3816 matches found
getmail: Information disclosure
Background getmail is a POP3 mail retriever with reliable Maildir and mbox delivery. Description Multiple vulnerabilities have been discovered in getmail. Please review the CVE identifiers referenced below for details. Impact A remote attacker could cause a man-in-the-middle attack via multiple...
Asterisk: Multiple vulnerabilities
Background Asterisk is an open source telephony engine and toolkit. Description Multiple unspecified vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers referenced below for details. Impact Unauthenticated remote attackers can cause Denial of Service or bypass...
fish: Multiple vulnerabilities
Background fish is the Friendly Interactive SHell. Description Multiple vulnerabilities have been discovered in fish. Please review the CVE identifiers referenced below for details. Impact A local attacker may be able to gain escalated privileges or overwrite arbitrary files. Furthermore, a remot...
file: Denial of service
Background The file utility attempts to identify a file’s format by scanning binary data for patterns. Description An issue with the ELF parser used by the file utility can cause a resource consumption when reading a specially-crafted ELF binary. Impact A context-dependent attacker may be able to...
MuPDF: User-assisted execution of arbitrary code
Background MuPDF is a lightweight PDF viewer and toolkit written in portable C. Description Multiple vulnerabilities have been discovered in MuPDF. Please review the CVE identifier and Secunia Research referenced below for details. Impact A remote attacker could entice a user to open a specially...
Xen: Denial of service
Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact A local user could possibly cause a Denial of Service condition. Workaround There is no known workaround at this time...
Facter: Privilege escalation
Background Facter is a cross-platform Ruby library for retrieving facts from operating systems. Description Facter includes the current working directory in the search path. Impact A local attacker may be able to gain escalated privileges. Workaround There is no known workaround at this time...
TORQUE Resource Manager: Multiple vulnerabilities
Background TORQUE is a resource manager and queuing system based on OpenPBS. Description Multiple vulnerabilities have been discovered in TORQUE Resource Manager. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker may be able to gain escalated...
Icecast: Multiple Vulnerabilities
Background Icecast is an open source alternative to SHOUTcast that supports MP3, OGG Vorbis/Theora and AAC streaming. Description Two vulnerabilities have been discovered in Icecast: Icecast does not properly handle shared file descriptors CVE-2014-9018 Supplementary group privileges are not...
LittleCMS: Denial of service
Background LittleCMS, or short lcms, is a color management system for working with ICC profiles. It is used by many applications including GIMP and Firefox. Description Multiple stack-based buffer overflows and a profile parser error have been found in LittleCMS. Impact A remote attacker could...
policycoreutils: Privilege escalation
Background policycoreutils is a collection of SELinux policy utilities. Description The seunshare utility is owned by root with 4755 permissions which can be exploited by a setuid system call. Impact A local attacker may be able to gain escalated privileges. Workaround There is no known workaroun...
OpenSSL: Multiple vulnerabilities
Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced...
FLAC: User-assisted execution of arbitrary code
Background The Free Lossless Audio Codec FLAC library is the reference implementation of the FLAC audio file format. Description A stack-based buffer overflow flaw has been discovered in FLAC. Impact A remote attacker could entice a user to open a specially crafted .flac file using an application...
OpenVPN: Denial of service
Background OpenVPN is a multi-platform, full-featured SSL VPN solution. Description OpenVPN does not properly handle control channel packets that are too small. Impact A remote authenticated attacker could send a specially crafted control channel packet, possibly resulting in a Denial of Service...
RSYSLOG: Denial of service
Background RSYSLOG is an enhanced multi-threaded syslogd with database support and more. Description Multiple vulnerabilities have been discovered in RSYSLOG. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker may be able to create a Denial of...
libvirt: Denial of service
Background libvirt is a C toolkit for manipulating virtual machines. Description Multiple vulnerabilities have been discovered in libvirt. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker may be able to cause Denial of Service. Workaround There i...
QEMU: Multiple Vulnerabilities
Background QEMU is a generic and open source machine emulator and virtualizer. Description Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker may be able to execute arbitrary code, cause a Deni...
NTP: Multiple vulnerabilities
Background NTP is a protocol designed to synchronize the clocks of computers over a network. The net-misc/ntp package contains the official reference implementation by the NTP Project. Description Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced...
sendmail: Information disclosure
Background sendmail is a widely-used Mail Transport Agent MTA. Description The smcloseonexec function in conf.c has arguments in the wrong order. Impact A local attacker could get access to unintended high-numbered file descriptors via a specially crafted program. Workaround There is no known...
PowerDNS Recursor: Multiple vulnerabilities
Background PowerDNS Recursor is a high-end, high-performance resolving name server Description Multiple vulnerabilities have been discovered in PowerDNS Recursor. Please review the CVE identifiers and PowerDNS blog post referenced below for details. Impact A remote attacker may be able to send...
ZNC: Denial of service
Background ZNC is an advanced IRC bouncer. Description Multiple NULL pointer dereferences have been found in ZNC. Impact A remote attacker could send a specially crafted request, possibly resulting in a Denial of Service condition. Workaround There is no known workaround at this time. Resolution...
Varnish: Multiple vulnerabilities
Background Varnish is a web application accelerator. Description Multiple vulnerabilities have been discovered in Varnish. Please review the CVE identifiers referenced below for details. Impact A remote attacker could cause a Denial of Service condition via a specially crafted GET request...
Apache Tomcat: Multiple vulnerabilities
Background Apache Tomcat is a Servlet-3.0/JSP-2.2 Container. Description Multiple vulnerabilities have been discovered in Tomcat. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to cause a Denial of Service condition as well as obtain sensitive...
Ruby on Rails: Multiple vulnerabilities
Background Ruby on Rails is a web-application and persistence framework. Description Multiple vulnerabilities have been discovered in Ruby on Rails. Please review the CVE identifiers referenced below for details. Impact A remote attacker could execute arbitrary code or cause a Denial of Service...
strongSwan: Multiple Vulnerabilities
Background strongSwan is an IPSec implementation for Linux. Description A NULL pointer dereference and an error in the IKEv2 implementation have been found in strongSwan. Impact A remote attacker could create a Denial of Service condition or bypass security restrictions. Workaround There is no...
Ruby: Denial of service
Background Ruby is an object-oriented scripting language. Description Multiple vulnerabilities have been discovered in Ruby. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker could possibly execute arbitrary code with the privileges of the process...
MCollective: Privilege escalation
Background MCollective is a framework to build server orchestration or parallel job execution systems. Description Two vulnerabilities have been found in MCollective: An untrusted search path vulnerability exists in MCollective CVE-2014-3248 MCollective does not properly validate server...
Nagios: Multiple vulnerabilities
Background Nagios is an open source host, service and network monitoring program. Description Multiple vulnerabilities have been discovered in Nagios. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to execute arbitrary code, cause a Denial of...
Chromium: Multiple vulnerabilities
Background Chromium is an open-source web browser project. Description Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to execute arbitrary code with the privileges of the process or...
CouchDB: Denial of service
Background Apache CouchDB is a distributed, fault-tolerant and schema-free document-oriented database. Description CouchDB does not properly sanitize the count parameter for Universally Unique Identifiers UUID requests. Impact A remote attacker could send a specially crafted request to CouchDB,...
mod_wsgi: Privilege escalation
Background modwsgi is an Apache2 module for running Python WSGI applications. Description Two vulnerabilities have been found in modwsgi: Error codes returned by setuid are not properly handled CVE-2014-0240 A memory leak exists via the “Content-Type” header CVE-2014-0242 Impact A local attacker...
OpenJPEG: Multiple vulnerabilities
Background OpenJPEG is an open-source JPEG 2000 library. Description Multiple vulnerabilities have been discovered in OpenJPEG. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted JPEG file, possibly resulting in...
GPL Ghostscript: Multiple vulnerabilities
Background Ghostscript is an interpreter for the PostScript language and for PDF. Description Multiple vulnerabilities have been discovered in GPL Ghostscript. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker could entice a user to open a special...
Xfig: User-assisted execution of arbitrary code
Background Xfig is an interactive drawing tool. Description A stack-based buffer overflow and a stack consumption vulnerability have been found in Xfig. Impact A remote attacker could entice a user to open a specially-crafted file, potentially resulting in arbitrary code execution or a Denial of...
Django: Multiple vulnerabilities
Background Django is a Python-based web framework. Description Multiple vulnerabilities have been discovered in Django. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to create a Denial of Service condition, obtain sensitive information, or...
GNUstep Base library: Denial of service
Background GNUstep Base library is a free software package implementing the API of the OpenStep Foundation Kit tm, including later additions. Description GNUstep Base library does not properly handle the file descriptor for logging, when run as a daemon. Impact A remote attacker could send a...
QtGui: Denial of service
Background QtGui is the GUI module and platform plugins for the Qt5 framework. Description A NULL pointer dereference has been found in QtGui. Impact A remote attacker could send a specially crafted GIF image, possibly resulting in a Denial of Service condition. Workaround There is no known...
FreeRDP: User-assisted execution of arbitrary code
Background FreeRDP is a free implementation of the remote desktop protocol. Description FreeRDP does not properly validate user-supplied input, which could lead to an integer overflow in the xfPointerNew function. Impact A remote attacker could execute arbitrary code with the privileges of the...
PPP: Information disclosure
Background PPP is a Unix implementation of the Point-to-Point Protocol Description Integer overflow is discovered in the getword function in options.c in PPP Impact A local attacker could execute process with extremely long options list, possibly obtaining sensitive information. Workaround There ...
D-Bus: Multiple Vulnerabilities
Background D-Bus is a message bus system, a simple way for applications to talk to one another. Description Multiple vulnerabilities have been discovered in D-Bus. Please review the CVE identifiers referenced below for details. Impact A local attacker could possibly cause a Denial of Service...
AMD64 x86 emulation base libraries: Multiple vulnerabilities
Background AMD64 x86 emulation base libraries provides pre-compiled 32-bit libraries. Description Multiple vulnerabilities have been discovered in AMD64 x86 emulation base libraries. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker may be able to...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
Multiple packages, Multiple vulnerabilities fixed in 2010
Background For more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild. Description Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. Insight Perl Tk Module...
Multiple packages, Multiple vulnerabilities fixed in 2012
Background For more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild. Description Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. EGroupware VTE Layer Four...
Multiple packages, Multiple vulnerabilities fixed in 2011
Background For more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild. Description Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. FMOD Studio PEAR Mail LVM...
libxml2: Denial of service
Background libxml2 is the XML C parser and toolkit developed for the Gnome project. Description parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled. Impact A context-dependent attacker could entice a user to a specially craft...
Clam AntiVirus: Denial of service
Background Clam AntiVirus is an open source GPL anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Description A heap-based buffer overflow exists in the cliscanpe function in libclamav/pe.c in ClamAV. Impact A remote attacker could possibly cause a Denial of...
QEMU: Multiple Vulnerabilities
Background QEMU is a generic and open source machine emulator and virtualizer. Description Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker could cause a Denial of Service condition and a loc...
libvirt: Multiple vulnerabilities
Background libvirt is a C toolkit for manipulating virtual machines. Description Multiple vulnerabilities have been discovered in libvirt. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to cause a Denial of Service or cause information leakage...
nfs-utils: Information disclosure
Background nfs-utils contains the client and daemon implementations for the NFS protocol. Description rpc.gssd in nfs-utils is vulnerable to DNS spoofing due to it depending on PTR resolution for GSSAPI authentication, allowing for data to be submitted to a malicious server without the knowledge ...