3816 matches found
OpenSSH: Multiple vulnerabilities
Background OpenSSH is a complete SSH protocol implementation that includes SFTP client and server support. Description Qualys have reported two issues in the “roaming” code included in the OpenSSH client, which provides undocumented, experimental support for resuming SSH connections. An OpenSSH...
ClamAV: Multiple vulnerabilities
Background ClamAV is a GPL virus scanner. Description Multiple vulnerabilities have been discovered in ClamAV. Please review the CVE identifiers referenced below for details. Impact A remote attacker could cause ClamAV to scan a specially crafted file, possibly resulting in a Denial of Service...
GStreamer: User-assisted execution of arbitrary code
Background GStreamer is an open source multimedia framework. Description A buffer overflow vulnerability has been found in the parsing of H.264 formatted video. Impact A remote attacker could entice a user to open a specially crafted H.264 formatted video using an application linked against...
KDE Systemsettings: Privilege escalation
Background KDE workspace configuration module for setting the date and time has a helper program which runs as root for performing actions. Description KDE Systemsettings fails to properly validate user input before passing it as argument in context of higher privilege. Impact A local attacker...
Firebird: Buffer Overflow
Background Firebird is a multi-platform, open source relational database. Description The vulnerability is caused due to an error when processing requests from remote clients. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of...
MPFR: User-assisted execution of arbitrary code
Background MPFR is a library for multiple-precision floating-point computations with exact rounding. Description MPFR fails to adequately check user-supplied input, which could lead to a buffer overflow. Impact A remote attacker could possibly execute arbitrary code with the privileges of the...
encfs: Multiple vulnerabilities
Background Encfs is an implementation of encrypted filesystem in user-space using FUSE. Description Multiple vulnerabilities have been discovered in encfs. Please review the CVE identifiers referenced below for details. Impact A local attacker can utilize a possible buffer overflow in the...
InspIRCd: Multiple vulnerabilities
Background InspIRCd is a modular Internet Relay Chat IRC server written in C++ which was created from scratch to be stable, modern and lightweight. Description Multiple vulnerabilities have been discovered in InspIRCd. Please review the CVE identifiers referenced below for details. Impact A remot...
Mozilla Products: Multiple vulnerabilities
Background Mozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox and Mozilla Thunderbird. Please review the CVE identifiers referenced below for...
gdk-pixbuf: Multiple Vulnerabilities
Background gdk-pixbuf is an image loading library for GTK+. Description Three heap-based buffer overflow vulnerabilities have been discovered in gdk-pixbuf. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted ima...
OpenSSH: Multiple vulnerabilities
Background OpenSSH is a complete SSH protocol implementation that includes an SFTP client and server support. Description Multiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers referenced below for details. Impact Workaround There is no known workaround at thi...
GRUB: Authentication bypass
Background GNU GRUB is a multiboot boot loader used by most Linux systems. Description An integer underflow in GRUB’s username/password authentication code has been discovered. Impact An attacker with access to the system console may bypass the username prompt by entering a sequence of backspace...
IPython: User-assisted execution of arbitrary code
Background IPython is an advanced interactive shell for Python. Description IPython does not properly check the MIME type of a file. Impact A remote attacker could entice a user to open a specially crafted text file using IPython, possibly resulting in execution of arbitrary JavaScript with the...
Dnsmasq: Denial of service
Background Dnsmasq is a lightweight, easy to configure DNS forwarder and DHCP server. Description An out-of-bounds read vulnerability has been found in the tcprequest function in Dnsmasq. Impact A remote attacker could send a specially crafted DNS request, possibly resulting in a Denial of Servic...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
MirBSD Korn Shell: Arbitrary code execution
Background MirBSD Korn Shell is an actively developed free implementation of the Korn Shell programming language and a successor to the Public Domain Korn Shell. Description Improper sanitation of environment import allows for appending of values to passed parameters. Impact An attacker who alrea...
Django: Multiple vulnerabilities
Background Django is a Python-based web framework. Description Multiple vulnerabilities have been found in Django: Session backends create a new record anytime request.session was accessed CVE-2015-5143 Built-in validators in Django do not properly sanitize input CVE-2015-5144 URL validation...
CUPS: Multiple vulnerabilities
Background CUPS, the Common Unix Printing System, is a full-featured print server. Description Multiple vulnerabilities have been discovered in cups. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges ...
tcpdump: Multiple vulnerabilities
Background tcpdump is a Tool for network monitoring and data acquisition. Description Multiple vulnerabilities have been discovered in tcpdump. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of the...
cups-filters: Multiple vulnerabilities
Background cups-filters is an OpenPrinting CUPS Filters. Description Multiple vulnerabilities have been discovered in cups-filters. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted print job using cups-filters...
QEMU: Arbitrary code execution
Background QEMU is a generic and open source machine emulator and virtualizer. Description Heap-based buffer overflow has been found in QEMU’s PCNET controller. Impact A remote attacker could execute arbitrary code via a specially crafted packets. Workaround There is no known workaround at this...
Wireshark: Multiple vulnerabilities
Background Wireshark is a network protocol analyzer formerly known as ethereal. Description Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly cause a Denial of Service condition...
MediaWiki: Multiple vulnerabilities
Background MediaWiki is a collaborative editing software used by large projects such as Wikipedia. Description Multiple vulnerabilities have been discovered in MediaWiki. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to create a Denial of...
BIND: Denial of service
Background BIND Berkeley Internet Name Domain is a Name Server. Description A vulnerability has been discovered in BIND’s named utility leading to a Denial of Service condition. Impact A remote attacker may be able to cause Denial of Service condition via specially constructed zone data. Workarou...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
NetworkManager: Denial of service
Background NetworkManager is an universal network configuration daemon for laptops, desktops, servers and virtualization hosts. Description IPv6 Neighbour Discovery ICMP broadcast containing a non-route with a low hop limit causes a Denial of Service by lowering the hop limit on existing IPv6...
NTP: Multiple vulnerablities
Background NTP contains software for the Network Time Protocol. Description Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process, or...
Git: Arbitrary command execution
Background Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Description A vulnerability in Git causing Git-compatible clients that access case-insensitive or case-normalizing filesystems to...
libtasn1: Multiple vulnerabilities
Background libtasn1 is an ASN.1 library Description Multiple vulnerabilities have been discovered in libtasn1. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of...
cURL: Multiple vulnerabilities
Background cURL is a tool and libcurl is a library for transferring data with URL syntax. Description Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly obtain sensitive information, or cau...
Cacti: Multiple vulnerabilities
Background Cacti is a complete frontend to rrdtool Description Multiple vulnerabilities have been discovered in cacti. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Deni...
libgadu: Multiple vulnerabilities
Background libgadu is a library that implements the client side of the Gadu-Gadu protocol. Description libgadu contains multiple vulnerabilities: X.509 certificates are not properly validated CVE-2013-4488 A integer overflow error could lead to a buffer overflow CVE-2013-6487 Malformed responses...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
Icecast: Denial of service
Background Icecast is an open source alternative to shoutcast that supports mp3, ogg vorbis/theora and aac streaming. Description When streamauth handler is defined for URL authentication and a request is sent without login credentials, a Denial of Service condition can occur. Impact A remote...
e2fsprogs: Arbitrary code execution
Background e2fsprogs is a set of utilities for maintaining the ext2, ext3 and ext4 file systems. Description e2fsprogs has a heap-based buffer overflow in closefs.c in the libext2fs library. Impact A local attacker could execute arbitrary code via a specially crafted block group descriptor...
libXfont: Multiple vulnerabilities
Background libXfont is an X11 font rasterisation library. Description Multiple vulnerabilities have been discovered in libXfont. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code or cause a Denial of Service condition...
PostgreSQL: Multiple vulnerabilities
Background PostgreSQL is an open source object-relational database management system. Description Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the...
SNMP: Denial of service
Background SNMP is a widely used protocol for monitoring the health and welfare of network equipment. Description A specially crafted trap message triggers a conversion to an erroneous variable type when the -OQ option is used. Impact A remote attacker could possibly cause a Denial of Service...
OpenSSL: Alternate chains certificate forgery
Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description During certificate verification, OpenSSL attempts to find an alternative certificate chain if the first...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
Chromium: Multiple vulnerabilities
Background Chromium is an open-source web browser project. Description Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details. Impact A remote attacker could bypass security restrictions. Workaround There is no known workaround at...
t1utils: Arbitrary code execution
Background t1utils is a collection of simple Type 1 font manipulation programs. Description t1utils has a buffer overflow in the setcsstart function in t1disasm.c. Impact A remote attacker could cause a denial of service and possibly execute arbitrary code via a crafted font file. Workaround Ther...
Perl: Denial of service
Background Perl is a highly capable, feature-rich programming language. Description Sregmatch function lacks proper checks before passing arguments to atoi Impact A remote attacker could send a specially crafted input, possibly resulting in a Denial of Service condition. Workaround There is no...
libCapsiNetwork: Denial of service
Background libCapsiNetwork is a C++ network library to allow fast development of server daemon processes. Description An off-by-one buffer overflow in libcapsinetwork network handling code is discovered. Impact A remote attacker could send a specially crafted request to application, that is linke...
Oracle JRE/JDK: Multiple vulnerabilities
Background The Oracle Java Development Kit JDK and the Oracle Java Runtime Environment JRE provide the Oracle Java platform. Description Multiple vulnerabilities have been discovered in Oracle JRE/JDK. Please review the CVE identifiers referenced below for details. Impact An context-dependent...
MySQL: Multiple vulnerabilities
Background MySQL is a fast, multi-threaded, multi-user SQL database server. Description Multiple vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details. Impact A remote attacker could send a specially crafted request, possibly resulting in...
Portage: Man-in-the-middle attack
Background Portage is the package management and distribution system for Gentoo. Description Portage does not verify X.509 SSL certificates properly if HTTPS is used. Impact A remote attacker can spoof servers and modify binary package lists via specially crafted certificates. Workaround There is...
PyPAM: Arbitrary code execution
Background PyPAM is a PAM binding for Python. Description PyPAM does not handle passwords correctly if there is NULL byte in the string. Impact A remote attacker could possibly execute arbitrary code or cause a Denial of Service condition. Workaround There is no known workaround at this time...
Exiv2: Denial of service
Background Exiv2 is a C++ library and a command line utility to manage image metadata. Description Exiv2 has a buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp. Impact A remote attacker could possibly cause a Denial of Service condition via a specially crafted AVI file...
libxml2: Denial of service
Background libxml2 is the XML C parser and toolkit developed for the Gnome project. Description libxml2 returns the empty string when the allocation limit is encountered while constructing the attribute value string. Impact A remote attacker may be able to cause Denial of Service via a specially...