3816 matches found
IcedTea: Multiple vulnerabilities
Background IcedTea’s aim is to provide OpenJDK in a form suitable for easy configuration, compilation and distribution with the primary goal of allowing inclusion in GNU/Linux distributions. Description Various OpenJDK attack vectors in IcedTea, such as 2D, Corba, Hotspot, Libraries, and JAXP,...
PLIB: Buffer overflow vulnerability
Background PLIB includes sound effects, music, a complete 3D engine, font rendering, a simple Windowing library, a game scripting language, a GUI, networking, 3D math library and a collection of handy utility functions. Description A buffer overflow in PLIB allows user-assisted remote attackers t...
claws-mail: Multiple Vulnerabilities
Background Claws Mail is a GTK based e-mail client. Description Multiple vulnerabilities have been discovered in claws-mail. Please review the CVE identifiers referenced below for details. Impact An attacker could possibly intercept communications due to the default implementation of SSL 3.0...
ImageMagick: Multiple vulnerabilities
Background Imagemagick is a collection of tools and libraries for many image formats. Description Multiple vulnerabilities have been discovered in ImageMagick including, but not limited to, various overflows and potential Denials of Service. Please visit the references and related bug reports for...
FreeXL: Multiple vulnerabilities
Background FreeXL is an open source library to extract valid data from within an Excel .xls spreadsheet. Description FreeXL’s shared strings and workbook functions are vulnerable to the remote execution of arbitrary code and Denial of Service. This can be achieved through specially crafted...
sudo: Unauthorized privilege escalation in sudoedit
Background sudo su “do” allows a system administrator to delegate authority to give certain users or groups of users the ability to run some or all commands as root or another user while providing an audit trail of the commands and their arguments. Description sudoedit in sudo is vulnerable to th...
libssh and libssh2: Multiple vulnerabilities
Background libssh is a mulitplatform C library implementing the SSHv2 and SSHv1 protocol on client and server side. Description libssh and libssh2 both have a bits/bytes confusion bug and generate an abnormaly short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key...
PHP: Multiple vulnerabilities
Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact An attacker can...
dhcpcd: Multiple vulnerabilities
Background A fully featured, yet light weight RFC2131 compliant DHCP client Description A heap overflow can be triggered via malformed DHCP responses in the printoption via dhcpenvoption1 due to incorrect option length values. These vulnerabilities could also allow remote attackers to trigger an...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
FFmpeg: Multiple vulnerabilities
Background FFmpeg is a complete, cross-platform solution to record, convert and stream audio and video. Description Multiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary co...
nginx: Multiple vulnerabilities
Background nginx is a robust, small, and high performance HTTP and reverse proxy server. Description Multiple vulnerabilities have been discovered in nginx. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly cause a Denial of Service condition...
spice: Multiple vulnerabilities
Background Provides a complete open source solution for remote access to virtual machines in a seamless way so you can play videos, record audio, share usb devices and share folders without complications. Description Multiple vulnerabilities have been discovered in spice, please review the CVE...
Puppet Server and Agent: Multiple vulnerabilities
Background Puppet Agent contains Puppet’s main code and all of the dependencies needed to run it, including Facter, Hiera, and bundled versions of Ruby and OpenSSL. Description Multiple vulnerabilities have been discovered in Puppet Server and Agent. Please review the CVE identifiers referenced...
GnuPG: Multiple vulnerabilities
Background The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software. Description Multiple vulnerabilities have been discovered in GnuPG and libgcrypt, please review the CVE identifiers referenced below for details. Impact A local attacker could possibly caus...
PuTTY: Multiple vulnerabilities
Background PuTTY is a telnet and SSH client. Description Multiple vulnerabilities have been discovered in PuTTY. Please review the CVE identifiers referenced below for details. Impact Stack-based buffer overflow in the SCP command-line utility allows remote servers to execute arbitrary code or...
libjpeg-turbo: Multiple vulnerabilities
Background libjpeg-turbo is a MMX, SSE, and SSE2 SIMD accelerated JPEG library Description libjpeg-turbo does not check for certain duplications of component data during the reading of segments that follow Start Of Scan SOS JPEG markers. Impact Remote attackers could obtain sensitive information...
Linux-PAM: Multiple vulnerabilities
Background Linux-PAM Pluggable Authentication Modules is an architecture allowing the separation of the development of privilege granting software from the development of secure and appropriate authentication schemes. Description Multiple vulnerabilities have been discovered in Linux-PAM. Please...
Mozilla Products: Multiple vulnerabilities
Background Mozilla Firefox is an open-source web browser, Mozilla Thunderbird an open-source email client, and the Network Security Service NSS is a library implementing security features like SSL v.2/v.3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME and X.509 certificates. The SeaMonkey project...
libfpx: Denial of service
Background A library for manipulating FlashPIX images. Description A double free vulnerability has been discovered in the FreeAllMemory function in jpeg/dectile.c. Impact A remote attacker could entice a user to open a specially crafted FPX image using an application linked against libfpx, possib...
rsync: Multiple vulnerabilities
Background File transfer program to keep remote files into sync. Description Multiple vulnerabilities have been discovered in rsync. Please review the CVE identifiers referenced below for details. Impact Remote attackers could write arbitrary files via symlink attacks. Workaround There is no know...
Chromium: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Description Multiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details...
Git: Multiple vulnerabilities
Background Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Description Git is vulnerable to the remote execution of arbitrary code by cloning repositories with large filenames or a large...
libksba: Multiple vulnerabilities
Background Libksba is a X.509 and CMS PKCS7 library. Description libksba is vulnerable to two integer overflows and a Denial of Service vulnerability. Please read the references for additional details. Impact Remote attackers could cause Denial of Service or unspecified other vectors through...
Wireshark: Multiple vulnerabilities
Background Wireshark is a network protocol analyzer formerly known as ethereal. Description Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact Remote attackers could cause Denial of Service and local attackers could...
Xen: Multiple vulnerabilities
Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact A local attacker could possibly cause a Denial of Service condition or obtain sensitive information. Workaround There...
QEMU: Multiple vulnerabilities
Background QEMU is a generic and open source machine emulator and virtualizer. Description Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Impact Local users within a guest QEMU environment can execute arbitrary code within th...
Xalan-Java: Arbitrary code execution
Background Xalan-Java is an XSLT processor for transforming XML documents into HTML, text, or other XML document types. Description The TransformerFactory in Apache Xalan-Java does not properly restrict access to certain properties when FEATURESECUREPROCESSING is enabled. This can also be exploit...
OpenSSL: Multiple vulnerabilities
Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been discovered in OpenSSL, the worst being a cross-protocol attack called...
FlightGear, SimGear: Multiple vulnerabilities
Background FlightGear is an open-source flight simulator. It supports a variety of popular platforms Windows, Mac, Linux, etc. and is developed by skilled volunteers from around the world. Source code for the entire project is available and licensed under the GNU General Public License. SimGear i...
VLC: Multiple vulnerabilities
Background VLC is a cross-platform media player and streaming server. Description Multiple vulnerabilities have been discovered in VLC. Please review the CVE identifiers referenced below for details. Impact Remote attackers could possibly execute arbitrary code or cause Denial of Service...
QtGui: Multiple vulnerabilities
Background QtGui is the GUI module and platform plugins for the Qt framework Description Multiple buffer overflow vulnerabilities have been discovered in QtGui. It is possible for remote attackers to construct specially crafted BMP, ICO, or GIF images that lead to buffer overflows. After...
Libreswan: Multiple Vulnerabilities
Background Libreswan is a free software implementation of the most widely supported and standarized VPN protocol based on “IPsec” and the Internet Key Exchange “IKE”. Description The pluto IKE daemon in Libreswan, when built with NSS, allows remote attackers to cause a Denial of Service assertion...
FFmpeg: Multiple vulnerabilities
Background FFmpeg is a complete, cross-platform solution to record, convert and stream audio and video. Description Multiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary co...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
Chromium: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Description Multiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details...
Oracle JRE/JDK: Multiple vulnerabilities
Background Java Platform, Standard Edition Java SE lets you develop and deploy Java applications on desktops and servers, as well as in today’s demanding embedded environments. Java offers the rich user interface, performance, versatility, portability, and security that today’s applications...
IcedTea: Multiple vulnerabilities
Background IcedTea’s aim is to provide OpenJDK in a form suitable for easy configuration, compilation and distribution with the primary goal of allowing inclusion in GNU/Linux distributions. Description Various OpenJDK attack vectors in IcedTea, such as 2D, Corba, Hotspot, Libraries, and JAXP,...
LibreOffice, OpenOffice: Multiple vulnerabilities
Background Apache OpenOffice is the leading open-source office software suite for word processing, spreadsheets, presentations, graphics, databases and more. LibreOffice is a powerful office suite; its clean interface and powerful tools let you unleash your creativity and grow your productivity...
Roundcube: Multiple Vulnerabilities
Background Free and open source webmail software for the masses, written in PHP. Description Remote authenticated users with certain permissions can read arbitrary files or possibly execute arbitrary code via .. in the skin parameter to index.php. Additionally, a cross-site scripting XSS...
Background FUSE provides an interface for filesystems implemented in userspace. Description The fusermount binary calls setuidgeteuid to reset the RUID when it invokes /bin/mount so that it can use privileged mount options that are normally restricted if RUID != EUID. FUSE does not properly clear...
OSC: Shell command injection
Background OSC is the command line tool and API for the Open Build Service. Description A vulnerability has been discovered that may allow remote attackers to execute arbitrary commands via shell metacharacters in a service file. Impact A remote attacker could possibly execute arbitrary code with...
GIMP: Multiple vulnerabilities
Background GIMP is a cross-platform image editor available for GNU/Linux, OS X, Windows and more operating systems. Description GIMP’s network server, scriptfu, is vulnerable to the remote execution of arbitrary code via the python-fu-eval command due to not requiring authentication. Additionally...
libwmf: Multiple vulnerabilities
Background libwmf is a library for converting WMF files. Description Multiple vulnerabilities have been discovered in libwmf. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process or cause...
GNU C Library: Multiple vulnerabilities
Background The GNU C library is the standard C library used by Gentoo Linux systems. Description Multiple vulnerabilities have been discovered in the GNU C Library: The Google Security Team and Red Hat discovered a stack-based buffer overflow in the senddg and sendvc functions due to a buffer...
QEMU: Multiple vulnerabilities
Background QEMU is a generic and open source machine emulator and virtualizer. Description Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Impact A remote attacker might cause a Denial of Service or gain escalated privileges...
OpenSSL: Multiple vulnerabilities
Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been discovered in OpenSSL. Please review the upstream advisory and CVE...
OpenSMTPD: Multiple vulnerabilities
Background OpenSMTPD is a lightweight but featured SMTP daemon from OpenBSD. Description Multiple vulnerabilities have been discovered in OpenSMTPD. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges o...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
WebKitGTK+: Multiple vulnerabilities
Background WebKitGTK+ is a full-featured port of the WebKit rendering engine. Description Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details. Impact A remote attack can use multiple vectors to execute arbitrary code or cause...