3816 matches found
Dovecot: Denial of service
Background Dovecot is an open source IMAP and POP3 email server. Description Dovecot does not properly close connections, allowing a resource exhaustion for incomplete SSL/TLS handshakes. Impact A remote attacker could possibly cause a Denial of Service condition. Workaround There is no known...
Squid: Multiple vulnerabilities
Background Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Description An assertion failure in processing of SSL-Bump has been found in Squid. Heap based overflow is discovered when processing SNMP requests. Impact A remote attacker could send a specially crafted...
Asterisk: Multiple Vulnerabilities
Background Asterisk is an open source telephony engine and toolkit. Description Multiple unspecified vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers referenced below for details. Impact A remote attacker could exploit the vulnerabilities to cause a man in the...
Openswan: Denial of service
Background Openswan is an implementation of IPsec for Linux. Description A NULL pointer dereference has been found in Openswan. Impact A remote attacker could create a Denial of Service condition. Workaround There is no known workaround at this time. Resolution Gentoo has discontinued support for...
Ansible: Privilege escalation
Background Ansible is a radically simple IT automation platform. Description Multiple vulnerabilities have been discovered in Ansible. Please review the CVE identifiers referenced below for details. Impact A local attacker could possibly execute arbitrary code with the privileges of the process,...
Aircrack-ng: User-assisted execution of arbitrary code
Background Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. Description Multiple vulnerabilities have been discovered in Aircrack-ng. Please review the CVE identifiers referenced below for details. Impact A local...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
GNU Wget: Arbitrary code execution
Background GNU Wget is a free software package for retrieving files using HTTP, HTTPS and FTP, the most widely-used Internet protocols. Description An absolute path traversal vulnerability has been found in GNU Wget. Impact A remote FTP server is able to write to arbitrary files, and consequently...
PHP: Multiple vulnerabilities
Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact A...
VLC: Multiple vulnerabilities
Background VLC is a cross-platform media player and streaming server. Description Multiple vulnerabilities have been discovered in VLC. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted media file using VLC,...
TigerVNC: User-assisted execution of arbitrary code
Background TigerVNC is a high-performance VNC server/client. Description Two boundary errors in TigerVNC could lead to a heap-based buffer overflow. Impact A remote attacker could entice a user to connect to a malicious VNC server using TigerVNC, possibly resulting in execution of arbitrary code...
MySQL, MariaDB: Multiple vulnerabilities
Background MySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an enhanced, drop-in replacement for MySQL. Description Multiple unspecified vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details. Impact A remote attacker coul...
Perl, Perl Locale-Maketext module: Multiple vulnerabilities
Background Locale-Maketext - Perl framework for localization Description Two vulnerabilities have been reported in the Locale-Maketext module for Perl, which can be exploited by malicious users to compromise an application using the module. The vulnerabilities are caused due to the “compile”...
Bash: Multiple vulnerabilities
Background Bash is the standard GNU Bourne Again SHell. Description Florian Weimer, Todd Sabin, Michal Zalewski et al. discovered further parsing flaws in Bash. The unaffected Gentoo packages listed in this GLSA contain the official patches to fix the issues tracked as CVE-2014-6277, CVE-2014-718...
Bash: Code Injection (Updated fix for GLSA 201409-09)
Background Bash is the standard GNU Bourne Again SHell. Description Stephane Chazelas reported that Bash incorrectly handles function definitions, allowing attackers to inject arbitrary code CVE-2014-6271. Gentoo Linux informed about this issue in GLSA 201409-09. Tavis Ormandy reported that the...
Bash: Code Injection
Background Bash is the standard GNU Bourne Again SHell. Description Stephane Chazelas reported that Bash incorrectly handles function definitions, allowing attackers to inject arbitrary code. Impact A remote attacker could exploit this vulnerability to execute arbitrary commands even in restricte...
libxml2: Denial of service
Background libxml2 is the XML C parser and toolkit developed for the Gnome project. Description A vulnerability in the xmlParserHandlePEReference function of parser.c, when expanding entity references, can be exploited to consume large amounts of memory and cause a crash or hang. Impact A remote...
c-icap: Denial of service
Background c-icap is an implementation of an ICAP server. It can be used with HTTP proxies that support the ICAP protocol to implement content adaptation and filtering services. Description c-icap contains a flaw in the parserequest function of request.c that may allow a remote denial of service...
Chromium: Multiple vulnerabilities
Background Chromium is an open-source web browser project. Description Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to cause a Denial of Service condition or possibly have other...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
MySQL: Multiple vulnerabilities
Background MySQL is a popular multi-threaded, multi-user SQL server. Description Multiple vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details. Impact A local attacker could possibly gain escalated privileges. A remote attacker could send a...
dhcpcd: Denial of service
Background dhcpcd is a fully featured, yet light weight RFC2131 compliant DHCP client. Description A vulnerability has been discovered in dhcpcd. A malicious dhcp server can set flags as part of the dhcp reply that can cause a Denial of Service condition. Impact A remote attacker can cause a Deni...
Net-SNMP: Denial of service
Background Net-SNMP bundles software for generating and retrieving SNMP data. Description Multiple vulnerabilities have been discovered in Net-SNMP. Please review the CVE identifiers referenced below for details. Impact A remote attacker could create a Denial of Service condition. Workaround Ther...
Wireshark: Multiple vulnerabilities
Background Wireshark is a network protocol analyzer formerly known as ethereal. Description Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact A remote attacker can cause a Denial of Service condition via specially...
OpenOffice, LibreOffice: Multiple vulnerabilities
Background OpenOffice is the open source version of StarOffice, a full office productivity suite. LibreOffice is a fork of OpenOffice. Description Multiple vulnerabilities have been discovered in OpenOffice and Libreoffice. Please review the CVE identifiers referenced below for details. Impact A...
Chromium: Multiple vulnerabilities
Background Chromium is an open-source web browser project. Description Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details. Impact A remote attacker could conduct a number of attacks which include: cross site scripting attacks,...
QEMU: Multiple vulnerabilities
Background QEMU is a generic and open source machine emulator and virtualizer. Description Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Impact A local attacker could possibly execute arbitrary code with the privileges of th...
NRPE: Multiple Vulnerabilities
Background Nagios Remote Plugin Executor NRPE remotely executes Nagios plugins on other Linux/Unix machines. Description Multiple vulnerabilities have been discovered in NRPE. Please review the CVE identifiers referenced below for details. Impact A remote attacker can utilize multiple vectors to...
GNU Libtasn1: Multiple vulnerabilities
Background The ASN.1 library used in GNUTLS. Description Multiple vulnerabilities have been discovered in GNU Libtasn1. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker could possibly cause a Denial of Service condition. Workaround There is no...
Jinja2: Multiple vulnerabilities
Background Jinja2 is a template engine written in pure Python. Description Multiple vulnerabilities have been discovered in Jinja2. Please review the CVE identifiers referenced below for details. Impact A local attacker could gain escalated privileges via a specially crafted cache file or...
stunnel: Information disclosure
Background The stunnel program is designed to work as an SSL encryption wrapper between a client and a local or remote server. Description stunnel does not properly update the state of the pseudo-random generator after fork-threading which causes subsequent children with the same process ID to us...
Apache HTTP Server: Multiple vulnerabilities
Background Apache HTTP Server is one of the most popular web servers on the Internet. Description Multiple vulnerabilities have been found in Apache HTTP Server. Please review the CVE identifiers referenced below for details. Impact A remote attacker could send a specially crafted request to...
Libgcrypt: Side-channel attack
Background Libgcrypt is a general purpose cryptographic library derived out of GnuPG. Description A vulnerability in the implementation of ElGamal decryption procedures of Libgcrypt leaks information to various side-channels. Impact A physical side-channel attack allows a remote attacker to fully...
PostgreSQL: Multiple vulnerabilities
Background PostgreSQL is an open source object-relational database management system. Description Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact A remote authenticated attacker may be able to create a Denial of...
PHP: Multiple vulnerabilities
Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact A...
file: Denial of service
Background file is a utility that guesses a file format by scanning binary data for patterns. Description BEGIN regular expression in the awk script detector in magic/Magdir/commands uses multiple wildcards with unlimited repetitions. Impact A context-dependent attacker could entice a user to ope...
ModPlug XMMS Plugin: Multiple vulnerabilities
Background ModPlug XMMS Plugin is a library for playing MOD-like music files Description Multiple vulnerabilities have been discovered in ModPlug XMMS Plugin. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
libpng: Multiple vulnerabilities
Background libpng is a standard library used to process PNG Portable Network Graphics images. It is used by several programs, including web browsers and potentially server processes. Description The pngpushreadchunk function in pngpread.c in the progressive decoder enters an infinite loop, when i...
Catfish: Multiple Vulnerabilities
Background Catfish is a versatile file searching tool. Description Multiple vulnerabilities have been discovered in Catfish. Please review the CVE identifiers referenced below for details. Impact A local attacker could gain escalated privileges via a specially crafted shared library. Workaround...
LibSSH: Information disclosure
Background LibSSH is a C library providing SSHv2 and SSHv1. Description A new connection inherits the state of the PRNG without re-seeding with random data. Impact Servers using ECC ECDSA or DSA certificates in non-deterministic mode may under certain conditions leak their private key. Workaround...
FreeType: Arbitrary code execution
Background FreeType is a high-quality and portable font engine. Description A stack-based buffer overflow exists in Freetype’s cf2hintmapbuild function in cff/cf2hints.c. Impact A remote attacker may be able to execute arbitrary code or cause a Denial of Service condition via specially crafted fo...
Zend Framework: SQL injection
Background Zend Framework is a high quality and open source framework for developing Web Applications. Description Developers using non-ASCII-compatible encodings in conjunction with the MySQL PDO driver of PHP may be vulnerable to SQL injection attacks. Impact A remote attacker could use special...
OpenSSL: Multiple vulnerabilities
Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been discovered in OpenSSL. Please review the OpenSSL Security Advisory 05...
GnuPG: Denial of service
Background The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software. Description GnuPG does not properly handle a specially crated compressed packet resulting in an infinite loop. Impact A context-dependent attacker can cause a Denial of Service. Workaround...
Xen: Multiple Vunlerabilities
Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact A remote attacker can utilize multiple vectors to execute arbitrary code, cause Denial of Service, or gain access to...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
OpenTTD: Denial of service
Background OpenTTD is a clone of Transport Tycoon Deluxe. Description The vulnerability is caused due to missing out-of-bound check within the “HandleCrashedAircraft” function. Impact A remote attacker could possibly cause a Denial of Service condition. Workaround There is no known workaround at...
OpenLDAP: Multiple vulnerabilities
Background OpenLDAP is an LDAP suite of application and development tools. Description Multiple vulnerabilities have been discovered in OpenLDAP. Please review the CVE identifiers referenced below for details. Impact A remote attacker might employ a specially crafted certificate to conduct...
Openfire: Multiple vulnerabilities
Background Openfire is a real time collaboration RTC server. Description Multiple vulnerabilities have been discovered in Openfire. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly cause a Denial of Service condition or bypass security...