3816 matches found
Samba: Multiple Vulnerabilities
Background Samba is a suite of SMB and CIFS client/server programs. Description Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
intel-microcode: Multiple Vulnerabilities
Background Intel IA32/IA64 microcode update data. Description Multiple vulnerabilities have been discovered in NVIDIA Drivers. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround a...
Mozilla Firefox: Multiple Vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
Mozilla Thunderbird: Multiple Vulnerabilities
Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...
QtWebEngine: Multiple Vulnerabilities
Background QtWebEngine is a library for rendering dynamic web content in Qt5 and Qt6 C++ and QML applications. Description Multiple vulnerabilities have been discovered in QtWebEngine. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...
Apache Log4j: Multiple Vulnerabilities
Background Log4j is a Java logging framework that supports various use cases with a rich set of components, a separate API, and a performance-optimized implementation. Description Multiple vulnerabilities hav been discovered in Apache Log4j. Please review the CVE identifiers referenced below for...
TACACS+: Remote Code Execution
Background An updated version of Cisco's TACACS+ server. Description A vulnerabilitiy has been discovered in TACACS+. Please review the CVE identifier referenced below for details. Impact A lack of input validation exists in tacplus which, when pre or post auth commands are enabled, allows an...
e2fsprogs: Arbitrary Code Execution
Background e2fsprogs is a set of utilities for maintaining the ext2, ext3 and ext4 file systems. Description Multiple vulnerabilities have been discovered in e2fsprogs. Please review the CVE identifiers referenced below for details. Impact An out-of-bounds read/write vulnerability was found in...
Exim: Multiple Vulnerabilities
Background Exim is a message transfer agent MTA designed to be a a highly configurable, drop-in replacement for sendmail. Description Multiple vulnerabilities have been discovered in Exim. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...
Thunar: Arbitrary Code Execution
Background Thunar is a modern file manager for the Xfce Desktop Environment. Thunar has been designed from the ground up to be fast and easy to use. Its user interface is clean and intuitive and does not include any confusing or useless options by default. Thunar starts up quickly and navigating...
libcaca: Arbitary Code Execution
Background libcaca is a library that creates colored ASCII-art graphics. Description A vulnerability has been discovered in libcaca. Please review the CVE identifier referenced below for details. Impact A buffer overflow issue in cacaresize function in libcaca/caca/canvas.c may lead to local...
QtNetwork: Multiple Vulnerabilities
Background QtNetwork provides a set of APIs for programming applications that use TCP/IP. It is part of the Qt framework. Description Multiple vulnerabilities have been discovered in QtNetwork. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...
CUPS: Multiple Vulnerabilities
Background CUPS, the Common Unix Printing System, is a full-featured print server. Description Multiple vulnerabilities have been discovered in CUPS. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There i...
GNU Tar: Out of Bounds Read
Background The GNU Tar program provides the ability to create tar archives, as well as various other kinds of manipulation. Description A vulnerability have been discovered in GNU Tar. Please review the CVE identifier referenced below for details. Impact GNU Tar has a one-byte out-of-bounds read...
libxml2: Multiple Vulnerabilities
Background libxml2 is the XML C parser and toolkit developed for the GNOME project. Description Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround The...
NBD Tools: Multiple Vulnerabilities
Background The NBD Tools are the Network Block Device utilities allowing one to use remote block devices over a TCP/IP network. It includes a userland NBD server. Description Multiple vulnerabilities have been discovered in NBD Tools. Please review the CVE identifiers referenced below for details...
Xen: Multiple Vulnerabilities
Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...
Wireshark: Multiple Vulnerabilities
Background Wireshark is a versatile network protocol analyzer. Description Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
OpenSSL: Multiple Vulnerabilities
Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced...
GNAT Ada Suite: Remote Code Execution
Background The GNAT Ada Suite is an Ada development environment. Description A vulnerability has been discovered in GNAT Ada Suite. Please review the CVE identifier referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workarou...
SDDM: Privilege Escalation
Background SDDM is a modern display manager for X11 and Wayland sessions aiming to be fast, simple and beautiful. It uses modern technologies like QtQuick, which in turn gives the designer the ability to create smooth, animated user interfaces. Description A vulnerability has been discovered in...
FreeType: Multiple Vulnerabilities
Background FreeType is a high-quality and portable font engine. Description Multiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
QtGui: Multiple Vulnerabilities
Background QtGui is a module for the Qt toolkit. Description Multiple vulnerabilities have been discovered in QtGui. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this tim...
Microsoft Edge: Multiple Vulnerabilities
Background Microsoft Edge is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier. Description Multiple vulnerabilities have been discovered in Microsoft Edge. Please review the CVE identifiers referenced below for details. Impact Please...
glibc: Multiple Vulnerabilities
Background glibc is a package that contains the GNU C library. Description Multiple vulnerabilities have been discovered in glibc. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workarou...
X.Org X Server, XWayland: Multiple Vulnerabilities
Background The X Window System is a graphical windowing system based on a client/server model. Description Multiple vulnerabilities have been discovered in X.Org X Server and XWayland. Please review the CVE identifiers referenced below for details. Impact The X server can be crashed by a maliciou...
WebKitGTK+: Multiple Vulnerabilities
Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Description Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE...
libaom: Multiple Vulnerabilities
Background libaom is the Alliance for Open Media's AV1 Codec SDK. Description Multiple vulnerabilities have been discovered in libaom. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Microsoft Edge is a browser that combines a minimal design with...
containerd: Multiple Vulnerabilities
Background containerd is a daemon with an API and a command line client, to manage containers on one machine. It uses runC to run containers according to the OCI specification. Description Multiple vulnerabilities have been discovered in containerd. Please review the CVE identifiers referenced...
GOCR: Multiple Vulnerabilities
Background GOCR is an OCR Optical Character Recognition program, developed under the GNU Public License. It converts scanned images of text back to text files. Description Multiple vulnerabilities have been discovered in GOCR. Please review the CVE identifiers referenced below for details. Impact...
sudo: Memory Manipulation
Background sudo allows a system administrator to give users the ability to run commands as other users. Description Multiple vulnerabilities have been discovered in sudo. Please review the CVE identifiers referenced below for details. Impact Stack/register variables can be flipped via fault...
Ruby: Multiple vulnerabilities
Background Ruby is an interpreted scripting language for quick and easy object-oriented programming. It comes bundled with a HTTP server "WEBrick". Description Multiple vulnerabilities have been discovered in Ruby. Please review the CVE identifiers referenced below for details. Impact Please revi...
Apache XML-RPC: Multiple Vulnerabilities
Background Apache XML-RPC previously known as Helma XML-RPC is a Java implementation of XML-RPC, a popular protocol that uses XML over HTTP to implement remote procedure calls. Description Multiple vulnerabilities have been discovered in Apache XML-RPC. Please review the CVE identifiers reference...
OpenJDK: Multiple Vulnerabilities
Background OpenJDK is an open source implementation of the Java programming language. Description Multiple vulnerabilities have been discovered in OpenJDK. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround...
libuv: Buffer Overread
Background libuv is a multi-platform support library with a focus on asynchronous I/O. Description libuv fails to ensure that a pointer lies within the bounds of a defined buffer in the uvidnatoascii function before reading and manipulating the memory at that address. Impact The overread can resu...
Nettle: Denial of Service
Background Nettle is a cryptographic library that is designed to fit easily in almost any context: In cryptographic toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like lsh or GnuPG, or even in kernel space. Description Multiple vulnerabilities have been...
Opera: Multiple Vulnerabilities
Background Opera is a fast web browser that is available free of charge. Description Multiple vulnerabilities have been discovered in Opera. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no know...
KTextEditor: Arbitrary Local Code Execution
Background Framework providing a full text editor component for KDE. Description A vulnerability has been discovered in KTextEditor. Please review the CVE identifiers referenced below for details. Impact KTextEditor executes binaries without user interaction in a few cases, e.g. KTextEditor will...
zlib: Buffer Overflow
Background zlib is a widely used free and patent unencumbered data compression library. Description A vulnerability has been discovered in zlib. Please review the CVE identifier referenced below for details. Impact MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffe...
QPDF: Buffer Overflow
Background QPDF: A content-preserving PDF document transformer. Description A vulnerability has been discovered in QPDF. Please review the CVE identifier referenced below for details. Impact QPDF has a heap-based buffer overflow in PlASCII85Decoder::write called from PlAESPDF::flush and...
libspf2: Multiple vulnerabilities
Background libspf2 is a library that implements the Sender Policy Framework, allowing mail transfer agents to make sure that an email is authorized by the domain name that it is coming from. Description Multiple vulnerabilities have been discovered in libspf2. Please review the CVE identifiers...
libgit2: Privilege Escalation Vulnerability
Background libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API. Description A vulnerability has been discovered in libgit2. Please review the CVE identifier referenced below for details. Impact Usages of a malicious craft...
FreeRDP: Multiple Vulnerabilities
Background FreeRDP is a free implementation of the remote desktop protocol. Description Multiple vulnerabilities have been discovered in FreeRDP. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...
Prometheus SNMP Exporter: Basic Authentication Bypass
Background The Prometheus SNMP Exporter is the recommended way to expose SNMP data in a format which Prometheus can ingest. Description A vulnerability has been discovered in Prometheus SNMP Exporter. Please review the CVE identifier referenced below for details. Impact A user who knows the...
RedCloth: ReDoS Vulnerability
Background RedCloth is a module for using Textile in Ruby Description A vulnerability has been discovered in RedCloth. Please review the CVE identifier referenced below for details. Impact RedCloth is vulnerable to a regular expression denial of service "ReDoS" attack via the sanitizehtml functio...
FAAD2: Multiple Vulnerabilities
Background FAAD2 is an open source MPEG-4 and MPEG-2 AAC decoder. Description Multiple vulnerabilities have been discovered in FAAD2. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
util-linux: Multiple Vulnerabilities
Background util-linux is a suite of Linux programs including mount and umount, programs used to mount and unmount filesystems. Description Multiple vulnerabilities have been discovered in util-linux. Please review the CVE identifiers referenced below for details. Impact Please review the referenc...
Eclipse Mosquitto: Multiple Vulnerabilities
Background Eclipse Mosquitto is an open source MQTT v3 broker. Description Multiple vulnerabilities have been discovered in Eclipse Mosquitto. Please review the CVE identifier referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no kno...
Mozilla Firefox: Multiple Vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...