartup’. These vulnerabilities require a user account on the Exi...
Bugzilla: Multiple vulnerabilities
Background Bugzilla is the bug-tracking system from the Mozilla project. Description Multiple vulnerabilities have been discovered in Bugzilla. Please review the CVE identifiers referenced below for details. Impact Privileged account holders could execute system level commands, and the new user...
Varnish: Multiple vulnerabilities
Background Varnish is a web application accelerator. Description Varnish fails to properly validate input from HTTP headers, and does not deny requests with multiple Content-Length headers. Impact Remote attackers could conduct an HTTP response splitting attack, which may further enable them to...
Commons-BeanUtils: Arbitrary code execution
Background Commons-beanutils provides easy-to-use wrappers around Reflection and Introspection APIs Description Apache Commons BeanUtils does not suppress the class property, which allows for the manipulation of the ClassLoader. Impact Remote attackers could potentially execute arbitrary code wit...
libbsd: Arbitrary code execution
Background This library provides useful functions commonly found on BSD systems, and lacking on others like GNU systems, thus making it easier to port projects with strong BSD origins, without needing to embed the same code over and over again on each project. Description libbsd contains a buffer...
Dropbear: Privilege escalation
Background Dropbear is a relatively small SSH server and client. Description A CRLF injection vulnerability in Dropbear SSH allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data. Impact A remote authenticated user could execute arbitrary...
arpwatch: Privilege escalation
Background The ethernet monitor program; for keeping track of ethernet/ip address pairings. Description Arpwatch does not properly drop supplementary groups. Impact Attackers, if able to exploit arpwatch, could escalate privileges outside of the running process. Workaround There is no known...
Cacti: Multiple vulnerabilities
Background Cacti is a complete frontend to rrdtool. Description Multiple vulnerabilities have been discovered in Cacti. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process, or remote...
CUPS: Buffer overflow
Background CUPS, the Common Unix Printing System, is a full-featured print server. Description A vulnerability has been discovered in CUPS concerning the handling of compressed raster files. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process...
GD: Multiple vulnerabilities
Background GD is a graphic library for fast image creation. Description Multiple vulnerabilities have been discovered in GD. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause ...
Chromium: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Description Multiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
libpcre: Multiple Vulnerabilities
Background libpcre is a library providing functions for Perl-compatible regular expressions. Description Multiple vulnerabilities have been discovered in libpcre. Please review the CVE identifiers referenced below for details. Impact An attacker can possibly execute arbitrary code or create a...
Squid: Multiple vulnerabilities
Background Squid is a full-featured Web proxy cache designed to run on Unix systems. It supports proxying and caching of HTTP, FTP, and other URLs, as well as SSL support, cache hierarchies, transparent caching, access control lists and many other features. Description Multiple vulnerabilities ha...
hostapd and wpa_supplicant: Multiple vulnerabilities
Background wpasupplicant is a WPA Supplicant with support for WPA and WPA2 IEEE 802.11i / RSN. hostapd is a user space daemon for access point and authentication servers. Description Multiple vulnerabilities exist in both hostapd and wpasupplicant. Please review the CVE identifiers for more...
kwalletd: Information disclosure
Background Kwalletd is is a credentials management application for KDE. Description Kwalletd in KWallet uses Blowfish with ECB mode instead of CBC mode when encrypting the password store. Impact Local attackers, with access to the password store, could conduct a codebook attack in order to obtain...