3816 matches found
UnRTF: Multiple vulnerabilities
Background UnRTF is a command-line program which converts RTF documents to other formats. Description Multiple vulnerabilities have been discovered in UnRTF. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to execute arbitrary code with the...
LibVNCServer: Multiple vulnerabilities
Background LibVNCServer is a cross-platform C library that allows you to easily implement VNC server functionality in your program. Description Multiple vulnerabilities have been discovered in LibVNCServer. Please review the CVE identifiers referenced below for details. Impact A remote attacker m...
International Components for Unicode: Multiple vulnerabilities
Background International Components for Unicode is a set of C/C++ and Java libraries providing Unicode and Globalization support for software applications. Description Multiple vulnerabilities have been discovered in International Components for Unicode. Please review the CVE identifiers referenc...
libxml2: Denial of service
Background libxml2 is the XML C parser and toolkit developed for the Gnome project. Description libxml2 returns the empty string when the allocation limit is encountered while constructing the attribute value string. Impact A remote attacker may be able to cause Denial of Service via a specially...
Tor: Denial of service
Background Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service. Description Tor does not handle data correctly when specifically crafted data is sent, and also fails to properly verify a descriptor provided by a hidden service...
chrony: Multiple vulnerabilities
Background chrony is a versatile implementation of the Network Time Protocol NTP. Description Multiple vulnerabilities have been discovered in chrony. Please review the CVE identifiers referenced below for details. Impact A remote attacker can cause arbitrary remote code execution or Denial of...
Chromium: Multiple vulnerabilities
Background Chromium is an open-source web browser project. Description Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details. Impact A remote attacker can cause arbitrary remote code execution, Denial of Service or bypass of...
GnuTLS: Multiple vulnerabilities
Background GnuTLS is an Open Source implementation of the TLS and SSL protocols. Description Multiple vulnerabilities have been discovered in GnuTLS. Please review the CVE identifiers and external references below for details. Impact A context-dependent attacker can cause a denial of service...
OpenSSL: Multiple vulnerabilities
Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security as well as a general purpose cryptography library. Description Multiple vulnerabilities have been found in OpenSSL. Please review the CVE identifiers referenced below for details. Impac...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
phpMyAdmin: Multiple vulnerabilities
Background phpMyAdmin is a web-based management tool for MySQL databases. Description Multiple vulnerabilities have been discovered in phpMyAdmin. Please review the CVE identifiers referenced below for details. Impact A remote authenticated attacker could exploit these vulnerabilities to include...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
Ettercap: Multiple vulnerabilities
Background Ettercap is a comprehensive suite for man in the middle attacks. Description Multiple vulnerabilities have been discovered in Ettercap. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of...
X.Org X Server: Multiple vulnerabilities
Background The X Window System is a graphical windowing system based on a client/server model. Description Multiple vulnerabilities have been discovered in X.Org X Server. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary cod...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
MySQL and MariaDB: Multiple vulnerabilities
Background MySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an enhanced, drop-in replacement for MySQL. Description Multiple vulnerabilities have been discovered in MySQL and MariaDB. Please review the CVE identifiers referenced below for details. Impact A remote attacker coul...
sudo: Information disclosure
Background sudo allows a system administrator to give users the ability to run commands as other users. Access to commands may also be granted on a range to hosts. Description sudo does not handle the TZ environment variable properly. Impact A local attacker may be able to read arbitrary files or...
Apache: Multiple vulnerabilities
Background Apache HTTP Server is one of the most popular web servers on the Internet. Description Multiple vulnerabilities have been discovered in Apache HTTP Server. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to execute arbitrary code or...
Xen: Multiple vulnerabilities
Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact A local attacker could possibly cause a Denial of Service condition or obtain sensitive information. Workaround There...
Mozilla Products: Multiple vulnerabilities
Background Mozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the ‘Mozilla...
BusyBox: Multiple vulnerabilities
Background BusyBox is set of tools for embedded systems and is a replacement for GNU Coreutils. Description Multiple vulnerabilities have been discovered in BusyBox. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker can load kernel modules without...
Chromium: Multiple vulnerabilities
Background Chromium is an open-source web browser project. Description Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to cause a Denial of Service condition, bypass security...
OpenSSL: Multiple vulnerabilities
Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been found in OpenSSL. Please review the CVE identifiers and the upstream...
Python: Multiple vulnerabilities
Background Python is an interpreted, interactive, object-oriented programming language. Description Multiple vulnerabilities have been discovered in Python. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker may be able to execute arbitrary code or...
file: Denial of service
Background The file utility attempts to identify a file’s format by scanning binary data for patterns. Description Multiple issues with the ELF parser used by the file utility have been detected and fixed. Impact A context-dependent attacker can cause Denial of Service. Workaround There is no kno...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
hivex: User-assisted execution of arbitrary code
Background hivex is a library for reading and writing Windows Registry ‘hive’ binary files. Description Manipulating a short or truncated hive file may trigger an out-of-bounds read or write in hivex. Impact A context-dependent attacker could cause an application linked against hivex to pass a...
ICU: Multiple Vulnerabilities
Background ICU is a mature, widely used set of C/C++ and Java libraries providing Unicode and Globalization support for software applications. Description Multiple vulnerabilities have been discovered in ICU. Please review the CVE identifiers referenced below for details. Impact A remote attacker...
PHP: Multiple vulnerabilities
Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
FreeType: Multiple vulnerabilities
Background FreeType is a high-quality and portable font engine. Description Multiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details. Impact A remote attacker can cause Denial of Service. Workaround There is no known workaround at...
GNU C Library: Multiple vulnerabilities
Background The GNU C library is the standard C library used by Gentoo Linux systems. Description Multiple vulnerabilities have been discovered in the GNU C Library. Please review the CVE identifiers referenced below for details. Impact A local attacker may be able to execute arbitrary code or cau...
D-Bus: Denial of service
Background D-Bus is a message bus system, a simple way for applications to talk to one another. Description D-Bus doesn’t validate the source of ActivationFailure signals. Impact A local attacker could possibly cause a Denial of Service condition. Workaround There is no known workaround at this...
JasPer: Multiple Vulnerabilities
Background JasPer is a software-based implementation of the codec specified in the JPEG-2000 Part-1 standard. Description Multiple vulnerabilities have been discovered in JasPer. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a...
grep: Denial of service
Background grep is the GNU regular expression matcher. Description A heap buffer overrun has been fixed in the bmexectrans function in kwset.c. Impact A local user can cause Denial of Service. Workaround There is no known workaround at this time. Resolution All grep users should upgrade to the...
Samba: Multiple vulnerabilities
Background Samba is a suite of SMB and CIFS client/server programs. Description Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker may be able to execute arbitrary code, cause a Denial of...
Chromium: Multiple vulnerabilities
Background Chromium is an open-source web browser project. Description Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to cause a Denial of Service condition, gain privileges via a...
GNU cpio: Multiple vulnerabilities
Background GNU cpio copies files into or out of a cpio or tar archive. Description Two vulnerabilities have been discovered in GNU cpio: The listfile function in GNU cpio contains a heap-based buffer overflow vulnerability CVE-2014-9112 A directory traversal vulnerability has been found in GNU cp...
libpng: User-assisted execution of arbitrary code
Background libpng is a standard library used to process PNG Portable Network Graphics images. It is used by several programs, including web browsers and potentially server processes. Description Two vulnerabilities have been discovered in libpng: The pnguserversioncheck function contains an...
Oracle JRE/JDK: Multiple vulnerabilities
Background Oracle’s Java SE Development Kit and Runtime Environment Description Multiple vulnerabilities have been discovered in Oracle’s Java SE Development Kit and Runtime Environment. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker may be abl...
nginx: Information disclosure
Background nginx is a robust, small, and high performance HTTP and reverse proxy server. Description An SSL session fixation vulnerability has been found in nginx when multiple servers use the same shared sslsessioncache or sslsessionticketkey. Impact A remote attacker may be able to obtain...
MediaWiki: Multiple vulnerabilities
Background MediaWiki is a collaborative editing software used by large projects such as Wikipedia. Description Multiple vulnerabilities have been discovered in MediaWiki. Please review the CVE identifiers and MediaWiki announcement referenced below for details. Impact A remote attacker may be abl...
Libav: Multiple vulnerabilities
Background Libav is a complete solution to record, convert and stream audio and video. Description Multiple vulnerabilities have been discovered in Libav. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted media...
BIND: Multiple Vulnerabilities
Background BIND Berkeley Internet Name Domain is a Name Server. Description Multiple vulnerabilities have been discovered in BIND. Please review the CVE identifiers referenced below for details. Impact A remote attacker can cause a denial of service condition by the lack of GeoIP databases, or vi...
libevent: User-assisted execution of arbitrary code
Background libevent is a library to execute a function when a specific event occurs on a file descriptor. Description Multiple integer overflow errors in libevent could cause a heap-based buffer overflow. Impact A context-dependent attacker could cause an application linked against libevent to pa...
Antiword: User-assisted execution of arbitrary code
Background Antiword is a free MS Word reader. Description A buffer overflow vulnerability has been found in wordole.c in Antiword. Impact A remote attacker could entice a user to open a specially crafted document using Antiword, possibly resulting in execution of arbitrary code with the privilege...
tcpdump: Multiple vulnerabilities
Background tcpdump is a tool for capturing and inspecting network traffic. Description Multiple vulnerabilities have been discovered in tcpdump: The olsrprint function function contains an integer underflow error CVE-2014-8767 The geonetprint function function contains multiple integer underflow...
mpg123: User-assisted execution of arbitrary code
Background mpg123 is a realtime MPEG 1.0/2.0/2.5 audio player for layers 1, 2 and 3. Description An issue has been found in mpg123 when decoding specifically crafted MP3 file, that causes a heap-based buffer overflow. Impact A remote attacker could entice a user to open a specially crafted MPEG...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
MIT Kerberos 5: User-assisted execution of arbitrary code
Background MIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. Description Multiple vulnerabilities have been discovered in MIT Kerberos 5. Please review the CVE identifiers referenced below for details. Impact A remote attacker could execute arbitrary code wit...
Wireshark: Multiple vulnerabilities
Background Wireshark is a network protocol analyzer formerly known as ethereal. Description Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact A remote attacker can cause a Denial of Service condition via specially...