Apache Batik: Multiple Vulnerabilities

Background Apache Batik is a Java-based toolkit for applications or applets that want to use images in the Scalable Vector Graphics SVG format for various purposes, such as display, generation or manipulation. Description Multiple vulnerabilities have been discovered in Apache Batik. Please revie...

Synapse: Multiple Vulnerabilities

Background Synapse is a Matrix homeserver written in Python/Twisted. Description Multiple vulnerabilities have been discovered in Synapse. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

R: Directory Traversal

Background R is a language and environment for statistical computing and graphics. Description The native R package installation mechanisms do not sufficiently validate installed source packages for path traversal. Impact Installation of a malicious R package could result in an arbitrary file...

BlueZ: Privilege Escalation

Background BlueZ is the canonical bluetooth tools and system daemons package for Linux. Description Multiple vulnerabilities have been discovered in BlueZ. Please review the CVE identifiers referenced below for details. Impact An attacker may inject unauthenticated keystrokes via Bluetooth, leadi...

RDoc: Command Injection

Background RDoc produces HTML and command-line documentation for Ruby projects. Description A vulnerability has been discovered in RDoc. Please review the CVE identifier referenced below for details. Impact RDoc used to call Kernelopen to open a local file. If a Ruby project has a file whose name...

c-ares: Multiple Vulnerabilities

Background c-ares is a C library for asynchronous DNS requests including name resolves. Description Multiple vulnerabilities have been discovered in c-ares. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround...

CUPS filters: Remote Code Execution

Background CUPS filters provides backends, filters, and other software that was once part of the core CUPS distribution. Description A vulnerability has been discovered in cups-filters. Please review the CVE identifier referenced below for details. Impact If you use beh to create an accessible...

WebKitGTK+: Multiple Vulnerabilities

Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Description Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE...

Joblib: Arbitrary Code Execution

Background Joblib is a set of tools to provide lightweight pipelining in Python. In particular: 1. transparent disk-caching of functions and lazy re-evaluation memoize pattern 2. easy simple parallel computing Joblib is optimized to be fast and robust on large data in particular and has specific...

libssh: Multiple Vulnerabilities

Background libssh is a multiplatform C library implementing the SSHv2 protocol on client and server side. Description Multiple vulnerabilities have been discovered in libssh. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

OpenSSH: Multiple Vulnerabilities

Background OpenSSH is a free application suite consisting of server and clients that replace tools like telnet, rlogin, rcp and ftp with more secure versions offering additional functionality. Description Multiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers...

Git: Multiple Vulnerabilities

Background Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Description Multiple vulnerabilities have been discovered in Git. Please review the CVE identifiers referenced below for details...

FFmpeg: Multiple Vulnerabilities

Background FFmpeg is a complete solution to record, convert and stream audio and video. Description Multiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround...

Flatpak: Multiple Vulnerabilities

Background Flatpak is a Linux application sandboxing and distribution framework. Description Multiple vulnerabilities have been discovered in Flatpak. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There ...

Gitea: Multiple Vulnerabilities

Background Gitea is a painless self-hosted Git service. Description Multiple vulnerabilities have been discovered in Gitea. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at...

Ceph: Root Privilege Escalation

Background Ceph is a distributed network file system designed to provide excellent performance, reliability, and scalability. Description A vulnerability has been discovered in Ceph. Please review the CVE identifier referenced below for details. Impact The ceph-crash.service runs the ceph-crash...

SABnzbd: Remote Code Execution

Background Free and easy binary newsreader with web interface. Description A vulnerability has been discovered in SABnzbd. Please review the CVE identifier referenced below for details. Impact A design flaw was discovered in SABnzbd that could allow remote code execution. Manipulating the...

Arduino: Remote Code Execution

Background Arduino is an open-source AVR electronics prototyping platform. Description A vulnerability has been discovered in Arduino. Please review the CVE identifier referenced below for details. Impact Arduino bundles a vulnerable version of log4j that may lead to remote code execution...

libssh: Multiple Vulnerabilities

Background libssh is a multiplatform C library implementing the SSHv2 protocol on client and server side. Description Multiple vulnerabilities have been discovered in libssh. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

LibRaw: Heap Buffer Overflow

Background LibRaw is a library for reading RAW files obtained from digital photo cameras. Description A vulnerability has been discovered in LibRaw. Please review the CVE identifier referenced below for details. Impact A heap-buffer-overflow in raw2imageex caused by a maliciously crafted file may...

NASM: Multiple Vulnerabilities

Background NASM is a 80x86 assembler that has been created for portability and modularity. NASM supports Pentium, P6, SSE MMX, and 3DNow extensions. It also supports a wide range of objects formats ELF, a.out, COFF, etc, and has its own disassembler. Description Multiple vulnerabilities have been...

QtWebEngine: Multiple Vulnerabilities

Background QtWebEngine is a library for rendering dynamic web content in Qt5 and Qt6 C++ and QML applications. Description Multiple vulnerabilities have been discovered in QtWebEngine. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

Exiv2: Multiple Vulnerabilities

Background Exiv2 is a C++ library and set of tools for parsing, editing and saving Exif and IPTC metadata from images. Exif, the Exchangeable image file format, specifies the addition of metadata tags to JPEG, TIFF and RIFF files. Description Multiple vulnerabilities have been discovered in Exiv2...

Minecraft Server: Remote Code Execution

Background Minecraft Server is the official server for the sandbox video game. Description A vulnerability has been discovered in Minecraft Server. Please review the CVE identifier referenced below for details. Impact Vulnerable Minecraft Server versions include a bundled version of log4j which i...

Mozilla Thunderbird: Multiple Vulnerabilities

Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

Leptonica: Multiple Vulnerabilities

Background Leptonica is a C library for image processing and analysis. Description Multiple vulnerabilities have been discovered in Leptonica. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...

GLib: Multiple Vulnerabilities

Background GLib is a library providing a number of GNOME's core objects and functions. Description Multiple vulnerabilities have been discovered in GLib. Please review the referenced CVEs for details. Impact GVariant deserialization is vulnerable to an exponential blowup issue where a crafted...

phpMyAdmin: Multiple Vulnerabilities

Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the web. Description Multiple vulnerabilities have been discovered in phpMyAdmin. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers...

LibreOffice: Multiple Vulnerabilities

Background LibreOffice is a powerful office suite; its clean interface and powerful tools let you unleash your creativity and grow your productivity. Description Multiple vulnerabilities have been discovered in LibreOffice. Please review the CVE identifiers referenced below for details. Impact...

Open vSwitch: Multiple Vulnerabilities

Background Open vSwitch is a production quality multilayer virtual switch. Description Multiple vulnerabilities have been discovered in Open vSwitch. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There i...

GRUB: Multiple Vulnerabilities

Background GNU GRUB is a multiboot boot loader used by most Linux systems. Description Multiple vulnerabilities have been discovered in GRUB. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no kno...

AIDE: Root Privilege Escalation

Background AIDE Advanced Intrusion Detection Environment is a file and directory integrity checker. It creates a database from the regular expression rules that it finds from the config files. Once this database is initialized it can be used to verify the integrity of the files. It has several...

GNU Libmicrohttpd: Buffer Overflow Vulnerability

Background GNU libmicrohttpd is a small C library that makes it easy to run an HTTP server as part of another application. GNU Libmicrohttpd is free software and part of the GNU project. Description A buffer overflow vulnerability has been discovered in GNU Libmicrohttpd. Please review the CVE...

MiniDLNA: Multiple Vulnerabilities

Background MiniDLNA is a simple media server software, with the aim of being fully compliant with DLNA/UPnP-AV clients. Description Multiple vulnerabilities have been discovered in MiniDLNA. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

Apptainer: Privilege Escalation

Background Apptainer is the container system for secure high-performance computing. Description A vulnerability has been discovered in Apptainer. Please review the CVE identifier referenced below for details. Impact There is an ext4 use-after-free flaw that is exploitable in vulnerable versions...

RenderDoc: Multiple Vulnerabilities

Background RenderDoc is a free MIT licensed stand-alone graphics debugger that allows quick and easy single-frame capture and detailed introspection of any application using Vulkan, D3D11, OpenGL & OpenGL ES or D3D12 across Windows, Linux, Android, or Nintendo Switch™. Description Multiple...

multipath-tools: Multiple Vulnerabilities

Background multipath-tools are used to drive the Device Mapper multipathing driver. Description Multiple vulnerabilities have been discovered in multipath-tools. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

QtWebEngine: Multiple Vulnerabilities

Background QtWebEngine is a library for rendering dynamic web content in Qt5 and Qt6 C++ and QML applications. Description Multiple vulnerabilities have been discovered in QtWebEngine. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

Go: Multiple Vulnerabilities

Background Go is an open source programming language that makes it easy to build simple, reliable, and efficient software. Description Multiple vulnerabilities have been discovered in Go. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

LinuxCIFS utils: Multiple Vulnerabilities

Background The LinuxCIFS utils are a collection of tools for managing Linux CIFS Client Filesystems. Description Multiple vulnerabilities have been discovered in LinuxCIFS utils. Please review the CVE identifiers referenced below for details. Impact A stack-based buffer overflow when parsing the...

Zeppelin: Multiple Vulnerabilities

Background Apache Zeppelin is a web-based notebook that enables data-driven, interactive data analytics and collaborative documents with SQL, Scala, Python, R and more. Description Multiple vulnerabilities have been discovered in Zeppelin. Please review the CVE identifiers referenced below for...

SQLite: Multiple Vulnerabilities

Background SQLite is a C library that implements an SQL database engine. Description Multiple vulnerabilities have been discovered in SQLite. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no kno...

Netatalk: Multiple Vulnerabilities including root remote code execution

Background Netatalk is a kernel level implementation of the AppleTalk Protocol Suite, which allows Unix hosts to act as file, print, and time servers for Apple computers. It includes several script utilities, including etc2ps.sh. Description Multiple vulnerabilities have been discovered in...

GitPython: Code Execution via Crafted Input

Background GitPython is a Python library used to interact with Git repositories. Description Please review the CVE identifier referenced below for details. Impact An attacker may be able to trigger Remote Code Execution RCE due to improper user input validation, which makes it possible to inject ...

Salt: Multiple Vulnerabilities

Background Salt is a fast, intelligent and scalable automation engine. Description Multiple vulnerabilities have been discovered in Salt. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

libxslt: Multiple Vulnerabilities

Background libxslt is the XSLT C library developed for the GNOME project. XSLT itself is an XML language to define transformations for XML. Description Multiple vulnerabilities have been discovered in libxslt. Please review the CVE identifiers referenced below for details. Impact Please review th...

ConnMan: Multiple Vulnerabilities

Background ConnMan provides a daemon for managing Internet connections. Description Multiple vulnerabilities have been discovered in ConnMan. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no kno...

Dovecot: Privilege Escalation

Background Dovecot is an open source IMAP and POP3 email server. Description A vulnerability has been discovered in Dovecot. Please review the CVE identifier referenced below for details. Impact When two passdb configuration entries exist in Dovecot configuration, which have the same driver and...

Rack: Multiple Vulnerabilities

Background Rack is a modular Ruby web server interface. Description Multiple vulnerabilities have been discovered in Rack. Please review the CVE identifiers referenced below for details. Impact A possible denial of service vulnerability was found in the multipart parsing component of Rack. A...

UnZip: Multiple Vulnerabilities

Background Info-ZIP’s UnZip is a tool to list and extract files inside PKZIP compressed files. Description Multiple vulnerabilities have been discovered in UnZip. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...