uptimed: Root Privilege Escalation

Background uptimed is a system uptime record daemon that keeps track of your highest uptimes. Description Via unnecessary file ownership modifications in the pkgpostinst ebuild phase, the uptimed user could change arbitrary files to be owned by the uptimed user at emerge-time. Impact The uptimed...

Cairo: Buffer Overflow Vulnerability

Background Cairo is a 2D vector graphics library with cross-device output support. Description An attacker with the ability to provide input to Cairo's image-compositor can cause a buffer overwrite. Impact Malicious input to Cairo's image-compositor can result in denial of service of the...

libapreq2: Buffer Overflow

Background libapreq is a shared library with associated modules for manipulating client request data via the Apache API. Description A buffer overflow could occur when processing multipart form uploads. Impact An attacker could submit a crafted multipart form to trigger the buffer overflow and...

dbus-broker: Multiple Vulnerabilities

Background dbus-broker is a Linux D-Bus message broker. Description Multiple vulnerabilities have been discovered in dbus-broker. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaroun...

Firejail: Local Privilege Escalation

Background A SUID program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf. Description Firejail does not sufficiently validate the user's environment prior to using it as the root user when using th...

Lua: Multiple Vulnerabilities

Background Lua is a powerful, efficient, lightweight, embeddable scripting language. It supports procedural programming, object-oriented programming, functional programming, data-driven programming, and data description. Description Multiple vulnerabilities have been discovered in Lua. Please...

systemd: Multiple Vulnerabilities

Background A system and service manager. Description Multiple vulnerabilities have been discovered in systemd. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...

Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities

Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Microsoft Edge is a browser that combines a minimal design with...

AtomicParsley: Multiple Vulnerabilities

Background AtomicParsley is a command line program for manipulating iTunes-style metadata in MPEG4 files. Description Multiple vulnerabilities have been discovered in AtomicParsley. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers...

syslog-ng: Denial of Service

Background syslog replacement with advanced filtering features. Description An integer overflow in the RFC3164 parser allows remote attackers to cause a denial of service via crafted syslog input that is mishandled by the tcp or network function. Impact Attackers with access to input syslogs over...

libsdl: Multiple Vulnerabilities

Background Simple DirectMedia Layer is a cross-platform development library designed to provide low level access to audio, keyboard, mouse, joystick, and graphics hardware via OpenGL and Direct3D. Description Multiple vulnerabilities have been discovered in SDL. Please review the CVE identifiers...

ISC DHCP: Multiple Vulnerabilities

Background ISC DHCP is ISC's reference implementation of all aspects of the Dynamic Host Configuration Protocol. Description Multiple vulnerabilities have been discovered in ISC DHCP. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifie...

libsdl2: Multiple Vulnerabilities

Background Simple DirectMedia Layer is a cross-platform development library designed to provide low level access to audio, keyboard, mouse, joystick, and graphics hardware via OpenGL and Direct3D. Description Multiple vulnerabilities have been discovered in libsdl2. Please review the CVE...

xfce4-settings: Browser Argument Injection

Background xfce4-settings contains the configuration system for the Xfce desktop environment. Description xfce4-settings does not sufficiently sanitize URLs opened via xdg4-mime-helper-tool which is called when a user clicks a link in e.g. Firefox. Impact The vulnerability can be leveraged into...

D-Bus: Multiple Vulnerabilities

Background D-Bus is a daemon providing a framework for applications to communicate with one another. Description Multiple vulnerabilities have been discovered in D-Bus. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

slixmpp: Insufficient Certificate Validation

Background slixmpp is a Python 3 library for XMPP. Description slixmpp does not validate hostnames in certificates used by connected servers. Impact An attacker could perform a man-in-the-middle attack on users' connections to servers with slixmpp. Workaround There is no known workaround at this...

Tor: Multiple Vulnerabilities

Background Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service. Description Multiple vulnerabilities have been discovered in Tor. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CV...

sudo: Root Privilege Escalation

Background sudo allows a system administrator to give users the ability to run commands as other users. Description The sudoedit aka -e feature mishandles extra arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrar...

Mozilla Firefox: Multiple Vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

Mozilla Thunderbird: Multiple Vulnerabilities

Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

Vim, gVim: Multiple Vulnerabilities

Background Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim. Description Multiple vulnerabilities have been discovered in Vim, gVim. Please review the CVE identifiers referenced below for details. Impact Please review the...

Python, PyPy3: Multiple Vulnerabilities

Background Python is an interpreted, interactive, object-oriented, cross-platform programming language. Description Multiple vulnerabilities have been discovered in Python and PyPy3. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifier...

scikit-learn: Denial of Service

Background scikit-learn is a machine learning library for Python. Description When supplied with a crafted model SVM, predict can result in a null pointer dereference. Impact An attcker capable of providing a crafted model to scikit-learn can result in denial of service. Workaround There is no...

Twisted: Multiple Vulnerabilities

Background Twisted is an asynchronous networking framework written in Python. Description Multiple vulnerabilities have been discovered in Twisted. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is ...

Alpine: Multiple Vulnerabilities

Background Alpine is an easy to use text-based based mail and news client. Description Multiple vulnerabilities have been discovered in Alpine. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...

NTFS-3G: Multiple Vulnerabilities

Background NTFS-3G is a stable, full-featured, read-write NTFS driver for various operating systems. Description Multiple vulnerabilities have been discovered in NTFS-3G. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for detail...

liblouis: Multiple Vulnerabilities

Background liblouis is an open-source braille translator and back-translator. Description Multiple vulnerabilities have been discovered in liblouis. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is...

protobuf-java: Denial of Service

Background protobuf-java contains the Java bindings for Google's Protocol Buffers. Description Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back and forth between mutable and immutable forms, resulting in...

jupyter_core: Arbitrary Code Execution

Background jupytercore contains core Jupyter functionality. Description jupytercore trusts files for execution in the current working directory without validating ownership of those files. Impact By writing to a directory that is used a the current working directory for jupytercore by another use...

Apache Commons Text: Arbitrary Code Execution

Background Apache Commons Text is a library focused on algorithms working on strings. Description Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to...

Mbed TLS: Multiple Vulnerabilities

Background Mbed TLS previously PolarSSL is an “easy to understand, use, integrate and expand” implementation of the TLS and SSL protocols and the respective cryptographic algorithms and support code required. Description Multiple vulnerabilities have been discovered in Mbed TLS. Please review the...

OpenSSH: Multiple Vulnerabilities

Background OpenSSH is a free application suite consisting of server and clients that replace tools like telnet, rlogin, rcp and ftp with more secure versions offering additional functionality. Description Multiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers...

libksba: Remote Code Execution

Background Libksba is a X.509 and CMS PKCS7 library. Description An integer overflow in parsing ASN.1 objects could lead to a buffer overflow. Impact Crafted ASN.1 objects could trigger an integer overflow and buffer overflow to result in remote code execution. Workaround There is no known...

curl: Multiple Vulnerabilities

Background A command line tool and library for transferring data with URLs. Description Multiple vulnerabilities have been discovered in curl. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...

LibreOffice: Arbitrary Code Execution

Background LibreOffice is a powerful office suite; its clean interface and powerful tools let you unleash your creativity and grow your productivity. Description LibreOffice links using the vnd.libreoffice.command scheme could be constructed to call internal macros with arbitrary arguments. Which...

Oracle VirtualBox: Multiple Vulnerabilities

Background VirtualBox is a powerful virtualization product from Oracle. Description Multiple vulnerabilities have been discovered in Oracle VirtualBox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There...

Mozilla Network Security Service (NSS): Multiple Vulnerabilities

Background The Mozilla Network Security Service is a library implementing security features like SSL v.2/v.3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME and X.509 certificates. Description Multiple vulnerabilities have been discovered in Mozilla Network Security Service NSS. Please review the...

Unbound: Multiple Vulnerabilities

Background Unbound is a validating, recursive, and caching DNS resolver. Description Multiple vulnerabilities have been discovered in Unbound. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...

GPL Ghostscript: Multiple Vulnerabilities

Background Ghostscript is an interpreter for the PostScript language and for PDF. Description Multiple vulnerabilities have been discovered in GPL Ghostscript. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workarou...

xterm: Arbitrary Code Execution

Background xterm is a terminal emulator for the X Window system. Description xterm does not correctly handle control characters related to OSC 50 font ops sequence handling. Impact The vulnerability allows text written to the terminal to write text to the terminal's command line. If the terminal'...

sudo: Heap-Based Buffer Overread

Background sudo allows a system administrator to give users the ability to run commands as other users. Description In certain password input handling, sudo incorrectly assumes the password input is at least nine bytes in size, leading to a heap buffer overread. Impact In the worst case, the heap...

Mozilla Thunderbird: Multiple Vulnerabilities

Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

Pillow: Multiple Vulnerabilities

Background The friendly PIL fork. Description Multiple vulnerabilities have been discovered in Pillow. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time. Resolution...

Mozilla Firefox: Multiple Vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

sysstat: Arbitrary Code Execution

Background sysstat is a package containing a number of performance monitoring utilities for Linux, including sar, mpstat, iostat and sa tools. Description On 32 bit systems, an integer overflow can be triggered when displaying activity data files. Impact Arbitrary code execution can be achieved v...

PHP: Multiple Vulnerabilities

Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact Please review th...

PostgreSQL: Multiple Vulnerabilities

Background PostgreSQL is an open source object-relational database management system. Description Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaroun...

lesspipe: Arbitrary Code Exeecution

Background lesspipe is a preprocessor for less. Description lesspipe has support for parsing Perl storable "PST" files, Impact A crafted Perl storable file which is passed into lesspipe could result in arbitrary code execution. Workaround There is no known workaround at this time. Resolution All...

OpenSSL: Multiple Vulnerabilities

Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple buffer overflows exist in OpenSSL's handling of TLS certificates for client authentication. Impa...

android-tools: Multiple Vulnerabilities

Background android-tools contains Android platform tools adb, fastboot, and mkbootimg. Description Multiple vulnerabilities have been discovered in android-tools. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...