3816 matches found
GPAC: Multiple Vulnerabilities
Background GPAC is an implementation of the MPEG-4 Systems standard developed from scratch in ANSI C. Description Multiple vulnerabilities have been discovered in GPAC. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
libde265: Multiple Vulnerabilities
Background Open h.265 video codec implementation. Description Multiple vulnerabilities have been discovered in libde265. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this...
Percona XtraBackup: Multiple Vulnerabilities
Background Percona XtraBackup is a complete and open source online backup solution for all versions of MySQL. Description Multiple vulnerabilities have been discovered in Percona XtraBackup. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...
Nautilus: Denial of Service
Background Default file manager for the GNOME desktop Description Please review the CVE identifier referenced below for details. Impact GNOME Nautilus allows a NULL pointer dereference and getbasename application crash via a pasted ZIP archive. Workaround There is no known workaround at this time...
Librsvg: Arbitrary File Read
Background Librsvg is a library to render SVG files using cairo as a rendering engine. Description A directory traversal problem in the URL decoder of librsvg could be used by local or remote attackers to disclose files on the local filesystem outside of the expected area, as demonstrated by...
ncurses: Multiple Vulnerabilities
Background Free software emulation of curses in System V. Description Multiple vulnerabilities have been discovered in ncurses. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround ...
re2c: Denial of Service
Background re2c is a tool for generating C-based recognizers from regular expressions. Description Please review the CVE identifier referenced below for details. Impact Please review the CVE identifier referenced below for details. Workaround There is no known workaround at this time. Resolution...
QEMU: Multiple Vulnerabilities
Background QEMU is a generic and open source machine emulator and virtualizer. Description Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...
PostgreSQL: Multiple Vulnerabilities
Background PostgreSQL is an open source object-relational database management system. Description Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaroun...
libXpm: Multiple Vulnerabilities
Background The X PixMap image format is an extension of the monochrome X BitMap format specified in the X protocol, and is commonly used in traditional X applications. Description Multiple vulnerabilities have been discovered in libXpm. Please review the CVE identifiers referenced below for...
Redis: Multiple Vulnerabilities
Background Redis is an open source BSD licensed, in-memory data structure store, used as a database, cache and message broker. Description Multiple vulnerabilities have been discovered in Redis. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CV...
Cairo: Multiple Vulnerabilities
Background Cairo is a 2D vector graphics library with cross-device output support. Description Multiple vulnerabilities have been discovered in Cairo. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There ...
json-c: Buffer Overflow
Background json-c is a JSON implementation in C. Description Please review the CVE identifier referenced below for details. Impact A stack-buffer-overflow exists in the auxiliary sample program jsonparse which is located in the function parseit. Workaround There is no known workaround at this tim...
aiohttp: Multiple Vulnerabilities
Background aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Description Multiple vulnerabilities have been discovered in aiohttp. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
Go: Multiple Vulnerabilities
Background Go is an open source programming language that makes it easy to build simple, reliable, and efficient software. Description Multiple vulnerabilities have been discovered in Go. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...
Bitcoin: Denial of Service
Background Bitcoin Core consists of both "full-node" software for fully validating the blockchain as well as a bitcoin wallet. Description Please review the CVE identifier referenced below for details. Impact Bitcoin Core, when debug mode is not used, allows attackers to cause a denial of service...
Levenshtein: Remote Code Execution
Background Levenshtein is a Python extension for computing string edit distances and similarities. Description Fixed handling of numerous possible wraparounds in calculating the size of memory allocations; incorrect handling of which could cause denial of service or even possible remote code...
Nokogiri: Denial of Service
Background Nokogiri is an HTML, XML, SAX, and Reader parser. Description A denial of service vulnerability has been discovered in Nokogiri. Please review the CVE identifier referenced below for details. Impact Nokogiri fails to check the return value from xmlTextReaderExpand in the method...
nghttp2: Multiple Vulnerabilities
Background Nghttp2 is an implementation of HTTP/2 and its header compression algorithm HPACK in C. Description Multiple vulnerabilities have been discovered in nghttp2. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
Mozilla Firefox: Multiple Vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
containerd: Multiple Vulnerabilities
Background containerd is a daemon with an API and a command line client, to manage containers on one machine. It uses runC to run containers according to the OCI specification. Description Multiple vulnerabilities have been discovered in containerd. Please review the CVE identifiers referenced...
Freenet: Deanonymization Vulnerability
Background Freenet is an encrypted network without censorship. Description This release fixes a severe vulnerability in path folding that allowed to distinguish between downloaders and forwarders with an adapted node that is directly connected via opennet. Impact This release fixes a severe...
ExifTool: Multiple vulnerabilities
Background ExifTool is a platform-independent Perl library plus a command-line application for reading, writing and editing meta information in a wide variety of files. Description Multiple vulnerabilities have been discovered in ExifTool. Please review the CVE identifiers referenced below for...
Dmidecode: Privilege Escalation
Background Dmidecode reports information about your system's hardware as described in your system BIOS according to the SMBIOS/DMI standard see a sample output. This information typically includes system manufacturer, model name, serial number, BIOS version, asset tag as well as a lot of other...
HarfBuzz: Denial of Service
Background HarfBuzz is an OpenType text shaping engine. Description Multiple vulnerabilities have been discovered in HarfBuzz. Please review the CVE identifiers referenced below for details. Impact hb-ot-layout-gsubgpos.hh in HarfBuzz allows attackers to trigger On^2 growth via consecutive marks...
Buildah: Multiple Vulnerabilities
Background Buildah is a tool that facilitates building Open Container Initiative OCI container images Description Please review the referenced CVE identifiers for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...
LIVE555 Media Server: Multiple Vulnerabilities
Background LIVE555 Media Server is a set of libraries for multimedia streaming. Description Multiple vulnerabilities have been discovered in LIVE555 Media Server. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
Mozilla Thunderbird: Multiple Vulnerabilities
Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...
KDE Plasma Workspaces: Privilege Escalation
Background KDE Plasma workspace is a widget based desktop environment designed to be fast and efficient. Description Multiple vulnerabilities have been discovered in KDE Plasma Workspaces. Please review the CVE identifiers referenced below for details. Impact KSmserver, KDE's XSMP manager,...
Mozilla Firefox: Multiple Vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
X.Org X11 library: Multiple Vulnerabilities
Background X.Org is an implementation of the X Window System. The X.Org X11 library provides the X11 protocol library files. Description Multiple vulnerabilities have been discovered in X.Org X11 library. Please review the CVE identifiers referenced below for details. Impact Please review the...
BusyBox: Multiple Vulnerabilities
Background BusyBox is set of tools for embedded systems and is a replacement for GNU Coreutils. Description Multiple vulnerabilities have been discovered in BusyBox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
TigerVNC: Multiple Vulnerabilities
Background TigerVNC is a high-performance VNC server/client. Description Multiple vulnerabilities have been discovered in TigerVNC. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
GraphicsMagick: Multiple Vulnerabilities
Background GraphicsMagick is a collection of tools and libraries which support reading, writing, and manipulating images in many major formats. Description Multiple vulnerabilities have been discovered in GraphicsMagick. Please review the CVE identifiers referenced below for details. Impact Pleas...
GNU Coreutils: Buffer Overflow Vulnerability
Background The GNU Core Utilities are the basic file, shell and text manipulation utilities of the GNU operating system. Description A vulnerability has been discovered in the Coreutils "split" program that can lead to a heap buffer overflow and possibly arbitrary code execution. Impact Please...
podman: Multiple Vulnerabilities
Background Podman is a tool for managing OCI containers and pods with a Docker-compatible CLI. Description Please review the referenced CVE identifiers for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time. Resolution Al...
WebKitGTK+: Multiple Vulnerabilities
Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Description Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE...
PuTTY: Multiple Vulnerabilities
Background PuTTY is a free implementation of Telnet and SSH for Windows and Unix platforms, along with an xterm terminal emulator. Description Multiple vulnerabilities have been discovered in PuTTY. Please review the CVE identifiers referenced below for details. Impact Please review the reference...
Stellarium: Arbitrary File Write
Background Stellarium is a free open source planetarium for your computer. It shows a realistic sky in 3D, just like what you see with the naked eye, binoculars or a telescope. Description A vulnerability has been discovered in Stellarium. Please review the CVE identifier referenced below for...
Sofia-SIP: Multiple Vulnerabilities
Background Sofia-SIP is an RFC3261 compliant SIP User-Agent library. Description Multiple vulnerabilities have been discovered in Sofia-SIP. Please review the CVE identifiers referenced below for details. Impact Multiple vulnerabilities have been discovered in Sofia-SIP. Please review the CVE...
Zsh: Prompt Expansion Vulnerability
Background A shell designed for interactive use, although it is also a powerful scripting language. Description Multiple vulnerabilities have been discovered in Zsh. Please review the CVE identifiers referenced below for details. Impact A vulnerability in prompt expansion could be exploited throu...
SSSD: Command Injection
Background SSSD provides a set of daemons to manage access to remote directories and authentication mechanisms such as LDAP, Kerberos or FreeIPA. It provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources. Description A...
SDL_ttf: Arbitrary Memory Write
Background SDLttf is a wrapper around the FreeType and Harfbuzz libraries, allowing you to use TrueType fonts to render text in SDL applications. Description A vulnerability has been discovered in SDLttf. Please review the CVE identifier referenced below for details. Impact SDLttf was discovered ...
Liferea: Remote Code Execution
Background Liferea is a feed reader/news aggregator that brings together all of the content from your favorite subscriptions into a simple interface that makes it easy to organize and browse feeds. Its GUI is similar to a desktop mail/news client, with an embedded web browser. Description A...
cpio: Arbitrary Code Execution
Background cpio is a file archival tool which can also read and write tar files. Description Multiple vulnerabilities have been discovered in cpio. Please review the CVE identifiers referenced below for details. Impact GNU cpio allows attackers to execute arbitrary code via a crafted pattern file...
GNU Emacs, Org Mode: Multiple Vulnerabilities
Background GNU Emacs is a highly extensible and customizable text editor. Description Multiple vulnerabilities have been discovered in GNU Emacs. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...
cryptography: Multiple Vulnerabilities
Background cryptography is a package which provides cryptographic recipes and primitives to Python developers. Description Multiple vulnerabilities have been discovered in cryptography. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...
OpenSSH: Remote Code Execution
Background OpenSSH is a free application suite consisting of server and clients that replace tools like telnet, rlogin, rcp and ftp with more secure versions offering additional functionality. Description A vulnerability has been discovered in OpenSSH. Please review the CVE identifier referenced...
Pixman: Heap Buffer Overflow
Background Pixman is a pixel manipulation library. Description A vulnerability has been discovered in Pixman. Please review the CVE identifiers referenced below for details. Impact An out-of-bounds write aka heap-based buffer overflow in rasterizeedges8 can occur due to an integer overflow in...
GStreamer, GStreamer Plugins: Multiple Vulnerabilities
Background GStreamer is an open source multimedia framework. Description Multiple vulnerabilities have been discovered in GStreamer, GStreamer Plugins. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There...