3816 matches found
rxvt-unicode: Arbitrary Code Execution
Background rxvt-unicode is a clone of the well known terminal emulator rxvt. Description A vulnerability has been discovered in rxvt-unicode. Please review the CVE identifiers referenced below for details. Impact in the Perl background extension, when an attacker can control the data written to t...
Ubiquiti UniFi: remote code execution via bundled log4j
Background Ubiquiti UniFi is a Management Controller for Ubiquiti Networks UniFi APs. Description A bundled version of log4j could facilitate remote code execution. Please review the CVE identifier referenced below for details. Impact An attacker with permission to modify the logging configuratio...
USBView: root privilege escalation via insecure polkit settings
Background USBView is a tool to display the topology of devices on the USB bus. Description A vulnerability has been discovered in usbview. Please review the CVE identifier referenced below for details. Impact USBView allows some local users e.g., ones logged in via SSH to execute arbitrary code ...
libinput: format string vulnerability when using xf86-input-libinput
Background A library to handle input devices in Wayland and, via xf86-input-libinput, in X.org. Description An attacker may be able to run malicious code by exploiting a format string vulnerability. Please review the CVE identifier referenced below for details. Impact When a device is detected by...
GNU Mailutils: unexpected processsing of escape sequences
Background GNU Mailutils is a collection of mail-related utilities, including an IMAP4 server imap4d and a Mail User Agent mail. Description A vulnerability has been discovered in GNU Mailutils. Please review the CVE identifier referenced below for details. Impact mail1 from mailutils would proce...
curl: Multiple Vulnerabilities
Background A command line tool and library for transferring data with URLs. Description Multiple vulnerabilities have been discovered in curl. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Note that the risk of...
libcue: Arbitrary Code Execution
Background libcue is a CUE Sheet Parser Library. Description libcue does not check bounds in a loop and suffers from an integer overflow flaw which can be exploited to take over the program. Impact Untrusted CUE sheet files can lead to arbitrary code execution. app-misc/tracker-minerscue uses...
less: Denial of service
Background less is a pager and text file viewer. Description less suffered from a flaw in its terminal escape sequence handling which made its filtering incomplete. Impact Malicious input could clear the terminal output or otherwise manipulate it with faked interactions. Workaround There is no...
Oracle VirtualBox: Multiple Vulnerabilities
Background VirtualBox is a powerful virtualization product from Oracle. Description Multiple vulnerabilities have been discovered in Oracle VirtualBox, the worst of which may lead to VirtualBox compromise by an attacker with network access. Please review the CVE identifiers referenced below for...
man-db: privilege escalation
Background man-db is a man replacement that utilizes BerkeleyDB instead of flat files. Description A root privilege escalation through setuid executable and cron job has been discovered in man-db. Please review the CVE identifier referenced below for details. Impact A local user with access to th...
Heimdal: Multiple Vulnerabilities
Background Heimdal is a free implementation of Kerberos 5. Description Multiple vulnerabilities have been discovered in Heimdal, the worst of which could lead to remote code execution on a Kerberos Domain Controller. Please review the CVE identifiers referenced below for details. Impact Please...
dav1d: Denial of Service
Background dav1d is an AV1 decoder. Description In some circumstances, dav1d might treat an invalid frame as valid, resulting in a crash. Impact Malformed frame data can result in a denial of service. Workaround Users should avoid parsing untrusted video with dav1d. Resolution All dav1d users...
c-ares: Multiple Vulnerabilities
Background c-ares is a C library for asynchronous DNS requests including name resolves. Description Multiple vulnerabilities have been discovered in c-ares. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround...
libvpx: Multiple Vulnerabilities
Background libvpx is the VP8 codec SDK used to encode and decode video streams, typically within a WebM format media file. Description Multiple vulnerabilities have been discovered in libvpx. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...
glibc: Multiple vulnerabilities
Background glibc is a package that contains the GNU C library. Description Multiple vulnerabilities have been discovered in glibc. Please review the CVE identifiers referenced below for details. Impact An attacker could elevate privileges from a local user to root. Workaround There is no known...
NVIDIA Drivers: Multiple Vulnerabilities
Background NVIDIA Drivers are NVIDIA's accelerated graphics driver. Description Multiple vulnerabilities have been discovered in NVIDIA Drivers. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...
ClamAV: Multiple Vulnerabilities
Background ClamAV is a GPL virus scanner. Description Multiple vulnerabilities have been discovered in ClamAV. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...
wpa_supplicant, hostapd: Multiple Vulnerabilities
Background wpasupplicant is a WPA Supplicant with support for WPA and WPA2 IEEE 802.11i / RSN. hostapd is a user space daemon for access point and authentication servers. Description Multiple vulnerabilities have been discovered in hostapd and wpasupplicant. Please review the CVE identifiers...
Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Microsoft Edge is a browser that combines a minimal design with...
GNU Binutils: Multiple Vulnerabilities
Background The GNU Binutils are a collection of tools to create, modify and analyse binary files. Many of the files use BFD, the Binary File Descriptor library, to do low-level manipulation. Description Multiple vulnerabilities have been discovered in GNU Binutils. Please review the CVE identifie...
GMP: Buffer Overflow Vulnerability
Background The GNU Multiple Precision Arithmetic Library is a library forarbitrary-precision arithmetic on different types of numbers. Description There is an integer overflow leading to a buffer overflow when processing untrusted input via GMP's mpzinpraw function. Impact Untrusted input can cau...
Pacemaker: Multiple Vulnerabilities
Background Pacemaker is an Open Source, High Availability resource manager suitable for both small and large clusters. Description Multiple vulnerabilities have been discovered in Pacemaker. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...
Fish: User-assisted execution of arbitrary code
Background Smart and user-friendly command line shell for macOS, Linux, and the rest of the family. It includes features like syntax highlighting, autosuggest-as-you-type, and fancy tab completions that just work, with no configuration required. Description A vulnerability have been discovered in...
libsndfile: Multiple Vulnerabilities
Background libsndfile is a C library for reading and writing files containing sampled sound. Description Multiple vulnerabilities have been discovered in libsndfile. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
libarchive: Multiple Vulnerabilities
Background libarchive is a library for manipulating different streaming archive formats, including certain tar variants, several cpio formats, and both BSD and GNU ar variants. Description Multiple vulnerabilities have been discovered in libarchive. Please review the CVE identifiers referenced...
sudo: Multiple Vulnerabilities
Background sudo allows a system administrator to give users the ability to run commands as other users. Description Multiple vulnerabilities have been discovered in sudo. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for detail...
WebP: Multiple vulnerabilities
Background WebP is an image format employing both lossy and lossless compression. Description Multiple vulnerabilities have been discovered in WebP. Please review the CVE identifiers referenced below for details. Impact Please review the CVE identifiers referenced below for details. Workaround...
Requests: Information Leak
Background Requests is an HTTP library for human beings. Description Requests is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin with authentication credentials encoded into the URL. Impact Users' proxy...
Binwalk: Multiple Vulnerabilities
Background Binwalk is a tool for identifying files embedded inside firmware images. Description Multiple vulnerabilities have been discovered in Binwalk. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround The...
RAR, UnRAR: Arbitrary File Overwrite
Background RAR and UnRAR provide command line interfaces for compressing and decompressing RAR files. Description Due to an error in the validation of symbolic links within archives, RAR and UnRAR can potentially write files to a directory which is outside of the intended unpack directory. Impact...
GPL Ghostscript: Multiple Vulnerabilities
Background Ghostscript is an interpreter for the PostScript language and for PDF. Description Multiple vulnerabilities have been discovered in GPL Ghostscript. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workarou...
Samba: Multiple Vulnerabilities
Background Samba is a suite of SMB and CIFS client/server programs. Description Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
Wireshark: Multiple Vulnerabilities
Background Wireshark is a versatile network protocol analyzer. Description Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
Apache HTTPD: Multiple Vulnerabilities
Background The Apache HTTP server is one of the most popular web servers on the Internet. Description Multiple vulnerabilities have been discovered in Apache HTTPD. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
OpenSSH: Remote Code Execution
Background OpenSSH is a free application suite consisting of server and clients that replace tools like telnet, rlogin, rcp and ftp with more secure versions offering additional functionality. Description Multiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers...
CGAL: Multiple Vulnerabilities
Background CGAL is a C++ library for geometric algorithms and data structures. Description Multiple vulnerabilities have been discovered in CGAL. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...
Mozilla Thunderbird: Multiple Vulnerabilities
Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...
OpenImageIO: Multiple Vulnerabilities
Background OpenImageIO is a library for reading and writing images. Description Multiple vulnerabilities have been discovered in OpenImageIO. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no kno...
Mozilla Firefox: Multiple Vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
squashfs-tools: Multiple Vulnerabilities
Background Squashfs is a compressed read-only filesystem for Linux. Squashfs is intended for general read-only filesystem use, for archival use i.e. in cases where a .tar.gz file may be used, and in constrained block device/memory systems e.g. embedded systems where low overhead is needed...
WebKitGTK+: Multiple Vulnerabilities
Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Description Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE...
Apache Tomcat: Multiple Vulnerabilities
Background Apache Tomcat is a Servlet-3.0/JSP-2.2 Container. Description Multiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
X.Org X server, XWayland: Multiple Vulnerabilities
Background The X Window System is a graphical windowing system based on a client/server model. Description Multiple vulnerabilities have been discovered in X.Org X server, XWayland. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers...
LibTIFF: Multiple Vulnerabilities
Background LibTIFF provides support for reading and manipulating TIFF Tagged Image File Format images. Description Multiple vulnerabilities have been discovered in LibTIFF. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...
MediaWiki: Multiple Vulnerabilities
Background MediaWiki is a collaborative editing software, used by big projects like Wikipedia. Description Multiple vulnerabilities have been discovered in MediaWiki. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
Tinyproxy: Memory Disclosure
Background Tinyproxy is a light-weight HTTP/HTTPS proxy daemon for POSIX operating systems. Description Tinyproxy's request processing does not sufficiently null-initialize variables used in error pages. Impact Contents of the Tinyproxy server's memory could be disclosed via generated error pages...
OWASP ModSecurity Core Rule Set: Multiple Vulnerabilities
Background Modsecurity Core Rule Set is the OWASP ModSecurity Core Rule Set. Description Multiple vulnerabilities have been discovered in OWASP ModSecurity Core Rule Set. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for detail...
LibreCAD: Multiple Vulnerabilities
Background LibreCAD is a generic 2D CAD program. Description Multiple vulnerabilities have been discovered in LibreCAD. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this...
snakeyaml: Multiple Vulnerabilities
Background snakeyaml is a YAML 1.1 parser and emitter for Java. Description Multiple vulnerabilities have been discovered in snakeyaml. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
ProFTPd: Memory Disclosure
Background ProFTPD is an advanced and very configurable FTP server. Description ProFTPd unconditionally sends passwords to Radius servers for authentication in multiples of 16 bytes. If a password is not of a length that is a multiple of 16 bytes, ProFTPd will read beyond the end of the password...