2024-11-16 |
chromium -- multiple security fixes |
Vaultwarden -- Multiple vulnerabilities |
2024-11-15 |
electron31 -- multiple vulnerabilities |
2024-11-14 |
electron31 -- multiple vulnerabilities |
Gitlab -- vulnerabilities |
PostgreSQL -- libpq retains an error message from man-in-the-middle |
PostgreSQL -- PL/Perl environment variable changes execute arbitrary code |
PostgreSQL -- PostgreSQL row security below e.g. subqueries disregards user ID changes |
PostgreSQL -- SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID |
2024-11-13 |
FreeBSD -- Certificate revocation list fetch(1) option fails |
FreeBSD -- Multiple issues in the bhyve hypervisor |
FreeBSD -- Unbounded allocation in ctl(4) CAM Target Layer |
2024-11-12 |
element-web -- several vulnerabilities |
icinga2 -- TLS Certificate Validation Bypass |
Matrix clients -- mxc uri validation in js sdk |
2024-11-08 |
electron32 -- multiple vulnerabilities |
lrzsz -- Integer overflow in zmodem, crash and information leak |
x11vnc -- access to shared memory segments |
2024-11-07 |
gstreamer1-rtsp-server -- Potential Denial-of-Service (DoS) with specially crafted client requests |
2024-11-06 |
chromium -- multiple security fixes |
2024-11-04 |
libqb -- Buffer overflow |
2024-11-02 |
chromium -- multiple security fixes |
2024-10-31 |
keycloak -- Missing server identity checks when sending mails via SMTPS |
qt5-webengine -- Multiple vulnerabilities |
2024-10-30 |
librewolf -- Undefined behavior in selection node cache |
2024-10-29 |
forgejo -- multiple vulnerabilities |
hwloc2 -- Denial of service or other unspecified impacts |
2024-10-26 |
chromium -- multiple security fixes |
chromium -- multiple security fixes |
tnef -- An attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message |
tnef -- Invalid read and write operations, controlled by an attacker |
2024-10-24 |
electron31 -- multiple vulnerabilities |
Gitlab -- vulnerabilities |
2024-10-23 |
electron32 -- multiple vulnerabilities |
2024-10-19 |
OpenSSL -- OOB memory access vulnerability |
2024-10-18 |
electron{31,32} -- multiple vulnerabilities |
oauth2-proxy -- multiple vulnerabilities |
2024-10-15 |
element-web -- Potential exposure of access token via authenticated media |
2024-10-11 |
vscode -- Visual Studio Code for Linux Remote Code Execution Vulnerability |
2024-10-10 |
firefox -- use-after-free code execution |
Gitlab -- vulnerabilities |
2024-10-09 |
chromium -- multiple security fixes |
chromium -- multiple security fixes |
gitea -- token missing access control for packages |
powerdns-recursor -- denial of service |
2024-10-06 |
Unbound -- Denial of service attack |
2024-10-05 |
zeek -- potential DoS vulnerability |
2024-10-03 |
firefox -- multiple vulnerabilities |
jenkins -- multiple vulnerabilities |
2024-10-02 |
redis,valkey -- Multiple vulnerabilities |
2024-09-30 |
chromium -- multiple security fixes |
php -- Multiple vulnerabilities |
Slixmpp -- Lack of SSL Certificate hostname validation in XMLStream |
2024-09-29 |
sqlite -- use-after-free bug in jsonparseaddnodearray |
2024-09-27 |
cups-filters -- remote code execution |
2024-09-26 |
Gitlab -- vulnerabilities |
2024-09-24 |
expat -- multiple vulnerabilities |
frr - BGP |
zeek -- potential DoS vulnerability |
2024-09-20 |
FreeBSD -- bhyve(8) out-of-bounds read access via XHCI emulation |
FreeBSD -- Integer overflow in libnv |
FreeBSD -- ktrace(2) fails to detach when executing a setuid binary |
FreeBSD -- NFS client accepts file names containing path separators |
FreeBSD -- pf incorrectly matches different ICMPv6 states in the state table |
2024-09-18 |
Gitlab -- vulnerabilities |
2024-09-16 |
SnappyMail -- multiple mXSS in HTML sanitizer |
2024-09-15 |
OpenSSH -- Pre-authentication async signal safety issue |
2024-09-13 |
chromium -- multiple security fixes |
2024-09-12 |
Gitlab -- vulnerabilities |
2024-09-10 |
Intel CPUs -- multiple vulnerabilities |
Intel CPUs -- multiple vulnerabilities |
2024-09-09 |
clamav -- Multiple vulnerabilities |
netatalk3 -- multiple WolfSSL vulnerabilities |
2024-09-07 |
exiv2 -- Out-of-bounds read in AsfVideo::streamProperties |
firefox -- Potential memory corruption and exploitable crash |
2024-09-06 |
binutils -- Multiple vulnerabilities |
forgejo -- multiple vulnerabilities |
2024-09-05 |
firefox -- multiple vulnerabilities |
FreeBSD -- bhyve(8) privileged guest escape via TPM device passthrough |
FreeBSD -- bhyve(8) privileged guest escape via USB controller |
FreeBSD -- Multiple issues in ctl(4) CAM Target Layer |
FreeBSD -- Multiple vulnerabilities in libnv |
FreeBSD -- umtx Kernel panic or Use-After-Free |
gitea -- multiple issues |
qt5-webengine -- Multiple vulnerabilities |
2024-09-03 |
chromium -- multiple security fixes |
OpenSSL -- Multiple vulnerabilities |
2024-08-30 |
firefox -- multiple vulnerabilities |
forgejo -- The scope of application tokens was not verified when writing containers or Conan packages. |
RabbitMQ-C -- auth credentials visible in commandline tool options |
2024-08-29 |
chromium -- multiple security fixes |
Configobj -- Regular Expression Denial of Service attack |
2024-08-25 |
Gitlab -- vulnerabilities |
2024-08-23 |
firefox -- Multiple vulnerabilities |
mcpp -- Heap-based buffer overflow |
md4c -- DoS attack |
2024-08-22 |
chromium -- multiple security fixes |
nginx -- Vulnerability in the ngx_http_mp4_module |
2024-08-20 |
Jinja2 -- Vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter |
2024-08-19 |
mozilla products -- spoofing attack |
2024-08-18 |
electron31 -- multiple vulnerabilities |
electron{29,30} -- multiple vulnerabilities |
2024-08-16 |
Dovecot -- DoS |
2024-08-14 |
Intel CPUs -- multiple vulnerabilities |
2024-08-13 |
firefox -- multiple vulnerabilities |
2024-08-12 |
Vaultwarden -- Multiple vulnerabilities |
2024-08-10 |
AMD CPUs -- Guest Memory Vulnerabilities |
mozilla firefox -- protocol information guessing |
Roundcube -- Multiple vulnerabilities |
2024-08-09 |
OpenHAB CometVisu addon -- Multiple vulnerabilities |
soft-serve -- Remote code execution vulnerability |
2024-08-08 |
PostgreSQL -- Prevent unauthorized code execution during pg_dump |
2024-08-07 |
Django -- multiple vulnerabilities |
Gitlab -- Vulnerabilities |
jenkins -- multiple vulnerabilities |
2024-08-06 |
chromium -- multiple security fixes |
2024-07-31 |
chromium -- multiple security fixes |
2024-07-30 |
chromium -- multiple security fixes |
2024-07-28 |
znc -- remote code execution vulnerability |
2024-07-26 |
Mailpit -- Content Security Policy XSS |
2024-07-25 |
Gitlab -- Vulnerabilities |
2024-07-19 |
electron29 -- multiple vulnerabilities |
2024-07-17 |
Apache httpd -- Source code disclosure with handlers configured via AddType |
2024-07-16 |
GLPI -- multiple vulnerabilities |
MySQL -- Multiple vulnerabilities |
2024-07-13 |
electron29 -- multiple vulnerabilities |
electron30 -- multiple vulnerabilities |
2024-07-11 |
Gitlab -- vulnerabilities |
2024-07-10 |
Django -- multiple vulnerabilities |
2024-07-07 |
traefik -- Bypassing IP allow-lists via HTTP/3 early data requests |
2024-07-04 |
Apache httpd -- source code disclosure |
Request Tracker -- information exposure vulnerability |
2024-07-03 |
go -- net/http: denial of service due to improper 100-continue handling |
2024-07-01 |
Apache httpd -- Multiple vulnerabilities |
OpenSSH -- Race condition resulting in potential remote code execution |
2024-06-30 |
netatalk3 -- Multiple vulnerabilities |
2024-06-28 |
electron29 -- multiple vulnerabilities |
frr - Multiple vulnerabilities |
2024-06-27 |
Gitlab -- Vulnerabilities |
2024-06-25 |
chromium -- multiple security fixes |
2024-06-23 |
emacs -- Arbitrary shell code evaluation vulnerability |
2024-06-22 |
traefik -- Azure Identity Libraries Elevation of Privilege Vulnerability |
2024-06-20 |
chromium -- multiple security fixes |
openvpn -- two security fixes |
qt5-webengine -- Multiple vulnerabilities |
qt6-webengine -- Multiple vulnerabilities |
2024-06-18 |
chromium -- multiple security fixes |
2024-06-15 |
go -- multiple vulnerabilities |
traefik -- Unexpected behavior with IPv4-mapped IPv6 addresses |
2024-06-13 |
Gitlab -- Vulnerabilities |
2024-06-11 |
plasma[56]-plasma-workspace -- Unauthorized users can access session manager |
2024-06-10 |
Composer -- Multiple command injections via malicious git/hg branch names |
2024-06-07 |
kanboard -- Project Takeover via IDOR in ProjectPermissionController |
2024-06-05 |
cyrus-imapd -- unbounded memory allocation |
minio -- privilege escalation via permissions inheritance |
minio -- unintentional information disclosure |
2024-06-03 |
chromium -- multiple security fixes |
2024-05-29 |
chromium -- security fix |
nginx -- Multiple Vulnerabilities in HTTP/3 |
2024-05-28 |
OpenSSL -- Use after free vulnerability |
2024-05-25 |
electron28 -- multiple vulnerabilities |
electron29 -- use after free in Dawn |
2024-05-24 |
QtNetworkAuth -- predictable seeding of PRNG in QAbstractOAuth |
2024-05-22 |
chromium -- multiple security fixes |
Gitlab -- Vulnerabilities |
2024-05-21 |
Openfire administration console authentication bypass |
Roundcube -- Cross-site scripting vulnerabilities |
2024-05-19 |
qt5-webengine -- Multiple vulnerabilities |
2024-05-18 |
Arti -- Security issues related to circuit construction |
2024-05-17 |
electron29 -- setuid() does not affect libuv's internal io_uring |
OpenSSL -- Denial of Service vulnerability |
2024-05-15 |
qt6-base (core module) -- Invalid pointer in QStringConverter |
qt6-webengine -- Multiple vulnerabilities |
2024-05-14 |
chromium -- multiple security fixes |
Intel CPUs -- multiple vulnerabilities |
2024-05-13 |
dnsdist -- Transfer requests received over DoH can lead to a denial of service |
go -- net: malformed DNS message can cause infinite loop |
2024-05-12 |
chromium -- multiple security fixes |
2024-05-09 |
electron29 -- multiple vulnerabilities |
Gitlab -- vulnerabilities |
PostgreSQL server -- Potentially allowing authenicated database users to see data that they shouldn't. |
tailscale -- Insufficient inbound packet filtering in subnet routers and exit nodes |
2024-05-08 |
electron29 -- multiple vulnerabilities |
2024-05-02 |
chromium -- multiple security fixes |
R -- arbitrary code execution vulnerability |
2024-05-01 |
hcode -- buffer overflow in mail.c |
2024-04-28 |
GLPI -- multiple vulnerabilities |
py-social-auth-app-django -- Improper Handling of Case Sensitivity |
2024-04-25 |
chromium -- multiple security fixes |
2024-04-24 |
Gitlab -- vulnerabilities |
powerdns-recursor -- denial of service |
py-matrix-synapse -- weakness in auth chain indexing allows DoS |
2024-04-23 |
ruby -- Arbitrary memory address read vulnerability with Regex search |
2024-04-22 |
GLPI -- multiple vulnerabilities |
GLPI -- multiple vulnerabilities |
GLPI -- multiple vulnerabilities |
sdl2_sound -- multiple vulnerabilities |
2024-04-21 |
chromium -- multiple security fixes |
2024-04-19 |
clamav -- Possible crash in the HTML file parser that could cause a denial-of-service (DoS) condition |
jenkins -- Terrapin SSH vulnerability in Jenkins CLI client |
2024-04-18 |
electron{27,28,29} -- multiple vulnerabilities |
2024-04-16 |
php -- Multiple vulnerabilities |
PuTTY and embedders (f.i., filezilla) -- biased RNG with NIST P521/ecdsa-sha2-nistp521 signatures permits recovering private key |
2024-04-15 |
go -- http2: close connections when receiving too many headers |
2024-04-12 |
chromium -- multiple security fixes |
2024-04-11 |
electron{27,28} -- Out of bounds memory access in V8 |
forgejo -- HTTP/2 CONTINUATION flood in net/http |
forgejo -- multiple issues |
Gitlab -- Patch Release: 16.10.2, 16.9.4, 16.8.6 |
jose -- DoS vulnerability |
OpenSSL -- Unbounded memory growth with session handling in TLSv1.3 |
2024-04-10 |
wordpress -- XSS |
2024-04-05 |
Apache httpd -- multiple vulnerabilities |
electron{27,28} -- multiple vulnerabilities |
2024-04-04 |
chromium -- multiple security fixes |
xorg server -- Multiple vulnerabilities |
2024-04-02 |
jenkins -- HTTP/2 denial of service vulnerability in bundled Jetty |
2024-03-31 |
mediawiki -- multiple vulnerabilities |
2024-03-29 |
electron{27,28} -- Object lifecycle issue in V8 |
2024-03-28 |
Gitlab -- vulnerabilities |
2024-03-27 |
chromium -- multiple security fixes |
2024-03-26 |
emacs -- multiple vulnerabilities |
phpmyfaq -- multiple vulnerabilities |
quiche -- Multiple Vulnerabilities |
2024-03-22 |
chromium -- multiple security fixes |
2024-03-21 |
security/shibboleth-idp -- CAS service SSRF |
2024-03-20 |
databases/mongodb* -- Improper Certificate Validation |
2024-03-18 |
www/varnish7 -- Denial of Service |
2024-03-17 |
amavisd-new -- multipart boundary confusion |
2024-03-16 |
typo3-{11,12} -- multiple vulnerabilities |
2024-03-14 |
electron{27,28} -- Out of bounds memory access in V8 |
2024-03-12 |
Intel CPUs -- multiple vulnerabilities |
2024-03-11 |
Grafana -- Data source permission escalation |
2024-03-09 |
Unbound -- Denial-of-Service vulnerability |
2024-03-07 |
electron{27,28} -- vulnerability in libxml2 |
Gitlab -- Vulnerabilities |
2024-03-06 |
chromium -- multiple security fixes |
go -- multiple vulnerabilities |
2024-03-04 |
Django -- multiple vulnerabilities |
2024-03-01 |
NodeJS -- Vulnerabilities |
2024-02-29 |
chromium -- multiple security fixes |
electron{27,28} -- Use after free in Mojo |
2024-02-28 |
curl -- OCSP verification bypass with TLS session reuse |
null -- Routinator terminates when RTR connection is reset too quickly after opening |
2024-02-24 |
chromium -- multiple security fixes |
gitea -- Fix XSS vulnerabilities |
2024-02-23 |
dns/c-ares -- malformatted file causes application crash |
electron27 -- multiple vulnerabilities |
suricata -- multiple vulnerabilities |
2024-02-22 |
Gitlab -- Vulnerabilities |
2024-02-20 |
Grafana -- Email verification is not required after email change |
2024-02-16 |
powerdns-recursor -- Multiple Vulnerabilities |
2024-02-15 |
gitea -- Prevent anonymous container access |
nginx-devel -- Multiple Vulnerabilities in HTTP/3 |
2024-02-14 |
chromium -- security fix |
FreeBSD -- bhyveload(8) host file access |
FreeBSD -- jail(2) information leak |
2024-02-13 |
DNSSEC validators -- denial-of-service/CPU exhaustion from KeyTrap and NSEC3 vulnerabilities |
2024-02-12 |
openexr -- Heap Overflow in Scanline Deep Data Parsing |
readstat -- Heap buffer overflow in readstat_convert |
2024-02-11 |
p5-Spreadsheet-ParseExcel -- Remote Code Execution Vulnerability |
phpmyfaq -- multiple vulnerabilities |
2024-02-08 |
chromium -- multiple security fixes |
Composer -- Code execution and possible privilege escalation |
Gitlab -- vulnerabilities |
Libgit2 -- multiple vulnerabilities |
postgresql-server -- non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL |
2024-02-07 |
clamav -- Multiple vulnerabilities |
Django -- multiple vulnerabilities |
2024-02-02 |
chromium -- multiple security fixes |
chromium -- multiple security fixes |
2024-02-01 |
electron{26,27,28} -- Use after free in Web Audio |
2024-01-31 |
lizard -- Negative size passed to memcpy resulting in memory corruption |
OpenSSL -- Multiple vulnerabilities |
qt6-webengine -- Multiple vulnerabilities |
2024-01-29 |
qt5-webengine -- Multiple vulnerabilities |
qt6-webengine -- Multiple vulnerabilities |
2024-01-26 |
Gitlab -- vulnerabilities |
rclone -- Multiple vulnerabilities |
2024-01-24 |
jenkins -- multiple vulnerabilities |
2024-01-23 |
TinyMCE -- mXSS in multiple plugins |
2024-01-22 |
zeek -- potential DoS vulnerability |
2024-01-19 |
electron26 -- Out of bounds memory access in V8 |
2024-01-17 |
chromium -- multiple security fixes |
electron{26,27} -- multiple vulnerabilities |
2024-01-16 |
xorg server -- Multiple vulnerabilities |
2024-01-12 |
electron{26,27} -- multiple vulnerabilities |
Gitlab -- vulnerabilities |
2024-01-11 |
OpenSSL -- Vector register corruption on PowerPC |
2024-01-10 |
chromium -- security fix |
2024-01-07 |
QtNetwork -- potential buffer overflow |
2024-01-06 |
mantis -- multiple vulnerabilities |
2024-01-04 |
chromium -- multiple security fixes |
electron26 -- multiple vulnerabilities |
electron27 -- multiple vulnerabilities |
2024-01-02 |
FreeBSD -- Prefix Truncation Attack in the SSH protocol |
2023-12-22 |
electron{26,27} -- multiple vulnerabilities |
2023-12-21 |
chromium -- security fix |
gitea -- Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin |
2023-12-19 |
nebula -- security fix for terrapin vulnerability |
putty -- add protocol extension against 'Terrapin attack' |
slurm-wlm -- Several security issues |
2023-12-17 |
couchdb -- information sharing via couchjs processes |
2023-12-14 |
Gitlab -- vulnerabilities |
2023-12-13 |
chromium -- multiple security fixes |
FreeBSD -- NFS client data corruption and kernel memory disclosure |
xorg-server -- Multiple vulnerabilities |
2023-12-11 |
chromium -- multiple security fixes |
2023-12-10 |
apache -- Apache ZooKeeper: Authorization bypass in SASL Quorum Peer Authentication |
2023-12-07 |
electron25 -- multiple vulnerabilities |
2023-12-05 |
FreeBSD -- TCP spoofing vulnerability in pf(4) |
2023-12-02 |
varnish -- HTTP/2 Rapid Reset Attack |
2023-12-01 |
electron25 -- multiple vulnerabilities |
electron26 -- multiple vulnerabilities |
Gitlab -- Vulnerabilities |
2023-11-29 |
chromium -- multiple security fixes |
2023-11-26 |
MariaDB -- Denial-of-Service vulnerability |
2023-11-24 |
strongSwan -- vulnerability in charon-tkm |
2023-11-22 |
electron{25,26} -- use after free in Garbage Collection |
2023-11-16 |
chromium -- multiple security fixes |
electron{25,26} -- use after free in WebAudio |
2023-11-15 |
openvpn -- 2.6.0...2.6.6 --fragment option division by zero crash, and TLS data leak |
typo3 -- Multiple vulnerabilities |
2023-11-09 |
electron{25,26} -- multiple vulnerabilities |
postgresql-server -- Buffer overrun from integer overflow in array modification |
postgresql-server -- Memory disclosure in aggregate function calls |
postgresql-server -- Role pg_cancel_backend can signal certain superuser processes |
2023-11-08 |
chromium -- security update |
FreeBSD -- Incorrect libcap_net limitation list manipulation |
FreeBSD -- libc stdio buffer overflow |
libsndfile_project -- Integer overflow in dataend calculation |
OpenSSL -- DoS in DH generation |
2023-11-05 |
vorbistools -- heap buffer overflow in oggenc |
2023-11-03 |
chromium -- multiple vulnerabilities |
2023-11-02 |
phpmyfaq -- multiple vulnerabilities |
PptiPNG -- Global-buffer-overflow |
2023-11-01 |
Gitlab -- Vulnerabilities |
open-vm-tools -- Multiple vulnerabilities |
2023-10-27 |
chromium -- multiple vulnerabilities |
zeek -- potential DoS vulnerabilities |
2023-10-25 |
squid -- Multiple vulnerabilities |
xorg-server -- Multiple vulnerabilities |
2023-10-24 |
OpenSSL -- potential loss of confidentiality |
2023-10-23 |
MySQL -- Multiple vulnerabilities |
2023-10-19 |
Apache httpd -- Multiple vulnerabilities |
electron{25,26} -- Use after free in Site Isolation |
2023-10-18 |
jenkins -- HTTP/2 denial of service vulnerability in bundled Jetty |
redis -- Possible bypassing Unix socket permissions |
Request Tracker -- multiple vulnerabilities |
Roundcube -- XSS vulnerability in SVG |
2023-10-16 |
moonlight-embedded -- multiple vulnerabilities |
2023-10-14 |
libcue -- out-of-bounds array access |
traefik -- Resource exhaustion by malicious HTTP/2 client |
2023-10-12 |
11/libX11 multiple vulnerabilities |
electron25 -- Use after free in extensions vulnerability |
x11/libXpm multiple vulnerabilities |
2023-10-11 |
Account takeover through API in GLPI |
Account takeover via Kanban feature in GLPI |
Account takeover via SQL Injection in UI layout preferences in GLPI |
chromium -- multiple vulnerabilities |
curl -- SOCKS5 heap buffer overflow |
File deletion through document upload process in GLPI |
GLPI vulnerable to reflected XSS in search pages |
GLPI vulnerable to SQL injection through Computer Virtual Machine information |
GLPI vulnerable to SQL injection via dashboard administration |
GLPI vulnerable to SQL injection via inventory agent request |
GLPI vulnerable to unauthenticated access to Dashboard data |
GLPI vulnerable to unauthorized access to Dashboard data |
GLPI vulnerable to unauthorized access to KnowbaseItem data |
GLPI vulnerable to unauthorized access to User data |
glpi-project -- SQL injection in ITIL actors in GLPI |
Phishing through a login page malicious URL in GLPI |
Privilege Escalation from technician to super-admin in GLPI |
Sensitive fields enumeration through API in GLPI |
Unallowed PHP script execution in GLPI |
Users login enumeration by unauthenticated user in GLPI |
2023-10-10 |
h2o -- HTTP/2 Rapid Reset attack vulnerability |
2023-10-05 |
Django -- multiple vulnerabilities |
2023-10-04 |
chromium -- type confusion in v8 |
FreeBSD -- arm64 boot CPUs may lack speculative execution protections |
FreeBSD -- copy_file_range insufficient capability rights check |
FreeBSD -- msdosfs data disclosure |
libspf2 -- Integer Underflow Remote Code Execution |
2023-10-02 |
mediawiki -- multiple vulnerabilities |
2023-09-29 |
chromium -- multiple vulnerabilities |
electron{22,24,25} -- Heap buffer overflow in vp8 encoding in libvpx |
Gitlab -- vulnerabilities |
Remote Code Execution via web-accessible composer |
2023-09-27 |
routinator -- Possible path traversal when storing RRDP responses |
xrdp -- Improper handling of session establishment errors allows bypassing OS-level session restrictions |
xrdp -- unchecked access to font glyph info |
2023-09-25 |
jenkins -- multiple vulnerabilities |
2023-09-23 |
Mailpit affected by vulnerability in included go markdown module |
2023-09-21 |
graphics/webp heap buffer overflow |
2023-09-20 |
libwebp heap buffer overflow |
2023-09-19 |
Gitlab -- vulnerability |
2023-09-16 |
Roundcube -- XSS vulnerability |
routinator -- multiple vulnerabilities |
2023-09-13 |
chromium -- multiple vulnerabilities |
curl -- HTTP headers eat all memory |
electron22 -- multiple vulnerabilities |
electron{24,25} -- multiple vulnerabilities |
vscode -- VS Code Remote Code Execution Vulnerability |
2023-09-12 |
zeek -- potential DoS vulnerabilities |
2023-09-10 |
gitea -- block user account creation from blocked email domains |
gitea -- missing permission checks |
2023-09-07 |
FreeBSD -- pf incorrectly handles multiple IPv6 fragment headers |
FreeBSD -- Wi-Fi encryption bypass |
go -- multiple vulnerabilities |
Python -- multiple vulnerabilities |
redis -- Possible bypassing ACL configuration |
2023-09-06 |
chromium -- multiple vulnerabilities |
2023-09-04 |
Django -- multiple vulnerabilities |
2023-09-01 |
Gitlab -- Vulnerabilities |
2023-08-31 |
Borg (Backup) -- flaw in cryptographic authentication scheme in Borg allowed an attacker to fake archives and indirectly cause backup data loss. |
electron22 -- multiple vulnerabilities |
electron24 -- multiple vulnerabilities |
electron25 -- multiple vulnerabilities |
FreeBSD -- bhyve privileged guest escape via fwctl |
FreeBSD -- GELI silently omits the keyfile if read from stdin |
FreeBSD -- Multiple vulnerabilities in Heimdal |
FreeBSD -- Multiple vulnerabilities in OpenSSL |
FreeBSD -- Network authentication attack via pam_krb5 |
FreeBSD -- Network authentication attack via pam_krb5 |
FreeBSD -- OpenSSH pre-authentication double free |
FreeBSD -- Potential remote code execution via ssh-agent forwarding |
FreeBSD -- Remote denial of service in IPv6 fragment reassembly |
FreeBSD -- ssh-add does not honor per-hop destination constraints |
FreeBSD -- Stack overflow in ping(8) |
py-django-photologue -- XSS vulnerability |
py-dparse -- REDoS vulnerability |
py-flask-caching -- remote code execution or local privilege escalation vulnerabilities |
py-Flask-Cors -- directory traversal vulnerability |
py-flask-security -- user redirect to arbitrary URL vulnerability |
py-httpie -- exposure of sensitive information vulnerabilities |
py-httpx -- input validation vulnerability |
py-markdown2 -- regular expression denial of service vulnerability |
py-markdown2 -- XSS vulnerability |
py-pygments -- multiple DoS vulnerabilities |
py-Scrapy -- cookie injection vulnerability |
py-Scrapy -- credentials leak vulnerability |
py-Scrapy -- DoS vulnerability |
py-Scrapy -- exposure of sensitive information vulnerability |
py-treq -- sensitive information leak vulnerability |
py-wagtail -- DoS vulnerability |
py-wagtail -- stored XSS vulnerability |
py-WsgiDAV -- XSS vulnerability |
2023-08-30 |
chromium -- use after free in MediaStream |
2023-08-27 |
gitea -- information disclosure |
2023-08-24 |
chromium -- multiple vulnerabilities |
electron25 -- multiple vulnerabilities |
electron{22,24} -- multiple vulnerabilities |
2023-08-23 |
phpmyfaq -- multiple vulnerabilities |
2023-08-17 |
chromium -- multiple vulnerabilities |
MySQL -- Multiple vulnerabilities |
2023-08-16 |
clamav -- Possible denial of service vulnerability in the AutoIt file parser |
clamav -- Possible denial of service vulnerability in the HFS+ file parser |
2023-08-14 |
krb5 -- Double-free in KDC TGS processing |
typo3 -- multiple vulnerabilities |
2023-08-10 |
postgresql-server -- Extension script @substitutions@ within quoting allow SQL injection |
postgresql-server -- MERGE fails to enforce UPDATE or SELECT row security policies |
2023-08-07 |
electron{22,23,24,25} -- multiple vulnerabilities |
2023-08-05 |
samba -- multiple vulnerabilities |
2023-08-04 |
chromium -- multiple vulnerabilities |
2023-08-02 |
Gitlab -- Vulnerabilities |
go -- multiple vulnerabilities |
2023-07-31 |
OpenSSL -- Excessive time spent checking DH q parameter value |
2023-07-26 |
jenkins -- Stored XSS vulnerability |
2023-07-23 |
gitea -- Disallow dangerous URL schemes |
2023-07-21 |
OpenSSH -- remote code execution via a forwarded agent socket |
2023-07-20 |
chromium -- multiple vulnerabilities |
2023-07-19 |
virtualbox-ose -- multiple vulnerabilities |
virtualbox-ose -- multiple vulnerabilities |
virtualbox-ose -- multiple vulnerabilities |
2023-07-18 |
element-web -- Cross site scripting in Export Chat feature |
2023-07-16 |
OpenSSL -- AES-SIV implementation ignores empty associated data entries |
2023-07-14 |
electron22 -- multiple vulnerabilities |
2023-07-10 |
librecad -- out-of-bounds read in importshp plugin |
redis -- heap overflow in COMMAND GETKEYS and ACL evaluation |
redis -- Heap overflow in the cjson and cmsgpack libraries |
2023-07-06 |
electron{23,24} -- multiple vulnerabilities |
2023-07-05 |
gitea -- avoid open HTTP redirects |
gitea -- multiple issues |
Gitlab -- Vulnerabilities |
phpldapadmin -- XSS vulnerability |
2023-07-03 |
Django -- multiple vulnerabilities |
2023-07-01 |
mediawiki -- multiple vulnerabilities |
2023-06-30 |
Gitlab -- Vulnerabilities |
SoftEtherVPN -- multiple vulnerabilities |
2023-06-27 |
chromium -- multiple vulnerabilities |
OpenEXR -- heap buffer overflow in internal_huf_decompress |
2023-06-23 |
Grafana -- Account takeover / authentication bypass |
2023-06-22 |
electron22 -- multiple vulnerabilities |
electron{23,24} -- multiple vulnerabilities |
2023-06-16 |
electron22 -- multiple vulnerabilities |
electron23 -- multiple vulnerabilities |
electron24 -- multiple vulnerabilities |
libX11 -- Sub-object overflows |
2023-06-14 |
jenkins -- CSRF protection bypass vulnerability |
2023-06-13 |
chromium -- multiple vulnerabilities |
vscode -- VS Code Information Disclosure Vulnerability |
2023-06-12 |
xmltooling -- remote resource access |
2023-06-09 |
acme.sh -- closes potential remote vuln |
2023-06-08 |
Python -- multiple vulnerabilities |
2023-06-07 |
chromium -- multiple vulnerabilities |
Gitlab -- Vulnerability |
Grafana -- Broken access control: viewer can send test alerts |
Grafana -- Grafana DS proxy race condition |
2023-06-06 |
Kanboard -- Multiple vulnerabilities |
qpress -- directory traversal |
2023-05-31 |
chromium -- multiple vulnerabilities |
OpenSSL -- Possible DoS translating ASN.1 identifiers |
2023-05-30 |
Kanboard -- Clipboard based cross-site scripting (blocked with default CSP) in Kanboard |
2023-05-28 |
MariaDB -- Nullpointer dereference |
2023-05-21 |
phpmyfaq -- multiple vulnerabilities |
2023-05-19 |
curl -- multiple vulnerabilities |
zeek -- potential DoS vulnerabilities |
2023-05-18 |
electron -- vulnerability |
2023-05-17 |
chromium -- multiple vulnerabilities |
2023-05-13 |
Gitlab -- Vulnerability |
2023-05-12 |
piwigo -- SQL injection |
2023-05-11 |
postgresql-server -- CREATE SCHEMA ... schema elements defeats protective search_path changes |
postgresql-server -- Row security policies disregard user ID changes after inlining |
2023-05-10 |
vscode -- Visual Studio Code Information Disclosure Vulnerability |
2023-05-08 |
glpi -- multiple vulnerabilities |
redis -- HINCRBYFLOAT can be used to crash a redis-server process |
2023-05-06 |
Gitlab -- Multiple Vulnerabilities |
2023-05-05 |
Django -- multiple vulnerabilities |
2023-05-03 |
chromium -- multiple vulnerabilities |
2023-05-02 |
Gitlab -- Multiple Vulnerabilities |
2023-04-30 |
h2o -- Malformed HTTP/1.1 causes Out-of-Memory Denial of Service |
2023-04-29 |
cloud-init -- sensitive data exposure in cloud-init logs |
2023-04-26 |
element-web -- matrix-react-sdk vulnerable to HTML injection in search results via plaintext message highlighting |
git -- Multiple vulnerabilities |
Grafana -- Critical vulnerability in golang |
Grafana -- Exposure of sensitive information to an unauthorized actor |
2023-04-25 |
jellyfin -- Multiple vulnerabilities |
2023-04-24 |
phpmyfaq -- multiple vulnerabilities |
2023-04-22 |
MySQL -- Multiple vulnerabilities |
2023-04-20 |
chromium -- multiple vulnerabilities |
2023-04-16 |
libxml2 -- multiple vulnerabilities |
2023-04-15 |
chromium -- multiple vulnerabilities |
mod_gnutls -- Infinite Loop on request read timeout |
2023-04-13 |
ghostscript -- exploitable buffer overflow in (T)BCP in PS interpreter |
2023-04-12 |
zeek -- potential DoS vulnerabilities |
2023-04-10 |
py-ansible -- data leak vulnerability |
py-ansible -- multiple vulnerabilities |
py-beaker -- arbitrary code execution vulnerability |
py-cryptography -- allows programmers to misuse an API |
py-cryptography -- includes a vulnerable copy of OpenSSL |
py-kerberos -- DoS and MitM vulnerabilities |
py-psutil -- double free vulnerability |
2023-04-09 |
py-cinder -- data leak |
py-cinder -- unauthorized data access |
py-impacket -- multiple path traversal vulnerabilities |
py-nicotine-plus -- Denial of service vulnerability |
py-pymatgen -- regular expression denial of service |
py-slixmpp -- incomplete SSL certificate validation |
py-suds -- vulnerable to symlink attacks |
py-tensorflow -- denial of service vulnerability |
py-tensorflow -- unchecked argument causing crash |
py-tflite -- buffer overflow vulnerability |
py-tflite -- denial of service vulnerability |
py27-setuptools44 -- denial of service vulnerability |
py39-celery -- command injection vulnerability |
py39-cinder -- insecure-credentials flaw |
py39-configobj -- vulnerable to Regular Expression Denial of Service |
py39-joblib -- arbitrary code execution |
py39-OWSLib -- arbitrary file read vulnerability |
py39-py -- Regular expression Denial of Service vulnerability |
py39-pycares -- domain hijacking vulnerability |
py39-redis -- can send response data to the client of an unrelated request |
py39-redis -- can send response data to the client of an unrelated request |
py39-sentry-sdk -- sensitive cookies leak |
py39-setuptools -- denial of service vulnerability |
py39-setuptools58 -- denial of service vulnerability |
py39-sqlalchemy11 -- multiple SQL Injection vulnerabilities |
py39-sqlalchemy12 -- multiple SQL Injection vulnerabilities |
py39-unicorn -- sandbox escape and arbitrary code execution vulnerability |
2023-04-07 |
ffmpeg -- multiple vulnerabilities |
go -- multiple vulnerabilities |
samba -- multiple vulnerabilities |
traefik -- Use of vulnerable Go modules net/http, net/textproto |
2023-04-05 |
chromium -- multiple vulnerabilities |
2023-04-01 |
mediawiki -- multiple vulnerabilities |
2023-03-31 |
Gitlab -- Multiple Vulnerabilities |
2023-03-30 |
powerdns-recursor -- denial of service |
rubygem-time -- ReDoS vulnerability |
rubygem-uri -- ReDoS vulnerability |
2023-03-29 |
Grafana -- Stored XSS in Graphite FunctionDescription tooltip |
Matrix clients -- Prototype pollution in matrix-js-sdk |
OpenSSL -- Multiple vulnerabilities |
xorg-server -- Overlay Window Use-After-Free |
2023-03-28 |
py39-sqlalchemy10 -- multiple SQL Injection vulnerabilities |
2023-03-26 |
py39-Elixir -- weak use of cryptography |
py39-lmdb -- multiple vulnerabilities |
2023-03-25 |
py39-rencode -- infinite loop that could lead to Denial of Service |
2023-03-24 |
dino -- Insufficient message sender validation in Dino |
OpenSSL -- Excessive Resource Usage Verifying X.509 Policy Constraints |
phpmyfaq -- multiple vulnerabilities |
rack -- possible denial of service vulnerability in header parsing |
2023-03-23 |
libXpm -- Issues handling XPM files |
tailscale -- security vulnerability in Tailscale SSH |
2023-03-22 |
chromium -- multiple vulnerabilities |
2023-03-21 |
redis -- specially crafted MSETNX command can lead to denial-of-service |
2023-03-20 |
curl -- multiple vulnerabilities |
2023-03-16 |
phpMyAdmin -- XSS vulnerability in drag-and-drop upload |
2023-03-11 |
Apache httpd -- Multiple vulnerabilities |
2023-03-09 |
chromium -- multiple vulnerabilities |
jenkins -- multiple vulnerabilities |
2023-03-08 |
Apache OpenOffice -- master password vulnerabilities |
go -- crypto/elliptic: incorrect P-256 ScalarMult and ScalarBaseMult results |
mantis -- multiple vulnerabilities |
2023-03-06 |
rack -- possible DoS vulnerability in multipart MIME parsing |
2023-03-05 |
curl -- multiple vulnerabilities |
2023-03-04 |
strongSwan -- certificate verification vulnerability |
2023-03-03 |
Gitlab -- Multiple Vulnerabilities |
2023-03-01 |
Grafana -- Stored XSS in geomap panel plugin via attribution |
Grafana -- Stored XSS in text panel plugin |
Grafana -- Stored XSS in TraceView panel |
redis -- multiple vulnerabilities |
2023-02-27 |
emacs -- multiple vulnerabilities |
2023-02-24 |
freerdp -- clients using `/parallel` command line switch might read uninitialized data |
freerdp -- clients using the `/video` command line switch might read uninitialized data |
2023-02-22 |
chromium -- multiple vulnerabilities |
2023-02-21 |
git -- "git apply" overwriting paths outside the working tree |
git -- gitattributes parsing integer overflow |
git -- Heap overflow in `git archive`, `git log --format` leading to RCE |
git -- Local clone-based data exfiltration with non-local transports |
libde256 -- multiple vulnerabilities |
zeek -- potential DoS vulnerabilities |
2023-02-20 |
gitea -- password hash quality |
2023-02-19 |
traefik -- Use of vulnerable Go module x/net/http2 |
2023-02-16 |
clamav -- Multiple vulnerabilities |
Rundeck3 -- Log4J RCE vulnerability |
2023-02-15 |
go -- multiple vulnerabilities |
2023-02-14 |
Django -- multiple vulnerabilities |
2023-02-13 |
GnuTLS -- timing sidechannel in RSA decryption |
MinIO -- unprivileged users can create service accounts for admin users |
2023-02-12 |
phpmyfaq -- multiple vulnerabilities |
2023-02-10 |
chromium -- multiple vulnerabilities |
2023-02-09 |
Grafana -- Spoofing originalUrl of snapshots |
Grafana -- Stored XSS in ResourcePicker component |
PostgreSQL server -- Client memory disclosure when connecting, with Kerberos, to modified server. |
2023-02-08 |
LibreSSL -- Arbitrary memory read |
TightVNC -- Muliple Vulnerabilities |
xorg-server -- Security issue in the X server |
2023-02-07 |
OpenSSL -- Multiple vulnerabilities |
2023-02-06 |
Django -- multiple vulnerabilities |
2023-02-04 |
kafka -- Denial Of Service vulnerability |
node_exporter -- bypass security with cache poisoning |
2023-02-02 |
Asterisk -- multiple vulnerabilities |
Spotipy -- Path traversal vulnerability |
2023-02-01 |
Gitlab -- Multiple Vulnerabilities |
zeek -- potential DoS vulnerabilities |
2023-01-30 |
Plex Media Server -- security vulnerability |
prometheus2 -- basic authentication bypass |
2023-01-25 |
chromium -- multiple vulnerabilities |
re2c -- uncontrolled recursion |
2023-01-24 |
gitea -- information disclosure |
2023-01-23 |
net/eternalterminal -- Multiple vulnerabilities |
net/krill -- DoS vulnerability |
powerdns-recursor -- denial of service |
www/awstats -- Partial absolute pathname |
2023-01-21 |
MySQL -- Multiple vulnerabilities |
shells/fish -- arbitrary code execution via git |
2023-01-20 |
phpmyfaq -- multiple vulnerabilities |
2023-01-19 |
rack -- Multiple vulnerabilities |
2023-01-17 |
Apache httpd -- Multiple vulnerabilities |
2023-01-16 |
redis -- multiple vulnerabilities |
security/keycloak -- Multiple possible DoS attacks |
2023-01-14 |
security/tor -- SOCKS4(a) inversion bug |
2023-01-12 |
emacs -- arbitary shell command execution vulnerability of ctags |
2023-01-11 |
cassandra3 -- arbitrary code execution |
cassandra3 -- jBCrypt integer overflow |
cassandra3 -- multiple vulnerabilities |
Gitlab -- Multiple Vulnerabilities |
xorg-server -- Multiple security issues in X server extensions |
2023-01-10 |
chromium -- multiple vulnerabilities |
2023-01-05 |
devel/viewvc-devel is vulnerable to cross-site scripting |
net-mgmt/cacti is vulnerable to remote command injection |
2023-01-03 |
rxvt-unicode is vulnerable to a remote code execution |
2023-01-02 |
gitea -- multiple issues |
2022-12-29 |
mediawiki -- multiple vulnerabilities |
webtrees -- vulnerability |
2022-12-27 |
netdata -- multiple vulnerabilities with streaming |
2022-12-24 |
freerdp -- multiple vulnerabilities |
2022-12-22 |
gitea -- multiple issues |
2022-12-17 |
typo3 -- multiple vulnerabilities |
2022-12-14 |
chromium -- multiple vulnerabilities |
curl -- multiple vulnerabilities |
2022-12-12 |
phpmyfaq -- multiple vulnerabilities |
2022-12-10 |
traefik -- multiple vulnerabilities |
xrdp -- multiple vulnerabilities |
2022-12-07 |
Python -- multiple vulnerabilities |
2022-12-06 |
go -- multiple vulnerabilities |
2022-12-03 |
chromium -- Type confusion in V8 |
2022-12-01 |
Gitlab -- Multiple Vulnerabilities |
rpm4 -- Multiple Vulnerabilities |
2022-11-30 |
chromium -- multiple vulnerabilities |
2022-11-25 |
chromium -- multiple vulnerabilities |
2022-11-24 |
advancecomp -- Multiple vulnerabilities |
rubygem-cgi -- HTTP response splitting vulnerability |
zeek -- potential DoS vulnerabilities |
2022-11-22 |
tailscale -- Security vulnerability in the client |
2022-11-18 |
Tomcat -- Request Smuggling |
2022-11-15 |
krb5 -- Integer overflow vulnerabilities in PAC parsing |
2022-11-12 |
Grafana -- Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins |
Grafana -- Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins |
Grafana -- Improper authentication |
Grafana -- Plugin signature bypass |
Grafana -- Privilege escalation |
Grafana -- Privilege escalation |
Grafana -- Username enumeration |
ipython -- Execution with Unnecessary Privileges |
2022-11-11 |
phpmyfaq -- multiple vulnerabilities |
2022-11-09 |
chromium -- multiple vulnerabilities |
varnish -- HTTP/2 Request Forgery Vulnerability |
varnish -- Request Smuggling Vulnerability |
zeek -- potential DoS vulnerabilities |
2022-11-08 |
darkhttpd -- DOS vulnerability |
2022-11-07 |
sudo -- Potential out-of-bounds write for small passwords |
2022-11-05 |
Gitlab -- Multiple vulnerabilities |
2022-11-03 |
pixman -- heap overflow |
2022-11-01 |
go -- syscall, os/exec: unsanitized NUL in environment variables |
OpenSSL -- Buffer overflows in Email verification |
2022-10-30 |
MySQL -- Multiple vulnerabilities |
2022-10-28 |
chromium -- Type confusion in V8 |
2022-10-25 |
chromium -- multiple vulnerabilities |
samba -- buffer overflow in Heimdal unwrap_des3() |
2022-10-22 |
Cleartext leak in libudisks |
2022-10-21 |
phpmyfaq -- CSRF vulnerability |
2022-10-20 |
Python -- multiple vulnerabilities |
2022-10-19 |
nginx -- Two vulnerabilities |
2022-10-18 |
git -- Multiple vulnerabilities |
OpenSSL -- Potential NULL encryption in NID_undef with Custom Cipher |
2022-10-15 |
gitea -- multiple issues |
2022-10-12 |
chromium -- mulitple vulnerabilities |
roundcube-thunderbird_labels -- RCE with custom label titles |
2022-10-11 |
samba -- Multiple vulnerabilities |
2022-10-10 |
strongswan -- DOS attack vulnerability |
2022-10-07 |
routinator -- potential DOS attack |
2022-10-06 |
Django -- multiple vulnerabilities |
2022-10-05 |
jenkins -- XSS vulnerability |
2022-10-04 |
go -- multiple vulnerabilities |
zydis -- heap buffer overflow |
2022-10-02 |
mediawiki -- multiple vulnerabilities |
2022-09-30 |
chromium -- multiple vulnerabilities |
Gitlab -- Multiple vulnerabilities |
2022-09-29 |
unbound -- Non-Responsive Delegation Attack |
2022-09-28 |
Matrix clients -- several vulnerabilities |
2022-09-27 |
chromium -- multiple vulnerabilities |
expat -- Heap use-after-free vulnerability |
2022-09-26 |
squid -- Exposure of sensitive information in cache manager |
2022-09-21 |
Grafana -- Privilege escalation |
redis -- Potential remote code execution vulnerability |
2022-09-19 |
zeek -- potential DoS vulnerabilities |
2022-09-16 |
puppetdb -- Potential SQL injection |
2022-09-14 |
chromium -- multiple vulnerabilities |
2022-09-12 |
dendrite -- Signature checks not applied to some retrieved missing events |
2022-09-11 |
gitea -- multiple issues |
2022-09-08 |
Python -- multiple vulnerabilities |
2022-09-07 |
go -- multiple vulnerabilities |
2022-09-03 |
chromium -- insufficient data validation in Mojo |
2022-09-01 |
Grafana -- Unauthorized file disclosure |
powerdns-recursor -- denial of service |
2022-08-31 |
chromium -- multiple vulnerabilities |
FreeBSD -- zlib heap buffer overflow |
Matrix clients -- several vulnerabilities |
2022-08-30 |
Gitlab -- multiple vulnerabilities |
2022-08-26 |
zeek -- potential DoS vulnerabilities |
2022-08-25 |
MariaDB -- Multiple vulnerabilities |
2022-08-23 |
Gitlab -- Remote Code Execution |
2022-08-20 |
drupal9 -- multiple vulnerabilities |
2022-08-17 |
chromium -- multiple vulnerabilities |
2022-08-15 |
dendrite -- Incorrect parsing of the event default power level in event auth |
2022-08-14 |
Tomcat -- XSS in examples web application |
2022-08-12 |
XFCE tumbler -- Vulnerability in the GStreamer plugin |
2022-08-10 |
FreeBSD -- AIO credential reference count leak |
FreeBSD -- Memory disclosure by stale virtual memory mapping |
FreeBSD -- Missing bounds check in 9p message handling |
FreeBSD -- Out of bound read in elf_note_prpsinfo() |
rsync -- client-side arbitrary file write vulnerability |
varnish -- Denial of Service Vulnerability |
2022-08-09 |
gnutls -- double free vulnerability |
2022-08-08 |
wolfssl -- multiple issues |
2022-08-05 |
Django -- multiple vulnerabilities |
gitea -- multiple issues |
gitea -- multiple issues |
Unbound -- Multiple vulnerabilities |
2022-08-03 |
chromium -- multiple vulnerabilities |
2022-08-02 |
go -- decoding big.Float and big.Rat can panic |
2022-07-30 |
Gitlab -- multiple vulnerabilities |
2022-07-21 |
MySQL -- Multiple vulnerabilities |
VirtualBox -- Multiple vulnerabilities |
2022-07-20 |
chromium -- multiple vulnerabilities |
2022-07-18 |
redis -- Potential remote code execution vulnerability |
2022-07-15 |
Grafana -- OAuth Account Takeover |
Grafana -- Stored XSS |
2022-07-13 |
go -- multiple vulnerabilities |
2022-07-12 |
git -- privilege escalation |
2022-07-10 |
mat2 -- directory traversal/arbitrary file read during ZIP file processing |
2022-07-09 |
Gitlab -- multiple vulnerabilities |
2022-07-08 |
Node.js -- July 7th 2022 Security Releases |
2022-07-07 |
chromium -- multiple vulnerabilities |
2022-07-05 |
OpenSSL -- AES OCB fails to encrypt some bytes |
2022-07-04 |
Django -- multiple vulnerabilities |
2022-07-03 |
mediawiki -- multiple vulnerabilities |
OpenSSL -- Heap memory corruption with RSA private key operation |
2022-06-29 |
py-matrix-synapse -- unbounded recursion in urlpreview |
2022-06-27 |
cURL -- Multiple vulnerabilities |
2022-06-22 |
chromium -- multiple vulnerabilities |
jenkins -- multiple vulnerabilities |
OpenSSL -- Command injection vulnerability |
2022-06-20 |
mitmproxy -- Insufficient Protection against HTTP Request Smuggling |
2022-06-17 |
Tor - Unspecified high severity vulnerability |
2022-06-11 |
py-numpy -- Missing return-value validation of the function PyArray_DescrNew |
Security Vulnerability found in ExifTool leading to RCE |
XFCE -- Allows executing malicious .desktop files pointing to remote code |
2022-06-09 |
Apache httpd -- Multiple vulnerabilities |
chromium -- multiple vulnerabilities |
2022-06-07 |
go -- multiple vulnerabilities |
2022-06-05 |
e2fsprogs -- out-of-bounds read/write vulnerability |
2022-06-04 |
Gitlab -- multiple vulnerabilities |
2022-06-03 |
zeek -- potential DoS vulnerabilty |
2022-05-24 |
chromium -- multiple vulnerabilities |
2022-05-23 |
MariaDB -- Multiple vulnerabilities |
2022-05-19 |
clamav -- Multiple vulnerabilities |
2022-05-15 |
go -- syscall.Faccessat checks wrong group on Linux |
2022-05-13 |
curl -- Multiple vulnerabilities |
2022-05-11 |
PostgreSQL Server -- execute arbitrary SQL code as DBA user |
2022-05-10 |
chromium -- multiple vulnerabilities |
2022-05-06 |
rsyslog8 -- heap buffer overflow on receiving TCP syslog |
2022-05-05 |
gitea -- Escape git fetch remote |
gogs -- XSS in issue attachments |
2022-05-04 |
OpenSSL -- Multiple vulnerabilities |
2022-05-03 |
rainloop -- cross-site-scripting (XSS) vulnerability |
2022-05-02 |
go -- multiple vulnerabilities |
2022-04-30 |
Rails -- XSS vulnerabilities |
2022-04-29 |
hiredis -- integer/buffer overflow |
2022-04-28 |
chromium -- multiple vulnerabilities |
cURL -- Multiple vulnerabilities |
2022-04-27 |
redis -- Multiple vulnerabilities |
2022-04-26 |
eb -- Potential buffer overrun vulnerability |
2022-04-21 |
zeek -- potential DoS vulnerabilty |
2022-04-19 |
zgrep -- arbitrary file write |
2022-04-17 |
Nextcloud Calendar -- SMTP Command Injection |
2022-04-16 |
MySQL -- Multiple vulnerabilities |
2022-04-15 |
chromium -- multiple vulnerabilities |
2022-04-14 |
Asterisk -- func_odbc: Possible SQL Injection |
Asterisk -- multiple vulnerabilities |
2022-04-13 |
Composer -- Command injection vulnerability |
Ruby -- Buffer overrun in String-to-Float conversion |
Ruby -- Double free in Regexp compilation |
Subversion -- Multiple vulnerabilities in server code |
2022-04-12 |
Chromium -- mulitple vulnerabilities |
Django -- multiple vulnerabilities |
mutt -- mutt_decode_uuencoded() can read past the of the input line |
2022-04-07 |
FreeBSD -- 802.11 heap buffer overflow |
FreeBSD -- Bhyve e82545 device emulation out-of-bounds write |
FreeBSD -- mpr/mps/mpt driver ioctl heap out-of-bounds write |
FreeBSD -- Potential jail escape vulnerabilities in netmap |
FreeBSD -- zlib compression out-of-bounds write |
2022-04-05 |
chromium -- Type confusion in V8 |
2022-04-04 |
Gitlab -- multiple vulnerabilities |
mediawiki -- multiple vulnerabilities |
2022-04-03 |
dnsmasq -- heap use-after-free in dhcp6_no_relay |
2022-03-29 |
chromium -- multiple vulnerabilities |
gitea -- Improper/incorrect authorization |
gitea -- Open Redirect on login |
2022-03-27 |
powerdns -- denial of service |
powerdns-recursor -- denial of service |
2022-03-25 |
chromium -- V8 type confusion |
Security Vulnerability found in ExifTool |
2022-03-22 |
tcpslice -- heap-based use-after-free in extract_slice() |
2022-03-19 |
go -- multiple vulnerabilities |
2022-03-17 |
openvpn -- Potential authentication by-pass with multiple deferred authentication plug-ins |
2022-03-16 |
FreeBSD-kernel -- Multiple WiFi issues |
OpenSSL -- Infinite loop in BN_mod_sqrt parsing certificates |
Weechat -- Possible man-in-the-middle attack in TLS connection to servers |
wordpress -- multiple issues |
2022-03-15 |
Apache httpd -- Multiple vulnerabilities |
chromium -- multiple vulnerabilities |
2022-03-10 |
Teeworlds -- Buffer Overflow |
2022-03-09 |
Gitlab -- multiple vulnerabilities |
2022-03-05 |
asterisk -- multiple vulnerabilities |
2022-03-02 |
chromium -- multiple vulnerabilities |
2022-02-28 |
cyrus-sasl -- Fix off by one error |
2022-02-27 |
typo3 -- XSS vulnerability in svg-sanitize |
2022-02-24 |
cryptopp -- ElGamal implementation allows plaintext recovery |
flac -- fix encoder bug |
2022-02-23 |
cyrus-sasl -- Escape password for SQL insert/update commands |
2022-02-22 |
The Update Framwork -- path traversal vulnerability |
2022-02-21 |
Qt5 -- QProcess unexpected search path |
seatd-launch -- remove files with escalated privileges with SUID |
2022-02-20 |
libmysoft -- Heap-based buffer overflow vulnerability |
2022-02-18 |
go -- multiple vulnerabilities |
MariaDB -- Multiple vulnerabilities |
2022-02-15 |
chromium -- multiple vulnerabilities |
2022-02-13 |
py-twisted -- cookie and authorization headers are leaked when following cross-origin redirects |
2022-02-12 |
Grafana -- CSRF |
Grafana -- Teams API IDOR |
Grafana -- XSS |
Node.js -- January 2022 Security Releases |
zsh -- Arbitrary command execution vulnerability |
2022-02-10 |
jenkins -- DoS vulnerability in bundled XStream library |
MariaDB -- Multiple vulnerabilities |
2022-02-08 |
xrdp -- privilege escalation |
2022-02-04 |
Gitlab -- multiple vulnerabilities |
2022-02-02 |
chromium -- multiple vulnerabilities |
FreeBSD -- vt console buffer overflow |
h2o -- uninitialised memory access in HTTP3 |
2022-02-01 |
samba -- Multiple Vulnerabilities |
2022-01-31 |
Rust -- Race condition enabling symlink following |
2022-01-29 |
varnish -- Request Smuggling Vulnerability |
2022-01-28 |
OpenEXR -- Heap-buffer-overflow in Imf_3_1::LineCompositeTask::execute |
OpenSSL -- BN_mod_exp incorrect results on MIPS |
2022-01-27 |
mustache - Possible Remote Code Execution |
2022-01-26 |
polkit -- Local Privilege Escalation |
2022-01-25 |
strongswan - denial-of-service vulnerability in the gmp plugin/denial-of-service vulnerability in the in-memory certificate cache |
strongswan - Incorrect Handling of Early EAP-Success Messages |
2022-01-23 |
aide -- heap-based buffer overflow |
2022-01-20 |
chromium -- multiple vulnerabilities |
2022-01-19 |
MySQL -- Multiple vulnerabilities |
2022-01-14 |
Prosody XMPP server advisory 2022-01-13 |
2022-01-13 |
WordPress -- Multiple Vulnerabilities |
2022-01-12 |
clamav -- invalid pointer read that may cause a crash |
Gitlab -- Multiple Vulnerabilities |
jenkins -- multiple vulnerabilities |
2022-01-09 |
uriparser -- Multiple vulnerabilities |
2022-01-06 |
Django -- multiple vulnerabilities |
2022-01-05 |
chromium -- multiple vulnerabilities |
routinator -- multiple vulnerabilities |
2021-12-31 |
Roundcube -- XSS vulnerability |
2021-12-30 |
Mbed TLS -- Potential double-free after an out of memory error |
OpenDMARC - Multiple vulnerabilities |
OpenDMARC - Remote denial of service |
2021-12-29 |
minio -- User privilege escalation |
2021-12-27 |
OpenSearch -- Log4Shell |
OpenSearch -- Log4Shell |
2021-12-21 |
mediawiki -- multiple vulnerabilities |
opengrok -- Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise OpenGrok. |
2021-12-20 |
Apache httpd -- Multiple vulnerabilities |
2021-12-17 |
graylog -- remote code execution in log4j from user-controlled log input |
2021-12-15 |
Privoxy -- Multiple vulnerabilities (memory leak, XSS) |
serviio -- affected by log4j vulnerability |
2021-12-14 |
bastillion -- log4j vulnerability |
chromium -- multiple vulnerabilities |
OpenSSL -- Certificate validation issue |
2021-12-13 |
Matrix clients -- several vulnerabilities |
openhab -- log4j remote code injection |
OpenSearch -- Log4Shell |
Solr -- Apache Log4J |
2021-12-12 |
Grafana -- Directory Traversal |
Grafana -- Directory Traversal |
2021-12-11 |
Grafana -- Incorrect Access Control |
Grafana -- Path Traversal |
Grafana -- XSS |
graylog -- include log4j patches |
p7zip -- usage of uninitialized memory |
2021-12-09 |
go -- multiple vulnerabilities |
2021-12-07 |
chromium -- multiple vulnerabilities |
Gitlab -- Multiple Vulnerabilities |
2021-12-02 |
NSS -- Memory corruption |
2021-12-01 |
mailman < 2.1.38 -- CSRF vulnerability of list mod or member against list admin page |
2021-11-24 |
rubygem-cgi -- buffer overrun in CGI.escape_html |
rubygem-cgi -- cookie prefix spoofing in CGI::Cookie.parse |
2021-11-23 |
py-matrix-synapse -- several vulnerabilities |
2021-11-19 |
advancecomp -- multiple vulnerabilities |
2021-11-16 |
chromium -- multiple vulnerabilities |
2021-11-15 |
Roundcube -- Multiple vulnerabilities |
rubygem-date -- Regular Expression Denial of Service Vunlerability of Date Parsing Methods |
2021-11-13 |
mailman -- 2.1.37 fixes XSS via user options, and moderator offline brute-force vuln against list admin password |
2021-11-10 |
PostgreSQL -- Possible man-in-the-middle attacks |
puppet -- Silent Configuration Failure |
puppet -- Unsafe HTTP Redirect |
samba -- Multiple Vulnerabilities |
2021-11-05 |
go -- multiple vulnerabilities |
pyrad -- multiple vulnerabilities |
2021-11-04 |
gitea -- multiple vulnerabilities |
jenkins -- multiple vulnerabilities |
2021-10-30 |
Gitlab -- Multiple Vulnerabilities |
2021-10-29 |
chromium -- multiple vulnerabilities |
2021-10-28 |
fail2ban -- possible RCE vulnerability in mailing action using mailutils |
2021-10-23 |
minio -- policy restriction issue |
2021-10-20 |
mailman -- brute-force vuln on list admin password, and CSRF vuln in releases before 2.1.35 |
2021-10-19 |
chromium -- multiple vulnerabilities |
2021-10-17 |
MySQL -- Multiple vulnerabilities |
2021-10-14 |
Node.js -- October 2021 Security Releases |
2021-10-12 |
couchdb -- user privilege escalation |
OpenSSH -- OpenSSH 6.2 through 8.7 failed to correctly initialise supplemental groups when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand |
2021-10-11 |
Ansible -- Ansible user credentials disclosure in ansible-connection module |
2021-10-09 |
Apache OpenOffice -- multiple vulnerabilities. |
go -- misc/wasm, cmd/link: do not let command line arguments overwrite global data |
2021-10-08 |
chromium -- multiple vulnerabilities |
2021-10-07 |
Apache httpd -- Path Traversal and Remote Code Execution |
jenkins -- Jenkins core bundles vulnerable version of the commons-httpclient library |
2021-10-06 |
Grafana -- Snapshot authentication bypass |
2021-10-05 |
Apache httpd -- Multiple vulnerabilities |
Bacula-Web -- Multiple Vulnerabilities |
redis -- multiple vulnerabilities |
2021-10-01 |
mediawiki -- multiple vulnerabilities |
2021-09-30 |
chromium -- multiple vulnerabilities |
Gitlab -- vulnerabilities |
ha -- Directory traversals |
2021-09-29 |
nexus2-oss -- Apache ActiveMQ JMX vulnerability |
nexus2-oss -- NXRM2 Directory Traversal vulnerability |
2021-09-24 |
chromium -- use after free in Portals |
webkit2-gtk3 -- multiple vulnerabilities |
2021-09-22 |
mod_auth_mellon -- Redirect URL validation bypass |
zeek -- several vulnerabilities |
2021-09-21 |
chromium -- multiple vulnerabilities |
libssh -- possible heap-buffer overflow vulnerability |
Node.js -- August 2021 Security Releases |
Node.js -- August 2021 Security Releases (2) |
Node.js -- July 2021 Security Releases |
Node.js -- July 2021 Security Releases (2) |
2021-09-17 |
Apache httpd -- multiple vulnerabilities |
cURL -- Multiple vulnerabilities |
2021-09-16 |
seatd-launch -- privilege escalation with SUID |
2021-09-14 |
chromium -- multiple vulnerabilities |
2021-09-13 |
Matrix clients -- several vulnerabilities |
2021-09-11 |
consul -- rpc: authorize raft requests |
2021-09-10 |
go -- archive/zip: overflow in preallocation check can cause OOM panic |
2021-09-09 |
MPD5 PPPoE Server remotely exploitable crash |
Python -- multiple vulnerabilities |
2021-09-07 |
libpano13 -- arbitrary memory access through format string vulnerability |
Python -- multiple vulnerabilities |
2021-09-05 |
WeeChat -- Crash when decoding a malformed websocket frame in relay plugin. |
2021-09-03 |
Pillow -- Regular Expression Denial of Service (ReDoS) |
2021-09-02 |
py-matrix-synapse -- several vulnerabilities |
Python -- multiple vulnerabilities |
2021-09-01 |
chromium -- multiple vulnerabilities |
cyrus-imapd -- multiple-minute daemon hang via input that is mishandled during hash-table interaction |
2021-08-31 |
Gitlab -- Vulnerabilities |
2021-08-26 |
fetchmail -- STARTTLS bypass vulnerabilities |
2021-08-25 |
FreeBSD -- libfetch out of bounds read |
FreeBSD -- Missing error handling in bhyve(8) device models |
FreeBSD -- Remote code execution in ggatec(8) |
2021-08-24 |
OpenSSL -- multiple vulnerabilities |
2021-08-22 |
gitea -- multiple vulnerabilities |
2021-08-20 |
bouncycastle15 -- bcrypt password checking vulnerability |
gitea -- multiple vulnerabilities |
The Bouncy Castle Crypto APIs -- EC math vulnerability |
2021-08-17 |
chromium -- multiple vulnerabilities |
2021-08-14 |
lynx -- SSL certificate validation error |
2021-08-13 |
binutils -- excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section() |
2021-08-12 |
PostgreSQL server -- Memory disclosure in certain queries |
2021-08-09 |
x11/cde -- Local privilege escalation via CDE dtsession |
xtrlock -- xtrlock does not block multitouch events |
2021-08-05 |
go -- net/http: panic due to racy read of persistConn after handler panic |
2021-08-04 |
Gitlab -- Gitlab |
2021-08-03 |
chromium -- multiple vulnerabilities |
Prosody -- Remote Information Disclosure |
2021-08-01 |
tomcat -- HTTP request smuggling in multiple versions |
tomcat -- JNDI Realm Authentication Weakness in multiple versions |
tomcat -- Remote Denial of Service in multiple versions |
2021-07-28 |
fetchmail -- 6.4.19 and older denial of service or information disclosure |
2021-07-27 |
powerdns -- remotely triggered crash |
redis -- Integer overflow issues with BITFIELD command on 32-bit systems |
2021-07-24 |
mosquitto -- NULL pointer dereference |
2021-07-23 |
asterisk -- pjproject/pjsip: crash when SSL socket destroyed during handshake |
asterisk -- Remote Crash Vulnerability in PJSIP channel driver |
asterisk -- Remote crash when using IAX2 channel driver |
pjsip -- Race condition in SSL socket server |
2021-07-21 |
chromium -- multiple vulnerabilities |
cURL -- Multiple vulnerabilities |
2021-07-20 |
MySQL -- Multiple vulnerabilities |
2021-07-18 |
gitea -- multiple vulnerabilities |
2021-07-16 |
chromium -- multiple vulnerabilities |
2021-07-14 |
Ruby -- multiple vulnerabilities |
2021-07-12 |
go -- crypto/tls: clients can panic when provided a certificate of the wrong type for the negotiated parameters |
2021-07-09 |
mantis -- multiple vulnerabilities |
2021-07-08 |
Gitlab -- vulnerability |
2021-07-02 |
Gitlab -- Multiple Vulnerabilities |
openexr v3.0.5 -- fixes miscellaneous security issues |
2021-07-01 |
jenkins -- multiple vulnerabilities |
2021-06-30 |
Exiv2 -- Multiple vulnerabilities |
2021-06-28 |
RabbitMQ -- Denial of Service via improper input validation |
2021-06-25 |
PuppetDB -- SQL Injection |
RabbitMQ-C -- integer overflow leads to heap corruption |
2021-06-24 |
Ansible -- Templating engine bug |
2021-06-22 |
dovecot -- multiple vulnerabilities |
dovecot-pigeonhole -- Sieve excessive resource usage |
2021-06-19 |
gitea -- multiple vulnerabilities |
2021-06-18 |
chromium -- multiple vulnerabilities |
2021-06-11 |
dragonfly -- argument injection |
2021-06-10 |
Apache httpd -- Multiple vulnerabilities |
cacti -- SQL Injection was possible due to incorrect validation order |
chromium -- multiple vulnerabilities |
2021-06-08 |
dino -- Path traversal in Dino file transfers |
2021-06-06 |
drupal7 -- fix possible CSS |
pglogical -- shell command injection in pglogical.create_subscription() |
2021-06-04 |
polkit -- local privilege escalation using polkit_system_bus_name_get_creds_sync |
tauthon -- Regular Expression Denial of Service |
2021-06-03 |
aiohttp -- open redirect vulnerability |
go -- multiple vulnerabilities |
2021-06-02 |
isc-dhcp -- remotely exploitable vulnerability |
PyYAML -- arbitrary code execution |
SOGo -- SAML user authentication impersonation |
zeek -- several potential DoS vulnerabilities |
2021-06-01 |
Gitlab -- Multiple Vulnerabilities |
lasso -- signature checking failure |
libX11 -- Arbitrary code execution |
Prometheus -- arbitrary redirects |
redis -- integer overflow |
2021-05-31 |
wayland -- integer overflow |
2021-05-27 |
FreeBSD -- Missing message validation in libradius(3) |
FreeBSD-kernel -- SMAP bypass |
2021-05-26 |
chromium -- multiple vulnerabilities |
2021-05-25 |
libzmq4 -- Denial of Service |
libzmq4 -- Stack overflow |
NGINX -- 1-byte memory overwrite in resolver |
2021-05-24 |
PG Partition Manager -- arbitrary code execution |
texproc/expat2 -- billion laugh attack |
2021-05-23 |
libxml2 -- Possible denial of service |
2021-05-14 |
PostgreSQL -- Memory disclosure in partitioned-table UPDATE ... RETURNING |
PostgreSQL server -- two security issues |
2021-05-13 |
ImageMagick6 -- multiple vulnerabilities |
ImageMagick7 -- multiple vulnerabilities |
Prosody -- multiple vulnerabilities |
2021-05-12 |
Pillow -- multiple vulnerabilities |
2021-05-11 |
chromium -- multiple vulnerabilities |
py-matrix-synapse -- malicious push rules may be used for a denial of service attack. |
2021-05-10 |
cyrus-imapd -- Remote authenticated users could bypass intended access restrictions on certain server annotations. |
RabbitMQ -- Denial of Service in AMQP1.0 plugin |
2021-05-08 |
FLAC -- out-of-bounds read |
2021-05-07 |
Rails -- multiple vulnerabilities |
2021-05-06 |
go -- net/http: ReadRequest can stack overflow due to recursion with very large headers |
2021-05-05 |
Ansible -- Insecure Temporary File |
Django -- multiple vulnerabilities |
Python -- multiple vulnerabilities |
2021-05-03 |
redis -- multiple vulnerabilities |
2021-05-02 |
RDoc -- command injection vulnerability |
2021-05-01 |
samba -- negative idmap cache entries vulnerability |
2021-04-28 |
Carrierwave -- Multiple vulnerabilities |
Gitlab -- Vulnerabilities |
2021-04-27 |
chromium -- multiple vulnerabilities |
sympa -- Inappropriate use of the cookie parameter can be a security threat. This parameter may also not provide sufficient security. |
2021-04-26 |
sbibboleth-sp -- denial of service vulnerability |
2021-04-21 |
chromium -- multiple vulnerabilities |
openvpn -- deferred authentication can be bypassed in specific circumstances |
zeek -- null-pointer dereference vulnerability |
2021-04-20 |
All versions of Apache OpenOffice through 4.1.9 can open non-http(s) hyperlinks. If the link is specifically crafted this could lead to untrusted code execution. |
jenkins -- Denial of service vulnerability in bundled Jetty |
MySQL -- Multiple vulnerabilities |
2021-04-19 |
Apache Maven -- multiple vulnerabilities |
2021-04-17 |
Consul -- Multiple vulnerabilities |
2021-04-15 |
AccountsService -- Insufficient path check in user_change_icon_file_authorized_cb() |
chromium -- multiple vulnerabilities |
Gitlab -- Vulnerabilities |
mdbook -- XSS in mdBook's search page |
2021-04-14 |
chromium -- multiple vulnerabilities |
2021-04-13 |
xorg-server -- Input validation failures in X server XInput extension |
2021-04-12 |
syncthing -- crash due to malformed relay protocol message |
2021-04-11 |
gitea -- multiple vulnerabilities |
2021-04-10 |
curl -- Automatic referer leaks credentials |
curl -- TLS 1.3 session ticket proxy host mixup |
python -- Information disclosure via pydoc -p: /getfile?key=path allows to read arbitrary file on the filesystem |
2021-04-09 |
gitea -- multiple vulnerabilities |
2021-04-08 |
jenkins -- multiple vulnerabilities |
2021-04-07 |
clamav -- Multiple vulnerabilites |
FreeBSD -- double free in accept_filter(9) socket configuration interface |
FreeBSD -- jail escape possible by mounting over jail root |
FreeBSD -- Memory disclosure by stale virtual memory mapping |
Node.js -- April 2021 Security Releases |
2021-04-06 |
Gitlab -- Multiple vulnerabilities |
upnp -- stack overflow vulnerability |
2021-04-05 |
ruby -- XML round-trip vulnerability in REXML |
2021-03-31 |
chromium -- multiple vulnerabilities |
2021-03-30 |
ircII -- denial of service |
2021-03-28 |
samba -- Multiple Vulnerabilities |
2021-03-27 |
nettle 3.7.2 -- fix serious ECDSA signature verify bug |
2021-03-26 |
OpenSSL -- Multiple vulnerabilities |
2021-03-24 |
spamassassin -- Malicious rule configuration (.cf) files can be configured to run system commands |
2021-03-23 |
gitea -- multiple vulnerabilities |
2021-03-21 |
gitea -- quoting in markdown text |
2021-03-18 |
dnsmasq -- cache poisoning vulnerability in certain configurations |
Gitlab -- Multiple vulnerabilities |
2021-03-17 |
minio -- MITM attack |
2021-03-16 |
chromium -- multiple vulnerabilities |
LibreSSL -- use-after-free |
2021-03-15 |
squashfs-tools -- Integer overflow |
2021-03-13 |
OpenSSH -- Double-free memory corruption in ssh-agent |
2021-03-10 |
go -- encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader; archive/zip: panic when calling Reader.Open |
mantis -- multiple vulnerabilities |
2021-03-09 |
Node.js -- February 2021 Security Releases |
2021-03-05 |
Gitlab -- Multiple vulnerabilities |
2021-03-04 |
asterisk -- Crash when negotiating T.38 with a zero port |
chromium -- multiple vulnerabilities |
2021-03-03 |
jasper -- multiple vulnerabilities |
salt -- multiple vulnerabilities |
2021-02-27 |
vault -- unauthenticated license read |
2021-02-25 |
FreeBSD -- jail_attach(2) relies on the caller to change the cwd |
FreeBSD -- jail_remove(2) fails to kill all jailed processes |
FreeBSD -- login.access fails to apply rules |
FreeBSD -- Xen grant mapping error handling issues |
2021-02-23 |
redis -- Integer overflow on 32-bit systems |
2021-02-22 |
zeek -- Remote crash vulnerability |
2021-02-20 |
jenkins -- Privilege escalation vulnerability in bundled Spring Security library |
raptor2 -- malformed input file can lead to a segfault |
2021-02-18 |
asterisk -- An unsuspecting user could crash Asterisk with multiple hold/unhold requests |
asterisk -- Remote attacker could prematurely tear down SRTP calls |
asterisk -- Remote crash in res_pjsip_diversion |
asterisk -- Remote crash possible when negotiating T.38 |
asterisk -- Remote Crash Vulnerability in PJSIP channel driver |
2021-02-17 |
chromium -- multiple vulnerabilities |
Rails -- multiple vulnerabilities |
2021-02-16 |
OpenSSL -- Multiple vulnerabilities |
2021-02-12 |
Gitlab -- Multiple Vulnerabilities |
oauth2-proxy -- domain whitelist could be used as redirect |
openexr, ilmbase -- security fixes related to reading corrupted input files |
2021-02-10 |
mod_dav_svn -- server crash |
2021-02-06 |
gitea -- multiple vulnerabilities |
gitea -- multiple vulnerabilities |
sympa -- Unauthorised full access via SOAP API due to illegal cookie |
2021-02-05 |
chromium -- heap buffer overflow in V8 |
2021-02-03 |
www/chromium -- multiple vulnerabilities |
2021-02-02 |
Gitlab -- Multiple vulnerabilities |
2021-01-31 |
minio -- Server Side Request Forgery |
2021-01-29 |
FreeBSD -- Uninitialized kernel stack leaks in several file systems |
FreeBSD -- Xen guests can triger backend Out Of Memory |
2021-01-28 |
pngcheck -- Buffer-overrun vulnerability |
2021-01-26 |
jenkins -- Arbitrary file read vulnerability in workspace browsers |
pysaml2 -- multiple vulnerabilities |
sudo -- Multiple vulnerabilities |
2021-01-23 |
mutt -- denial of service |
MySQL -- Multiple vulnerabilities |
2021-01-22 |
chocolate-doom -- Arbitrary code execution |
chromium -- multiple vulnerabilities |
nokogiri -- Security vulnerability |
2021-01-20 |
dnsmasq -- DNS cache poisoning, and DNSSEC buffer overflow, vulnerabilities |
2021-01-19 |
cloud-init -- Wrong access permissions of authorized keys |
go -- cmd/go: packages using cgo can cause arbitrary code execution at build time; crypto/elliptic: incorrect operations on the P-224 curve |
2021-01-18 |
moinmoin -- multiple vulnerabilities |
2021-01-17 |
Ghostscript -- SAFER Sandbox Breakout |
2021-01-14 |
Gitlab -- vulnerability |
Node.js -- January 2021 Security Releases |
wavpack -- integer overflow in pack_utils.c |
2021-01-13 |
jenkins -- multiple vulnerabilities |
2021-01-12 |
phpmyfaq -- XSS vulnerability |
2021-01-11 |
sudo -- Potential information leak in sudoedit |
2021-01-10 |
CairoSVG -- Regular Expression Denial of Service vulnerability |
2021-01-09 |
Gitlab -- multiple vulnerabilities |
2021-01-07 |
chromium -- multiple vulnerabilities |
2021-01-04 |
mail/dovecot -- multiple vulnerabilities |
2021-01-01 |
InspIRCd websocket module double free vulnerability |
2020-12-31 |
gitea -- multiple vulnerabilities |
2020-12-28 |
Intel CPU issues |
2020-12-22 |
asterisk -- Remote crash in res_pjsip_diversion |
2020-12-21 |
postsrsd -- Denial of service vulnerability |
powerdns -- Various issues in GSS-TSIG support |
2020-12-17 |
vault -- User Enumeration via LDAP auth |
2020-12-13 |
jasper -- heap overflow vulnerability |
py-matrix-synapse -- DoS on Federation API |
2020-12-12 |
p11-kit -- Multiple vulnerabilities |
Unbound/NSD -- Denial of service vulnerability |
2020-12-11 |
LibreSSL -- NULL pointer dereference |
2020-12-09 |
cURL -- Multiple vulnerabilities |
2020-12-08 |
OpenSSL -- NULL pointer de-reference |
2020-12-07 |
Gitlab -- Multiple vulnerabilities |
2020-12-06 |
consul -- Fix Consul Connect CA private key configuration |
2020-12-05 |
chromium -- multiple vulnerabilities |
2020-12-04 |
gitea -- multiple vulnerabilities |
2020-12-02 |
FreeBSD -- ICMPv6 use-after-free in error message handling |
FreeBSD -- Multiple vulnerabilities in rtsold |
2020-12-01 |
xorg-server -- Multiple input validation failures in X server XKB extension |
2020-11-27 |
nomad -- multiple vulnerabilities |
2020-11-21 |
gitea -- multiple vulnerabilities |
Node.js -- November 2020 Security Releases |
2020-11-20 |
mutt -- authentication credentials being sent over an unencrypted connection |
2020-11-14 |
mantis -- multiple vulnerabilities |
2020-11-12 |
go -- math/big: panic during recursive division of very large numbers; cmd/go: arbitrary code execution at build time through cgo |
salt -- multiple vulnerabilities |
2020-11-10 |
Apache OpenOffice -- Unrestricted actions leads to arbitrary code execution in crafted documents |
2020-11-09 |
raptor2 -- buffer overflow |
2020-11-08 |
jupyter notebook -- open redirect vulnerability |
2020-11-05 |
asterisk -- Outbound INVITE loop on challenge with different nonce |
asterisk -- Remote crash in res_pjsip_session |
2020-11-03 |
chromium -- multiple vulnerabilities |
2020-11-02 |
Gitlab -- Multiple vulnerabilities |
wordpress -- multiple issues |
2020-10-30 |
samba -- Multiple Vulnerabilities |
tmux -- stack overflow in CSI parsing |
2020-10-28 |
motion -- Denial of Service |
2020-10-22 |
freetype2 -- heap buffer overlfow |
glpi -- Insecure Direct Object Reference on ajax/comments.ph |
glpi -- Insecure Direct Object Reference on ajax/getDropdownValue.php |
2020-10-21 |
chromium -- multiple vulnerabilities |
MySQL -- Multiple vulnerabilities |
2020-10-18 |
MariaDB -- Undisclosed vulnerability |
2020-10-17 |
drupal -- Multiple Vulnerabilities |
py-matrix-synapse -- XSS vulnerability |
2020-10-14 |
powerdns-recursor -- cache pollution |
2020-10-13 |
Flash Player -- arbitrary code execution |
2020-10-10 |
libjpeg-turbo -- Issue in the PPM reader causing a buffer overrun in cjpeg, TJBench, or the tjLoadImage() function. |
mozjpeg -- heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file |
Rails -- Possible XSS vulnerability |
2020-10-07 |
chromium -- multiple vulnerabilities |
zeek -- Vulnerability due to memory leak |
2020-10-06 |
Payara -- A Polymorphic Typing issue in FasterXML jackson-databind |
payara -- multiple vulnerabilities |
Payara -- path trasversal flaw via either loc/con parameters in Eclipse Mojarra |
2020-10-05 |
libexif -- multiple vulnerabilities |
2020-10-04 |
kdeconnect -- packet manipulation can be exploited in a Denial of Service attack |
2020-10-03 |
upnp -- denial of service (crash) |
2020-10-02 |
Gitlab -- multiple vulnerabilities |
2020-10-01 |
glpi -- Any CalDAV calendars is read-only for every authenticated user |
2020-09-28 |
Apache Ant leaks sensitive information via the java.io.tmpdir |
2020-09-24 |
powerdns -- Leaking uninitialised memory through crafted zone records |
2020-09-22 |
chromium -- multiple vulnerabilities |
libxml -- multiple vulnerabilities |
2020-09-21 |
py-matrix-synapse -- malformed events may prevent users from joining federated rooms |
2020-09-20 |
Python -- multiple vulnerabilities |
samba -- Unauthenticated domain takeover via netlogon |
tt-rss -- multiple vulnerabilities |
2020-09-19 |
Nextcloud -- Password share by mail not hashed |
2020-09-16 |
FreeBSD -- bhyve privilege escalation via VMCS access |
FreeBSD -- bhyve SVM guest escape |
FreeBSD -- ftpd privilege escalation via ftpchroot feature |
FreeBSD -- ure device driver susceptible to packet-in-packet attack |
Node.js -- September 2020 Security Releases |
2020-09-12 |
Rails -- Potential XSS vulnerability |
2020-09-09 |
chromium -- multiple vulnerabilities |
zeek -- Various vulnerabilities |
2020-09-06 |
GnuTLS -- null pointer dereference |
Mbed TLS -- Local side channel attack on classical CBC decryption in (D)TLS |
Mbed TLS -- Local side channel attack on RSA and static Diffie-Hellman |
Multi-link PPP protocol daemon MPD5 remotely exploitable crash |
2020-09-05 |
Django -- multiple vulnerabilities |
2020-09-03 |
gnupg -- AEAD key import overflow |
2020-09-02 |
FreeBSD -- dhclient heap overflow |
FreeBSD -- IPv6 Hop-by-Hop options use-after-free bug |
FreeBSD -- SCTP socket use-after-free bug |
Gitlab -- multiple vulnerabilities |
2020-09-01 |
go -- net/http/cgi, net/http/fcgi: Cross-Site Scripting (XSS) when Content-Type is not specified |
2020-08-28 |
ark -- extraction outside of extraction directory |
2020-08-27 |
php72 -- use of freed hash key |
2020-08-26 |
chromium -- multiple vulnerabilities |
2020-08-25 |
jasper -- multiple vulnerabilities |
libX11 -- Doublefree in locale handlng code |
xorg-server -- Multiple input validation failures in X server extensions |
2020-08-22 |
chrony <= 3.5.1 data corruption through symlink vulnerability writing the pidfile |
2020-08-20 |
adns -- multiple vulnerabilities |
sysutils/openzfs-kmod -- critical permissions issues |
textproc/elasticsearch6 -- field disclosure flaw |
2020-08-19 |
curl -- expired pointer dereference vulnerability |
Icinga Web 2 -- directory traversal vulnerability |
Python -- multiple vulnerabilities |
2020-08-18 |
chromium -- heap buffer overflow |
security/trousers -- several vulnerabilities |
2020-08-17 |
jenkins -- Buffer corruption in bundled Jetty |
2020-08-16 |
ceph14 -- HTTP header injection via CORS ExposeHeader tag |
net/rsync -- multiple zlib issues |
security/py-ecdsa -- multiple issues |
2020-08-15 |
snmptt -- malicious shell code |
2020-08-13 |
ilmbase, openexr -- v2.5.3 is a patch release with various bug/security fixes |
mail/dovecot -- multiple vulnerabilities |
2020-08-12 |
jenkins -- multiple vulnerabilities |
2020-08-11 |
chromium -- multiple vulnerabilities |
puppetdb -- Multiple vulnerabilities |
2020-08-10 |
bftpd -- Multiple vulnerabilities |
2020-08-08 |
Apache httpd -- Multiple vulnerabilities |
2020-08-06 |
FreeBSD -- Potential memory corruption in USB network device drivers |
FreeBSD -- sendmsg(2) privilege escalation |
Gitlab -- Multiple Vulnerabilities |
go -- encoding/binary: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs |
2020-08-04 |
typo3 -- multiple vulnerabilities |
2020-08-01 |
libX11 -- Heap corruption in the X input method client in libX11 |
xorg-server -- Pixel Data Uninitialized Memory Information Disclosure |
2020-07-31 |
Python -- multiple vulnerabilities |
2020-07-30 |
ark -- directory traversal |
2020-07-28 |
chromium -- multiple vulnerabilities |
FreeRDP -- Integer overflow in RDPEGFX channel |
libsndfile -- out-of-bounds read memory access |
zeek -- Various vulnerabilities |
2020-07-27 |
Cacti -- multiple vulnerabilities |
2020-07-24 |
Wagtail -- XSS vulnerability |
2020-07-23 |
Apache Tomcat -- Multiple Vulnerabilities |
pango -- buffer overflow |
2020-07-20 |
Python -- multiple vulnerabilities |
2020-07-19 |
VirtualBox -- Multiple vulnerabilities |
2020-07-16 |
clamav -- multiple vulnerabilities |
OpenEXR/ilmbase 2.5.2 -- patch release with various bug/security fixes |
2020-07-15 |
chromium -- multiple vulnerabilities |
jenkins -- multiple vulnerabilities |
2020-07-11 |
MySQL -- Multiple vulnerabilities |
2020-07-10 |
FreeBSD -- IPv6 socket option race condition and use after free |
FreeBSD -- posix_spawnp(3) buffer overflow |
webkit2-gtk3 -- multible vulnerabilities |
2020-07-09 |
mybb -- multible vulnerabilities |
2020-07-08 |
kramdown -- template option vulnerability |
2020-07-07 |
Gitlab -- Multiple Vulnerabilities |
Mbed TLS -- Side-channel attack on ECC key import and validation |
2020-07-06 |
Python -- multiple vulnerabilities |
2020-07-04 |
Anydesk -- Multiple Vulnerabilities |
2020-07-03 |
dbus file descriptor leak |
py-matrix-synapse -- multiple vulnerabilities |
2020-07-02 |
coturn -- information leakage |
Gitlab -- Multiple Vulnerabilities |
powerdns-recursor -- access restriction bypass |
samba -- Multiple Vulnerabilities |
trafficserver -- resource consumption |
2020-07-01 |
drupal -- Multiple Vulnerabilities |
2020-06-30 |
xrdp -- Local users can perform a buffer overflow attack against the xrdp-sesman service and then inpersonate it |
2020-06-29 |
MongoDB -- Ensure RoleGraph can serialize authentication restrictions to BSON |
2020-06-28 |
libvorbis -- two vulnerabilities |
PuTTY -- Release 0.74 fixes two security vulnerabilities |
2020-06-25 |
glpi -- leakage issue with knowledge base |
glpi -- Multiple SQL Injections Stemming From isNameQuoted() |
glpi -- SQL injection for all usages of "Clone" feature |
glpi -- SQL Injection in Search API |
glpi -- Unauthenticated File Deletion |
glpi -- Unauthenticated Stored XSS |
2020-06-24 |
chromium -- multiple vulnerabilities |
CUPS -- memory corruption |
curl -- multiple vulnerabilities |
IMAP fcc/postpone machine-in-the-middle attack |
Machine-in-the-middle response injection attack when using STARTTLS with IMAP, POP3, and SMTP |
2020-06-22 |
Rails -- permission vulnerability |
2020-06-18 |
BIND -- Remote Denial of Service vulnerability |
BIND -- Remote Denial of Service vulnerability |
Several issues in Lynis |
2020-06-17 |
vlc heap-based buffer overflow |
2020-06-12 |
LibreOffice Security Advisory |
Node.js -- June 2020 Security Releases |
2020-06-11 |
tcpreplay -- Multiple vulnerabilities |
2020-06-10 |
libadplug -- Various vulnerabilities |
NPM -- Multiple vulnerabilities |
several security issues in sqlite3 |
zeek -- Various vulnerabilities |
znc -- Authenticated users can trigger an application crash |
2020-06-09 |
Flash Player -- arbitrary code execution |
FreeBSD -- USB HID descriptor parsing error |
2020-06-05 |
chromium -- multiple vulnerabilities |
2020-06-04 |
Django -- multiple vulnerabilities |
Gitlab -- Multiple Vulnerabilities |
GnuTLS -- flaw in TLS session ticket key construction |
2020-06-03 |
nghttp2 -- DoS vulnerability |
websocket-extensions -- ReDoS vulnerability |
2020-05-31 |
gitea -- multiple vulnerabilities |
2020-05-28 |
FreeRDP -- multiple vulnerabilities |
Gitlab -- Multiple Vulnerabilities |
kaminari -- potential XSS vulnerability |
Sane -- Multiple Vulnerabilities |
2020-05-26 |
powerdns-recursor -- multiple vulnerabilities |
sympa - Security flaws in setuid wrappers |
2020-05-24 |
chromium -- multiple vulnerabilities |
2020-05-23 |
piwigo -- Multible Vulnerabilities |
2020-05-22 |
Apache Tomcat Remote Code Execution via session persistence |
drupal -- Multiple Vulnerabilities |
sympa -- Denial of service caused by malformed CSRF token |
unbound -- mutliple vulnerabilities |
2020-05-20 |
Zabbix -- Remote code execution |
2020-05-19 |
Rails -- multiple vulnerabilities |
2020-05-18 |
Dovecot -- Multiple vulnerabilities |
2020-05-16 |
Rails -- remote code execution vulnerability |
salt -- multiple vulnerabilities in salt-master process |
2020-05-14 |
clamav -- multiple vulnerabilities |
json-c -- integer overflow and out-of-bounds write via a large JSON file |
2020-05-13 |
typo3 -- multiple vulnerabilities |
2020-05-12 |
FreeBSD -- Improper checking in SCTP-AUTH shared key update |
FreeBSD -- Insufficient cryptodev MAC key length check |
FreeBSD -- Insufficient packet length validation in libalias |
FreeBSD -- Memory disclosure vulnerability in libalias |
FreeBSD -- Use after free in cryptodev module |
2020-05-09 |
glpi -- stored XSS |
Python -- CRLF injection via the host part of the url passed to urlopen() |
qutebrowser -- Reloading page with certificate errors shows a green URL |
2020-05-07 |
mailman -- arbitrary content injection vulnerability via options or private archive login pages |
2020-05-06 |
zeek -- Various vulnerabilities |
2020-05-05 |
Wagtail -- potential timing attack vulnerability |
2020-05-04 |
cacti -- XSS exposure |
2020-05-03 |
taglib -- heap-based buffer over-read via a crafted audio file |
2020-05-01 |
Gitlab -- Multiple Vulnerabilities |
2020-04-29 |
samba -- multiple vulnerabilities |
vlc -- Multiple vulnerabilities fixed in VLC media player |
2020-04-28 |
nested filters leads to stack overflow |
2020-04-27 |
py-yaml -- FullLoader (still) exploitable for arbitrary command execution |
2020-04-26 |
py-bleach -- regular expression denial-of-service |
2020-04-23 |
MySQL Client -- Multiple vulerabilities |
MySQL Server -- Multiple vulerabilities |
Nextcloud -- multiple vulnerabilities |
Python -- Regular Expression DoS attack against client |
2020-04-22 |
malicious URLs can cause git to send a stored credential to wrong server |
malicious URLs may present credentials to wrong server |
Wagtail -- XSS vulnerability |
2020-04-21 |
FreeBSD -- ipfw invalid mbuf handling |
libntlm -- buffer overflow vulnerability |
OpenSSL remote denial of service vulnerability |
py-twisted -- multiple vulnerabilities |
2020-04-19 |
Client/server denial of service when handling AES-CTR ciphers |
2020-04-18 |
webkit2-gtk3 -- Denial of service |
2020-04-17 |
ansible - subversion password leak from PID |
ansible - Vault password leak from temporary file |
ansible - win_unzip path normalization |
drupal -- Drupal Core - Moderately critical - Third-party library |
2020-04-16 |
chromium -- use after free |
openvpn -- illegal client float can break VPN session for other users |
2020-04-15 |
Gitlab -- Multiple Vulnerabilities |
Mbed TLS -- Side channel attack on ECDSA |
2020-04-14 |
ceph14 -- multiple security issues |
zeek -- Remote crash vulnerability |
2020-04-12 |
chromium -- multiple vulnerabilities |
2020-04-07 |
Squid -- multiple vulnerabilities |
2020-04-02 |
Apache -- Multiple vulnerabilities |
cacti -- multiple vulnerabilities |
chromium -- multiple vulnerabilities |
HAproxy -- serious vulnerability affecting the HPACK decoder used for HTTP/2 |
2020-03-31 |
GnuTLS -- flaw in DTLS protocol implementation |
2020-03-30 |
glpi -- able to read any token through API user endpoint |
glpi -- bypass of the open redirect protection |
glpi -- Improve encryption algorithm |
glpi -- multiple related stored XSS vulnerabilities |
glpi -- Reflexive XSS in Dropdown menus |
glpi -- Remote Code Execution (RCE) via the backup functionality |
glpi -- SQL injection for all helpdesk instances |
glpi -- weak csrf tokens |
2020-03-29 |
PostgresSQL -- ALTER ... DEPENDS ON EXTENSION is missing authorization checks |
2020-03-27 |
mediawiki -- multiple vulnerabilities |
2020-03-26 |
Gitlab -- Multiple Vulnerabilities |
rubygem-json -- Unsafe Objection Creation Vulnerability in JSON (Additional fix) |
2020-03-25 |
jenkins -- multiple vulnerabilities |
phpMyAdmin -- SQL injection |
2020-03-23 |
puppet6 -- Arbitrary Catalog Retrieval |
puppetserver and puppetdb -- Puppet Server and PuppetDB may leak sensitive information via metrics API |
2020-03-19 |
FreeBSD -- Incorrect user-controlled pointer use in epair |
FreeBSD -- Insufficient ixl(4) ioctl(2) privilege checking |
FreeBSD -- Insufficient oce(4) ioctl(2) privilege checking |
FreeBSD -- Kernel memory disclosure with nested jails |
FreeBSD -- TCP IPv6 SYN cache kernel information disclosure |
2020-03-18 |
www/py-bleach -- multiple vulnerabilities |
2020-03-15 |
zeek -- potential denial of service issues |
2020-03-13 |
Okular -- Local binary execution via action links |
2020-03-12 |
Django -- potential SQL injection vulnerability |
Gitlab -- Vulnerability |
2020-03-11 |
py-matrix-synapse -- users of single-sign-on are vulnerable to phishing |
2020-03-09 |
Node.js -- multiple vulnerabilities |
2020-03-07 |
gitea -- multiple vulnerabilities |
salt -- salt-api vulnerability |
2020-03-06 |
Gitlab -- Multiple Vulnerabilities |
2020-03-03 |
ntp -- Multiple vulnerabilities |
2020-03-02 |
librsvg2 -- multiple vulnerabilities |
TiMidity++ -- Multiple vulnerabilities |
2020-02-29 |
Solr -- multiple vulnerabilities |
2020-02-24 |
Mbed TLS -- Cache attack against RSA key import in SGX |
Mbed TLS -- Side channel attack on ECDSA |
OpenSMTPd -- LPE and RCE in OpenSMTPD's default install |
2020-02-21 |
WeeChat -- Multiple vulnerabilities |
2020-02-19 |
webkit-gtk3 -- Multiple vulnerabilities |
2020-02-13 |
dovecot -- multiple vulnerabilities |
Gitlab -- Vulnerability |
2020-02-12 |
grub2-bhyve -- multiple privilege escalations |
2020-02-11 |
Flash Player -- arbitrary code execution |
libexif -- privilege escalation |
2020-02-09 |
NGINX -- HTTP request smuggling |
2020-02-07 |
ksh93 -- certain environment variables interpreted as arithmetic expressions on startup, leading to code injection |
2020-02-05 |
clamav -- Denial-of-Service (DoS) vulnerability |
2020-02-04 |
Django -- potential SQL injection vulnerability |
2020-02-02 |
libssh -- Unsanitized location in scp could lead to unwanted command execution |
MariaDB -- Vulnerability in C API |
2020-01-31 |
Gitlab -- Multiple Vulnerabilities |
spamassassin -- Nefarious rule configuration files can run system commands |
2020-01-30 |
sudo -- Potential bypass of Runas user restrictions |
2020-01-29 |
FreeBSD -- kernel stack data disclosure |
FreeBSD -- libfetch buffer overflow |
FreeBSD -- Missing IPsec anti-replay window check |
jenkins -- multiple vulnerabilities |
OpenSMTPd -- critical LPE / RCE vulnerability |
pkg -- vulnerability in libfetch |
2020-01-27 |
samba -- multiple vulnerabilities |
2020-01-26 |
webkit-gtk3 -- Multiple vulnerabilities |
2020-01-24 |
Pillow -- Multiple vulnerabilities |
2020-01-18 |
gitea -- multiple vulnerabilities |
2020-01-15 |
drm graphics drivers -- potential information disclusure via local access |
MySQL -- Multiple vulerabilities |
2020-01-14 |
Gitlab -- Private objects exposed through project import |
Template::Toolkit -- Directory traversal on write |
2020-01-11 |
phpMyAdmin -- SQL injection |
2020-01-08 |
e2fsprogs -- rehash.c/pass 3a mutate_name() code execution vulnerability |
2020-01-06 |
cacti -- multiple vulnerabilities |
2020-01-03 |
Gitlab -- Multiple Vulnerabilities |
2020-01-02 |
glpi -- Public GLPIKEY can be used to decrypt any data |
2019-12-29 |
OpenEXR -- heap buffer overflow, and out-of-memory bugs |
rack -- information leak / session hijack vulnerability |
2019-12-26 |
wordpress -- multiple issues |
2019-12-25 |
typo3 -- multiple vulnerabilities |
2019-12-21 |
drupal -- Drupal Core - Multiple Vulnerabilities |
e2fsprogs -- maliciously corrupted file systems can trigger buffer overruns in the quota code used by e2fsck |
2019-12-20 |
OpenSSL -- Overflow vulnerability |
2019-12-18 |
py-matrix-synapse -- multiple vulnerabilities |
2019-12-13 |
dovecot -- null pointer deref in notify with empty headers |
spamassassin -- multiple vulnerabilities |
2019-12-12 |
samba -- multiple vulnerabilities |
2019-12-10 |
Gitlab -- Multiple Vulnerabilities |
2019-12-09 |
Ghostscript -- Security bypass vulnerabilities |
2019-12-06 |
phpmyadmin -- multiple vulnerabilities |
2019-12-03 |
Django -- multiple vulnerabilities |
2019-11-28 |
Gitlab -- Multiple Vulnerabilities |
py-matrix-synapse -- incomplete cleanup of 3rd-party-IDs on user deactivation |
2019-11-27 |
Gitlab -- Multiple Vulnerabilities |
webkit2-gtk3 -- Multiple vulnerabilities |
2019-11-26 |
urllib3 -- multiple vulnerabilities |
2019-11-25 |
clamav -- Denial-of-Service (DoS) vulnerability |
FreeBSD -- Intel CPU Microcode Update |
FreeBSD -- Machine Check Exception on Page Size Change |
2019-11-23 |
unbound -- parsing vulnerability |
2019-11-22 |
asterisk -- AMI user could execute system commands |
asterisk -- Re-invite with T.38 and malformed SDP causes crash |
asterisk -- SIP request can change address of a SIP peer |
gitea -- multiple vulnerabilities |
2019-11-20 |
drm graphics drivers -- Local privilege escalation and denial of service |
2019-11-19 |
squid -- Vulnerable to HTTP Digest Authentication |
2019-11-18 |
libidn2 -- roundtrip check vulnerability |
2019-11-15 |
GNU cpio -- multiple vulnerabilities |
2019-11-13 |
libmad -- multiple vulnerabilities |
2019-11-12 |
chromium -- multiple vulnerabilities |
wordpress -- multiple issues |
2019-11-07 |
nexus2-oss -- Multiple vulerabilities |
2019-11-06 |
php -- env_path_info underflow in fpm_main.c can lead to RCE |
2019-11-03 |
mediawiki -- multiple vulnerabilities |
2019-11-02 |
file -- Heap buffer overflow possible |
MySQL -- Multiple vulerabilities |
2019-10-31 |
webkit2-gtk3 -- Multiple vulnerabilities |
2019-10-30 |
gitea -- information disclosure |
Gitlab -- Disclosure Vulnerabilities |
2019-10-29 |
py-matrix-synapse -- missing signature checks on some federation APIs |
samba -- multiple vulnerabilities |
2019-10-24 |
FreeBSD -- ICMPv6 / MLDv2 out-of-bounds memory access |
FreeBSD -- Insufficient message length validation in bsnmp library |
FreeBSD -- Insufficient validation of guest-supplied data (e1000 device) |
FreeBSD -- IPv6 remote Denial-of-Service |
FreeBSD -- kernel memory disclosure from /dev/midistat |
FreeBSD -- Multiple vulnerabilities in bzip2 |
FreeBSD -- Reference count overflow in mqueue filesystem 32-bit compat |
sudo -- Potential bypass of Runas user restrictions |
varnish -- Information Disclosure Vulnerability |
2019-10-23 |
Loofah -- XSS vulnerability |
2019-10-19 |
python 3.7 -- multiple vulnerabilities |
2019-10-15 |
Pillow -- Allocation of resources without limits or throttling |
2019-10-09 |
mod_perl2 -- execute arbitrary Perl code |
2019-10-06 |
Xpdf -- Multiple Vulnerabilities |
2019-10-03 |
unbound -- parsing vulnerability |
2019-10-02 |
cacti -- Authenticated users may bypass authorization checks |
Gitlab -- Disclosure Vulnerabilities |
Gitlab -- Multiple Vulnerabilities |
ruby -- multiple vulnerabilities |
2019-09-30 |
mongodb -- Bump Windows package dependencies |
mongodb -- Our init scripts check /proc/[pid]/stat should validate that `(${procname})` is the process' command name. |
2019-09-29 |
Exim -- heap-based buffer overflow in string_vformat leading to RCE |
2019-09-28 |
mongodb -- Attach IDs to users |
2019-09-27 |
mantis -- multiple vulnerabilities |
2019-09-26 |
go -- invalid headers are normalized, allowing request smuggling |
2019-09-25 |
jenkins -- multiple vulnerabilities |
2019-09-20 |
ISC KEA -- Multiple vulnerabilities |
2019-09-19 |
Mbed TLS -- Side channel attack on deterministic ECDSA |
2019-09-17 |
bro -- invalid memory access or heap buffer over-read |
expat2 -- Fix extraction of namespace prefixes from XML names |
2019-09-16 |
expat2 -- Fix extraction of namespace prefixes from XML names |
2019-09-14 |
curl -- multiple vulnerabilities |
2019-09-12 |
Gitlab -- Multiple Vulnerabilities |
2019-09-11 |
OpenSSL -- Multiple vulnerabilities |
2019-09-10 |
Flash Player -- multiple vulnerabilities |
2019-09-07 |
oniguruma -- multiple vulnerabilities |
xymon-server -- multiple vulnerabilities |
2019-09-06 |
asterisk -- Crash when negotiating for T.38 with a declined stream |
asterisk -- Remote Crash Vulnerability in audio transcoding |
Exim -- RCE with root privileges in TLS SNI handler |
wordpress -- multiple issues |
2019-09-03 |
mozilla -- multiple vulnerabilities |
samba -- combination of parameters and permissions can allow user to escape from the share path definition |
www/varnish6 -- Denial of Service |
2019-09-02 |
libgcrypt -- ECDSA timing attack |
2019-08-30 |
Gitlab -- Multiple Vulnerabilities |
webkit2-gtk3 -- Multiple vulnerabilities |
2019-08-29 |
RDoc -- multiple jQuery vulnerabilities |
2019-08-28 |
Dovecot -- improper input validation |
jenkins -- multiple vulnerabilities |
Mozilla -- Stored passwords in 'Saved Logins' can be copied without master password entry |
2019-08-25 |
h2o -- multiple HTTP/2 vulnerabilities |
h2o -- multiple HTTP/2 vulnerabilities |
2019-08-22 |
gitea -- multiple vulnerabilities |
2019-08-21 |
clamav -- multiple vulnerabilities |
Node.js -- multiple vulnerabilities |
2019-08-20 |
vlc -- multiple vulnerabilities |
2019-08-19 |
nsd -- Stack-based Buffer Overflow |
2019-08-18 |
Libgit2 -- multiple vulnerabilities |
xdm -- remote denial of service |
2019-08-17 |
Apache -- Multiple vulnerabilities |
webmin -- unauthenticated remote code execution |
2019-08-16 |
CUPS -- multiple vulnerabilities |
nghttp2 -- multiple vulnerabilities |
2019-08-15 |
traefik -- Denial of service in HTTP/2 |
2019-08-14 |
NGINX -- Multiple vulnerabilities |
2019-08-13 |
Gitlab -- Multiple Vulnerabilities |
Nokogiri -- injection vulnerability |
2019-08-09 |
bro -- Null pointer dereference and Signed integer overflow |
doas -- Prevent passing of environment variables |
KDE Frameworks -- malicious .desktop files execute code |
2019-08-08 |
PostgresSQL -- TYPE in pg_temp execute arbitrary SQL during `SECURITY DEFINER` execution |
2019-08-05 |
glpi -- Account takeover vulnerability |
2019-08-03 |
Django -- multiple vulnerabilities |
2019-07-31 |
gitea -- multiple vulnerabilities |
gitea -- multiple vulnerabilities |
2019-07-30 |
FreeBSD -- Bhyve out-of-bounds read in XHCI device |
FreeBSD -- File description reference count leak |
FreeBSD -- ICMP/ICMP6 packet filter bypass in pf |
FreeBSD -- iconv buffer overflow |
FreeBSD -- IPv6 fragment reassembly panic in pf(4) |
FreeBSD -- Kernel memory disclosure in freebsd32_ioctl |
FreeBSD -- Kernel stack disclosure in UFS/FFS |
FreeBSD -- Microarchitectural Data Sampling (MDS) |
FreeBSD -- Privilege escalation in cd(4) driver |
FreeBSD -- pts(4) write-after-free |
FreeBSD -- Reference count overflow in mqueue filesystem |
FreeBSD -- Resource exhaustion in non-default RACK TCP stack |
FreeBSD -- telnet(1) client multiple vulnerabilities |
Gitlab -- Multiple Vulnerabilities |
2019-07-28 |
py-matrix-synapse -- multiple vulnerabilities |
2019-07-25 |
Exim -- RCE in ${sort} expansion |
2019-07-22 |
MySQL -- Multiple vulerabilities |
2019-07-21 |
drupal -- Drupal core - Access bypass |
2019-07-20 |
PuTTY 0.72 -- buffer overflow in SSH-1 and integer overflow in SSH client |
2019-07-17 |
jenkins -- multiple vulnerabilities |
2019-07-16 |
libxslt -- security framework bypass |
2019-07-12 |
asterisk -- Remote Crash Vulnerability in chan_sip channel driver |
asterisk -- Remote crash vulnerability with MESSAGE messages |
python 3.7 -- multiple vulnerabilities |
2019-07-09 |
GnuPG -- denial of service |
mozilla -- multiple vulnerabilities |
2019-07-08 |
python 3.6 -- multiple vulnerabilities |
2019-07-06 |
webkit2-gtk3 -- Multiple vulnerabilities |
2019-07-05 |
mediawiki -- multiple vulnerabilities |
2019-07-03 |
ettercap -- out-of-bound read vulnerability |
Gitlab -- Multiple Vulnerabilities |
SDL2_image -- multiple vulnerabilities |
2019-07-01 |
Django -- Incorrect HTTP detection with reverse-proxy connecting via HTTPS |
irssi -- Use after free when sending SASL login to the server |
2019-06-30 |
bzip2 -- multiple issues |
2019-06-28 |
TYPO3 -- multiple vulnerabilities |
2019-06-27 |
PostgreSQL -- Stack-based buffer overflow via setting a password |
2019-06-22 |
znc -- privilege escalation |
2019-06-21 |
Mozilla -- multiple vulnerabilities |
Mozilla -- multiple vulnerabilities |
Mozilla -- multiple vulnerabilities |
powerdns -- multiple vulnerabilities |
2019-06-20 |
vlc -- Buffer overflow vulnerability |
vlc -- Double free in Matroska demuxer |
2019-06-19 |
mozilla -- multiple vulnerabilities |
2019-06-16 |
GraphicsMagick -- multiple vulnerabilities |
netatalk3 -- remote code execution vulnerability |
2019-06-15 |
chromium -- use after free |
2019-06-13 |
phpMyAdmin -- CSRF vulnerability in login form |
Vim/NeoVim -- Security vulnerability |
2019-06-12 |
mybb -- vulnerabilities |
2019-06-11 |
Flash Player -- arbitrary code execution |
2019-06-08 |
drupal -- Drupal core - Moderately critical |
2019-06-06 |
Django -- AdminURLFieldWidget XSS |
Exim -- RCE in deliver_message() function |
2019-06-03 |
Gitlab -- Multiple Vulnerabilities |
2019-06-01 |
buildbot -- OAuth Authentication Vulnerability |
2019-05-31 |
bro -- Unsafe integer conversions can cause unintentional code paths to be executed |
2019-05-30 |
ImageMagick -- multiple vulnerabilities |
2019-05-27 |
cyrus-imapd -- buffer overrun in httpd |
2019-05-26 |
serendipity -- XSS |
sqlite3 -- use after free |
suricata -- buffer over-read |
2019-05-25 |
curl -- multiple vulnerabilities |
2019-05-23 |
OCaml -- Multiple Security Vulnerabilities |
2019-05-22 |
mozilla -- multiple vulnerabilities |
2019-05-15 |
Rust -- violation of Rust's safety guarantees |
2019-05-14 |
Flash Player -- arbitrary code execution |
samba -- multiple vulnerabilities |
2019-05-11 |
PHP -- Multiple vulnerabilities in EXIF module |
2019-05-09 |
PostgreSQL -- Memory disclosure in partition routing |
PostgreSQL -- Selectivity estimators bypass row security policies |
2019-05-06 |
gitea -- multiple vulnerabilities |
2019-05-05 |
comms/hylafax -- Malformed fax sender remote code execution in JPEG support |
2019-05-01 |
Gitlab -- Information Disclosure |
2019-04-30 |
Dovecot -- Multiple vulnerabilities |
2019-04-29 |
Gitlab -- Multiple vulnerabilities |
2019-04-26 |
buildbot -- CRLF injection in Buildbot login and logout redirect code |
2019-04-25 |
drupal -- Drupal core - Moderately critical |
2019-04-23 |
FreeBSD -- EAP-pwd message reassembly issue with unexpected fragment |
FreeBSD -- EAP-pwd missing commit validation |
FreeBSD -- EAP-pwd side-channel attack |
FreeBSD -- SAE confirm missing state validation |
FreeBSD -- SAE side-channel attacks |
py-yaml -- arbitrary code execution |
2019-04-22 |
Istio -- Security vulnerabilities |
2019-04-21 |
Ghostscript -- Security bypass vulnerability |
2019-04-19 |
GnuTLS -- double free, invalid pointer access |
2019-04-18 |
dovecot -- json encoder crash |
libssh2 -- multiple issues |
2019-04-17 |
gitea -- remote code execution |
2019-04-13 |
MySQL -- multiple vulnerabilities |
2019-04-12 |
wget -- security flaw in caching credentials passed as a part of the URL |
2019-04-11 |
Gitlab -- Group Runner Registration Token Exposure |
2019-04-10 |
Flash Player -- multiple vulnerabilities |
jenkins -- multiple vulnerabilities |
2019-04-05 |
clamav -- multiple vulnerabilities |
2019-04-02 |
Apache -- Multiple vulnerabilities |
Gitlab -- Multiple vulnerabilities |
2019-04-01 |
Kubectl -- Potential directory traversal |
2019-03-31 |
znc -- Denial of Service |
2019-03-29 |
Jupyter notebook -- open redirect vulnerability |
2019-03-28 |
dovecot -- Buffer overflow reading extension header |
2019-03-27 |
drupal -- Drupal core - Moderately critical - Cross Site Scripting |
2019-03-26 |
Python -- NULL pointer dereference vulnerability |
2019-03-21 |
Gitlab -- Vulnerability |
libXdmcp -- insufficient entropy generating session keys |
wordpress -- multiple issues |
2019-03-20 |
gitea -- XSS vulnerability |
Gitlab -- Vulnerability |
2019-03-19 |
mozilla -- multiple vulnerabilities |
PowerDNS -- Insufficient validation in the HTTP remote backend |
2019-03-18 |
Rails -- Action View vulnerabilities |
2019-03-17 |
PuTTY -- security fixes in new release |
2019-03-16 |
Jupyter notebook -- cross-site inclusion (XSSI) vulnerability |
2019-03-15 |
RubyGems -- multiple vulnerabilities |
2019-03-07 |
ntp -- Crafted null dereference attack from a trusted source with an authenticated mode 6 packet |
OpenSSL -- ChaCha20-Poly1305 nonce vulnerability |
2019-03-06 |
rssh - multiple vulnerabilities |
rt -- XSS via jQuery |
2019-03-05 |
Gitlab -- Multiple vulnerabilities |
py-gunicorn -- CWE-113 vulnerability |
slixmpp -- improper access control |
2019-03-03 |
Node.js -- multiple vulnerabilities |
2019-03-02 |
mybb -- vulnerabilities |
2019-03-01 |
asterisk -- Remote crash vulnerability with SDP protocol violation |
2019-02-24 |
webkit-gtk -- Multiple vulnerabilities |
2019-02-22 |
rdesktop - critical - Remote Code Execution |
2019-02-21 |
drupal -- Drupal core - Highly critical - Remote Code Execution |
2019-02-20 |
OpenSSL -- Padding oracle vulnerability |
2019-02-15 |
msmtp -- certificate-verification issue |
2019-02-13 |
mozilla -- multiple vulnerabilities |
2019-02-12 |
Flash Player -- information disclosure |
2019-02-11 |
FreeBSD -- File description reference count leak |
FreeBSD -- System call kernel data register leak |
OpenJPEG -- integer overflow |
2019-02-10 |
kf5-kauth -- Insecure handling of arguments in helpers |
2019-02-08 |
unit -- heap memory buffer overflow |
2019-02-07 |
curl -- multiple vulnerabilities |
2019-02-06 |
Gitlab -- Multiple vulnerabilities |
2019-02-05 |
mail/dovecot -- Suitable client certificate can be used to login as other user |
2019-02-02 |
typo3 -- multiple vulnerabilities |
2019-02-01 |
gitea -- multiple vulnerabilities |
2019-01-31 |
Gitlab -- Multiple vulnerabilities |
p5-Email-Address-List -- DDoS related vulnerability |
2019-01-30 |
turnserver -- multiple vulnerabilities |
2019-01-29 |
mozilla -- multiple vulnerabilities |
2019-01-27 |
botan2 -- Side channel during ECC key generation |
MySQL -- multiple vulnerabilities |
phpMyAdmin -- File disclosure and SQL injection |
2019-01-26 |
gitea -- multiple vulnerabilities |
libzmq4 -- Remote Code Execution Vulnerability |
2019-01-23 |
Apache -- vulnerability |
www/mod_dav_svn -- Malicious SVN clients can crash mod_dav_svn. |
2019-01-22 |
powerdns-recursor -- multiple vulnerabilities |
www/py-requests -- Information disclosure vulnerability |
2019-01-20 |
joomla3 -- vulnerabilitiesw |
2019-01-19 |
drupal -- Drupal core - Arbitrary PHP code execution |
2019-01-18 |
Helm -- client unpacking chart that contains malicious content |
2019-01-17 |
Gitlab -- Arbitrary repo read in Gitlab project import |
2019-01-16 |
jenkins -- multiple vulnerabilities |
2019-01-15 |
py-matrix-synapse -- undisclosed vulnerability |
2019-01-10 |
irssi -- Use after free |
2019-01-06 |
gitea -- insufficient privilege check |
uriparser -- Out-of-bounds read |
2019-01-05 |
chromium -- multiple vulnerabilities |
chromium -- Use after free in PDFium |
Django -- Content spoofing possibility in the default 404 page |
2019-01-02 |
Gitlab -- Multiple vulnerabilities |
2018-12-26 |
rpm4 -- regression in -setperms, -setugids and -restore |
2018-12-22 |
Gitlab -- Arbitrary File read in Gitlab project import |
2018-12-21 |
gitea -- privilege escalation, XSS |
2018-12-20 |
bro -- "Magellan" remote code execution vulnerability in bundled sqlite |
shibboleth-sp -- crashes on malformed date/time content |
2018-12-19 |
FreeBSD -- bootpd buffer overflow |
2018-12-15 |
wordpress -- multiple issues |
2018-12-14 |
Gitlab -- Arbitrary File read in GitLab project import with Git LFS |
Mbed TLS -- Local timing attack on RSA decryption |
typo3 -- multiple vulnerabilities |
2018-12-13 |
couchdb -- administrator privilege escalation |
2018-12-12 |
phpMyAdmin -- multiple vulnerabilities |
2018-12-11 |
mozilla -- multiple vulnerabilities |
2018-12-10 |
FreeBSD -- Insufficient bounds checking in bhyve(8) device model |
FreeBSD -- Multiple vulnerabilities in NFS server code |
node.js -- multiple vulnerabilities |
2018-12-09 |
powerdns-recursor -- Crafted query can cause a denial of service |
2018-12-08 |
py-asyncssh -- Allows bypass of authentication |
2018-12-06 |
Flash Player -- multiple vulnerabilities |
Gitlab -- Multiple vulnerabilities |
2018-12-05 |
jenkins -- multiple vulnerabilities |
2018-12-03 |
moodle -- Login CSRF vulnerability |
2018-12-02 |
Rails -- Active Job vulnerability |
uriparser -- Multiple vulnerabilities |
2018-11-28 |
Gitlab -- Multiple vulnerabilities |
messagelib -- HTML email can open browser window automatically |
payara -- Code execution via crafted PUT requests to JSPs |
payara -- Default typing issue in Jackson Databind |
payara -- Multiple vulnerabilities |
2018-11-22 |
php-imap -- imap_open allows to run arbitrary shell commands via mailbox parameter |
2018-11-21 |
phpmailer -- Multiple vulnerability |
2018-11-20 |
Flash Player -- arbitrary code execution |
Gitlab -- Multiple vulnerabilities |
2018-11-19 |
powerdns -- Multiple vulnerabilities |
2018-11-17 |
powerdns-recursor -- Multiple vulnerabilities |
2018-11-14 |
asterisk -- Remote crash vulnerability DNS SRV and NAPTR lookups |
2018-11-13 |
Flash Player -- information disclosure |
2018-11-12 |
kio-extras -- HTML Thumbnailer automatic remote file access |
OpenSSL -- timing vulnerability |
2018-11-11 |
patch -- multiple vulnerabilities |
2018-11-09 |
lighttpd - use-after-free vulnerabilities |
2018-11-08 |
PostgreSQL -- SQL injection in pg_upgrade and pg_dump |
2018-11-06 |
NGINX -- Multiple vulnerabilities |
2018-11-01 |
curl -- multiple vulnerabilities |
gitea -- remote code exeution |
Gitlab -- SSRF in Kubernetes integration |
Loofah -- XSS vulnerability |
2018-10-29 |
Gitlab -- multiple vulnerabilities |
OpenSSL -- Multiple vulnerabilities in 1.1 branch |
2018-10-28 |
liveMedia -- potential remote code execution |
2018-10-27 |
salt -- multiple vulnerabilities |
2018-10-26 |
mini_httpd -- disclose arbitrary files is some circumstances |
2018-10-23 |
mozilla -- multiple vulnerabilities |
2018-10-22 |
drupal -- Drupal Core - Multiple Vulnerabilities |
2018-10-20 |
MySQL -- multiple vulnerabilities |
ruby -- multiple vulnerabilities |
2018-10-19 |
matomo -- XSS vulnerability |
2018-10-17 |
libssh -- authentication bypass vulnerability |
2018-10-15 |
Libgit2 -- multiple vulnerabilities |
2018-10-11 |
gitea -- multiple vulnerabilities |
jenkins -- multiple vulnerabilities |
Memory leak bug in Toxcore |
2018-10-09 |
tinc -- Buffer overflow |
2018-10-05 |
Gitlab -- multiple vulnerabilities |
2018-10-03 |
clamav -- multiple vulnerabilities |
Django -- password hash disclosure |
2018-10-02 |
mozilla -- multiple vulnerabilities |
2018-10-01 |
Gitlab -- multiple vulnerabilities |
pango -- remote DoS vulnerability |
2018-09-30 |
Serendipity -- multiple vulnerabilities |
2018-09-29 |
bitcoin -- Denial of Service and Possible Mining Inflation |
2018-09-26 |
Apache -- Denial of service vulnerability in HTTP/2 |
spamassassin -- multiple vulnerabilities |
wesnoth -- Code Injection vulnerability |
2018-09-25 |
mantis -- XSS vulnerability |
2018-09-22 |
mediawiki -- multiple vulnerabilities |
smart_proxy_dynflow -- authentication bypass vulnerability |
2018-09-21 |
asterisk -- Remote crash vulnerability in HTTP websocket upgrade |
firefox -- Crash in TransportSecurityInfo due to cached data |
2018-09-18 |
moodle -- multiple vulnerabilities |
2018-09-15 |
joomla3 -- vulnerabilitiesw |
2018-09-13 |
mybb -- vulnerabilities |
2018-09-12 |
FreeBSD -- Improper ELF header parsing |
2018-09-11 |
Containous Traefik -- exposes the configuration and secret |
Flash Player -- information disclosure |
mybb -- vulnerabilities |
Plex Media Server -- Information Disclosure Vulnerability |
X11 Session -- SDDM allows unauthorised unlocking |
2018-09-05 |
curl -- password overflow vulnerability |
Information disclosure - Gitea leaks email addresses |
mozilla -- multiple vulnerabilities |
2018-09-04 |
Ghostscript -- arbitrary code execution |
2018-08-31 |
grafana -- LDAP and OAuth login vulnerability |
2018-08-30 |
Gitlab -- multiple vulnerabilities |
2018-08-29 |
bro -- array bounds and potential DOS issues |
2018-08-25 |
node.js -- multiple vulnerabilities |
2018-08-23 |
links -- denial of service |
2018-08-22 |
FreeBSD -- L1 Terminal Fault (L1TF) Kernel Information Disclosure |
FreeBSD -- Resource exhaustion in IP fragment reassembly |
FreeBSD -- Unauthenticated EAPOL-Key Decryption Vulnerability |
gogs -- open redirect vulnerability |
libX11 -- Multiple vulnerabilities |
phpmyadmin -- XSS in the import dialog |
2018-08-17 |
botan2 -- ECDSA side channel |
2018-08-15 |
jenkins -- multiple vulnerabilities |
2018-08-14 |
Flash Player -- multiple vulnerabilities |
samba -- multiple vulnerabilities |
samba -- multiple vulnerabilities |
2018-08-12 |
chicken -- multiple vulnerabilities |
gitea -- TOTP passcode reuse |
2018-08-11 |
GraphicsMagick -- SVG/Rendering vulnerability |
2018-08-10 |
mbed TLS -- plaintext recovery vulnerabilities |
PostgreSQL -- two vulnerabilities |
2018-08-08 |
couchdb -- administrator privilege escalation |
MySQL -- multiple vulnerabilities |
2018-08-07 |
xml-security-c -- crashes on malformed KeyInfo content |
2018-08-06 |
FreeBSD -- Resource exhaustion in TCP reassembly |
py-cryptography -- tag forgery vulnerability |
2018-08-04 |
cgit -- directory traversal vulnerability |
2018-07-31 |
mailman -- content spoofing with invalid list names in web UI |
rubygem-doorkeeper -- token revocation vulnerability |
sinatra -- XSS vulnerability |
2018-07-29 |
mantis -- multiple vulnerabilities |
2018-07-27 |
chromium -- multiple vulnerabilities |
curl -- SMTP send heap buffer overflow |
ffmpeg -- multiple vulnerabilities |
GIMP - Heap Buffer Overflow Vulnerability |
Gitlab -- multiple vulnerabilities |
lshell -- Multiple security issues |
lshell -- Shell autocomplete reveals forbidden directories |
OpenJPEG -- multiple vulnerabilities |
py-bleach -- unsanitized character entities |
2018-07-26 |
Fix a buffer overflow in the tiff reader |
2018-07-24 |
Memory leak in different components |
2018-07-21 |
vlc -- Use after free vulnerability |
2018-07-19 |
mutt/neomutt -- multiple vulnerabilities |
2018-07-18 |
Apache httpd -- multiple vulnerabilities |
Gitlab -- Remote Code Execution Vulnerability in GitLab Projects Import |
jenkins -- multiple vulnerabilities |
znc -- multiple vulnerabilities |
2018-07-17 |
mutt -- remote code injection and path traversal vulnerability |
typo3 -- multiple vulnerabilities |
2018-07-15 |
Several Security Defects in the Bouncy Castle Crypto APIs |
2018-07-14 |
qutebrowser -- Remote code execution due to CSRF |
2018-07-11 |
Flash Player -- multiple vulnerabilities |
Libgit2 -- multiple vulnerabilities |
2018-07-10 |
couchdb -- multiple vulnerabilities |
2018-07-09 |
clamav -- multiple vulnerabilities |
2018-07-08 |
wordpress -- multiple issues |
2018-07-07 |
mybb -- vulnerabilities |
2018-07-06 |
zziplib - multiple vulnerabilities |
2018-07-05 |
expat -- multiple vulnerabilities |
2018-07-03 |
h2o -- heap buffer overflow during logging |
2018-07-01 |
SQLite -- Corrupt DB can cause a NULL pointer dereference |
2018-06-26 |
mozilla -- multiple vulnerabilities |
2018-06-25 |
Gitlab -- multiple vulnerabilities |
mailman -- hardening against malicious listowners injecting evil HTML scripts |
2018-06-22 |
phpmyadmin -- remote code inclusion and XSS scripting |
2018-06-21 |
FreeBSD -- Lazy FPU State Restore Information Disclosure |
2018-06-18 |
GraphicsMagick -- multiple vulnerabilities |
2018-06-16 |
slurm -- insecure handling of user_name and gid fields |
2018-06-15 |
node.js -- multiple vulnerabilities |
2018-06-14 |
password-store -- GPG parsing vulnerabilities |
2018-06-13 |
libgcrypt -- side-channel attack vulnerability |
2018-06-12 |
OpenSSL -- Client DoS due to large DH parameter |
2018-06-11 |
asterisk -- Infinite loop when reading iostreams |
asterisk -- PJSIP endpoint presence disclosure when using ACL |
2018-06-10 |
chromium -- Incorrect handling of CSP header |
2018-06-08 |
firefox -- Heap buffer overflow rasterizing paths in SVG with Skia |
gnupg -- unsanitized output (CVE-2018-12020) |
2018-06-07 |
Flash Player -- multiple vulnerabilities |
2018-06-06 |
bro -- multiple memory allocation issues |
2018-06-05 |
Libgit2 -- Fixing insufficient validation of submodule names |
2018-06-02 |
Git -- Fix memory out-of-bounds and remote code execution vulnerabilities (CVE-2018-11233 and CVE-2018-11235) |
2018-05-31 |
Gitlab -- multiple vulnerabilities |
strongswan -- Fix Denial-of-Service Vulnerability strongSwan (CVE-2018-10811, CVE-2018-5388) |
2018-05-30 |
chromium -- multiple vulnerabilities |
2018-05-21 |
BIND -- multiple vulnerabilities |
2018-05-16 |
cURL -- multiple vulnerabilities |
2018-05-11 |
chromium -- multiple vulnerabilities |
wavpack -- multiple vulnerabilities |
2018-05-10 |
jenkins -- multiple vulnerabilities |
2018-05-09 |
Flash Player -- arbitrary code execution |
mozilla -- multiple vulnerabilities |
2018-05-08 |
FreeBSD -- Mishandling of x86 debug exceptions |
wget -- cookie injection vulnerability |
2018-05-06 |
kamailio - buffer overflow |
2018-05-05 |
python 2.7 -- multiple vulnerabilities |
2018-05-04 |
KWallet-PAM -- Access to privileged files |
2018-05-03 |
drupal -- Drupal Core - Multiple Vulnerabilities |
2018-05-01 |
Gitlab -- multiple vulnerabilities |
2018-04-30 |
chromium -- vulnerability |
2018-04-26 |
quassel -- multiple vulnerabilities |
2018-04-24 |
chromium -- vulnerability |
2018-04-23 |
mbed TLS (PolarSSL) -- multiple vulnerabilities |
2018-04-21 |
MySQL -- multiple vulnerabilities |
2018-04-20 |
wordpress -- multiple issues |
2018-04-19 |
drupal -- Drupal core - Moderately critical |
phpmyadmin -- CSRF vulnerability allowing arbitrary SQL execution |
2018-04-16 |
drupal -- Drupal Core - Multiple Vulnerabilities |
OpenSSL -- Cache timing vulnerability |
2018-04-15 |
perl -- multiple vulnerabilities |
2018-04-14 |
ipsec-tools -- remotely exploitable computational-complexity attack |
2018-04-13 |
nghttp2 -- Denial of service due to NULL pointer dereference |
roundcube -- IMAP command injection vulnerability |
2018-04-12 |
jenkins -- multiple vulnerabilities |
2018-04-10 |
Flash Player -- multiple vulnerabilities |
2018-04-05 |
FreeBSD -- ipsec crash or denial of service |
FreeBSD -- vt console memory disclosure |
Gitlab -- multiple vulnerabilities |
2018-03-31 |
moodle -- multiple vulnerabilities |
2018-03-29 |
ruby -- multiple vulnerabilities |
2018-03-28 |
node.js -- multiple vulnerabilities |
webkit2-gtk3 -- multiple vulnerabilities |
2018-03-27 |
chromium -- vulnerability |
Gitlab -- multiple vulnerabilities |
mozilla -- use-after-free in compositor |
OpenSSL -- multiple vulnerabilities |
2018-03-24 |
apache -- multiple vulnerabilities |
mybb -- multiple vulnerabilities |
rails-html-sanitizer -- possible XSS vulnerability |
2018-03-22 |
SQLite -- Corrupt DB can cause a NULL pointer dereference |
2018-03-21 |
Sanitize -- XSS vulnerability |
2018-03-20 |
Loofah -- XSS vulnerability |
2018-03-19 |
Jupyter Notebook -- vulnerability |
2018-03-17 |
slurm-wlm -- SQL Injection attacks against SlurmDBD |
SquirrelMail -- post-authentication access privileges |
2018-03-16 |
libvorbis -- multiple vulnerabilities |
mozilla -- multiple vulnerabilities |
2018-03-14 |
e2fsprogs -- potential buffer overrun bugs in the blkid library and in the fsck program |
FreeBSD -- ipsec validation and use-after-free |
FreeBSD -- Speculative Execution Vulnerabilities |
2018-03-13 |
Flash Player -- multiple vulnerabilities |
mozilla -- multiple vulnerabilities |
samba -- multiple vulnerabilities |
2018-03-10 |
mbed TLS (PolarSSL) -- remote code execution |
2018-03-08 |
chromium -- vulnerability |
2018-03-04 |
wireshark -- multiple security issues |
2018-03-02 |
isc-dhcp -- Multiple vulnerabilities |
2018-03-01 |
libsndfile -- multiple vulnerabilities |
libsndfile -- out-of-bounds read memory access |
libsndfile -- out-of-bounds reads |
PostgreSQL vulnerabilities |
2018-02-28 |
ntp -- multiple vulnerabilities |
2018-02-27 |
chromium -- multiple vulnerabilities |
chromium -- vulnerability |
shibboleth-sp -- vulnerable to forged user attribute data |
2018-02-25 |
drupal -- Drupal Core - Multiple Vulnerabilities |
2018-02-24 |
cvs -- Remote code execution via ssh command injection |
2018-02-23 |
LibreOffice -- Remote arbitrary file disclosure vulnerability via WEBSERVICE formula |
squid -- Vulnerable to Denial of Service attack |
tomcat -- Security constraints ignored or applied too late |
2018-02-22 |
asterisk -- multiple vulnerabilities |
asterisk and pjsip -- multiple vulnerabilities |
phpMyAdmin -- self XSS in central columns feature |
2018-02-21 |
GitLab -- multiple vulnerabilities |
2018-02-19 |
irssi -- multiple vulnerabilities |
strongswan - Insufficient input validation in RSASSA-PSS signature parser |
2018-02-17 |
p5-Mojolicious -- cookie-handling vulnerability |
2018-02-16 |
bro -- integer overflow allows remote DOS |
bro -- out of bounds write allows remote DOS |
Bugzilla security issues |
consul -- vulnerability in embedded DNS library |
2018-02-15 |
libraw -- multiple DoS vulnerabilities |
libraw -- multiple DoS vulnerabilities |
quagga -- several security issues |
2018-02-14 |
bitmessage -- remote code execution vulnerability |
jenkins -- Path traversal vulnerability allows access to files outside plugin resources |
2018-02-13 |
bchunk -- access violation near NULL on destination operand and crash |
bchunk -- heap-based buffer overflow (with invalid free) and crash |
bchunk -- heap-based buffer overflow and crash |
uwsgi -- a stack-based buffer overflow |
2018-02-11 |
electrum -- JSONRPC vulnerability |
python -- possible integer overflow vulnerability |
2018-02-10 |
exim -- a buffer overflow vulnerability, remote code execution |
libtorrent -- remote DoS |
p7zip -- heap-based buffer overflow |
p7zip-codec-rar -- insufficient error handling |
2018-02-09 |
mpv -- arbitrary code execution via crafted website |
2018-02-08 |
Mailman -- Cross-site scripting (XSS) vulnerability in the web UI |
PostgreSQL vulnerabilities |
2018-02-06 |
Flash Player -- multiple vulnerabilities |
mini_httpd,thttpd -- Buffer overflow in htpasswd |
2018-02-05 |
shadowsocks-libev -- command injection via shell metacharacters |
2018-02-03 |
palemoon -- multiple vulnerabilities |
2018-02-02 |
Django -- information leakage |
2018-02-01 |
w3m - multiple vulnerabilities |
2018-01-29 |
firefox -- Arbitrary code execution through unsanitized browser UI |
tiff -- multiple vulnerabilities |
2018-01-27 |
gcab -- stack overflow |
2018-01-26 |
clamav -- multiple vulnerabilities |
cURL -- Multiple vulnerabilities |
dovecot -- abort of SASL authentication results in a memory leak |
2018-01-23 |
chromium -- multiple vulnerabilities |
chromium -- multiple vulnerabilities |
chromium -- out of bounds read |
mozilla -- multiple vulnerabilities |
powerdns-recursor -- insufficient validation of DNSSEC signatures |
2018-01-19 |
MySQL -- multiple vulnerabilities |
phpbb3 -- multiple issues |
unbound -- vulnerability in the processing of wildcard synthesized NSEC records |
wordpress -- multiple issues |
2018-01-17 |
gitlab -- Remote code execution on project import |
2018-01-14 |
transmission-daemon -- vulnerable to dns rebinding attacks |
2018-01-12 |
shibboleth-sp -- vulnerable to forged user attribute data |
2018-01-09 |
Flash Player -- information disclosure |
2018-01-08 |
awstats -- remote code execution |
2018-01-06 |
irssi -- multiple vulnerabilities |
2018-01-05 |
mozilla -- Speculative execution side-channel attack |
2017-12-30 |
OTRS -- Multiple vulnerabilities |
2017-12-29 |
The Bouncy Castle Crypto APIs: CVE-2017-13098 ("ROBOT") |
2017-12-25 |
mozilla -- multiple vulnerabilities |
2017-12-23 |
asterisk -- Crash in PJSIP resource when missing a contact header |
MariaDB -- unspecified vulnerability |
phpMyAdmin -- XSRF/CSRF vulnerability |
2017-12-20 |
rsync -- multiple vulnerabilities |
2017-12-18 |
rubygem-passenger -- arbitrary file read vulnerability |
2017-12-17 |
libXcursor -- integer overflow that can lead to heap buffer overflow |
libXfont -- multiple memory leaks |
libXfont -- permission bypass when opening files through symlinks |
2017-12-16 |
global -- gozilla vulnerability |
2017-12-15 |
jenkins -- Two startup race conditions |
2017-12-14 |
GitLab -- multiple vulnerabilities |
node.js -- Data Confidentiality/Integrity Vulnerability, December 2017 |
ruby -- Command injection vulnerability in Net::FTP |
tor -- Use-after-free in onion service v2 |
2017-12-13 |
asterisk -- Remote Crash Vulnerability in RTCP Stack |
libxml2 -- Multiple Issues |
2017-12-10 |
FreeBSD -- OpenSSL multiple vulnerabilities |
wireshark -- multiple security issues |
2017-12-07 |
OpenSSL -- multiple vulnerabilities |
2017-12-06 |
FreeBSD -- Information leak in kldstat(2) |
FreeBSD -- Kernel data leak via ptrace(PT_LWPINFO) |
FreeBSD -- OpenSSL multiple vulnerabilities |
FreeBSD -- POSIX shm allows jails to access global namespace |
FreeBSD -- WPA2 protocol vulnerability |
2017-12-05 |
mozilla -- multiple vulnerabilities |
2017-12-02 |
mybb -- multiple vulnerabilities |
varnish -- information disclosure vulnerability |
2017-12-01 |
asterisk -- DOS Vulnerability in Asterisk chan_skinny |
wordpress -- multiple issues |
2017-11-30 |
exim -- remote DoS attack in BDAT processing |
2017-11-29 |
borgbackup -- remote users can override repository restrictions |
cURL -- Multiple vulnerabilities |
xrdp -- local user can cause a denial of service |
2017-11-28 |
palemoon -- multiple vulnerabilities |
2017-11-27 |
exim -- remote code execution, deny of service in BDAT |
2017-11-24 |
mybb -- multiple vulnerabilities |
2017-11-23 |
codeigniter -- input validation bypass |
salt -- multiple vulnerabilities |
2017-11-21 |
frr -- BGP Mishandled attribute length on Error |
procmail -- Heap-based buffer overflow |
2017-11-20 |
cacti -- multiple vulnerabilities |
2017-11-19 |
mediawiki -- multiple vulnerabilities |
2017-11-16 |
Flash Player -- multiple vulnerabilities |
2017-11-15 |
shibboleth2-sp -- "Dynamic" metadata provider plugin issue |
2017-11-14 |
mozilla -- multiple vulnerabilities |
2017-11-13 |
rubygem-geminabox -- XSS vulnerabilities |
2017-11-12 |
konversation -- crash in IRC message parsing |
2017-11-11 |
roundcube -- file disclosure vulnerability |
2017-11-10 |
chromium -- multiple vulnerabilities |
2017-11-09 |
asterisk -- Buffer overflow in CDR's set user |
asterisk -- Buffer overflow in pjproject header parsing can cause crash in Asterisk |
asterisk -- Memory/File Descriptor/RTP leak in pjsip session resource |
jenkins -- multiple issues |
PostgreSQL vulnerabilities |
2017-11-02 |
OpenSSL -- Multiple vulnerabilities |
2017-11-01 |
wordpress -- multiple issues |
2017-10-30 |
PHP -- denial of service attack |
wireshark -- multiple security issues |
2017-10-28 |
chromium -- Stack overflow in V8 |
2017-10-27 |
wget -- Heap overflow in HTTP protocol handling |
wget -- Stack overflow in HTTP protocol handling |
2017-10-25 |
GitLab -- multiple vulnerabilities |
Node.js -- remote DOS security vulnerability |
2017-10-24 |
Apache OpenOffice -- multiple vulnerabilities |
2017-10-23 |
cURL -- out of bounds read |
2017-10-22 |
irssi -- multiple vulnerabilities |
2017-10-21 |
chromium -- multiple vulnerabilities |
2017-10-19 |
arj -- multiple vulnerabilities |
cacti -- Cross Site Scripting issue |
2017-10-18 |
krb5 -- Multiple vulnerabilities |
MySQL -- multiple vulnerabilities |
2017-10-17 |
Flash Player -- Remote code execution |
h2o -- DoS in workers |
xorg-server -- Multiple Issues |
2017-10-16 |
mercurial -- multiple issues |
WPA packet number reuse with replayed messages and key reinstallation |
2017-10-13 |
jenkins -- multiple issues |
Multiple exploitable heap-based buffer overflow vulnerabilities exists in FreeXL 1.0.3 |
solr -- Code execution via entity expansion |
xorg-server -- multiple vulnerabilities |
2017-10-12 |
FFmpeg -- multiple vulnerabilities |
nss -- Use-after-free in TLS 1.2 generating handshake hashes |
xen-kernel -- multiple vulnerabilities |
2017-10-11 |
ncurses -- multiple issues |
osip -- Improper Restriction of Operations within the Bounds of a Memory Buffer |
Python 2.7 -- multiple vulnerabilities |
2017-10-10 |
libtiff -- Improper Input Validation |
node -- access to unintended files |
rubygems -- deserialization vulnerability |
zookeeper -- Denial Of Service |
2017-10-09 |
xorg-server -- multiple vulnerabilities |
2017-10-06 |
tomcat -- Remote Code Execution |
2017-10-04 |
cURL -- out of bounds read |
2017-10-03 |
FreeBSD -- heimdal KDC-REP service name validation vulnerability |
FreeBSD -- OpenSSH Denial of Service vulnerability |
2017-10-02 |
dnsmasq -- multiple vulnerabilities |
2017-09-29 |
mozilla -- multiple vulnerabilities |
phpmyfaq -- multiple issues |
wordpress -- multiple issues |
2017-09-28 |
libraw -- Out-of-bounds Read |
sam2p -- multiple issues |
2017-09-27 |
libofx -- exploitable buffer overflow |
libzip -- denial of service |
OpenVPN -- out-of-bounds write in legacy key-method 1 |
2017-09-26 |
ImageMagick -- denial of service via a crafted font file |
ledger -- multiple vulnerabilities |
libbson -- Denial of Service |
libgd -- Denial of servica via double free |
libraw -- buffer overflow |
libraw -- denial of service and remote code execution |
php-gd and gd -- Buffer over-read into uninitialized memory |
sugarcrm -- multiple vulnerabilities |
tcpdump -- multiple vulnerabilities |
2017-09-25 |
aacplusenc -- denial of service |
ansible -- information disclosure flaw |
weechat -- crash in logger plugin |
2017-09-24 |
perl -- multiple vulnerabilities |
2017-09-22 |
chromium -- multiple vulnerabilities |
2017-09-19 |
Apache -- HTTP OPTIONS method can leak server memory |
asterisk -- RTP/RTCP information leak |
ruby -- multiple vulnerabilities |
rubygem-geminabox -- XSS & CSRF vulnerabilities |
2017-09-14 |
GitLab -- multiple vulnerabilities |
2017-09-12 |
emacs -- enriched text remote code execution vulnerability |
Flash Player -- multiple vulnerabilities |
2017-09-10 |
cyrus-imapd -- broken "other users" behaviour |
2017-09-06 |
chromium -- multiple vulnerabilities |
Django -- possible XSS in traceback section of technical 500 debug page |
2017-09-01 |
asterisk -- Remote Crash Vulerability in res_pjsip |
asterisk -- Unauthorized data disclosure and shell access command injection in app_minivm |
gdk-pixbuf -- multiple vulnerabilities |
2017-08-30 |
libgcrypt -- side-channel attack vulnerability |
2017-08-29 |
rubygems -- multiple vulnerabilities |
2017-08-26 |
kanboard -- multiple privilege escalation vulnerabilities |
2017-08-24 |
poppler -- multiple denial of service issues |
2017-08-23 |
phpmailer -- XSS in code example and default exeception handler |
2017-08-22 |
dnsdist -- multiple vulnerabilities |
pspp -- multiple vulnerabilities |
salt -- Maliciously crafted minion IDs can cause unwanted directory traversals on the Salt-master |
SquirrelMail -- post-authentication remote code execution |
2017-08-19 |
drupal -- Drupal Core - Multiple Vulnerabilities |
2017-08-17 |
libsoup -- stack based buffer overflow |
2017-08-16 |
Zabbix -- Remote code execution |
2017-08-15 |
Supervisord -- An authenticated client can run arbitrary shell commands via malicious XML-RPC requests |
2017-08-14 |
FreeRadius -- Multiple vulnerabilities |
2017-08-12 |
Mercurial -- multiple vulnerabilities |
2017-08-11 |
GitLab -- two vulnerabilities |
subversion -- Arbitrary code execution vulnerability |
2017-08-10 |
Flash Player -- multiple vulnerabilities |
PostgreSQL vulnerabilities |
2017-08-09 |
Axis2 -- Security vulnerability on dependency Apache Commons FileUpload |
cURL -- multiple vulnerabilities |
2017-08-08 |
mozilla -- multiple vulnerabilities |
sqlite3 -- heap-buffer overflow |
2017-08-02 |
Varnish -- Denial of service vulnerability |
2017-08-01 |
chromium -- multiple vulnerabilities |
2017-07-29 |
Cacti -- Cross-site scripting (XSS) vulnerability in auth_profile.php |
2017-07-27 |
proftpd -- user chroot escape vulnerability |
2017-07-26 |
jabberd -- authentication bypass vulnerability |
2017-07-25 |
gsoap -- remote code execution via via overflow |
webkit2-gtk3 -- multiple vulnerabilities |
2017-07-20 |
GitLab -- Various security issues |
2017-07-19 |
collectd5 -- Denial of service by sending a signed network packet to a server which is not set up to check signatures |
MySQL -- multiple vulnerabilities |
strongswan -- multiple vulnerabilities |
2017-07-17 |
Cacti -- Cross-site scripting (XSS) vulnerability in link.php |
2017-07-13 |
Apache httpd -- multiple vulnerabilities |
evince and atril -- command injection vulnerability in CBT handler |
Flash Player -- multiple vulnerabilities |
2017-07-12 |
node.js -- multiple vulnerabilities |
samba -- Orpheus Lyre mutual authentication validation bypass |
2017-07-11 |
nginx -- a specially crafted request might result in an integer overflow |
2017-07-08 |
codeigniter -- input validation bypass |
irssi -- multiple vulnerabilities |
2017-07-07 |
oniguruma -- multiple vulnerabilities |
2017-07-06 |
drupal -- Drupal Core - Multiple Vulnerabilities |
2017-07-03 |
Dropbear -- two vulnerabilities |
smarty3 -- shell injection in math |
2017-06-30 |
GitLab -- Various security issues |
libgcrypt -- side-channel attack on RSA secret keys |
tor -- security regression |
2017-06-21 |
exim -- Privilege escalation via multiple memory leaks |
OpenVPN -- several vulnerabilities |
pear-Horde_Image -- DoS vulnerability |
pear-Horde_Image -- remote code execution vulnerability |
2017-06-20 |
Apache httpd -- several vulnerabilities |
2017-06-16 |
chromium -- multiple vulnerabilities |
2017-06-15 |
cURL -- URL file scheme drive letter buffer overflow |
Flash Player -- multiple vulnerabilities |
rt and dependent modules -- multiple security vulnerabilities |
2017-06-13 |
mozilla -- multiple vulnerabilities |
2017-06-09 |
roundcube -- arbitrary password resets |
2017-06-08 |
GnuTLS -- Denial of service vulnerability |
irssi -- remote DoS |
2017-06-06 |
chromium -- multiple vulnerabilities |
2017-06-02 |
ansible -- Input validation flaw in jinja2 templating system |
2017-06-01 |
duo -- Two-factor authentication bypass |
FreeRADIUS -- TLS resumption authentication bypass |
2017-05-31 |
heimdal -- bypass of capath policy |
2017-05-26 |
FreeBSD -- ipfilter(4) fragment handling panic |
FreeBSD -- Multiple vulnerabilities of ntp |
vlc -- remote code execution via crafted subtitles |
2017-05-25 |
ImageMagick -- multiple vulnerabilities |
OpenEXR -- multiple remote code execution and denial of service vulnerabilities |
2017-05-24 |
samba -- remote code execution vulnerability |
2017-05-23 |
NVIDIA UNIX driver -- multiple vulnerabilities in the kernel mode layer handler |
2017-05-22 |
miniupnpc -- integer signedness error |
2017-05-21 |
Wordpress -- multiple vulnerabilities |
2017-05-19 |
asterisk -- Buffer Overrun in PJSIP transaction layer |
asterisk -- Memory exhaustion on short SCCP packets |
2017-05-18 |
gitlab -- Various security issues |
gitlab -- Various security issues |
Joomla3 -- SQL Injection |
2017-05-17 |
freetype2 -- buffer overflows |
2017-05-11 |
OpenVPN -- two remote denial-of-service vulnerabilities |
PostgreSQL vulnerabilities |
2017-05-10 |
kauth: Local privilege escalation |
2017-05-09 |
libetpan -- null dereference vulnerability in MIME parsing component |
2017-05-03 |
chromium -- race condition vulnerability |
2017-04-30 |
dovecot -- Dovecot DoS when passdb dict was used for authentication |
2017-04-28 |
LibreSSL -- TLS verification vulnerability |
2017-04-27 |
jenkins -- multiple vulnerabilities |
2017-04-25 |
codeigniter -- multiple vulnerabilities |
2017-04-24 |
weechat -- multiple vulnerabilities |
2017-04-21 |
chromium -- multiple vulnerabilities |
drupal8 -- Drupal Core - Critical - Access Bypass |
2017-04-20 |
cURL -- TLS session resumption client cert bypass (again) |
icu -- multiple vulnerabilities |
libsamplerate -- multiple vulnerabilities |
libsndfile -- multiple vulnerabilities |
tiff -- multiple vulnerabilities |
2017-04-19 |
graphite2 -- out-of-bounds write with malicious font |
libevent -- multiple vulnerabilities |
mozilla -- multiple vulnerabilities |
MySQL -- multiple vulnerabilities |
NSS -- multiple vulnerabilities |
2017-04-13 |
BIND -- multiple vulnerabilities |
2017-04-07 |
id Tech 3 -- remote code execution vulnerability |
2017-04-06 |
xen-kernel -- broken check in memory_exchange() permits PV guest breakout |
2017-04-05 |
cURL -- potential memory disclosure |
2017-04-04 |
asterisk -- Buffer overflow in CDR's set user |
django -- multiple vulnerabilities |
NVIDIA UNIX driver -- multiple vulnerabilities in the kernel mode layer handler |
2017-03-30 |
chromium -- multiple vulnerabilities |
xen-tools -- xenstore denial of service via repeated update |
2017-03-29 |
phpMyAdmin -- bypass 'no password' restriction |
2017-03-24 |
samba -- symlink race allows access outside share definition |
2017-03-23 |
xen-tools -- Cirrus VGA Heap overflow via display refresh |
2017-03-18 |
firefox -- integer overflow in createImageBitmap() |
irssi -- use-after-free potential code execution |
moodle -- multiple vulnerabilities |
moodle -- multiple vulnerabilities |
mysql -- denial of service vulnerability |
2017-03-17 |
drupal8 -- multiple vulnerabilities |
2017-03-16 |
Flash Player -- multiple vulnerabilities |
PuTTY -- integer overflow permits memory overwrite by forwarded ssh-agent connections |
2017-03-12 |
chromium -- multiple vulnerabilities |
mbed TLS (PolarSSL) -- multiple vulnerabilities |
Several Security Defects in the Bouncy Castle Crypto APIs |
2017-03-11 |
kde-runtime -- kdesu: displayed command truncated by unicode string terminator |
kdepimlibs -- directory traversal on KTNEF |
kio: Information Leak when accessing https when using a malicious PAC file |
2017-03-07 |
mozilla -- multiple vulnerabilities |
wordpress -- multiple vulnerabilities |
2017-03-05 |
codeigniter -- multiple vulnerabilities |
ikiwiki -- authentication bypass vulnerability |
ikiwiki -- multiple vulnerabilities |
2017-02-28 |
potrace -- multiple memory failure |
2017-02-26 |
MPD -- buffer overflows in http output |
2017-02-22 |
cURL -- ocsp status validation error |
xen-tools -- cirrus_bitblt_cputovideo does not check if memory region is safe |
2017-02-21 |
fbsdmon -- information disclosure vulnerability |
2017-02-18 |
wavpack -- multiple invalid memory reads |
2017-02-16 |
openssl -- crash on handshake |
optipng -- multiple vulnerabilities |
2017-02-14 |
diffoscope -- arbitrary file write |
2017-02-12 |
ffmpeg -- heap overflow in lavf/mov.c |
2017-02-11 |
gtk-vnc -- bounds checking vulnerabilities |
xen-tools -- oob access in cirrus bitblt copy |
2017-02-06 |
tiff -- multiple vulnerabilities |
2017-02-04 |
chicken -- multiple vulnerabilities |
freeimage -- code execution vulnerability |
guile2 -- multiple vulnerabilities |
libebml -- multiple vulnerabilities |
mantis -- XSS vulnerability |
2017-02-01 |
jenkins -- multiple vulnerabilities |
shotwell -- failure to encrypt authentication |
2017-01-29 |
wordpress -- multiple vulnerabilities |
2017-01-27 |
nfsen -- remote command execution |
2017-01-26 |
chromium -- multiple vulnerabilities |
OpenSSL -- multiple vulnerabilities |
2017-01-24 |
mozilla -- multiple vulnerabilities |
phpMyAdmin -- Multiple vulnerabilities |
2017-01-23 |
Intel(R) NVMUpdate -- Intel(R) Ethernet Controller X710/XL710 NVM Security Vulnerability |
2017-01-19 |
icoutils -- check_offset overflow on 64-bit systems |
PHP -- undisclosed vulnerabilities |
2017-01-18 |
mysql -- multiple vulnerabilities |
powerdns -- multiple vulnerabilities |
2017-01-15 |
groovy -- remote execution of untrusted code/DoS vulnerability |
RabbitMQ -- Authentication vulnerability |
wordpress -- multiple vulnerabilities |
2017-01-14 |
mysql -- multiple vulnerabilities |
MySQL -- multiple vulnerabilities |
2017-01-12 |
Ansible -- Command execution on Ansible controller from host |
BIND -- multiple vulnerabilities |
phpmailer -- Remote Code Execution |
2017-01-11 |
flash -- multiple vulnerabilities |
FreeBSD -- OpenSSH multiple vulnerabilities |
openssl -- timing attack vulnerability |
2017-01-09 |
GnuTLS -- Memory corruption vulnerabilities |
hdf5 -- multiple vulnerabilities |
libdwarf -- multiple vulnerabilities |
libvncserver -- multiple buffer overflows |
lynx -- multiple vulnerabilities |
moinmoin -- XSS vulnerabilities |
2017-01-07 |
tomcat -- information disclosure vulnerability |
tomcat -- multiple vulnerabilities |
tomcat -- multiple vulnerabilities |
2017-01-06 |
codeigniter -- multiple vulnerabilities |
codeigniter -- multiple vulnerabilities |
End of Life Ports |
Use-After-Free Vulnerability in pcsc-lite |
2017-01-05 |
Irssi -- multiple vulnerabilities |
2017-01-01 |
w3m -- multiple vulnerabilities |
2016-12-29 |
h2o -- Use-after-free vulnerability |
PHP -- multiple vulnerabilities |
PHP -- multiple vulnerabilities |
2016-12-28 |
phpmailer -- Remote Code Execution |
2016-12-27 |
upnp -- multiple vulnerabilities |
2016-12-26 |
phpmailer -- Remote Code Execution |
samba -- multiple vulnerabilities |
2016-12-25 |
exim -- DKIM private key leak |
2016-12-24 |
cURL -- uninitialized random vulnerability |
2016-12-23 |
squid -- multiple vulnerabilities |
vim -- arbitrary command execution |
2016-12-22 |
cURL -- buffer overflow |
FreeBSD -- Multiple vulnerabilities of ntp |
Joomla! -- multiple vulnerabilities |
Joomla! -- multiple vulnerabilities |
Joomla! -- multiple vulnerabilities |
Joomla! -- multiple vulnerabilities |
Pligg CMS -- XSS Vulnerability |
xen-kernel -- x86 PV guests may be able to mask interrupts |
2016-12-21 |
Apache httpd -- several vulnerabilities |
2016-12-20 |
xen-kernel -- x86: Mishandling of SYSCALL singlestep during emulation |
2016-12-16 |
atheme-services -- multiple vulnerabilities |
2016-12-14 |
mozilla -- multiple vulnerabilities |
wordpress -- multiple vulnerabilities |
xen-kernel -- x86 CMPXCHG8B emulation fails to ignore operand size override |
2016-12-12 |
PHP -- Multiple vulnerabilities |
2016-12-09 |
asterisk -- Authentication Bypass |
asterisk -- Crash on SDP offer or answer from endpoint using Opus |
2016-12-06 |
Apache httpd -- denial of service in HTTP/2 |
cryptopp -- multiple vulnerabilities |
FreeBSD -- bhyve(8) virtual machine escape |
FreeBSD -- link_ntoa(3) buffer overflow |
FreeBSD -- Possible login(1) argument injection in telnetd(8) |
2016-12-05 |
chromium -- multiple vulnerabilities |
2016-12-04 |
ImageMagick -- heap overflow vulnerability |
ImageMagick7 -- multiple vulnerabilities |
Pillow -- multiple vulnerabilities |
py-cryptography -- vulnerable HKDF key generation |
qemu -- denial of service vulnerability |
xen-kernel -- CR0.TS and CR0.EM not always honored for x86 HVM guests |
xen-kernel -- guest 32-bit ELF symbol table load leaking host data |
xen-kernel -- use after free in FIFO event channel code |
xen-kernel -- x86 64-bit bit test instruction emulation broken |
xen-kernel -- x86 HVM: Overflow of sh_ctxt->seg_reg[] |
xen-kernel -- x86 null segments not always treated as unusable |
xen-kernel -- x86 segment base write emulation lacking canonical address checks |
xen-kernel -- x86 task switch to VM86 mode mis-handled |
xen-kernel -- x86: Disallow L3 recursive pagetable for 32-bit PV guests |
xen-kernel -- x86: Mishandling of instruction pointer truncation during emulation |
xen-tools -- delimiter injection vulnerabilities in pygrub |
xen-tools -- qemu incautious about shared ring processing |
2016-12-01 |
Mozilla -- SVG Animation Remote Code Execution |
wireshark -- multiple vulnerabilities |
2016-11-30 |
p7zip -- Null pointer dereference |
wget -- Access List Bypass / Race Condition |
2016-11-29 |
libwww -- multiple vulnerabilities |
mozilla -- data: URL can inherit wrong origin after an HTTP redirect |
Roundcube -- arbitrary command execution |
subversion -- Unrestricted XML entity expansion in mod_dontdothat and Subversionclients using http(s) |
2016-11-25 |
Drupal Code -- Multiple Vulnerabilities |
phpMyAdmin -- multiple vulnerabilities |
2016-11-24 |
Remote-Code-Execution vulnerability in mysql and its variants CVE 2016-6662 |
2016-11-22 |
ntp -- multiple vulnerabilities |
2016-11-21 |
teeworlds -- Remote code execution |
2016-11-16 |
jenkins -- Remote code execution vulnerability in remoting module |
moodle -- multiple vulnerabilities |
moodle -- multiple vulnerabilities |
mozilla -- multiple vulnerabilities |
2016-11-12 |
lives -- insecure files permissions |
2016-11-10 |
chromium -- multiple vulnerabilities |
flash -- multiple vulnerabilities |
openssl -- multiple vulnerabilities |
2016-11-09 |
gitlab -- Directory traversal via "import/export" feature |
2016-11-03 |
chromium -- out-of-bounds memory access |
2016-11-02 |
BIND -- Remote Denial of Service vulnerability |
cURL -- multiple vulnerabilities |
django -- multiple vulnerabilities |
FreeBSD -- OpenSSL Remote DoS vulnerability |
memcached -- multiple vulnerabilities |
2016-11-01 |
MySQL -- multiple vulnerabilities |
2016-10-31 |
chromium -- multiple vulnerabilities |
chromium -- multiple vulnerabilities |
2016-10-29 |
FreeBSD -- OpenSSH Remote Denial of Service vulnerability |
2016-10-28 |
Axis2 -- Security vulnerabilities on dependency Apache HttpClient |
node.js -- multiple vulnerabilities |
sudo -- Potential bypass of sudo_noexec.so via wordexp() |
urllib3 -- certificate verification failure |
2016-10-27 |
flash -- remote code execution |
2016-10-26 |
node.js -- ares_create_query single byte out of buffer write |
2016-10-25 |
FreeBSD -- bhyve - privilege escalation vulnerability |
2016-10-24 |
flash -- multiple vulnerabilities |
2016-10-21 |
mozilla -- multiple vulnerabilities |
2016-10-18 |
Axis2 -- Cross-site scripting (XSS) vulnerability |
Tor -- remote denial of service |
2016-10-12 |
file-roller -- path traversal vulnerability |
ImageMagick -- multiple vulnerabilities |
mupdf -- multiple vulnerabilities |
openoffice -- information disclosure vulnerability |
VirtualBox -- undisclosed vulnerabilities |
2016-10-11 |
libgd -- integer overflow which could lead to heap buffer overflow |
libvncserver -- multiple security vulnerabilities |
openjpeg -- multiple vulnerabilities |
redis -- sensitive information leak through command history file |
2016-10-10 |
FreeBSD -- Heap overflow vulnerability in bspatch |
FreeBSD -- Multiple libarchive vulnerabilities |
FreeBSD -- Multiple portsnap vulnerabilities |
2016-10-09 |
mkvtoolnix -- code execution via specially crafted files |
2016-10-07 |
X.org libraries -- multiple vulnerabilities |
2016-09-30 |
PHP -- multiple vulnerabilities |
PHP -- multiple vulnerabilities |
2016-09-28 |
BIND -- Remote Denial of Service vulnerability |
2016-09-27 |
django -- CSRF protection bypass on a site with Google Analytics |
2016-09-26 |
OpenSSL -- multiple vulnerabilities |
2016-09-22 |
OpenSSL -- multiple vulnerabilities |
2016-09-21 |
irssi -- heap corruption and missing boundary checks |
2016-09-20 |
mozilla -- multiple vulnerabilities |
2016-09-16 |
chromium -- multiple vulnerabilities |
2016-09-15 |
dropbear -- multiple vulnerabilities |
2016-09-14 |
cURL -- Escape and unescape integer overflows |
h2o -- fix DoS attack vector |
Remote-Code-Execution vulnerability in mysql and its variants CVE 2016-6662 |
2016-09-13 |
chromium -- multiple vulnerabilities |
chromium -- multiple vulnerabilities |
mysql -- Remote Root Code Execution |
2016-09-09 |
gnutls -- OCSP validation issue |
2016-09-08 |
asterisk -- Crash on ACK from unknown endpoint |
asterisk -- RTP Resource Exhaustion |
2016-09-07 |
Mozilla -- multiple vulnerabilities |
2016-09-06 |
inspircd -- authentication bypass vulnerability |
mailman -- CSRF hardening in parts of the web interface |
2016-09-01 |
openssh -- sshd -- remote valid user discovery and PAM /bin/login attack |
2016-08-29 |
mailman -- CSRF protection enhancements |
2016-08-28 |
libxml2 -- multiple vulnerabilities |
2016-08-27 |
kdelibs -- directory traversal vulnerability |
2016-08-22 |
eog -- out-of-bounds write |
2016-08-21 |
fontconfig -- insufficiently cache file validation |
2016-08-18 |
End of Life Ports |
gnupg -- attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output |
Rails 4 -- Possible XSS Vulnerability in Action View |
Rails 4 -- Unsafe Query Generation Risk in Active Record |
2016-08-17 |
phpmyadmin -- multiple vulnerabilities |
2016-08-15 |
puppet-agent MCollective plugin -- Remote Code Execution vulnerability |
2016-08-14 |
TeamSpeak Server 3 -- Multiple vulnerabilities including Remote Code Execution |
2016-08-11 |
FreeBSD -- bsnmpd remote denial of service vulnerability |
FreeBSD -- Buffer overflow in keyboard driver |
FreeBSD -- Buffer overflow in stdio |
FreeBSD -- Deadlock in the NFS server |
FreeBSD -- Denial of service attack against sshd(8) |
FreeBSD -- Denial of Service in TCP packet processing |
FreeBSD -- Denial of Service with IPv6 Router Advertisements |
FreeBSD -- devfs rules not applied by default for jails |
FreeBSD -- Heap vulnerability in bspatch |
FreeBSD -- iconv(3) NULL pointer dereference and out-of-bounds array access |
FreeBSD -- Incorrect argument handling in sendmsg(2) |
FreeBSD -- Incorrect argument validation in sysarch(2) |
FreeBSD -- Incorrect error handling in PAM policy parser |
FreeBSD -- Insecure default GELI keyfile permissions |
FreeBSD -- Insecure default snmpd.config permissions |
FreeBSD -- Integer overflow in IGMP protocol |
FreeBSD -- Kernel memory disclosure in control messages and SCTP |
FreeBSD -- Kernel stack disclosure in 4.3BSD compatibility layer |
FreeBSD -- Kernel stack disclosure in Linux compatibility layer |
FreeBSD -- Kernel stack disclosure in setlogin(2) / getlogin(2) |
FreeBSD -- ktrace kernel memory disclosure |
FreeBSD -- Linux compatibility layer incorrect futex handling |
FreeBSD -- Linux compatibility layer issetugid(2) system call |
FreeBSD -- Linux compatibility layer setgroups(2) system call |
FreeBSD -- Local privilege escalation in IRET handler |
FreeBSD -- memory leak in sandboxed namei lookup |
FreeBSD -- Multiple integer overflows in expat (libbsdxml) XML parser |
FreeBSD -- Multiple ntp vulnerabilities |
FreeBSD -- Multiple OpenSSL vulnerabilities |
FreeBSD -- Multiple vulnerabilities in file(1) and libmagic(3) |
FreeBSD -- Remote command execution in ftp(1) |
FreeBSD -- Resource exhaustion due to sessions stuck in LAST_ACK state |
FreeBSD -- Resource exhaustion in TCP reassembly |
FreeBSD -- routed(8) remote denial of service vulnerability |
FreeBSD -- routed(8) remote denial of service vulnerability |
FreeBSD -- rpcbind(8) remote denial of service [REVISED] |
FreeBSD -- rtsold(8) remote buffer overflow vulnerability |
FreeBSD -- SCTP ICMPv6 error message vulnerability |
FreeBSD -- SCTP SCTP_SS_VALUE kernel memory corruption and disclosure |
FreeBSD -- SCTP stream reset vulnerability |
FreeBSD -- sendmail improper close-on-exec flag handling |
FreeBSD -- shell injection vulnerability in patch(1) |
FreeBSD -- shell injection vulnerability in patch(1) |
FreeBSD -- TCP MD5 signature denial of service |
FreeBSD -- TCP reassembly vulnerability |
PostgreSQL -- Denial-of-Service and Code Injection Vulnerabilities |
2016-08-10 |
BIND,Knot,NSD,PowerDNS -- denial over service via oversized zone transfers |
2016-08-09 |
FreeBSD -- Incorrect privilege validation in the NFS server |
FreeBSD -- integer overflow in IP_MSFILTER |
FreeBSD -- Kernel memory disclosure in sctp(4) |
piwik -- XSS vulnerability |
2016-08-06 |
bind -- denial of service vulnerability |
moodle -- multiple vulnerabilities |
wireshark -- multiple vulnerabilities |
2016-08-05 |
collectd -- Network plugin heap overflow |
2016-08-04 |
gd -- multiple vulnerabilities |
p5-XSLoader -- local arbitrary code execution |
perl -- local arbitrary code execution |
Vulnerabilities in Curl |
2016-08-03 |
lighttpd - multiple vulnerabilities |
2016-08-02 |
xen-kernel -- x86: Missing SMAP whitelisting in 32-bit exception / event delivery |
xen-kernel -- x86: Privilege escalation in PV guests |
xen-tools -- virtio: unbounded memory allocation issue |
2016-07-31 |
libidn -- multiple vulnerabilities |
2016-07-26 |
php -- multiple vulnerabilities |
xercesi-c3 -- multiple vulnerabilities |
2016-07-22 |
chromium -- multiple vulnerabilities |
2016-07-21 |
Apache OpenOffice 4.1.2 -- Memory Corruption Vulnerability (Impress Presentations) |
krb5 -- KDC denial of service vulnerability |
MySQL -- Multiple vulnerabilities |
2016-07-19 |
The GIMP -- Use after Free vulnerability |
2016-07-18 |
typo3 -- Missing access check in Extbase |
2016-07-16 |
atutor -- multiple vulnerabilities |
atutor -- multiple vulnerabilities |
flash -- multiple vulnerabilities |
2016-07-15 |
libreoffice -- use-after-free vulnerability |
p7zip -- heap overflow vulnerability |
p7zip -- out-of-bounds read vulnerability |
tiff -- buffer overflow |
2016-07-13 |
samba -- client side SMB2/3 required signing can be downgraded |
2016-07-08 |
ruby-saml -- XML signature wrapping attack |
2016-07-07 |
quassel -- remote denial of service |
2016-07-05 |
apache24 -- X509 Client certificate based authentication can be bypassed when HTTP/2 is used |
2016-07-04 |
wireshark -- multiple vulnerabilities |
xen-kernel -- x86 shadow pagetables: address width overflow |
xen-kernel -- x86 software guest page walk PS bit handling flaw |
xen-tools -- QEMU: Banked access to VGA memory (VBE) uses inconsistent bounds checks |
xen-tools -- Unrestricted qemu logging |
xen-tools -- Unsanitised driver domain input in libxl device handling |
xen-tools -- Unsanitised guest input in libxl device handling code |
2016-07-03 |
hive -- authorization logic vulnerability |
icingaweb2 -- remote code execution |
moodle -- multiple vulnerabilities |
Python -- smtplib StartTLS stripping vulnerability |
SQLite3 -- Tempdir Selection Vulnerability |
2016-07-01 |
phpMyAdmin -- multiple vulnerabilities |
2016-06-30 |
dnsmasq -- denial of service |
expat2 -- denial of service |
haproxy -- denial of service |
libtorrent-rasterbar -- denial of service |
openssl -- denial of service |
Python -- HTTP Header Injection in Python urllib |
2016-06-26 |
Apache Commons FileUpload -- denial of service (DoS) vulnerability |
2016-06-25 |
php -- multiple vulnerabilities |
wordpress -- multiple vulnerabilities |
2016-06-23 |
libarchive -- multiple vulnerabilities |
piwik -- XSS vulnerability |
2016-06-21 |
wget -- HTTP to FTP redirection file name confusion vulnerability |
2016-06-20 |
libxslt -- Denial of Service |
2016-06-19 |
flash -- multiple vulnerabilities |
flash -- multiple vulnerabilities |
flash -- multiple vulnerabilities |
2016-06-17 |
chromium -- multiple vulnerabilities |
drupal -- multiple vulnerabilities |
Python -- Integer overflow in zipimport module |
2016-06-14 |
botan -- cryptographic vulnerability |
botan -- multiple vulnerabilities |
2016-06-11 |
VLC -- Possibly remote code execution via crafted file |
2016-06-10 |
roundcube -- XSS vulnerability |
2016-06-09 |
expat -- multiple vulnerabilities |
OpenSSL -- vulnerability in DSA signing |
2016-06-08 |
iperf3 -- buffer overflow |
2016-06-07 |
gnutls -- file overwrite by setuid programs |
mozilla -- multiple vulnerabilities |
NSS -- multiple vulnerabilities |
2016-06-06 |
chromium -- multiple vulnerabilities |
2016-06-05 |
ikiwiki -- XSS vulnerability |
openafs -- local DoS vulnerability |
openafs -- multiple vulnerabilities |
2016-06-01 |
h2o -- use after free on premature connection close |
2016-05-31 |
nginx -- a specially crafted request might result in worker process crash |
2016-05-29 |
openvswitch -- MPLS buffer overflow |
2016-05-28 |
cacti -- multiple vulnerabilities |
chromium -- multiple vulnerabilities |
chromium -- multiple vulnerabilities |
chromium -- multiple vulnerabilities |
php -- multiple vulnerabilities |
2016-05-25 |
phpmyadmin -- XSS and sensitive data leakage |
2016-05-24 |
mediawiki -- multiple vulnerabilities |
2016-05-20 |
expat -- denial of service vulnerability on malformed input |
hostapd and wpa_supplicant -- psk configuration parameter update allowing arbitrary data to be written |
2016-05-17 |
Bugzilla security issues |
2016-05-14 |
OpenVPN -- Buffer overflow in PAM authentication and DoS through port sharing |
2016-05-13 |
imagemagick -- buffer overflow |
2016-05-12 |
jenkins -- multiple vulnerabilities |
2016-05-10 |
perl5 -- taint mechanism bypass vulnerability |
wordpress -- multiple vulnerabilities |
2016-05-09 |
libarchive -- RCE vulnerability |
2016-05-07 |
squid -- multiple vulnerabilities |
2016-05-06 |
ImageMagick -- multiple vulnerabilities |
2016-05-04 |
jansson -- local denial of service vulnerabilities |
2016-05-03 |
gitlab -- privilege escalation via "impersonate" feature |
libksba -- local denial of service vulnerabilities |
OpenSSL -- multiple vulnerabilities |
php -- multiple vulnerabilities |
2016-05-02 |
wireshark -- multiple vulnerabilities |
2016-05-01 |
mercurial -- arbitrary code execution vulnerability |
2016-04-30 |
MySQL -- multiple vulnerabilities |
2016-04-28 |
logstash -- password disclosure vulnerability |
subversion -- multiple vulnerabilities |
2016-04-27 |
ntp -- multiple vulnerabilities |
2016-04-26 |
mozilla -- multiple vulnerabilities |
2016-04-23 |
phpmyfaq -- cross-site request forgery vulnerability |
2016-04-21 |
libtasn1 -- denial of service parsing malicious DER certificates |
squid -- multiple vulnerabilities |
2016-04-20 |
ansible -- use of predictable paths in lxc_container |
proftpd -- vulnerability in mod_tls |
2016-04-19 |
chromium -- multiple vulnerabilities |
hostapd and wpa_supplicant -- multiple vulnerabilities |
2016-04-17 |
dhcpcd -- remote code execution/denial of service |
dhcpcd -- remote code execution/denial of service |
2016-04-15 |
asterisk -- Long Contact URIs in REGISTER requests can crash Asterisk |
PJSIP -- TCP denial of service in PJProject |
2016-04-14 |
go -- remote denial of service |
2016-04-12 |
samba -- multiple vulnerabilities |
2016-04-03 |
moodle -- multiple vulnerabilities |
pcre -- heap overflow vulnerability |
php -- multiple vulnerabilities |
py-djblets -- Self-XSS vulnerability |
2016-04-02 |
squid -- multiple vulnerabilities |
2016-03-31 |
Botan BER Decoder vulnerabilities |
flash -- multiple vulnerabilities |
Multiple vulnerabilities in Botan |
PostgreSQL -- minor security problems. |
2016-03-29 |
chromium -- multiple vulnerabilities |
chromium -- multiple vulnerabilities |
mercurial -- multiple vulnerabilities |
2016-03-28 |
bind -- denial of service vulnerability |
bind -- denial of service vulnerability |
bind -- denial of service vulnerability |
2016-03-27 |
salt -- Insecure configuration of PAM external authentication service |
2016-03-25 |
activemq -- Unsafe deserialization |
activemq -- Web Console Clickjacking |
activemq -- Web Console Cross-Site Scripting |
2016-03-21 |
pcre -- stack buffer overflow |
2016-03-19 |
hadoop2 -- unauthorized disclosure of data vulnerability |
kamailio -- SEAS Module Heap overflow |
2016-03-18 |
git -- integer overflow |
2016-03-17 |
git -- potential code execution |
2016-03-14 |
dropbear -- authorized_keys command= bypass |
node -- multiple vulnerabilities |
2016-03-13 |
jpgraph2 -- XSS vulnerability |
php5 -- multiple vulnerabilities |
php7 -- multiple vulnerabilities |
2016-03-11 |
openssh -- command injection when X11Forwarding is enabled |
2016-03-10 |
pidgin-otr -- use after free |
quagga -- stack based buffer overflow vulnerability |
ricochet -- information disclosure |
2016-03-09 |
libotr -- integer overflow |
2016-03-08 |
brotli -- buffer overflow |
django -- multiple vulnerabilities |
graphite2 -- multiple vulnerabilities |
mozilla -- multiple vulnerabilities |
NSS -- multiple vulnerabilities |
NSS -- multiple vulnerabilities |
wordpress -- multiple vulnerabilities |
2016-03-07 |
PuTTY - old-style scp downloads may allow remote code execution |
2016-03-06 |
rails -- multiple vulnerabilities |
websvn -- information disclosure |
websvn -- reflected cross-site scripting |
2016-03-05 |
chromium -- multiple vulnerabilities |
libssh -- weak Diffie-Hellman secret generation |
2016-03-02 |
cacti -- multiple vulnerabilities |
exim -- local privillege escalation |
2016-03-01 |
phpmyadmin -- multiple XSS and a man-in-the-middle vulnerability |
wireshark -- multiple vulnerabilities |
wireshark -- multiple vulnerabilities |
2016-02-28 |
django -- regression in permissions model |
moodle -- multiple vulnerabilities |
tomcat -- multiple vulnerabilities |
tomcat -- multiple vulnerabilities |
xen-kernel -- PV superpage functionality missing sanity checks |
xen-kernel -- VMX: guest user mode may crash guest with non-canonical RIP |
xen-kernel -- VMX: intercept issue with INVLPG on non-canonical address |
xerces-c3 -- Parser Crashes on Malformed Input |
2016-02-26 |
giflib -- heap overflow |
pitivi -- code execution |
2016-02-25 |
drupal -- multiple vulnerabilities |
jenkins -- multiple vulnerabilities |
2016-02-24 |
squid -- remote DoS in HTTP response processing |
2016-02-21 |
bsh -- remote code execution vulnerability |
libsrtp -- DoS via crafted RTP header vulnerability |
2016-02-20 |
jasper -- multiple vulnerabilities |
2016-02-18 |
chromium -- same origin bypass |
glibc -- getaddrinfo stack-based buffer overflow |
squid -- SSL/TLS processing remote DoS |
2016-02-17 |
adminer -- remote code execution |
adminer -- XSS vulnerability |
adminer -- XSS vulnerability |
adminer -- XSS vulnerability |
2016-02-16 |
libgcrypt -- side-channel attack on ECDH |
xdelta3 -- buffer overflow vulnerability |
2016-02-15 |
firefox -- Same-origin-policy violation using Service Workers with plugins |
2016-02-14 |
horde -- XSS vulnerabilities |
2016-02-13 |
nghttp2 -- Out of memory in nghttpd, nghttp, and libnghttp2_asio |
2016-02-12 |
PostgreSQL -- Security Fixes for Regular Expressions, PL/Java. |
2016-02-10 |
dnscrypt-proxy -- code execution |
flash -- multiple vulnerabilities |
2016-02-09 |
chromium -- multiple vulnerabilities |
graphite2 -- code execution vulnerability |
php -- multiple vulnerabilities |
py-imaging, py-pillow -- Buffer overflow in FLI decoding code |
py-imaging, py-pillow -- Buffer overflow in PCD decoder |
py-pillow -- Buffer overflow in TIFF decoding code |
py-pillow -- Integer overflow in Resample.c |
xymon-server -- multiple vulnerabilities |
2016-02-06 |
ffmpeg -- remote denial of service in JPEG2000 decoder |
2016-02-05 |
shotwell -- not verifying certificates |
2016-02-04 |
asterisk -- Multiple vulnerabilities |
py-rsa -- Bleichenbacher'06 signature forgery vulnerability |
webkit -- UI spoof |
2016-02-03 |
salt -- code execution |
2016-02-02 |
rails -- multiple vulnerabilities |
2016-02-01 |
gdcm -- multiple vulnerabilities |
mozilla -- multiple vulnerabilities |
socat -- diffie hellman parameter was not prime |
2016-01-30 |
nginx -- multiple vulnerabilities |
2016-01-29 |
nghttp2 -- use after free |
owncloud -- multiple vulnerabilities |
radicale -- multiple vulnerabilities |
typo3 -- multiple vulnerabilities |
2016-01-28 |
openssl -- multiple vulnerabilities |
phpmyadmin -- Full path disclosure vulnerability in SQL parser |
phpmyadmin -- Insecure password generation in JavaScript |
phpmyadmin -- Multiple full path disclosure vulnerabilities |
phpmyadmin -- Multiple full path disclosure vulnerabilities |
phpmyadmin -- Multiple XSS vulnerabilities |
phpmyadmin -- Unsafe comparison of XSRF/CSRF token |
phpmyadmin -- Unsafe generation of XSRF/CSRF token |
phpmyadmin -- XSS vulnerability in normalization page |
phpmyadmin -- XSS vulnerability in SQL editor |
prosody -- user impersonation vulnerability |
2016-01-27 |
curl -- Credentials not checked |
2016-01-26 |
privoxy -- malicious server spoofing as proxy vulnerability |
privoxy -- multiple vulnerabilities |
privoxy -- multiple vulnerabilities |
privoxy -- multiple vulnerabilities |
sudo -- potential privilege escalation via symlink misconfiguration |
wordpress -- XSS vulnerability |
2016-01-22 |
bind -- denial of service vulnerability |
imlib2 -- denial of service vulnerabilities |
2016-01-21 |
chromium -- multiple vulnerabilities |
ntp -- multiple vulnerabilities |
2016-01-20 |
bind -- denial of service vulnerability |
cgit -- multiple vulnerabilities |
2016-01-19 |
claws-mail -- no bounds checking on the output buffer in conv_jistoeuc, conv_euctojis, conv_sjistoeuc |
2016-01-18 |
go -- information disclosure vulnerability |
libarchive -- multiple vulnerabilities |
2016-01-17 |
ffmpeg -- remote attacker can access local files |
libproxy -- stack-based buffer overflow |
2016-01-15 |
h2o -- directory traversal vulnerability |
2016-01-14 |
openssh -- information disclosure |
prosody -- multiple vulnerabilities |
2016-01-13 |
kibana4 -- XSS vulnerability |
2016-01-12 |
isc-dhcpd -- Denial of Service |
p5-PathTools -- File::Spec::canonpath loses taint |
2016-01-11 |
php -- multiple vulnerabilities |
2016-01-09 |
pygments -- shell injection vulnerability |
2016-01-08 |
dhcpcd -- multiple vulnerabilities |
librsync -- collision vulnerability |
ntp -- denial of service vulnerability |
polkit -- multiple vulnerabilities |
2016-01-07 |
mbedTLS/PolarSSL -- SLOTH attack on TLS 1.2 server authentication |
2016-01-06 |
xen-kernel -- information leak in legacy x86 FPU/XMM initialization |
xen-kernel -- ioreq handling possibly susceptible to multiple read issue |
xen-kernel -- XENMEM_exchange error handling issues |
xen-tools -- libxl leak of pv kernel and initrd on error |
2016-01-05 |
cacti -- SQL injection vulnerabilities |
tiff -- out-of-bounds read in CIE Lab image format |
tiff -- out-of-bounds read in tif_getimage.c |
wolfssl -- DDoS amplification in DTLS |
wolfssl -- leakage of private key information |
2016-01-04 |
kea -- unexpected termination while handling a malformed packet |
unzip -- multiple vulnerabilities |
2016-01-03 |
mini_httpd -- buffer overflow via snprintf |
qemu -- denial of service vulnerabilities in eepro100 NIC support |
qemu -- denial of service vulnerability in Human Monitor Interface support |
qemu -- denial of service vulnerability in MegaRAID SAS HBA emulation |
qemu -- denial of service vulnerability in MSI-X support |
qemu -- denial of service vulnerability in Q35 chipset emulation |
qemu -- denial of service vulnerability in Rocker switch emulation |
qemu -- denial of service vulnerability in USB EHCI emulation support |
qemu -- denial of service vulnerability in VMWARE VMXNET3 NIC support |
qemu -- denial of service vulnerability in VNC |
qemu and xen-tools -- denial of service vulnerabilities in AMD PC-Net II NIC support |
2016-01-02 |
qemu -- denial of service vulnerabilities in NE2000 NIC support |
qemu -- denial of service vulnerability in e1000 NIC support |
qemu -- denial of service vulnerability in IDE disk/CD/DVD-ROM emulation |
qemu -- denial of service vulnerability in virtio-net support |
qemu -- denial of service vulnerability in VNC |
2016-01-01 |
qemu -- buffer overflow vulnerability in virtio-serial message exchanges |
qemu -- buffer overflow vulnerability in VNC |
qemu -- code execution on host machine |
qemu -- stack buffer overflow while parsing SCSI commands |
2015-12-31 |
mono -- DoS and code execution |
2015-12-29 |
flash -- multiple vulnerabilities |
inspircd -- DoS |
2015-12-28 |
ffmpeg -- multiple vulnerabilities |
NSS -- MD5 downgrade in TLS 1.2 signatures |
2015-12-26 |
phpMyAdmin -- path disclosure vulnerability |
2015-12-25 |
dpkg -- stack-based buffer overflow |
2015-12-24 |
mantis -- information disclosure vulnerability |
mediawiki -- multiple vulnerabilities |
2015-12-23 |
Bugzilla security issues |
Ruby -- unsafe tainted string vulnerability |
2015-12-22 |
librsvg2 -- denial of service vulnerability |
librsvg2 -- denial of service vulnerability |
2015-12-20 |
libvirt -- ACL bypass using ../ to access beyond storage pool |
2015-12-19 |
samba -- multiple vulnerabilities |
2015-12-18 |
chromium -- multiple vulnerabilities |
quassel -- remote denial of service |
2015-12-17 |
cups-filters -- code execution |
cups-filters -- code execution |
joomla -- multiple vulnerabilities |
py-amf -- input sanitization errors |
2015-12-16 |
bind -- multiple vulnerabilities |
2015-12-15 |
java -- multiple vulnerabilities |
mozilla -- multiple vulnerabilities |
subversion -- multiple vulnerabilities |
2015-12-13 |
chromium -- multiple vulnerabilities |
freeimage -- multiple integer overflows |
2015-12-10 |
redmine -- CSRF protection bypass |
redmine -- information leak vulnerability |
redmine -- information leak vulnerability |
redmine -- multiple vulnerabilities |
redmine -- multiple vulnerabilities |
redmine -- open redirect vulnerability |
redmine -- open redirect vulnerability |
redmine -- potential XSS vulnerability |
redmine -- XSS vulnerability |
2015-12-09 |
jenkins -- multiple vulnerabilities |
2015-12-08 |
flash -- multiple vulnerabilities |
KeePassX -- information disclosure |
libressl -- NULL pointer dereference |
2015-12-07 |
libraw -- index overflow in smal_decode_segment |
libraw -- memory objects not properly initialized |
passenger -- client controlled header overwriting |
Salt -- information disclosure |
2015-12-05 |
openssl -- multiple vulnerabilities |
2015-12-03 |
PHPmailer -- SMTP injection vulnerability |
2015-12-02 |
chromium -- multiple vulnerabilities |
ffmpeg -- multiple vulnerabilities |
piwik -- multiple vulnerabilities |
2015-12-01 |
cyrus-imapd -- integer overflow in the start_octet addition |
2015-11-30 |
django -- information leak vulnerability |
2015-11-22 |
a2ps -- format string vulnerability |
kibana4 -- CSRF vulnerability |
2015-11-20 |
libxml2 -- multiple vulnerabilities |
libxslt -- DoS vulnerability due to type confusing error |
2015-11-19 |
mozilla -- multiple vulnerabilities |
2015-11-18 |
gdm -- lock screen bypass when holding escape key |
2015-11-16 |
moodle -- multiple vulnerabilities |
strongswan -- authentication bypass vulnerability in the eap-mschapv2 plugin |
xen-kernel -- CPU lockup during exception delivery |
2015-11-15 |
libpng buffer overflow in png_set_PLTE |
2015-11-14 |
flash -- multiple vulnerabilities |
2015-11-11 |
chromium -- multiple vulnerabilities |
jenkins -- remote code execution via unsafe deserialization |
MySQL - Multiple vulnerabilities |
owncloudclient -- Improper validation of certificates when using self-signed certificates |
p5-HTML-Scrubber -- XSS vulnerability |
xen-kernel -- leak of main per-domain vcpu pointer array |
xen-kernel -- leak of per-domain profiling-related vcpu pointer array |
xen-kernel -- Long latency populate-on-demand operation is not preemptible |
xen-kernel -- some pmu and profiling hypercalls log without rate limiting |
xen-kernel -- Uncontrolled creation of large page mappings by PV guests |
xen-tools -- libxl fails to honour readonly flag on disks with qemu-xen |
xen-tools -- populate-on-demand balloon size inaccuracy can crash guests |
2015-11-10 |
libvpx -- buffer overflow in vp9_init_context_buffers |
2015-11-09 |
powerdns -- Denial of Service |
PuTTY -- memory corruption in terminal emulator's erase character handling |
2015-11-05 |
OpenOffice 4.1.1 -- multiple vulnerabilities |
2015-11-01 |
codeigniter -- multiple vulnerabilities |
2015-10-28 |
openafs -- information disclosure |
2015-10-27 |
xscreensaver - lock bypass |
2015-10-26 |
lldpd -- Buffer overflow/Denial of service |
2015-10-25 |
Joomla! -- Core - ACL Violation vulnerabilities |
Joomla! -- Core - CSRF Protection vulnerabilities |
Joomla! -- Core - Open Redirect vulnerability |
Joomla! -- Core - Remote File Execution/Denial of Service vulnerabilities |
Joomla! -- Core - SQL Injection/ACL Violation vulnerabilities |
Joomla! -- Core - Unauthorized Login vulnerability |
Joomla! -- Core - XSS Vulnerability |
Joomla! -- Core - XSS Vulnerability |
wireshark -- Pcapng file parser crash |
2015-10-24 |
drupal -- open redirect vulnerability |
2015-10-23 |
mediawiki -- multiple vulnerabilities |
phpMyAdmin -- Content spoofing vulnerability |
2015-10-21 |
ntp -- 13 low- and medium-severity vulnerabilities |
2015-10-20 |
codeigniter -- multiple XSS vulnerabilities |
2015-10-19 |
Git -- Execute arbitrary code |
2015-10-17 |
Salt -- multiple vulnerabilities |
2015-10-16 |
firefox -- Cross-origin restriction bypass using Fetch |
flash -- remote code execution |
LibreSSL -- Memory leak and buffer overflow |
2015-10-15 |
mbedTLS/PolarSSL -- DoS and possible remote code execution |
2015-10-14 |
flash -- multiple vulnerabilities |
magento -- multiple vulnerabilities |
miniupnpc -- buffer overflow |
pear-twig -- remote code execution |
2015-10-13 |
chromium -- multiple vulnerabilities |
2015-10-10 |
devel/ipython -- multiple vulnerabilities |
p5-UI-Dialog -- shell command execution vulnerability |
2015-10-08 |
PostgreSQL -- minor security problems. |
2015-10-06 |
mbedTLS/PolarSSL -- multiple vulnerabilities |
mbedTLS/PolarSSL -- multiple vulnerabilities |
OpenSMTPD -- multiple vulnerabilities |
ZendFramework1 -- SQL injection vulnerability |
2015-10-05 |
gdk-pixbuf2 -- head overflow and DoS |
plone -- multiple vulnerabilities |
2015-10-04 |
OpenSMTPD -- multiple vulnerabilities |
php -- multiple vulnerabilities |
2015-10-01 |
james -- multiple vulnerabilities |
2015-09-30 |
otrs -- Scheduler Process ID File Access |
2015-09-28 |
codeigniter -- multiple vulnerabilities |
codeigniter -- multiple vulnerabilities |
codeigniter -- mysql database driver vulnerability |
codeigniter -- SQL injection vulnerability |
codeigniter -- SQL injection vulnerability |
flash -- multiple vulnerabilities |
2015-09-27 |
chromium -- multiple vulnerabilities |
2015-09-22 |
libssh2 -- denial of service vulnerability |
mozilla -- multiple vulnerabilities |
2015-09-20 |
ffmpeg -- multiple vulnerabilities |
2015-09-18 |
moodle -- multiple vulnerabilities |
remind -- buffer overflow with malicious reminder file input |
squid -- TLS/SSL parser denial of service vulnerability |
2015-09-17 |
openjpeg -- use-after-free vulnerability |
openslp -- denial of service vulnerability |
optipng -- use-after-free vulnerability |
shutter -- arbitrary code execution |
2015-09-16 |
h2o -- directory traversal vulnerability |
p7zip -- directory traversal vulnerability |
2015-09-15 |
wordpress -- multiple vulnerabilities |
2015-09-14 |
Bugzilla security issues |
2015-09-12 |
openldap -- denial of service vulnerability |
2015-09-09 |
pgbouncer -- failed auth_query lookup leads to connection as auth_user |
vorbis-tools, opus-tools -- multiple vulnerabilities |
2015-09-08 |
ganglia-webfrontend -- auth bypass |
libvncserver -- memory corruption |
php -- multiple vulnerabilities |
phpMyAdmin -- reCaptcha bypass |
screen -- stack overflow |
wireshark -- multiple vulnerabilities |
2015-09-04 |
gdk-pixbuf2 -- integer overflows |
2015-09-03 |
bind -- denial of service vulnerability |
bind -- denial of service vulnerability |
2015-09-02 |
chromium -- multiple vulnerabilities |
powerdns -- denial of service |
2015-09-01 |
ffmpeg -- out-of-bounds array access |
ffmpeg -- use-after-free |
ghostscript -- denial of service (crash) via crafted Postscript files |
2015-08-29 |
graphviz -- format string vulnerability |
2015-08-28 |
mozilla -- multiple vulnerabilities |
2015-08-25 |
go -- multiple vulnerabilities |
libtremor -- memory corruption |
libtremor -- multiple vulnerabilities |
2015-08-24 |
pcre -- heap overflow vulnerability |
2015-08-22 |
drupal -- multiple vulnerabilities |
2015-08-21 |
OpenSSH -- PAM vulnerabilities |
OpenSSH -- PermitRootLogin may allow password connections with 'without-password' |
tarsnap -- buffer overflow and local DoS |
2015-08-20 |
libpgf -- use-after-free |
vlc -- arbitrary pointer dereference vulnerability |
2015-08-19 |
gdk-pixbuf2 -- heap overflow and DoS |
2015-08-18 |
django -- multiple vulnerabilities |
freexl -- integer overflow |
freexl -- multiple vulnerabilities |
jasper -- multiple vulnerabilities |
unreal -- denial of service |
2015-08-17 |
mod_jk -- information disclosure |
php5 -- multiple vulnerabilities |
qemu, xen-tools -- QEMU leak of uninitialized heap memory in rtl8139 device model |
qemu, xen-tools -- use-after-free in QEMU/Xen block unplug protocol |
2015-08-14 |
freeradius3 -- insufficient validation on packets |
gnutls -- double free in certificate DN decoding |
gnutls -- MD5 downgrade in TLS signatures |
mediawiki -- multiple vulnerabilities |
2015-08-13 |
froxlor -- database password information leak |
2015-08-12 |
Adobe Flash Player -- critical vulnerabilities |
libvpx -- out-of-bounds write |
py-foolscap -- local file inclusion |
RT -- two XSS vulnerabilities |
2015-08-11 |
libvpx -- multiple buffer overflows |
mozilla -- multiple vulnerabilities |
2015-08-10 |
lighttpd -- Log injection vulnerability in mod_auth |
pcre -- heap overflow vulnerability in '(?|' situations |
2015-08-07 |
mozilla -- multiple vulnerabilities |
2015-08-06 |
subversion -- multiple vulnerabilities |
wordpress -- Multiple vulnerability |
2015-08-05 |
elasticsearch -- directory traversal attack via snapshot API |
elasticsearch -- remote code execution via transport protocol |
2015-08-04 |
qemu, xen-tools -- QEMU heap overflow flaw with certain ATAPI commands |
2015-07-31 |
net-snmp -- snmp_pdu_parse() function incomplete initialization |
net-snmp -- snmptrapd crash |
2015-07-28 |
bind -- denial of service vulnerability |
2015-07-27 |
logstash -- SSL/TLS vulnerability with Lumberjack input |
OpenSSH -- MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices |
2015-07-25 |
chromium -- multiple vulnerabilities |
2015-07-23 |
libidn -- out-of-bounds read issue with invalid UTF-8 input |
shibboleth-sp -- DoS vulnerability |
sox -- input sanitization errors |
sox -- memory corruption vulnerabilities |
wordpress -- XSS vulnerability |
2015-07-22 |
gdk-pixbuf2 -- heap overflow and DoS affecting Firefox and other programs |
2015-07-20 |
cacti -- Multiple XSS and SQL injection vulnerabilities |
2015-07-18 |
moodle -- multiple vulnerabilities |
php-phar -- multiple vulnerabilities |
2015-07-17 |
apache22 -- chunk header parsing defect |
2015-07-16 |
groovy -- remote execution of untrusted code |
libav -- divide by zero |
mozilla -- multiple vulnerabilities |
zenphoto -- multiple vulnerabilities |
2015-07-15 |
apache24 -- multiple vulnerabilities |
libwmf -- multiple vulnerabilities |
PolarSSL -- Security Fix Backports |
2015-07-14 |
Adobe Flash Player -- critical vulnerabilities |
2015-07-13 |
devel/ipython -- CSRF possible remote execution vulnerability |
freeradius -- insufficient CRL application vulnerability |
mysql -- SSL Downgrade |
php -- arbitrary code execution |
php -- use-after-free vulnerability |
php -- use-after-free vulnerability |
2015-07-11 |
pivotx -- cross-site scripting (XSS) vulnerability |
pivotx -- Multiple unrestricted file upload vulnerabilities |
xen-kernel -- arm: vgic-v2: GICD_SGIR is not properly emulated |
xen-kernel -- arm: vgic: incorrect rate limiting of guest triggered logging |
xen-kernel -- Certain domctl operations may be abused to lock up the host |
xen-kernel -- GNTTABOP_swap_grant_ref operation misbehavior |
xen-kernel -- Hypervisor memory corruption due to x86 emulator flaw |
xen-kernel -- Information leak through version information hypercall |
xen-kernel -- Information leak through XEN_DOMCTL_gettscinfo |
xen-kernel -- Information leak via internal x86 system device emulation |
xen-kernel -- vulnerability in the iret hypercall handler |
xen-kernel and xen-tools -- Long latency MMIO mapping operations are not preemptible |
xen-tools -- Guest triggerable qemu MSI-X pass-through error messages |
xen-tools -- HVM qemu unexpectedly enabling emulated VGA graphics backends |
xen-tools -- PCI MSI mask bits inadvertently exposed to guests |
xen-tools -- Potential unintended writes to host MSI message data field via qemu |
xen-tools -- Unmediated PCI command register access in qemu |
xen-tools -- Unmediated PCI register access in qemu |
xen-tools -- xl command line config handling stack overflow |
2015-07-09 |
django -- multiple vulnerabilities |
openssl -- alternate chains certificate forgery vulnerability |
wpa_supplicant -- WPS_NFC option payload length validation vulnerability |
2015-07-08 |
Adobe Flash Player -- critical vulnerabilities |
2015-07-07 |
bind -- denial of service vulnerability |
haproxy -- information leak vulnerability |
roundcube -- multiple vulnerabilities |
2015-07-06 |
bitcoin -- denial of service |
node, iojs, and v8 -- denial of service |
squid -- client-first SSL-bump does not correctly validate X509 server certificate |
squid -- Improper Protection of Alternate Path with CONNECT requests |
2015-07-03 |
cups-filters -- texttopdf integer overflow |
2015-07-02 |
ansible -- code execution from compromised remote host data or untrusted local data |
ansible -- enable host key checking in paramiko connection type |
ansible -- local symlink exploits |
ansible -- multiple vulnerabilities |
ansible -- multiple vulnerabilities |
ansible -- remote code execution vulnerability |
turnserver -- SQL injection vulnerability |
2015-07-01 |
libxml2 -- Enforce the reader to run in constant memory |
wesnoth -- disclosure of .pbl files with lowercase, uppercase, and mixed-case extension |
2015-06-30 |
ntp -- control message remote Denial of Service vulnerability |
2015-06-29 |
cups-filters -- buffer overflow in texttopdf size allocation |
pcre -- Heap Overflow Vulnerability in find_fixedlength() |
2015-06-26 |
elasticsearch -- cross site scripting vulnerability in the CORS functionality |
elasticsearch -- directory traversal attack with site plugins |
elasticsearch -- remote OS command execution via Groovy scripting engine |
elasticsearch -- security fix for shared file-system repositories |
elasticsearch and logstash -- remote OS command execution via dynamic scripting |
qemu -- Heap overflow in QEMU PCNET controller, allowing guest to host escape (CVE-2015-3209) |
2015-06-24 |
Adobe Flash Player -- critical vulnerabilities |
logstash -- Directory traversal vulnerability in the file output plugin |
logstash -- Remote command execution in Logstash zabbix and nagios_nsca outputs |
logstash-forwarder and logstash -- susceptibility to POODLE vulnerability |
2015-06-23 |
php5 -- multiple vulnerabilities |
rubygem-bson -- DoS and possible injection |
2015-06-22 |
chicken -- buffer overrun in substring-index[-ci] |
chicken -- Potential buffer overrun in string-translate* |
devel/ipython -- remote execution |
rubygem-paperclip -- validation bypass vulnerability |
www/chromium -- multiple vulnerabilities |
2015-06-21 |
cacti -- multiple security vulnerabilities |
cacti -- Multiple XSS and SQL injection vulnerabilities |
2015-06-20 |
p5-Dancer -- possible to abuse session cookie values |
2015-06-19 |
drupal -- multiple vulnerabilities |
2015-06-17 |
cURL -- Multiple Vulnerability |
rubygem-rails -- multiple vulnerabilities |
2015-06-16 |
testdisk -- buffer overflow with malicious disk image |
tomcat -- multiple vulnerabilities |
2015-06-12 |
security/ossec-hids-* -- root escalation via syscheck feature |
2015-06-11 |
Adobe Flash Player -- critical vulnerabilities |
openssl -- multiple vulnerabilities |
2015-06-10 |
libzmq4 -- V3 protocol handler vulnerable to downgrade attacks |
pgbouncer -- remote denial of service |
2015-06-09 |
cups -- multiple vulnerabilities |
strongswan -- Denial-of-service and potential remote code execution vulnerability |
strongswan -- Information Leak Vulnerability |
2015-06-08 |
redis -- EVAL Lua Sandbox Escape |
tidy -- heap-buffer-overflow |
2015-06-04 |
pcre -- multiple vulnerabilities |
2015-06-02 |
ffmpeg -- multiple vulnerabilities |
2015-06-01 |
avidemux26 -- multiple vulnerabilities in bundled FFmpeg |
hostapd and wpa_supplicant -- multiple vulnerabilities |
2015-05-31 |
cabextract -- directory traversal with UTF-8 symbols in filenames |
django -- Fixed session flushing in the cached_db backend |
libmspack -- frame_end overflow which could cause infinite loop |
rest-client -- plaintext password disclosure |
rest-client -- session fixation vulnerability |
2015-05-29 |
proxychains-ng -- current path as the first directory for the library search path |
2015-05-28 |
krb5 -- requires_preauth bypass in PKINIT-enabled KDC |
wireshark -- multiple vulnerabilities |
2015-05-26 |
cURL -- multiple vulnerabilities |
cURL -- sensitive HTTP server headers also sent to proxies |
2015-05-24 |
cassandra -- remote execution of arbitrary code |
py-salt -- potential shell injection vulnerabilities |
2015-05-23 |
davmail -- fix potential CVE-2014-3566 vulnerability (POODLE) |
dnsmasq -- data exposure and denial of service |
dnsmasq -- remotely exploitable buffer overflow in release candidate |
2015-05-22 |
pcre -- multiple vulnerabilities |
php -- multiple vulnerabilities |
PostgreSQL -- minor security problems. |
2015-05-20 |
proftpd -- arbitrary code execution vulnerability with chroot |
2015-05-19 |
chromium -- multiple vulnerabilities |
clamav -- multiple vulnerabilities |
ipsec-tools -- Memory leak leading to denial of service |
2015-05-17 |
qemu, xen and VirtualBox OSE -- possible VM escape and code execution ("VENOM") |
rubygems -- request hijacking vulnerability |
2015-05-16 |
Quassel IRC -- SQL injection vulnerability |
2015-05-15 |
dcraw -- integer overflow condition |
2015-05-14 |
rubygem-redcarpet -- XSS vulnerability |
2015-05-13 |
Adobe Flash Player -- critical vulnerabilities |
phpMyAdmin -- XSRF and man-in-the-middle vulnerabilities |
2015-05-12 |
mozilla -- multiple vulnerabilities |
suricata -- TLS/DER Parser Bug (DoS) |
2015-05-10 |
libssh -- null pointer dereference |
2015-05-07 |
Vulnerability in HWP document filter |
wordpress -- 2 cross-site scripting vulnerabilities |
wordpress -- cross-site scripting vulnerability |
2015-05-01 |
powerdns -- Label decompression bug can cause crashes or CPU spikes |
2015-04-28 |
chromium -- multiple vulnerabilities |
2015-04-27 |
chromium -- multiple vulnerabilities |
2015-04-25 |
Several vulnerabilities found in PHP |
wpa_supplicant -- P2P SSID processing vulnerability |
2015-04-24 |
wordpress -- multiple vulnerabilities |
2015-04-22 |
libtasn1 -- stack-based buffer overflow in asn1_der_decoding |
2015-04-21 |
mozilla -- use-after-free |
2015-04-18 |
chrony -- multiple vulnerabilities |
sqlite -- multiple vulnerabilities |
2015-04-17 |
Adobe Flash Player -- critical vulnerabilities |
Dulwich -- Remote code execution |
Wesnoth -- Remote information disclosure |
2015-04-14 |
qt4-imageformats, qt4-gui, qt5-gui -- Multiple Vulnerabilities in Qt Image Format Handling |
Ruby -- OpenSSL Hostname Verification Vulnerability |
2015-04-09 |
mailman -- path traversal vulnerability |
2015-04-08 |
asterisk -- TLS Certificate Common name NULL byte exploit |
2015-04-07 |
ntp -- multiple vulnerabilities |
2015-04-04 |
mozilla -- multiple vulnerabilities |
2015-04-03 |
Several vulnerabilities in libav |
2015-04-01 |
Several vulnerabilities found in PHP |
2015-03-31 |
cpio -- multiple vulnerabilities |
mozilla -- multiple vulnerabilities |
osc -- shell command injection via crafted _service files |
subversion -- DoS vulnerabilities |
2015-03-28 |
libzip -- integer overflow |
2015-03-27 |
django -- multiple vulnerabilities |
2015-03-24 |
GNU binutils -- multiple vulnerabilities |
jenkins -- multiple vulnerabilities |
libuv -- incorrect revocation order while relinquishing privileges |
2015-03-22 |
mozilla -- multiple vulnerabilities |
2015-03-19 |
OpenSSL -- multiple vulnerabilities |
2015-03-18 |
libXfont -- BDF parsing issues |
2015-03-13 |
Adobe Flash Player -- critical vulnerabilities |
sympa -- Remote attackers can read arbitrary files |
2015-03-08 |
phpMyAdmin -- Risk of BREACH attack due to reflected parameter |
rt -- Remote DoS, Information disclosure and Session Hijackingvulnerabilities |
2015-03-07 |
mono -- TLS bugs |
2015-03-05 |
PuTTY -- fails to scrub private keys from memory after use |
qt4-gui, qt5-gui -- DoS vulnerability in the BMP image handler |
2015-03-04 |
chromium -- multiple vulnerabilities |
2015-03-01 |
jenkins -- multiple vulnerabilities |
2015-02-27 |
mozilla -- multiple vulnerabilities |
2015-02-26 |
php5 -- multiple vulnerabilities |
2015-02-25 |
krb5 1.11 -- New release/fix multiple vulnerabilities |
2015-02-24 |
e2fsprogs -- buffer overflow if s_first_meta_bg too big |
e2fsprogs -- potential buffer overflow in closefs() |
2015-02-23 |
bind -- denial of service vulnerability |
samba -- Unexpected code execution in smbd |
2015-02-21 |
krb5 1.12 -- New release/fix multiple vulnerabilities |
2015-02-17 |
unzip -- heap based buffer overflow in iconv patch |
2015-02-12 |
krb5 -- Vulnerabilities in kadmind, libgssrpc, gss_process_context_token VU#540092 |
xorg-server -- Information leak in the XkbSetGeometry request of X servers. |
2015-02-06 |
chromium -- multiple vulnerabilities |
openldap -- two remote denial of service vulnerabilities |
2015-02-05 |
PostgreSQL -- multiple buffer overflows and memory issues |
2015-02-04 |
krb5 -- Vulnerabilities in kadmind, libgssrpc, gss_process_context_token VU#540092 |
2015-02-03 |
unzip -- out of boundary access issues in test_compr_eb |
2015-02-02 |
Xymon -- buffer overrun |
2015-01-31 |
apache24 -- several vulnerabilities |
rabbitmq -- Security issues in management plugin |
2015-01-29 |
asterisk -- File descriptor leak when incompatible codecs are offered |
asterisk -- Mitigation for libcURL HTTP request injection vulnerability |
2015-01-28 |
glibc -- gethostbyname buffer overflow |
2015-01-26 |
Adobe Flash Player -- critical vulnerability |
Bugzilla multiple security issues |
2015-01-23 |
django -- multiple vulnerabilities |
2015-01-22 |
Adobe Flash Player -- multiple vulnerabilities |
LibreSSL -- DTLS vulnerability |
2015-01-21 |
chromium -- multiple vulnerabilities |
2015-01-19 |
polarssl -- Remote attack using crafted certificates |
2015-01-16 |
samba -- Elevation of privilege to Active Directory Domain Controller |
unzip -- input sanitization errors |
2015-01-14 |
kde-runtime -- incorrect CBC encryption handling |
mozilla -- multiple vulnerabilities |
2015-01-11 |
libevent -- integer overflow in evbuffers |
2015-01-09 |
cURL -- URL request injection vulnerability |
WebKit-gtk -- Multiple vulnerabilities |
2015-01-08 |
OpenSSL -- multiple vulnerabilities |
2015-01-05 |
png -- heap overflow for 32-bit builds |
wordpress -- multiple vulnerabilities |
2015-01-02 |
file -- multiple vulnerabilities |
2014-12-29 |
libutp -- remote denial of service or arbitrary code execution |
2014-12-23 |
mutt -- denial of service via crafted mail message |
2014-12-20 |
ntp -- multiple vulnerabilities |
2014-12-19 |
git -- Arbitrary command execution on case-insensitive filesystems |
2014-12-16 |
otrs -- Incomplete Access Control |
2014-12-15 |
subversion -- DoS vulnerabilities |
2014-12-14 |
NVIDIA UNIX driver -- remote denial of service or arbitrary code execution |
2014-12-11 |
asterisk -- Remote Crash Vulnerability in WebSocket Server |
bind -- denial of service vulnerability |
2014-12-10 |
xserver -- multiple issue with X client request handling |
2014-12-09 |
unbound -- can be tricked into following an endless series of delegations, this consumes a lot of resources |
2014-12-07 |
freetype -- Out of bounds stack-based read/write |
2014-12-04 |
phpMyAdmin -- XSS and DoS vulnerabilities |
2014-12-02 |
mozilla -- multiple vulnerabilities |
OpenVPN -- denial of service security vulnerability |
2014-11-25 |
flac -- Multiple vulnerabilities |
2014-11-21 |
asterisk -- Multiple vulnerabilities |
asterisk -- Multiple vulnerabilities |
phpMyAdmin -- XSS and information disclosure vulnerabilities |
2014-11-20 |
kwebkitpart, kde-runtime -- insufficient input validation |
2014-11-19 |
yii -- Remote arbitrary PHP code execution |
2014-11-18 |
chromium -- multiple vulnerabilities |
2014-11-17 |
kde-workspace -- privilege escalation |
2014-11-11 |
dbus -- incomplete fix for CVE-2014-3636 part A |
2014-11-08 |
wget -- path traversal vulnerability in recursive FTP mode |
2014-11-05 |
Konversation -- out-of-bounds read on a heap-allocated array |
2014-10-31 |
jenkins -- slave-originated arbitrary code execution on master servers |
twiki -- remote Perl code execution |
2014-10-29 |
libssh -- PRNG state reuse on forking servers |
2014-10-24 |
libpurple/pidgin -- multiple vulnerabilities |
2014-10-22 |
phpMyAdmin -- XSS vulnerabilities in SQL debug output and server monitor page. |
2014-10-21 |
asterisk -- Asterisk Susceptibility to POODLE Vulnerability |
2014-10-18 |
libxml2 -- Denial of service |
2014-10-16 |
drupal7 -- SQL injection |
2014-10-15 |
OpenSSL -- multiple vulnerabilities |
2014-10-14 |
mozilla -- multiple vulnerabilities |
2014-10-09 |
foreman-proxy SSL verification issue |
2014-10-06 |
Bugzilla multiple security issues |
2014-10-02 |
rt42 -- vulnerabilities related to shellshock |
2014-10-01 |
bash -- out-of-bounds memory access in parser |
bash -- remote code execution |
jenkins -- remote execution, privilege escalation, XSS, password exposure, ACL hole, DoS |
phpMyAdmin -- XSS vulnerabilities |
2014-09-30 |
rsyslog -- remote syslog PRI vulnerability |
2014-09-29 |
fish -- local privilege escalation and remote code execution |
2014-09-25 |
Flash player -- Multiple security vulnerabilities in www/linux-*-flashplugin11 |
krfb -- Multiple security issues in bundled libvncserver |
NSS -- RSA Signature Forgery |
2014-09-24 |
bash -- remote code execution vulnerability |
2014-09-18 |
asterisk -- Remotely triggered crash |
squid -- Buffer overflow in SNMP processing |
2014-09-17 |
dbus -- multiple vulnerabilities |
2014-09-16 |
nginx -- inject commands into SSL session vulnerability |
2014-09-13 |
phpMyAdmin -- XSRF/CSRF due to DOM based XSS in the micro history feature |
2014-09-11 |
security/ossec-hids-* -- root escalation via temp files |
2014-09-05 |
trafficserver -- unspecified vulnerability |
2014-08-21 |
django -- multiple vulnerabilities |
file -- buffer overruns and missing buffer size tests |
2014-08-18 |
PHP multiple vulnerabilities |
2014-08-17 |
phpMyAdmin -- XSS vulnerabilities |
2014-08-11 |
serf -- SSL Certificate Null Byte Poisoning |
subversion -- several vulnerabilities |
2014-08-09 |
nginx -- inject commands into SSL session vulnerability |
2014-08-06 |
OpenSSL -- multiple vulnerabilities |
2014-08-03 |
krfb -- Possible Denial of Service or code execution via integer overflow |
2014-08-02 |
gpgme -- heap-based buffer overflow in gpgsm status handler |
samba -- remote code execution |
2014-07-31 |
kdelibs -- KAuth PID Reuse Flaw |
2014-07-30 |
tor -- traffic confirmation attack |
2014-07-28 |
i2p -- Multiple Vulnerabilities |
2014-07-25 |
bugzilla -- Cross Site Request Forgery |
2014-07-24 |
apache22 -- several vulnerabilities |
2014-07-23 |
mozilla -- multiple vulnerabilities |
tomcat -- multiple vulnerabilities |
2014-07-21 |
mcollective -- cert valication issue |
2014-07-19 |
apache24 -- several vulnerabilities |
qt4-imageformats, qt5-gui -- DoS vulnerability in the GIF image handler |
2014-07-18 |
phpMyAdmin -- multiple XSS vulnerabilities, missing validation |
2014-07-16 |
kdelibs4 -- KMail/KIO POP3 SSL Man-in-the-middle Flaw |
2014-07-13 |
postfixadmin -- SQL injection vulnerability |
2014-07-03 |
dbus -- multiple vulnerabilities |
2014-06-28 |
mencoder -- potential buffer overrun when processing malicious lzo compressed input |
mplayer -- potential buffer overrun when processing malicious lzo compressed input |
2014-06-26 |
LZO -- potential buffer overrun when processing malicious input data |
2014-06-23 |
gnupg -- possible DoS using garbled compressed data packets |
samba -- multiple vulnerabilities |
2014-06-20 |
phpMyAdmin -- two XSS vulnerabilities due to unescaped db/table names |
2014-06-18 |
iodined -- authentication bypass |
2014-06-17 |
asterisk -- multiple vulnerabilities |
2014-06-14 |
dbus -- local DoS |
2014-06-10 |
mozilla -- multiple vulnerabilities |
2014-06-05 |
OpenSSL -- multiple vulnerabilities |
2014-06-04 |
gnutls -- client-side memory corruption |
2014-06-03 |
gnutls -- client-side memory corruption |
2014-05-29 |
mumble -- multiple vulnerabilities |
mumble -- NULL pointer dereference and heap-based buffer overflow |
2014-05-26 |
linux-flashplugin -- multiple vulnerabilities |
2014-05-24 |
openjpeg -- Multiple vulnerabilities |
2014-05-13 |
libXfont -- X Font Service Protocol and Font metadata file handling issues |
2014-05-06 |
libxml2 -- entity substitution DoS |
2014-05-05 |
qt4-xml -- XML Entity Expansion Denial of Service |
2014-05-04 |
strongswan -- Remote Authentication Bypass |
2014-05-03 |
OpenSSL -- NULL pointer dereference / DoS |
2014-04-30 |
mohawk -- multiple vulnerabilities |
opera -- moderately severe issue |
2014-04-29 |
mozilla -- multiple vulnerabilities |
2014-04-23 |
django -- multiple vulnerabilities |
OpenSSL -- Remote Data Injection / DoS |
2014-04-18 |
bugzilla -- Cross-Site Request Forgery |
bugzilla -- Social Engineering |
2014-04-13 |
ChaSen -- buffer overflow |
2014-04-11 |
cURL -- inappropriate GSSAPI delegation |
dbus-glib -- privledge escalation |
libaudiofile -- heap-based overflow in Microsoft ADPCM compression module |
nas -- multiple vulnerabilities |
OpenLDAP -- incorrect handling of NULL in certificate Common Name |
OpenSSL -- Local Information Disclosure |
2014-04-09 |
openafs -- Denial of Service |
2014-04-07 |
OpenSSL -- Remote Information Disclosure |
2014-04-03 |
otrs -- Clickjacking issue |
2014-03-29 |
file -- out-of-bounds access in search rules with offsets from input file |
Icinga -- buffer overflow in classic web interface |
2014-03-26 |
LibYAML input sanitization errors |
2014-03-23 |
Joomla! -- Core - Multiple Vulnerabilities |
mail/trojita -- may leak mail contents (not user credentials) over unencrypted connection |
nginx -- SPDY heap buffer overflow |
nginx-devel -- SPDY heap buffer overflow |
2014-03-22 |
apache -- several vulnerabilities |
2014-03-19 |
mozilla -- multiple vulnerabilities |
2014-03-14 |
mutt -- denial of service, potential remote code execution |
2014-03-13 |
wemux -- read-only can be bypassed |
2014-03-11 |
samba -- multiple vulnerabilities |
2014-03-10 |
asterisk -- multiple vulnerabilities |
2014-03-09 |
freetype2 -- Out of bounds read/write |
2014-03-06 |
nginx -- SPDY memory corruption |
xmms -- Integer Overflow And Underflow Vulnerabilities |
2014-03-04 |
gnutls -- multiple certificate verification issues |
2014-03-03 |
file -- denial of service |
2014-03-01 |
Python -- buffer overflow in socket.recvfrom_into() |
2014-02-26 |
subversion -- mod_dav_svn vulnerability |
2014-02-25 |
otrs -- XSS Issue |
2014-02-20 |
PostgreSQL -- multiple privilege issues |
2014-02-15 |
jenkins -- multiple vulnerabilities |
phpMyAdmin -- Self-XSS due to unescaped HTML output in import. |
2014-02-14 |
lighttpd -- multiple vulnerabilities |
2014-02-06 |
phpmyfaq -- multiple vulnerabilities |
2014-02-04 |
linux-flashplugin -- multiple vulnerabilities |
mozilla -- multiple vulnerabilities |
2014-02-01 |
libyaml heap overflow resulting in possible code execution |
2014-01-29 |
socat -- buffer overflow with data from command line |
2014-01-28 |
otrs -- multiple vulnerabilities |
2014-01-27 |
rt42 -- denial-of-service attack via the email gateway |
strongswan -- multiple DoS vulnerabilities |
2014-01-25 |
varnish -- DoS vulnerability in Varnish HTTP cache |
2014-01-24 |
linux-flashplugin -- multiple vulnerabilities |
2014-01-22 |
HTMLDOC -- buffer overflow issues when reading AFM files and parsing page sizes |
2014-01-16 |
virtualbox-ose -- local vulnerability |
2014-01-14 |
nagios -- denial of service vulnerability |
ntpd DRDoS / Amplification Attack using ntpdc monlist command |
2014-01-13 |
bind -- denial of service vulnerability |
2014-01-08 |
libXfont -- Stack buffer overflow in parsing of BDF font files in libXfont |
2014-01-06 |
openssl -- multiple vulnerabilities |
2013-12-22 |
OpenX -- SQL injection vulnerability |
2013-12-18 |
cURL library -- cert name check ignore with GnuTLS |
gnupg -- RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis attack |
2013-12-17 |
asterisk -- multiple vulnerabilities |
2013-12-16 |
phpmyfaq -- arbitrary PHP code execution vulnerability |
zabbix -- shell command injection vulnerability |
2013-12-14 |
mozilla -- multiple vulnerabilities |
PHP5 -- memory corruption in openssl_x509_parse() |
2013-12-11 |
samba -- multiple vulnerabilities |
2013-12-08 |
rails -- multiple vulnerabilities |
2013-12-06 |
drupal -- multiple vulnerabilities |
2013-12-04 |
Joomla! -- Core XSS Vulnerabilities |
2013-12-01 |
monitorix -- serious bug in the built-in HTTP server |
2013-11-28 |
OpenTTD -- Denial of service using forcefully crashed aircrafts |
2013-11-25 |
subversion -- multiple vulnerabilities |
2013-11-24 |
ruby-gems -- Algorithmic Complexity Vulnerability |
ruby-gems -- Algorithmic Complexity Vulnerability |
2013-11-23 |
ruby -- Heap Overflow in Floating Point Parsing |
2013-11-19 |
nginx -- Request line parsing vulnerability |
samba -- ACLs are not checked on opening an alternate data stream on a file or directory |
samba -- Private key in key.pem world readable |
2013-11-12 |
linux-flashplugin -- multiple vulnerabilities |
2013-11-08 |
OpenSSH -- Memory corruption in sshd |
2013-11-06 |
Quassel IRC -- SQL injection vulnerability |
2013-10-30 |
mozilla -- multiple vulnerabilities |
2013-10-28 |
mod_pagespeed -- critical cross-site scripting (XSS) vulnerability |
2013-10-25 |
gnutls -- denial of service |
2013-10-24 |
xorg-server -- use-after-free |
2013-10-19 |
node.js -- DoS Vulnerability |
pycrypto -- PRNG reseed race condition |
wordpress -- multiple vulnerabilities |
2013-10-17 |
bugzilla -- multiple vulnerabilities |
dropbear -- exposure of sensitive information, DoS |
2013-10-10 |
mod_fcgid -- possible heap buffer overwrite |
2013-10-05 |
gnupg -- possible infinite recursion in the compressed packet parser |
2013-10-03 |
xinetd -- ignores user and group directives for TCPMUX services |
2013-10-02 |
polarssl -- Timing attack against protected RSA-CRT implementation |
2013-09-30 |
py-graphite-web -- Multiple vulnerabilities |
2013-09-22 |
django -- denial-of-service via large passwords |
2013-09-19 |
FreeBSD -- Cross-mount links between nullfs(5) mounts |
FreeBSD -- Insufficient credential checks in network ioctl(2) |
2013-09-13 |
linux-flashplugin -- multiple vulnerabilities |
2013-09-12 |
django -- multiple vulnerabilities |
2013-09-02 |
svnserve is vulnerable to a local privilege escalation vulnerability via symlink attack. |
2013-08-29 |
cacti -- allow remote attackers to execute arbitrary SQL commands |
2013-08-28 |
asterisk -- multiple vulnerabilities |
2013-08-20 |
gstreamer-ffmpeg -- Multiple vulnerabilities in bundled libav |
2013-08-18 |
mozilla -- multiple vulnerabilities |
2013-08-17 |
GnuPG and Libgcrypt -- side-channel attack vulnerability |
2013-08-16 |
puppet -- multiple vulnerabilities |
2013-08-15 |
lcms2 -- Null Pointer Dereference Denial of Service Vulnerability |
2013-08-13 |
polarssl -- denial of service vulnerability |
2013-08-09 |
samba -- denial of service vulnerability |
2013-08-08 |
mozilla -- multiple vulnerabilities |
2013-08-07 |
PuTTY -- Four security holes in versions before 0.63 |
2013-08-05 |
typo3 -- Multiple vulnerabilities in TYPO3 Core |
2013-08-04 |
phpMyAdmin -- clickJacking protection can be bypassed |
2013-07-28 |
phpMyAdmin -- multiple vulnerabilities |
2013-07-27 |
wordpress -- multiple vulnerabilities |
2013-07-26 |
bind -- denial of service vulnerability |
2013-07-25 |
gnupg -- side channel attack on RSA secret keys |
openafs -- single-DES cell-wide key brute force vulnerability |
2013-07-24 |
subversion -- remotely triggerable "Assertion failed" DoS vulnerability or read overflow. |
2013-07-22 |
suPHP -- Privilege escalation |
2013-07-20 |
apache24 -- several vulnerabilities |
2013-07-17 |
gallery -- multiple vulnerabilities |
2013-07-16 |
PHP5 -- Heap corruption in XML parser |
PHP5 -- Integer overflow in Calendar module |
2013-07-15 |
linux-flashplugin -- multiple vulnerabilities |
squid -- denial of service |
2013-07-11 |
libzrtpcpp -- multiple security vulnerabilities |
otrs -- Sql Injection + Xss Issue |
ruby -- Hostname check bypassing vulnerability in SSL client |
2013-07-10 |
libxml2 -- lack of end-of-document check DoS |
2013-07-05 |
apache22 -- several vulnerabilities |
2013-06-30 |
phpMyAdmin -- Global variable scope injection |
2013-06-28 |
apache-xml-security-c -- heap overflow during XPointer evaluation |
2013-06-26 |
mozilla -- multiple vulnerabilities |
2013-06-23 |
cURL library -- heap corruption in curl_easy_unescape |
2013-06-22 |
puppet -- Unauthenticated Remote Code Execution Vulnerability |
2013-06-19 |
otrs -- information disclosure |
2013-06-18 |
apache-xml-security-c -- heap overflow |
FreeBSD -- Privilege escalation via mmap |
2013-06-16 |
tor -- guard discovery |
2013-06-14 |
linux-flashplugin -- multiple vulnerabilities |
2013-06-13 |
dbus -- local dos |
2013-06-11 |
owncloud -- Multiple security vulnerabilities |
2013-06-07 |
php5 -- Heap based buffer overflow in quoted_printable_encode |
2013-06-06 |
dns/bind9* -- A recursive resolver can be crashed by a query for a malformed zone |
2013-06-05 |
phpMyAdmin -- XSS due to unescaped HTML output in Create View page |
telepathy-gabble -- TLS verification bypass |
2013-06-04 |
xorg -- protocol handling issues in X Window System client libraries |
2013-06-03 |
krb5 -- UDP ping-pong vulnerability in the kpasswd (password changing) service. [CVE-2002-2443] |
net/openafs -- buffer overflow |
www/mod_security -- NULL pointer dereference DoS |
2013-06-01 |
passenger -- security vulnerability |
2013-05-31 |
devel/subversion -- contrib hook-scripts can allow arbitrary code execution |
devel/subversion -- fsfs repositories can be corrupted by newline characters in filenames |
devel/subversion -- svnserve remotely triggerable DoS |
irc/bitchx -- multiple vulnerabilities |
2013-05-28 |
znc -- null pointer dereference in webadmin module |
2013-05-26 |
couchdb -- DOM based Cross-Site Scripting via Futon UI |
ruby -- Object taint bypassing in DL and Fiddle in Ruby |
socat -- FD leak |
2013-05-23 |
otrs -- information disclosure |
otrs -- XSS vulnerability |
RT -- multiple vulnerabilities |
2013-05-19 |
plib -- buffer overflow |
plib -- stack-based buffer overflow |
2013-05-16 |
linux-flashplugin -- multiple vulnerabilities |
2013-05-15 |
mozilla -- multiple vulnerabilities |
2013-05-07 |
nginx -- multiple vulnerabilities |
2013-05-03 |
jenkins -- multiple vulnerabilities |
strongSwan -- ECDSA signature verification issue |
2013-04-29 |
FreeBSD -- NFS remote denial of service |
2013-04-27 |
Joomla! -- XXS and DDoS vulnerabilities |
2013-04-24 |
phpMyAdmin -- Multiple security vulnerabilities |
2013-04-22 |
tinc -- Buffer overflow |
2013-04-20 |
phpMyAdmin -- XSS due to unescaped HTML output in GIS visualisation page |
2013-04-19 |
roundcube -- arbitrary file disclosure vulnerability |
2013-04-18 |
jasper -- buffer overflow |
2013-04-16 |
ModSecurity -- XML External Entity Processing Vulnerability |
2013-04-15 |
sieve-connect -- TLS hostname verification was not occurring |
2013-04-10 |
linux-flashplugin -- multiple vulnerabilities |
rubygem-rails -- multiple vulnerabilities |
2013-04-08 |
NVIDIA UNIX driver -- ARGB cursor buffer overflow in "NoScanout" mode |
2013-04-05 |
otrs -- Information disclosure and Data manipulation |
Subversion -- multiple vulnerabilities |
2013-04-04 |
PostgreSQL -- anonymous remote access data corruption vulnerability |
2013-04-03 |
mozilla -- multiple vulnerabilities |
2013-04-02 |
FreeBSD -- BIND remote denial of service |
FreeBSD -- OpenSSL multiple vulnerabilities |
2013-03-31 |
OpenVPN -- potential side-channel/timing attack when comparing HMACs |
2013-03-29 |
asterisk -- multiple vulnerabilities |
libxml2 -- cpu consumption Dos |
2013-03-27 |
dns/bind9* -- Malicious Regex Can Cause Memory Exhaustion |
2013-03-21 |
optipng -- use-after-free vulnerability |
2013-03-18 |
php5 -- Multiple vulnerabilities |
piwigo -- CSRF/Path Traversal |
2013-03-13 |
libexif -- multiple remote vulnerabilities |
puppet26 -- multiple vulnerabilities |
puppet27 and puppet -- multiple vulnerabilities |
2013-03-12 |
linux-flashplugin -- multiple vulnerabilities |
2013-03-10 |
libpurple -- multiple vulnerabilities |
perl -- denial of service via algorithmic complexity attack on hashing routines |
2013-03-08 |
mozilla -- use-after-free in HTML Editor |
2013-03-06 |
firebird -- Remote Stack Buffer Overflow |
typo3 -- Multiple vulnerabilities in TYPO3 Core |
2013-03-03 |
stunnel -- Remote Code Execution |
2013-03-02 |
apache22 -- several vulnerabilities |
2013-03-01 |
sudo -- Authentication bypass when clock is reset |
sudo -- Potential bypass of tty_tickets constraints |
2013-02-28 |
rubygem-dragonfly -- arbitrary code execution |
2013-02-27 |
linux-flashplugin -- multiple vulnerabilities |
2013-02-25 |
otrs -- XSS vulnerability could lead to remote code execution |
otrs -- XSS vulnerability in Firefox and Opera could lead to remote code execution |
otrs -- XSS vulnerability in Internet Explorer could lead to remote code execution |
2013-02-24 |
django -- multiple vulnerabilities |
ruby -- DoS vulnerability in REXML |
rubygem-ruby_parser -- insecure tmp file usage |
2013-02-22 |
krb5 -- null pointer dereference in the KDC PKINIT code [CVE-2013-1415] |
2013-02-21 |
drupal7 -- Denial of service |
FreeBSD -- BIND remote DoS with deliberately crafted DNS64 query |
FreeBSD -- glob(3) related resource exhaustion |
2013-02-20 |
bugzilla -- multiple vulnerabilities |
nss-pam-ldapd -- file descriptor buffer overflow |
2013-02-19 |
mozilla -- multiple vulnerabilities |
2013-02-17 |
jenkins -- multiple vulnerabilities |
Ruby Activemodel Gem -- Circumvention of attr_protected |
Ruby Rack Gem -- Multiple Issues |
2013-02-16 |
poweradmin -- multiple XSS vulnerabilities |
Ruby -- Denial of Service and Unsafe Object Creation Vulnerability in JSON |
Ruby -- XSS exploit of RDoc documentation generated by rdoc |
2013-02-08 |
linux-flashplugin -- multiple vulnerabilities |
2013-02-06 |
OpenSSL -- TLS 1.1, 1.2 denial of service |
2013-02-01 |
mysql/mariadb/percona server -- multiple vulnerabilities |
opera -- execution of arbitrary code |
2013-01-30 |
upnp -- multiple vulnerabilities |
2013-01-29 |
wordpress -- multiple vulnerabilities |
2013-01-25 |
django-cms -- XSS Vulnerability |
2013-01-20 |
drupal -- multiple vulnerabilities |
2013-01-16 |
ettercap -- buffer overflow in target list parsing |
2013-01-14 |
java 7.x -- security manager bypass |
2013-01-10 |
nagios -- buffer overflow in history.cgi |
2013-01-09 |
mozilla -- multiple vulnerabilities |
2013-01-08 |
jenkins -- HTTP access to the server to retrieve the master cryptographic key |
rubygem-rails -- multiple vulnerabilities |
2013-01-07 |
rubygem-rails -- SQL injection vulnerability |
2013-01-06 |
django -- multiple vulnerabilities |
2013-01-05 |
freetype -- Multiple vulnerabilities |
moinmoin -- Multiple vulnerabilities |
2013-01-03 |
asterisk -- multiple vulnerabilities |
2013-01-02 |
ircd-ratbox and charybdis -- remote DoS vulnerability |
2012-12-30 |
otrs -- XSS vulnerability |
otrs -- XSS vulnerability in Firefox and Opera |
otrs -- XSS vulnerability in Internet Explorer |
puppet -- multiple vulnerabilities |
2012-12-28 |
squid -- denial of service |
2012-12-18 |
opera -- execution of arbitrary code |
2012-12-14 |
linux-flashplugin -- multiple vulnerabilities |
2012-12-04 |
dns/bind9* -- servers using DNS64 can be crashed by a crafted query |
tomcat -- bypass of CSRF prevention filter |
tomcat -- bypass of security constraints |
tomcat -- denial of service |
2012-12-03 |
bogofilter -- heap corruption by invalid base64 input |
2012-11-27 |
YUI JavaScript library -- JavaScript injection exploits in Flash components |
2012-11-24 |
FreeBSD -- Insufficient message length validation for EAP-TLS messages |
FreeBSD -- Linux compatibility layer input validation error |
FreeBSD -- Multiple Denial of Service vulnerabilities with named(8) |
2012-11-22 |
opera -- execution of arbitrary code |
2012-11-21 |
lighttpd -- remote DoS in header parsing |
2012-11-20 |
mozilla -- multiple vulnerabilities |
2012-11-18 |
weechat -- Arbitrary shell command execution via scripts |
2012-11-14 |
bugzilla -- multiple vulnerabilities |
2012-11-12 |
DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust |
typo3 -- Multiple vulnerabilities in TYPO3 Core |
2012-11-10 |
ruby -- Hash-flooding DoS vulnerability for ruby 1.9 |
weechat -- Crash or freeze when decoding IRC colors in strings |
2012-11-08 |
tomcat -- authentication weaknesses |
tomcat -- Denial of Service |
2012-11-06 |
opera -- multiple vulnerabilities |
2012-11-02 |
apache22 -- several vulnerabilities |
linux-flashplugin -- multiple vulnerabilities |
linux-flashplugin -- multiple vulnerabilities |
webmin -- potential XSS attack via real name field |
2012-11-01 |
RT -- Multiple Vulnerabilities |
ruby -- $SAFE escaping vulnerability about Exception#to_s/NameError#to_s |
ruby -- Unintentional file creation caused by inserting an illegal NUL character |
2012-10-31 |
drupal7 -- multiple vulnerabilities |
2012-10-27 |
mozilla -- multiple vulnerabilities |
2012-10-26 |
Exim -- remote code execution |
2012-10-24 |
django -- multiple vulnerabilities |
2012-10-22 |
Wireshark -- Multiple Vulnerabilities |
2012-10-17 |
xinetd -- attackers can bypass access restrictions if tcpmux-servers service enabled |
xlockmore -- local exploit |
2012-10-16 |
Zend Framework -- Multiple vulnerabilities via XXE injection |
2012-10-15 |
gitolite -- path traversal vulnerability |
2012-10-14 |
phpMyAdmin -- Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack |
2012-10-10 |
dns/bind9* -- crash on deliberately constructed combination of records |
mozilla -- multiple vulnerabilities |
2012-09-27 |
OpenX -- SQL injection vulnerability |
2012-09-26 |
eperl -- Remote code execution |
2012-09-20 |
ImageMagick and GraphicsMagick -- DoS via specially crafted PNG file |
2012-09-19 |
php5 -- Denial of Service in php_date_parse_tzfile() |
php5-sqlite -- open_basedir bypass |
2012-09-18 |
dns/bind9* -- Several vulnerabilities |
2012-09-17 |
jenkins -- multiple vulnerabilities |
2012-09-15 |
bacula -- Console ACL Bypass |
vlc -- arbitrary code execution in Real RTSP and MMS support |
2012-09-12 |
mod_pagespeed -- multiple vulnerabilities |
2012-09-11 |
freeradius -- arbitrary code execution for TLS-based authentication |
2012-09-08 |
emacs -- remote code execution vulnerability |
2012-09-07 |
wordpress -- multiple unspecified privilege escalation bugs |
2012-09-05 |
moinmoin -- cross-site scripting via RST parser |
moinmoin -- wrong processing of group membership |
php5 -- header splitting attack via carriage-return character |
2012-09-02 |
bitcoin -- denial of service |
2012-09-01 |
bugzilla -- multiple vulnerabilities |
GNU gatekeeper -- denial of service |
mediawiki -- multiple vulnerabilities |
2012-08-31 |
wireshark -- denial of service in DRDA dissector |
2012-08-30 |
asterisk -- multiple vulnerabilities |
coppermine -- Multiple vulnerabilities |
fetchmail -- chosen plaintext attack against SSL CBC initialization vectors |
Java 1.7 -- security manager bypass |
mozilla -- multiple vulnerabilities |
2012-08-27 |
roundcube -- cross-site scripting in HTML email messages |
2012-08-26 |
Calligra, KOffice -- input validation failure |
2012-08-25 |
inn -- plaintext command injection into encrypted channel |
squidclamav -- cross-site scripting in default virus warning pages |
squidclamav -- Denial of Service |
2012-08-23 |
jabberd -- domain spoofing in server dialback protocol |
2012-08-22 |
rssh -- arbitrary command execution |
rssh -- configuration restrictions bypass |
2012-08-18 |
libotr -- buffer overflows |
OpenTTD -- Denial of Service |
Wireshark -- Multiple vulnerabilities |
2012-08-17 |
databases/postgresql*-server -- multiple vulnerabilities |
phpMyAdmin -- Multiple XSS in Table operations, Database structure, Trigger and Visualize GIS data pages |
2012-08-15 |
typo3 -- Multiple vulernabilities in TYPO3 Core |
2012-08-14 |
fetchmail -- two vulnerabilities in NTLM authentication |
2012-08-13 |
Several vulnerabilities found in IcedTea-Web |
2012-08-11 |
libcloud -- possible SSL MITM due to invalid regexp used to validate target server hostname |
phpMyAdmin -- Path disclosure due to missing library |
2012-08-10 |
rubygem-rails -- multiple vulnerabilities |
2012-08-09 |
sudosh -- buffer overflow |
2012-08-07 |
FreeBSD -- named(8) DNSSEC validation Denial of Service |
2012-08-06 |
automake -- Insecure 'distcheck' recipe granted world-writable distdir |
2012-08-02 |
mozilla -- multiple vulnerabilities |
2012-08-01 |
Apache -- Insecure LD_LIBRARY_PATH handling |
2012-07-31 |
django -- multiple vulnerabilities |
2012-07-27 |
bugzilla -- multiple vulnerabilities |
nsd -- Denial of Service |
2012-07-26 |
p5-RT-Authen-ExternalAuth -- privilege escalation |
rubygem-actionpack -- Denial of Service |
2012-07-25 |
isc-dhcp -- multiple vulnerabilities |
2012-07-24 |
dns/bind9* -- Heavy DNSSEC Validation Load Can Cause a 'Bad Cache' Assertion Failure |
2012-07-23 |
php -- potential overflow in _php_stream_scandir |
rubygem-activerecord -- multiple vulnerabilities |
2012-07-20 |
dns/nsd -- DoS vulnerability from non-standard DNS packet |
2012-07-18 |
Dokuwiki -- cross site scripting vulnerability |
libjpeg-turbo -- heap-based buffer overflow |
2012-07-10 |
puppet -- multiple vulnerabilities |
2012-07-06 |
asterisk -- multiple vulnerabilities |
typo3 -- Cross-Site Scripting Vulnerability in TYPO3 Core |
2012-07-02 |
phpList -- SQL injection and XSS vulnerability |
2012-06-27 |
FreeBSD -- Incorrect crypt() hashing |
FreeBSD -- Incorrect handling of zero-length RDATA fields in named(8) |
FreeBSD -- OpenSSL multiple vulnerabilities |
FreeBSD -- Privilege escalation when returning from kernel |
2012-06-24 |
pycrypto -- vulnerable ElGamal key generation |
2012-06-19 |
joomla -- Privilege Escalation |
2012-06-16 |
clamav -- multiple vulnerabilities |
2012-06-14 |
asterisk -- remote crash vulnerability |
ImageMagick -- multiple vulnerabilities |
2012-06-12 |
mantis -- multiple vulnerabilities |
2012-06-09 |
linux-flashplugin -- multiple vulnerabilities |
2012-06-05 |
mail/sympa* -- Multiple vulnerabilities in Sympa archive management |
mozilla -- multiple vulnerabilities |
quagga -- BGP OPEN denial of service vulnerability |
2012-06-04 |
dns/bind9* -- zero-length RDATA can cause named to terminate, reveal memory |
2012-05-30 |
databases/postgresql*-server -- crypt vulnerabilities |
nut -- upsd can be remotely crashed |
2012-05-29 |
asterisk -- multiple vulnerabilities |
2012-05-24 |
haproxy -- buffer overflow |
2012-05-23 |
RT -- Multiple Vulnerabilities |
2012-05-21 |
foswiki -- Script Insertion Vulnerability via unchecked user registration fields |
sympa -- Multiple Security Bypass Vulnerabilities |
2012-05-18 |
libxml2 -- An off-by-one out-of-bounds write by XPointer |
2012-05-17 |
inspircd -- buffer overflow |
2012-05-16 |
pidgin-otr -- format string vulnerability |
sudo -- netmask vulnerability |
2012-05-14 |
socat -- Heap-based buffer overflow |
2012-05-12 |
libpurple -- Invalid memory dereference in the XMPP protocol plug-in by processing serie of specially-crafted file transfer requests |
php -- multiple vulnerabilities |
PivotX -- 'ajaxhelper.php' Cross Site Scripting Vulnerability |
2012-05-10 |
NVIDIA UNIX driver -- access to arbitrary system memory |
OpenSSL -- DTLS and TLS 1.1, 1.2 denial of service |
2012-05-09 |
rubygem-mail -- multiple vulnerabilities |
2012-05-07 |
node -- private information disclosure |
p5-Config-IniFiles -- unsafe temporary file creation |
2012-05-05 |
php -- vulnerability in certain CGI-based setups |
2012-05-02 |
WebCalendar -- multiple vulnerabilities |
2012-04-30 |
portupgrade-devel -- lack of distfile checksums |
samba -- incorrect permission checks vulnerability |
2012-04-28 |
php -- multiple vulnerabilities |
2012-04-27 |
net-snmp -- Remote DoS |
2012-04-24 |
mozilla -- multiple vulnerabilities |
2012-04-23 |
asterisk -- multiple vulnerabilities |
Dokuwiki -- cross site scripting vulnerability |
wordpress -- multiple vulnerabilities |
2012-04-21 |
bugzilla -- multiple vulnerabilities |
OpenSSL -- integer conversions result in memory corruption |
2012-04-18 |
typo -- Cross-Site Scripting |
2012-04-16 |
nginx -- Buffer overflow in the ngx_http_mp4_module |
2012-04-14 |
phpmyfaq -- Remote PHP Code Execution Vulnerability |
2012-04-10 |
bugzilla Cross-Site Request Forgery |
linux-flashplugin -- multiple vulnerabilities |
puppet -- Multiple Vulnerabilities |
samba -- "root" credential remote code execution |
2012-04-08 |
png -- memory corruption/possible remote code execution |
2012-04-06 |
freetype -- multiple vulnerabilities |
mutt-devel -- failure to check SMTP TLS server certificate |
2012-04-01 |
libpurple -- Remote DoS via an MSN OIM message that lacks UTF-8 encoding |
2012-03-28 |
phpMyAdmin -- Path disclosure due to missing verification of file presence |
2012-03-25 |
raptor/raptor2 -- XXE in RDF/XML File Interpretation |
2012-03-24 |
Apache Traffic Server -- heap overflow vulnerability |
quagga -- multiple vulnerabilities |
2012-03-21 |
gnutls -- possible overflow/Denial of service vulnerabilities |
libtasn1 -- ASN.1 length decoding vulnerability |
2012-03-15 |
asterisk -- multiple vulnerabilities |
nginx -- potential information leak |
OpenSSL -- CMS and S/MIME Bleichenbacher attack |
2012-03-14 |
mozilla -- multiple vulnerabilities |
2012-03-11 |
portaudit -- auditfile remote code execution |
2012-03-09 |
linux-flashplugin -- multiple vulnerabilities |
2012-03-07 |
jenkins -- XSS vulnerability |
2012-03-04 |
dropbear -- arbitrary code execution |
2012-03-02 |
openx -- undisclosed security issue |
2012-02-28 |
databases/postgresql*-client -- multiple vulnerabilities |
2012-02-27 |
libxml2 -- heap buffer overflow |
linux-flashplugin -- multiple vulnerabilities |
2012-02-19 |
plib -- remote code execution via buffer overflow |
2012-02-18 |
phpMyAdmin -- XSS in replication setup |
2012-02-17 |
mozilla -- heap-buffer overflow |
2012-02-16 |
piwik -- xss and click-jacking issues |
2012-02-14 |
Python -- DoS via malformed XML-RPC / HTTP POST request |
2012-02-12 |
WebCalendar -- Persistent XSS |
2012-02-11 |
bip -- buffer overflow |
mozilla -- use-after-free in nsXBLDocumentInfo::ReadPrototypeBindings |
surf -- private information disclosure |
2012-02-10 |
glpi -- remote attack via crafted POST request |
2012-02-07 |
drupal -- multiple vulnerabilities |
2012-02-06 |
bugzilla -- multiple vulnerabilities |
2012-02-04 |
php -- arbitrary remote code execution vulnerability |
2012-02-03 |
mathopd -- directory traversal vulnerability |
2012-02-01 |
mozilla -- multiple vulnerabilities |
2012-01-31 |
apache -- multiple vulnerabilities |
2012-01-30 |
sudo -- format string vulnerability |
2012-01-29 |
FreeBSD -- Buffer overflow in handling of UNIX socket addresses |
FreeBSD -- errors handling corrupt compress file in compress(1) and gzip(1) |
FreeBSD -- Network ACL mishandling in mountd(8) |
FreeBSD -- pam_ssh improperly grants access when user account has unencrypted SSH private keys |
FreeBSD -- pam_ssh() does not validate service names |
2012-01-27 |
postfixadmin -- Multiple Vulnerabilities |
2012-01-26 |
acroread9 -- Multiple Vulnerabilities |
mpack -- Information disclosure |
2012-01-23 |
spamdyke -- Buffer Overflow Vulnerabilities |
Wireshark -- Multiple vulnerabilities |
2012-01-20 |
asterisk -- SRTP Video Remote Crash Vulnerability |
OpenSSL -- DTLS Denial of Service |
2012-01-17 |
tomcat -- Denial of Service |
2012-01-16 |
Multiple implementations -- DoS via hash algorithm collision |
OpenTTD -- Denial of service (server) via slow read attack |
2012-01-14 |
ffmpeg -- multiple vulnerabilities |
OpenSSL -- multiple vulnerabilities |
2012-01-13 |
isc-dhcp-server -- DoS in DHCPv6 |
2012-01-12 |
PowerDNS -- Denial of Service Vulnerability |
2012-01-11 |
php -- multiple vulnerabilities |
2012-01-09 |
torcs -- untrusted local library loading |
2012-01-08 |
spamdyke -- STARTTLS Plaintext Injection Vulnerability |
2012-01-05 |
bugzilla -- multiple vulnerabilities |
2012-01-03 |
WordPress -- cross site scripting vulnerability |
2011-12-29 |
zabbix-frontend -- multiple XSS vulnerabilities |
2011-12-28 |
lighttpd -- remote DoS in HTTP authentication |
2011-12-26 |
krb5-appl -- telnetd code execution vulnerability |
2011-12-23 |
proftpd -- arbitrary code execution vulnerability with chroot |
2011-12-22 |
phpMyAdmin -- Multiple XSS |
2011-12-21 |
mozilla -- multiple vulnerabilities |
2011-12-19 |
unbound -- denial of service vulnerabilities from nonstandard redirection and denial of existence |
2011-12-18 |
typo3 -- Remote Code Execution |
2011-12-14 |
krb5 -- KDC null pointer dereference in TGS handling |
2011-12-13 |
opera -- multiple vulnerabilities |
2011-12-12 |
PuTTY -- Password vulnerability |
2011-12-09 |
asterisk -- Multiple Vulnerabilities |
2011-12-07 |
isc-dhcp-server -- Remote DoS |
2011-12-01 |
phpMyAdmin -- Multiple XSS |
2011-11-18 |
hiawatha -- memory leak in PreventSQLi routine |
2011-11-16 |
BIND -- Remote DOS |
2011-11-14 |
Apache 1.3 -- mod_proxy reverse proxy exposure |
kdeutils4 -- Directory traversal vulnerability |
2011-11-13 |
Apache APR -- DoS vulnerabilities |
2011-11-12 |
phpmyadmin -- Local file inclusion |
2011-11-11 |
linux-flashplugin -- multiple vulnerabilities |
2011-11-10 |
gnutls -- client session resumption vulnerability |
libxml -- Integer overflow |
libxml -- Multiple use-after-free vulnerabilities |
libxml -- Stack consumption vulnerability |
2011-11-08 |
mozilla -- multiple vulnerabilities |
2011-11-06 |
caml-light -- insecure use of temporary files |
2011-11-01 |
freetype -- Some type 1 fonts handling vulnerabilities |
2011-10-26 |
cacti -- Multiple vulnerabilities |
phpmyfaq -- Remote PHP Code Injection Vulnerability |
2011-10-24 |
phpLDAPadmin -- Remote PHP code injection vulnerability |
2011-10-23 |
kdelibs4, rekonq -- input validation failure |
2011-10-20 |
piwik -- unknown critical vulnerabilities |
2011-10-18 |
Xorg server -- two vulnerabilities in X server lock handling code |
2011-10-17 |
asterisk -- remote crash vulnerability in SIP channel driver |
PivotX -- Remote File Inclusion Vulnerability of TimThumb |
2011-10-16 |
OpenTTD -- Buffer overflows in savegame loading |
OpenTTD -- Denial of service via improperly validated commands |
OpenTTD -- Multiple buffer overflows in validation of external data |
2011-10-05 |
quagga -- multiple vulnerabilities |
2011-09-28 |
Mozilla -- multiple vulnerabilities |
2011-09-22 |
linux-flashplugin -- multiple vulnerabilities |
2011-09-14 |
phpMyAdmin -- multiple XSS vulnerabilities |
2011-09-13 |
django -- multiple vulnerabilities |
roundcube -- XSS vulnerability |
2011-09-12 |
libsndfile -- PAF file processing integer overflow |
2011-09-07 |
OpenSSL -- multiple vulnerabilities |
2011-09-05 |
XSS issue in MantisBT |
2011-09-04 |
ca_root_nss -- extraction of explicitly-untrusted certificates into trust bundle |
security/cfs -- buffer overflow |
2011-09-03 |
nss/ca_root_nss -- fraudulent certificates issued by DigiNotar.nl |
2011-08-30 |
apache -- Range header DoS vulnerability |
2011-08-26 |
stunnel -- heap corruption vulnerability |
2011-08-24 |
phpMyAdmin -- multiple XSS vulnerabilities |
2011-08-23 |
PHP -- crypt() returns only the salt for MD5 |
2011-08-20 |
php -- multiple vulnerabilities |
2011-08-19 |
dovecot -- denial of service vulnerability |
rubygem-rails -- multiple vulnerabilities |
2011-08-18 |
OTRS -- Vulnerabilities in OTRS-Core allows read access to any file on local file system |
2011-08-16 |
mozilla -- multiple vulnerabilities |
Samba -- cross site scripting and request forgery vulnerabilities |
2011-08-13 |
bugzilla -- multiple vulnerabilities |
dtc -- multiple vulnerabilities |
isc-dhcp-server -- server halt upon processing certain packets |
2011-08-11 |
freetype2 -- execute arbitrary code or cause denial of service |
libXfont -- possible local privilege escalation |
2011-08-10 |
linux-flashplugin -- multiple vulnerabilities |
2011-07-28 |
libsoup -- unintentionally allow access to entire local filesystem |
2011-07-25 |
opensaml2 -- unauthenticated login |
2011-07-24 |
phpmyadmin -- multiple vulnerabilities |
2011-07-20 |
rsync -- incremental recursion memory corruption vulnerability |
2011-07-05 |
BIND -- Remote DoS against authoritative and recursive servers |
BIND -- Remote DoS with certain RPZ configurations |
2011-07-03 |
phpmyadmin -- multiple vulnerabilities |
2011-06-25 |
Asterisk -- multiple vulnerabilities |
2011-06-24 |
ejabberd -- remote denial of service vulnerability |
2011-06-21 |
mozilla -- multiple vulnerabilities |
Piwik -- remote command execution vulnerability |
Samba -- Denial of service - memory corruption |
2011-06-20 |
Dokuwiki -- cross site scripting vulnerability |
2011-06-15 |
ikiwiki -- tty hijacking via ikiwiki-mass-rebuild |
linux-flashplugin -- remote code execution vulnerability |
2011-06-08 |
linux-flashplugin -- cross-site scripting vulnerability |
2011-06-06 |
fetchmail -- STARTTLS denial of service |
2011-06-04 |
BIND -- Large RRSIG RRsets and Negative Caching DoS |
2011-06-02 |
asterisk -- Remote crash vulnerability |
Subversion -- multiple vulnerabilities |
2011-05-26 |
drupal6 -- multiple vulnerabilities |
2011-05-25 |
Erlang -- ssh library uses a weak random number generator |
Unbound -- an empty error packet handling assertion failure |
2011-05-23 |
Apache APR -- DoS vulnerabilities |
linux-flashplugin -- multiple vulnerabilities |
mod_pubcookie -- Empty Authentication Security Advisory |
Opera -- code injection vulnerability through broken frameset handling |
Pubcookie Login Server -- XSS vulnerability |
pureftpd -- multiple vulnerabilities |
ViewVC -- user-reachable override of cvsdb row limit |
2011-05-14 |
Exim -- remote code execution and information disclosure |
2011-05-13 |
Zend Framework -- potential SQL injection when using PDO_MySql |
2011-05-12 |
Apache APR -- DoS vulnerabilities |
mediawiki -- multiple vulnerabilities |
2011-05-09 |
Postfix -- memory corruption vulnerability |
2011-04-29 |
Mozilla -- multiple vulnerabilities |
2011-04-21 |
Asterisk -- multiple vulnerabilities |
2011-04-17 |
linux-flashplugin -- remote code execution vulnerability |
rt -- multiple vulnerabilities |
VLC -- Heap corruption in MP4 demultiplexer |
2011-04-14 |
krb5 -- MITKRB5-SA-2011-001, kpropd denial of service |
krb5 -- MITKRB5-SA-2011-002, KDC vulnerable to hang when using LDAP back end |
krb5 -- MITKRB5-SA-2011-003, KDC vulnerable to double-free when PKINIT enabled |
krb5 -- MITKRB5-SA-2011-004, kadmind invalid pointer free() [CVE-2011-0285] |
xrdb -- root hole via rogue hostname |
2011-04-12 |
OTRS -- Several XSS attacks possible |
2011-04-10 |
isc-dhcp-client -- dhclient does not strip or escape shell meta-characters |
2011-04-08 |
tinyproxy -- ACL lists ineffective when range is configured |
2011-04-01 |
quagga -- two DoS vulnerabilities |
2011-03-29 |
gdm -- privilege escalation vulnerability |
2011-03-25 |
php -- crash on crafted tag in exif |
php -- ZipArchive segfault with FL_UNCHANGED on empty archive |
2011-03-24 |
linux-flashplugin -- remote code execution vulnerability |
mozilla -- update to HTTPS certificate blacklist |
2011-03-19 |
postfix -- plaintext command injection with SMTP over TLS |
2011-03-17 |
hiawatha -- integer overflow in Content-Length header parsing |
2011-03-16 |
asterisk -- Multiple Vulnerabilities |
2011-03-13 |
avahi -- denial of service |
2011-03-10 |
mailman -- XSS vulnerability |
2011-03-07 |
redmine -- XSS vulnerability |
2011-03-05 |
subversion -- remote HTTP DoS vulnerability |
2011-03-01 |
mozilla -- multiple vulnerabilities |
2011-02-25 |
openldap -- two security bypass vulnerabilities |
2011-02-22 |
asterisk -- Exploitable Stack and Heap Array Overflows |
2011-02-20 |
PivotX -- administrator password reset vulnerability |
2011-02-15 |
tomcat -- Cross-site scripting vulnerability |
2011-02-11 |
linux-flashplugin -- multiple vulnerabilities |
phpMyAdmin -- multiple vulnerabilities |
2011-02-10 |
awstats -- arbitrary commands execution vulnerability |
exim -- local privilege escalation |
mupdf -- Remote System Access |
openoffice.org -- Multiple vulnerabilities |
opera -- multiple vulnerabilities |
plone -- Remote Security Bypass |
rubygem-mail -- Remote Arbitrary Shell Command Injection Vulnerability |
webkit-gtk2 -- Multiple vurnabilities. |
2011-02-09 |
django -- multiple vulnerabilities |
mediawiki -- multiple vulnerabilities |
2011-02-05 |
wordpress -- SQL injection vulnerability |
2011-02-02 |
vlc -- Insufficient input validation in MKV demuxer |
2011-01-31 |
maradns -- denial of service when resolving a long DNS hostname |
2011-01-28 |
isc-dhcp-server -- DHCPv6 crash |
2011-01-25 |
bugzilla -- multiple serious vulnerabilities |
2011-01-24 |
dokuwiki -- multiple privilege escalation vulnerabilities |
2011-01-19 |
asterisk -- Exploitable Stack Buffer Overflow |
tarsnap -- cryptographic nonce reuse |
2011-01-17 |
tor -- remote code execution and crash |
2011-01-13 |
pecl-phar -- format string vulnerability |
php -- corruption of $GLOBALS and $this variables via extract() method |
php -- NULL byte poisoning |
php -- open_basedir bypass |
php-filter -- Denial of Service |
php-imap -- Denial of Service |
php-zip -- multiple Denial of Service vulnerabilities |
subversion -- multiple DoS |
sudo -- local privilege escalation |
2011-01-11 |
MoinMoin -- cross-site scripting vulnerabilities |
2011-01-09 |
php -- multiple vulnerabilities |
2011-01-08 |
exim -- local privilege escalation |
2011-01-06 |
mediawiki -- Clickjacking vulnerabilities |
2010-12-30 |
webkit-gtk2 -- Multiple vulnerabilities |
2010-12-29 |
django -- multiple vulnerabilities |
2010-12-28 |
Drupal Views plugin -- cross-site scripting |
2010-12-23 |
redmine -- multiple vulnerabilities |
2010-12-22 |
tor -- remote crash and potential remote code execution |
2010-12-15 |
YUI JavaScript library -- JavaScript injection exploits in Flash components |
2010-12-10 |
mozilla -- multiple vulnerabilities |
2010-12-09 |
krb5 -- client impersonation vulnerability |
krb5 -- multiple checksum handling vulnerabilities |
krb5 -- multiple checksum handling vulnerabilities |
krb5 -- RFC 3961 key-derivation checksum handling vulnerability |
krb5 -- unkeyed PAC checksum handling vulnerability |
2010-12-04 |
proftpd -- Compromised source packages backdoor |
2010-11-30 |
phpMyAdmin -- XSS attack in database search |
2010-11-24 |
isc-dhcp-server -- Empty link-address denial of service |
2010-11-23 |
horde-base -- XSS: VCARD attachments vulnerability |
OpenTTD -- Denial of service (server/client) via invalid read |
proftpd -- remote code execution vulnerability |
2010-11-17 |
openssl -- TLS extension parsing race condition |
2010-11-06 |
linux-flashplugin -- multiple vulnerabilities |
2010-11-05 |
Wireshark -- DoS in the BER-based dissectors |
2010-11-03 |
Mailman -- cross-site scripting in web interface |
OTRS -- Multiple XSS and denial of service vulnerabilities |
2010-10-28 |
mozilla -- Heap buffer overflow mixing document.write and DOM insertion |
2010-10-26 |
opera -- multiple vulnerabilities |
2010-10-25 |
bzip2 -- integer overflow vulnerability |
2010-10-24 |
FreeBSD -- BIND named(8) cache poisoning with DNSSEC validation |
FreeBSD -- Improper environment sanitization in rtld(1) |
FreeBSD -- Inappropriate directory permissions in freebsd-update(8) |
FreeBSD -- Insufficient environment sanitization in jail(8) |
FreeBSD -- Integer overflow in bzip2 decompression |
FreeBSD -- Lost mbuf flag resulting in data corruption |
FreeBSD -- ntpd mode 7 denial of service |
FreeBSD -- OPIE off-by-one stack overflow |
FreeBSD -- SSL protocol flaw |
FreeBSD -- Unvalidated input in nfsclient |
FreeBSD -- ZFS ZIL playback with insecure permissions |
monotone -- remote denial of service in default setup |
2010-10-20 |
mozilla -- multiple vulnerabilities |
2010-10-19 |
Webkit-gtk2 -- Multiple Vulnabilities |
2010-10-06 |
apr -- multiple vunerabilities |
2010-10-02 |
phpmyfaq -- cross site scripting vulnerabilities |
2010-09-28 |
horde-base -- XSS and CSRF vulnerabilities |
horde-gollem -- XSS vulnerability |
horde-imp -- XSS vulnerability |
2010-09-26 |
openx -- remote code execution vulnerability |
2010-09-24 |
squid -- Denial of service vulnerability in request handling |
2010-09-22 |
linux-flashplugin -- remote code execution |
2010-09-17 |
django -- cross-site scripting vulnerability |
2010-09-10 |
webkit-gtk2 -- Multiple vulnerabilities |
2010-09-09 |
vim6 -- heap-based overflow while parsing shell metacharacters |
2010-09-08 |
mozilla -- multiple vulnerabilities |
2010-09-07 |
sudo -- Flaw in Runas group matching |
2010-09-03 |
lftp -- multiple HTTP client download filename vulnerability |
wget -- multiple HTTP client download filename vulnerability |
2010-08-31 |
p5-libwww -- possibility to remote servers to create file with a .(dot) character |
2010-08-25 |
quagga -- stack overflow and DoS vulnerabilities |
2010-08-24 |
bugzilla -- information disclosure, denial of service |
2010-08-22 |
OpenTTD -- Denial of service (server) via infinite loop |
2010-08-21 |
corkscrew -- buffer overflow vulnerability |
phpmyadmin -- Several XSS vulnerabilities |
2010-08-19 |
slim -- insecure PATH assignment |
2010-08-17 |
ruby -- UTF-7 encoding XSS vulnerability in WEBrick |
2010-08-14 |
vlc -- invalid id3v2 tags may lead to invalid memory dereferencing |
2010-08-13 |
isolate -- local root exploit |
linux-flashplugin -- multiple vulnerabilities |
opera -- multiple vulnerabilities |
2010-08-09 |
firefox -- Dangling pointer crash regression from plugin parameter array fix |
2010-08-04 |
Piwik -- Local File Inclusion Vulnerability |
2010-07-30 |
libmspack -- infinite loop denial of service |
2010-07-26 |
apache -- Remote DoS bug in mod_cache and mod_dav |
2010-07-23 |
git -- buffer overflow vulnerability |
2010-07-21 |
codeigniter -- file upload class vulnerability |
mozilla -- multiple vulnerabilities |
2010-07-18 |
vte -- Classic terminal title set+query attack |
webkit-gtk2 -- Multiple vulnerabilities |
2010-07-10 |
redmine -- multiple vulnerabilities |
2010-07-06 |
bogofilter -- heap underrun on malformed base64 input |
2010-07-05 |
bugzilla -- information disclosure |
2010-06-30 |
kvirc -- multiple vulnerabilities |
2010-06-28 |
moodle -- multiple vulnerabilities |
png -- libpng decompression buffer overflow |
2010-06-27 |
mDNSResponder -- corrupted stack crash when parsing bad resolv.conf |
2010-06-25 |
opera -- Data URIs can be used to allow cross-site scripting |
2010-06-24 |
cacti -- multiple vulnerabilities |
2010-06-23 |
mozilla -- multiple vulnerabilities |
2010-06-16 |
tiff -- Multiple integer overflows |
2010-06-15 |
ziproxy -- security vulnerability in PNG decoder |
2010-06-14 |
linux-flashplugin -- multiple vulnerabilities |
2010-06-12 |
tiff -- buffer overflow vulnerability |
2010-06-02 |
mediawiki -- two security vulnerabilities |
sudo -- Secure path vulnerability |
2010-05-28 |
ziproxy -- atypical huge picture files vulnerability |
2010-05-14 |
redmine -- multiple vulnerabilities |
2010-05-07 |
piwik -- cross site scripting vulnerability |
wireshark -- DOCSIS dissector denial of service |
2010-05-06 |
spamass-milter -- remote command execution vulnerability |
2010-05-05 |
lxr -- multiple XSS vulnerabilities |
mediawiki -- authenticated CSRF vulnerability |
2010-05-01 |
vlc -- unintended code execution with specially crafted data |
2010-04-26 |
joomla -- multiple vulnerabilities |
2010-04-24 |
cacti -- SQL injection and command execution vulnerabilities |
moodle -- multiple vulnerabilities |
tomcat -- information disclosure vulnerability |
2010-04-21 |
krb5 -- KDC double free vulnerability |
2010-04-20 |
e107 -- code execution and XSS vulnerabilities |
fetchmail -- denial of service vulnerability |
pidgin -- multiple remote denial of service vulnerabilities |
png -- libpng decompression denial of service |
2010-04-19 |
curl -- libcurl buffer overflow vulnerability |
ejabberd -- queue overload denial of service vulnerability |
irssi -- multiple vulnerabilities |
krb5 -- multiple denial of service vulnerabilities |
2010-04-18 |
krb5 -- remote denial of service vulnerability |
mahara -- sql injection vulnerability |
2010-04-15 |
sudo -- Privilege escalation with sudoedit |
2010-04-14 |
KDM -- local privilege escalation vulnerability |
2010-04-06 |
dojo -- cross-site scripting and other vulnerabilities |
Zend Framework -- security issues in bundled Dojo library |
2010-04-05 |
firefox -- Re-use of freed object due to scope confusion |
2010-03-30 |
mozilla -- multiple vulnerabilities |
2010-03-25 |
postgresql -- bitsubstr overflow |
2010-03-24 |
gtar -- buffer overflow in rmt client |
2010-03-23 |
firefox -- WOFF heap corruption due to integer overflow |
2010-03-19 |
mozilla -- multiple vulnerabilities |
2010-03-11 |
egroupware -- two vulnerabilities |
2010-03-08 |
drupal -- multiple vulnerabilities |
2010-03-01 |
sudo -- Privilege escalation with sudoedit |
2010-02-25 |
openoffice.org -- multiple vulnerabilities |
2010-02-18 |
mozilla -- multiple vulnerabilities |
2010-02-16 |
lighttpd -- denial of service vulnerability |
2010-02-14 |
squid -- Denial of Service vulnerability in HTCP |
2010-02-13 |
gnome-screensaver -- Multiple monitor hotplug issues |
linux-flashplugin -- multiple vulnerabilities |
2010-02-12 |
fetchmail -- heap overflow on verbose X.509 display |
2010-02-10 |
wireshark -- LWRES vulnerability |
2010-02-08 |
otrs -- SQL injection |
2010-02-03 |
apache -- Prevent chunk-size integer overflow on platforms where sizeof(int) < sizeof(long) |
2010-02-01 |
bugzilla -- information leak |
squid -- Denial of Service vulnerability in DNS handling |
2010-01-28 |
irc-ratbox -- multiple vulnerabilities |
2010-01-18 |
dokuwiki -- multiple vulnerabilities |
2010-01-11 |
Zend Framework -- multiple vulnerabilities |
2010-01-09 |
powerdns-recursor -- multiple vulnerabilities |
2010-01-04 |
PEAR -- Net_Ping and Net_Traceroute remote arbitrary command injection |
2009-12-25 |
drupal -- multiple cross-site scripting |
2009-12-21 |
fuser -- missing user's privileges check |
monkey -- improper input validation vulnerability |
2009-12-17 |
php -- multiple vulnerabilities |
postgresql -- multiple vulnerabilities |
tptest -- pwd Remote Stack Buffer Overflow |
2009-12-16 |
mozilla -- multiple vulnerabilities |
2009-12-14 |
freeradius -- remote packet of death vulnerability |
2009-12-12 |
pligg -- Cross-Site Scripting and Cross-Site Request Forgery |
2009-12-11 |
piwik -- php code execution |
2009-12-10 |
dovecot -- Insecure directory permissions |
2009-12-09 |
linux-flashplugin -- multiple vulnerabilities |
rt -- Session fixation vulnerability |
ruby -- heap overflow vulnerability |
2009-12-08 |
expat2 -- buffer over-read and crash |
expat2 -- Parser crash with specially formatted UTF-8 sequences |
2009-12-01 |
opera -- multiple vulnerabilities |
2009-11-28 |
libtool -- Library Search Path Privilege Escalation Issue |
2009-11-24 |
libvorbis -- multiple vulnerabilities |
2009-11-23 |
bugzilla -- information leak |
cacti -- cross-site scripting issues |
2009-11-14 |
wordpress -- multiple vulnerabilities |
2009-11-06 |
p5-HTML-Parser -- denial of service |
2009-11-05 |
gd -- '_gdGetColors' remote buffer overflow vulnerability |
typo3 -- multiple vulnerabilities in TYPO3 Core |
2009-11-03 |
vlc -- stack overflow in MPA, AVI and ASF demuxer |
2009-11-02 |
KDE -- multiple vulnerabilities |
2009-10-31 |
opera -- multiple vulnerabilities |
2009-10-28 |
Enhanced cTorrent -- stack-based overflow |
mozilla -- multiple vulnerabilities |
2009-10-25 |
elinks -- buffer overflow vulnerability |
2009-10-22 |
squidGuard -- multiple vulnerabilities |
2009-10-20 |
Xpdf -- Multiple Vulnerabilities |
2009-10-16 |
django -- denial-of-service attack |
2009-10-13 |
phpmyadmin -- XSS and SQL injection vulnerabilities |
2009-10-12 |
php5 -- Multiple security issues |
2009-10-07 |
virtualbox -- privilege escalation |
2009-10-06 |
FreeBSD -- Devfs / VFS NULL pointer race condition |
FreeBSD -- kqueue pipe race conditions |
2009-09-30 |
mybb -- multiple vulnerabilities |
2009-09-22 |
drupal -- multiple vulnerabilities |
2009-09-18 |
fwbuilder -- security issue in temporary file handling |
2009-09-17 |
bugzilla -- two SQL injections, sensitive data exposure |
2009-09-14 |
horde-base -- multiple vulnerabilities |
nginx -- remote denial of service vulnerability |
2009-09-13 |
ikiwiki -- insufficient blacklisting in teximg plugin |
xapian-omega -- cross-site scripting vulnerability |
2009-09-10 |
mozilla firefox -- multiple vulnerabilities |
2009-09-09 |
cyrus-imapd -- Potential buffer overflow in Sieve |
2009-09-08 |
silc-toolkit -- Format string vulnerabilities |
2009-09-04 |
opera -- multiple vulnerabilities |
2009-09-02 |
dnsmasq -- TFTP server remote code injection vulnerability |
2009-08-25 |
apache22 -- several vulnerabilities |
2009-08-20 |
pidgin -- MSN overflow parsing SLP messages |
2009-08-17 |
GnuTLS -- improper SSL certificate verification |
GnuTLS -- multiple vulnerabilities |
memcached -- memcached stats maps Information Disclosure Weakness |
2009-08-12 |
wordpress -- remote admin password reset vulnerability |
2009-08-11 |
fetchmail -- improper SSL certificate subject verification |
2009-08-07 |
joomla15 -- com_mailto Timeout Issue |
2009-08-06 |
subversion -- heap overflow vulnerability |
2009-08-05 |
bugzilla -- product name information leak |
2009-08-04 |
mozilla -- multiple vulnerabilities |
silc-client -- Format string vulnerability |
2009-08-02 |
SquirrelMail -- Plug-ins compromise |
2009-08-01 |
BIND -- Dynamic update message remote DoS |
2009-07-29 |
mono -- XML signature HMAC truncation spoofing |
2009-07-27 |
squid -- several remote denial of service vulnerabilities |
2009-07-17 |
mozilla -- corrupt JIT state after deep return from native function |
2009-07-15 |
isc-dhcp-client -- Stack overflow vulnerability |
2009-07-13 |
drupal -- multiple vulnerabilities |
2009-07-03 |
nfsen -- remote command execution |
2009-06-30 |
nagios -- Command Injection Vulnerability |
phpmyadmin -- XSS vulnerability |
2009-06-23 |
tor-devel -- DNS resolution vulnerability |
2009-06-16 |
cscope -- buffer overflow |
cscope -- multiple buffer overflows |
joomla -- multiple vulnerabilities |
pidgin -- multiple vulnerabilities |
2009-06-15 |
git -- denial of service vulnerability |
2009-06-13 |
ruby -- BigDecimal denial of service vulnerability |
2009-06-12 |
mozilla -- multiple vulnerabilities |
2009-06-08 |
apr -- multiple vulnerabilities |
2009-06-04 |
dokuwiki -- Local File Inclusion with register_globals on |
2009-05-30 |
eggdrop -- denial of service vulnerability |
libsndfile -- multiple vulnerabilities |
openssl -- denial of service in DTLS implementation |
slim -- local disclosure of X authority magic cookie |
wireshark -- PCNFSD Dissector Denial of Service Vulnerability |
2009-05-21 |
imap-uw -- University of Washington IMAP c-client Remote Format String Vulnerability |
2009-05-20 |
ntp -- stack-based buffer overflow |
2009-05-19 |
nsd -- buffer overflow vulnerability |
2009-05-17 |
libxine -- multiple vulnerabilities |
libxine -- multiple vulnerabilities |
2009-05-16 |
libwmf -- embedded GD library Use-After-Free vulnerability |
libwmf -- integer overflow vulnerability |
mod_perl -- cross-site scripting |
moinmoin -- cross-site scripting vulnerabilities |
php -- ini database truncation inside dba_replace() function |
2009-05-15 |
cyrus-sasl -- buffer overflow vulnerability |
2009-05-14 |
drupal -- cross-site scripting |
2009-05-13 |
ghostscript -- buffer overflow vulnerability |
moinmoin -- multiple cross site scripting vulnerabilities |
pango -- integer overflow |
2009-05-09 |
wireshark -- multiple vulnerabilities |
2009-05-07 |
cups -- remote code execution and DNS rebinding |
FreeBSD -- remotely exploitable crash in OpenSSL |
2009-05-06 |
quagga -- Denial of Service |
2009-05-04 |
openfire -- Openfire No Password Changes Security Bypass |
2009-04-30 |
drupal -- cross site scripting |
2009-04-22 |
mozilla -- multiple vulnerabilities |
2009-04-18 |
freetype2 -- multiple vulnerabilities |
poppler -- Poppler Multiple Vulnerabilities |
xpdf -- multiple vulnerabilities |
2009-04-17 |
ejabberd -- cross-site scripting vulnerability |
2009-04-15 |
phpmyadmin -- insufficient output sanitizing when generating configuration file |
ziproxy -- multiple vulnerability |
2009-04-11 |
drupal6-cck -- cross-site scripting |
2009-03-27 |
pivot-weblog -- file deletion vulnerability |
2009-03-25 |
phpmyadmin -- insufficient output sanitizing when generating configuration file |
2009-03-23 |
amarok -- multiple vulnerabilities |
2009-03-22 |
wireshark -- multiple vulnerabilities |
2009-03-18 |
netatalk -- arbitrary command execution in papd daemon |
2009-03-16 |
ffmpeg -- 4xm processing memory corruption vulnerability |
gstreamer-plugins-good -- multiple memory overflows |
libsndfile -- CAF processing integer overflow vulnerability |
php-mbstring -- php mbstring buffer overflow vulnerability |
phppgadmin -- directory traversal with register_globals enabled |
proftpd -- multiple sql injection vulnerabilities |
roundcube -- webmail script insertion and php code injection |
zabbix -- php frontend multiple vulnerabilities |
2009-03-15 |
opera -- multiple vulnerabilities |
2009-03-11 |
apache -- Cross-site scripting vulnerability |
epiphany -- untrusted search path vulnerability |
2009-03-04 |
curl -- cURL/libcURL Location: Redirect URLs Security Bypass |
pngcrush -- libpng Uninitialised Pointer Arrays Vulnerability |
2009-02-18 |
Zend Framework -- Local File Inclusion vulnerability in Zend_View::render() |
2009-02-17 |
dia -- remote command execution vulnerability |
2009-02-15 |
pycrypto -- ARC2 module buffer overflow |
2009-02-14 |
varnish -- Varnish HTTP Request Parsing Denial of Service |
2009-02-13 |
tor -- multiple vulnerabilities |
2009-02-11 |
codeigniter -- arbitrary script execution in the new Form Validation class |
firefox -- multiple vulnerabilities |
pyblosxom -- atom flavor multiple XML injection vulnerabilities |
typo3 -- cross-site scripting and information disclosure |
2009-02-09 |
amaya -- multiple buffer overflow vulnerabilities |
phplist -- local file inclusion vulnerability |
squid -- remote denial of service vulnerability |
typo3 -- multiple vulnerabilities |
websvn -- multiple vulnerabilities |
2009-02-06 |
sudo -- certain authorized users could run commands as any user |
2009-02-04 |
drupal -- multiple vulnerabilities |
2009-02-03 |
perl -- Directory Permissions Race Condition |
2009-01-30 |
ganglia -- buffer overflow vulnerability |
moinmoin -- multiple cross site scripting vulnerabilities |
2009-01-29 |
tor -- unspecified memory corruption vulnerability |
2009-01-28 |
glpi -- SQL Injection |
2009-01-25 |
openfire -- multiple vulnerabilities |
2009-01-21 |
ipset-tools -- Denial of Service Vulnerabilities |
2009-01-20 |
Teamspeak Server -- Directory Traversal Vulnerability |
2009-01-19 |
git -- gitweb privilege escalation |
optipng -- arbitrary code execution via crafted BMP image |
2009-01-15 |
gtar -- GNU TAR safer_name_suffix Remote Denial of Service Vulnerability |
mplayer -- vulnerability in STR files processor |
2009-01-13 |
cgiwrap -- XSS Vulnerability |
2009-01-12 |
nagios -- web interface privilege escalation vulnerability |
2009-01-11 |
imap-uw -- imap c-client buffer overflow |
imap-uw -- local buffer overflow vulnerabilities |
libcdaudio -- remote buffer overflow and code execution |
mysql -- empty bit-string literal denial of service |
mysql -- privilege escalation and overwrite of the system table information |
mysql -- remote dos via malformed password packet |
mysql -- renaming of arbitrary tables by authenticated users |
pdfjam -- insecure temporary files |
verlihub -- insecure temporary file usage and arbitrary command execution |
2009-01-05 |
FreeBSD -- arc4random(9) predictable sequence vulnerability |
FreeBSD -- Cross-site request forgery in ftpd(8) |
FreeBSD -- IPv6 Neighbor Discovery Protocol routing vulnerability |
FreeBSD -- netgraph / bluetooth privilege escalation |
php5-gd -- uninitialized memory information disclosure vulnerability |
xterm -- DECRQSS remote command execution vulnerability |
2009-01-04 |
awstats -- multiple XSS vulnerabilities |
2009-01-03 |
p5-File-Path -- rmtree allows creation of setuid files |
2009-01-02 |
vim -- multiple vulnerabilities in the netrw module |
2008-12-31 |
vinagre -- format string vulnerability |
2008-12-30 |
mplayer -- twinvq processing buffer overflow vulnerability |
mysql -- MyISAM table privileges security bypass vulnerability for symlinked paths |
roundcube -- remote execution of arbitrary code |
twiki -- multiple vulnerabilities |
2008-12-26 |
ampache -- insecure temporary file usage |
2008-12-19 |
drupal -- multiple vulnerabilities |
mediawiki -- multiple vulnerabilities |
mozilla -- multiple vulnerabilities |
opera -- multiple vulnerabilities |
2008-12-11 |
phpmyadmin -- cross-site request forgery vulnerability |
2008-12-08 |
php5 -- potential magic_quotes_gpc vulnerability |
2008-12-07 |
dovecot-managesieve -- Script Name Directory Traversal Vulnerability |
habari -- Cross-Site Scripting Vulnerability |
mgetty+sendfax -- symlink attack via insecure temporary files |
php -- multiple vulnerabilities |
wireshark -- SMTP Processing Denial of Service Vulnerability |
2008-12-06 |
mantis -- multiple vulnerabilities |
mantis -- php code execution vulnerability |
vlc -- arbitrary code execution in the RealMedia processor |
2008-12-04 |
squirrelmail -- Cross site scripting vulnerability |
2008-11-29 |
cups -- potential buffer overflow in PNG reading code |
hplip -- hpssd Denial of Service |
openoffice -- arbitrary code execution vulnerabilities |
samba -- potential leakage of arbitrary memory contents |
wordpress -- header rss feed script insertion vulnerability |
2008-11-24 |
imlib2 -- XPM processing buffer overflow vulnerability |
2008-11-23 |
streamripper -- multiple buffer overflows |
2008-11-22 |
mantis -- session hijacking vulnerability |
2008-11-19 |
dovecot -- ACL plugin bypass vulnerabilities |
libxml2 -- multiple vulnerabilities |
openfire -- multiple vulnerabilities |
2008-11-18 |
enscript -- arbitrary code execution vulnerability |
syslog-ng2 -- startup directory leakage in the chroot environment |
2008-11-16 |
gnutls -- X.509 certificate chain validation vulnerability |
2008-11-14 |
net-snmp -- DoS for SNMP agent via crafted GETBULK request |
2008-11-13 |
mozilla -- multiple vulnerabilities |
2008-11-12 |
faad2 -- heap overflow vulnerability |
2008-11-10 |
clamav -- off-by-one heap overflow in VBA project parser |
2008-11-09 |
trac -- potential DOS vulnerability |
2008-11-08 |
vlc -- cue processing stack overflow |
2008-11-07 |
emacs -- run-python vulnerability |
2008-11-03 |
opera -- multiple vulnerabilities |
2008-11-02 |
qemu -- Heap overflow in Cirrus emulation |
2008-10-31 |
phpmyadmin -- Cross-Site Scripting Vulnerability |
2008-10-28 |
opera -- multiple vulnerabilities |
2008-10-27 |
libspf2 -- Buffer overflow |
2008-10-25 |
flyspray -- multiple vulnerabilities |
openx -- sql injection vulnerability |
2008-10-24 |
wordpress -- snoopy "_httpsrequest()" shell command execution vulnerability |
2008-10-22 |
drupal -- multiple vulnerabilities |
wordpress -- remote privilege escalation |
2008-10-19 |
libxine -- denial of service vulnerability |
2008-10-17 |
linux-flashplugin -- multiple vulnerabilities |
2008-10-15 |
libxml2 -- two vulnerabilities |
2008-10-12 |
drupal -- multiple vulnerabilities |
2008-10-10 |
cups -- multiple vulnerabilities |
opera -- multiple vulnerabilities |
2008-10-01 |
mplayer -- multiple integer overflows |
mysql -- command line client input validation vulnerability |
2008-09-27 |
lighttpd -- multiple vulnerabilities |
2008-09-26 |
bitlbee -- account recreation security issues |
2008-09-24 |
mozilla -- multiple vulnerabilities |
2008-09-23 |
phpmyadmin -- Cross-Site Scripting Vulnerability |
proftpd -- Long Command Processing Vulnerability |
squirrelmail -- Session hijacking vulnerability |
2008-09-19 |
gallery -- multiple vulnerabilities |
2008-09-17 |
phpmyadmin -- Code execution vulnerability |
2008-09-14 |
twiki -- Arbitrary code execution in session files |
2008-09-12 |
clamav -- CHM Processing Denial of Service |
neon -- NULL pointer dereference in Digest domain support |
2008-09-11 |
horde -- multiple vulnerabilities |
2008-09-10 |
mysql -- MyISAM table privileges security bypass vulnerability |
python -- multiple vulnerabilities |
rubygem-rails -- SQL injection vulnerability |
2008-09-05 |
FreeBSD -- amd64 swapgs local privilege escalation |
FreeBSD -- nmount(2) local arbitrary code execution |
FreeBSD -- Remote kernel panics on IPv6 connections |
2008-08-25 |
opera -- multiple vulnerabilities |
2008-08-21 |
gnutls -- "gnutls_handshake()" Denial of Service |
2008-08-20 |
joomla -- flaw in the reset token validation |
2008-08-19 |
cdf3 -- Buffer overflow vulnerability |
2008-08-18 |
drupal -- multiple vulnerabilities |
2008-08-16 |
ruby -- DNS spoofing vulnerability |
ruby -- DoS vulnerability in WEBrick |
ruby -- multiple vulnerabilities in safe level |
2008-08-15 |
Bugzilla -- Directory Traversal in importxml.pl |
2008-08-07 |
openvpn-devel -- arbitrary code execution |
2008-07-18 |
phpmyadmin -- cross site request forgery vulnerabilities |
2008-07-13 |
drupal -- multiple vulnerabilities |
FreeBSD -- DNS cache poisoning |
2008-07-09 |
poppler -- uninitialized pointer |
2008-07-04 |
py-pylons -- Path traversal bug |
2008-07-03 |
FreeType 2 -- Multiple Vulnerabilities |
2008-07-01 |
fetchmail -- potential crash in -v -v verbose mode (revised patch) |
2008-06-28 |
phpmyadmin -- Cross Site Scripting Vulnerabilities |
2008-06-24 |
apache -- multiple vulnerabilities |
2008-06-22 |
php -- input validation error in safe_mode |
2008-06-21 |
ruby -- multiple integer and buffer overflow vulnerabilities |
vim -- Vim Shell Command Injection Vulnerabilities |
2008-06-20 |
fetchmail -- potential crash in -v -v verbose mode |
2008-06-15 |
xorg -- multiple vulnerabilities |
2008-06-14 |
moinmoin -- superuser privilege escalation |
2008-06-13 |
Courier Authentication Library -- SQL Injection |
2008-06-01 |
ikiwiki -- cleartext passwords |
2008-05-31 |
ikiwiki -- empty password security hole |
2008-05-30 |
linux-flashplugin -- unspecified remote code execution vulnerability |
2008-05-28 |
Nagios -- Cross Site Scripting Vulnerability |
2008-05-27 |
spamdyke -- open relay |
2008-05-21 |
peercast -- arbitrary code execution |
2008-05-17 |
libvorbis -- various security issues |
2008-05-14 |
django -- XSS vulnerability |
2008-05-11 |
vorbis-tools -- Speex header processing vulnerability |
2008-05-08 |
qemu -- "drive_init()" Disk Format Security Bypass |
2008-05-07 |
swfdec -- exposure of sensitive information |
2008-05-02 |
mt-daapd -- integer overflow |
sdl_image -- buffer overflow vulnerabilities |
2008-04-26 |
gnupg -- memory corruption vulnerability |
2008-04-25 |
extman -- password bypass vulnerability |
firefox -- javascript garbage collector vulnerability |
mailman -- script insertion vulnerability |
mksh -- TTY attachment privilege escalation |
openfire -- unspecified denial of service |
php -- integer overflow vulnerability |
png -- unknown chunk processing uninitialized memory access |
python -- Integer Signedness Error in zlib Module |
serendipity -- multiple cross site scripting vulnerabilities |
2008-04-24 |
libxine -- array index vulnerability |
phpmyadmin -- Shared Host Information Disclosure |
phpmyadmin -- Username/Password Session File Information Disclosure |
postgresql -- multiple vulnerabilities |
2008-04-15 |
clamav -- Multiple Vulnerabilities |
2008-04-13 |
ikiwiki -- cross site request forging |
lighttpd -- OpenSSL Error Queue Denial of Service Vulnerability |
2008-04-06 |
postfix-policyd-weight -- working directory symlink vulnerability |
2008-04-05 |
opera -- multiple vulnerabilities |
powerdns-recursor -- DNS cache poisoning |
suphp -- multiple local privilege escalation vulnerabilities |
2008-03-30 |
mozilla -- multiple vulnerabilities |
2008-03-26 |
silc -- pkcs_decode buffer overflow |
2008-03-20 |
bzip2 -- crash with certain malformed archive files |
2008-03-11 |
qemu -- unchecked block read/write vulnerability |
2008-03-10 |
dovecot -- security hole in blocking passdbs |
2008-03-06 |
mplayer -- multiple vulnerabilities |
2008-03-05 |
ghostscript -- zseticcspace() function buffer overflow vulnerability |
2008-03-04 |
phpmyadmin -- SQL injection vulnerability |
2008-02-29 |
pcre -- buffer overflow vulnerability |
2008-02-26 |
libxine -- buffer overflow vulnerability |
2008-02-25 |
coppermine -- multiple vulnerabilities |
moinmoin -- multiple vulnerabilities |
2008-02-22 |
mozilla -- multiple vulnerabilities |
openldap -- modrdn Denial of Service vulnerability |
opera -- multiple vulnerabilities |
2008-02-15 |
clamav -- ClamAV libclamav PE File Integer Overflow Vulnerability |
2008-02-12 |
cacti -- Multiple security vulnerabilities have been discovered |
2008-02-11 |
ikiwiki -- javascript insertion via uris |
2008-02-09 |
zenphoto -- XSS vulnerability |
2008-02-04 |
jetty -- multiple vulnerability |
2008-01-29 |
libxine -- buffer overflow vulnerability |
2008-01-23 |
xorg -- multiple vulnerabilities |
2008-01-22 |
claws-mail -- insecure temporary file creation |
xfce -- multiple vulnerabilities |
2008-01-19 |
IRC Services-- Denial of Service Vulnerability |
libxine -- buffer overflow vulnerability |
2008-01-15 |
geeklog xss vulnerability |
2008-01-11 |
drupal -- cross site request forgery |
drupal -- cross site scripting (register_globals) |
drupal -- cross site scripting (utf8) |
2008-01-10 |
maradns -- CNAME record resource rotation denial of service |
2008-01-04 |
linux-realplayer -- multiple vulnerabilities |
2008-01-03 |
linux-flashplugin -- multiple vulnerabilities |
2007-12-29 |
dovecot -- Specific LDAP + auth cache configuration may mix up user logins |
2007-12-25 |
gallery2 -- multiple vulnerabilities |
2007-12-20 |
e2fsprogs -- heap buffer overflow |
2007-12-19 |
opera -- multiple vulnerabilities |
peercast -- buffer overflow vulnerability |
wireshark -- multiple vulnerabilities |
2007-12-17 |
ganglia-webfrontend -- XSS vulnerabilities |
2007-12-12 |
drupal -- SQL injection vulnerability |
qemu -- Translation Block Local Denial of Service Vulnerability |
samba -- buffer overflow vulnerability |
smbftpd -- format string vulnerability |
2007-12-10 |
jetty -- multiple vulnerabilities |
2007-12-08 |
liveMedia -- DoS vulnerability |
2007-12-05 |
GNU finger vulnerability |
2007-12-04 |
Squid -- Denial of Service Vulnerability |
2007-11-28 |
rubygem-rails -- JSON XSS vulnerability |
2007-11-27 |
firefox -- multiple remote unspecified memory corruption vulnerabilities |
ikiwiki -- improper symlink verification vulnerability |
rubygem-rails -- session-fixation vulnerability |
2007-11-21 |
phpmyadmin -- Cross Site Scripting |
samba -- multiple vulnerabilities |
2007-11-16 |
php -- multiple security vulnerabilities |
2007-11-13 |
flac -- media file processing integer overflow vulnerabilities |
net-snmp -- denial of service via GETBULK request |
2007-11-12 |
mt-daapd -- denial of service vulnerability |
plone -- unsafe data interpreted as pickles |
xpdf -- multiple remote Stream.CC vulnerabilities |
2007-11-11 |
phpmyadmin -- cross-site scripting vulnerability |
2007-11-09 |
cups -- off-by-one buffer overflow |
gallery2 -- multiple vulnerabilities |
tikiwiki -- multiple vulnerabilities |
2007-11-06 |
pcre -- arbitrary code execution |
perl -- regular expressions unicode data buffer overflow |
2007-11-05 |
gftp -- multiple vulnerabilities |
perdition -- str_vwrite format string vulnerability |
2007-11-04 |
dircproxy -- remote denial of service |
2007-11-01 |
wordpress -- cross-site scripting |
2007-10-30 |
openldap -- multiple remote denial of service vulnerabilities |
2007-10-27 |
py-django -- denial of service vulnerability |
2007-10-25 |
opera -- multiple vulnerabilities |
2007-10-24 |
drupal --- multiple vulnerabilities |
2007-10-23 |
ldapscripts -- Command Line User Credentials Disclosure |
2007-10-22 |
firefox -- OnUnload Javascript browser entrapment vulnerability |
2007-10-17 |
phpmyadmin -- cross-site scripting vulnerability |
2007-10-16 |
phpmyadmin -- cross-site scripting vulnerability |
2007-10-11 |
nagios-plugins -- Long Location Header Buffer Overflow Vulnerability |
png -- multiple vulnerabilities |
2007-10-10 |
ImageMagick -- multiple vulnerabilities |
2007-10-08 |
jdk/jre -- Applet Caching May Allow Network Access Restrictions to be Circumvented |
xfs -- multiple vulnerabilities |
2007-10-05 |
tcl/tk -- buffer overflow in ReadImage function |
2007-10-04 |
firebird -- multiple remote buffer overflow vulnerabilities |
2007-10-01 |
id3lib -- insecure temporary file creation |
2007-09-21 |
bugzilla -- multiple vulnerabilities |
clamav -- multiple remote Denial of Service vulnerabilities |
mediawiki -- cross site scripting vulnerability |
samba -- nss_info plugin privilege escalation vulnerability |
wordpress -- remote sql injection vulnerability |
2007-09-20 |
bugzilla -- "createmailregexp" security bypass vulnerability |
coppermine -- multiple vulnerabilities |
openoffice -- arbitrary command execution vulnerability |
2007-09-19 |
flyspray -- authentication bypass |
kdm -- passwordless login vulnerability |
konquerer -- address bar spoofing |
mozilla -- code execution via Quicktime media-link files |
2007-09-11 |
apache -- multiple vulnerabilities |
php -- multiple vulnerabilities |
2007-09-10 |
lighttpd -- FastCGI header overrun in mod_fastcgi |
2007-09-05 |
lsh -- multiple vulnerabilities |
rkhunter -- insecure temporary file creation |
2007-09-02 |
fetchmail -- denial of service on reject of local warning message |
2007-09-01 |
gtar -- Directory traversal vulnerability |
2007-08-27 |
claws-mail -- POP3 Format String Vulnerability |
2007-08-21 |
rsync -- off by one stack overflow |
2007-08-15 |
opera -- Vulnerability in javascript handling |
2007-08-02 |
FreeBSD -- Buffer overflow in tcpdump(1) |
FreeBSD -- Predictable query ids in named(8) |
fsplib -- multiple vulnerabilities |
joomla -- multiple vulnerabilities |
2007-07-31 |
xpdf -- stack based buffer overflow |
2007-07-29 |
mutt -- buffer overflow vulnerability |
2007-07-28 |
drupal -- Cross site request forgeries |
drupal -- Multiple cross-site scripting vulnerabilities |
p5-Net-DNS -- multiple Vulnerabilities |
phpsysinfo -- url Cross-Site Scripting |
2007-07-27 |
vim -- Command Format String Vulnerability |
2007-07-26 |
libvorbis -- Multiple memory corruption flaws |
2007-07-24 |
dokuwiki -- XSS vulnerability in spellchecker backend |
tomcat -- multiple vulnerabilities |
tomcat -- XSS vulnerability in sample applications |
2007-07-21 |
lighttpd -- multiple vulnerabilities |
2007-07-19 |
mozilla -- multiple vulnerabilities |
opera -- multiple vulnerabilities |
2007-07-18 |
linux-flashplugin -- critical vulnerabilities |
2007-07-06 |
wireshark -- Multiple problems |
2007-07-03 |
typespeed -- arbitrary code execution |
2007-06-29 |
gd -- multiple vulnerabilities |
2007-06-28 |
flac123 -- stack overflow in comment parsing |
2007-06-25 |
evolution-data-server -- remote execution of arbitrary code vulnerability |
2007-06-21 |
xpcd -- buffer overflow |
2007-06-19 |
clamav -- multiple vulnerabilities |
2007-06-18 |
p5-Mail-SpamAssassin -- local user symlink-attack DoS vulnerability |
vlc -- format string vulnerability and integer overflow |
2007-06-12 |
cups -- Incomplete SSL Negotiation Denial of Service |
2007-06-09 |
c-ares -- DNS Cache Poisoning Vulnerability |
webmin -- cross site scripting vulnerability |
wordpress -- unmoderated comments disclosure |
wordpress -- XMLRPC SQL Injection |
2007-06-07 |
mplayer -- cddb stack overflow |
2007-06-05 |
mod_jk -- information disclosure |
2007-06-04 |
phppgadmin -- cross site scripting vulnerability |
typo3 -- email header injection |
2007-06-01 |
findutils -- GNU locate heap buffer overrun |
2007-05-24 |
FreeType 2 -- Heap overflow vulnerability |
2007-05-23 |
FreeBSD -- heap overflow in file(1) |
2007-05-21 |
squirrelmail -- Cross site scripting in HTML filter |
2007-05-16 |
png -- DoS crash vulnerability |
samba -- multiple vulnerabilities |
2007-05-07 |
php -- multiple vulnerabilities |
2007-05-01 |
qemu -- several vulnerabilities |
2007-04-30 |
p5-Imager -- possibly exploitable buffer overflow |
2007-04-28 |
FreeBSD -- IPv6 Routing Header 0 is dangerous |
2007-04-24 |
mod_perl -- remote DoS in PATH_INFO parsing |
2007-04-19 |
claws-mail -- APOP vulnerability |
2007-04-14 |
lighttpd -- DOS when access files with mtime 0 |
lighttpd -- Remote DOS in CRLF parsing |
2007-04-13 |
freeradius -- EAP-TTLS Tunnel Memory Leak Remote DOS Vulnerability |
2007-04-09 |
fetchmail -- insecure APOP authentication |
2007-04-08 |
mcweject -- exploitable buffer overflow |
WebCalendar -- "noSet" variable overwrite vulnerability |
2007-04-05 |
zope -- cross-site scripting vulnerability |
2007-03-21 |
Squid -- TRACE method handling denial of service |
2007-03-16 |
samba -- format string bug in afsacl.so VFS plugin |
samba -- potential Denial of Service bug in smbd |
sql-ledger -- security bypass vulnerability |
2007-03-11 |
ktorrent -- multiple vulnerabilities |
2007-03-09 |
mplayer -- DMO File Parsing Buffer Overflow Vulnerability |
trac -- cross site scripting vulnerability |
2007-03-05 |
mod_jk -- long URL stack overflow vulnerability |
2007-02-27 |
bind -- Multiple Denial of Service vulnerabilities |
FreeBSD -- Jail rc.d script privilege escalation |
FreeBSD -- Kernel memory disclosure in firewire(4) |
gtar -- name mangling symlink vulnerability |
2007-02-26 |
libarchive -- Infinite loop in corrupt archives handling in libarchive |
OpenSSL -- Multiple problems in crypto(3) |
2007-02-24 |
mozilla -- multiple vulnerabilities |
2007-02-21 |
snort -- DCE/RPC preprocessor vulnerability |
2007-02-17 |
php -- multiple vulnerabilities |
rar -- password prompt buffer overflow vulnerability |
2007-01-17 |
joomla -- multiple remote vulnerabilities |
2007-01-15 |
sircd -- remote operator privilege escalation vulnerability |
sircd -- remote reverse DNS buffer overflow |
2007-01-12 |
cacti -- Multiple vulnerabilities |
2007-01-08 |
mplayer -- buffer overflow in the code for RealMedia RTSP streams. |
2007-01-06 |
fetchmail -- crashes when refusing a message bound for an MDA |
fetchmail -- TLS enforcement problem/MITM attack/password exposure |
2007-01-05 |
drupal -- multiple vulnerabilities |
opera -- multiple vulnerabilities |
2007-01-03 |
w3m -- format string vulnerability |
2006-12-27 |
plone -- user can masquerade as a group |
2006-12-21 |
proftpd -- remote code execution vulnerabilities |
2006-12-19 |
bind9 -- Denial of Service in named(8) |
gzip -- multiple vulnerabilities |
openssl -- Incorrect PKCS#1 v1.5 padding validation in crypto(3) |
2006-12-18 |
sql-ledger -- multiple vulnerabilities |
2006-12-14 |
dbus -- match_rule_equal() Weakness |
evince -- Buffer Overflow Vulnerability |
2006-12-13 |
tdiary -- injection vulnerability |
wv -- Multiple Integer Overflow Vulnerabilities |
wv2 -- Integer Overflow Vulnerability |
2006-12-12 |
clamav -- Multipart Nestings Denial of Service |
2006-12-11 |
tnftpd -- Remote root Exploit |
2006-12-07 |
gnupg -- remotely controllable function pointer |
libxine -- multiple buffer overflow vulnerabilities |
2006-12-04 |
ruby -- cgi.rb library Denial of Service |
2006-12-02 |
ImageMagick -- SGI Image File heap overflow vulnerability |
libmusicbrainz -- multiple buffer overflow vulnerabilities |
tdiary -- cross site scripting vulnerability |
2006-11-30 |
gtar -- GNUTYPE_NAMES directory traversal vulnerability |
kronolith -- arbitrary local file inclusion vulnerability |
2006-11-27 |
gnupg -- buffer overflow |
2006-11-14 |
proftpd -- Remote Code Execution Vulnerability |
unzoo -- Directory Traversal Vulnerability |
2006-11-11 |
bugzilla -- multiple vulnerabilities |
2006-11-08 |
Imlib2 -- multiple image file processing vulnerabilities |
2006-11-04 |
ruby -- cgi.rb library Denial of Service |
2006-10-29 |
mysql -- database "case-sensitive" privilege escalation |
mysql -- database suid privilege escalation |
screen -- combined UTF-8 characters vulnerability |
2006-10-22 |
kdelibs -- integer overflow in khtml |
2006-10-21 |
Serendipity -- XSS Vulnerabilities |
2006-10-20 |
asterisk -- remote heap overwrite vulnerability |
opera -- URL parsing heap overflow vulnerability |
2006-10-19 |
plone -- unprotected MembershipTool methods |
2006-10-18 |
drupal -- cross site request forgeries |
drupal -- HTML attribute injection |
drupal -- multiple XSS vulnerabilities |
ingo -- local arbitrary shell command execution |
2006-10-16 |
clamav -- CHM unpacker and PE rebuilding vulnerabilities |
NVIDIA UNIX driver -- arbitrary root code execution vulnerability |
2006-10-15 |
tkdiff -- temporary file symlink privilege escalation |
vtiger -- multiple remote file inclusion vulnerabilities |
2006-10-14 |
google-earth -- heap overflow in the KML engine |
2006-10-07 |
python -- buffer overrun in repr() for unicode strings |
torrentflux -- User-Agent XSS Vulnerability |
2006-10-06 |
php -- _ecalloc Integer Overflow Vulnerability |
2006-10-05 |
mambo -- multiple SQL injection vulnerabilities |
mono -- "System.CodeDom.Compiler" Insecure Temporary Creation |
openldap -- slapd acl selfwrite Security Issue |
php -- open_basedir Race Condition Vulnerability |
tin -- buffer overflow vulnerabilities |
2006-10-04 |
phpbb -- NULL byte injection vulnerability |
2006-10-03 |
postnuke -- admin section SQL injection |
2006-10-02 |
cscope -- Buffer Overflow Vulnerabilities |
freetype -- LWFN Files Buffer Overflow Vulnerability |
gnutls -- RSA Signature Forgery Vulnerability |
MT -- Search Unspecified XSS |
phpmyadmin -- XSRF vulnerabilities |
2006-09-30 |
dokuwiki -- multiple vulnerabilities |
dokuwiki -- multiple vulnerabilities |
openssh -- multiple vulnerabilities |
punbb -- NULL byte injection vulnerability |
tikiwiki -- multiple vulnerabilities |
2006-09-26 |
freeciv -- Denial of Service Vulnerabilities |
freeciv -- Packet Parsing Denial of Service Vulnerability |
plans -- multiple vulnerabilities |
2006-09-25 |
eyeOS -- multiple XSS security bugs |
2006-09-22 |
libmms -- stack-based buffer overflow |
opera -- RSA Signature Forgery |
zope -- restructuredText "csv_table" Information Disclosure |
2006-09-15 |
mozilla -- multiple vulnerabilities |
2006-09-14 |
win32-codecs -- multiple vulnerabilities |
2006-09-13 |
drupal-pubcookie -- authentication may be bypassed |
php -- multiple vulnerabilities |
2006-09-12 |
linux-flashplugin7 -- arbitrary code execution vulnerabilities |
2006-09-04 |
mailman -- Multiple Vulnerabilities |
2006-09-02 |
gtetrinet -- remote code execution |
hlstats -- multiple cross site scripting vulnerabilities |
2006-08-30 |
joomla -- multiple vulnerabilities |
2006-08-23 |
sppp -- buffer overflow vulnerability |
2006-08-17 |
horde -- Phishing and Cross-Site Scripting Vulnerabilities |
2006-08-15 |
globus -- Multiple tmpfile races |
2006-08-13 |
alsaplayer -- multiple vulnerabilities |
mysql -- format string vulnerability |
postgresql -- encoding based SQL injection |
postgresql -- multiple vulnerabilities |
x11vnc -- authentication bypass vulnerability |
2006-08-12 |
squirrelmail -- random variable overwrite vulnerability |
2006-08-10 |
rubygem-rails -- evaluation of ruby code |
2006-08-08 |
clamav -- heap overflow vulnerability |
2006-08-02 |
drupal -- XSS vulnerability |
gnupg -- 2 more possible memory allocation attacks |
2006-07-29 |
ruby -- multiple vulnerabilities |
2006-07-28 |
apache -- mod_rewrite buffer overflow vulnerability |
2006-07-27 |
mozilla -- multiple vulnerabilities |
2006-07-14 |
zope -- information disclosure vulnerability |
2006-07-13 |
drupal -- multiple vulnerabilities |
2006-07-11 |
shoutcast -- cross-site scripting, information exposure |
2006-07-10 |
samba -- memory exhaustion DoS in smbd |
twiki -- multiple file extensions file upload vulnerability |
2006-07-07 |
trac -- reStructuredText breach of privacy and denial of service vulnerability |
2006-07-05 |
horde -- various problems in dereferrer |
mambo -- SQL injection vulnerabilities |
2006-07-03 |
phpmyadmin -- cross site scripting vulnerability |
2006-07-02 |
webmin, usermin -- arbitrary file disclosure vulnerability |
2006-06-30 |
Joomla -- multiple vulnerabilities |
mutt -- Remote Buffer Overflow Vulnerability |
2006-06-27 |
hashcash -- heap overflow vulnerability |
2006-06-25 |
gnupg -- user id integer overflow vulnerability |
2006-06-17 |
horde -- multiple parameter cross site scripting vulnerabilities |
2006-06-16 |
WebCalendar -- information disclosure vulnerability |
2006-06-14 |
sendmail -- Incorrect multipart message handling |
2006-06-11 |
dokuwiki -- multiple vulnerabilities |
libxine -- buffer overflow vulnerability |
2006-06-09 |
smbfs -- chroot escape |
ypserv -- Inoperative access controls in ypserv |
2006-06-08 |
freeradius -- authentication bypass vulnerability |
freeradius -- multiple vulnerabilities |
2006-06-05 |
dokuwiki -- spellchecker remote PHP code execution |
drupal -- multiple vulnerabilities |
squirrelmail -- plugin.php local file inclusion vulnerability |
2006-06-01 |
MySQL -- Information Disclosure and Buffer Overflow Vulnerabilities |
MySQL -- SQL-injection security vulnerability |
2006-05-23 |
cscope -- buffer overflow vulnerabilities |
frontpage -- cross site scripting vulnerability |
2006-05-22 |
coppermine -- "file" Local File Inclusion Vulnerability |
coppermine -- File Inclusion Vulnerabilities |
coppermine -- Multiple File Extensions Vulnerability |
2006-05-21 |
phpmyadmin -- XSRF vulnerabilities |
2006-05-18 |
vnc -- authentication bypass vulnerability |
2006-05-14 |
phpldapadmin -- Cross-Site Scripting and Script Insertion vulnerabilities |
2006-05-06 |
fswiki -- XSS vulnerability |
mysql50-server -- COM_TABLE_DUMP arbitrary code execution |
2006-05-05 |
awstats -- arbitrary command execution vulnerability |
2006-05-03 |
clamav -- Freshclam HTTP Header Buffer Overflow Vulnerability |
firefox -- denial of service vulnerability |
phpwebftp -- "language" Local File Inclusion |
2006-05-02 |
trac -- Wiki Macro Script Insertion Vulnerability |
2006-05-01 |
jabberd -- SASL Negotiation Denial of Service Vulnerability |
2006-04-27 |
amaya -- Attribute Value Buffer Overflow Vulnerabilities |
cacti -- ADOdb "server.php" Insecure Test Script Security Issue |
ethereal -- Multiple Protocol Dissector Vulnerabilities |
lifetype -- ADOdb "server.php" Insecure Test Script Security Issue |
2006-04-25 |
asterisk -- denial of service vulnerability, local system access |
2006-04-23 |
crossfire-server -- denial of service and remote code execution vulnerability |
p5-DBI -- insecure temporary file creation vulnerability |
wordpress -- full path disclosure |
xine -- multiple remote string vulnerabilities |
zgv, xzgv -- heap overflow vulnerability |
2006-04-22 |
cyrus-sasl -- DIGEST-MD5 Pre-Authentication Denial of Service |
2006-04-19 |
FreeBSD -- FPU information disclosure |
2006-04-18 |
plone -- "member_id" Parameter Portrait Manipulation Vulnerability |
2006-04-16 |
mailman -- Private Archive Script Cross-Site Scripting |
mozilla -- multiple vulnerabilities |
2006-04-10 |
f2c -- insecure temporary files |
2006-04-07 |
kaffeine -- buffer overflow vulnerability |
mplayer -- Multiple integer overflows |
thunderbird -- javascript execution |
2006-04-06 |
clamav -- Multiple Vulnerabilities |
phpmyadmin -- 'set_theme' Cross-Site Scripting |
phpmyadmin -- XSS vulnerabilities |
2006-04-05 |
dia -- XFig Import Plugin Buffer Overflow |
mediawiki -- cross site scripting vulnerability |
mediawiki -- hardcoded placeholder string security bypass vulnerability |
mod_pubcookie -- cross site scripting vulnerability |
netpbm -- buffer overflow in pnmtopng |
openvpn -- LD_PRELOAD code execution on client through malicious or compromised server |
pubcookie-login-server -- cross site scripting vulnerability |
samba -- Exposure of machine account credentials in winbind log files |
zoo -- stack based buffer overflow |
2006-03-29 |
freeradius -- EAP-MSCHAPv2 Authentication Bypass |
2006-03-28 |
horde -- remote code execution vulnerability in the help viewer |
2006-03-27 |
linux-realplayer -- buffer overrun |
linux-realplayer -- heap overflow |
2006-03-24 |
ipsec -- reply attack vulnerability |
OPIE -- arbitrary password change |
sendmail -- race condition vulnerability |
2006-03-21 |
xorg-server -- privilege escalation |
2006-03-20 |
curl -- TFTP packet buffer overflow vulnerability |
heimdal -- Multiple vulnerabilities |
2006-03-17 |
drupal -- multiple vulnerabilities |
2006-03-15 |
horde -- "url" disclosure of sensitive information vulnerability |
linux-flashplugin -- arbitrary code execution vulnerability |
2006-03-12 |
nfs -- remote denial of service |
openssh -- remote denial of service |
2006-03-10 |
GnuPG does not detect injection of unsigned data |
2006-03-09 |
mplayer -- heap overflow in the ASF demuxer |
2006-03-04 |
SSH.COM SFTP server -- format string vulnerability |
2006-03-03 |
gtar -- invalid headers buffer overflow |
2006-02-27 |
bugzilla -- multiple vulnerabilities |
2006-02-24 |
squirrelmail -- multiple vulnerabilities |
2006-02-20 |
abiword, koffice -- stack based buffer overflow vulnerabilities |
gedit -- format string vulnerability |
WebCalendar -- unauthorized access vulnerability |
2006-02-18 |
postgresql81-server -- SET ROLE privilege escalation |
2006-02-17 |
gnupg -- false positive signature verification |
2006-02-16 |
heartbeat -- insecure temporary file creation vulnerability |
libtomcrypt -- weak signature scheme with ECC keys |
mantis -- "view_filters_page.php" cross site scripting vulnerability |
phpbb -- multiple vulnerabilities |
postgresql -- character conversion and tsearch2 vulnerabilities |
rssh -- privilege escalation vulnerability |
sudo -- arbitrary command execution |
tor -- malicious tor server can locate a hidden service |
2006-02-15 |
kpdf -- heap based buffer overflow |
perl, webmin, usermin -- perl format string integer wrap vulnerability |
phpicalendar -- cross site scripting vulnerability |
phpicalendar -- file disclosure vulnerability |
2006-02-14 |
FreeBSD -- Infinite loop in SACK handling |
FreeBSD -- Local kernel memory disclosure |
IEEE 802.11 -- buffer overflow |
ipfw -- IP fragment denial of service |
pf -- IP fragment handling panic |
2006-02-07 |
kpopup -- local root exploit and local denial of service |
2006-01-27 |
cpio -- multiple vulnerabilities |
cvsbug -- race condition |
ee -- temporary file privilege escalation |
texindex -- temporary file privilege escalation |
2006-01-23 |
fetchmail -- crash when bouncing a message |
sge -- local root exploit in bundled rsh executable |
2006-01-10 |
clamav -- possible heap overflow in the UPX code |
2006-01-09 |
milter-bogom -- headerless message crash |
2006-01-07 |
bogofilter -- heap corruption through excessively long words |
bogofilter -- heap corruption through malformed input |
2006-01-04 |
rxvt-unicode -- restore permissions on tty devices |
2006-01-01 |
apache -- mod_imap cross-site scripting flaw |
2005-12-22 |
nbd-server -- buffer overflow vulnerability |
scponly -- local privilege escalation exploits |
2005-12-19 |
fetchmail -- null pointer dereference in multidrop mode with headerless email |
2005-12-14 |
mantis -- "t_core_path" file inclusion vulnerability |
mantis -- "view_filters_page.php" cross-site scripting vulnerability |
2005-12-11 |
horde -- Cross site scripting vulnerabilities in several of Horde's templates |
kronolith -- Cross site scripting vulnerabilities in several of the calendar name and event data fields |
mnemo -- Cross site scripting vulnerabilities in several of the notepad name and note data fields |
nag -- Cross site scripting vulnerabilities in several of the tasklist name and task data fields |
turba -- Cross site scripting vulnerabilities in several of the address book name and contact data fields |
2005-12-09 |
curl -- URL buffer overflow vulnerability |
2005-12-07 |
ffmpeg -- libavcodec buffer overflow vulnerability |
phpmyadmin -- register_globals emulation "import_blacklist" manipulation |
phpmyadmin -- XSS vulnerabilities |
trac -- search module SQL injection vulnerability |
2005-12-01 |
drupal -- multiple vulnerabilities |
2005-11-30 |
mambo -- "register_globals" emulation layer overwrite vulnerability |
opera -- command line URL shell command injection |
opera -- multiple vulnerabilities |
2005-11-27 |
ghostscript -- insecure temporary file creation vulnerability |
2005-11-22 |
horde -- Cross site scripting vulnerabilities in MIME viewers |
2005-11-16 |
phpmyadmin -- HTTP Response Splitting vulnerability |
2005-11-13 |
Macromedia flash player -- swf file handling arbitrary code |
phpSysInfo -- "register_globals" emulation layer overwrite vulnerability |
2005-11-10 |
flyspray -- cross-site scripting vulnerabilities |
p5-Mail-SpamAssassin -- long message header denial of service |
2005-11-07 |
qpopper -- multiple privilege escalation vulnerabilities |
2005-11-04 |
pear-PEAR -- PEAR installer arbitrary code execution vulnerability |
2005-11-01 |
openvpn -- arbitrary code execution on client through malicious or compromised server |
openvpn -- potential denial-of-service on servers in TCP mode |
PHP -- multiple vulnerabilities |
skype -- multiple buffer overflow vulnerabilities |
squid -- FTP server response handling denial of service |
2005-10-31 |
base -- PHP SQL injection vulnerability |
2005-10-30 |
fetchmail -- fetchmailconf local password exposure |
lynx -- remote buffer overflow |
2005-10-27 |
ruby -- vulnerability in the safe level settings |
2005-10-20 |
xloadimage -- buffer overflows in NIFF image title handling |
2005-10-18 |
snort -- Back Orifice preprocessor buffer overflow vulnerability |
2005-10-15 |
gallery2 -- file disclosure vulnerability |
WebCalendar -- remote file inclusion vulnerability |
2005-10-12 |
openssl -- potential SSL 2.0 rollback |
2005-10-11 |
phpmyadmin -- local file inclusion vulnerability |
zope -- expose RestructuredText functionality to untrusted users |
2005-10-09 |
libxine -- format string vulnerability |
2005-10-05 |
imap-uw -- mailbox name handling remote buffer vulnerability |
2005-10-02 |
picasm -- buffer overflow vulnerability |
weex -- remote format string vulnerability |
2005-10-01 |
cfengine -- arbitrary file overwriting vulnerability |
uim -- privilege escalation vulnerability |
2005-09-29 |
phpmyfaq -- SQL injection, takeover, path disclosure, remote code execution |
2005-09-24 |
clamav -- arbitrary code execution and DoS vulnerabilities |
2005-09-23 |
firefox & mozilla -- multiple vulnerabilities |
2005-09-22 |
firefox & mozilla -- command line URL shell command injection |
2005-09-17 |
apache -- Certificate Revocation List (CRL) off-by-one vulnerability |
squirrelmail -- _$POST variable handling allows for various attacks |
2005-09-15 |
squid -- possible denial of service condition regarding NTLM authentication |
X11 server -- pixmap allocation vulnerability |
2005-09-13 |
unzip -- permission race vulnerability |
2005-09-10 |
firefox & mozilla -- buffer overflow vulnerability |
2005-09-04 |
htdig -- cross site scripting vulnerability |
squid -- Denial Of Service Vulnerability in sslConnectTimeout |
squid -- Possible Denial Of Service Vulnerability in store.c |
2005-09-03 |
bind -- buffer overrun vulnerability |
bind9 -- denial of service |
2005-09-02 |
urban -- stack overflow vulnerabilities |
2005-08-29 |
fswiki -- command injection vulnerability |
2005-08-27 |
evolution -- remote format string vulnerabilities |
pam_ldap -- authentication bypass vulnerability |
2005-08-26 |
pcre -- regular expression buffer overflow |
2005-08-23 |
elm -- remote buffer overflow in Expires header |
2005-08-19 |
openvpn -- denial of service: client certificate validation can disconnect unrelated clients |
openvpn -- denial of service: malicious authenticated "tap" client can deplete server virtual memory |
openvpn -- denial of service: undecryptable packet from authorized client can disconnect unrelated clients |
openvpn -- multiple TCP clients connecting with the same certificate at the same time can crash the server |
2005-08-17 |
tor -- diffie-hellman handshake flaw |
2005-08-16 |
acroread -- plug-in buffer overflow vulnerability |
2005-08-15 |
pear-XML_RPC -- remote PHP code injection vulnerability |
2005-08-14 |
awstats -- arbitrary code execution vulnerability |
2005-08-12 |
gaim -- AIM/ICQ away message buffer overflow |
gaim -- AIM/ICQ non-UTF-8 filename crash |
libgadu -- multiple vulnerabilities |
xpdf -- disk fill DoS vulnerability |
2005-08-09 |
gforge -- XSS and email flood vulnerabilities |
2005-08-08 |
postnuke -- multiple vulnerabilities |
2005-08-05 |
devfs -- ruleset bypass |
ipsec -- Incorrect key usage in AES-XCBC-MAC |
mambo -- multiple vulnerabilities |
zlib -- buffer overflow vulnerability |
2005-08-03 |
proftpd -- format string vulnerabilities |
2005-08-01 |
nbsmtp -- format string vulnerability |
2005-07-31 |
gnupg -- OpenPGP symmetric encryption vulnerability |
phpmyadmin -- cross site scripting vulnerability |
sylpheed -- MIME-encoded file name buffer overflow vulnerability |
vim -- vulnerabilities in modeline handling: glob, expand |
2005-07-30 |
ethereal -- multiple protocol dissectors vulnerabilities |
jabberd -- 3 buffer overflows |
opera -- download dialog spoofing vulnerability |
opera -- image dragging vulnerability |
tiff -- buffer overflow vulnerability |
2005-07-26 |
apache -- http request smuggling |
2005-07-25 |
clamav -- multiple remote buffer overflows |
2005-07-23 |
egroupware -- multiple cross-site scripting (XSS) and SQL injection vulnerabilities |
isc-dhcpd -- format string vulnerabilities |
2005-07-22 |
fetchmail -- denial of service/crash from malicious POP3 server |
2005-07-21 |
dnrd -- remote buffer and stack overflow vulnerabilities |
PowerDNS -- LDAP backend fails to escape all queries |
2005-07-20 |
fetchmail -- remote root/code injection from malicious POP3 server |
2005-07-18 |
kdebase -- Kate backup file permission leak |
2005-07-16 |
drupal -- PHP code execution vulnerabilities |
firefox & mozilla -- multiple vulnerabilities |
2005-07-09 |
mysql-server -- insecure temporary file creation |
net-snmp -- fixproc insecure temporary file creation |
phpbb -- multiple vulnerabilities |
phpSysInfo -- cross site scripting vulnerability |
shtool -- insecure temporary file creation |
2005-07-08 |
bugzilla -- multiple vulnerabilities |
ekg -- insecure temporary file creation |
nwclient -- multiple vulnerabilities |
pear-XML_RPC -- information disclosure vulnerabilities |
phppgadmin -- "formLanguage" local file inclusion vulnerability |
2005-07-06 |
acroread -- buffer overflow vulnerability |
acroread -- insecure temporary file creation |
clamav -- cabinet file handling DoS vulnerability |
clamav -- MS-Expand file handling DoS vulnerability |
zlib -- buffer overflow vulnerability |
2005-07-05 |
cacti -- multiple vulnerabilities |
net-snmp -- remote DoS vulnerability |
wordpress -- multiple vulnerabilities |
wordpress -- multiple vulnerabilities |
2005-07-03 |
pear-XML_RPC -- arbitrary remote code execution |
phpbb -- remote PHP code execution vulnerability |
2005-06-29 |
bzip2 -- denial of service and permission race vulnerabilities |
kernel -- ipfw packet matching errors with address tables |
kernel -- TCP connection stall denial of service |
2005-06-24 |
ethereal -- multiple protocol dissectors vulnerabilities |
linux-realplayer -- RealText parsing heap overflow |
tor -- information disclosure |
2005-06-23 |
ruby -- arbitrary command execution on XMLRPC server |
2005-06-21 |
cacti -- potential SQL injection and cross site scripting attacks |
2005-06-20 |
opera -- "javascript:" URL cross-site scripting vulnerability |
opera -- redirection cross-site scripting vulnerability |
opera -- XMLHttpRequest security bypass |
razor-agents -- denial of service vulnerability |
sudo -- local race condition vulnerability |
trac -- file upload/download vulnerability |
2005-06-18 |
acroread -- XML External Entity vulnerability |
gzip -- directory traversal and permission race vulnerabilities |
p5-Mail-SpamAssassin -- denial of service vulnerability |
squirrelmail -- Several cross site scripting vulnerabilities |
tcpdump -- infinite loops in protocol decoding |
2005-06-17 |
fd_set -- bitmap index overflow in multiple applications |
gaim -- MSN Remote DoS vulnerability |
gaim -- Yahoo! remote crash vulnerability |
gallery -- cross-site scripting |
gallery -- remote code injection via HTTP_POST_VARS |
kstars -- exploitable set-user-ID application fliccd |
2005-06-09 |
leafnode -- denial of service vulnerability |
2005-06-03 |
gforge -- directory traversal vulnerability |
imap-uw -- authentication bypass when CRAM-MD5 is enabled |
racoon -- remote denial-of-service |
squid -- denial-of-service vulnerabilities |
xli -- integer overflows in image size calculations |
xloadimage -- arbitrary command execution when handling compressed files |
xloadimage -- buffer overflow in FACES image handling |
yamt -- buffer overflow and directory traversal issues |
2005-06-01 |
linux_base -- vulnerabilities in Red Hat 7.1 libraries |
mailman -- generated passwords are poor quality |
mailman -- password disclosure |
squirrelmail -- XSS and remote code injection vulnerabilities |
sympa -- buffer overflow in "queue" |
tomcat -- Tomcat Manager cross-site scripting |
xtrlock -- X display locking bypass |
xview -- multiple buffer overflows in xv_parse_one |
2005-05-29 |
fswiki -- XSS problem in file upload form |
2005-05-22 |
freeradius -- sql injection and denial of service vulnerability |
oops -- format string vulnerability |
ppxp -- local root exploit |
2005-05-19 |
cdrdao -- unspecified privilege escalation vulnerability |
squid -- DNS lookup spoofing vulnerability |
squid -- possible abuse of cachemgr.cgi |
2005-05-14 |
gaim -- MSN remote DoS vulnerability |
gaim -- remote crash on some protocols |
2005-05-13 |
kernel -- information disclosure when using HTT |
leafnode -- fetchnews denial-of-service triggered by transmission abort/timeout |
2005-05-12 |
mozilla -- "Wrapped" javascript: urls bypass security checks |
mozilla -- privilege escalation via non-DOM property overrides |
2005-05-11 |
mozilla -- code execution via javascript: IconURL vulnerability |
qmail -- 64 bit integer overflows with possible remote code execution on large SMTP requests |
qmail -- 64 bit integer overflows with possible remote code execution on large SMTP requests |
qmail -- 64 bit integer overflows with possible remote code execution on large SMTP requests |
2005-05-09 |
groff -- groffer uses temporary files unsafely |
groff -- pic2graph and eqn2graph are vulnerable to symlink attack through temporary files |
2005-05-01 |
coppermine -- IP spoofing and XSS vulnerability |
rsnapshot -- local privilege escalation |
sharutils -- unshar insecure temporary file creation |
2005-04-27 |
ImageMagick -- ReadPNMImage() heap overflow vulnerability |
2005-04-25 |
gaim -- AIM/ICQ remote denial of service vulnerability |
gaim -- remote DoS on receiving malformed HTML |
mplayer & libxine -- MMS and Real RTSP buffer overflow vulnerabilities |
2005-04-23 |
kdewebdev -- kommander untrusted code execution vulnerability |
2005-04-22 |
junkbuster -- heap corruption vulnerability and configuration modification vulnerability |
kdelibs -- kimgio input validation errors |
2005-04-19 |
gld -- format string and buffer overflow vulnerabilities |
2005-04-17 |
axel -- remote buffer overflow |
2005-04-16 |
firefox -- arbitrary code execution in sidebar panel |
firefox -- PLUGINSPAGE privileged javascript execution |
jdk -- jar directory traversal vulnerability |
mozilla -- code execution through javascript: favicons |
mozilla -- javascript "lambda" replace exposes memory contents |
mozilla -- privilege escalation via DOM property overrides |
2005-04-13 |
openoffice -- DOC document heap overflow vulnerability |
2005-04-12 |
portupgrade -- insecure temporary file handling vulnerability |
2005-04-10 |
gaim -- jabber remote crash |
gaim -- remote DoS on receiving certain messages over IRC |
gaim -- remote DoS on receiving malformed HTML |
php -- readfile() DoS vulnerability |
squid -- DoS on failed PUT/POST requests vulnerability |
2005-04-05 |
horde -- Horde Page Title Cross-Site Scripting Vulnerability |
2005-04-04 |
wu-ftpd -- remote globbing DoS vulnerability |
2005-04-02 |
hashcash -- format string vulnerability |
2005-03-26 |
clamav -- zip handling DoS vulnerability |
2005-03-24 |
firefox -- arbitrary code execution from sidebar panel |
mozilla -- heap buffer overflow in GIF image processing |
wine -- information disclosure due to insecure temporary file handling |
2005-03-23 |
sylpheed -- buffer overflow in header processing |
2005-03-21 |
kdelibs -- local DCOP denial of service vulnerability |
xv -- filename handling format string vulnerability |
2005-03-15 |
phpmyadmin -- increased privilege vulnerability |
2005-03-14 |
ethereal -- multiple protocol dissectors vulnerabilities |
grip -- CDDB response multiple matches buffer overflow vulnerability |
mysql-server -- multiple remote vulnerabilities |
2005-03-13 |
rxvt-unicode -- buffer overflow vulnerability |
2005-03-08 |
libexif -- buffer overflow vulnerability |
phpmyadmin -- arbitrary file include and XSS vulnerabilities |
phpmyadmin -- information disclosure vulnerability |
2005-03-05 |
phpbb -- Insuffient check against HTML code in usercp_register.php |
2005-03-04 |
postnuke -- cross-site scripting (XSS) vulnerabilities |
postnuke -- SQL injection vulnerabilities |
realplayer -- remote heap overflow |
2005-03-03 |
ImageMagick -- format string vulnerability |
2005-03-01 |
lighttpd -- script source disclosure vulnerability |
uim -- privilege escalation vulnerability |
2005-02-28 |
phpbb -- privilege elevation and path disclosure |
2005-02-27 |
curl -- authentication buffer overflow vulnerability |
cyrus-imapd -- multiple buffer overflow vulnerabilities |
sup -- format string vulnerability |
2005-02-26 |
mozilla -- arbitrary code execution vulnerability |
mozilla -- insecure temporary directory vulnerability |
2005-02-24 |
mkbold-mkitalic -- format string vulnerability |
2005-02-23 |
phpbb -- multiple information disclosure vulnerabilities |
2005-02-22 |
unace -- multiple vulnerabilities |
2005-02-20 |
putty -- pscp/psftp heap corruption vulnerabilities |
2005-02-18 |
bidwatcher -- format string vulnerability |
gftp -- directory traversal vulnerability |
kdelibs -- insecure temporary file creation |
opera -- "data:" URI handler spoofing vulnerability |
opera -- kfmclient exec command execution vulnerability |
2005-02-17 |
postgresql -- multiple buffer overflows in PL/PgSQL parser |
2005-02-16 |
awstats -- arbitrary command execution |
2005-02-14 |
emacs -- movemail format string vulnerability |
powerdns -- DoS vulnerability |
2005-02-13 |
mod_python -- information leakage vulnerability |
ngircd -- buffer overflow vulnerability |
ngircd -- format string vulnerability |
2005-02-12 |
mailman -- directory traversal vulnerability |
2005-02-11 |
enscript -- multiple vulnerabilities |
2005-02-08 |
ethereal -- multiple protocol dissectors vulnerabilities |
postgresql -- privilege escalation vulnerability |
squid -- correct handling of oversized HTTP reply headers |
2005-02-03 |
python -- SimpleXMLRPCServer.py allows unrestricted traversal |
2005-02-02 |
perl -- vulnerabilities in PERLIO_DEBUG handling |
2005-02-01 |
newsfetch -- server response buffer overflow vulnerability |
newsgrab -- directory traversal vulnerability |
newsgrab -- insecure file and directory creation |
newspost -- server response buffer overflow vulnerability |
2005-01-28 |
squid -- buffer overflow in WCCP recvfrom() call |
2005-01-26 |
xpdf -- makeFileKey2() buffer overflow vulnerability |
2005-01-25 |
evolution -- arbitrary code execution vulnerability |
zhcon -- unauthorized file access |
2005-01-24 |
bugzilla -- cross-site scripting vulnerability |
mod_dosevasive -- insecure temporary file creation |
opera -- multiple vulnerabilities in Java implementation |
squid -- possible cache-poisoning via malformed HTTP responses |
web browsers -- window injection vulnerabilities |
2005-01-23 |
yamt -- arbitrary command execution vulnerability |
2005-01-22 |
horde -- XSS vulnerabilities |
squid -- HTTP response splitting cache pollution attack |
2005-01-21 |
egroupware -- arbitrary file download in JiNN |
fcron -- multiple vulnerabilities |
imlib -- xpm heap buffer overflows and integer overflows |
mc -- multiple vulnerabilities |
perl -- File::Path insecure file/directory permissions |
quake2 -- multiple critical vulnerabilities |
realplayer -- arbitrary file deletion and other vulnerabilities |
sudo -- environmental variable CDPATH is not cleared |
2005-01-19 |
konversation -- shell script command injection |
squid -- no sanity check of usernames in squid_ldap_auth |
2005-01-18 |
awstats -- remote command execution vulnerability |
cups-base -- CUPS server remote DoS vulnerability |
ImageMagick -- PSD handler heap overflow vulnerability |
mozilla -- insecure permissions for some downloaded files |
tiff -- divide-by-zero denial-of-service |
zgv -- exploitable heap overflows |
2005-01-17 |
cups-base -- HPGL buffer overflow vulnerability |
cups-lpr -- lppasswd multiple vulnerabilities |
2005-01-16 |
mysql-scripts -- mysqlaccess insecure temporary file creation |
unrtf -- buffer overflow vulnerability |
2005-01-13 |
mozilla -- heap overflow in NNTP handler |
mpg123 -- buffer overflow vulnerability |
2005-01-12 |
libxine -- DVD subpicture decoder heap overflow |
libxine -- multiple buffer overflows in RTSP |
libxine -- multiple vulnerabilities in VideoCD handling |
squid -- buffer overflow vulnerability in gopherToHTML |
squid -- denial of service with forged WCCP messages |
2005-01-11 |
hylafax -- unauthorized login vulnerability |
xshisen -- local buffer overflows |
2005-01-10 |
helvis -- arbitrary file deletion problem |
helvis -- information leak vulnerabilities |
2005-01-08 |
dillo -- format string vulnerability |
2005-01-07 |
tnftp -- mget does not check for directory escapes |
2005-01-06 |
pcal -- buffer overflow vulnerabilities |
tiff -- directory entry count integer overflow vulnerability |
tiff -- tiffdump integer overflow vulnerability |
vim -- vulnerabilities in modeline handling |
2005-01-05 |
exim -- two buffer overflow vulnerabilities |
2005-01-03 |
golddig -- local buffer overflow vulnerabilities |
greed -- insecure GRX file processing |
mpg123 -- playlist processing buffer overflow vulnerability |
2005-01-02 |
up-imapproxy -- multiple vulnerabilities |
2005-01-01 |
kdelibs3 -- konqueror FTP command injection vulnerability |
2004-12-30 |
a2ps -- insecure temporary file creation |
2004-12-29 |
libxine -- buffer-overflow vulnerability in aiff support |
2004-12-26 |
jabberd -- denial-of-service vulnerability |
2004-12-23 |
ethereal -- multiple vulnerabilities |
squid -- confusing results on empty acl declarations |
xpdf -- buffer overflow vulnerability |
2004-12-22 |
phpbb -- arbitrary command execution and other vulnerabilities |
2004-12-21 |
acroread5 -- mailListIsPdf() buffer overflow vulnerability |
ecartis -- unauthorised access to admin interface |
krb5 -- heap buffer overflow vulnerability in libkadm5srv |
mplayer -- multiple vulnerabilities |
samba -- integer overflow vulnerability |
2004-12-17 |
php -- multiple vulnerabilities |
2004-12-16 |
mysql -- ALTER MERGE denial of service vulnerability |
mysql -- erroneous access restrictions applied to table renames |
mysql -- FTS request denial of service vulnerability |
mysql -- GRANT access restriction problem |
mysql -- mysql_real_connect buffer overflow vulnerability |
2004-12-15 |
phpmyadmin -- command execution vulnerability |
phpmyadmin -- file disclosure vulnerability |
2004-12-14 |
wget -- multiple vulnerabilities |
2004-12-12 |
konqueror -- Password Disclosure for SMB Shares |
2004-12-11 |
mod_access_referer -- null pointer dereference vulnerability |
2004-12-09 |
squid -- possible information disclosure |
2004-12-08 |
viewcvs -- information leakage |
2004-12-07 |
cscope -- symlink attack vulnerability |
2004-12-04 |
bnc -- remotely exploitable buffer overflow in getnickuserhost |
2004-12-02 |
rockdodger -- buffer overflows |
rssh & scponly -- arbitrary command execution |
2004-12-01 |
sudoscript -- signal delivery vulnerability |
zip -- long path buffer overflow |
2004-11-30 |
jabberd -- remote buffer overflow vulnerability |
2004-11-27 |
Open DC Hub -- remote buffer overflow vulnerability |
2004-11-26 |
unarj -- directory traversal vulnerability |
unarj -- long filename buffer overflow |
2004-11-25 |
jdk/jre -- Security Vulnerability With Java Plugin |
ProZilla -- server response buffer overflow vulnerabilities |
2004-11-22 |
Cyrus IMAPd -- APPEND command uses undefined programming construct |
Cyrus IMAPd -- FETCH command out of bounds memory corruption |
Cyrus IMAPd -- IMAPMAGICPLUS preauthentification overflow |
Cyrus IMAPd -- PARTIAL command out of bounds memory corruption |
2004-11-20 |
phpMyAdmin -- cross-site scripting vulnerabilities |
2004-11-18 |
Overflow error in fetch |
2004-11-17 |
smbd -- buffer-overrun vulnerability |
2004-11-15 |
proxytunnel -- format string vulnerability |
twiki -- arbitrary shell command execution |
2004-11-13 |
ruby -- CGI DoS |
sudo -- privilege escalation with bash scripts |
2004-11-12 |
gnats -- format string vulnerability |
samba -- potential remote DoS vulnerability |
squirrelmail -- cross site scripting vulnerability |
2004-11-11 |
ez-ipupdate -- format string vulnerability |
hafiye -- lack of terminal escape sequence filtering |
ImageMagick -- EXIF parser buffer overflow |
2004-11-10 |
apache2 multiple space header denial-of-service vulnerability |
socat -- format string vulnerability |
2004-11-09 |
libxml -- remote buffer overflows |
2004-11-08 |
p5-Archive-Zip -- virus detection evasion |
2004-11-06 |
apache mod_include buffer overflow vulnerability |
postgresql-contrib -- insecure temporary file creation |
2004-11-05 |
gd -- integer overflow |
2004-11-04 |
putty -- buffer overflow vulnerability in ssh2 support |
2004-11-03 |
wzdftpd -- remote DoS |
2004-10-27 |
horde -- cross-site scripting vulnerability in help window |
2004-10-26 |
bogofilter -- RFC 2047 decoder denial-of-service vulnerability |
2004-10-25 |
gaim -- buffer overflow in MSN protocol support |
gaim -- Content-Length header denial-of-service vulnerability |
gaim -- heap overflow exploitable by malicious GroupWise server |
gaim -- malicious smiley themes |
gaim -- MSN denial-of-service vulnerabilities |
gaim -- multiple buffer overflows |
rssh -- format string vulnerability |
xpdf -- integer overflow vulnerabilities |
2004-10-23 |
mod_ssl -- SSLCipherSuite bypass |
mpg123 -- buffer overflow in URL handling |
2004-10-21 |
apache2 -- SSL remote DoS |
2004-10-20 |
a2ps -- insecure command line argument handling |
cabextract -- insecure directory handling |
phpmyadmin -- remote command execution vulnerability |
2004-10-19 |
ifmail -- unsafe set-user-ID application |
imwheel -- insecure handling of PID file |
2004-10-18 |
squid -- NTLM authentication denial-of-service vulnerability |
2004-10-17 |
apache13-modssl -- format string vulnerability in proxy support |
cacti -- SQL injection |
2004-10-15 |
tor -- remote DoS and loss of anonymity |
2004-10-13 |
CUPS -- local information disclosure |
freeradius -- denial-of-service vulnerability |
icecast -- Cross-Site Scripting Vulnerability |
icecast -- HTTP header overflow |
sharutils -- buffer overflows |
tiff -- multiple integer overflows |
tiff -- RLE decoder heap overflows |
wordpress -- XSS in administration panel |
xerces-c2 -- Attribute blowup denial-of-service |
2004-10-12 |
cyrus-sasl -- potential buffer overflow in DIGEST-MD5 plugin |
mail-notification -- denial-of-service vulnerability |
squid -- SNMP module denial-of-service vulnerability |
zinf -- potential buffer overflow playlist support |
2004-10-08 |
cyrus-sasl -- dynamic library loading and set-user-ID applications |
2004-10-05 |
bmon -- unsafe set-user-ID application |
gnutls -- certificate chain verification DoS |
imp3 -- XSS hole in the HTML viewer |
php -- php_variables memory disclosure |
xv -- exploitable buffer overflows |
2004-10-04 |
Boundary checking errors in syscons |
getmail -- symlink vulnerability during maildir delivery |
2004-10-03 |
distcc -- incorrect parsing of IP access control rules |
racoon -- improper certificate handling |
2004-09-30 |
mozilla -- hostname spoofing bug |
mozilla -- scripting vulnerabilities |
mozilla -- users may be lured into bypassing security dialogs |
samba -- remote file disclosure |
2004-09-28 |
mozilla -- BMP decoder vulnerabilities |
mozilla -- multiple heap buffer overflows |
mozilla -- vCard stack buffer overflow |
2004-09-27 |
php -- memory_limit related vulnerability |
php -- strip_tags cross-site scripting vulnerability |
2004-09-26 |
subversion -- WebDAV fails to protect metadata |
2004-09-23 |
lha -- numerous vulnerabilities when extracting archives |
mysql -- heap buffer overflow with prepared statements |
2004-09-22 |
mozilla -- automated file upload |
mozilla -- built-in CA certificates may be overridden |
mozilla -- NULL bytes in FTP URLs |
mozilla -- security icon spoofing |
2004-09-21 |
rssh -- file name disclosure bug |
2004-09-20 |
Cyrus IMSPd multiple vulnerabilities |
gnu-radius -- SNMP-related denial-of-service |
sudo -- sudoedit information disclosure |
2004-09-19 |
apache -- heap overflow in mod_proxy |
2004-09-15 |
apache -- ap_resolve_env buffer overflow |
apache -- apr_uri_parse IPv6 address handling vulnerability |
cups -- print queue browser denial-of-service |
gdk-pixbuf -- image decoding vulnerabilities |
mod_dav -- lock related denial-of-service |
php -- vulnerability in RFC 1867 file upload processing |
xpm -- image decoding vulnerabilities |
2004-09-14 |
mozilla -- POP client heap overflow |
mozilla -- SOAPParameter integer overflow |
mpg123 buffer overflow |
openoffice -- document disclosure |
samba3 DoS attack |
webmin -- insecure temporary file creation at installation time |
2004-08-31 |
ImageMagick -- BMP decoder buffer overflow |
imlib -- BMP decoder heap buffer overflow |
imlib2 -- BMP decoder buffer overflow |
krb5 -- ASN.1 decoder denial-of-service vulnerability |
krb5 -- double-free vulnerabilities |
2004-08-27 |
nss -- exploitable buffer overflow in SSLv2 protocol handler |
ripMIME -- decoding bug allowing content filter bypass |
2004-08-26 |
gnomevfs -- unsafe URI handling |
kdelibs -- konqueror cross-domain cookie injection |
moinmoin -- ACL group bypass |
rsync -- path sanitizing vulnerability |
SoX buffer overflows when handling .WAV files |
2004-08-23 |
SpamAssassin -- denial-of-service in tokenize_headers |
2004-08-22 |
courier-imap -- format string vulnerability in debug mode |
fidogate -- write files as `news' user |
mysql -- mysqlhotcopy insecure temporary file creation |
qt -- image loader vulnerabilities |
2004-08-17 |
cvs -- numerous vulnerabilities |
tnftpd -- remotely exploitable vulnerability |
2004-08-16 |
Ruby insecure file permissions in the CGI session management |
2004-08-13 |
Arbitrary code execution via a format string vulnerability in jftpgw |
2004-08-12 |
acroread uudecoder input validation error |
gaim remotely exploitable vulnerabilities in MSN component |
kdelibs insecure temporary file handling |
Mutiple browser frame injection vulnerability |
popfile file disclosure |
2004-08-04 |
ImageMagick png vulnerability fix |
libpng stack-based buffer overflow and other code concerns |
2004-07-30 |
Mozilla / Firefox user interface spoofing vulnerability |
Mozilla certificate spoofing |
2004-07-21 |
Multiple Potential Buffer Overruns in Samba |
2004-07-11 |
multiple vulnerabilities in ethereal |
multiple vulnerabilities in ethereal |
2004-07-05 |
"Content-Type" XSS vulnerability affecting other webmail systems |
Format string vulnerability in SSLtelnet |
MySQL authentication bypass / buffer overflow |
2004-07-03 |
Pavuk HTTP Location header overflow |
Several vulnerabilities found in PHPNuke |
2004-07-02 |
GNATS local privilege elevation |
Remote code injection in phpMyAdmin |
2004-06-30 |
Linux binary compatibility mode input validation error |
2004-06-28 |
MoinMoin administrative group name privilege escalation vulnerability |
XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0 |
2004-06-25 |
isc-dhcp3-server buffer overflow in logging mechanism |
Remote Denial of Service of HTTP server and client |
2004-06-24 |
Gallery 1.4.3 and ealier user authentication bypass |
2004-06-09 |
Buffer overflow in Squid NTLM authentication helper |
2004-06-07 |
jailed processes can manipulate host routing tables |
2004-05-26 |
buffer cache invalidation implementation issues |
2004-05-21 |
leafnode denial-of-service triggered by article request |
leafnode fetchnews denial-of-service triggered by missing header |
leafnode fetchnews denial-of-service triggered by truncated transmission |
2004-05-19 |
cvs pserver remote heap buffer overflow |
neon date parsing vulnerability |
subversion date parsing vulnerability |
2004-05-18 |
URI handler vulnerabilities in several browsers |
2004-05-12 |
Cyrus IMAP pre-authentication heap overflow vulnerability |
2004-05-06 |
exim buffer overflow when verify = header_syntax is used |
phpBB session table exhaustion |
2004-05-05 |
heimdal kadmind remote heap buffer overflow |
2004-05-02 |
lha buffer overflows and path traversal issues |
libpng denial-of-service |
Midnight Commander buffer overflows, format string bugs, and insecure temporary file handling |
pound remotely exploitable vulnerability |
proftpd IP address access control list breakage |
rsync path traversal issue |
xine-lib arbitrary file overwrite |
2004-04-23 |
ident2 double byte buffer overflow |
phpBB IP address spoofing |
xchat remotely exploitable buffer overflow (Socks5) |
2004-04-16 |
MySQL insecure temporary file creation (mysqlbug) |
2004-04-15 |
kdepim exploitable buffer overflow in VCF reader |
neon format string vulnerabilities |
2004-04-14 |
CVS path validation errors |
racoon remote denial of service vulnerability (ISAKMP header length field) |
2004-04-07 |
jailed processes can attach to other jails |
many out-of-sequence TCP packets denial-of-service |
mksnap_ffs clears file system options |
racoon fails to verify signature during Phase 1 |
racoon remote denial of service vulnerability (IKE Generic Payload Header) |
shmat reference counting bug |
2004-04-03 |
Midnight Commander buffer overflow during symlink resolution |
2004-04-02 |
Incorrect cross-realm trust handling in Heimdal |
2004-03-31 |
Courier mail services: remotely exploitable buffer overflows |
isakmpd payload handling denial-of-service vulnerabilities |
mplayer heap overflow in http requests |
tcpdump ISAKMP payload handling remote denial-of-service |
2004-03-29 |
ecartis buffer overflows and input validation bugs |
setsockopt(2) IPv6 sockets input validation error |
zebra/quagga denial of service vulnerability |
2004-03-28 |
Buffer overflows and format string bugs in Emil |
Critical SQL injection in phpBB |
oftpd denial-of-service vulnerability (PORT command) |
2004-03-26 |
ezbounce remote format string vulnerability |
insecure temporary file creation in xine-check, xine-bugreport |
multiple vulnerabilities in ethereal |
multiple vulnerabilities in phpBB |
squid ACL bypass due to URL decoding bug |
2004-03-25 |
racoon security association deletion vulnerability |
2004-03-18 |
uudeview buffer overflows |
2004-03-17 |
ModSecurity for Apache 2.x remote off-by-one overflow |
OpenSSL ChangeCipherSpec denial-of-service vulnerability |
2004-03-08 |
Apache 1.3 IP address access control failure on some 64-bit platforms |
Apache 2 mod_ssl denial-of-service |
wu-ftpd ftpaccess `restricted-uid'/`restricted-gid' directive may be bypassed |
2004-03-07 |
mpg123 vulnerabilities |
2004-03-06 |
GNU Anubis buffer overflows and format string vulnerabilities |
2004-03-05 |
multiple buffer overflows in xboing |
2004-03-03 |
mod_python denial-of-service vulnerability in parse_qs |
2004-02-25 |
Darwin Streaming Server denial-of-service vulnerability |
fetchmail -- denial-of-service vulnerability |
hsftp format string vulnerabilities |
lbreakout2 vulnerability in environment variable handling |
libxml2 stack buffer overflow in URI parsing |
mailman denial-of-service vulnerability in MailCommandHandler |
mailman XSS in admin script |
mailman XSS in create script |
mailman XSS in user options page |
SQL injection vulnerability in phpnuke |
2004-02-22 |
file disclosure in phpMyAdmin |
Vulnerabilities in H.323 implementations |
2004-02-18 |
metamail format string bugs and buffer overflows |
2004-02-15 |
mnGoSearch buffer overflow in UdmDocToTextBuf() |
2004-02-13 |
GNU libtool insecure temporary file handling |
2004-02-12 |
Buffer overflow in Mutt 1.4 |
Buffer overflows in XFree86 servers |
CCE contains exploitable buffer overflows |
ChiTeX/ChiLaTeX unsafe set-user-id root |
clamav remote denial-of-service |
icecast 1.x multiple vulnerabilities |
nap allows arbitrary file access |
pine insecure URL handling |
pine remote denial-of-service attack |
pine remotely exploitable buffer overflow in newmail.c |
pine remotely exploitable vulnerabilities |
rsync buffer overflow in server mode |
Samba 3.0.x password initialization bug |
seti@home remotely exploitable buffer overflow |
Several remotely exploitable buffer overflows in gaim |
2004-02-10 |
Apache-SSL optional client certificate vulnerability |
2004-01-19 |
fsp buffer overflow and directory traversal vulnerabilities |
L2TP, ISAKMP, and RADIUS parsing vulnerabilities in tcpdump |
2004-01-08 |
Buffer overflow in INN control message handling |
2004-01-05 |
ProFTPD ASCII translation bug resulting in remote root compromise |
2003-12-12 |
bind8 negative cache poison attack |
ElGamal sign+encrypt keys created by GnuPG can be compromised |
lftp HTML parsing vulnerability |
Mathopd buffer overflow |
qpopper format string vulnerability |
2003-10-25 |
Buffer overflow in pam_smb password handling |
Buffer overflows in libmcrypt |
fetchmail -- address parsing vulnerability |