FreeBSD VuXML

Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Security issues that affect the FreeBSD operating system or applications in the FreeBSD Ports Collection are documented using the Vulnerabilities and Exposures Markup Language (VuXML). The current VuXML document that serves as the source for the content of this site can be found:

in the FreeBSD Ports Collection repository, path ports/security/vuxml/vuln.xml
as a local copy
as a local copy, compressed with bzip2
as a local copy, compressed with xz
as a local copy, compressed with zstandard

Please report security issues to the FreeBSD Security Team at <[email protected]>. Full contact details, including information handling policies and PGP key, can be found on the FreeBSD Security page.

entry date index

Entered	Topic
2024-11-08	electron32 -- multiple vulnerabilities
	lrzsz -- Integer overflow in zmodem, crash and information leak
	x11vnc -- access to shared memory segments
2024-11-07	gstreamer1-rtsp-server -- Potential Denial-of-Service (DoS) with specially crafted client requests
2024-11-06	chromium -- multiple security fixes
2024-11-04	libqb -- Buffer overflow
2024-11-02	chromium -- multiple security fixes
2024-10-31	keycloak -- Missing server identity checks when sending mails via SMTPS
2024-10-31	qt5-webengine -- Multiple vulnerabilities
2024-10-30	librewolf -- Undefined behavior in selection node cache
2024-10-29	forgejo -- multiple vulnerabilities
2024-10-29	hwloc2 -- Denial of service or other unspecified impacts
2024-10-26	chromium -- multiple security fixes
	chromium -- multiple security fixes
	tnef -- An attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message
	tnef -- Invalid read and write operations, controlled by an attacker
2024-10-24	electron31 -- multiple vulnerabilities
2024-10-24	Gitlab -- vulnerabilities
2024-10-23	electron32 -- multiple vulnerabilities
2024-10-19	OpenSSL -- OOB memory access vulnerability
2024-10-18	electron{31,32} -- multiple vulnerabilities
2024-10-18	oauth2-proxy -- multiple vulnerabilities
2024-10-15	element-web -- Potential exposure of access token via authenticated media
2024-10-11	vscode -- Visual Studio Code for Linux Remote Code Execution Vulnerability
2024-10-10	firefox -- use-after-free code execution
2024-10-10	Gitlab -- vulnerabilities
2024-10-09	chromium -- multiple security fixes
	chromium -- multiple security fixes
	gitea -- token missing access control for packages
	powerdns-recursor -- denial of service
2024-10-06	Unbound -- Denial of service attack
2024-10-05	zeek -- potential DoS vulnerability
2024-10-03	firefox -- multiple vulnerabilities
2024-10-03	jenkins -- multiple vulnerabilities
2024-10-02	redis,valkey -- Multiple vulnerabilities
2024-09-30	chromium -- multiple security fixes
	php -- Multiple vulnerabilities
	Slixmpp -- Lack of SSL Certificate hostname validation in XMLStream
2024-09-29	sqlite -- use-after-free bug in jsonparseaddnodearray
2024-09-27	cups-filters -- remote code execution
2024-09-26	Gitlab -- vulnerabilities
2024-09-24	expat -- multiple vulnerabilities
	frr - BGP
	zeek -- potential DoS vulnerability
2024-09-20	FreeBSD -- bhyve(8) out-of-bounds read access via XHCI emulation
	FreeBSD -- Integer overflow in libnv
	FreeBSD -- ktrace(2) fails to detach when executing a setuid binary
	FreeBSD -- NFS client accepts file names containing path separators
	FreeBSD -- pf incorrectly matches different ICMPv6 states in the state table
2024-09-18	Gitlab -- vulnerabilities
2024-09-16	SnappyMail -- multiple mXSS in HTML sanitizer
2024-09-15	OpenSSH -- Pre-authentication async signal safety issue
2024-09-13	chromium -- multiple security fixes
2024-09-12	Gitlab -- vulnerabilities
2024-09-10	Intel CPUs -- multiple vulnerabilities
2024-09-09	clamav -- Multiple vulnerabilities
2024-09-09	netatalk3 -- multiple WolfSSL vulnerabilities
2024-09-07	exiv2 -- Out-of-bounds read in AsfVideo::streamProperties
2024-09-07	firefox -- Potential memory corruption and exploitable crash
2024-09-06	binutils -- Multiple vulnerabilities
2024-09-06	forgejo -- multiple vulnerabilities
2024-09-05	firefox -- multiple vulnerabilities
	FreeBSD -- bhyve(8) privileged guest escape via TPM device passthrough
	FreeBSD -- bhyve(8) privileged guest escape via USB controller
	FreeBSD -- Multiple issues in ctl(4) CAM Target Layer
	FreeBSD -- Multiple vulnerabilities in libnv
	FreeBSD -- umtx Kernel panic or Use-After-Free
	gitea -- multiple issues
	qt5-webengine -- Multiple vulnerabilities
2024-09-03	chromium -- multiple security fixes
2024-09-03	OpenSSL -- Multiple vulnerabilities
2024-08-30	firefox -- multiple vulnerabilities
	forgejo -- The scope of application tokens was not verified when writing containers or Conan packages.
	RabbitMQ-C -- auth credentials visible in commandline tool options
2024-08-29	chromium -- multiple security fixes
2024-08-29	Configobj -- Regular Expression Denial of Service attack
2024-08-25	Gitlab -- vulnerabilities
2024-08-23	firefox -- Multiple vulnerabilities
	mcpp -- Heap-based buffer overflow
	md4c -- DoS attack
2024-08-22	chromium -- multiple security fixes
2024-08-22	nginx -- Vulnerability in the ngx_http_mp4_module
2024-08-20	Jinja2 -- Vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter
2024-08-19	mozilla products -- spoofing attack
2024-08-18	electron31 -- multiple vulnerabilities
2024-08-18	electron{29,30} -- multiple vulnerabilities
2024-08-16	Dovecot -- DoS
2024-08-14	Intel CPUs -- multiple vulnerabilities
2024-08-13	firefox -- multiple vulnerabilities
2024-08-12	Vaultwarden -- Multiple vulnerabilities
2024-08-10	AMD CPUs -- Guest Memory Vulnerabilities
	mozilla firefox -- protocol information guessing
	Roundcube -- Multiple vulnerabilities
2024-08-09	OpenHAB CometVisu addon -- Multiple vulnerabilities
2024-08-09	soft-serve -- Remote code execution vulnerability
2024-08-08	PostgreSQL -- Prevent unauthorized code execution during pg_dump
2024-08-07	Django -- multiple vulnerabilities
	Gitlab -- Vulnerabilities
	jenkins -- multiple vulnerabilities
2024-08-06	chromium -- multiple security fixes
2024-07-31	chromium -- multiple security fixes
2024-07-30	chromium -- multiple security fixes
2024-07-28	znc -- remote code execution vulnerability
2024-07-26	Mailpit -- Content Security Policy XSS
2024-07-25	Gitlab -- Vulnerabilities
2024-07-19	electron29 -- multiple vulnerabilities
2024-07-17	Apache httpd -- Source code disclosure with handlers configured via AddType
2024-07-16	GLPI -- multiple vulnerabilities
2024-07-16	MySQL -- Multiple vulnerabilities
2024-07-13	electron29 -- multiple vulnerabilities
2024-07-13	electron30 -- multiple vulnerabilities
2024-07-11	Gitlab -- vulnerabilities
2024-07-10	Django -- multiple vulnerabilities
2024-07-07	traefik -- Bypassing IP allow-lists via HTTP/3 early data requests
2024-07-04	Apache httpd -- source code disclosure
2024-07-04	Request Tracker -- information exposure vulnerability
2024-07-03	go -- net/http: denial of service due to improper 100-continue handling
2024-07-01	Apache httpd -- Multiple vulnerabilities
2024-07-01	OpenSSH -- Race condition resulting in potential remote code execution
2024-06-30	netatalk3 -- Multiple vulnerabilities
2024-06-28	electron29 -- multiple vulnerabilities
2024-06-28	frr - Multiple vulnerabilities
2024-06-27	Gitlab -- Vulnerabilities
2024-06-25	chromium -- multiple security fixes
2024-06-23	emacs -- Arbitrary shell code evaluation vulnerability
2024-06-22	traefik -- Azure Identity Libraries Elevation of Privilege Vulnerability
2024-06-20	chromium -- multiple security fixes
	openvpn -- two security fixes
	qt5-webengine -- Multiple vulnerabilities
	qt6-webengine -- Multiple vulnerabilities
2024-06-18	chromium -- multiple security fixes
2024-06-15	go -- multiple vulnerabilities
2024-06-15	traefik -- Unexpected behavior with IPv4-mapped IPv6 addresses
2024-06-13	Gitlab -- Vulnerabilities
2024-06-11	plasma[56]-plasma-workspace -- Unauthorized users can access session manager
2024-06-10	Composer -- Multiple command injections via malicious git/hg branch names
2024-06-07	kanboard -- Project Takeover via IDOR in ProjectPermissionController
2024-06-05	cyrus-imapd -- unbounded memory allocation
	minio -- privilege escalation via permissions inheritance
	minio -- unintentional information disclosure
2024-06-03	chromium -- multiple security fixes
2024-05-29	chromium -- security fix
2024-05-29	nginx -- Multiple Vulnerabilities in HTTP/3
2024-05-28	OpenSSL -- Use after free vulnerability
2024-05-25	electron28 -- multiple vulnerabilities
2024-05-25	electron29 -- use after free in Dawn
2024-05-24	QtNetworkAuth -- predictable seeding of PRNG in QAbstractOAuth
2024-05-22	chromium -- multiple security fixes
2024-05-22	Gitlab -- Vulnerabilities
2024-05-21	Openfire administration console authentication bypass
2024-05-21	Roundcube -- Cross-site scripting vulnerabilities
2024-05-19	qt5-webengine -- Multiple vulnerabilities
2024-05-18	Arti -- Security issues related to circuit construction
2024-05-17	electron29 -- setuid() does not affect libuv's internal io_uring
2024-05-17	OpenSSL -- Denial of Service vulnerability
2024-05-15	qt6-base (core module) -- Invalid pointer in QStringConverter
2024-05-15	qt6-webengine -- Multiple vulnerabilities
2024-05-14	chromium -- multiple security fixes
2024-05-14	Intel CPUs -- multiple vulnerabilities
2024-05-13	dnsdist -- Transfer requests received over DoH can lead to a denial of service
2024-05-13	go -- net: malformed DNS message can cause infinite loop
2024-05-12	chromium -- multiple security fixes
2024-05-09	electron29 -- multiple vulnerabilities
	Gitlab -- vulnerabilities
	PostgreSQL server -- Potentially allowing authenicated database users to see data that they shouldn't.
	tailscale -- Insufficient inbound packet filtering in subnet routers and exit nodes
2024-05-08	electron29 -- multiple vulnerabilities
2024-05-02	chromium -- multiple security fixes
2024-05-02	R -- arbitrary code execution vulnerability
2024-05-01	hcode -- buffer overflow in mail.c
2024-04-28	GLPI -- multiple vulnerabilities
2024-04-28	py-social-auth-app-django -- Improper Handling of Case Sensitivity
2024-04-25	chromium -- multiple security fixes
2024-04-24	Gitlab -- vulnerabilities
	powerdns-recursor -- denial of service
	py-matrix-synapse -- weakness in auth chain indexing allows DoS
2024-04-23	ruby -- Arbitrary memory address read vulnerability with Regex search
2024-04-22	GLPI -- multiple vulnerabilities
	GLPI -- multiple vulnerabilities
	GLPI -- multiple vulnerabilities
	sdl2_sound -- multiple vulnerabilities
2024-04-21	chromium -- multiple security fixes
2024-04-19	clamav -- Possible crash in the HTML file parser that could cause a denial-of-service (DoS) condition
2024-04-19	jenkins -- Terrapin SSH vulnerability in Jenkins CLI client
2024-04-18	electron{27,28,29} -- multiple vulnerabilities
2024-04-16	php -- Multiple vulnerabilities
2024-04-16	PuTTY and embedders (f.i., filezilla) -- biased RNG with NIST P521/ecdsa-sha2-nistp521 signatures permits recovering private key
2024-04-15	go -- http2: close connections when receiving too many headers
2024-04-12	chromium -- multiple security fixes
2024-04-11	electron{27,28} -- Out of bounds memory access in V8
	forgejo -- HTTP/2 CONTINUATION flood in net/http
	forgejo -- multiple issues
	Gitlab -- Patch Release: 16.10.2, 16.9.4, 16.8.6
	jose -- DoS vulnerability
	OpenSSL -- Unbounded memory growth with session handling in TLSv1.3
2024-04-10	wordpress -- XSS
2024-04-05	Apache httpd -- multiple vulnerabilities
2024-04-05	electron{27,28} -- multiple vulnerabilities
2024-04-04	chromium -- multiple security fixes
2024-04-04	xorg server -- Multiple vulnerabilities
2024-04-02	jenkins -- HTTP/2 denial of service vulnerability in bundled Jetty
2024-03-31	mediawiki -- multiple vulnerabilities
2024-03-29	electron{27,28} -- Object lifecycle issue in V8
2024-03-28	Gitlab -- vulnerabilities
2024-03-27	chromium -- multiple security fixes
2024-03-26	emacs -- multiple vulnerabilities
	phpmyfaq -- multiple vulnerabilities
	quiche -- Multiple Vulnerabilities
2024-03-22	chromium -- multiple security fixes
2024-03-21	security/shibboleth-idp -- CAS service SSRF
2024-03-20	databases/mongodb* -- Improper Certificate Validation
2024-03-18	www/varnish7 -- Denial of Service
2024-03-17	amavisd-new -- multipart boundary confusion
2024-03-16	typo3-{11,12} -- multiple vulnerabilities
2024-03-14	electron{27,28} -- Out of bounds memory access in V8
2024-03-12	Intel CPUs -- multiple vulnerabilities
2024-03-11	Grafana -- Data source permission escalation
2024-03-09	Unbound -- Denial-of-Service vulnerability
2024-03-07	electron{27,28} -- vulnerability in libxml2
2024-03-07	Gitlab -- Vulnerabilities
2024-03-06	chromium -- multiple security fixes
2024-03-06	go -- multiple vulnerabilities
2024-03-04	Django -- multiple vulnerabilities
2024-03-01	NodeJS -- Vulnerabilities
2024-02-29	chromium -- multiple security fixes
2024-02-29	electron{27,28} -- Use after free in Mojo
2024-02-28	curl -- OCSP verification bypass with TLS session reuse
2024-02-28	null -- Routinator terminates when RTR connection is reset too quickly after opening
2024-02-24	chromium -- multiple security fixes
2024-02-24	gitea -- Fix XSS vulnerabilities
2024-02-23	dns/c-ares -- malformatted file causes application crash
	electron27 -- multiple vulnerabilities
	suricata -- multiple vulnerabilities
2024-02-22	Gitlab -- Vulnerabilities
2024-02-20	Grafana -- Email verification is not required after email change
2024-02-16	powerdns-recursor -- Multiple Vulnerabilities
2024-02-15	gitea -- Prevent anonymous container access
2024-02-15	nginx-devel -- Multiple Vulnerabilities in HTTP/3
2024-02-14	chromium -- security fix
	FreeBSD -- bhyveload(8) host file access
	FreeBSD -- jail(2) information leak
2024-02-13	DNSSEC validators -- denial-of-service/CPU exhaustion from KeyTrap and NSEC3 vulnerabilities
2024-02-12	openexr -- Heap Overflow in Scanline Deep Data Parsing
2024-02-12	readstat -- Heap buffer overflow in readstat_convert
2024-02-11	p5-Spreadsheet-ParseExcel -- Remote Code Execution Vulnerability
2024-02-11	phpmyfaq -- multiple vulnerabilities
2024-02-08	chromium -- multiple security fixes
	Composer -- Code execution and possible privilege escalation
	Gitlab -- vulnerabilities
	Libgit2 -- multiple vulnerabilities
	postgresql-server -- non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL
2024-02-07	clamav -- Multiple vulnerabilities
2024-02-07	Django -- multiple vulnerabilities
2024-02-02	chromium -- multiple security fixes
2024-02-02	chromium -- multiple security fixes
2024-02-01	electron{26,27,28} -- Use after free in Web Audio
2024-01-31	lizard -- Negative size passed to memcpy resulting in memory corruption
	OpenSSL -- Multiple vulnerabilities
	qt6-webengine -- Multiple vulnerabilities
2024-01-29	qt5-webengine -- Multiple vulnerabilities
2024-01-29	qt6-webengine -- Multiple vulnerabilities
2024-01-26	Gitlab -- vulnerabilities
2024-01-26	rclone -- Multiple vulnerabilities
2024-01-24	jenkins -- multiple vulnerabilities
2024-01-23	TinyMCE -- mXSS in multiple plugins
2024-01-22	zeek -- potential DoS vulnerability
2024-01-19	electron26 -- Out of bounds memory access in V8
2024-01-17	chromium -- multiple security fixes
2024-01-17	electron{26,27} -- multiple vulnerabilities
2024-01-16	xorg server -- Multiple vulnerabilities
2024-01-12	electron{26,27} -- multiple vulnerabilities
2024-01-12	Gitlab -- vulnerabilities
2024-01-11	OpenSSL -- Vector register corruption on PowerPC
2024-01-10	chromium -- security fix
2024-01-07	QtNetwork -- potential buffer overflow
2024-01-06	mantis -- multiple vulnerabilities
2024-01-04	chromium -- multiple security fixes
	electron26 -- multiple vulnerabilities
	electron27 -- multiple vulnerabilities
2024-01-02	FreeBSD -- Prefix Truncation Attack in the SSH protocol
2023-12-22	electron{26,27} -- multiple vulnerabilities
2023-12-21	chromium -- security fix
2023-12-21	gitea -- Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin
2023-12-19	nebula -- security fix for terrapin vulnerability
	putty -- add protocol extension against 'Terrapin attack'
	slurm-wlm -- Several security issues
2023-12-17	couchdb -- information sharing via couchjs processes
2023-12-14	Gitlab -- vulnerabilities
2023-12-13	chromium -- multiple security fixes
	FreeBSD -- NFS client data corruption and kernel memory disclosure
	xorg-server -- Multiple vulnerabilities
2023-12-11	chromium -- multiple security fixes
2023-12-10	apache -- Apache ZooKeeper: Authorization bypass in SASL Quorum Peer Authentication
2023-12-07	electron25 -- multiple vulnerabilities
2023-12-05	FreeBSD -- TCP spoofing vulnerability in pf(4)
2023-12-02	varnish -- HTTP/2 Rapid Reset Attack
2023-12-01	electron25 -- multiple vulnerabilities
	electron26 -- multiple vulnerabilities
	Gitlab -- Vulnerabilities
2023-11-29	chromium -- multiple security fixes
2023-11-26	MariaDB -- Denial-of-Service vulnerability
2023-11-24	strongSwan -- vulnerability in charon-tkm
2023-11-22	electron{25,26} -- use after free in Garbage Collection
2023-11-16	chromium -- multiple security fixes
2023-11-16	electron{25,26} -- use after free in WebAudio
2023-11-15	openvpn -- 2.6.0...2.6.6 --fragment option division by zero crash, and TLS data leak
2023-11-15	typo3 -- Multiple vulnerabilities
2023-11-09	electron{25,26} -- multiple vulnerabilities
	postgresql-server -- Buffer overrun from integer overflow in array modification
	postgresql-server -- Memory disclosure in aggregate function calls
	postgresql-server -- Role pg_cancel_backend can signal certain superuser processes
2023-11-08	chromium -- security update
	FreeBSD -- Incorrect libcap_net limitation list manipulation
	FreeBSD -- libc stdio buffer overflow
	libsndfile_project -- Integer overflow in dataend calculation
	OpenSSL -- DoS in DH generation
2023-11-05	vorbistools -- heap buffer overflow in oggenc
2023-11-03	chromium -- multiple vulnerabilities
2023-11-02	phpmyfaq -- multiple vulnerabilities
2023-11-02	PptiPNG -- Global-buffer-overflow
2023-11-01	Gitlab -- Vulnerabilities
2023-11-01	open-vm-tools -- Multiple vulnerabilities
2023-10-27	chromium -- multiple vulnerabilities
2023-10-27	zeek -- potential DoS vulnerabilities
2023-10-25	squid -- Multiple vulnerabilities
2023-10-25	xorg-server -- Multiple vulnerabilities
2023-10-24	OpenSSL -- potential loss of confidentiality
2023-10-23	MySQL -- Multiple vulnerabilities
2023-10-19	Apache httpd -- Multiple vulnerabilities
2023-10-19	electron{25,26} -- Use after free in Site Isolation
2023-10-18	jenkins -- HTTP/2 denial of service vulnerability in bundled Jetty
	redis -- Possible bypassing Unix socket permissions
	Request Tracker -- multiple vulnerabilities
	Roundcube -- XSS vulnerability in SVG
2023-10-16	moonlight-embedded -- multiple vulnerabilities
2023-10-14	libcue -- out-of-bounds array access
2023-10-14	traefik -- Resource exhaustion by malicious HTTP/2 client
2023-10-12	11/libX11 multiple vulnerabilities
	electron25 -- Use after free in extensions vulnerability
	x11/libXpm multiple vulnerabilities
2023-10-11	Account takeover through API in GLPI
	Account takeover via Kanban feature in GLPI
	Account takeover via SQL Injection in UI layout preferences in GLPI
	chromium -- multiple vulnerabilities
	curl -- SOCKS5 heap buffer overflow
	File deletion through document upload process in GLPI
	GLPI vulnerable to reflected XSS in search pages
	GLPI vulnerable to SQL injection through Computer Virtual Machine information
	GLPI vulnerable to SQL injection via dashboard administration
	GLPI vulnerable to SQL injection via inventory agent request
	GLPI vulnerable to unauthenticated access to Dashboard data
	GLPI vulnerable to unauthorized access to Dashboard data
	GLPI vulnerable to unauthorized access to KnowbaseItem data
	GLPI vulnerable to unauthorized access to User data
	glpi-project -- SQL injection in ITIL actors in GLPI
	Phishing through a login page malicious URL in GLPI
	Privilege Escalation from technician to super-admin in GLPI
	Sensitive fields enumeration through API in GLPI
	Unallowed PHP script execution in GLPI
	Users login enumeration by unauthenticated user in GLPI
2023-10-10	h2o -- HTTP/2 Rapid Reset attack vulnerability
2023-10-05	Django -- multiple vulnerabilities
2023-10-04	chromium -- type confusion in v8
	FreeBSD -- arm64 boot CPUs may lack speculative execution protections
	FreeBSD -- copy_file_range insufficient capability rights check
	FreeBSD -- msdosfs data disclosure
	libspf2 -- Integer Underflow Remote Code Execution
2023-10-02	mediawiki -- multiple vulnerabilities
2023-09-29	chromium -- multiple vulnerabilities
	electron{22,24,25} -- Heap buffer overflow in vp8 encoding in libvpx
	Gitlab -- vulnerabilities
	Remote Code Execution via web-accessible composer
2023-09-27	routinator -- Possible path traversal when storing RRDP responses
	xrdp -- Improper handling of session establishment errors allows bypassing OS-level session restrictions
	xrdp -- unchecked access to font glyph info
2023-09-25	jenkins -- multiple vulnerabilities
2023-09-23	Mailpit affected by vulnerability in included go markdown module
2023-09-21	graphics/webp heap buffer overflow
2023-09-20	libwebp heap buffer overflow
2023-09-19	Gitlab -- vulnerability
2023-09-16	Roundcube -- XSS vulnerability
2023-09-16	routinator -- multiple vulnerabilities
2023-09-13	chromium -- multiple vulnerabilities
	curl -- HTTP headers eat all memory
	electron22 -- multiple vulnerabilities
	electron{24,25} -- multiple vulnerabilities
	vscode -- VS Code Remote Code Execution Vulnerability
2023-09-12	zeek -- potential DoS vulnerabilities
2023-09-10	gitea -- block user account creation from blocked email domains
2023-09-10	gitea -- missing permission checks
2023-09-07	FreeBSD -- pf incorrectly handles multiple IPv6 fragment headers
	FreeBSD -- Wi-Fi encryption bypass
	go -- multiple vulnerabilities
	Python -- multiple vulnerabilities
	redis -- Possible bypassing ACL configuration
2023-09-06	chromium -- multiple vulnerabilities
2023-09-04	Django -- multiple vulnerabilities
2023-09-01	Gitlab -- Vulnerabilities
2023-08-31	Borg (Backup) -- flaw in cryptographic authentication scheme in Borg allowed an attacker to fake archives and indirectly cause backup data loss.
	electron22 -- multiple vulnerabilities
	electron24 -- multiple vulnerabilities
	electron25 -- multiple vulnerabilities
	FreeBSD -- bhyve privileged guest escape via fwctl
	FreeBSD -- GELI silently omits the keyfile if read from stdin
	FreeBSD -- Multiple vulnerabilities in Heimdal
	FreeBSD -- Multiple vulnerabilities in OpenSSL
	FreeBSD -- Network authentication attack via pam_krb5
	FreeBSD -- Network authentication attack via pam_krb5
	FreeBSD -- OpenSSH pre-authentication double free
	FreeBSD -- Potential remote code execution via ssh-agent forwarding
	FreeBSD -- Remote denial of service in IPv6 fragment reassembly
	FreeBSD -- ssh-add does not honor per-hop destination constraints
	FreeBSD -- Stack overflow in ping(8)
	py-django-photologue -- XSS vulnerability
	py-dparse -- REDoS vulnerability
	py-flask-caching -- remote code execution or local privilege escalation vulnerabilities
	py-Flask-Cors -- directory traversal vulnerability
	py-flask-security -- user redirect to arbitrary URL vulnerability
	py-httpie -- exposure of sensitive information vulnerabilities
	py-httpx -- input validation vulnerability
	py-markdown2 -- regular expression denial of service vulnerability
	py-markdown2 -- XSS vulnerability
	py-pygments -- multiple DoS vulnerabilities
	py-Scrapy -- cookie injection vulnerability
	py-Scrapy -- credentials leak vulnerability
	py-Scrapy -- DoS vulnerability
	py-Scrapy -- exposure of sensitive information vulnerability
	py-treq -- sensitive information leak vulnerability
	py-wagtail -- DoS vulnerability
	py-wagtail -- stored XSS vulnerability
	py-WsgiDAV -- XSS vulnerability
2023-08-30	chromium -- use after free in MediaStream
2023-08-27	gitea -- information disclosure
2023-08-24	chromium -- multiple vulnerabilities
	electron25 -- multiple vulnerabilities
	electron{22,24} -- multiple vulnerabilities
2023-08-23	phpmyfaq -- multiple vulnerabilities
2023-08-17	chromium -- multiple vulnerabilities
2023-08-17	MySQL -- Multiple vulnerabilities
2023-08-16	clamav -- Possible denial of service vulnerability in the AutoIt file parser
2023-08-16	clamav -- Possible denial of service vulnerability in the HFS+ file parser
2023-08-14	krb5 -- Double-free in KDC TGS processing
2023-08-14	typo3 -- multiple vulnerabilities
2023-08-10	postgresql-server -- Extension script @substitutions@ within quoting allow SQL injection
2023-08-10	postgresql-server -- MERGE fails to enforce UPDATE or SELECT row security policies
2023-08-07	electron{22,23,24,25} -- multiple vulnerabilities
2023-08-05	samba -- multiple vulnerabilities
2023-08-04	chromium -- multiple vulnerabilities
2023-08-02	Gitlab -- Vulnerabilities
2023-08-02	go -- multiple vulnerabilities
2023-07-31	OpenSSL -- Excessive time spent checking DH q parameter value
2023-07-26	jenkins -- Stored XSS vulnerability
2023-07-23	gitea -- Disallow dangerous URL schemes
2023-07-21	OpenSSH -- remote code execution via a forwarded agent socket
2023-07-20	chromium -- multiple vulnerabilities
2023-07-19	virtualbox-ose -- multiple vulnerabilities
	virtualbox-ose -- multiple vulnerabilities
	virtualbox-ose -- multiple vulnerabilities
2023-07-18	element-web -- Cross site scripting in Export Chat feature
2023-07-16	OpenSSL -- AES-SIV implementation ignores empty associated data entries
2023-07-14	electron22 -- multiple vulnerabilities
2023-07-10	librecad -- out-of-bounds read in importshp plugin
	redis -- heap overflow in COMMAND GETKEYS and ACL evaluation
	redis -- Heap overflow in the cjson and cmsgpack libraries
2023-07-06	electron{23,24} -- multiple vulnerabilities
2023-07-05	gitea -- avoid open HTTP redirects
	gitea -- multiple issues
	Gitlab -- Vulnerabilities
	phpldapadmin -- XSS vulnerability
2023-07-03	Django -- multiple vulnerabilities
2023-07-01	mediawiki -- multiple vulnerabilities
2023-06-30	Gitlab -- Vulnerabilities
2023-06-30	SoftEtherVPN -- multiple vulnerabilities
2023-06-27	chromium -- multiple vulnerabilities
2023-06-27	OpenEXR -- heap buffer overflow in internal_huf_decompress
2023-06-23	Grafana -- Account takeover / authentication bypass
2023-06-22	electron22 -- multiple vulnerabilities
2023-06-22	electron{23,24} -- multiple vulnerabilities
2023-06-16	electron22 -- multiple vulnerabilities
	electron23 -- multiple vulnerabilities
	electron24 -- multiple vulnerabilities
	libX11 -- Sub-object overflows
2023-06-14	jenkins -- CSRF protection bypass vulnerability
2023-06-13	chromium -- multiple vulnerabilities
2023-06-13	vscode -- VS Code Information Disclosure Vulnerability
2023-06-12	xmltooling -- remote resource access
2023-06-09	acme.sh -- closes potential remote vuln
2023-06-08	Python -- multiple vulnerabilities
2023-06-07	chromium -- multiple vulnerabilities
	Gitlab -- Vulnerability
	Grafana -- Broken access control: viewer can send test alerts
	Grafana -- Grafana DS proxy race condition
2023-06-06	Kanboard -- Multiple vulnerabilities
2023-06-06	qpress -- directory traversal
2023-05-31	chromium -- multiple vulnerabilities
2023-05-31	OpenSSL -- Possible DoS translating ASN.1 identifiers
2023-05-30	Kanboard -- Clipboard based cross-site scripting (blocked with default CSP) in Kanboard
2023-05-28	MariaDB -- Nullpointer dereference
2023-05-21	phpmyfaq -- multiple vulnerabilities
2023-05-19	curl -- multiple vulnerabilities
2023-05-19	zeek -- potential DoS vulnerabilities
2023-05-18	electron -- vulnerability
2023-05-17	chromium -- multiple vulnerabilities
2023-05-13	Gitlab -- Vulnerability
2023-05-12	piwigo -- SQL injection
2023-05-11	postgresql-server -- CREATE SCHEMA ... schema elements defeats protective search_path changes
2023-05-11	postgresql-server -- Row security policies disregard user ID changes after inlining
2023-05-10	vscode -- Visual Studio Code Information Disclosure Vulnerability
2023-05-08	glpi -- multiple vulnerabilities
2023-05-08	redis -- HINCRBYFLOAT can be used to crash a redis-server process
2023-05-06	Gitlab -- Multiple Vulnerabilities
2023-05-05	Django -- multiple vulnerabilities
2023-05-03	chromium -- multiple vulnerabilities
2023-05-02	Gitlab -- Multiple Vulnerabilities
2023-04-30	h2o -- Malformed HTTP/1.1 causes Out-of-Memory Denial of Service
2023-04-29	cloud-init -- sensitive data exposure in cloud-init logs
2023-04-26	element-web -- matrix-react-sdk vulnerable to HTML injection in search results via plaintext message highlighting
	git -- Multiple vulnerabilities
	Grafana -- Critical vulnerability in golang
	Grafana -- Exposure of sensitive information to an unauthorized actor
2023-04-25	jellyfin -- Multiple vulnerabilities
2023-04-24	phpmyfaq -- multiple vulnerabilities
2023-04-22	MySQL -- Multiple vulnerabilities
2023-04-20	chromium -- multiple vulnerabilities
2023-04-16	libxml2 -- multiple vulnerabilities
2023-04-15	chromium -- multiple vulnerabilities
2023-04-15	mod_gnutls -- Infinite Loop on request read timeout
2023-04-13	ghostscript -- exploitable buffer overflow in (T)BCP in PS interpreter
2023-04-12	zeek -- potential DoS vulnerabilities
2023-04-10	py-ansible -- data leak vulnerability
	py-ansible -- multiple vulnerabilities
	py-beaker -- arbitrary code execution vulnerability
	py-cryptography -- allows programmers to misuse an API
	py-cryptography -- includes a vulnerable copy of OpenSSL
	py-kerberos -- DoS and MitM vulnerabilities
	py-psutil -- double free vulnerability
2023-04-09	py-cinder -- data leak
	py-cinder -- unauthorized data access
	py-impacket -- multiple path traversal vulnerabilities
	py-nicotine-plus -- Denial of service vulnerability
	py-pymatgen -- regular expression denial of service
	py-slixmpp -- incomplete SSL certificate validation
	py-suds -- vulnerable to symlink attacks
	py-tensorflow -- denial of service vulnerability
	py-tensorflow -- unchecked argument causing crash
	py-tflite -- buffer overflow vulnerability
	py-tflite -- denial of service vulnerability
	py27-setuptools44 -- denial of service vulnerability
	py39-celery -- command injection vulnerability
	py39-cinder -- insecure-credentials flaw
	py39-configobj -- vulnerable to Regular Expression Denial of Service
	py39-joblib -- arbitrary code execution
	py39-OWSLib -- arbitrary file read vulnerability
	py39-py -- Regular expression Denial of Service vulnerability
	py39-pycares -- domain hijacking vulnerability
	py39-redis -- can send response data to the client of an unrelated request
	py39-redis -- can send response data to the client of an unrelated request
	py39-sentry-sdk -- sensitive cookies leak
	py39-setuptools -- denial of service vulnerability
	py39-setuptools58 -- denial of service vulnerability
	py39-sqlalchemy11 -- multiple SQL Injection vulnerabilities
	py39-sqlalchemy12 -- multiple SQL Injection vulnerabilities
	py39-unicorn -- sandbox escape and arbitrary code execution vulnerability
2023-04-07	ffmpeg -- multiple vulnerabilities
	go -- multiple vulnerabilities
	samba -- multiple vulnerabilities
	traefik -- Use of vulnerable Go modules net/http, net/textproto
2023-04-05	chromium -- multiple vulnerabilities
2023-04-01	mediawiki -- multiple vulnerabilities
2023-03-31	Gitlab -- Multiple Vulnerabilities
2023-03-30	powerdns-recursor -- denial of service
	rubygem-time -- ReDoS vulnerability
	rubygem-uri -- ReDoS vulnerability
2023-03-29	Grafana -- Stored XSS in Graphite FunctionDescription tooltip
	Matrix clients -- Prototype pollution in matrix-js-sdk
	OpenSSL -- Multiple vulnerabilities
	xorg-server -- Overlay Window Use-After-Free
2023-03-28	py39-sqlalchemy10 -- multiple SQL Injection vulnerabilities
2023-03-26	py39-Elixir -- weak use of cryptography
2023-03-26	py39-lmdb -- multiple vulnerabilities
2023-03-25	py39-rencode -- infinite loop that could lead to Denial of Service
2023-03-24	dino -- Insufficient message sender validation in Dino
	OpenSSL -- Excessive Resource Usage Verifying X.509 Policy Constraints
	phpmyfaq -- multiple vulnerabilities
	rack -- possible denial of service vulnerability in header parsing
2023-03-23	libXpm -- Issues handling XPM files
2023-03-23	tailscale -- security vulnerability in Tailscale SSH
2023-03-22	chromium -- multiple vulnerabilities
2023-03-21	redis -- specially crafted MSETNX command can lead to denial-of-service
2023-03-20	curl -- multiple vulnerabilities
2023-03-16	phpMyAdmin -- XSS vulnerability in drag-and-drop upload
2023-03-11	Apache httpd -- Multiple vulnerabilities
2023-03-09	chromium -- multiple vulnerabilities
2023-03-09	jenkins -- multiple vulnerabilities
2023-03-08	Apache OpenOffice -- master password vulnerabilities
	go -- crypto/elliptic: incorrect P-256 ScalarMult and ScalarBaseMult results
	mantis -- multiple vulnerabilities
2023-03-06	rack -- possible DoS vulnerability in multipart MIME parsing
2023-03-05	curl -- multiple vulnerabilities
2023-03-04	strongSwan -- certificate verification vulnerability
2023-03-03	Gitlab -- Multiple Vulnerabilities
2023-03-01	Grafana -- Stored XSS in geomap panel plugin via attribution
	Grafana -- Stored XSS in text panel plugin
	Grafana -- Stored XSS in TraceView panel
	redis -- multiple vulnerabilities
2023-02-27	emacs -- multiple vulnerabilities
2023-02-24	freerdp -- clients using `/parallel` command line switch might read uninitialized data
2023-02-24	freerdp -- clients using the `/video` command line switch might read uninitialized data
2023-02-22	chromium -- multiple vulnerabilities
2023-02-21	git -- "git apply" overwriting paths outside the working tree
	git -- gitattributes parsing integer overflow
	git -- Heap overflow in `git archive`, `git log --format` leading to RCE
	git -- Local clone-based data exfiltration with non-local transports
	libde256 -- multiple vulnerabilities
	zeek -- potential DoS vulnerabilities
2023-02-20	gitea -- password hash quality
2023-02-19	traefik -- Use of vulnerable Go module x/net/http2
2023-02-16	clamav -- Multiple vulnerabilities
2023-02-16	Rundeck3 -- Log4J RCE vulnerability
2023-02-15	go -- multiple vulnerabilities
2023-02-14	Django -- multiple vulnerabilities
2023-02-13	GnuTLS -- timing sidechannel in RSA decryption
2023-02-13	MinIO -- unprivileged users can create service accounts for admin users
2023-02-12	phpmyfaq -- multiple vulnerabilities
2023-02-10	chromium -- multiple vulnerabilities
2023-02-09	Grafana -- Spoofing originalUrl of snapshots
	Grafana -- Stored XSS in ResourcePicker component
	PostgreSQL server -- Client memory disclosure when connecting, with Kerberos, to modified server.
2023-02-08	LibreSSL -- Arbitrary memory read
	TightVNC -- Muliple Vulnerabilities
	xorg-server -- Security issue in the X server
2023-02-07	OpenSSL -- Multiple vulnerabilities
2023-02-06	Django -- multiple vulnerabilities
2023-02-04	kafka -- Denial Of Service vulnerability
2023-02-04	node_exporter -- bypass security with cache poisoning
2023-02-02	Asterisk -- multiple vulnerabilities
2023-02-02	Spotipy -- Path traversal vulnerability
2023-02-01	Gitlab -- Multiple Vulnerabilities
2023-02-01	zeek -- potential DoS vulnerabilities
2023-01-30	Plex Media Server -- security vulnerability
2023-01-30	prometheus2 -- basic authentication bypass
2023-01-25	chromium -- multiple vulnerabilities
2023-01-25	re2c -- uncontrolled recursion
2023-01-24	gitea -- information disclosure
2023-01-23	net/eternalterminal -- Multiple vulnerabilities
	net/krill -- DoS vulnerability
	powerdns-recursor -- denial of service
	www/awstats -- Partial absolute pathname
2023-01-21	MySQL -- Multiple vulnerabilities
2023-01-21	shells/fish -- arbitrary code execution via git
2023-01-20	phpmyfaq -- multiple vulnerabilities
2023-01-19	rack -- Multiple vulnerabilities
2023-01-17	Apache httpd -- Multiple vulnerabilities
2023-01-16	redis -- multiple vulnerabilities
2023-01-16	security/keycloak -- Multiple possible DoS attacks
2023-01-14	security/tor -- SOCKS4(a) inversion bug
2023-01-12	emacs -- arbitary shell command execution vulnerability of ctags
2023-01-11	cassandra3 -- arbitrary code execution
	cassandra3 -- jBCrypt integer overflow
	cassandra3 -- multiple vulnerabilities
	Gitlab -- Multiple Vulnerabilities
	xorg-server -- Multiple security issues in X server extensions
2023-01-10	chromium -- multiple vulnerabilities
2023-01-05	devel/viewvc-devel is vulnerable to cross-site scripting
2023-01-05	net-mgmt/cacti is vulnerable to remote command injection
2023-01-03	rxvt-unicode is vulnerable to a remote code execution
2023-01-02	gitea -- multiple issues
2022-12-29	mediawiki -- multiple vulnerabilities
2022-12-29	webtrees -- vulnerability
2022-12-27	netdata -- multiple vulnerabilities with streaming
2022-12-24	freerdp -- multiple vulnerabilities
2022-12-22	gitea -- multiple issues
2022-12-17	typo3 -- multiple vulnerabilities
2022-12-14	chromium -- multiple vulnerabilities
2022-12-14	curl -- multiple vulnerabilities
2022-12-12	phpmyfaq -- multiple vulnerabilities
2022-12-10	traefik -- multiple vulnerabilities
2022-12-10	xrdp -- multiple vulnerabilities
2022-12-07	Python -- multiple vulnerabilities
2022-12-06	go -- multiple vulnerabilities
2022-12-03	chromium -- Type confusion in V8
2022-12-01	Gitlab -- Multiple Vulnerabilities
2022-12-01	rpm4 -- Multiple Vulnerabilities
2022-11-30	chromium -- multiple vulnerabilities
2022-11-25	chromium -- multiple vulnerabilities
2022-11-24	advancecomp -- Multiple vulnerabilities
	rubygem-cgi -- HTTP response splitting vulnerability
	zeek -- potential DoS vulnerabilities
2022-11-22	tailscale -- Security vulnerability in the client
2022-11-18	Tomcat -- Request Smuggling
2022-11-15	krb5 -- Integer overflow vulnerabilities in PAC parsing
2022-11-12	Grafana -- Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins
	Grafana -- Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins
	Grafana -- Improper authentication
	Grafana -- Plugin signature bypass
	Grafana -- Privilege escalation
	Grafana -- Privilege escalation
	Grafana -- Username enumeration
	ipython -- Execution with Unnecessary Privileges
2022-11-11	phpmyfaq -- multiple vulnerabilities
2022-11-09	chromium -- multiple vulnerabilities
	varnish -- HTTP/2 Request Forgery Vulnerability
	varnish -- Request Smuggling Vulnerability
	zeek -- potential DoS vulnerabilities
2022-11-08	darkhttpd -- DOS vulnerability
2022-11-07	sudo -- Potential out-of-bounds write for small passwords
2022-11-05	Gitlab -- Multiple vulnerabilities
2022-11-03	pixman -- heap overflow
2022-11-01	go -- syscall, os/exec: unsanitized NUL in environment variables
2022-11-01	OpenSSL -- Buffer overflows in Email verification
2022-10-30	MySQL -- Multiple vulnerabilities
2022-10-28	chromium -- Type confusion in V8
2022-10-25	chromium -- multiple vulnerabilities
2022-10-25	samba -- buffer overflow in Heimdal unwrap_des3()
2022-10-22	Cleartext leak in libudisks
2022-10-21	phpmyfaq -- CSRF vulnerability
2022-10-20	Python -- multiple vulnerabilities
2022-10-19	nginx -- Two vulnerabilities
2022-10-18	git -- Multiple vulnerabilities
2022-10-18	OpenSSL -- Potential NULL encryption in NID_undef with Custom Cipher
2022-10-15	gitea -- multiple issues
2022-10-12	chromium -- mulitple vulnerabilities
2022-10-12	roundcube-thunderbird_labels -- RCE with custom label titles
2022-10-11	samba -- Multiple vulnerabilities
2022-10-10	strongswan -- DOS attack vulnerability
2022-10-07	routinator -- potential DOS attack
2022-10-06	Django -- multiple vulnerabilities
2022-10-05	jenkins -- XSS vulnerability
2022-10-04	go -- multiple vulnerabilities
2022-10-04	zydis -- heap buffer overflow
2022-10-02	mediawiki -- multiple vulnerabilities
2022-09-30	chromium -- multiple vulnerabilities
2022-09-30	Gitlab -- Multiple vulnerabilities
2022-09-29	unbound -- Non-Responsive Delegation Attack
2022-09-28	Matrix clients -- several vulnerabilities
2022-09-27	chromium -- multiple vulnerabilities
2022-09-27	expat -- Heap use-after-free vulnerability
2022-09-26	squid -- Exposure of sensitive information in cache manager
2022-09-21	Grafana -- Privilege escalation
2022-09-21	redis -- Potential remote code execution vulnerability
2022-09-19	zeek -- potential DoS vulnerabilities
2022-09-16	puppetdb -- Potential SQL injection
2022-09-14	chromium -- multiple vulnerabilities
2022-09-12	dendrite -- Signature checks not applied to some retrieved missing events
2022-09-11	gitea -- multiple issues
2022-09-08	Python -- multiple vulnerabilities
2022-09-07	go -- multiple vulnerabilities
2022-09-03	chromium -- insufficient data validation in Mojo
2022-09-01	Grafana -- Unauthorized file disclosure
2022-09-01	powerdns-recursor -- denial of service
2022-08-31	chromium -- multiple vulnerabilities
	FreeBSD -- zlib heap buffer overflow
	Matrix clients -- several vulnerabilities
2022-08-30	Gitlab -- multiple vulnerabilities
2022-08-26	zeek -- potential DoS vulnerabilities
2022-08-25	MariaDB -- Multiple vulnerabilities
2022-08-23	Gitlab -- Remote Code Execution
2022-08-20	drupal9 -- multiple vulnerabilities
2022-08-17	chromium -- multiple vulnerabilities
2022-08-15	dendrite -- Incorrect parsing of the event default power level in event auth
2022-08-14	Tomcat -- XSS in examples web application
2022-08-12	XFCE tumbler -- Vulnerability in the GStreamer plugin
2022-08-10	FreeBSD -- AIO credential reference count leak
	FreeBSD -- Memory disclosure by stale virtual memory mapping
	FreeBSD -- Missing bounds check in 9p message handling
	FreeBSD -- Out of bound read in elf_note_prpsinfo()
	rsync -- client-side arbitrary file write vulnerability
	varnish -- Denial of Service Vulnerability
2022-08-09	gnutls -- double free vulnerability
2022-08-08	wolfssl -- multiple issues
2022-08-05	Django -- multiple vulnerabilities
	gitea -- multiple issues
	gitea -- multiple issues
	Unbound -- Multiple vulnerabilities
2022-08-03	chromium -- multiple vulnerabilities
2022-08-02	go -- decoding big.Float and big.Rat can panic
2022-07-30	Gitlab -- multiple vulnerabilities
2022-07-21	MySQL -- Multiple vulnerabilities
2022-07-21	VirtualBox -- Multiple vulnerabilities
2022-07-20	chromium -- multiple vulnerabilities
2022-07-18	redis -- Potential remote code execution vulnerability
2022-07-15	Grafana -- OAuth Account Takeover
2022-07-15	Grafana -- Stored XSS
2022-07-13	go -- multiple vulnerabilities
2022-07-12	git -- privilege escalation
2022-07-10	mat2 -- directory traversal/arbitrary file read during ZIP file processing
2022-07-09	Gitlab -- multiple vulnerabilities
2022-07-08	Node.js -- July 7th 2022 Security Releases
2022-07-07	chromium -- multiple vulnerabilities
2022-07-05	OpenSSL -- AES OCB fails to encrypt some bytes
2022-07-04	Django -- multiple vulnerabilities
2022-07-03	mediawiki -- multiple vulnerabilities
2022-07-03	OpenSSL -- Heap memory corruption with RSA private key operation
2022-06-29	py-matrix-synapse -- unbounded recursion in urlpreview
2022-06-27	cURL -- Multiple vulnerabilities
2022-06-22	chromium -- multiple vulnerabilities
	jenkins -- multiple vulnerabilities
	OpenSSL -- Command injection vulnerability
2022-06-20	mitmproxy -- Insufficient Protection against HTTP Request Smuggling
2022-06-17	Tor - Unspecified high severity vulnerability
2022-06-11	py-numpy -- Missing return-value validation of the function PyArray_DescrNew
	Security Vulnerability found in ExifTool leading to RCE
	XFCE -- Allows executing malicious .desktop files pointing to remote code
2022-06-09	Apache httpd -- Multiple vulnerabilities
2022-06-09	chromium -- multiple vulnerabilities
2022-06-07	go -- multiple vulnerabilities
2022-06-05	e2fsprogs -- out-of-bounds read/write vulnerability
2022-06-04	Gitlab -- multiple vulnerabilities
2022-06-03	zeek -- potential DoS vulnerabilty
2022-05-24	chromium -- multiple vulnerabilities
2022-05-23	MariaDB -- Multiple vulnerabilities
2022-05-19	clamav -- Multiple vulnerabilities
2022-05-15	go -- syscall.Faccessat checks wrong group on Linux
2022-05-13	curl -- Multiple vulnerabilities
2022-05-11	PostgreSQL Server -- execute arbitrary SQL code as DBA user
2022-05-10	chromium -- multiple vulnerabilities
2022-05-06	rsyslog8 -- heap buffer overflow on receiving TCP syslog
2022-05-05	gitea -- Escape git fetch remote
2022-05-05	gogs -- XSS in issue attachments
2022-05-04	OpenSSL -- Multiple vulnerabilities
2022-05-03	rainloop -- cross-site-scripting (XSS) vulnerability
2022-05-02	go -- multiple vulnerabilities
2022-04-30	Rails -- XSS vulnerabilities
2022-04-29	hiredis -- integer/buffer overflow
2022-04-28	chromium -- multiple vulnerabilities
2022-04-28	cURL -- Multiple vulnerabilities
2022-04-27	redis -- Multiple vulnerabilities
2022-04-26	eb -- Potential buffer overrun vulnerability
2022-04-21	zeek -- potential DoS vulnerabilty
2022-04-19	zgrep -- arbitrary file write
2022-04-17	Nextcloud Calendar -- SMTP Command Injection
2022-04-16	MySQL -- Multiple vulnerabilities
2022-04-15	chromium -- multiple vulnerabilities
2022-04-14	Asterisk -- func_odbc: Possible SQL Injection
2022-04-14	Asterisk -- multiple vulnerabilities
2022-04-13	Composer -- Command injection vulnerability
	Ruby -- Buffer overrun in String-to-Float conversion
	Ruby -- Double free in Regexp compilation
	Subversion -- Multiple vulnerabilities in server code
2022-04-12	Chromium -- mulitple vulnerabilities
	Django -- multiple vulnerabilities
	mutt -- mutt_decode_uuencoded() can read past the of the input line
2022-04-07	FreeBSD -- 802.11 heap buffer overflow
	FreeBSD -- Bhyve e82545 device emulation out-of-bounds write
	FreeBSD -- mpr/mps/mpt driver ioctl heap out-of-bounds write
	FreeBSD -- Potential jail escape vulnerabilities in netmap
	FreeBSD -- zlib compression out-of-bounds write
2022-04-05	chromium -- Type confusion in V8
2022-04-04	Gitlab -- multiple vulnerabilities
2022-04-04	mediawiki -- multiple vulnerabilities
2022-04-03	dnsmasq -- heap use-after-free in dhcp6_no_relay
2022-03-29	chromium -- multiple vulnerabilities
	gitea -- Improper/incorrect authorization
	gitea -- Open Redirect on login
2022-03-27	powerdns -- denial of service
2022-03-27	powerdns-recursor -- denial of service
2022-03-25	chromium -- V8 type confusion
2022-03-25	Security Vulnerability found in ExifTool
2022-03-22	tcpslice -- heap-based use-after-free in extract_slice()
2022-03-19	go -- multiple vulnerabilities
2022-03-17	openvpn -- Potential authentication by-pass with multiple deferred authentication plug-ins
2022-03-16	FreeBSD-kernel -- Multiple WiFi issues
	OpenSSL -- Infinite loop in BN_mod_sqrt parsing certificates
	Weechat -- Possible man-in-the-middle attack in TLS connection to servers
	wordpress -- multiple issues
2022-03-15	Apache httpd -- Multiple vulnerabilities
2022-03-15	chromium -- multiple vulnerabilities
2022-03-10	Teeworlds -- Buffer Overflow
2022-03-09	Gitlab -- multiple vulnerabilities
2022-03-05	asterisk -- multiple vulnerabilities
2022-03-02	chromium -- multiple vulnerabilities
2022-02-28	cyrus-sasl -- Fix off by one error
2022-02-27	typo3 -- XSS vulnerability in svg-sanitize
2022-02-24	cryptopp -- ElGamal implementation allows plaintext recovery
2022-02-24	flac -- fix encoder bug
2022-02-23	cyrus-sasl -- Escape password for SQL insert/update commands
2022-02-22	The Update Framwork -- path traversal vulnerability
2022-02-21	Qt5 -- QProcess unexpected search path
2022-02-21	seatd-launch -- remove files with escalated privileges with SUID
2022-02-20	libmysoft -- Heap-based buffer overflow vulnerability
2022-02-18	go -- multiple vulnerabilities
2022-02-18	MariaDB -- Multiple vulnerabilities
2022-02-15	chromium -- multiple vulnerabilities
2022-02-13	py-twisted -- cookie and authorization headers are leaked when following cross-origin redirects
2022-02-12	Grafana -- CSRF
	Grafana -- Teams API IDOR
	Grafana -- XSS
	Node.js -- January 2022 Security Releases
	zsh -- Arbitrary command execution vulnerability
2022-02-10	jenkins -- DoS vulnerability in bundled XStream library
2022-02-10	MariaDB -- Multiple vulnerabilities
2022-02-08	xrdp -- privilege escalation
2022-02-04	Gitlab -- multiple vulnerabilities
2022-02-02	chromium -- multiple vulnerabilities
	FreeBSD -- vt console buffer overflow
	h2o -- uninitialised memory access in HTTP3
2022-02-01	samba -- Multiple Vulnerabilities
2022-01-31	Rust -- Race condition enabling symlink following
2022-01-29	varnish -- Request Smuggling Vulnerability
2022-01-28	OpenEXR -- Heap-buffer-overflow in Imf_3_1::LineCompositeTask::execute
2022-01-28	OpenSSL -- BN_mod_exp incorrect results on MIPS
2022-01-27	mustache - Possible Remote Code Execution
2022-01-26	polkit -- Local Privilege Escalation
2022-01-25	strongswan - denial-of-service vulnerability in the gmp plugin/denial-of-service vulnerability in the in-memory certificate cache
2022-01-25	strongswan - Incorrect Handling of Early EAP-Success Messages
2022-01-23	aide -- heap-based buffer overflow
2022-01-20	chromium -- multiple vulnerabilities
2022-01-19	MySQL -- Multiple vulnerabilities
2022-01-14	Prosody XMPP server advisory 2022-01-13
2022-01-13	WordPress -- Multiple Vulnerabilities
2022-01-12	clamav -- invalid pointer read that may cause a crash
	Gitlab -- Multiple Vulnerabilities
	jenkins -- multiple vulnerabilities
2022-01-09	uriparser -- Multiple vulnerabilities
2022-01-06	Django -- multiple vulnerabilities
2022-01-05	chromium -- multiple vulnerabilities
2022-01-05	routinator -- multiple vulnerabilities
2021-12-31	Roundcube -- XSS vulnerability
2021-12-30	Mbed TLS -- Potential double-free after an out of memory error
	OpenDMARC - Multiple vulnerabilities
	OpenDMARC - Remote denial of service
2021-12-29	minio -- User privilege escalation
2021-12-27	OpenSearch -- Log4Shell
2021-12-27	OpenSearch -- Log4Shell
2021-12-21	mediawiki -- multiple vulnerabilities
2021-12-21	opengrok -- Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise OpenGrok.
2021-12-20	Apache httpd -- Multiple vulnerabilities
2021-12-17	graylog -- remote code execution in log4j from user-controlled log input
2021-12-15	Privoxy -- Multiple vulnerabilities (memory leak, XSS)
2021-12-15	serviio -- affected by log4j vulnerability
2021-12-14	bastillion -- log4j vulnerability
	chromium -- multiple vulnerabilities
	OpenSSL -- Certificate validation issue
2021-12-13	Matrix clients -- several vulnerabilities
	openhab -- log4j remote code injection
	OpenSearch -- Log4Shell
	Solr -- Apache Log4J
2021-12-12	Grafana -- Directory Traversal
2021-12-12	Grafana -- Directory Traversal
2021-12-11	Grafana -- Incorrect Access Control
	Grafana -- Path Traversal
	Grafana -- XSS
	graylog -- include log4j patches
	p7zip -- usage of uninitialized memory
2021-12-09	go -- multiple vulnerabilities
2021-12-07	chromium -- multiple vulnerabilities
2021-12-07	Gitlab -- Multiple Vulnerabilities
2021-12-02	NSS -- Memory corruption
2021-12-01	mailman < 2.1.38 -- CSRF vulnerability of list mod or member against list admin page
2021-11-24	rubygem-cgi -- buffer overrun in CGI.escape_html
2021-11-24	rubygem-cgi -- cookie prefix spoofing in CGI::Cookie.parse
2021-11-23	py-matrix-synapse -- several vulnerabilities
2021-11-19	advancecomp -- multiple vulnerabilities
2021-11-16	chromium -- multiple vulnerabilities
2021-11-15	Roundcube -- Multiple vulnerabilities
2021-11-15	rubygem-date -- Regular Expression Denial of Service Vunlerability of Date Parsing Methods
2021-11-13	mailman -- 2.1.37 fixes XSS via user options, and moderator offline brute-force vuln against list admin password
2021-11-10	PostgreSQL -- Possible man-in-the-middle attacks
	puppet -- Silent Configuration Failure
	puppet -- Unsafe HTTP Redirect
	samba -- Multiple Vulnerabilities
2021-11-05	go -- multiple vulnerabilities
2021-11-05	pyrad -- multiple vulnerabilities
2021-11-04	gitea -- multiple vulnerabilities
2021-11-04	jenkins -- multiple vulnerabilities
2021-10-30	Gitlab -- Multiple Vulnerabilities
2021-10-29	chromium -- multiple vulnerabilities
2021-10-28	fail2ban -- possible RCE vulnerability in mailing action using mailutils
2021-10-23	minio -- policy restriction issue
2021-10-20	mailman -- brute-force vuln on list admin password, and CSRF vuln in releases before 2.1.35
2021-10-19	chromium -- multiple vulnerabilities
2021-10-17	MySQL -- Multiple vulnerabilities
2021-10-14	Node.js -- October 2021 Security Releases
2021-10-12	couchdb -- user privilege escalation
2021-10-12	OpenSSH -- OpenSSH 6.2 through 8.7 failed to correctly initialise supplemental groups when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand
2021-10-11	Ansible -- Ansible user credentials disclosure in ansible-connection module
2021-10-09	Apache OpenOffice -- multiple vulnerabilities.
2021-10-09	go -- misc/wasm, cmd/link: do not let command line arguments overwrite global data
2021-10-08	chromium -- multiple vulnerabilities
2021-10-07	Apache httpd -- Path Traversal and Remote Code Execution
2021-10-07	jenkins -- Jenkins core bundles vulnerable version of the commons-httpclient library
2021-10-06	Grafana -- Snapshot authentication bypass
2021-10-05	Apache httpd -- Multiple vulnerabilities
	Bacula-Web -- Multiple Vulnerabilities
	redis -- multiple vulnerabilities
2021-10-01	mediawiki -- multiple vulnerabilities
2021-09-30	chromium -- multiple vulnerabilities
	Gitlab -- vulnerabilities
	ha -- Directory traversals
2021-09-29	nexus2-oss -- Apache ActiveMQ JMX vulnerability
2021-09-29	nexus2-oss -- NXRM2 Directory Traversal vulnerability
2021-09-24	chromium -- use after free in Portals
2021-09-24	webkit2-gtk3 -- multiple vulnerabilities
2021-09-22	mod_auth_mellon -- Redirect URL validation bypass
2021-09-22	zeek -- several vulnerabilities
2021-09-21	chromium -- multiple vulnerabilities
	libssh -- possible heap-buffer overflow vulnerability
	Node.js -- August 2021 Security Releases
	Node.js -- August 2021 Security Releases (2)
	Node.js -- July 2021 Security Releases
	Node.js -- July 2021 Security Releases (2)
2021-09-17	Apache httpd -- multiple vulnerabilities
2021-09-17	cURL -- Multiple vulnerabilities
2021-09-16	seatd-launch -- privilege escalation with SUID
2021-09-14	chromium -- multiple vulnerabilities
2021-09-13	Matrix clients -- several vulnerabilities
2021-09-11	consul -- rpc: authorize raft requests
2021-09-10	go -- archive/zip: overflow in preallocation check can cause OOM panic
2021-09-09	MPD5 PPPoE Server remotely exploitable crash
2021-09-09	Python -- multiple vulnerabilities
2021-09-07	libpano13 -- arbitrary memory access through format string vulnerability
2021-09-07	Python -- multiple vulnerabilities
2021-09-05	WeeChat -- Crash when decoding a malformed websocket frame in relay plugin.
2021-09-03	Pillow -- Regular Expression Denial of Service (ReDoS)
2021-09-02	py-matrix-synapse -- several vulnerabilities
2021-09-02	Python -- multiple vulnerabilities
2021-09-01	chromium -- multiple vulnerabilities
2021-09-01	cyrus-imapd -- multiple-minute daemon hang via input that is mishandled during hash-table interaction
2021-08-31	Gitlab -- Vulnerabilities
2021-08-26	fetchmail -- STARTTLS bypass vulnerabilities
2021-08-25	FreeBSD -- libfetch out of bounds read
	FreeBSD -- Missing error handling in bhyve(8) device models
	FreeBSD -- Remote code execution in ggatec(8)
2021-08-24	OpenSSL -- multiple vulnerabilities
2021-08-22	gitea -- multiple vulnerabilities
2021-08-20	bouncycastle15 -- bcrypt password checking vulnerability
	gitea -- multiple vulnerabilities
	The Bouncy Castle Crypto APIs -- EC math vulnerability
2021-08-17	chromium -- multiple vulnerabilities
2021-08-14	lynx -- SSL certificate validation error
2021-08-13	binutils -- excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section()
2021-08-12	PostgreSQL server -- Memory disclosure in certain queries
2021-08-09	x11/cde -- Local privilege escalation via CDE dtsession
2021-08-09	xtrlock -- xtrlock does not block multitouch events
2021-08-05	go -- net/http: panic due to racy read of persistConn after handler panic
2021-08-04	Gitlab -- Gitlab
2021-08-03	chromium -- multiple vulnerabilities
2021-08-03	Prosody -- Remote Information Disclosure
2021-08-01	tomcat -- HTTP request smuggling in multiple versions
	tomcat -- JNDI Realm Authentication Weakness in multiple versions
	tomcat -- Remote Denial of Service in multiple versions
2021-07-28	fetchmail -- 6.4.19 and older denial of service or information disclosure
2021-07-27	powerdns -- remotely triggered crash
2021-07-27	redis -- Integer overflow issues with BITFIELD command on 32-bit systems
2021-07-24	mosquitto -- NULL pointer dereference
2021-07-23	asterisk -- pjproject/pjsip: crash when SSL socket destroyed during handshake
	asterisk -- Remote Crash Vulnerability in PJSIP channel driver
	asterisk -- Remote crash when using IAX2 channel driver
	pjsip -- Race condition in SSL socket server
2021-07-21	chromium -- multiple vulnerabilities
2021-07-21	cURL -- Multiple vulnerabilities
2021-07-20	MySQL -- Multiple vulnerabilities
2021-07-18	gitea -- multiple vulnerabilities
2021-07-16	chromium -- multiple vulnerabilities
2021-07-14	Ruby -- multiple vulnerabilities
2021-07-12	go -- crypto/tls: clients can panic when provided a certificate of the wrong type for the negotiated parameters
2021-07-09	mantis -- multiple vulnerabilities
2021-07-08	Gitlab -- vulnerability
2021-07-02	Gitlab -- Multiple Vulnerabilities
2021-07-02	openexr v3.0.5 -- fixes miscellaneous security issues
2021-07-01	jenkins -- multiple vulnerabilities
2021-06-30	Exiv2 -- Multiple vulnerabilities
2021-06-28	RabbitMQ -- Denial of Service via improper input validation
2021-06-25	PuppetDB -- SQL Injection
2021-06-25	RabbitMQ-C -- integer overflow leads to heap corruption
2021-06-24	Ansible -- Templating engine bug
2021-06-22	dovecot -- multiple vulnerabilities
2021-06-22	dovecot-pigeonhole -- Sieve excessive resource usage
2021-06-19	gitea -- multiple vulnerabilities
2021-06-18	chromium -- multiple vulnerabilities
2021-06-11	dragonfly -- argument injection
2021-06-10	Apache httpd -- Multiple vulnerabilities
	cacti -- SQL Injection was possible due to incorrect validation order
	chromium -- multiple vulnerabilities
2021-06-08	dino -- Path traversal in Dino file transfers
2021-06-06	drupal7 -- fix possible CSS
2021-06-06	pglogical -- shell command injection in pglogical.create_subscription()
2021-06-04	polkit -- local privilege escalation using polkit_system_bus_name_get_creds_sync
2021-06-04	tauthon -- Regular Expression Denial of Service
2021-06-03	aiohttp -- open redirect vulnerability
2021-06-03	go -- multiple vulnerabilities
2021-06-02	isc-dhcp -- remotely exploitable vulnerability
	PyYAML -- arbitrary code execution
	SOGo -- SAML user authentication impersonation
	zeek -- several potential DoS vulnerabilities
2021-06-01	Gitlab -- Multiple Vulnerabilities
	lasso -- signature checking failure
	libX11 -- Arbitrary code execution
	Prometheus -- arbitrary redirects
	redis -- integer overflow
2021-05-31	wayland -- integer overflow
2021-05-27	FreeBSD -- Missing message validation in libradius(3)
2021-05-27	FreeBSD-kernel -- SMAP bypass
2021-05-26	chromium -- multiple vulnerabilities
2021-05-25	libzmq4 -- Denial of Service
	libzmq4 -- Stack overflow
	NGINX -- 1-byte memory overwrite in resolver
2021-05-24	PG Partition Manager -- arbitrary code execution
2021-05-24	texproc/expat2 -- billion laugh attack
2021-05-23	libxml2 -- Possible denial of service
2021-05-14	PostgreSQL -- Memory disclosure in partitioned-table UPDATE ... RETURNING
2021-05-14	PostgreSQL server -- two security issues
2021-05-13	ImageMagick6 -- multiple vulnerabilities
	ImageMagick7 -- multiple vulnerabilities
	Prosody -- multiple vulnerabilities
2021-05-12	Pillow -- multiple vulnerabilities
2021-05-11	chromium -- multiple vulnerabilities
2021-05-11	py-matrix-synapse -- malicious push rules may be used for a denial of service attack.
2021-05-10	cyrus-imapd -- Remote authenticated users could bypass intended access restrictions on certain server annotations.
2021-05-10	RabbitMQ -- Denial of Service in AMQP1.0 plugin
2021-05-08	FLAC -- out-of-bounds read
2021-05-07	Rails -- multiple vulnerabilities
2021-05-06	go -- net/http: ReadRequest can stack overflow due to recursion with very large headers
2021-05-05	Ansible -- Insecure Temporary File
	Django -- multiple vulnerabilities
	Python -- multiple vulnerabilities
2021-05-03	redis -- multiple vulnerabilities
2021-05-02	RDoc -- command injection vulnerability
2021-05-01	samba -- negative idmap cache entries vulnerability
2021-04-28	Carrierwave -- Multiple vulnerabilities
2021-04-28	Gitlab -- Vulnerabilities
2021-04-27	chromium -- multiple vulnerabilities
2021-04-27	sympa -- Inappropriate use of the cookie parameter can be a security threat. This parameter may also not provide sufficient security.
2021-04-26	sbibboleth-sp -- denial of service vulnerability
2021-04-21	chromium -- multiple vulnerabilities
	openvpn -- deferred authentication can be bypassed in specific circumstances
	zeek -- null-pointer dereference vulnerability
2021-04-20	All versions of Apache OpenOffice through 4.1.9 can open non-http(s) hyperlinks. If the link is specifically crafted this could lead to untrusted code execution.
	jenkins -- Denial of service vulnerability in bundled Jetty
	MySQL -- Multiple vulnerabilities
2021-04-19	Apache Maven -- multiple vulnerabilities
2021-04-17	Consul -- Multiple vulnerabilities
2021-04-15	AccountsService -- Insufficient path check in user_change_icon_file_authorized_cb()
	chromium -- multiple vulnerabilities
	Gitlab -- Vulnerabilities
	mdbook -- XSS in mdBook's search page
2021-04-14	chromium -- multiple vulnerabilities
2021-04-13	xorg-server -- Input validation failures in X server XInput extension
2021-04-12	syncthing -- crash due to malformed relay protocol message
2021-04-11	gitea -- multiple vulnerabilities
2021-04-10	curl -- Automatic referer leaks credentials
	curl -- TLS 1.3 session ticket proxy host mixup
	python -- Information disclosure via pydoc -p: /getfile?key=path allows to read arbitrary file on the filesystem
2021-04-09	gitea -- multiple vulnerabilities
2021-04-08	jenkins -- multiple vulnerabilities
2021-04-07	clamav -- Multiple vulnerabilites
	FreeBSD -- double free in accept_filter(9) socket configuration interface
	FreeBSD -- jail escape possible by mounting over jail root
	FreeBSD -- Memory disclosure by stale virtual memory mapping
	Node.js -- April 2021 Security Releases
2021-04-06	Gitlab -- Multiple vulnerabilities
2021-04-06	upnp -- stack overflow vulnerability
2021-04-05	ruby -- XML round-trip vulnerability in REXML
2021-03-31	chromium -- multiple vulnerabilities
2021-03-30	ircII -- denial of service
2021-03-28	samba -- Multiple Vulnerabilities
2021-03-27	nettle 3.7.2 -- fix serious ECDSA signature verify bug
2021-03-26	OpenSSL -- Multiple vulnerabilities
2021-03-24	spamassassin -- Malicious rule configuration (.cf) files can be configured to run system commands
2021-03-23	gitea -- multiple vulnerabilities
2021-03-21	gitea -- quoting in markdown text
2021-03-18	dnsmasq -- cache poisoning vulnerability in certain configurations
2021-03-18	Gitlab -- Multiple vulnerabilities
2021-03-17	minio -- MITM attack
2021-03-16	chromium -- multiple vulnerabilities
2021-03-16	LibreSSL -- use-after-free
2021-03-15	squashfs-tools -- Integer overflow
2021-03-13	OpenSSH -- Double-free memory corruption in ssh-agent
2021-03-10	go -- encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader; archive/zip: panic when calling Reader.Open
2021-03-10	mantis -- multiple vulnerabilities
2021-03-09	Node.js -- February 2021 Security Releases
2021-03-05	Gitlab -- Multiple vulnerabilities
2021-03-04	asterisk -- Crash when negotiating T.38 with a zero port
2021-03-04	chromium -- multiple vulnerabilities
2021-03-03	jasper -- multiple vulnerabilities
2021-03-03	salt -- multiple vulnerabilities
2021-02-27	vault -- unauthenticated license read
2021-02-25	FreeBSD -- jail_attach(2) relies on the caller to change the cwd
	FreeBSD -- jail_remove(2) fails to kill all jailed processes
	FreeBSD -- login.access fails to apply rules
	FreeBSD -- Xen grant mapping error handling issues
2021-02-23	redis -- Integer overflow on 32-bit systems
2021-02-22	zeek -- Remote crash vulnerability
2021-02-20	jenkins -- Privilege escalation vulnerability in bundled Spring Security library
2021-02-20	raptor2 -- malformed input file can lead to a segfault
2021-02-18	asterisk -- An unsuspecting user could crash Asterisk with multiple hold/unhold requests
	asterisk -- Remote attacker could prematurely tear down SRTP calls
	asterisk -- Remote crash in res_pjsip_diversion
	asterisk -- Remote crash possible when negotiating T.38
	asterisk -- Remote Crash Vulnerability in PJSIP channel driver
2021-02-17	chromium -- multiple vulnerabilities
2021-02-17	Rails -- multiple vulnerabilities
2021-02-16	OpenSSL -- Multiple vulnerabilities
2021-02-12	Gitlab -- Multiple Vulnerabilities
	oauth2-proxy -- domain whitelist could be used as redirect
	openexr, ilmbase -- security fixes related to reading corrupted input files
2021-02-10	mod_dav_svn -- server crash
2021-02-06	gitea -- multiple vulnerabilities
	gitea -- multiple vulnerabilities
	sympa -- Unauthorised full access via SOAP API due to illegal cookie
2021-02-05	chromium -- heap buffer overflow in V8
2021-02-03	www/chromium -- multiple vulnerabilities
2021-02-02	Gitlab -- Multiple vulnerabilities
2021-01-31	minio -- Server Side Request Forgery
2021-01-29	FreeBSD -- Uninitialized kernel stack leaks in several file systems
2021-01-29	FreeBSD -- Xen guests can triger backend Out Of Memory
2021-01-28	pngcheck -- Buffer-overrun vulnerability
2021-01-26	jenkins -- Arbitrary file read vulnerability in workspace browsers
	pysaml2 -- multiple vulnerabilities
	sudo -- Multiple vulnerabilities
2021-01-23	mutt -- denial of service
2021-01-23	MySQL -- Multiple vulnerabilities
2021-01-22	chocolate-doom -- Arbitrary code execution
	chromium -- multiple vulnerabilities
	nokogiri -- Security vulnerability
2021-01-20	dnsmasq -- DNS cache poisoning, and DNSSEC buffer overflow, vulnerabilities
2021-01-19	cloud-init -- Wrong access permissions of authorized keys
2021-01-19	go -- cmd/go: packages using cgo can cause arbitrary code execution at build time; crypto/elliptic: incorrect operations on the P-224 curve
2021-01-18	moinmoin -- multiple vulnerabilities
2021-01-17	Ghostscript -- SAFER Sandbox Breakout
2021-01-14	Gitlab -- vulnerability
	Node.js -- January 2021 Security Releases
	wavpack -- integer overflow in pack_utils.c
2021-01-13	jenkins -- multiple vulnerabilities
2021-01-12	phpmyfaq -- XSS vulnerability
2021-01-11	sudo -- Potential information leak in sudoedit
2021-01-10	CairoSVG -- Regular Expression Denial of Service vulnerability
2021-01-09	Gitlab -- multiple vulnerabilities
2021-01-07	chromium -- multiple vulnerabilities
2021-01-04	mail/dovecot -- multiple vulnerabilities
2021-01-01	InspIRCd websocket module double free vulnerability
2020-12-31	gitea -- multiple vulnerabilities
2020-12-28	Intel CPU issues
2020-12-22	asterisk -- Remote crash in res_pjsip_diversion
2020-12-21	postsrsd -- Denial of service vulnerability
2020-12-21	powerdns -- Various issues in GSS-TSIG support
2020-12-17	vault -- User Enumeration via LDAP auth
2020-12-13	jasper -- heap overflow vulnerability
2020-12-13	py-matrix-synapse -- DoS on Federation API
2020-12-12	p11-kit -- Multiple vulnerabilities
2020-12-12	Unbound/NSD -- Denial of service vulnerability
2020-12-11	LibreSSL -- NULL pointer dereference
2020-12-09	cURL -- Multiple vulnerabilities
2020-12-08	OpenSSL -- NULL pointer de-reference
2020-12-07	Gitlab -- Multiple vulnerabilities
2020-12-06	consul -- Fix Consul Connect CA private key configuration
2020-12-05	chromium -- multiple vulnerabilities
2020-12-04	gitea -- multiple vulnerabilities
2020-12-02	FreeBSD -- ICMPv6 use-after-free in error message handling
2020-12-02	FreeBSD -- Multiple vulnerabilities in rtsold
2020-12-01	xorg-server -- Multiple input validation failures in X server XKB extension
2020-11-27	nomad -- multiple vulnerabilities
2020-11-21	gitea -- multiple vulnerabilities
2020-11-21	Node.js -- November 2020 Security Releases
2020-11-20	mutt -- authentication credentials being sent over an unencrypted connection
2020-11-14	mantis -- multiple vulnerabilities
2020-11-12	go -- math/big: panic during recursive division of very large numbers; cmd/go: arbitrary code execution at build time through cgo
2020-11-12	salt -- multiple vulnerabilities
2020-11-10	Apache OpenOffice -- Unrestricted actions leads to arbitrary code execution in crafted documents
2020-11-09	raptor2 -- buffer overflow
2020-11-08	jupyter notebook -- open redirect vulnerability
2020-11-05	asterisk -- Outbound INVITE loop on challenge with different nonce
2020-11-05	asterisk -- Remote crash in res_pjsip_session
2020-11-03	chromium -- multiple vulnerabilities
2020-11-02	Gitlab -- Multiple vulnerabilities
2020-11-02	wordpress -- multiple issues
2020-10-30	samba -- Multiple Vulnerabilities
2020-10-30	tmux -- stack overflow in CSI parsing
2020-10-28	motion -- Denial of Service
2020-10-22	freetype2 -- heap buffer overlfow
	glpi -- Insecure Direct Object Reference on ajax/comments.ph
	glpi -- Insecure Direct Object Reference on ajax/getDropdownValue.php
2020-10-21	chromium -- multiple vulnerabilities
2020-10-21	MySQL -- Multiple vulnerabilities
2020-10-18	MariaDB -- Undisclosed vulnerability
2020-10-17	drupal -- Multiple Vulnerabilities
2020-10-17	py-matrix-synapse -- XSS vulnerability
2020-10-14	powerdns-recursor -- cache pollution
2020-10-13	Flash Player -- arbitrary code execution
2020-10-10	libjpeg-turbo -- Issue in the PPM reader causing a buffer overrun in cjpeg, TJBench, or the tjLoadImage() function.
	mozjpeg -- heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file
	Rails -- Possible XSS vulnerability
2020-10-07	chromium -- multiple vulnerabilities
2020-10-07	zeek -- Vulnerability due to memory leak
2020-10-06	Payara -- A Polymorphic Typing issue in FasterXML jackson-databind
	payara -- multiple vulnerabilities
	Payara -- path trasversal flaw via either loc/con parameters in Eclipse Mojarra
2020-10-05	libexif -- multiple vulnerabilities
2020-10-04	kdeconnect -- packet manipulation can be exploited in a Denial of Service attack
2020-10-03	upnp -- denial of service (crash)
2020-10-02	Gitlab -- multiple vulnerabilities
2020-10-01	glpi -- Any CalDAV calendars is read-only for every authenticated user
2020-09-28	Apache Ant leaks sensitive information via the java.io.tmpdir
2020-09-24	powerdns -- Leaking uninitialised memory through crafted zone records
2020-09-22	chromium -- multiple vulnerabilities
2020-09-22	libxml -- multiple vulnerabilities
2020-09-21	py-matrix-synapse -- malformed events may prevent users from joining federated rooms
2020-09-20	Python -- multiple vulnerabilities
	samba -- Unauthenticated domain takeover via netlogon
	tt-rss -- multiple vulnerabilities
2020-09-19	Nextcloud -- Password share by mail not hashed
2020-09-16	FreeBSD -- bhyve privilege escalation via VMCS access
	FreeBSD -- bhyve SVM guest escape
	FreeBSD -- ftpd privilege escalation via ftpchroot feature
	FreeBSD -- ure device driver susceptible to packet-in-packet attack
	Node.js -- September 2020 Security Releases
2020-09-12	Rails -- Potential XSS vulnerability
2020-09-09	chromium -- multiple vulnerabilities
2020-09-09	zeek -- Various vulnerabilities
2020-09-06	GnuTLS -- null pointer dereference
	Mbed TLS -- Local side channel attack on classical CBC decryption in (D)TLS
	Mbed TLS -- Local side channel attack on RSA and static Diffie-Hellman
	Multi-link PPP protocol daemon MPD5 remotely exploitable crash
2020-09-05	Django -- multiple vulnerabilities
2020-09-03	gnupg -- AEAD key import overflow
2020-09-02	FreeBSD -- dhclient heap overflow
	FreeBSD -- IPv6 Hop-by-Hop options use-after-free bug
	FreeBSD -- SCTP socket use-after-free bug
	Gitlab -- multiple vulnerabilities
2020-09-01	go -- net/http/cgi, net/http/fcgi: Cross-Site Scripting (XSS) when Content-Type is not specified
2020-08-28	ark -- extraction outside of extraction directory
2020-08-27	php72 -- use of freed hash key
2020-08-26	chromium -- multiple vulnerabilities
2020-08-25	jasper -- multiple vulnerabilities
	libX11 -- Doublefree in locale handlng code
	xorg-server -- Multiple input validation failures in X server extensions
2020-08-22	chrony <= 3.5.1 data corruption through symlink vulnerability writing the pidfile
2020-08-20	adns -- multiple vulnerabilities
	sysutils/openzfs-kmod -- critical permissions issues
	textproc/elasticsearch6 -- field disclosure flaw
2020-08-19	curl -- expired pointer dereference vulnerability
	Icinga Web 2 -- directory traversal vulnerability
	Python -- multiple vulnerabilities
2020-08-18	chromium -- heap buffer overflow
2020-08-18	security/trousers -- several vulnerabilities
2020-08-17	jenkins -- Buffer corruption in bundled Jetty
2020-08-16	ceph14 -- HTTP header injection via CORS ExposeHeader tag
	net/rsync -- multiple zlib issues
	security/py-ecdsa -- multiple issues
2020-08-15	snmptt -- malicious shell code
2020-08-13	ilmbase, openexr -- v2.5.3 is a patch release with various bug/security fixes
2020-08-13	mail/dovecot -- multiple vulnerabilities
2020-08-12	jenkins -- multiple vulnerabilities
2020-08-11	chromium -- multiple vulnerabilities
2020-08-11	puppetdb -- Multiple vulnerabilities
2020-08-10	bftpd -- Multiple vulnerabilities
2020-08-08	Apache httpd -- Multiple vulnerabilities
2020-08-06	FreeBSD -- Potential memory corruption in USB network device drivers
	FreeBSD -- sendmsg(2) privilege escalation
	Gitlab -- Multiple Vulnerabilities
	go -- encoding/binary: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs
2020-08-04	typo3 -- multiple vulnerabilities
2020-08-01	libX11 -- Heap corruption in the X input method client in libX11
2020-08-01	xorg-server -- Pixel Data Uninitialized Memory Information Disclosure
2020-07-31	Python -- multiple vulnerabilities
2020-07-30	ark -- directory traversal
2020-07-28	chromium -- multiple vulnerabilities
	FreeRDP -- Integer overflow in RDPEGFX channel
	libsndfile -- out-of-bounds read memory access
	zeek -- Various vulnerabilities
2020-07-27	Cacti -- multiple vulnerabilities
2020-07-24	Wagtail -- XSS vulnerability
2020-07-23	Apache Tomcat -- Multiple Vulnerabilities
2020-07-23	pango -- buffer overflow
2020-07-20	Python -- multiple vulnerabilities
2020-07-19	VirtualBox -- Multiple vulnerabilities
2020-07-16	clamav -- multiple vulnerabilities
2020-07-16	OpenEXR/ilmbase 2.5.2 -- patch release with various bug/security fixes
2020-07-15	chromium -- multiple vulnerabilities
2020-07-15	jenkins -- multiple vulnerabilities
2020-07-11	MySQL -- Multiple vulnerabilities
2020-07-10	FreeBSD -- IPv6 socket option race condition and use after free
	FreeBSD -- posix_spawnp(3) buffer overflow
	webkit2-gtk3 -- multible vulnerabilities
2020-07-09	mybb -- multible vulnerabilities
2020-07-08	kramdown -- template option vulnerability
2020-07-07	Gitlab -- Multiple Vulnerabilities
2020-07-07	Mbed TLS -- Side-channel attack on ECC key import and validation
2020-07-06	Python -- multiple vulnerabilities
2020-07-04	Anydesk -- Multiple Vulnerabilities
2020-07-03	dbus file descriptor leak
2020-07-03	py-matrix-synapse -- multiple vulnerabilities
2020-07-02	coturn -- information leakage
	Gitlab -- Multiple Vulnerabilities
	powerdns-recursor -- access restriction bypass
	samba -- Multiple Vulnerabilities
	trafficserver -- resource consumption
2020-07-01	drupal -- Multiple Vulnerabilities
2020-06-30	xrdp -- Local users can perform a buffer overflow attack against the xrdp-sesman service and then inpersonate it
2020-06-29	MongoDB -- Ensure RoleGraph can serialize authentication restrictions to BSON
2020-06-28	libvorbis -- two vulnerabilities
2020-06-28	PuTTY -- Release 0.74 fixes two security vulnerabilities
2020-06-25	glpi -- leakage issue with knowledge base
	glpi -- Multiple SQL Injections Stemming From isNameQuoted()
	glpi -- SQL injection for all usages of "Clone" feature
	glpi -- SQL Injection in Search API
	glpi -- Unauthenticated File Deletion
	glpi -- Unauthenticated Stored XSS
2020-06-24	chromium -- multiple vulnerabilities
	CUPS -- memory corruption
	curl -- multiple vulnerabilities
	IMAP fcc/postpone machine-in-the-middle attack
	Machine-in-the-middle response injection attack when using STARTTLS with IMAP, POP3, and SMTP
2020-06-22	Rails -- permission vulnerability
2020-06-18	BIND -- Remote Denial of Service vulnerability
	BIND -- Remote Denial of Service vulnerability
	Several issues in Lynis
2020-06-17	vlc heap-based buffer overflow
2020-06-12	LibreOffice Security Advisory
2020-06-12	Node.js -- June 2020 Security Releases
2020-06-11	tcpreplay -- Multiple vulnerabilities
2020-06-10	libadplug -- Various vulnerabilities
	NPM -- Multiple vulnerabilities
	several security issues in sqlite3
	zeek -- Various vulnerabilities
	znc -- Authenticated users can trigger an application crash
2020-06-09	Flash Player -- arbitrary code execution
2020-06-09	FreeBSD -- USB HID descriptor parsing error
2020-06-05	chromium -- multiple vulnerabilities
2020-06-04	Django -- multiple vulnerabilities
	Gitlab -- Multiple Vulnerabilities
	GnuTLS -- flaw in TLS session ticket key construction
2020-06-03	nghttp2 -- DoS vulnerability
2020-06-03	websocket-extensions -- ReDoS vulnerability
2020-05-31	gitea -- multiple vulnerabilities
2020-05-28	FreeRDP -- multiple vulnerabilities
	Gitlab -- Multiple Vulnerabilities
	kaminari -- potential XSS vulnerability
	Sane -- Multiple Vulnerabilities
2020-05-26	powerdns-recursor -- multiple vulnerabilities
2020-05-26	sympa - Security flaws in setuid wrappers
2020-05-24	chromium -- multiple vulnerabilities
2020-05-23	piwigo -- Multible Vulnerabilities
2020-05-22	Apache Tomcat Remote Code Execution via session persistence
	drupal -- Multiple Vulnerabilities
	sympa -- Denial of service caused by malformed CSRF token
	unbound -- mutliple vulnerabilities
2020-05-20	Zabbix -- Remote code execution
2020-05-19	Rails -- multiple vulnerabilities
2020-05-18	Dovecot -- Multiple vulnerabilities
2020-05-16	Rails -- remote code execution vulnerability
2020-05-16	salt -- multiple vulnerabilities in salt-master process
2020-05-14	clamav -- multiple vulnerabilities
2020-05-14	json-c -- integer overflow and out-of-bounds write via a large JSON file
2020-05-13	typo3 -- multiple vulnerabilities
2020-05-12	FreeBSD -- Improper checking in SCTP-AUTH shared key update
	FreeBSD -- Insufficient cryptodev MAC key length check
	FreeBSD -- Insufficient packet length validation in libalias
	FreeBSD -- Memory disclosure vulnerability in libalias
	FreeBSD -- Use after free in cryptodev module
2020-05-09	glpi -- stored XSS
	Python -- CRLF injection via the host part of the url passed to urlopen()
	qutebrowser -- Reloading page with certificate errors shows a green URL
2020-05-07	mailman -- arbitrary content injection vulnerability via options or private archive login pages
2020-05-06	zeek -- Various vulnerabilities
2020-05-05	Wagtail -- potential timing attack vulnerability
2020-05-04	cacti -- XSS exposure
2020-05-03	taglib -- heap-based buffer over-read via a crafted audio file
2020-05-01	Gitlab -- Multiple Vulnerabilities
2020-04-29	samba -- multiple vulnerabilities
2020-04-29	vlc -- Multiple vulnerabilities fixed in VLC media player
2020-04-28	nested filters leads to stack overflow
2020-04-27	py-yaml -- FullLoader (still) exploitable for arbitrary command execution
2020-04-26	py-bleach -- regular expression denial-of-service
2020-04-23	MySQL Client -- Multiple vulerabilities
	MySQL Server -- Multiple vulerabilities
	Nextcloud -- multiple vulnerabilities
	Python -- Regular Expression DoS attack against client
2020-04-22	malicious URLs can cause git to send a stored credential to wrong server
	malicious URLs may present credentials to wrong server
	Wagtail -- XSS vulnerability
2020-04-21	FreeBSD -- ipfw invalid mbuf handling
	libntlm -- buffer overflow vulnerability
	OpenSSL remote denial of service vulnerability
	py-twisted -- multiple vulnerabilities
2020-04-19	Client/server denial of service when handling AES-CTR ciphers
2020-04-18	webkit2-gtk3 -- Denial of service
2020-04-17	ansible - subversion password leak from PID
	ansible - Vault password leak from temporary file
	ansible - win_unzip path normalization
	drupal -- Drupal Core - Moderately critical - Third-party library
2020-04-16	chromium -- use after free
2020-04-16	openvpn -- illegal client float can break VPN session for other users
2020-04-15	Gitlab -- Multiple Vulnerabilities
2020-04-15	Mbed TLS -- Side channel attack on ECDSA
2020-04-14	ceph14 -- multiple security issues
2020-04-14	zeek -- Remote crash vulnerability
2020-04-12	chromium -- multiple vulnerabilities
2020-04-07	Squid -- multiple vulnerabilities
2020-04-02	Apache -- Multiple vulnerabilities
	cacti -- multiple vulnerabilities
	chromium -- multiple vulnerabilities
	HAproxy -- serious vulnerability affecting the HPACK decoder used for HTTP/2
2020-03-31	GnuTLS -- flaw in DTLS protocol implementation
2020-03-30	glpi -- able to read any token through API user endpoint
	glpi -- bypass of the open redirect protection
	glpi -- Improve encryption algorithm
	glpi -- multiple related stored XSS vulnerabilities
	glpi -- Reflexive XSS in Dropdown menus
	glpi -- Remote Code Execution (RCE) via the backup functionality
	glpi -- SQL injection for all helpdesk instances
	glpi -- weak csrf tokens
2020-03-29	PostgresSQL -- ALTER ... DEPENDS ON EXTENSION is missing authorization checks
2020-03-27	mediawiki -- multiple vulnerabilities
2020-03-26	Gitlab -- Multiple Vulnerabilities
2020-03-26	rubygem-json -- Unsafe Objection Creation Vulnerability in JSON (Additional fix)
2020-03-25	jenkins -- multiple vulnerabilities
2020-03-25	phpMyAdmin -- SQL injection
2020-03-23	puppet6 -- Arbitrary Catalog Retrieval
2020-03-23	puppetserver and puppetdb -- Puppet Server and PuppetDB may leak sensitive information via metrics API
2020-03-19	FreeBSD -- Incorrect user-controlled pointer use in epair
	FreeBSD -- Insufficient ixl(4) ioctl(2) privilege checking
	FreeBSD -- Insufficient oce(4) ioctl(2) privilege checking
	FreeBSD -- Kernel memory disclosure with nested jails
	FreeBSD -- TCP IPv6 SYN cache kernel information disclosure
2020-03-18	www/py-bleach -- multiple vulnerabilities
2020-03-15	zeek -- potential denial of service issues
2020-03-13	Okular -- Local binary execution via action links
2020-03-12	Django -- potential SQL injection vulnerability
2020-03-12	Gitlab -- Vulnerability
2020-03-11	py-matrix-synapse -- users of single-sign-on are vulnerable to phishing
2020-03-09	Node.js -- multiple vulnerabilities
2020-03-07	gitea -- multiple vulnerabilities
2020-03-07	salt -- salt-api vulnerability
2020-03-06	Gitlab -- Multiple Vulnerabilities
2020-03-03	ntp -- Multiple vulnerabilities
2020-03-02	librsvg2 -- multiple vulnerabilities
2020-03-02	TiMidity++ -- Multiple vulnerabilities
2020-02-29	Solr -- multiple vulnerabilities
2020-02-24	Mbed TLS -- Cache attack against RSA key import in SGX
	Mbed TLS -- Side channel attack on ECDSA
	OpenSMTPd -- LPE and RCE in OpenSMTPD's default install
2020-02-21	WeeChat -- Multiple vulnerabilities
2020-02-19	webkit-gtk3 -- Multiple vulnerabilities
2020-02-13	dovecot -- multiple vulnerabilities
2020-02-13	Gitlab -- Vulnerability
2020-02-12	grub2-bhyve -- multiple privilege escalations
2020-02-11	Flash Player -- arbitrary code execution
2020-02-11	libexif -- privilege escalation
2020-02-09	NGINX -- HTTP request smuggling
2020-02-07	ksh93 -- certain environment variables interpreted as arithmetic expressions on startup, leading to code injection
2020-02-05	clamav -- Denial-of-Service (DoS) vulnerability
2020-02-04	Django -- potential SQL injection vulnerability
2020-02-02	libssh -- Unsanitized location in scp could lead to unwanted command execution
2020-02-02	MariaDB -- Vulnerability in C API
2020-01-31	Gitlab -- Multiple Vulnerabilities
2020-01-31	spamassassin -- Nefarious rule configuration files can run system commands
2020-01-30	sudo -- Potential bypass of Runas user restrictions
2020-01-29	FreeBSD -- kernel stack data disclosure
	FreeBSD -- libfetch buffer overflow
	FreeBSD -- Missing IPsec anti-replay window check
	jenkins -- multiple vulnerabilities
	OpenSMTPd -- critical LPE / RCE vulnerability
	pkg -- vulnerability in libfetch
2020-01-27	samba -- multiple vulnerabilities
2020-01-26	webkit-gtk3 -- Multiple vulnerabilities
2020-01-24	Pillow -- Multiple vulnerabilities
2020-01-18	gitea -- multiple vulnerabilities
2020-01-15	drm graphics drivers -- potential information disclusure via local access
2020-01-15	MySQL -- Multiple vulerabilities
2020-01-14	Gitlab -- Private objects exposed through project import
2020-01-14	Template::Toolkit -- Directory traversal on write
2020-01-11	phpMyAdmin -- SQL injection
2020-01-08	e2fsprogs -- rehash.c/pass 3a mutate_name() code execution vulnerability
2020-01-06	cacti -- multiple vulnerabilities
2020-01-03	Gitlab -- Multiple Vulnerabilities
2020-01-02	glpi -- Public GLPIKEY can be used to decrypt any data
2019-12-29	OpenEXR -- heap buffer overflow, and out-of-memory bugs
2019-12-29	rack -- information leak / session hijack vulnerability
2019-12-26	wordpress -- multiple issues
2019-12-25	typo3 -- multiple vulnerabilities
2019-12-21	drupal -- Drupal Core - Multiple Vulnerabilities
2019-12-21	e2fsprogs -- maliciously corrupted file systems can trigger buffer overruns in the quota code used by e2fsck
2019-12-20	OpenSSL -- Overflow vulnerability
2019-12-18	py-matrix-synapse -- multiple vulnerabilities
2019-12-13	dovecot -- null pointer deref in notify with empty headers
2019-12-13	spamassassin -- multiple vulnerabilities
2019-12-12	samba -- multiple vulnerabilities
2019-12-10	Gitlab -- Multiple Vulnerabilities
2019-12-09	Ghostscript -- Security bypass vulnerabilities
2019-12-06	phpmyadmin -- multiple vulnerabilities
2019-12-03	Django -- multiple vulnerabilities
2019-11-28	Gitlab -- Multiple Vulnerabilities
2019-11-28	py-matrix-synapse -- incomplete cleanup of 3rd-party-IDs on user deactivation
2019-11-27	Gitlab -- Multiple Vulnerabilities
2019-11-27	webkit2-gtk3 -- Multiple vulnerabilities
2019-11-26	urllib3 -- multiple vulnerabilities
2019-11-25	clamav -- Denial-of-Service (DoS) vulnerability
	FreeBSD -- Intel CPU Microcode Update
	FreeBSD -- Machine Check Exception on Page Size Change
2019-11-23	unbound -- parsing vulnerability
2019-11-22	asterisk -- AMI user could execute system commands
	asterisk -- Re-invite with T.38 and malformed SDP causes crash
	asterisk -- SIP request can change address of a SIP peer
	gitea -- multiple vulnerabilities
2019-11-20	drm graphics drivers -- Local privilege escalation and denial of service
2019-11-19	squid -- Vulnerable to HTTP Digest Authentication
2019-11-18	libidn2 -- roundtrip check vulnerability
2019-11-15	GNU cpio -- multiple vulnerabilities
2019-11-13	libmad -- multiple vulnerabilities
2019-11-12	chromium -- multiple vulnerabilities
2019-11-12	wordpress -- multiple issues
2019-11-07	nexus2-oss -- Multiple vulerabilities
2019-11-06	php -- env_path_info underflow in fpm_main.c can lead to RCE
2019-11-03	mediawiki -- multiple vulnerabilities
2019-11-02	file -- Heap buffer overflow possible
2019-11-02	MySQL -- Multiple vulerabilities
2019-10-31	webkit2-gtk3 -- Multiple vulnerabilities
2019-10-30	gitea -- information disclosure
2019-10-30	Gitlab -- Disclosure Vulnerabilities
2019-10-29	py-matrix-synapse -- missing signature checks on some federation APIs
2019-10-29	samba -- multiple vulnerabilities
2019-10-24	FreeBSD -- ICMPv6 / MLDv2 out-of-bounds memory access
	FreeBSD -- Insufficient message length validation in bsnmp library
	FreeBSD -- Insufficient validation of guest-supplied data (e1000 device)
	FreeBSD -- IPv6 remote Denial-of-Service
	FreeBSD -- kernel memory disclosure from /dev/midistat
	FreeBSD -- Multiple vulnerabilities in bzip2
	FreeBSD -- Reference count overflow in mqueue filesystem 32-bit compat
	sudo -- Potential bypass of Runas user restrictions
	varnish -- Information Disclosure Vulnerability
2019-10-23	Loofah -- XSS vulnerability
2019-10-19	python 3.7 -- multiple vulnerabilities
2019-10-15	Pillow -- Allocation of resources without limits or throttling
2019-10-09	mod_perl2 -- execute arbitrary Perl code
2019-10-06	Xpdf -- Multiple Vulnerabilities
2019-10-03	unbound -- parsing vulnerability
2019-10-02	cacti -- Authenticated users may bypass authorization checks
	Gitlab -- Disclosure Vulnerabilities
	Gitlab -- Multiple Vulnerabilities
	ruby -- multiple vulnerabilities
2019-09-30	mongodb -- Bump Windows package dependencies
2019-09-30	mongodb -- Our init scripts check /proc/[pid]/stat should validate that `(${procname})` is the process' command name.
2019-09-29	Exim -- heap-based buffer overflow in string_vformat leading to RCE
2019-09-28	mongodb -- Attach IDs to users
2019-09-27	mantis -- multiple vulnerabilities
2019-09-26	go -- invalid headers are normalized, allowing request smuggling
2019-09-25	jenkins -- multiple vulnerabilities
2019-09-20	ISC KEA -- Multiple vulnerabilities
2019-09-19	Mbed TLS -- Side channel attack on deterministic ECDSA
2019-09-17	bro -- invalid memory access or heap buffer over-read
2019-09-17	expat2 -- Fix extraction of namespace prefixes from XML names
2019-09-16	expat2 -- Fix extraction of namespace prefixes from XML names
2019-09-14	curl -- multiple vulnerabilities
2019-09-12	Gitlab -- Multiple Vulnerabilities
2019-09-11	OpenSSL -- Multiple vulnerabilities
2019-09-10	Flash Player -- multiple vulnerabilities
2019-09-07	oniguruma -- multiple vulnerabilities
2019-09-07	xymon-server -- multiple vulnerabilities
2019-09-06	asterisk -- Crash when negotiating for T.38 with a declined stream
	asterisk -- Remote Crash Vulnerability in audio transcoding
	Exim -- RCE with root privileges in TLS SNI handler
	wordpress -- multiple issues
2019-09-03	mozilla -- multiple vulnerabilities
	samba -- combination of parameters and permissions can allow user to escape from the share path definition
	www/varnish6 -- Denial of Service
2019-09-02	libgcrypt -- ECDSA timing attack
2019-08-30	Gitlab -- Multiple Vulnerabilities
2019-08-30	webkit2-gtk3 -- Multiple vulnerabilities
2019-08-29	RDoc -- multiple jQuery vulnerabilities
2019-08-28	Dovecot -- improper input validation
	jenkins -- multiple vulnerabilities
	Mozilla -- Stored passwords in 'Saved Logins' can be copied without master password entry
2019-08-25	h2o -- multiple HTTP/2 vulnerabilities
2019-08-25	h2o -- multiple HTTP/2 vulnerabilities
2019-08-22	gitea -- multiple vulnerabilities
2019-08-21	clamav -- multiple vulnerabilities
2019-08-21	Node.js -- multiple vulnerabilities
2019-08-20	vlc -- multiple vulnerabilities
2019-08-19	nsd -- Stack-based Buffer Overflow
2019-08-18	Libgit2 -- multiple vulnerabilities
2019-08-18	xdm -- remote denial of service
2019-08-17	Apache -- Multiple vulnerabilities
2019-08-17	webmin -- unauthenticated remote code execution
2019-08-16	CUPS -- multiple vulnerabilities
2019-08-16	nghttp2 -- multiple vulnerabilities
2019-08-15	traefik -- Denial of service in HTTP/2
2019-08-14	NGINX -- Multiple vulnerabilities
2019-08-13	Gitlab -- Multiple Vulnerabilities
2019-08-13	Nokogiri -- injection vulnerability
2019-08-09	bro -- Null pointer dereference and Signed integer overflow
	doas -- Prevent passing of environment variables
	KDE Frameworks -- malicious .desktop files execute code
2019-08-08	PostgresSQL -- TYPE in pg_temp execute arbitrary SQL during `SECURITY DEFINER` execution
2019-08-05	glpi -- Account takeover vulnerability
2019-08-03	Django -- multiple vulnerabilities
2019-07-31	gitea -- multiple vulnerabilities
2019-07-31	gitea -- multiple vulnerabilities
2019-07-30	FreeBSD -- Bhyve out-of-bounds read in XHCI device
	FreeBSD -- File description reference count leak
	FreeBSD -- ICMP/ICMP6 packet filter bypass in pf
	FreeBSD -- iconv buffer overflow
	FreeBSD -- IPv6 fragment reassembly panic in pf(4)
	FreeBSD -- Kernel memory disclosure in freebsd32_ioctl
	FreeBSD -- Kernel stack disclosure in UFS/FFS
	FreeBSD -- Microarchitectural Data Sampling (MDS)
	FreeBSD -- Privilege escalation in cd(4) driver
	FreeBSD -- pts(4) write-after-free
	FreeBSD -- Reference count overflow in mqueue filesystem
	FreeBSD -- Resource exhaustion in non-default RACK TCP stack
	FreeBSD -- telnet(1) client multiple vulnerabilities
	Gitlab -- Multiple Vulnerabilities
2019-07-28	py-matrix-synapse -- multiple vulnerabilities
2019-07-25	Exim -- RCE in ${sort} expansion
2019-07-22	MySQL -- Multiple vulerabilities
2019-07-21	drupal -- Drupal core - Access bypass
2019-07-20	PuTTY 0.72 -- buffer overflow in SSH-1 and integer overflow in SSH client
2019-07-17	jenkins -- multiple vulnerabilities
2019-07-16	libxslt -- security framework bypass
2019-07-12	asterisk -- Remote Crash Vulnerability in chan_sip channel driver
	asterisk -- Remote crash vulnerability with MESSAGE messages
	python 3.7 -- multiple vulnerabilities
2019-07-09	GnuPG -- denial of service
2019-07-09	mozilla -- multiple vulnerabilities
2019-07-08	python 3.6 -- multiple vulnerabilities
2019-07-06	webkit2-gtk3 -- Multiple vulnerabilities
2019-07-05	mediawiki -- multiple vulnerabilities
2019-07-03	ettercap -- out-of-bound read vulnerability
	Gitlab -- Multiple Vulnerabilities
	SDL2_image -- multiple vulnerabilities
2019-07-01	Django -- Incorrect HTTP detection with reverse-proxy connecting via HTTPS
2019-07-01	irssi -- Use after free when sending SASL login to the server
2019-06-30	bzip2 -- multiple issues
2019-06-28	TYPO3 -- multiple vulnerabilities
2019-06-27	PostgreSQL -- Stack-based buffer overflow via setting a password
2019-06-22	znc -- privilege escalation
2019-06-21	Mozilla -- multiple vulnerabilities
	Mozilla -- multiple vulnerabilities
	Mozilla -- multiple vulnerabilities
	powerdns -- multiple vulnerabilities
2019-06-20	vlc -- Buffer overflow vulnerability
2019-06-20	vlc -- Double free in Matroska demuxer
2019-06-19	mozilla -- multiple vulnerabilities
2019-06-16	GraphicsMagick -- multiple vulnerabilities
2019-06-16	netatalk3 -- remote code execution vulnerability
2019-06-15	chromium -- use after free
2019-06-13	phpMyAdmin -- CSRF vulnerability in login form
2019-06-13	Vim/NeoVim -- Security vulnerability
2019-06-12	mybb -- vulnerabilities
2019-06-11	Flash Player -- arbitrary code execution
2019-06-08	drupal -- Drupal core - Moderately critical
2019-06-06	Django -- AdminURLFieldWidget XSS
2019-06-06	Exim -- RCE in deliver_message() function
2019-06-03	Gitlab -- Multiple Vulnerabilities
2019-06-01	buildbot -- OAuth Authentication Vulnerability
2019-05-31	bro -- Unsafe integer conversions can cause unintentional code paths to be executed
2019-05-30	ImageMagick -- multiple vulnerabilities
2019-05-27	cyrus-imapd -- buffer overrun in httpd
2019-05-26	serendipity -- XSS
	sqlite3 -- use after free
	suricata -- buffer over-read
2019-05-25	curl -- multiple vulnerabilities
2019-05-23	OCaml -- Multiple Security Vulnerabilities
2019-05-22	mozilla -- multiple vulnerabilities
2019-05-15	Rust -- violation of Rust's safety guarantees
2019-05-14	Flash Player -- arbitrary code execution
2019-05-14	samba -- multiple vulnerabilities
2019-05-11	PHP -- Multiple vulnerabilities in EXIF module
2019-05-09	PostgreSQL -- Memory disclosure in partition routing
2019-05-09	PostgreSQL -- Selectivity estimators bypass row security policies
2019-05-06	gitea -- multiple vulnerabilities
2019-05-05	comms/hylafax -- Malformed fax sender remote code execution in JPEG support
2019-05-01	Gitlab -- Information Disclosure
2019-04-30	Dovecot -- Multiple vulnerabilities
2019-04-29	Gitlab -- Multiple vulnerabilities
2019-04-26	buildbot -- CRLF injection in Buildbot login and logout redirect code
2019-04-25	drupal -- Drupal core - Moderately critical
2019-04-23	FreeBSD -- EAP-pwd message reassembly issue with unexpected fragment
	FreeBSD -- EAP-pwd missing commit validation
	FreeBSD -- EAP-pwd side-channel attack
	FreeBSD -- SAE confirm missing state validation
	FreeBSD -- SAE side-channel attacks
	py-yaml -- arbitrary code execution
2019-04-22	Istio -- Security vulnerabilities
2019-04-21	Ghostscript -- Security bypass vulnerability
2019-04-19	GnuTLS -- double free, invalid pointer access
2019-04-18	dovecot -- json encoder crash
2019-04-18	libssh2 -- multiple issues
2019-04-17	gitea -- remote code execution
2019-04-13	MySQL -- multiple vulnerabilities
2019-04-12	wget -- security flaw in caching credentials passed as a part of the URL
2019-04-11	Gitlab -- Group Runner Registration Token Exposure
2019-04-10	Flash Player -- multiple vulnerabilities
2019-04-10	jenkins -- multiple vulnerabilities
2019-04-05	clamav -- multiple vulnerabilities
2019-04-02	Apache -- Multiple vulnerabilities
2019-04-02	Gitlab -- Multiple vulnerabilities
2019-04-01	Kubectl -- Potential directory traversal
2019-03-31	znc -- Denial of Service
2019-03-29	Jupyter notebook -- open redirect vulnerability
2019-03-28	dovecot -- Buffer overflow reading extension header
2019-03-27	drupal -- Drupal core - Moderately critical - Cross Site Scripting
2019-03-26	Python -- NULL pointer dereference vulnerability
2019-03-21	Gitlab -- Vulnerability
	libXdmcp -- insufficient entropy generating session keys
	wordpress -- multiple issues
2019-03-20	gitea -- XSS vulnerability
2019-03-20	Gitlab -- Vulnerability
2019-03-19	mozilla -- multiple vulnerabilities
2019-03-19	PowerDNS -- Insufficient validation in the HTTP remote backend
2019-03-18	Rails -- Action View vulnerabilities
2019-03-17	PuTTY -- security fixes in new release
2019-03-16	Jupyter notebook -- cross-site inclusion (XSSI) vulnerability
2019-03-15	RubyGems -- multiple vulnerabilities
2019-03-07	ntp -- Crafted null dereference attack from a trusted source with an authenticated mode 6 packet
2019-03-07	OpenSSL -- ChaCha20-Poly1305 nonce vulnerability
2019-03-06	rssh - multiple vulnerabilities
2019-03-06	rt -- XSS via jQuery
2019-03-05	Gitlab -- Multiple vulnerabilities
	py-gunicorn -- CWE-113 vulnerability
	slixmpp -- improper access control
2019-03-03	Node.js -- multiple vulnerabilities
2019-03-02	mybb -- vulnerabilities
2019-03-01	asterisk -- Remote crash vulnerability with SDP protocol violation
2019-02-24	webkit-gtk -- Multiple vulnerabilities
2019-02-22	rdesktop - critical - Remote Code Execution
2019-02-21	drupal -- Drupal core - Highly critical - Remote Code Execution
2019-02-20	OpenSSL -- Padding oracle vulnerability
2019-02-15	msmtp -- certificate-verification issue
2019-02-13	mozilla -- multiple vulnerabilities
2019-02-12	Flash Player -- information disclosure
2019-02-11	FreeBSD -- File description reference count leak
	FreeBSD -- System call kernel data register leak
	OpenJPEG -- integer overflow
2019-02-10	kf5-kauth -- Insecure handling of arguments in helpers
2019-02-08	unit -- heap memory buffer overflow
2019-02-07	curl -- multiple vulnerabilities
2019-02-06	Gitlab -- Multiple vulnerabilities
2019-02-05	mail/dovecot -- Suitable client certificate can be used to login as other user
2019-02-02	typo3 -- multiple vulnerabilities
2019-02-01	gitea -- multiple vulnerabilities
2019-01-31	Gitlab -- Multiple vulnerabilities
2019-01-31	p5-Email-Address-List -- DDoS related vulnerability
2019-01-30	turnserver -- multiple vulnerabilities
2019-01-29	mozilla -- multiple vulnerabilities
2019-01-27	botan2 -- Side channel during ECC key generation
	MySQL -- multiple vulnerabilities
	phpMyAdmin -- File disclosure and SQL injection
2019-01-26	gitea -- multiple vulnerabilities
2019-01-26	libzmq4 -- Remote Code Execution Vulnerability
2019-01-23	Apache -- vulnerability
2019-01-23	www/mod_dav_svn -- Malicious SVN clients can crash mod_dav_svn.
2019-01-22	powerdns-recursor -- multiple vulnerabilities
2019-01-22	www/py-requests -- Information disclosure vulnerability
2019-01-20	joomla3 -- vulnerabilitiesw
2019-01-19	drupal -- Drupal core - Arbitrary PHP code execution
2019-01-18	Helm -- client unpacking chart that contains malicious content
2019-01-17	Gitlab -- Arbitrary repo read in Gitlab project import
2019-01-16	jenkins -- multiple vulnerabilities
2019-01-15	py-matrix-synapse -- undisclosed vulnerability
2019-01-10	irssi -- Use after free
2019-01-06	gitea -- insufficient privilege check
2019-01-06	uriparser -- Out-of-bounds read
2019-01-05	chromium -- multiple vulnerabilities
	chromium -- Use after free in PDFium
	Django -- Content spoofing possibility in the default 404 page
2019-01-02	Gitlab -- Multiple vulnerabilities
2018-12-26	rpm4 -- regression in -setperms, -setugids and -restore
2018-12-22	Gitlab -- Arbitrary File read in Gitlab project import
2018-12-21	gitea -- privilege escalation, XSS
2018-12-20	bro -- "Magellan" remote code execution vulnerability in bundled sqlite
2018-12-20	shibboleth-sp -- crashes on malformed date/time content
2018-12-19	FreeBSD -- bootpd buffer overflow
2018-12-15	wordpress -- multiple issues
2018-12-14	Gitlab -- Arbitrary File read in GitLab project import with Git LFS
	Mbed TLS -- Local timing attack on RSA decryption
	typo3 -- multiple vulnerabilities
2018-12-13	couchdb -- administrator privilege escalation
2018-12-12	phpMyAdmin -- multiple vulnerabilities
2018-12-11	mozilla -- multiple vulnerabilities
2018-12-10	FreeBSD -- Insufficient bounds checking in bhyve(8) device model
	FreeBSD -- Multiple vulnerabilities in NFS server code
	node.js -- multiple vulnerabilities
2018-12-09	powerdns-recursor -- Crafted query can cause a denial of service
2018-12-08	py-asyncssh -- Allows bypass of authentication
2018-12-06	Flash Player -- multiple vulnerabilities
2018-12-06	Gitlab -- Multiple vulnerabilities
2018-12-05	jenkins -- multiple vulnerabilities
2018-12-03	moodle -- Login CSRF vulnerability
2018-12-02	Rails -- Active Job vulnerability
2018-12-02	uriparser -- Multiple vulnerabilities
2018-11-28	Gitlab -- Multiple vulnerabilities
	messagelib -- HTML email can open browser window automatically
	payara -- Code execution via crafted PUT requests to JSPs
	payara -- Default typing issue in Jackson Databind
	payara -- Multiple vulnerabilities
2018-11-22	php-imap -- imap_open allows to run arbitrary shell commands via mailbox parameter
2018-11-21	phpmailer -- Multiple vulnerability
2018-11-20	Flash Player -- arbitrary code execution
2018-11-20	Gitlab -- Multiple vulnerabilities
2018-11-19	powerdns -- Multiple vulnerabilities
2018-11-17	powerdns-recursor -- Multiple vulnerabilities
2018-11-14	asterisk -- Remote crash vulnerability DNS SRV and NAPTR lookups
2018-11-13	Flash Player -- information disclosure
2018-11-12	kio-extras -- HTML Thumbnailer automatic remote file access
2018-11-12	OpenSSL -- timing vulnerability
2018-11-11	patch -- multiple vulnerabilities
2018-11-09	lighttpd - use-after-free vulnerabilities
2018-11-08	PostgreSQL -- SQL injection in pg_upgrade and pg_dump
2018-11-06	NGINX -- Multiple vulnerabilities
2018-11-01	curl -- multiple vulnerabilities
	gitea -- remote code exeution
	Gitlab -- SSRF in Kubernetes integration
	Loofah -- XSS vulnerability
2018-10-29	Gitlab -- multiple vulnerabilities
2018-10-29	OpenSSL -- Multiple vulnerabilities in 1.1 branch
2018-10-28	liveMedia -- potential remote code execution
2018-10-27	salt -- multiple vulnerabilities
2018-10-26	mini_httpd -- disclose arbitrary files is some circumstances
2018-10-23	mozilla -- multiple vulnerabilities
2018-10-22	drupal -- Drupal Core - Multiple Vulnerabilities
2018-10-20	MySQL -- multiple vulnerabilities
2018-10-20	ruby -- multiple vulnerabilities
2018-10-19	matomo -- XSS vulnerability
2018-10-17	libssh -- authentication bypass vulnerability
2018-10-15	Libgit2 -- multiple vulnerabilities
2018-10-11	gitea -- multiple vulnerabilities
	jenkins -- multiple vulnerabilities
	Memory leak bug in Toxcore
2018-10-09	tinc -- Buffer overflow
2018-10-05	Gitlab -- multiple vulnerabilities
2018-10-03	clamav -- multiple vulnerabilities
2018-10-03	Django -- password hash disclosure
2018-10-02	mozilla -- multiple vulnerabilities
2018-10-01	Gitlab -- multiple vulnerabilities
2018-10-01	pango -- remote DoS vulnerability
2018-09-30	Serendipity -- multiple vulnerabilities
2018-09-29	bitcoin -- Denial of Service and Possible Mining Inflation
2018-09-26	Apache -- Denial of service vulnerability in HTTP/2
	spamassassin -- multiple vulnerabilities
	wesnoth -- Code Injection vulnerability
2018-09-25	mantis -- XSS vulnerability
2018-09-22	mediawiki -- multiple vulnerabilities
2018-09-22	smart_proxy_dynflow -- authentication bypass vulnerability
2018-09-21	asterisk -- Remote crash vulnerability in HTTP websocket upgrade
2018-09-21	firefox -- Crash in TransportSecurityInfo due to cached data
2018-09-18	moodle -- multiple vulnerabilities
2018-09-15	joomla3 -- vulnerabilitiesw
2018-09-13	mybb -- vulnerabilities
2018-09-12	FreeBSD -- Improper ELF header parsing
2018-09-11	Containous Traefik -- exposes the configuration and secret
	Flash Player -- information disclosure
	mybb -- vulnerabilities
	Plex Media Server -- Information Disclosure Vulnerability
	X11 Session -- SDDM allows unauthorised unlocking
2018-09-05	curl -- password overflow vulnerability
	Information disclosure - Gitea leaks email addresses
	mozilla -- multiple vulnerabilities
2018-09-04	Ghostscript -- arbitrary code execution
2018-08-31	grafana -- LDAP and OAuth login vulnerability
2018-08-30	Gitlab -- multiple vulnerabilities
2018-08-29	bro -- array bounds and potential DOS issues
2018-08-25	node.js -- multiple vulnerabilities
2018-08-23	links -- denial of service
2018-08-22	FreeBSD -- L1 Terminal Fault (L1TF) Kernel Information Disclosure
	FreeBSD -- Resource exhaustion in IP fragment reassembly
	FreeBSD -- Unauthenticated EAPOL-Key Decryption Vulnerability
	gogs -- open redirect vulnerability
	libX11 -- Multiple vulnerabilities
	phpmyadmin -- XSS in the import dialog
2018-08-17	botan2 -- ECDSA side channel
2018-08-15	jenkins -- multiple vulnerabilities
2018-08-14	Flash Player -- multiple vulnerabilities
	samba -- multiple vulnerabilities
	samba -- multiple vulnerabilities
2018-08-12	chicken -- multiple vulnerabilities
2018-08-12	gitea -- TOTP passcode reuse
2018-08-11	GraphicsMagick -- SVG/Rendering vulnerability
2018-08-10	mbed TLS -- plaintext recovery vulnerabilities
2018-08-10	PostgreSQL -- two vulnerabilities
2018-08-08	couchdb -- administrator privilege escalation
2018-08-08	MySQL -- multiple vulnerabilities
2018-08-07	xml-security-c -- crashes on malformed KeyInfo content
2018-08-06	FreeBSD -- Resource exhaustion in TCP reassembly
2018-08-06	py-cryptography -- tag forgery vulnerability
2018-08-04	cgit -- directory traversal vulnerability
2018-07-31	mailman -- content spoofing with invalid list names in web UI
	rubygem-doorkeeper -- token revocation vulnerability
	sinatra -- XSS vulnerability
2018-07-29	mantis -- multiple vulnerabilities
2018-07-27	chromium -- multiple vulnerabilities
	curl -- SMTP send heap buffer overflow
	ffmpeg -- multiple vulnerabilities
	GIMP - Heap Buffer Overflow Vulnerability
	Gitlab -- multiple vulnerabilities
	lshell -- Multiple security issues
	lshell -- Shell autocomplete reveals forbidden directories
	OpenJPEG -- multiple vulnerabilities
	py-bleach -- unsanitized character entities
2018-07-26	Fix a buffer overflow in the tiff reader
2018-07-24	Memory leak in different components
2018-07-21	vlc -- Use after free vulnerability
2018-07-19	mutt/neomutt -- multiple vulnerabilities
2018-07-18	Apache httpd -- multiple vulnerabilities
	Gitlab -- Remote Code Execution Vulnerability in GitLab Projects Import
	jenkins -- multiple vulnerabilities
	znc -- multiple vulnerabilities
2018-07-17	mutt -- remote code injection and path traversal vulnerability
2018-07-17	typo3 -- multiple vulnerabilities
2018-07-15	Several Security Defects in the Bouncy Castle Crypto APIs
2018-07-14	qutebrowser -- Remote code execution due to CSRF
2018-07-11	Flash Player -- multiple vulnerabilities
2018-07-11	Libgit2 -- multiple vulnerabilities
2018-07-10	couchdb -- multiple vulnerabilities
2018-07-09	clamav -- multiple vulnerabilities
2018-07-08	wordpress -- multiple issues
2018-07-07	mybb -- vulnerabilities
2018-07-06	zziplib - multiple vulnerabilities
2018-07-05	expat -- multiple vulnerabilities
2018-07-03	h2o -- heap buffer overflow during logging
2018-07-01	SQLite -- Corrupt DB can cause a NULL pointer dereference
2018-06-26	mozilla -- multiple vulnerabilities
2018-06-25	Gitlab -- multiple vulnerabilities
2018-06-25	mailman -- hardening against malicious listowners injecting evil HTML scripts
2018-06-22	phpmyadmin -- remote code inclusion and XSS scripting
2018-06-21	FreeBSD -- Lazy FPU State Restore Information Disclosure
2018-06-18	GraphicsMagick -- multiple vulnerabilities
2018-06-16	slurm -- insecure handling of user_name and gid fields
2018-06-15	node.js -- multiple vulnerabilities
2018-06-14	password-store -- GPG parsing vulnerabilities
2018-06-13	libgcrypt -- side-channel attack vulnerability
2018-06-12	OpenSSL -- Client DoS due to large DH parameter
2018-06-11	asterisk -- Infinite loop when reading iostreams
2018-06-11	asterisk -- PJSIP endpoint presence disclosure when using ACL
2018-06-10	chromium -- Incorrect handling of CSP header
2018-06-08	firefox -- Heap buffer overflow rasterizing paths in SVG with Skia
2018-06-08	gnupg -- unsanitized output (CVE-2018-12020)
2018-06-07	Flash Player -- multiple vulnerabilities
2018-06-06	bro -- multiple memory allocation issues
2018-06-05	Libgit2 -- Fixing insufficient validation of submodule names
2018-06-02	Git -- Fix memory out-of-bounds and remote code execution vulnerabilities (CVE-2018-11233 and CVE-2018-11235)
2018-05-31	Gitlab -- multiple vulnerabilities
2018-05-31	strongswan -- Fix Denial-of-Service Vulnerability strongSwan (CVE-2018-10811, CVE-2018-5388)
2018-05-30	chromium -- multiple vulnerabilities
2018-05-21	BIND -- multiple vulnerabilities
2018-05-16	cURL -- multiple vulnerabilities
2018-05-11	chromium -- multiple vulnerabilities
2018-05-11	wavpack -- multiple vulnerabilities
2018-05-10	jenkins -- multiple vulnerabilities
2018-05-09	Flash Player -- arbitrary code execution
2018-05-09	mozilla -- multiple vulnerabilities
2018-05-08	FreeBSD -- Mishandling of x86 debug exceptions
2018-05-08	wget -- cookie injection vulnerability
2018-05-06	kamailio - buffer overflow
2018-05-05	python 2.7 -- multiple vulnerabilities
2018-05-04	KWallet-PAM -- Access to privileged files
2018-05-03	drupal -- Drupal Core - Multiple Vulnerabilities
2018-05-01	Gitlab -- multiple vulnerabilities
2018-04-30	chromium -- vulnerability
2018-04-26	quassel -- multiple vulnerabilities
2018-04-24	chromium -- vulnerability
2018-04-23	mbed TLS (PolarSSL) -- multiple vulnerabilities
2018-04-21	MySQL -- multiple vulnerabilities
2018-04-20	wordpress -- multiple issues
2018-04-19	drupal -- Drupal core - Moderately critical
2018-04-19	phpmyadmin -- CSRF vulnerability allowing arbitrary SQL execution
2018-04-16	drupal -- Drupal Core - Multiple Vulnerabilities
2018-04-16	OpenSSL -- Cache timing vulnerability
2018-04-15	perl -- multiple vulnerabilities
2018-04-14	ipsec-tools -- remotely exploitable computational-complexity attack
2018-04-13	nghttp2 -- Denial of service due to NULL pointer dereference
2018-04-13	roundcube -- IMAP command injection vulnerability
2018-04-12	jenkins -- multiple vulnerabilities
2018-04-10	Flash Player -- multiple vulnerabilities
2018-04-05	FreeBSD -- ipsec crash or denial of service
	FreeBSD -- vt console memory disclosure
	Gitlab -- multiple vulnerabilities
2018-03-31	moodle -- multiple vulnerabilities
2018-03-29	ruby -- multiple vulnerabilities
2018-03-28	node.js -- multiple vulnerabilities
2018-03-28	webkit2-gtk3 -- multiple vulnerabilities
2018-03-27	chromium -- vulnerability
	Gitlab -- multiple vulnerabilities
	mozilla -- use-after-free in compositor
	OpenSSL -- multiple vulnerabilities
2018-03-24	apache -- multiple vulnerabilities
	mybb -- multiple vulnerabilities
	rails-html-sanitizer -- possible XSS vulnerability
2018-03-22	SQLite -- Corrupt DB can cause a NULL pointer dereference
2018-03-21	Sanitize -- XSS vulnerability
2018-03-20	Loofah -- XSS vulnerability
2018-03-19	Jupyter Notebook -- vulnerability
2018-03-17	slurm-wlm -- SQL Injection attacks against SlurmDBD
2018-03-17	SquirrelMail -- post-authentication access privileges
2018-03-16	libvorbis -- multiple vulnerabilities
2018-03-16	mozilla -- multiple vulnerabilities
2018-03-14	e2fsprogs -- potential buffer overrun bugs in the blkid library and in the fsck program
	FreeBSD -- ipsec validation and use-after-free
	FreeBSD -- Speculative Execution Vulnerabilities
2018-03-13	Flash Player -- multiple vulnerabilities
	mozilla -- multiple vulnerabilities
	samba -- multiple vulnerabilities
2018-03-10	mbed TLS (PolarSSL) -- remote code execution
2018-03-08	chromium -- vulnerability
2018-03-04	wireshark -- multiple security issues
2018-03-02	isc-dhcp -- Multiple vulnerabilities
2018-03-01	libsndfile -- multiple vulnerabilities
	libsndfile -- out-of-bounds read memory access
	libsndfile -- out-of-bounds reads
	PostgreSQL vulnerabilities
2018-02-28	ntp -- multiple vulnerabilities
2018-02-27	chromium -- multiple vulnerabilities
	chromium -- vulnerability
	shibboleth-sp -- vulnerable to forged user attribute data
2018-02-25	drupal -- Drupal Core - Multiple Vulnerabilities
2018-02-24	cvs -- Remote code execution via ssh command injection
2018-02-23	LibreOffice -- Remote arbitrary file disclosure vulnerability via WEBSERVICE formula
	squid -- Vulnerable to Denial of Service attack
	tomcat -- Security constraints ignored or applied too late
2018-02-22	asterisk -- multiple vulnerabilities
	asterisk and pjsip -- multiple vulnerabilities
	phpMyAdmin -- self XSS in central columns feature
2018-02-21	GitLab -- multiple vulnerabilities
2018-02-19	irssi -- multiple vulnerabilities
2018-02-19	strongswan - Insufficient input validation in RSASSA-PSS signature parser
2018-02-17	p5-Mojolicious -- cookie-handling vulnerability
2018-02-16	bro -- integer overflow allows remote DOS
	bro -- out of bounds write allows remote DOS
	Bugzilla security issues
	consul -- vulnerability in embedded DNS library
2018-02-15	libraw -- multiple DoS vulnerabilities
	libraw -- multiple DoS vulnerabilities
	quagga -- several security issues
2018-02-14	bitmessage -- remote code execution vulnerability
2018-02-14	jenkins -- Path traversal vulnerability allows access to files outside plugin resources
2018-02-13	bchunk -- access violation near NULL on destination operand and crash
	bchunk -- heap-based buffer overflow (with invalid free) and crash
	bchunk -- heap-based buffer overflow and crash
	uwsgi -- a stack-based buffer overflow
2018-02-11	electrum -- JSONRPC vulnerability
2018-02-11	python -- possible integer overflow vulnerability
2018-02-10	exim -- a buffer overflow vulnerability, remote code execution
	libtorrent -- remote DoS
	p7zip -- heap-based buffer overflow
	p7zip-codec-rar -- insufficient error handling
2018-02-09	mpv -- arbitrary code execution via crafted website
2018-02-08	Mailman -- Cross-site scripting (XSS) vulnerability in the web UI
2018-02-08	PostgreSQL vulnerabilities
2018-02-06	Flash Player -- multiple vulnerabilities
2018-02-06	mini_httpd,thttpd -- Buffer overflow in htpasswd
2018-02-05	shadowsocks-libev -- command injection via shell metacharacters
2018-02-03	palemoon -- multiple vulnerabilities
2018-02-02	Django -- information leakage
2018-02-01	w3m - multiple vulnerabilities
2018-01-29	firefox -- Arbitrary code execution through unsanitized browser UI
2018-01-29	tiff -- multiple vulnerabilities
2018-01-27	gcab -- stack overflow
2018-01-26	clamav -- multiple vulnerabilities
	cURL -- Multiple vulnerabilities
	dovecot -- abort of SASL authentication results in a memory leak
2018-01-23	chromium -- multiple vulnerabilities
	chromium -- multiple vulnerabilities
	chromium -- out of bounds read
	mozilla -- multiple vulnerabilities
	powerdns-recursor -- insufficient validation of DNSSEC signatures
2018-01-19	MySQL -- multiple vulnerabilities
	phpbb3 -- multiple issues
	unbound -- vulnerability in the processing of wildcard synthesized NSEC records
	wordpress -- multiple issues
2018-01-17	gitlab -- Remote code execution on project import
2018-01-14	transmission-daemon -- vulnerable to dns rebinding attacks
2018-01-12	shibboleth-sp -- vulnerable to forged user attribute data
2018-01-09	Flash Player -- information disclosure
2018-01-08	awstats -- remote code execution
2018-01-06	irssi -- multiple vulnerabilities
2018-01-05	mozilla -- Speculative execution side-channel attack
2017-12-30	OTRS -- Multiple vulnerabilities
2017-12-29	The Bouncy Castle Crypto APIs: CVE-2017-13098 ("ROBOT")
2017-12-25	mozilla -- multiple vulnerabilities
2017-12-23	asterisk -- Crash in PJSIP resource when missing a contact header
	MariaDB -- unspecified vulnerability
	phpMyAdmin -- XSRF/CSRF vulnerability
2017-12-20	rsync -- multiple vulnerabilities
2017-12-18	rubygem-passenger -- arbitrary file read vulnerability
2017-12-17	libXcursor -- integer overflow that can lead to heap buffer overflow
	libXfont -- multiple memory leaks
	libXfont -- permission bypass when opening files through symlinks
2017-12-16	global -- gozilla vulnerability
2017-12-15	jenkins -- Two startup race conditions
2017-12-14	GitLab -- multiple vulnerabilities
	node.js -- Data Confidentiality/Integrity Vulnerability, December 2017
	ruby -- Command injection vulnerability in Net::FTP
	tor -- Use-after-free in onion service v2
2017-12-13	asterisk -- Remote Crash Vulnerability in RTCP Stack
2017-12-13	libxml2 -- Multiple Issues
2017-12-10	FreeBSD -- OpenSSL multiple vulnerabilities
2017-12-10	wireshark -- multiple security issues
2017-12-07	OpenSSL -- multiple vulnerabilities
2017-12-06	FreeBSD -- Information leak in kldstat(2)
	FreeBSD -- Kernel data leak via ptrace(PT_LWPINFO)
	FreeBSD -- OpenSSL multiple vulnerabilities
	FreeBSD -- POSIX shm allows jails to access global namespace
	FreeBSD -- WPA2 protocol vulnerability
2017-12-05	mozilla -- multiple vulnerabilities
2017-12-02	mybb -- multiple vulnerabilities
2017-12-02	varnish -- information disclosure vulnerability
2017-12-01	asterisk -- DOS Vulnerability in Asterisk chan_skinny
2017-12-01	wordpress -- multiple issues
2017-11-30	exim -- remote DoS attack in BDAT processing
2017-11-29	borgbackup -- remote users can override repository restrictions
	cURL -- Multiple vulnerabilities
	xrdp -- local user can cause a denial of service
2017-11-28	palemoon -- multiple vulnerabilities
2017-11-27	exim -- remote code execution, deny of service in BDAT
2017-11-24	mybb -- multiple vulnerabilities
2017-11-23	codeigniter -- input validation bypass
2017-11-23	salt -- multiple vulnerabilities
2017-11-21	frr -- BGP Mishandled attribute length on Error
2017-11-21	procmail -- Heap-based buffer overflow
2017-11-20	cacti -- multiple vulnerabilities
2017-11-19	mediawiki -- multiple vulnerabilities
2017-11-16	Flash Player -- multiple vulnerabilities
2017-11-15	shibboleth2-sp -- "Dynamic" metadata provider plugin issue
2017-11-14	mozilla -- multiple vulnerabilities
2017-11-13	rubygem-geminabox -- XSS vulnerabilities
2017-11-12	konversation -- crash in IRC message parsing
2017-11-11	roundcube -- file disclosure vulnerability
2017-11-10	chromium -- multiple vulnerabilities
2017-11-09	asterisk -- Buffer overflow in CDR's set user
	asterisk -- Buffer overflow in pjproject header parsing can cause crash in Asterisk
	asterisk -- Memory/File Descriptor/RTP leak in pjsip session resource
	jenkins -- multiple issues
	PostgreSQL vulnerabilities
2017-11-02	OpenSSL -- Multiple vulnerabilities
2017-11-01	wordpress -- multiple issues
2017-10-30	PHP -- denial of service attack
2017-10-30	wireshark -- multiple security issues
2017-10-28	chromium -- Stack overflow in V8
2017-10-27	wget -- Heap overflow in HTTP protocol handling
2017-10-27	wget -- Stack overflow in HTTP protocol handling
2017-10-25	GitLab -- multiple vulnerabilities
2017-10-25	Node.js -- remote DOS security vulnerability
2017-10-24	Apache OpenOffice -- multiple vulnerabilities
2017-10-23	cURL -- out of bounds read
2017-10-22	irssi -- multiple vulnerabilities
2017-10-21	chromium -- multiple vulnerabilities
2017-10-19	arj -- multiple vulnerabilities
2017-10-19	cacti -- Cross Site Scripting issue
2017-10-18	krb5 -- Multiple vulnerabilities
2017-10-18	MySQL -- multiple vulnerabilities
2017-10-17	Flash Player -- Remote code execution
	h2o -- DoS in workers
	xorg-server -- Multiple Issues
2017-10-16	mercurial -- multiple issues
2017-10-16	WPA packet number reuse with replayed messages and key reinstallation
2017-10-13	jenkins -- multiple issues
	Multiple exploitable heap-based buffer overflow vulnerabilities exists in FreeXL 1.0.3
	solr -- Code execution via entity expansion
	xorg-server -- multiple vulnerabilities
2017-10-12	FFmpeg -- multiple vulnerabilities
	nss -- Use-after-free in TLS 1.2 generating handshake hashes
	xen-kernel -- multiple vulnerabilities
2017-10-11	ncurses -- multiple issues
	osip -- Improper Restriction of Operations within the Bounds of a Memory Buffer
	Python 2.7 -- multiple vulnerabilities
2017-10-10	libtiff -- Improper Input Validation
	node -- access to unintended files
	rubygems -- deserialization vulnerability
	zookeeper -- Denial Of Service
2017-10-09	xorg-server -- multiple vulnerabilities
2017-10-06	tomcat -- Remote Code Execution
2017-10-04	cURL -- out of bounds read
2017-10-03	FreeBSD -- heimdal KDC-REP service name validation vulnerability
2017-10-03	FreeBSD -- OpenSSH Denial of Service vulnerability
2017-10-02	dnsmasq -- multiple vulnerabilities
2017-09-29	mozilla -- multiple vulnerabilities
	phpmyfaq -- multiple issues
	wordpress -- multiple issues
2017-09-28	libraw -- Out-of-bounds Read
2017-09-28	sam2p -- multiple issues
2017-09-27	libofx -- exploitable buffer overflow
	libzip -- denial of service
	OpenVPN -- out-of-bounds write in legacy key-method 1
2017-09-26	ImageMagick -- denial of service via a crafted font file
	ledger -- multiple vulnerabilities
	libbson -- Denial of Service
	libgd -- Denial of servica via double free
	libraw -- buffer overflow
	libraw -- denial of service and remote code execution
	php-gd and gd -- Buffer over-read into uninitialized memory
	sugarcrm -- multiple vulnerabilities
	tcpdump -- multiple vulnerabilities
2017-09-25	aacplusenc -- denial of service
	ansible -- information disclosure flaw
	weechat -- crash in logger plugin
2017-09-24	perl -- multiple vulnerabilities
2017-09-22	chromium -- multiple vulnerabilities
2017-09-19	Apache -- HTTP OPTIONS method can leak server memory
	asterisk -- RTP/RTCP information leak
	ruby -- multiple vulnerabilities
	rubygem-geminabox -- XSS & CSRF vulnerabilities
2017-09-14	GitLab -- multiple vulnerabilities
2017-09-12	emacs -- enriched text remote code execution vulnerability
2017-09-12	Flash Player -- multiple vulnerabilities
2017-09-10	cyrus-imapd -- broken "other users" behaviour
2017-09-06	chromium -- multiple vulnerabilities
2017-09-06	Django -- possible XSS in traceback section of technical 500 debug page
2017-09-01	asterisk -- Remote Crash Vulerability in res_pjsip
	asterisk -- Unauthorized data disclosure and shell access command injection in app_minivm
	gdk-pixbuf -- multiple vulnerabilities
2017-08-30	libgcrypt -- side-channel attack vulnerability
2017-08-29	rubygems -- multiple vulnerabilities
2017-08-26	kanboard -- multiple privilege escalation vulnerabilities
2017-08-24	poppler -- multiple denial of service issues
2017-08-23	phpmailer -- XSS in code example and default exeception handler
2017-08-22	dnsdist -- multiple vulnerabilities
	pspp -- multiple vulnerabilities
	salt -- Maliciously crafted minion IDs can cause unwanted directory traversals on the Salt-master
	SquirrelMail -- post-authentication remote code execution
2017-08-19	drupal -- Drupal Core - Multiple Vulnerabilities
2017-08-17	libsoup -- stack based buffer overflow
2017-08-16	Zabbix -- Remote code execution
2017-08-15	Supervisord -- An authenticated client can run arbitrary shell commands via malicious XML-RPC requests
2017-08-14	FreeRadius -- Multiple vulnerabilities
2017-08-12	Mercurial -- multiple vulnerabilities
2017-08-11	GitLab -- two vulnerabilities
2017-08-11	subversion -- Arbitrary code execution vulnerability
2017-08-10	Flash Player -- multiple vulnerabilities
2017-08-10	PostgreSQL vulnerabilities
2017-08-09	Axis2 -- Security vulnerability on dependency Apache Commons FileUpload
2017-08-09	cURL -- multiple vulnerabilities
2017-08-08	mozilla -- multiple vulnerabilities
2017-08-08	sqlite3 -- heap-buffer overflow
2017-08-02	Varnish -- Denial of service vulnerability
2017-08-01	chromium -- multiple vulnerabilities
2017-07-29	Cacti -- Cross-site scripting (XSS) vulnerability in auth_profile.php
2017-07-27	proftpd -- user chroot escape vulnerability
2017-07-26	jabberd -- authentication bypass vulnerability
2017-07-25	gsoap -- remote code execution via via overflow
2017-07-25	webkit2-gtk3 -- multiple vulnerabilities
2017-07-20	GitLab -- Various security issues
2017-07-19	collectd5 -- Denial of service by sending a signed network packet to a server which is not set up to check signatures
	MySQL -- multiple vulnerabilities
	strongswan -- multiple vulnerabilities
2017-07-17	Cacti -- Cross-site scripting (XSS) vulnerability in link.php
2017-07-13	Apache httpd -- multiple vulnerabilities
	evince and atril -- command injection vulnerability in CBT handler
	Flash Player -- multiple vulnerabilities
2017-07-12	node.js -- multiple vulnerabilities
2017-07-12	samba -- Orpheus Lyre mutual authentication validation bypass
2017-07-11	nginx -- a specially crafted request might result in an integer overflow
2017-07-08	codeigniter -- input validation bypass
2017-07-08	irssi -- multiple vulnerabilities
2017-07-07	oniguruma -- multiple vulnerabilities
2017-07-06	drupal -- Drupal Core - Multiple Vulnerabilities
2017-07-03	Dropbear -- two vulnerabilities
2017-07-03	smarty3 -- shell injection in math
2017-06-30	GitLab -- Various security issues
	libgcrypt -- side-channel attack on RSA secret keys
	tor -- security regression
2017-06-21	exim -- Privilege escalation via multiple memory leaks
	OpenVPN -- several vulnerabilities
	pear-Horde_Image -- DoS vulnerability
	pear-Horde_Image -- remote code execution vulnerability
2017-06-20	Apache httpd -- several vulnerabilities
2017-06-16	chromium -- multiple vulnerabilities
2017-06-15	cURL -- URL file scheme drive letter buffer overflow
	Flash Player -- multiple vulnerabilities
	rt and dependent modules -- multiple security vulnerabilities
2017-06-13	mozilla -- multiple vulnerabilities
2017-06-09	roundcube -- arbitrary password resets
2017-06-08	GnuTLS -- Denial of service vulnerability
2017-06-08	irssi -- remote DoS
2017-06-06	chromium -- multiple vulnerabilities
2017-06-02	ansible -- Input validation flaw in jinja2 templating system
2017-06-01	duo -- Two-factor authentication bypass
2017-06-01	FreeRADIUS -- TLS resumption authentication bypass
2017-05-31	heimdal -- bypass of capath policy
2017-05-26	FreeBSD -- ipfilter(4) fragment handling panic
	FreeBSD -- Multiple vulnerabilities of ntp
	vlc -- remote code execution via crafted subtitles
2017-05-25	ImageMagick -- multiple vulnerabilities
2017-05-25	OpenEXR -- multiple remote code execution and denial of service vulnerabilities
2017-05-24	samba -- remote code execution vulnerability
2017-05-23	NVIDIA UNIX driver -- multiple vulnerabilities in the kernel mode layer handler
2017-05-22	miniupnpc -- integer signedness error
2017-05-21	Wordpress -- multiple vulnerabilities
2017-05-19	asterisk -- Buffer Overrun in PJSIP transaction layer
2017-05-19	asterisk -- Memory exhaustion on short SCCP packets
2017-05-18	gitlab -- Various security issues
	gitlab -- Various security issues
	Joomla3 -- SQL Injection
2017-05-17	freetype2 -- buffer overflows
2017-05-11	OpenVPN -- two remote denial-of-service vulnerabilities
2017-05-11	PostgreSQL vulnerabilities
2017-05-10	kauth: Local privilege escalation
2017-05-09	libetpan -- null dereference vulnerability in MIME parsing component
2017-05-03	chromium -- race condition vulnerability
2017-04-30	dovecot -- Dovecot DoS when passdb dict was used for authentication
2017-04-28	LibreSSL -- TLS verification vulnerability
2017-04-27	jenkins -- multiple vulnerabilities
2017-04-25	codeigniter -- multiple vulnerabilities
2017-04-24	weechat -- multiple vulnerabilities
2017-04-21	chromium -- multiple vulnerabilities
2017-04-21	drupal8 -- Drupal Core - Critical - Access Bypass
2017-04-20	cURL -- TLS session resumption client cert bypass (again)
	icu -- multiple vulnerabilities
	libsamplerate -- multiple vulnerabilities
	libsndfile -- multiple vulnerabilities
	tiff -- multiple vulnerabilities
2017-04-19	graphite2 -- out-of-bounds write with malicious font
	libevent -- multiple vulnerabilities
	mozilla -- multiple vulnerabilities
	MySQL -- multiple vulnerabilities
	NSS -- multiple vulnerabilities
2017-04-13	BIND -- multiple vulnerabilities
2017-04-07	id Tech 3 -- remote code execution vulnerability
2017-04-06	xen-kernel -- broken check in memory_exchange() permits PV guest breakout
2017-04-05	cURL -- potential memory disclosure
2017-04-04	asterisk -- Buffer overflow in CDR's set user
	django -- multiple vulnerabilities
	NVIDIA UNIX driver -- multiple vulnerabilities in the kernel mode layer handler
2017-03-30	chromium -- multiple vulnerabilities
2017-03-30	xen-tools -- xenstore denial of service via repeated update
2017-03-29	phpMyAdmin -- bypass 'no password' restriction
2017-03-24	samba -- symlink race allows access outside share definition
2017-03-23	xen-tools -- Cirrus VGA Heap overflow via display refresh
2017-03-18	firefox -- integer overflow in createImageBitmap()
	irssi -- use-after-free potential code execution
	moodle -- multiple vulnerabilities
	moodle -- multiple vulnerabilities
	mysql -- denial of service vulnerability
2017-03-17	drupal8 -- multiple vulnerabilities
2017-03-16	Flash Player -- multiple vulnerabilities
2017-03-16	PuTTY -- integer overflow permits memory overwrite by forwarded ssh-agent connections
2017-03-12	chromium -- multiple vulnerabilities
	mbed TLS (PolarSSL) -- multiple vulnerabilities
	Several Security Defects in the Bouncy Castle Crypto APIs
2017-03-11	kde-runtime -- kdesu: displayed command truncated by unicode string terminator
	kdepimlibs -- directory traversal on KTNEF
	kio: Information Leak when accessing https when using a malicious PAC file
2017-03-07	mozilla -- multiple vulnerabilities
2017-03-07	wordpress -- multiple vulnerabilities
2017-03-05	codeigniter -- multiple vulnerabilities
	ikiwiki -- authentication bypass vulnerability
	ikiwiki -- multiple vulnerabilities
2017-02-28	potrace -- multiple memory failure
2017-02-26	MPD -- buffer overflows in http output
2017-02-22	cURL -- ocsp status validation error
2017-02-22	xen-tools -- cirrus_bitblt_cputovideo does not check if memory region is safe
2017-02-21	fbsdmon -- information disclosure vulnerability
2017-02-18	wavpack -- multiple invalid memory reads
2017-02-16	openssl -- crash on handshake
2017-02-16	optipng -- multiple vulnerabilities
2017-02-14	diffoscope -- arbitrary file write
2017-02-12	ffmpeg -- heap overflow in lavf/mov.c
2017-02-11	gtk-vnc -- bounds checking vulnerabilities
2017-02-11	xen-tools -- oob access in cirrus bitblt copy
2017-02-06	tiff -- multiple vulnerabilities
2017-02-04	chicken -- multiple vulnerabilities
	freeimage -- code execution vulnerability
	guile2 -- multiple vulnerabilities
	libebml -- multiple vulnerabilities
	mantis -- XSS vulnerability
2017-02-01	jenkins -- multiple vulnerabilities
2017-02-01	shotwell -- failure to encrypt authentication
2017-01-29	wordpress -- multiple vulnerabilities
2017-01-27	nfsen -- remote command execution
2017-01-26	chromium -- multiple vulnerabilities
2017-01-26	OpenSSL -- multiple vulnerabilities
2017-01-24	mozilla -- multiple vulnerabilities
2017-01-24	phpMyAdmin -- Multiple vulnerabilities
2017-01-23	Intel(R) NVMUpdate -- Intel(R) Ethernet Controller X710/XL710 NVM Security Vulnerability
2017-01-19	icoutils -- check_offset overflow on 64-bit systems
2017-01-19	PHP -- undisclosed vulnerabilities
2017-01-18	mysql -- multiple vulnerabilities
2017-01-18	powerdns -- multiple vulnerabilities
2017-01-15	groovy -- remote execution of untrusted code/DoS vulnerability
	RabbitMQ -- Authentication vulnerability
	wordpress -- multiple vulnerabilities
2017-01-14	mysql -- multiple vulnerabilities
2017-01-14	MySQL -- multiple vulnerabilities
2017-01-12	Ansible -- Command execution on Ansible controller from host
	BIND -- multiple vulnerabilities
	phpmailer -- Remote Code Execution
2017-01-11	flash -- multiple vulnerabilities
	FreeBSD -- OpenSSH multiple vulnerabilities
	openssl -- timing attack vulnerability
2017-01-09	GnuTLS -- Memory corruption vulnerabilities
	hdf5 -- multiple vulnerabilities
	libdwarf -- multiple vulnerabilities
	libvncserver -- multiple buffer overflows
	lynx -- multiple vulnerabilities
	moinmoin -- XSS vulnerabilities
2017-01-07	tomcat -- information disclosure vulnerability
	tomcat -- multiple vulnerabilities
	tomcat -- multiple vulnerabilities
2017-01-06	codeigniter -- multiple vulnerabilities
	codeigniter -- multiple vulnerabilities
	End of Life Ports
	Use-After-Free Vulnerability in pcsc-lite
2017-01-05	Irssi -- multiple vulnerabilities
2017-01-01	w3m -- multiple vulnerabilities
2016-12-29	h2o -- Use-after-free vulnerability
	PHP -- multiple vulnerabilities
	PHP -- multiple vulnerabilities
2016-12-28	phpmailer -- Remote Code Execution
2016-12-27	upnp -- multiple vulnerabilities
2016-12-26	phpmailer -- Remote Code Execution
2016-12-26	samba -- multiple vulnerabilities
2016-12-25	exim -- DKIM private key leak
2016-12-24	cURL -- uninitialized random vulnerability
2016-12-23	squid -- multiple vulnerabilities
2016-12-23	vim -- arbitrary command execution
2016-12-22	cURL -- buffer overflow
	FreeBSD -- Multiple vulnerabilities of ntp
	Joomla! -- multiple vulnerabilities
	Joomla! -- multiple vulnerabilities
	Joomla! -- multiple vulnerabilities
	Joomla! -- multiple vulnerabilities
	Pligg CMS -- XSS Vulnerability
	xen-kernel -- x86 PV guests may be able to mask interrupts
2016-12-21	Apache httpd -- several vulnerabilities
2016-12-20	xen-kernel -- x86: Mishandling of SYSCALL singlestep during emulation
2016-12-16	atheme-services -- multiple vulnerabilities
2016-12-14	mozilla -- multiple vulnerabilities
	wordpress -- multiple vulnerabilities
	xen-kernel -- x86 CMPXCHG8B emulation fails to ignore operand size override
2016-12-12	PHP -- Multiple vulnerabilities
2016-12-09	asterisk -- Authentication Bypass
2016-12-09	asterisk -- Crash on SDP offer or answer from endpoint using Opus
2016-12-06	Apache httpd -- denial of service in HTTP/2
	cryptopp -- multiple vulnerabilities
	FreeBSD -- bhyve(8) virtual machine escape
	FreeBSD -- link_ntoa(3) buffer overflow
	FreeBSD -- Possible login(1) argument injection in telnetd(8)
2016-12-05	chromium -- multiple vulnerabilities
2016-12-04	ImageMagick -- heap overflow vulnerability
	ImageMagick7 -- multiple vulnerabilities
	Pillow -- multiple vulnerabilities
	py-cryptography -- vulnerable HKDF key generation
	qemu -- denial of service vulnerability
	xen-kernel -- CR0.TS and CR0.EM not always honored for x86 HVM guests
	xen-kernel -- guest 32-bit ELF symbol table load leaking host data
	xen-kernel -- use after free in FIFO event channel code
	xen-kernel -- x86 64-bit bit test instruction emulation broken
	xen-kernel -- x86 HVM: Overflow of sh_ctxt->seg_reg[]
	xen-kernel -- x86 null segments not always treated as unusable
	xen-kernel -- x86 segment base write emulation lacking canonical address checks
	xen-kernel -- x86 task switch to VM86 mode mis-handled
	xen-kernel -- x86: Disallow L3 recursive pagetable for 32-bit PV guests
	xen-kernel -- x86: Mishandling of instruction pointer truncation during emulation
	xen-tools -- delimiter injection vulnerabilities in pygrub
	xen-tools -- qemu incautious about shared ring processing
2016-12-01	Mozilla -- SVG Animation Remote Code Execution
2016-12-01	wireshark -- multiple vulnerabilities
2016-11-30	p7zip -- Null pointer dereference
2016-11-30	wget -- Access List Bypass / Race Condition
2016-11-29	libwww -- multiple vulnerabilities
	mozilla -- data: URL can inherit wrong origin after an HTTP redirect
	Roundcube -- arbitrary command execution
	subversion -- Unrestricted XML entity expansion in mod_dontdothat and Subversionclients using http(s)
2016-11-25	Drupal Code -- Multiple Vulnerabilities
2016-11-25	phpMyAdmin -- multiple vulnerabilities
2016-11-24	Remote-Code-Execution vulnerability in mysql and its variants CVE 2016-6662
2016-11-22	ntp -- multiple vulnerabilities
2016-11-21	teeworlds -- Remote code execution
2016-11-16	jenkins -- Remote code execution vulnerability in remoting module
	moodle -- multiple vulnerabilities
	moodle -- multiple vulnerabilities
	mozilla -- multiple vulnerabilities
2016-11-12	lives -- insecure files permissions
2016-11-10	chromium -- multiple vulnerabilities
	flash -- multiple vulnerabilities
	openssl -- multiple vulnerabilities
2016-11-09	gitlab -- Directory traversal via "import/export" feature
2016-11-03	chromium -- out-of-bounds memory access
2016-11-02	BIND -- Remote Denial of Service vulnerability
	cURL -- multiple vulnerabilities
	django -- multiple vulnerabilities
	FreeBSD -- OpenSSL Remote DoS vulnerability
	memcached -- multiple vulnerabilities
2016-11-01	MySQL -- multiple vulnerabilities
2016-10-31	chromium -- multiple vulnerabilities
2016-10-31	chromium -- multiple vulnerabilities
2016-10-29	FreeBSD -- OpenSSH Remote Denial of Service vulnerability
2016-10-28	Axis2 -- Security vulnerabilities on dependency Apache HttpClient
	node.js -- multiple vulnerabilities
	sudo -- Potential bypass of sudo_noexec.so via wordexp()
	urllib3 -- certificate verification failure
2016-10-27	flash -- remote code execution
2016-10-26	node.js -- ares_create_query single byte out of buffer write
2016-10-25	FreeBSD -- bhyve - privilege escalation vulnerability
2016-10-24	flash -- multiple vulnerabilities
2016-10-21	mozilla -- multiple vulnerabilities
2016-10-18	Axis2 -- Cross-site scripting (XSS) vulnerability
2016-10-18	Tor -- remote denial of service
2016-10-12	file-roller -- path traversal vulnerability
	ImageMagick -- multiple vulnerabilities
	mupdf -- multiple vulnerabilities
	openoffice -- information disclosure vulnerability
	VirtualBox -- undisclosed vulnerabilities
2016-10-11	libgd -- integer overflow which could lead to heap buffer overflow
	libvncserver -- multiple security vulnerabilities
	openjpeg -- multiple vulnerabilities
	redis -- sensitive information leak through command history file
2016-10-10	FreeBSD -- Heap overflow vulnerability in bspatch
	FreeBSD -- Multiple libarchive vulnerabilities
	FreeBSD -- Multiple portsnap vulnerabilities
2016-10-09	mkvtoolnix -- code execution via specially crafted files
2016-10-07	X.org libraries -- multiple vulnerabilities
2016-09-30	PHP -- multiple vulnerabilities
2016-09-30	PHP -- multiple vulnerabilities
2016-09-28	BIND -- Remote Denial of Service vulnerability
2016-09-27	django -- CSRF protection bypass on a site with Google Analytics
2016-09-26	OpenSSL -- multiple vulnerabilities
2016-09-22	OpenSSL -- multiple vulnerabilities
2016-09-21	irssi -- heap corruption and missing boundary checks
2016-09-20	mozilla -- multiple vulnerabilities
2016-09-16	chromium -- multiple vulnerabilities
2016-09-15	dropbear -- multiple vulnerabilities
2016-09-14	cURL -- Escape and unescape integer overflows
	h2o -- fix DoS attack vector
	Remote-Code-Execution vulnerability in mysql and its variants CVE 2016-6662
2016-09-13	chromium -- multiple vulnerabilities
	chromium -- multiple vulnerabilities
	mysql -- Remote Root Code Execution
2016-09-09	gnutls -- OCSP validation issue
2016-09-08	asterisk -- Crash on ACK from unknown endpoint
2016-09-08	asterisk -- RTP Resource Exhaustion
2016-09-07	Mozilla -- multiple vulnerabilities
2016-09-06	inspircd -- authentication bypass vulnerability
2016-09-06	mailman -- CSRF hardening in parts of the web interface
2016-09-01	openssh -- sshd -- remote valid user discovery and PAM /bin/login attack
2016-08-29	mailman -- CSRF protection enhancements
2016-08-28	libxml2 -- multiple vulnerabilities
2016-08-27	kdelibs -- directory traversal vulnerability
2016-08-22	eog -- out-of-bounds write
2016-08-21	fontconfig -- insufficiently cache file validation
2016-08-18	End of Life Ports
	gnupg -- attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output
	Rails 4 -- Possible XSS Vulnerability in Action View
	Rails 4 -- Unsafe Query Generation Risk in Active Record
2016-08-17	phpmyadmin -- multiple vulnerabilities
2016-08-15	puppet-agent MCollective plugin -- Remote Code Execution vulnerability
2016-08-14	TeamSpeak Server 3 -- Multiple vulnerabilities including Remote Code Execution
2016-08-11	FreeBSD -- bsnmpd remote denial of service vulnerability
	FreeBSD -- Buffer overflow in keyboard driver
	FreeBSD -- Buffer overflow in stdio
	FreeBSD -- Deadlock in the NFS server
	FreeBSD -- Denial of service attack against sshd(8)
	FreeBSD -- Denial of Service in TCP packet processing
	FreeBSD -- Denial of Service with IPv6 Router Advertisements
	FreeBSD -- devfs rules not applied by default for jails
	FreeBSD -- Heap vulnerability in bspatch
	FreeBSD -- iconv(3) NULL pointer dereference and out-of-bounds array access
	FreeBSD -- Incorrect argument handling in sendmsg(2)
	FreeBSD -- Incorrect argument validation in sysarch(2)
	FreeBSD -- Incorrect error handling in PAM policy parser
	FreeBSD -- Insecure default GELI keyfile permissions
	FreeBSD -- Insecure default snmpd.config permissions
	FreeBSD -- Integer overflow in IGMP protocol
	FreeBSD -- Kernel memory disclosure in control messages and SCTP
	FreeBSD -- Kernel stack disclosure in 4.3BSD compatibility layer
	FreeBSD -- Kernel stack disclosure in Linux compatibility layer
	FreeBSD -- Kernel stack disclosure in setlogin(2) / getlogin(2)
	FreeBSD -- ktrace kernel memory disclosure
	FreeBSD -- Linux compatibility layer incorrect futex handling
	FreeBSD -- Linux compatibility layer issetugid(2) system call
	FreeBSD -- Linux compatibility layer setgroups(2) system call
	FreeBSD -- Local privilege escalation in IRET handler
	FreeBSD -- memory leak in sandboxed namei lookup
	FreeBSD -- Multiple integer overflows in expat (libbsdxml) XML parser
	FreeBSD -- Multiple ntp vulnerabilities
	FreeBSD -- Multiple OpenSSL vulnerabilities
	FreeBSD -- Multiple vulnerabilities in file(1) and libmagic(3)
	FreeBSD -- Remote command execution in ftp(1)
	FreeBSD -- Resource exhaustion due to sessions stuck in LAST_ACK state
	FreeBSD -- Resource exhaustion in TCP reassembly
	FreeBSD -- routed(8) remote denial of service vulnerability
	FreeBSD -- routed(8) remote denial of service vulnerability
	FreeBSD -- rpcbind(8) remote denial of service [REVISED]
	FreeBSD -- rtsold(8) remote buffer overflow vulnerability
	FreeBSD -- SCTP ICMPv6 error message vulnerability
	FreeBSD -- SCTP SCTP_SS_VALUE kernel memory corruption and disclosure
	FreeBSD -- SCTP stream reset vulnerability
	FreeBSD -- sendmail improper close-on-exec flag handling
	FreeBSD -- shell injection vulnerability in patch(1)
	FreeBSD -- shell injection vulnerability in patch(1)
	FreeBSD -- TCP MD5 signature denial of service
	FreeBSD -- TCP reassembly vulnerability
	PostgreSQL -- Denial-of-Service and Code Injection Vulnerabilities
2016-08-10	BIND,Knot,NSD,PowerDNS -- denial over service via oversized zone transfers
2016-08-09	FreeBSD -- Incorrect privilege validation in the NFS server
	FreeBSD -- integer overflow in IP_MSFILTER
	FreeBSD -- Kernel memory disclosure in sctp(4)
	piwik -- XSS vulnerability
2016-08-06	bind -- denial of service vulnerability
	moodle -- multiple vulnerabilities
	wireshark -- multiple vulnerabilities
2016-08-05	collectd -- Network plugin heap overflow
2016-08-04	gd -- multiple vulnerabilities
	p5-XSLoader -- local arbitrary code execution
	perl -- local arbitrary code execution
	Vulnerabilities in Curl
2016-08-03	lighttpd - multiple vulnerabilities
2016-08-02	xen-kernel -- x86: Missing SMAP whitelisting in 32-bit exception / event delivery
	xen-kernel -- x86: Privilege escalation in PV guests
	xen-tools -- virtio: unbounded memory allocation issue
2016-07-31	libidn -- multiple vulnerabilities
2016-07-26	php -- multiple vulnerabilities
2016-07-26	xercesi-c3 -- multiple vulnerabilities
2016-07-22	chromium -- multiple vulnerabilities
2016-07-21	Apache OpenOffice 4.1.2 -- Memory Corruption Vulnerability (Impress Presentations)
	krb5 -- KDC denial of service vulnerability
	MySQL -- Multiple vulnerabilities
2016-07-19	The GIMP -- Use after Free vulnerability
2016-07-18	typo3 -- Missing access check in Extbase
2016-07-16	atutor -- multiple vulnerabilities
	atutor -- multiple vulnerabilities
	flash -- multiple vulnerabilities
2016-07-15	libreoffice -- use-after-free vulnerability
	p7zip -- heap overflow vulnerability
	p7zip -- out-of-bounds read vulnerability
	tiff -- buffer overflow
2016-07-13	samba -- client side SMB2/3 required signing can be downgraded
2016-07-08	ruby-saml -- XML signature wrapping attack
2016-07-07	quassel -- remote denial of service
2016-07-05	apache24 -- X509 Client certificate based authentication can be bypassed when HTTP/2 is used
2016-07-04	wireshark -- multiple vulnerabilities
	xen-kernel -- x86 shadow pagetables: address width overflow
	xen-kernel -- x86 software guest page walk PS bit handling flaw
	xen-tools -- QEMU: Banked access to VGA memory (VBE) uses inconsistent bounds checks
	xen-tools -- Unrestricted qemu logging
	xen-tools -- Unsanitised driver domain input in libxl device handling
	xen-tools -- Unsanitised guest input in libxl device handling code
2016-07-03	hive -- authorization logic vulnerability
	icingaweb2 -- remote code execution
	moodle -- multiple vulnerabilities
	Python -- smtplib StartTLS stripping vulnerability
	SQLite3 -- Tempdir Selection Vulnerability
2016-07-01	phpMyAdmin -- multiple vulnerabilities
2016-06-30	dnsmasq -- denial of service
	expat2 -- denial of service
	haproxy -- denial of service
	libtorrent-rasterbar -- denial of service
	openssl -- denial of service
	Python -- HTTP Header Injection in Python urllib
2016-06-26	Apache Commons FileUpload -- denial of service (DoS) vulnerability
2016-06-25	php -- multiple vulnerabilities
2016-06-25	wordpress -- multiple vulnerabilities
2016-06-23	libarchive -- multiple vulnerabilities
2016-06-23	piwik -- XSS vulnerability
2016-06-21	wget -- HTTP to FTP redirection file name confusion vulnerability
2016-06-20	libxslt -- Denial of Service
2016-06-19	flash -- multiple vulnerabilities
	flash -- multiple vulnerabilities
	flash -- multiple vulnerabilities
2016-06-17	chromium -- multiple vulnerabilities
	drupal -- multiple vulnerabilities
	Python -- Integer overflow in zipimport module
2016-06-14	botan -- cryptographic vulnerability
2016-06-14	botan -- multiple vulnerabilities
2016-06-11	VLC -- Possibly remote code execution via crafted file
2016-06-10	roundcube -- XSS vulnerability
2016-06-09	expat -- multiple vulnerabilities
2016-06-09	OpenSSL -- vulnerability in DSA signing
2016-06-08	iperf3 -- buffer overflow
2016-06-07	gnutls -- file overwrite by setuid programs
	mozilla -- multiple vulnerabilities
	NSS -- multiple vulnerabilities
2016-06-06	chromium -- multiple vulnerabilities
2016-06-05	ikiwiki -- XSS vulnerability
	openafs -- local DoS vulnerability
	openafs -- multiple vulnerabilities
2016-06-01	h2o -- use after free on premature connection close
2016-05-31	nginx -- a specially crafted request might result in worker process crash
2016-05-29	openvswitch -- MPLS buffer overflow
2016-05-28	cacti -- multiple vulnerabilities
	chromium -- multiple vulnerabilities
	chromium -- multiple vulnerabilities
	chromium -- multiple vulnerabilities
	php -- multiple vulnerabilities
2016-05-25	phpmyadmin -- XSS and sensitive data leakage
2016-05-24	mediawiki -- multiple vulnerabilities
2016-05-20	expat -- denial of service vulnerability on malformed input
2016-05-20	hostapd and wpa_supplicant -- psk configuration parameter update allowing arbitrary data to be written
2016-05-17	Bugzilla security issues
2016-05-14	OpenVPN -- Buffer overflow in PAM authentication and DoS through port sharing
2016-05-13	imagemagick -- buffer overflow
2016-05-12	jenkins -- multiple vulnerabilities
2016-05-10	perl5 -- taint mechanism bypass vulnerability
2016-05-10	wordpress -- multiple vulnerabilities
2016-05-09	libarchive -- RCE vulnerability
2016-05-07	squid -- multiple vulnerabilities
2016-05-06	ImageMagick -- multiple vulnerabilities
2016-05-04	jansson -- local denial of service vulnerabilities
2016-05-03	gitlab -- privilege escalation via "impersonate" feature
	libksba -- local denial of service vulnerabilities
	OpenSSL -- multiple vulnerabilities
	php -- multiple vulnerabilities
2016-05-02	wireshark -- multiple vulnerabilities
2016-05-01	mercurial -- arbitrary code execution vulnerability
2016-04-30	MySQL -- multiple vulnerabilities
2016-04-28	logstash -- password disclosure vulnerability
2016-04-28	subversion -- multiple vulnerabilities
2016-04-27	ntp -- multiple vulnerabilities
2016-04-26	mozilla -- multiple vulnerabilities
2016-04-23	phpmyfaq -- cross-site request forgery vulnerability
2016-04-21	libtasn1 -- denial of service parsing malicious DER certificates
2016-04-21	squid -- multiple vulnerabilities
2016-04-20	ansible -- use of predictable paths in lxc_container
2016-04-20	proftpd -- vulnerability in mod_tls
2016-04-19	chromium -- multiple vulnerabilities
2016-04-19	hostapd and wpa_supplicant -- multiple vulnerabilities
2016-04-17	dhcpcd -- remote code execution/denial of service
2016-04-17	dhcpcd -- remote code execution/denial of service
2016-04-15	asterisk -- Long Contact URIs in REGISTER requests can crash Asterisk
2016-04-15	PJSIP -- TCP denial of service in PJProject
2016-04-14	go -- remote denial of service
2016-04-12	samba -- multiple vulnerabilities
2016-04-03	moodle -- multiple vulnerabilities
	pcre -- heap overflow vulnerability
	php -- multiple vulnerabilities
	py-djblets -- Self-XSS vulnerability
2016-04-02	squid -- multiple vulnerabilities
2016-03-31	Botan BER Decoder vulnerabilities
	flash -- multiple vulnerabilities
	Multiple vulnerabilities in Botan
	PostgreSQL -- minor security problems.
2016-03-29	chromium -- multiple vulnerabilities
	chromium -- multiple vulnerabilities
	mercurial -- multiple vulnerabilities
2016-03-28	bind -- denial of service vulnerability
	bind -- denial of service vulnerability
	bind -- denial of service vulnerability
2016-03-27	salt -- Insecure configuration of PAM external authentication service
2016-03-25	activemq -- Unsafe deserialization
	activemq -- Web Console Clickjacking
	activemq -- Web Console Cross-Site Scripting
2016-03-21	pcre -- stack buffer overflow
2016-03-19	hadoop2 -- unauthorized disclosure of data vulnerability
2016-03-19	kamailio -- SEAS Module Heap overflow
2016-03-18	git -- integer overflow
2016-03-17	git -- potential code execution
2016-03-14	dropbear -- authorized_keys command= bypass
2016-03-14	node -- multiple vulnerabilities
2016-03-13	jpgraph2 -- XSS vulnerability
	php5 -- multiple vulnerabilities
	php7 -- multiple vulnerabilities
2016-03-11	openssh -- command injection when X11Forwarding is enabled
2016-03-10	pidgin-otr -- use after free
	quagga -- stack based buffer overflow vulnerability
	ricochet -- information disclosure
2016-03-09	libotr -- integer overflow
2016-03-08	brotli -- buffer overflow
	django -- multiple vulnerabilities
	graphite2 -- multiple vulnerabilities
	mozilla -- multiple vulnerabilities
	NSS -- multiple vulnerabilities
	NSS -- multiple vulnerabilities
	wordpress -- multiple vulnerabilities
2016-03-07	PuTTY - old-style scp downloads may allow remote code execution
2016-03-06	rails -- multiple vulnerabilities
	websvn -- information disclosure
	websvn -- reflected cross-site scripting
2016-03-05	chromium -- multiple vulnerabilities
2016-03-05	libssh -- weak Diffie-Hellman secret generation
2016-03-02	cacti -- multiple vulnerabilities
2016-03-02	exim -- local privillege escalation
2016-03-01	phpmyadmin -- multiple XSS and a man-in-the-middle vulnerability
	wireshark -- multiple vulnerabilities
	wireshark -- multiple vulnerabilities
2016-02-28	django -- regression in permissions model
	moodle -- multiple vulnerabilities
	tomcat -- multiple vulnerabilities
	tomcat -- multiple vulnerabilities
	xen-kernel -- PV superpage functionality missing sanity checks
	xen-kernel -- VMX: guest user mode may crash guest with non-canonical RIP
	xen-kernel -- VMX: intercept issue with INVLPG on non-canonical address
	xerces-c3 -- Parser Crashes on Malformed Input
2016-02-26	giflib -- heap overflow
2016-02-26	pitivi -- code execution
2016-02-25	drupal -- multiple vulnerabilities
2016-02-25	jenkins -- multiple vulnerabilities
2016-02-24	squid -- remote DoS in HTTP response processing
2016-02-21	bsh -- remote code execution vulnerability
2016-02-21	libsrtp -- DoS via crafted RTP header vulnerability
2016-02-20	jasper -- multiple vulnerabilities
2016-02-18	chromium -- same origin bypass
	glibc -- getaddrinfo stack-based buffer overflow
	squid -- SSL/TLS processing remote DoS
2016-02-17	adminer -- remote code execution
	adminer -- XSS vulnerability
	adminer -- XSS vulnerability
	adminer -- XSS vulnerability
2016-02-16	libgcrypt -- side-channel attack on ECDH
2016-02-16	xdelta3 -- buffer overflow vulnerability
2016-02-15	firefox -- Same-origin-policy violation using Service Workers with plugins
2016-02-14	horde -- XSS vulnerabilities
2016-02-13	nghttp2 -- Out of memory in nghttpd, nghttp, and libnghttp2_asio
2016-02-12	PostgreSQL -- Security Fixes for Regular Expressions, PL/Java.
2016-02-10	dnscrypt-proxy -- code execution
2016-02-10	flash -- multiple vulnerabilities
2016-02-09	chromium -- multiple vulnerabilities
	graphite2 -- code execution vulnerability
	php -- multiple vulnerabilities
	py-imaging, py-pillow -- Buffer overflow in FLI decoding code
	py-imaging, py-pillow -- Buffer overflow in PCD decoder
	py-pillow -- Buffer overflow in TIFF decoding code
	py-pillow -- Integer overflow in Resample.c
	xymon-server -- multiple vulnerabilities
2016-02-06	ffmpeg -- remote denial of service in JPEG2000 decoder
2016-02-05	shotwell -- not verifying certificates
2016-02-04	asterisk -- Multiple vulnerabilities
	py-rsa -- Bleichenbacher'06 signature forgery vulnerability
	webkit -- UI spoof
2016-02-03	salt -- code execution
2016-02-02	rails -- multiple vulnerabilities
2016-02-01	gdcm -- multiple vulnerabilities
	mozilla -- multiple vulnerabilities
	socat -- diffie hellman parameter was not prime
2016-01-30	nginx -- multiple vulnerabilities
2016-01-29	nghttp2 -- use after free
	owncloud -- multiple vulnerabilities
	radicale -- multiple vulnerabilities
	typo3 -- multiple vulnerabilities
2016-01-28	openssl -- multiple vulnerabilities
	phpmyadmin -- Full path disclosure vulnerability in SQL parser
	phpmyadmin -- Insecure password generation in JavaScript
	phpmyadmin -- Multiple full path disclosure vulnerabilities
	phpmyadmin -- Multiple full path disclosure vulnerabilities
	phpmyadmin -- Multiple XSS vulnerabilities
	phpmyadmin -- Unsafe comparison of XSRF/CSRF token
	phpmyadmin -- Unsafe generation of XSRF/CSRF token
	phpmyadmin -- XSS vulnerability in normalization page
	phpmyadmin -- XSS vulnerability in SQL editor
	prosody -- user impersonation vulnerability
2016-01-27	curl -- Credentials not checked
2016-01-26	privoxy -- malicious server spoofing as proxy vulnerability
	privoxy -- multiple vulnerabilities
	privoxy -- multiple vulnerabilities
	privoxy -- multiple vulnerabilities
	sudo -- potential privilege escalation via symlink misconfiguration
	wordpress -- XSS vulnerability
2016-01-22	bind -- denial of service vulnerability
2016-01-22	imlib2 -- denial of service vulnerabilities
2016-01-21	chromium -- multiple vulnerabilities
2016-01-21	ntp -- multiple vulnerabilities
2016-01-20	bind -- denial of service vulnerability
2016-01-20	cgit -- multiple vulnerabilities
2016-01-19	claws-mail -- no bounds checking on the output buffer in conv_jistoeuc, conv_euctojis, conv_sjistoeuc
2016-01-18	go -- information disclosure vulnerability
2016-01-18	libarchive -- multiple vulnerabilities
2016-01-17	ffmpeg -- remote attacker can access local files
2016-01-17	libproxy -- stack-based buffer overflow
2016-01-15	h2o -- directory traversal vulnerability
2016-01-14	openssh -- information disclosure
2016-01-14	prosody -- multiple vulnerabilities
2016-01-13	kibana4 -- XSS vulnerability
2016-01-12	isc-dhcpd -- Denial of Service
2016-01-12	p5-PathTools -- File::Spec::canonpath loses taint
2016-01-11	php -- multiple vulnerabilities
2016-01-09	pygments -- shell injection vulnerability
2016-01-08	dhcpcd -- multiple vulnerabilities
	librsync -- collision vulnerability
	ntp -- denial of service vulnerability
	polkit -- multiple vulnerabilities
2016-01-07	mbedTLS/PolarSSL -- SLOTH attack on TLS 1.2 server authentication
2016-01-06	xen-kernel -- information leak in legacy x86 FPU/XMM initialization
	xen-kernel -- ioreq handling possibly susceptible to multiple read issue
	xen-kernel -- XENMEM_exchange error handling issues
	xen-tools -- libxl leak of pv kernel and initrd on error
2016-01-05	cacti -- SQL injection vulnerabilities
	tiff -- out-of-bounds read in CIE Lab image format
	tiff -- out-of-bounds read in tif_getimage.c
	wolfssl -- DDoS amplification in DTLS
	wolfssl -- leakage of private key information
2016-01-04	kea -- unexpected termination while handling a malformed packet
2016-01-04	unzip -- multiple vulnerabilities
2016-01-03	mini_httpd -- buffer overflow via snprintf
	qemu -- denial of service vulnerabilities in eepro100 NIC support
	qemu -- denial of service vulnerability in Human Monitor Interface support
	qemu -- denial of service vulnerability in MegaRAID SAS HBA emulation
	qemu -- denial of service vulnerability in MSI-X support
	qemu -- denial of service vulnerability in Q35 chipset emulation
	qemu -- denial of service vulnerability in Rocker switch emulation
	qemu -- denial of service vulnerability in USB EHCI emulation support
	qemu -- denial of service vulnerability in VMWARE VMXNET3 NIC support
	qemu -- denial of service vulnerability in VNC
	qemu and xen-tools -- denial of service vulnerabilities in AMD PC-Net II NIC support
2016-01-02	qemu -- denial of service vulnerabilities in NE2000 NIC support
	qemu -- denial of service vulnerability in e1000 NIC support
	qemu -- denial of service vulnerability in IDE disk/CD/DVD-ROM emulation
	qemu -- denial of service vulnerability in virtio-net support
	qemu -- denial of service vulnerability in VNC
2016-01-01	qemu -- buffer overflow vulnerability in virtio-serial message exchanges
	qemu -- buffer overflow vulnerability in VNC
	qemu -- code execution on host machine
	qemu -- stack buffer overflow while parsing SCSI commands
2015-12-31	mono -- DoS and code execution
2015-12-29	flash -- multiple vulnerabilities
2015-12-29	inspircd -- DoS
2015-12-28	ffmpeg -- multiple vulnerabilities
2015-12-28	NSS -- MD5 downgrade in TLS 1.2 signatures
2015-12-26	phpMyAdmin -- path disclosure vulnerability
2015-12-25	dpkg -- stack-based buffer overflow
2015-12-24	mantis -- information disclosure vulnerability
2015-12-24	mediawiki -- multiple vulnerabilities
2015-12-23	Bugzilla security issues
2015-12-23	Ruby -- unsafe tainted string vulnerability
2015-12-22	librsvg2 -- denial of service vulnerability
2015-12-22	librsvg2 -- denial of service vulnerability
2015-12-20	libvirt -- ACL bypass using ../ to access beyond storage pool
2015-12-19	samba -- multiple vulnerabilities
2015-12-18	chromium -- multiple vulnerabilities
2015-12-18	quassel -- remote denial of service
2015-12-17	cups-filters -- code execution
	cups-filters -- code execution
	joomla -- multiple vulnerabilities
	py-amf -- input sanitization errors
2015-12-16	bind -- multiple vulnerabilities
2015-12-15	java -- multiple vulnerabilities
	mozilla -- multiple vulnerabilities
	subversion -- multiple vulnerabilities
2015-12-13	chromium -- multiple vulnerabilities
2015-12-13	freeimage -- multiple integer overflows
2015-12-10	redmine -- CSRF protection bypass
	redmine -- information leak vulnerability
	redmine -- information leak vulnerability
	redmine -- multiple vulnerabilities
	redmine -- multiple vulnerabilities
	redmine -- open redirect vulnerability
	redmine -- open redirect vulnerability
	redmine -- potential XSS vulnerability
	redmine -- XSS vulnerability
2015-12-09	jenkins -- multiple vulnerabilities
2015-12-08	flash -- multiple vulnerabilities
	KeePassX -- information disclosure
	libressl -- NULL pointer dereference
2015-12-07	libraw -- index overflow in smal_decode_segment
	libraw -- memory objects not properly initialized
	passenger -- client controlled header overwriting
	Salt -- information disclosure
2015-12-05	openssl -- multiple vulnerabilities
2015-12-03	PHPmailer -- SMTP injection vulnerability
2015-12-02	chromium -- multiple vulnerabilities
	ffmpeg -- multiple vulnerabilities
	piwik -- multiple vulnerabilities
2015-12-01	cyrus-imapd -- integer overflow in the start_octet addition
2015-11-30	django -- information leak vulnerability
2015-11-22	a2ps -- format string vulnerability
2015-11-22	kibana4 -- CSRF vulnerability
2015-11-20	libxml2 -- multiple vulnerabilities
2015-11-20	libxslt -- DoS vulnerability due to type confusing error
2015-11-19	mozilla -- multiple vulnerabilities
2015-11-18	gdm -- lock screen bypass when holding escape key
2015-11-16	moodle -- multiple vulnerabilities
	strongswan -- authentication bypass vulnerability in the eap-mschapv2 plugin
	xen-kernel -- CPU lockup during exception delivery
2015-11-15	libpng buffer overflow in png_set_PLTE
2015-11-14	flash -- multiple vulnerabilities
2015-11-11	chromium -- multiple vulnerabilities
	jenkins -- remote code execution via unsafe deserialization
	MySQL - Multiple vulnerabilities
	owncloudclient -- Improper validation of certificates when using self-signed certificates
	p5-HTML-Scrubber -- XSS vulnerability
	xen-kernel -- leak of main per-domain vcpu pointer array
	xen-kernel -- leak of per-domain profiling-related vcpu pointer array
	xen-kernel -- Long latency populate-on-demand operation is not preemptible
	xen-kernel -- some pmu and profiling hypercalls log without rate limiting
	xen-kernel -- Uncontrolled creation of large page mappings by PV guests
	xen-tools -- libxl fails to honour readonly flag on disks with qemu-xen
	xen-tools -- populate-on-demand balloon size inaccuracy can crash guests
2015-11-10	libvpx -- buffer overflow in vp9_init_context_buffers
2015-11-09	powerdns -- Denial of Service
2015-11-09	PuTTY -- memory corruption in terminal emulator's erase character handling
2015-11-05	OpenOffice 4.1.1 -- multiple vulnerabilities
2015-11-01	codeigniter -- multiple vulnerabilities
2015-10-28	openafs -- information disclosure
2015-10-27	xscreensaver - lock bypass
2015-10-26	lldpd -- Buffer overflow/Denial of service
2015-10-25	Joomla! -- Core - ACL Violation vulnerabilities
	Joomla! -- Core - CSRF Protection vulnerabilities
	Joomla! -- Core - Open Redirect vulnerability
	Joomla! -- Core - Remote File Execution/Denial of Service vulnerabilities
	Joomla! -- Core - SQL Injection/ACL Violation vulnerabilities
	Joomla! -- Core - Unauthorized Login vulnerability
	Joomla! -- Core - XSS Vulnerability
	Joomla! -- Core - XSS Vulnerability
	wireshark -- Pcapng file parser crash
2015-10-24	drupal -- open redirect vulnerability
2015-10-23	mediawiki -- multiple vulnerabilities
2015-10-23	phpMyAdmin -- Content spoofing vulnerability
2015-10-21	ntp -- 13 low- and medium-severity vulnerabilities
2015-10-20	codeigniter -- multiple XSS vulnerabilities
2015-10-19	Git -- Execute arbitrary code
2015-10-17	Salt -- multiple vulnerabilities
2015-10-16	firefox -- Cross-origin restriction bypass using Fetch
	flash -- remote code execution
	LibreSSL -- Memory leak and buffer overflow
2015-10-15	mbedTLS/PolarSSL -- DoS and possible remote code execution
2015-10-14	flash -- multiple vulnerabilities
	magento -- multiple vulnerabilities
	miniupnpc -- buffer overflow
	pear-twig -- remote code execution
2015-10-13	chromium -- multiple vulnerabilities
2015-10-10	devel/ipython -- multiple vulnerabilities
2015-10-10	p5-UI-Dialog -- shell command execution vulnerability
2015-10-08	PostgreSQL -- minor security problems.
2015-10-06	mbedTLS/PolarSSL -- multiple vulnerabilities
	mbedTLS/PolarSSL -- multiple vulnerabilities
	OpenSMTPD -- multiple vulnerabilities
	ZendFramework1 -- SQL injection vulnerability
2015-10-05	gdk-pixbuf2 -- head overflow and DoS
2015-10-05	plone -- multiple vulnerabilities
2015-10-04	OpenSMTPD -- multiple vulnerabilities
2015-10-04	php -- multiple vulnerabilities
2015-10-01	james -- multiple vulnerabilities
2015-09-30	otrs -- Scheduler Process ID File Access
2015-09-28	codeigniter -- multiple vulnerabilities
	codeigniter -- multiple vulnerabilities
	codeigniter -- mysql database driver vulnerability
	codeigniter -- SQL injection vulnerability
	codeigniter -- SQL injection vulnerability
	flash -- multiple vulnerabilities
2015-09-27	chromium -- multiple vulnerabilities
2015-09-22	libssh2 -- denial of service vulnerability
2015-09-22	mozilla -- multiple vulnerabilities
2015-09-20	ffmpeg -- multiple vulnerabilities
2015-09-18	moodle -- multiple vulnerabilities
	remind -- buffer overflow with malicious reminder file input
	squid -- TLS/SSL parser denial of service vulnerability
2015-09-17	openjpeg -- use-after-free vulnerability
	openslp -- denial of service vulnerability
	optipng -- use-after-free vulnerability
	shutter -- arbitrary code execution
2015-09-16	h2o -- directory traversal vulnerability
2015-09-16	p7zip -- directory traversal vulnerability
2015-09-15	wordpress -- multiple vulnerabilities
2015-09-14	Bugzilla security issues
2015-09-12	openldap -- denial of service vulnerability
2015-09-09	pgbouncer -- failed auth_query lookup leads to connection as auth_user
2015-09-09	vorbis-tools, opus-tools -- multiple vulnerabilities
2015-09-08	ganglia-webfrontend -- auth bypass
	libvncserver -- memory corruption
	php -- multiple vulnerabilities
	phpMyAdmin -- reCaptcha bypass
	screen -- stack overflow
	wireshark -- multiple vulnerabilities
2015-09-04	gdk-pixbuf2 -- integer overflows
2015-09-03	bind -- denial of service vulnerability
2015-09-03	bind -- denial of service vulnerability
2015-09-02	chromium -- multiple vulnerabilities
2015-09-02	powerdns -- denial of service
2015-09-01	ffmpeg -- out-of-bounds array access
	ffmpeg -- use-after-free
	ghostscript -- denial of service (crash) via crafted Postscript files
2015-08-29	graphviz -- format string vulnerability
2015-08-28	mozilla -- multiple vulnerabilities
2015-08-25	go -- multiple vulnerabilities
	libtremor -- memory corruption
	libtremor -- multiple vulnerabilities
2015-08-24	pcre -- heap overflow vulnerability
2015-08-22	drupal -- multiple vulnerabilities
2015-08-21	OpenSSH -- PAM vulnerabilities
	OpenSSH -- PermitRootLogin may allow password connections with 'without-password'
	tarsnap -- buffer overflow and local DoS
2015-08-20	libpgf -- use-after-free
2015-08-20	vlc -- arbitrary pointer dereference vulnerability
2015-08-19	gdk-pixbuf2 -- heap overflow and DoS
2015-08-18	django -- multiple vulnerabilities
	freexl -- integer overflow
	freexl -- multiple vulnerabilities
	jasper -- multiple vulnerabilities
	unreal -- denial of service
2015-08-17	mod_jk -- information disclosure
	php5 -- multiple vulnerabilities
	qemu, xen-tools -- QEMU leak of uninitialized heap memory in rtl8139 device model
	qemu, xen-tools -- use-after-free in QEMU/Xen block unplug protocol
2015-08-14	freeradius3 -- insufficient validation on packets
	gnutls -- double free in certificate DN decoding
	gnutls -- MD5 downgrade in TLS signatures
	mediawiki -- multiple vulnerabilities
2015-08-13	froxlor -- database password information leak
2015-08-12	Adobe Flash Player -- critical vulnerabilities
	libvpx -- out-of-bounds write
	py-foolscap -- local file inclusion
	RT -- two XSS vulnerabilities
2015-08-11	libvpx -- multiple buffer overflows
2015-08-11	mozilla -- multiple vulnerabilities
2015-08-10	lighttpd -- Log injection vulnerability in mod_auth
2015-08-10	pcre -- heap overflow vulnerability in '(?\|' situations
2015-08-07	mozilla -- multiple vulnerabilities
2015-08-06	subversion -- multiple vulnerabilities
2015-08-06	wordpress -- Multiple vulnerability
2015-08-05	elasticsearch -- directory traversal attack via snapshot API
2015-08-05	elasticsearch -- remote code execution via transport protocol
2015-08-04	qemu, xen-tools -- QEMU heap overflow flaw with certain ATAPI commands
2015-07-31	net-snmp -- snmp_pdu_parse() function incomplete initialization
2015-07-31	net-snmp -- snmptrapd crash
2015-07-28	bind -- denial of service vulnerability
2015-07-27	logstash -- SSL/TLS vulnerability with Lumberjack input
2015-07-27	OpenSSH -- MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices
2015-07-25	chromium -- multiple vulnerabilities
2015-07-23	libidn -- out-of-bounds read issue with invalid UTF-8 input
	shibboleth-sp -- DoS vulnerability
	sox -- input sanitization errors
	sox -- memory corruption vulnerabilities
	wordpress -- XSS vulnerability
2015-07-22	gdk-pixbuf2 -- heap overflow and DoS affecting Firefox and other programs
2015-07-20	cacti -- Multiple XSS and SQL injection vulnerabilities
2015-07-18	moodle -- multiple vulnerabilities
2015-07-18	php-phar -- multiple vulnerabilities
2015-07-17	apache22 -- chunk header parsing defect
2015-07-16	groovy -- remote execution of untrusted code
	libav -- divide by zero
	mozilla -- multiple vulnerabilities
	zenphoto -- multiple vulnerabilities
2015-07-15	apache24 -- multiple vulnerabilities
	libwmf -- multiple vulnerabilities
	PolarSSL -- Security Fix Backports
2015-07-14	Adobe Flash Player -- critical vulnerabilities
2015-07-13	devel/ipython -- CSRF possible remote execution vulnerability
	freeradius -- insufficient CRL application vulnerability
	mysql -- SSL Downgrade
	php -- arbitrary code execution
	php -- use-after-free vulnerability
	php -- use-after-free vulnerability
2015-07-11	pivotx -- cross-site scripting (XSS) vulnerability
	pivotx -- Multiple unrestricted file upload vulnerabilities
	xen-kernel -- arm: vgic-v2: GICD_SGIR is not properly emulated
	xen-kernel -- arm: vgic: incorrect rate limiting of guest triggered logging
	xen-kernel -- Certain domctl operations may be abused to lock up the host
	xen-kernel -- GNTTABOP_swap_grant_ref operation misbehavior
	xen-kernel -- Hypervisor memory corruption due to x86 emulator flaw
	xen-kernel -- Information leak through version information hypercall
	xen-kernel -- Information leak through XEN_DOMCTL_gettscinfo
	xen-kernel -- Information leak via internal x86 system device emulation
	xen-kernel -- vulnerability in the iret hypercall handler
	xen-kernel and xen-tools -- Long latency MMIO mapping operations are not preemptible
	xen-tools -- Guest triggerable qemu MSI-X pass-through error messages
	xen-tools -- HVM qemu unexpectedly enabling emulated VGA graphics backends
	xen-tools -- PCI MSI mask bits inadvertently exposed to guests
	xen-tools -- Potential unintended writes to host MSI message data field via qemu
	xen-tools -- Unmediated PCI command register access in qemu
	xen-tools -- Unmediated PCI register access in qemu
	xen-tools -- xl command line config handling stack overflow
2015-07-09	django -- multiple vulnerabilities
	openssl -- alternate chains certificate forgery vulnerability
	wpa_supplicant -- WPS_NFC option payload length validation vulnerability
2015-07-08	Adobe Flash Player -- critical vulnerabilities
2015-07-07	bind -- denial of service vulnerability
	haproxy -- information leak vulnerability
	roundcube -- multiple vulnerabilities
2015-07-06	bitcoin -- denial of service
	node, iojs, and v8 -- denial of service
	squid -- client-first SSL-bump does not correctly validate X509 server certificate
	squid -- Improper Protection of Alternate Path with CONNECT requests
2015-07-03	cups-filters -- texttopdf integer overflow
2015-07-02	ansible -- code execution from compromised remote host data or untrusted local data
	ansible -- enable host key checking in paramiko connection type
	ansible -- local symlink exploits
	ansible -- multiple vulnerabilities
	ansible -- multiple vulnerabilities
	ansible -- remote code execution vulnerability
	turnserver -- SQL injection vulnerability
2015-07-01	libxml2 -- Enforce the reader to run in constant memory
2015-07-01	wesnoth -- disclosure of .pbl files with lowercase, uppercase, and mixed-case extension
2015-06-30	ntp -- control message remote Denial of Service vulnerability
2015-06-29	cups-filters -- buffer overflow in texttopdf size allocation
2015-06-29	pcre -- Heap Overflow Vulnerability in find_fixedlength()
2015-06-26	elasticsearch -- cross site scripting vulnerability in the CORS functionality
	elasticsearch -- directory traversal attack with site plugins
	elasticsearch -- remote OS command execution via Groovy scripting engine
	elasticsearch -- security fix for shared file-system repositories
	elasticsearch and logstash -- remote OS command execution via dynamic scripting
	qemu -- Heap overflow in QEMU PCNET controller, allowing guest to host escape (CVE-2015-3209)
2015-06-24	Adobe Flash Player -- critical vulnerabilities
	logstash -- Directory traversal vulnerability in the file output plugin
	logstash -- Remote command execution in Logstash zabbix and nagios_nsca outputs
	logstash-forwarder and logstash -- susceptibility to POODLE vulnerability
2015-06-23	php5 -- multiple vulnerabilities
2015-06-23	rubygem-bson -- DoS and possible injection
2015-06-22	chicken -- buffer overrun in substring-index[-ci]
	chicken -- Potential buffer overrun in string-translate*
	devel/ipython -- remote execution
	rubygem-paperclip -- validation bypass vulnerability
	www/chromium -- multiple vulnerabilities
2015-06-21	cacti -- multiple security vulnerabilities
2015-06-21	cacti -- Multiple XSS and SQL injection vulnerabilities
2015-06-20	p5-Dancer -- possible to abuse session cookie values
2015-06-19	drupal -- multiple vulnerabilities
2015-06-17	cURL -- Multiple Vulnerability
2015-06-17	rubygem-rails -- multiple vulnerabilities
2015-06-16	testdisk -- buffer overflow with malicious disk image
2015-06-16	tomcat -- multiple vulnerabilities
2015-06-12	security/ossec-hids-* -- root escalation via syscheck feature
2015-06-11	Adobe Flash Player -- critical vulnerabilities
2015-06-11	openssl -- multiple vulnerabilities
2015-06-10	libzmq4 -- V3 protocol handler vulnerable to downgrade attacks
2015-06-10	pgbouncer -- remote denial of service
2015-06-09	cups -- multiple vulnerabilities
	strongswan -- Denial-of-service and potential remote code execution vulnerability
	strongswan -- Information Leak Vulnerability
2015-06-08	redis -- EVAL Lua Sandbox Escape
2015-06-08	tidy -- heap-buffer-overflow
2015-06-04	pcre -- multiple vulnerabilities
2015-06-02	ffmpeg -- multiple vulnerabilities
2015-06-01	avidemux26 -- multiple vulnerabilities in bundled FFmpeg
2015-06-01	hostapd and wpa_supplicant -- multiple vulnerabilities
2015-05-31	cabextract -- directory traversal with UTF-8 symbols in filenames
	django -- Fixed session flushing in the cached_db backend
	libmspack -- frame_end overflow which could cause infinite loop
	rest-client -- plaintext password disclosure
	rest-client -- session fixation vulnerability
2015-05-29	proxychains-ng -- current path as the first directory for the library search path
2015-05-28	krb5 -- requires_preauth bypass in PKINIT-enabled KDC
2015-05-28	wireshark -- multiple vulnerabilities
2015-05-26	cURL -- multiple vulnerabilities
2015-05-26	cURL -- sensitive HTTP server headers also sent to proxies
2015-05-24	cassandra -- remote execution of arbitrary code
2015-05-24	py-salt -- potential shell injection vulnerabilities
2015-05-23	davmail -- fix potential CVE-2014-3566 vulnerability (POODLE)
	dnsmasq -- data exposure and denial of service
	dnsmasq -- remotely exploitable buffer overflow in release candidate
2015-05-22	pcre -- multiple vulnerabilities
	php -- multiple vulnerabilities
	PostgreSQL -- minor security problems.
2015-05-20	proftpd -- arbitrary code execution vulnerability with chroot
2015-05-19	chromium -- multiple vulnerabilities
	clamav -- multiple vulnerabilities
	ipsec-tools -- Memory leak leading to denial of service
2015-05-17	qemu, xen and VirtualBox OSE -- possible VM escape and code execution ("VENOM")
2015-05-17	rubygems -- request hijacking vulnerability
2015-05-16	Quassel IRC -- SQL injection vulnerability
2015-05-15	dcraw -- integer overflow condition
2015-05-14	rubygem-redcarpet -- XSS vulnerability
2015-05-13	Adobe Flash Player -- critical vulnerabilities
2015-05-13	phpMyAdmin -- XSRF and man-in-the-middle vulnerabilities
2015-05-12	mozilla -- multiple vulnerabilities
2015-05-12	suricata -- TLS/DER Parser Bug (DoS)
2015-05-10	libssh -- null pointer dereference
2015-05-07	Vulnerability in HWP document filter
	wordpress -- 2 cross-site scripting vulnerabilities
	wordpress -- cross-site scripting vulnerability
2015-05-01	powerdns -- Label decompression bug can cause crashes or CPU spikes
2015-04-28	chromium -- multiple vulnerabilities
2015-04-27	chromium -- multiple vulnerabilities
2015-04-25	Several vulnerabilities found in PHP
2015-04-25	wpa_supplicant -- P2P SSID processing vulnerability
2015-04-24	wordpress -- multiple vulnerabilities
2015-04-22	libtasn1 -- stack-based buffer overflow in asn1_der_decoding
2015-04-21	mozilla -- use-after-free
2015-04-18	chrony -- multiple vulnerabilities
2015-04-18	sqlite -- multiple vulnerabilities
2015-04-17	Adobe Flash Player -- critical vulnerabilities
	Dulwich -- Remote code execution
	Wesnoth -- Remote information disclosure
2015-04-14	qt4-imageformats, qt4-gui, qt5-gui -- Multiple Vulnerabilities in Qt Image Format Handling
2015-04-14	Ruby -- OpenSSL Hostname Verification Vulnerability
2015-04-09	mailman -- path traversal vulnerability
2015-04-08	asterisk -- TLS Certificate Common name NULL byte exploit
2015-04-07	ntp -- multiple vulnerabilities
2015-04-04	mozilla -- multiple vulnerabilities
2015-04-03	Several vulnerabilities in libav
2015-04-01	Several vulnerabilities found in PHP
2015-03-31	cpio -- multiple vulnerabilities
	mozilla -- multiple vulnerabilities
	osc -- shell command injection via crafted _service files
	subversion -- DoS vulnerabilities
2015-03-28	libzip -- integer overflow
2015-03-27	django -- multiple vulnerabilities
2015-03-24	GNU binutils -- multiple vulnerabilities
	jenkins -- multiple vulnerabilities
	libuv -- incorrect revocation order while relinquishing privileges
2015-03-22	mozilla -- multiple vulnerabilities
2015-03-19	OpenSSL -- multiple vulnerabilities
2015-03-18	libXfont -- BDF parsing issues
2015-03-13	Adobe Flash Player -- critical vulnerabilities
2015-03-13	sympa -- Remote attackers can read arbitrary files
2015-03-08	phpMyAdmin -- Risk of BREACH attack due to reflected parameter
2015-03-08	rt -- Remote DoS, Information disclosure and Session Hijackingvulnerabilities
2015-03-07	mono -- TLS bugs
2015-03-05	PuTTY -- fails to scrub private keys from memory after use
2015-03-05	qt4-gui, qt5-gui -- DoS vulnerability in the BMP image handler
2015-03-04	chromium -- multiple vulnerabilities
2015-03-01	jenkins -- multiple vulnerabilities
2015-02-27	mozilla -- multiple vulnerabilities
2015-02-26	php5 -- multiple vulnerabilities
2015-02-25	krb5 1.11 -- New release/fix multiple vulnerabilities
2015-02-24	e2fsprogs -- buffer overflow if s_first_meta_bg too big
2015-02-24	e2fsprogs -- potential buffer overflow in closefs()
2015-02-23	bind -- denial of service vulnerability
2015-02-23	samba -- Unexpected code execution in smbd
2015-02-21	krb5 1.12 -- New release/fix multiple vulnerabilities
2015-02-17	unzip -- heap based buffer overflow in iconv patch
2015-02-12	krb5 -- Vulnerabilities in kadmind, libgssrpc, gss_process_context_token VU#540092
2015-02-12	xorg-server -- Information leak in the XkbSetGeometry request of X servers.
2015-02-06	chromium -- multiple vulnerabilities
2015-02-06	openldap -- two remote denial of service vulnerabilities
2015-02-05	PostgreSQL -- multiple buffer overflows and memory issues
2015-02-04	krb5 -- Vulnerabilities in kadmind, libgssrpc, gss_process_context_token VU#540092
2015-02-03	unzip -- out of boundary access issues in test_compr_eb
2015-02-02	Xymon -- buffer overrun
2015-01-31	apache24 -- several vulnerabilities
2015-01-31	rabbitmq -- Security issues in management plugin
2015-01-29	asterisk -- File descriptor leak when incompatible codecs are offered
2015-01-29	asterisk -- Mitigation for libcURL HTTP request injection vulnerability
2015-01-28	glibc -- gethostbyname buffer overflow
2015-01-26	Adobe Flash Player -- critical vulnerability
2015-01-26	Bugzilla multiple security issues
2015-01-23	django -- multiple vulnerabilities
2015-01-22	Adobe Flash Player -- multiple vulnerabilities
2015-01-22	LibreSSL -- DTLS vulnerability
2015-01-21	chromium -- multiple vulnerabilities
2015-01-19	polarssl -- Remote attack using crafted certificates
2015-01-16	samba -- Elevation of privilege to Active Directory Domain Controller
2015-01-16	unzip -- input sanitization errors
2015-01-14	kde-runtime -- incorrect CBC encryption handling
2015-01-14	mozilla -- multiple vulnerabilities
2015-01-11	libevent -- integer overflow in evbuffers
2015-01-09	cURL -- URL request injection vulnerability
2015-01-09	WebKit-gtk -- Multiple vulnerabilities
2015-01-08	OpenSSL -- multiple vulnerabilities
2015-01-05	png -- heap overflow for 32-bit builds
2015-01-05	wordpress -- multiple vulnerabilities
2015-01-02	file -- multiple vulnerabilities
2014-12-29	libutp -- remote denial of service or arbitrary code execution
2014-12-23	mutt -- denial of service via crafted mail message
2014-12-20	ntp -- multiple vulnerabilities
2014-12-19	git -- Arbitrary command execution on case-insensitive filesystems
2014-12-16	otrs -- Incomplete Access Control
2014-12-15	subversion -- DoS vulnerabilities
2014-12-14	NVIDIA UNIX driver -- remote denial of service or arbitrary code execution
2014-12-11	asterisk -- Remote Crash Vulnerability in WebSocket Server
2014-12-11	bind -- denial of service vulnerability
2014-12-10	xserver -- multiple issue with X client request handling
2014-12-09	unbound -- can be tricked into following an endless series of delegations, this consumes a lot of resources
2014-12-07	freetype -- Out of bounds stack-based read/write
2014-12-04	phpMyAdmin -- XSS and DoS vulnerabilities
2014-12-02	mozilla -- multiple vulnerabilities
2014-12-02	OpenVPN -- denial of service security vulnerability
2014-11-25	flac -- Multiple vulnerabilities
2014-11-21	asterisk -- Multiple vulnerabilities
	asterisk -- Multiple vulnerabilities
	phpMyAdmin -- XSS and information disclosure vulnerabilities
2014-11-20	kwebkitpart, kde-runtime -- insufficient input validation
2014-11-19	yii -- Remote arbitrary PHP code execution
2014-11-18	chromium -- multiple vulnerabilities
2014-11-17	kde-workspace -- privilege escalation
2014-11-11	dbus -- incomplete fix for CVE-2014-3636 part A
2014-11-08	wget -- path traversal vulnerability in recursive FTP mode
2014-11-05	Konversation -- out-of-bounds read on a heap-allocated array
2014-10-31	jenkins -- slave-originated arbitrary code execution on master servers
2014-10-31	twiki -- remote Perl code execution
2014-10-29	libssh -- PRNG state reuse on forking servers
2014-10-24	libpurple/pidgin -- multiple vulnerabilities
2014-10-22	phpMyAdmin -- XSS vulnerabilities in SQL debug output and server monitor page.
2014-10-21	asterisk -- Asterisk Susceptibility to POODLE Vulnerability
2014-10-18	libxml2 -- Denial of service
2014-10-16	drupal7 -- SQL injection
2014-10-15	OpenSSL -- multiple vulnerabilities
2014-10-14	mozilla -- multiple vulnerabilities
2014-10-09	foreman-proxy SSL verification issue
2014-10-06	Bugzilla multiple security issues
2014-10-02	rt42 -- vulnerabilities related to shellshock
2014-10-01	bash -- out-of-bounds memory access in parser
	bash -- remote code execution
	jenkins -- remote execution, privilege escalation, XSS, password exposure, ACL hole, DoS
	phpMyAdmin -- XSS vulnerabilities
2014-09-30	rsyslog -- remote syslog PRI vulnerability
2014-09-29	fish -- local privilege escalation and remote code execution
2014-09-25	Flash player -- Multiple security vulnerabilities in www/linux-*-flashplugin11
	krfb -- Multiple security issues in bundled libvncserver
	NSS -- RSA Signature Forgery
2014-09-24	bash -- remote code execution vulnerability
2014-09-18	asterisk -- Remotely triggered crash
2014-09-18	squid -- Buffer overflow in SNMP processing
2014-09-17	dbus -- multiple vulnerabilities
2014-09-16	nginx -- inject commands into SSL session vulnerability
2014-09-13	phpMyAdmin -- XSRF/CSRF due to DOM based XSS in the micro history feature
2014-09-11	security/ossec-hids-* -- root escalation via temp files
2014-09-05	trafficserver -- unspecified vulnerability
2014-08-21	django -- multiple vulnerabilities
2014-08-21	file -- buffer overruns and missing buffer size tests
2014-08-18	PHP multiple vulnerabilities
2014-08-17	phpMyAdmin -- XSS vulnerabilities
2014-08-11	serf -- SSL Certificate Null Byte Poisoning
2014-08-11	subversion -- several vulnerabilities
2014-08-09	nginx -- inject commands into SSL session vulnerability
2014-08-06	OpenSSL -- multiple vulnerabilities
2014-08-03	krfb -- Possible Denial of Service or code execution via integer overflow
2014-08-02	gpgme -- heap-based buffer overflow in gpgsm status handler
2014-08-02	samba -- remote code execution
2014-07-31	kdelibs -- KAuth PID Reuse Flaw
2014-07-30	tor -- traffic confirmation attack
2014-07-28	i2p -- Multiple Vulnerabilities
2014-07-25	bugzilla -- Cross Site Request Forgery
2014-07-24	apache22 -- several vulnerabilities
2014-07-23	mozilla -- multiple vulnerabilities
2014-07-23	tomcat -- multiple vulnerabilities
2014-07-21	mcollective -- cert valication issue
2014-07-19	apache24 -- several vulnerabilities
2014-07-19	qt4-imageformats, qt5-gui -- DoS vulnerability in the GIF image handler
2014-07-18	phpMyAdmin -- multiple XSS vulnerabilities, missing validation
2014-07-16	kdelibs4 -- KMail/KIO POP3 SSL Man-in-the-middle Flaw
2014-07-13	postfixadmin -- SQL injection vulnerability
2014-07-03	dbus -- multiple vulnerabilities
2014-06-28	mencoder -- potential buffer overrun when processing malicious lzo compressed input
2014-06-28	mplayer -- potential buffer overrun when processing malicious lzo compressed input
2014-06-26	LZO -- potential buffer overrun when processing malicious input data
2014-06-23	gnupg -- possible DoS using garbled compressed data packets
2014-06-23	samba -- multiple vulnerabilities
2014-06-20	phpMyAdmin -- two XSS vulnerabilities due to unescaped db/table names
2014-06-18	iodined -- authentication bypass
2014-06-17	asterisk -- multiple vulnerabilities
2014-06-14	dbus -- local DoS
2014-06-10	mozilla -- multiple vulnerabilities
2014-06-05	OpenSSL -- multiple vulnerabilities
2014-06-04	gnutls -- client-side memory corruption
2014-06-03	gnutls -- client-side memory corruption
2014-05-29	mumble -- multiple vulnerabilities
2014-05-29	mumble -- NULL pointer dereference and heap-based buffer overflow
2014-05-26	linux-flashplugin -- multiple vulnerabilities
2014-05-24	openjpeg -- Multiple vulnerabilities
2014-05-13	libXfont -- X Font Service Protocol and Font metadata file handling issues
2014-05-06	libxml2 -- entity substitution DoS
2014-05-05	qt4-xml -- XML Entity Expansion Denial of Service
2014-05-04	strongswan -- Remote Authentication Bypass
2014-05-03	OpenSSL -- NULL pointer dereference / DoS
2014-04-30	mohawk -- multiple vulnerabilities
2014-04-30	opera -- moderately severe issue
2014-04-29	mozilla -- multiple vulnerabilities
2014-04-23	django -- multiple vulnerabilities
2014-04-23	OpenSSL -- Remote Data Injection / DoS
2014-04-18	bugzilla -- Cross-Site Request Forgery
2014-04-18	bugzilla -- Social Engineering
2014-04-13	ChaSen -- buffer overflow
2014-04-11	cURL -- inappropriate GSSAPI delegation
	dbus-glib -- privledge escalation
	libaudiofile -- heap-based overflow in Microsoft ADPCM compression module
	nas -- multiple vulnerabilities
	OpenLDAP -- incorrect handling of NULL in certificate Common Name
	OpenSSL -- Local Information Disclosure
2014-04-09	openafs -- Denial of Service
2014-04-07	OpenSSL -- Remote Information Disclosure
2014-04-03	otrs -- Clickjacking issue
2014-03-29	file -- out-of-bounds access in search rules with offsets from input file
2014-03-29	Icinga -- buffer overflow in classic web interface
2014-03-26	LibYAML input sanitization errors
2014-03-23	Joomla! -- Core - Multiple Vulnerabilities
	mail/trojita -- may leak mail contents (not user credentials) over unencrypted connection
	nginx -- SPDY heap buffer overflow
	nginx-devel -- SPDY heap buffer overflow
2014-03-22	apache -- several vulnerabilities
2014-03-19	mozilla -- multiple vulnerabilities
2014-03-14	mutt -- denial of service, potential remote code execution
2014-03-13	wemux -- read-only can be bypassed
2014-03-11	samba -- multiple vulnerabilities
2014-03-10	asterisk -- multiple vulnerabilities
2014-03-09	freetype2 -- Out of bounds read/write
2014-03-06	nginx -- SPDY memory corruption
2014-03-06	xmms -- Integer Overflow And Underflow Vulnerabilities
2014-03-04	gnutls -- multiple certificate verification issues
2014-03-03	file -- denial of service
2014-03-01	Python -- buffer overflow in socket.recvfrom_into()
2014-02-26	subversion -- mod_dav_svn vulnerability
2014-02-25	otrs -- XSS Issue
2014-02-20	PostgreSQL -- multiple privilege issues
2014-02-15	jenkins -- multiple vulnerabilities
2014-02-15	phpMyAdmin -- Self-XSS due to unescaped HTML output in import.
2014-02-14	lighttpd -- multiple vulnerabilities
2014-02-06	phpmyfaq -- multiple vulnerabilities
2014-02-04	linux-flashplugin -- multiple vulnerabilities
2014-02-04	mozilla -- multiple vulnerabilities
2014-02-01	libyaml heap overflow resulting in possible code execution
2014-01-29	socat -- buffer overflow with data from command line
2014-01-28	otrs -- multiple vulnerabilities
2014-01-27	rt42 -- denial-of-service attack via the email gateway
2014-01-27	strongswan -- multiple DoS vulnerabilities
2014-01-25	varnish -- DoS vulnerability in Varnish HTTP cache
2014-01-24	linux-flashplugin -- multiple vulnerabilities
2014-01-22	HTMLDOC -- buffer overflow issues when reading AFM files and parsing page sizes
2014-01-16	virtualbox-ose -- local vulnerability
2014-01-14	nagios -- denial of service vulnerability
2014-01-14	ntpd DRDoS / Amplification Attack using ntpdc monlist command
2014-01-13	bind -- denial of service vulnerability
2014-01-08	libXfont -- Stack buffer overflow in parsing of BDF font files in libXfont
2014-01-06	openssl -- multiple vulnerabilities
2013-12-22	OpenX -- SQL injection vulnerability
2013-12-18	cURL library -- cert name check ignore with GnuTLS
2013-12-18	gnupg -- RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis attack
2013-12-17	asterisk -- multiple vulnerabilities
2013-12-16	phpmyfaq -- arbitrary PHP code execution vulnerability
2013-12-16	zabbix -- shell command injection vulnerability
2013-12-14	mozilla -- multiple vulnerabilities
2013-12-14	PHP5 -- memory corruption in openssl_x509_parse()
2013-12-11	samba -- multiple vulnerabilities
2013-12-08	rails -- multiple vulnerabilities
2013-12-06	drupal -- multiple vulnerabilities
2013-12-04	Joomla! -- Core XSS Vulnerabilities
2013-12-01	monitorix -- serious bug in the built-in HTTP server
2013-11-28	OpenTTD -- Denial of service using forcefully crashed aircrafts
2013-11-25	subversion -- multiple vulnerabilities
2013-11-24	ruby-gems -- Algorithmic Complexity Vulnerability
2013-11-24	ruby-gems -- Algorithmic Complexity Vulnerability
2013-11-23	ruby -- Heap Overflow in Floating Point Parsing
2013-11-19	nginx -- Request line parsing vulnerability
	samba -- ACLs are not checked on opening an alternate data stream on a file or directory
	samba -- Private key in key.pem world readable
2013-11-12	linux-flashplugin -- multiple vulnerabilities
2013-11-08	OpenSSH -- Memory corruption in sshd
2013-11-06	Quassel IRC -- SQL injection vulnerability
2013-10-30	mozilla -- multiple vulnerabilities
2013-10-28	mod_pagespeed -- critical cross-site scripting (XSS) vulnerability
2013-10-25	gnutls -- denial of service
2013-10-24	xorg-server -- use-after-free
2013-10-19	node.js -- DoS Vulnerability
	pycrypto -- PRNG reseed race condition
	wordpress -- multiple vulnerabilities
2013-10-17	bugzilla -- multiple vulnerabilities
2013-10-17	dropbear -- exposure of sensitive information, DoS
2013-10-10	mod_fcgid -- possible heap buffer overwrite
2013-10-05	gnupg -- possible infinite recursion in the compressed packet parser
2013-10-03	xinetd -- ignores user and group directives for TCPMUX services
2013-10-02	polarssl -- Timing attack against protected RSA-CRT implementation
2013-09-30	py-graphite-web -- Multiple vulnerabilities
2013-09-22	django -- denial-of-service via large passwords
2013-09-19	FreeBSD -- Cross-mount links between nullfs(5) mounts
2013-09-19	FreeBSD -- Insufficient credential checks in network ioctl(2)
2013-09-13	linux-flashplugin -- multiple vulnerabilities
2013-09-12	django -- multiple vulnerabilities
2013-09-02	svnserve is vulnerable to a local privilege escalation vulnerability via symlink attack.
2013-08-29	cacti -- allow remote attackers to execute arbitrary SQL commands
2013-08-28	asterisk -- multiple vulnerabilities
2013-08-20	gstreamer-ffmpeg -- Multiple vulnerabilities in bundled libav
2013-08-18	mozilla -- multiple vulnerabilities
2013-08-17	GnuPG and Libgcrypt -- side-channel attack vulnerability
2013-08-16	puppet -- multiple vulnerabilities
2013-08-15	lcms2 -- Null Pointer Dereference Denial of Service Vulnerability
2013-08-13	polarssl -- denial of service vulnerability
2013-08-09	samba -- denial of service vulnerability
2013-08-08	mozilla -- multiple vulnerabilities
2013-08-07	PuTTY -- Four security holes in versions before 0.63
2013-08-05	typo3 -- Multiple vulnerabilities in TYPO3 Core
2013-08-04	phpMyAdmin -- clickJacking protection can be bypassed
2013-07-28	phpMyAdmin -- multiple vulnerabilities
2013-07-27	wordpress -- multiple vulnerabilities
2013-07-26	bind -- denial of service vulnerability
2013-07-25	gnupg -- side channel attack on RSA secret keys
2013-07-25	openafs -- single-DES cell-wide key brute force vulnerability
2013-07-24	subversion -- remotely triggerable "Assertion failed" DoS vulnerability or read overflow.
2013-07-22	suPHP -- Privilege escalation
2013-07-20	apache24 -- several vulnerabilities
2013-07-17	gallery -- multiple vulnerabilities
2013-07-16	PHP5 -- Heap corruption in XML parser
2013-07-16	PHP5 -- Integer overflow in Calendar module
2013-07-15	linux-flashplugin -- multiple vulnerabilities
2013-07-15	squid -- denial of service
2013-07-11	libzrtpcpp -- multiple security vulnerabilities
	otrs -- Sql Injection + Xss Issue
	ruby -- Hostname check bypassing vulnerability in SSL client
2013-07-10	libxml2 -- lack of end-of-document check DoS
2013-07-05	apache22 -- several vulnerabilities
2013-06-30	phpMyAdmin -- Global variable scope injection
2013-06-28	apache-xml-security-c -- heap overflow during XPointer evaluation
2013-06-26	mozilla -- multiple vulnerabilities
2013-06-23	cURL library -- heap corruption in curl_easy_unescape
2013-06-22	puppet -- Unauthenticated Remote Code Execution Vulnerability
2013-06-19	otrs -- information disclosure
2013-06-18	apache-xml-security-c -- heap overflow
2013-06-18	FreeBSD -- Privilege escalation via mmap
2013-06-16	tor -- guard discovery
2013-06-14	linux-flashplugin -- multiple vulnerabilities
2013-06-13	dbus -- local dos
2013-06-11	owncloud -- Multiple security vulnerabilities
2013-06-07	php5 -- Heap based buffer overflow in quoted_printable_encode
2013-06-06	dns/bind9* -- A recursive resolver can be crashed by a query for a malformed zone
2013-06-05	phpMyAdmin -- XSS due to unescaped HTML output in Create View page
2013-06-05	telepathy-gabble -- TLS verification bypass
2013-06-04	xorg -- protocol handling issues in X Window System client libraries
2013-06-03	krb5 -- UDP ping-pong vulnerability in the kpasswd (password changing) service. [CVE-2002-2443]
	net/openafs -- buffer overflow
	www/mod_security -- NULL pointer dereference DoS
2013-06-01	passenger -- security vulnerability
2013-05-31	devel/subversion -- contrib hook-scripts can allow arbitrary code execution
	devel/subversion -- fsfs repositories can be corrupted by newline characters in filenames
	devel/subversion -- svnserve remotely triggerable DoS
	irc/bitchx -- multiple vulnerabilities
2013-05-28	znc -- null pointer dereference in webadmin module
2013-05-26	couchdb -- DOM based Cross-Site Scripting via Futon UI
	ruby -- Object taint bypassing in DL and Fiddle in Ruby
	socat -- FD leak
2013-05-23	otrs -- information disclosure
	otrs -- XSS vulnerability
	RT -- multiple vulnerabilities
2013-05-19	plib -- buffer overflow
2013-05-19	plib -- stack-based buffer overflow
2013-05-16	linux-flashplugin -- multiple vulnerabilities
2013-05-15	mozilla -- multiple vulnerabilities
2013-05-07	nginx -- multiple vulnerabilities
2013-05-03	jenkins -- multiple vulnerabilities
2013-05-03	strongSwan -- ECDSA signature verification issue
2013-04-29	FreeBSD -- NFS remote denial of service
2013-04-27	Joomla! -- XXS and DDoS vulnerabilities
2013-04-24	phpMyAdmin -- Multiple security vulnerabilities
2013-04-22	tinc -- Buffer overflow
2013-04-20	phpMyAdmin -- XSS due to unescaped HTML output in GIS visualisation page
2013-04-19	roundcube -- arbitrary file disclosure vulnerability
2013-04-18	jasper -- buffer overflow
2013-04-16	ModSecurity -- XML External Entity Processing Vulnerability
2013-04-15	sieve-connect -- TLS hostname verification was not occurring
2013-04-10	linux-flashplugin -- multiple vulnerabilities
2013-04-10	rubygem-rails -- multiple vulnerabilities
2013-04-08	NVIDIA UNIX driver -- ARGB cursor buffer overflow in "NoScanout" mode
2013-04-05	otrs -- Information disclosure and Data manipulation
2013-04-05	Subversion -- multiple vulnerabilities
2013-04-04	PostgreSQL -- anonymous remote access data corruption vulnerability
2013-04-03	mozilla -- multiple vulnerabilities
2013-04-02	FreeBSD -- BIND remote denial of service
2013-04-02	FreeBSD -- OpenSSL multiple vulnerabilities
2013-03-31	OpenVPN -- potential side-channel/timing attack when comparing HMACs
2013-03-29	asterisk -- multiple vulnerabilities
2013-03-29	libxml2 -- cpu consumption Dos
2013-03-27	dns/bind9* -- Malicious Regex Can Cause Memory Exhaustion
2013-03-21	optipng -- use-after-free vulnerability
2013-03-18	php5 -- Multiple vulnerabilities
2013-03-18	piwigo -- CSRF/Path Traversal
2013-03-13	libexif -- multiple remote vulnerabilities
	puppet26 -- multiple vulnerabilities
	puppet27 and puppet -- multiple vulnerabilities
2013-03-12	linux-flashplugin -- multiple vulnerabilities
2013-03-10	libpurple -- multiple vulnerabilities
2013-03-10	perl -- denial of service via algorithmic complexity attack on hashing routines
2013-03-08	mozilla -- use-after-free in HTML Editor
2013-03-06	firebird -- Remote Stack Buffer Overflow
2013-03-06	typo3 -- Multiple vulnerabilities in TYPO3 Core
2013-03-03	stunnel -- Remote Code Execution
2013-03-02	apache22 -- several vulnerabilities
2013-03-01	sudo -- Authentication bypass when clock is reset
2013-03-01	sudo -- Potential bypass of tty_tickets constraints
2013-02-28	rubygem-dragonfly -- arbitrary code execution
2013-02-27	linux-flashplugin -- multiple vulnerabilities
2013-02-25	otrs -- XSS vulnerability could lead to remote code execution
	otrs -- XSS vulnerability in Firefox and Opera could lead to remote code execution
	otrs -- XSS vulnerability in Internet Explorer could lead to remote code execution
2013-02-24	django -- multiple vulnerabilities
	ruby -- DoS vulnerability in REXML
	rubygem-ruby_parser -- insecure tmp file usage
2013-02-22	krb5 -- null pointer dereference in the KDC PKINIT code [CVE-2013-1415]
2013-02-21	drupal7 -- Denial of service
	FreeBSD -- BIND remote DoS with deliberately crafted DNS64 query
	FreeBSD -- glob(3) related resource exhaustion
2013-02-20	bugzilla -- multiple vulnerabilities
2013-02-20	nss-pam-ldapd -- file descriptor buffer overflow
2013-02-19	mozilla -- multiple vulnerabilities
2013-02-17	jenkins -- multiple vulnerabilities
	Ruby Activemodel Gem -- Circumvention of attr_protected
	Ruby Rack Gem -- Multiple Issues
2013-02-16	poweradmin -- multiple XSS vulnerabilities
	Ruby -- Denial of Service and Unsafe Object Creation Vulnerability in JSON
	Ruby -- XSS exploit of RDoc documentation generated by rdoc
2013-02-08	linux-flashplugin -- multiple vulnerabilities
2013-02-06	OpenSSL -- TLS 1.1, 1.2 denial of service
2013-02-01	mysql/mariadb/percona server -- multiple vulnerabilities
2013-02-01	opera -- execution of arbitrary code
2013-01-30	upnp -- multiple vulnerabilities
2013-01-29	wordpress -- multiple vulnerabilities
2013-01-25	django-cms -- XSS Vulnerability
2013-01-20	drupal -- multiple vulnerabilities
2013-01-16	ettercap -- buffer overflow in target list parsing
2013-01-14	java 7.x -- security manager bypass
2013-01-10	nagios -- buffer overflow in history.cgi
2013-01-09	mozilla -- multiple vulnerabilities
2013-01-08	jenkins -- HTTP access to the server to retrieve the master cryptographic key
2013-01-08	rubygem-rails -- multiple vulnerabilities
2013-01-07	rubygem-rails -- SQL injection vulnerability
2013-01-06	django -- multiple vulnerabilities
2013-01-05	freetype -- Multiple vulnerabilities
2013-01-05	moinmoin -- Multiple vulnerabilities
2013-01-03	asterisk -- multiple vulnerabilities
2013-01-02	ircd-ratbox and charybdis -- remote DoS vulnerability
2012-12-30	otrs -- XSS vulnerability
	otrs -- XSS vulnerability in Firefox and Opera
	otrs -- XSS vulnerability in Internet Explorer
	puppet -- multiple vulnerabilities
2012-12-28	squid -- denial of service
2012-12-18	opera -- execution of arbitrary code
2012-12-14	linux-flashplugin -- multiple vulnerabilities
2012-12-04	dns/bind9* -- servers using DNS64 can be crashed by a crafted query
	tomcat -- bypass of CSRF prevention filter
	tomcat -- bypass of security constraints
	tomcat -- denial of service
2012-12-03	bogofilter -- heap corruption by invalid base64 input
2012-11-27	YUI JavaScript library -- JavaScript injection exploits in Flash components
2012-11-24	FreeBSD -- Insufficient message length validation for EAP-TLS messages
	FreeBSD -- Linux compatibility layer input validation error
	FreeBSD -- Multiple Denial of Service vulnerabilities with named(8)
2012-11-22	opera -- execution of arbitrary code
2012-11-21	lighttpd -- remote DoS in header parsing
2012-11-20	mozilla -- multiple vulnerabilities
2012-11-18	weechat -- Arbitrary shell command execution via scripts
2012-11-14	bugzilla -- multiple vulnerabilities
2012-11-12	DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust
2012-11-12	typo3 -- Multiple vulnerabilities in TYPO3 Core
2012-11-10	ruby -- Hash-flooding DoS vulnerability for ruby 1.9
2012-11-10	weechat -- Crash or freeze when decoding IRC colors in strings
2012-11-08	tomcat -- authentication weaknesses
2012-11-08	tomcat -- Denial of Service
2012-11-06	opera -- multiple vulnerabilities
2012-11-02	apache22 -- several vulnerabilities
	linux-flashplugin -- multiple vulnerabilities
	linux-flashplugin -- multiple vulnerabilities
	webmin -- potential XSS attack via real name field
2012-11-01	RT -- Multiple Vulnerabilities
	ruby -- $SAFE escaping vulnerability about Exception#to_s/NameError#to_s
	ruby -- Unintentional file creation caused by inserting an illegal NUL character
2012-10-31	drupal7 -- multiple vulnerabilities
2012-10-27	mozilla -- multiple vulnerabilities
2012-10-26	Exim -- remote code execution
2012-10-24	django -- multiple vulnerabilities
2012-10-22	Wireshark -- Multiple Vulnerabilities
2012-10-17	xinetd -- attackers can bypass access restrictions if tcpmux-servers service enabled
2012-10-17	xlockmore -- local exploit
2012-10-16	Zend Framework -- Multiple vulnerabilities via XXE injection
2012-10-15	gitolite -- path traversal vulnerability
2012-10-14	phpMyAdmin -- Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack
2012-10-10	dns/bind9* -- crash on deliberately constructed combination of records
2012-10-10	mozilla -- multiple vulnerabilities
2012-09-27	OpenX -- SQL injection vulnerability
2012-09-26	eperl -- Remote code execution
2012-09-20	ImageMagick and GraphicsMagick -- DoS via specially crafted PNG file
2012-09-19	php5 -- Denial of Service in php_date_parse_tzfile()
2012-09-19	php5-sqlite -- open_basedir bypass
2012-09-18	dns/bind9* -- Several vulnerabilities
2012-09-17	jenkins -- multiple vulnerabilities
2012-09-15	bacula -- Console ACL Bypass
2012-09-15	vlc -- arbitrary code execution in Real RTSP and MMS support
2012-09-12	mod_pagespeed -- multiple vulnerabilities
2012-09-11	freeradius -- arbitrary code execution for TLS-based authentication
2012-09-08	emacs -- remote code execution vulnerability
2012-09-07	wordpress -- multiple unspecified privilege escalation bugs
2012-09-05	moinmoin -- cross-site scripting via RST parser
	moinmoin -- wrong processing of group membership
	php5 -- header splitting attack via carriage-return character
2012-09-02	bitcoin -- denial of service
2012-09-01	bugzilla -- multiple vulnerabilities
	GNU gatekeeper -- denial of service
	mediawiki -- multiple vulnerabilities
2012-08-31	wireshark -- denial of service in DRDA dissector
2012-08-30	asterisk -- multiple vulnerabilities
	coppermine -- Multiple vulnerabilities
	fetchmail -- chosen plaintext attack against SSL CBC initialization vectors
	Java 1.7 -- security manager bypass
	mozilla -- multiple vulnerabilities
2012-08-27	roundcube -- cross-site scripting in HTML email messages
2012-08-26	Calligra, KOffice -- input validation failure
2012-08-25	inn -- plaintext command injection into encrypted channel
	squidclamav -- cross-site scripting in default virus warning pages
	squidclamav -- Denial of Service
2012-08-23	jabberd -- domain spoofing in server dialback protocol
2012-08-22	rssh -- arbitrary command execution
2012-08-22	rssh -- configuration restrictions bypass
2012-08-18	libotr -- buffer overflows
	OpenTTD -- Denial of Service
	Wireshark -- Multiple vulnerabilities
2012-08-17	databases/postgresql*-server -- multiple vulnerabilities
2012-08-17	phpMyAdmin -- Multiple XSS in Table operations, Database structure, Trigger and Visualize GIS data pages
2012-08-15	typo3 -- Multiple vulernabilities in TYPO3 Core
2012-08-14	fetchmail -- two vulnerabilities in NTLM authentication
2012-08-13	Several vulnerabilities found in IcedTea-Web
2012-08-11	libcloud -- possible SSL MITM due to invalid regexp used to validate target server hostname
2012-08-11	phpMyAdmin -- Path disclosure due to missing library
2012-08-10	rubygem-rails -- multiple vulnerabilities
2012-08-09	sudosh -- buffer overflow
2012-08-07	FreeBSD -- named(8) DNSSEC validation Denial of Service
2012-08-06	automake -- Insecure 'distcheck' recipe granted world-writable distdir
2012-08-02	mozilla -- multiple vulnerabilities
2012-08-01	Apache -- Insecure LD_LIBRARY_PATH handling
2012-07-31	django -- multiple vulnerabilities
2012-07-27	bugzilla -- multiple vulnerabilities
2012-07-27	nsd -- Denial of Service
2012-07-26	p5-RT-Authen-ExternalAuth -- privilege escalation
2012-07-26	rubygem-actionpack -- Denial of Service
2012-07-25	isc-dhcp -- multiple vulnerabilities
2012-07-24	dns/bind9* -- Heavy DNSSEC Validation Load Can Cause a 'Bad Cache' Assertion Failure
2012-07-23	php -- potential overflow in _php_stream_scandir
2012-07-23	rubygem-activerecord -- multiple vulnerabilities
2012-07-20	dns/nsd -- DoS vulnerability from non-standard DNS packet
2012-07-18	Dokuwiki -- cross site scripting vulnerability
2012-07-18	libjpeg-turbo -- heap-based buffer overflow
2012-07-10	puppet -- multiple vulnerabilities
2012-07-06	asterisk -- multiple vulnerabilities
2012-07-06	typo3 -- Cross-Site Scripting Vulnerability in TYPO3 Core
2012-07-02	phpList -- SQL injection and XSS vulnerability
2012-06-27	FreeBSD -- Incorrect crypt() hashing
	FreeBSD -- Incorrect handling of zero-length RDATA fields in named(8)
	FreeBSD -- OpenSSL multiple vulnerabilities
	FreeBSD -- Privilege escalation when returning from kernel
2012-06-24	pycrypto -- vulnerable ElGamal key generation
2012-06-19	joomla -- Privilege Escalation
2012-06-16	clamav -- multiple vulnerabilities
2012-06-14	asterisk -- remote crash vulnerability
2012-06-14	ImageMagick -- multiple vulnerabilities
2012-06-12	mantis -- multiple vulnerabilities
2012-06-09	linux-flashplugin -- multiple vulnerabilities
2012-06-05	mail/sympa* -- Multiple vulnerabilities in Sympa archive management
	mozilla -- multiple vulnerabilities
	quagga -- BGP OPEN denial of service vulnerability
2012-06-04	dns/bind9* -- zero-length RDATA can cause named to terminate, reveal memory
2012-05-30	databases/postgresql*-server -- crypt vulnerabilities
2012-05-30	nut -- upsd can be remotely crashed
2012-05-29	asterisk -- multiple vulnerabilities
2012-05-24	haproxy -- buffer overflow
2012-05-23	RT -- Multiple Vulnerabilities
2012-05-21	foswiki -- Script Insertion Vulnerability via unchecked user registration fields
2012-05-21	sympa -- Multiple Security Bypass Vulnerabilities
2012-05-18	libxml2 -- An off-by-one out-of-bounds write by XPointer
2012-05-17	inspircd -- buffer overflow
2012-05-16	pidgin-otr -- format string vulnerability
2012-05-16	sudo -- netmask vulnerability
2012-05-14	socat -- Heap-based buffer overflow
2012-05-12	libpurple -- Invalid memory dereference in the XMPP protocol plug-in by processing serie of specially-crafted file transfer requests
	php -- multiple vulnerabilities
	PivotX -- 'ajaxhelper.php' Cross Site Scripting Vulnerability
2012-05-10	NVIDIA UNIX driver -- access to arbitrary system memory
2012-05-10	OpenSSL -- DTLS and TLS 1.1, 1.2 denial of service
2012-05-09	rubygem-mail -- multiple vulnerabilities
2012-05-07	node -- private information disclosure
2012-05-07	p5-Config-IniFiles -- unsafe temporary file creation
2012-05-05	php -- vulnerability in certain CGI-based setups
2012-05-02	WebCalendar -- multiple vulnerabilities
2012-04-30	portupgrade-devel -- lack of distfile checksums
2012-04-30	samba -- incorrect permission checks vulnerability
2012-04-28	php -- multiple vulnerabilities
2012-04-27	net-snmp -- Remote DoS
2012-04-24	mozilla -- multiple vulnerabilities
2012-04-23	asterisk -- multiple vulnerabilities
	Dokuwiki -- cross site scripting vulnerability
	wordpress -- multiple vulnerabilities
2012-04-21	bugzilla -- multiple vulnerabilities
2012-04-21	OpenSSL -- integer conversions result in memory corruption
2012-04-18	typo -- Cross-Site Scripting
2012-04-16	nginx -- Buffer overflow in the ngx_http_mp4_module
2012-04-14	phpmyfaq -- Remote PHP Code Execution Vulnerability
2012-04-10	bugzilla Cross-Site Request Forgery
	linux-flashplugin -- multiple vulnerabilities
	puppet -- Multiple Vulnerabilities
	samba -- "root" credential remote code execution
2012-04-08	png -- memory corruption/possible remote code execution
2012-04-06	freetype -- multiple vulnerabilities
2012-04-06	mutt-devel -- failure to check SMTP TLS server certificate
2012-04-01	libpurple -- Remote DoS via an MSN OIM message that lacks UTF-8 encoding
2012-03-28	phpMyAdmin -- Path disclosure due to missing verification of file presence
2012-03-25	raptor/raptor2 -- XXE in RDF/XML File Interpretation
2012-03-24	Apache Traffic Server -- heap overflow vulnerability
2012-03-24	quagga -- multiple vulnerabilities
2012-03-21	gnutls -- possible overflow/Denial of service vulnerabilities
2012-03-21	libtasn1 -- ASN.1 length decoding vulnerability
2012-03-15	asterisk -- multiple vulnerabilities
	nginx -- potential information leak
	OpenSSL -- CMS and S/MIME Bleichenbacher attack
2012-03-14	mozilla -- multiple vulnerabilities
2012-03-11	portaudit -- auditfile remote code execution
2012-03-09	linux-flashplugin -- multiple vulnerabilities
2012-03-07	jenkins -- XSS vulnerability
2012-03-04	dropbear -- arbitrary code execution
2012-03-02	openx -- undisclosed security issue
2012-02-28	databases/postgresql*-client -- multiple vulnerabilities
2012-02-27	libxml2 -- heap buffer overflow
2012-02-27	linux-flashplugin -- multiple vulnerabilities
2012-02-19	plib -- remote code execution via buffer overflow
2012-02-18	phpMyAdmin -- XSS in replication setup
2012-02-17	mozilla -- heap-buffer overflow
2012-02-16	piwik -- xss and click-jacking issues
2012-02-14	Python -- DoS via malformed XML-RPC / HTTP POST request
2012-02-12	WebCalendar -- Persistent XSS
2012-02-11	bip -- buffer overflow
	mozilla -- use-after-free in nsXBLDocumentInfo::ReadPrototypeBindings
	surf -- private information disclosure
2012-02-10	glpi -- remote attack via crafted POST request
2012-02-07	drupal -- multiple vulnerabilities
2012-02-06	bugzilla -- multiple vulnerabilities
2012-02-04	php -- arbitrary remote code execution vulnerability
2012-02-03	mathopd -- directory traversal vulnerability
2012-02-01	mozilla -- multiple vulnerabilities
2012-01-31	apache -- multiple vulnerabilities
2012-01-30	sudo -- format string vulnerability
2012-01-29	FreeBSD -- Buffer overflow in handling of UNIX socket addresses
	FreeBSD -- errors handling corrupt compress file in compress(1) and gzip(1)
	FreeBSD -- Network ACL mishandling in mountd(8)
	FreeBSD -- pam_ssh improperly grants access when user account has unencrypted SSH private keys
	FreeBSD -- pam_ssh() does not validate service names
2012-01-27	postfixadmin -- Multiple Vulnerabilities
2012-01-26	acroread9 -- Multiple Vulnerabilities
2012-01-26	mpack -- Information disclosure
2012-01-23	spamdyke -- Buffer Overflow Vulnerabilities
2012-01-23	Wireshark -- Multiple vulnerabilities
2012-01-20	asterisk -- SRTP Video Remote Crash Vulnerability
2012-01-20	OpenSSL -- DTLS Denial of Service
2012-01-17	tomcat -- Denial of Service
2012-01-16	Multiple implementations -- DoS via hash algorithm collision
2012-01-16	OpenTTD -- Denial of service (server) via slow read attack
2012-01-14	ffmpeg -- multiple vulnerabilities
2012-01-14	OpenSSL -- multiple vulnerabilities
2012-01-13	isc-dhcp-server -- DoS in DHCPv6
2012-01-12	PowerDNS -- Denial of Service Vulnerability
2012-01-11	php -- multiple vulnerabilities
2012-01-09	torcs -- untrusted local library loading
2012-01-08	spamdyke -- STARTTLS Plaintext Injection Vulnerability
2012-01-05	bugzilla -- multiple vulnerabilities
2012-01-03	WordPress -- cross site scripting vulnerability
2011-12-29	zabbix-frontend -- multiple XSS vulnerabilities
2011-12-28	lighttpd -- remote DoS in HTTP authentication
2011-12-26	krb5-appl -- telnetd code execution vulnerability
2011-12-23	proftpd -- arbitrary code execution vulnerability with chroot
2011-12-22	phpMyAdmin -- Multiple XSS
2011-12-21	mozilla -- multiple vulnerabilities
2011-12-19	unbound -- denial of service vulnerabilities from nonstandard redirection and denial of existence
2011-12-18	typo3 -- Remote Code Execution
2011-12-14	krb5 -- KDC null pointer dereference in TGS handling
2011-12-13	opera -- multiple vulnerabilities
2011-12-12	PuTTY -- Password vulnerability
2011-12-09	asterisk -- Multiple Vulnerabilities
2011-12-07	isc-dhcp-server -- Remote DoS
2011-12-01	phpMyAdmin -- Multiple XSS
2011-11-18	hiawatha -- memory leak in PreventSQLi routine
2011-11-16	BIND -- Remote DOS
2011-11-14	Apache 1.3 -- mod_proxy reverse proxy exposure
2011-11-14	kdeutils4 -- Directory traversal vulnerability
2011-11-13	Apache APR -- DoS vulnerabilities
2011-11-12	phpmyadmin -- Local file inclusion
2011-11-11	linux-flashplugin -- multiple vulnerabilities
2011-11-10	gnutls -- client session resumption vulnerability
	libxml -- Integer overflow
	libxml -- Multiple use-after-free vulnerabilities
	libxml -- Stack consumption vulnerability
2011-11-08	mozilla -- multiple vulnerabilities
2011-11-06	caml-light -- insecure use of temporary files
2011-11-01	freetype -- Some type 1 fonts handling vulnerabilities
2011-10-26	cacti -- Multiple vulnerabilities
2011-10-26	phpmyfaq -- Remote PHP Code Injection Vulnerability
2011-10-24	phpLDAPadmin -- Remote PHP code injection vulnerability
2011-10-23	kdelibs4, rekonq -- input validation failure
2011-10-20	piwik -- unknown critical vulnerabilities
2011-10-18	Xorg server -- two vulnerabilities in X server lock handling code
2011-10-17	asterisk -- remote crash vulnerability in SIP channel driver
2011-10-17	PivotX -- Remote File Inclusion Vulnerability of TimThumb
2011-10-16	OpenTTD -- Buffer overflows in savegame loading
	OpenTTD -- Denial of service via improperly validated commands
	OpenTTD -- Multiple buffer overflows in validation of external data
2011-10-05	quagga -- multiple vulnerabilities
2011-09-28	Mozilla -- multiple vulnerabilities
2011-09-22	linux-flashplugin -- multiple vulnerabilities
2011-09-14	phpMyAdmin -- multiple XSS vulnerabilities
2011-09-13	django -- multiple vulnerabilities
2011-09-13	roundcube -- XSS vulnerability
2011-09-12	libsndfile -- PAF file processing integer overflow
2011-09-07	OpenSSL -- multiple vulnerabilities
2011-09-05	XSS issue in MantisBT
2011-09-04	ca_root_nss -- extraction of explicitly-untrusted certificates into trust bundle
2011-09-04	security/cfs -- buffer overflow
2011-09-03	nss/ca_root_nss -- fraudulent certificates issued by DigiNotar.nl
2011-08-30	apache -- Range header DoS vulnerability
2011-08-26	stunnel -- heap corruption vulnerability
2011-08-24	phpMyAdmin -- multiple XSS vulnerabilities
2011-08-23	PHP -- crypt() returns only the salt for MD5
2011-08-20	php -- multiple vulnerabilities
2011-08-19	dovecot -- denial of service vulnerability
2011-08-19	rubygem-rails -- multiple vulnerabilities
2011-08-18	OTRS -- Vulnerabilities in OTRS-Core allows read access to any file on local file system
2011-08-16	mozilla -- multiple vulnerabilities
2011-08-16	Samba -- cross site scripting and request forgery vulnerabilities
2011-08-13	bugzilla -- multiple vulnerabilities
	dtc -- multiple vulnerabilities
	isc-dhcp-server -- server halt upon processing certain packets
2011-08-11	freetype2 -- execute arbitrary code or cause denial of service
2011-08-11	libXfont -- possible local privilege escalation
2011-08-10	linux-flashplugin -- multiple vulnerabilities
2011-07-28	libsoup -- unintentionally allow access to entire local filesystem
2011-07-25	opensaml2 -- unauthenticated login
2011-07-24	phpmyadmin -- multiple vulnerabilities
2011-07-20	rsync -- incremental recursion memory corruption vulnerability
2011-07-05	BIND -- Remote DoS against authoritative and recursive servers
2011-07-05	BIND -- Remote DoS with certain RPZ configurations
2011-07-03	phpmyadmin -- multiple vulnerabilities
2011-06-25	Asterisk -- multiple vulnerabilities
2011-06-24	ejabberd -- remote denial of service vulnerability
2011-06-21	mozilla -- multiple vulnerabilities
	Piwik -- remote command execution vulnerability
	Samba -- Denial of service - memory corruption
2011-06-20	Dokuwiki -- cross site scripting vulnerability
2011-06-15	ikiwiki -- tty hijacking via ikiwiki-mass-rebuild
2011-06-15	linux-flashplugin -- remote code execution vulnerability
2011-06-08	linux-flashplugin -- cross-site scripting vulnerability
2011-06-06	fetchmail -- STARTTLS denial of service
2011-06-04	BIND -- Large RRSIG RRsets and Negative Caching DoS
2011-06-02	asterisk -- Remote crash vulnerability
2011-06-02	Subversion -- multiple vulnerabilities
2011-05-26	drupal6 -- multiple vulnerabilities
2011-05-25	Erlang -- ssh library uses a weak random number generator
2011-05-25	Unbound -- an empty error packet handling assertion failure
2011-05-23	Apache APR -- DoS vulnerabilities
	linux-flashplugin -- multiple vulnerabilities
	mod_pubcookie -- Empty Authentication Security Advisory
	Opera -- code injection vulnerability through broken frameset handling
	Pubcookie Login Server -- XSS vulnerability
	pureftpd -- multiple vulnerabilities
	ViewVC -- user-reachable override of cvsdb row limit
2011-05-14	Exim -- remote code execution and information disclosure
2011-05-13	Zend Framework -- potential SQL injection when using PDO_MySql
2011-05-12	Apache APR -- DoS vulnerabilities
2011-05-12	mediawiki -- multiple vulnerabilities
2011-05-09	Postfix -- memory corruption vulnerability
2011-04-29	Mozilla -- multiple vulnerabilities
2011-04-21	Asterisk -- multiple vulnerabilities
2011-04-17	linux-flashplugin -- remote code execution vulnerability
	rt -- multiple vulnerabilities
	VLC -- Heap corruption in MP4 demultiplexer
2011-04-14	krb5 -- MITKRB5-SA-2011-001, kpropd denial of service
	krb5 -- MITKRB5-SA-2011-002, KDC vulnerable to hang when using LDAP back end
	krb5 -- MITKRB5-SA-2011-003, KDC vulnerable to double-free when PKINIT enabled
	krb5 -- MITKRB5-SA-2011-004, kadmind invalid pointer free() [CVE-2011-0285]
	xrdb -- root hole via rogue hostname
2011-04-12	OTRS -- Several XSS attacks possible
2011-04-10	isc-dhcp-client -- dhclient does not strip or escape shell meta-characters
2011-04-08	tinyproxy -- ACL lists ineffective when range is configured
2011-04-01	quagga -- two DoS vulnerabilities
2011-03-29	gdm -- privilege escalation vulnerability
2011-03-25	php -- crash on crafted tag in exif
2011-03-25	php -- ZipArchive segfault with FL_UNCHANGED on empty archive
2011-03-24	linux-flashplugin -- remote code execution vulnerability
2011-03-24	mozilla -- update to HTTPS certificate blacklist
2011-03-19	postfix -- plaintext command injection with SMTP over TLS
2011-03-17	hiawatha -- integer overflow in Content-Length header parsing
2011-03-16	asterisk -- Multiple Vulnerabilities
2011-03-13	avahi -- denial of service
2011-03-10	mailman -- XSS vulnerability
2011-03-07	redmine -- XSS vulnerability
2011-03-05	subversion -- remote HTTP DoS vulnerability
2011-03-01	mozilla -- multiple vulnerabilities
2011-02-25	openldap -- two security bypass vulnerabilities
2011-02-22	asterisk -- Exploitable Stack and Heap Array Overflows
2011-02-20	PivotX -- administrator password reset vulnerability
2011-02-15	tomcat -- Cross-site scripting vulnerability
2011-02-11	linux-flashplugin -- multiple vulnerabilities
2011-02-11	phpMyAdmin -- multiple vulnerabilities
2011-02-10	awstats -- arbitrary commands execution vulnerability
	exim -- local privilege escalation
	mupdf -- Remote System Access
	openoffice.org -- Multiple vulnerabilities
	opera -- multiple vulnerabilities
	plone -- Remote Security Bypass
	rubygem-mail -- Remote Arbitrary Shell Command Injection Vulnerability
	webkit-gtk2 -- Multiple vurnabilities.
2011-02-09	django -- multiple vulnerabilities
2011-02-09	mediawiki -- multiple vulnerabilities
2011-02-05	wordpress -- SQL injection vulnerability
2011-02-02	vlc -- Insufficient input validation in MKV demuxer
2011-01-31	maradns -- denial of service when resolving a long DNS hostname
2011-01-28	isc-dhcp-server -- DHCPv6 crash
2011-01-25	bugzilla -- multiple serious vulnerabilities
2011-01-24	dokuwiki -- multiple privilege escalation vulnerabilities
2011-01-19	asterisk -- Exploitable Stack Buffer Overflow
2011-01-19	tarsnap -- cryptographic nonce reuse
2011-01-17	tor -- remote code execution and crash
2011-01-13	pecl-phar -- format string vulnerability
	php -- corruption of $GLOBALS and $this variables via extract() method
	php -- NULL byte poisoning
	php -- open_basedir bypass
	php-filter -- Denial of Service
	php-imap -- Denial of Service
	php-zip -- multiple Denial of Service vulnerabilities
	subversion -- multiple DoS
	sudo -- local privilege escalation
2011-01-11	MoinMoin -- cross-site scripting vulnerabilities
2011-01-09	php -- multiple vulnerabilities
2011-01-08	exim -- local privilege escalation
2011-01-06	mediawiki -- Clickjacking vulnerabilities
2010-12-30	webkit-gtk2 -- Multiple vulnerabilities
2010-12-29	django -- multiple vulnerabilities
2010-12-28	Drupal Views plugin -- cross-site scripting
2010-12-23	redmine -- multiple vulnerabilities
2010-12-22	tor -- remote crash and potential remote code execution
2010-12-15	YUI JavaScript library -- JavaScript injection exploits in Flash components
2010-12-10	mozilla -- multiple vulnerabilities
2010-12-09	krb5 -- client impersonation vulnerability
	krb5 -- multiple checksum handling vulnerabilities
	krb5 -- multiple checksum handling vulnerabilities
	krb5 -- RFC 3961 key-derivation checksum handling vulnerability
	krb5 -- unkeyed PAC checksum handling vulnerability
2010-12-04	proftpd -- Compromised source packages backdoor
2010-11-30	phpMyAdmin -- XSS attack in database search
2010-11-24	isc-dhcp-server -- Empty link-address denial of service
2010-11-23	horde-base -- XSS: VCARD attachments vulnerability
	OpenTTD -- Denial of service (server/client) via invalid read
	proftpd -- remote code execution vulnerability
2010-11-17	openssl -- TLS extension parsing race condition
2010-11-06	linux-flashplugin -- multiple vulnerabilities
2010-11-05	Wireshark -- DoS in the BER-based dissectors
2010-11-03	Mailman -- cross-site scripting in web interface
2010-11-03	OTRS -- Multiple XSS and denial of service vulnerabilities
2010-10-28	mozilla -- Heap buffer overflow mixing document.write and DOM insertion
2010-10-26	opera -- multiple vulnerabilities
2010-10-25	bzip2 -- integer overflow vulnerability
2010-10-24	FreeBSD -- BIND named(8) cache poisoning with DNSSEC validation
	FreeBSD -- Improper environment sanitization in rtld(1)
	FreeBSD -- Inappropriate directory permissions in freebsd-update(8)
	FreeBSD -- Insufficient environment sanitization in jail(8)
	FreeBSD -- Integer overflow in bzip2 decompression
	FreeBSD -- Lost mbuf flag resulting in data corruption
	FreeBSD -- ntpd mode 7 denial of service
	FreeBSD -- OPIE off-by-one stack overflow
	FreeBSD -- SSL protocol flaw
	FreeBSD -- Unvalidated input in nfsclient
	FreeBSD -- ZFS ZIL playback with insecure permissions
	monotone -- remote denial of service in default setup
2010-10-20	mozilla -- multiple vulnerabilities
2010-10-19	Webkit-gtk2 -- Multiple Vulnabilities
2010-10-06	apr -- multiple vunerabilities
2010-10-02	phpmyfaq -- cross site scripting vulnerabilities
2010-09-28	horde-base -- XSS and CSRF vulnerabilities
	horde-gollem -- XSS vulnerability
	horde-imp -- XSS vulnerability
2010-09-26	openx -- remote code execution vulnerability
2010-09-24	squid -- Denial of service vulnerability in request handling
2010-09-22	linux-flashplugin -- remote code execution
2010-09-17	django -- cross-site scripting vulnerability
2010-09-10	webkit-gtk2 -- Multiple vulnerabilities
2010-09-09	vim6 -- heap-based overflow while parsing shell metacharacters
2010-09-08	mozilla -- multiple vulnerabilities
2010-09-07	sudo -- Flaw in Runas group matching
2010-09-03	lftp -- multiple HTTP client download filename vulnerability
2010-09-03	wget -- multiple HTTP client download filename vulnerability
2010-08-31	p5-libwww -- possibility to remote servers to create file with a .(dot) character
2010-08-25	quagga -- stack overflow and DoS vulnerabilities
2010-08-24	bugzilla -- information disclosure, denial of service
2010-08-22	OpenTTD -- Denial of service (server) via infinite loop
2010-08-21	corkscrew -- buffer overflow vulnerability
2010-08-21	phpmyadmin -- Several XSS vulnerabilities
2010-08-19	slim -- insecure PATH assignment
2010-08-17	ruby -- UTF-7 encoding XSS vulnerability in WEBrick
2010-08-14	vlc -- invalid id3v2 tags may lead to invalid memory dereferencing
2010-08-13	isolate -- local root exploit
	linux-flashplugin -- multiple vulnerabilities
	opera -- multiple vulnerabilities
2010-08-09	firefox -- Dangling pointer crash regression from plugin parameter array fix
2010-08-04	Piwik -- Local File Inclusion Vulnerability
2010-07-30	libmspack -- infinite loop denial of service
2010-07-26	apache -- Remote DoS bug in mod_cache and mod_dav
2010-07-23	git -- buffer overflow vulnerability
2010-07-21	codeigniter -- file upload class vulnerability
2010-07-21	mozilla -- multiple vulnerabilities
2010-07-18	vte -- Classic terminal title set+query attack
2010-07-18	webkit-gtk2 -- Multiple vulnerabilities
2010-07-10	redmine -- multiple vulnerabilities
2010-07-06	bogofilter -- heap underrun on malformed base64 input
2010-07-05	bugzilla -- information disclosure
2010-06-30	kvirc -- multiple vulnerabilities
2010-06-28	moodle -- multiple vulnerabilities
2010-06-28	png -- libpng decompression buffer overflow
2010-06-27	mDNSResponder -- corrupted stack crash when parsing bad resolv.conf
2010-06-25	opera -- Data URIs can be used to allow cross-site scripting
2010-06-24	cacti -- multiple vulnerabilities
2010-06-23	mozilla -- multiple vulnerabilities
2010-06-16	tiff -- Multiple integer overflows
2010-06-15	ziproxy -- security vulnerability in PNG decoder
2010-06-14	linux-flashplugin -- multiple vulnerabilities
2010-06-12	tiff -- buffer overflow vulnerability
2010-06-02	mediawiki -- two security vulnerabilities
2010-06-02	sudo -- Secure path vulnerability
2010-05-28	ziproxy -- atypical huge picture files vulnerability
2010-05-14	redmine -- multiple vulnerabilities
2010-05-07	piwik -- cross site scripting vulnerability
2010-05-07	wireshark -- DOCSIS dissector denial of service
2010-05-06	spamass-milter -- remote command execution vulnerability
2010-05-05	lxr -- multiple XSS vulnerabilities
2010-05-05	mediawiki -- authenticated CSRF vulnerability
2010-05-01	vlc -- unintended code execution with specially crafted data
2010-04-26	joomla -- multiple vulnerabilities
2010-04-24	cacti -- SQL injection and command execution vulnerabilities
	moodle -- multiple vulnerabilities
	tomcat -- information disclosure vulnerability
2010-04-21	krb5 -- KDC double free vulnerability
2010-04-20	e107 -- code execution and XSS vulnerabilities
	fetchmail -- denial of service vulnerability
	pidgin -- multiple remote denial of service vulnerabilities
	png -- libpng decompression denial of service
2010-04-19	curl -- libcurl buffer overflow vulnerability
	ejabberd -- queue overload denial of service vulnerability
	irssi -- multiple vulnerabilities
	krb5 -- multiple denial of service vulnerabilities
2010-04-18	krb5 -- remote denial of service vulnerability
2010-04-18	mahara -- sql injection vulnerability
2010-04-15	sudo -- Privilege escalation with sudoedit
2010-04-14	KDM -- local privilege escalation vulnerability
2010-04-06	dojo -- cross-site scripting and other vulnerabilities
2010-04-06	Zend Framework -- security issues in bundled Dojo library
2010-04-05	firefox -- Re-use of freed object due to scope confusion
2010-03-30	mozilla -- multiple vulnerabilities
2010-03-25	postgresql -- bitsubstr overflow
2010-03-24	gtar -- buffer overflow in rmt client
2010-03-23	firefox -- WOFF heap corruption due to integer overflow
2010-03-19	mozilla -- multiple vulnerabilities
2010-03-11	egroupware -- two vulnerabilities
2010-03-08	drupal -- multiple vulnerabilities
2010-03-01	sudo -- Privilege escalation with sudoedit
2010-02-25	openoffice.org -- multiple vulnerabilities
2010-02-18	mozilla -- multiple vulnerabilities
2010-02-16	lighttpd -- denial of service vulnerability
2010-02-14	squid -- Denial of Service vulnerability in HTCP
2010-02-13	gnome-screensaver -- Multiple monitor hotplug issues
2010-02-13	linux-flashplugin -- multiple vulnerabilities
2010-02-12	fetchmail -- heap overflow on verbose X.509 display
2010-02-10	wireshark -- LWRES vulnerability
2010-02-08	otrs -- SQL injection
2010-02-03	apache -- Prevent chunk-size integer overflow on platforms where sizeof(int) < sizeof(long)
2010-02-01	bugzilla -- information leak
2010-02-01	squid -- Denial of Service vulnerability in DNS handling
2010-01-28	irc-ratbox -- multiple vulnerabilities
2010-01-18	dokuwiki -- multiple vulnerabilities
2010-01-11	Zend Framework -- multiple vulnerabilities
2010-01-09	powerdns-recursor -- multiple vulnerabilities
2010-01-04	PEAR -- Net_Ping and Net_Traceroute remote arbitrary command injection
2009-12-25	drupal -- multiple cross-site scripting
2009-12-21	fuser -- missing user's privileges check
2009-12-21	monkey -- improper input validation vulnerability
2009-12-17	php -- multiple vulnerabilities
	postgresql -- multiple vulnerabilities
	tptest -- pwd Remote Stack Buffer Overflow
2009-12-16	mozilla -- multiple vulnerabilities
2009-12-14	freeradius -- remote packet of death vulnerability
2009-12-12	pligg -- Cross-Site Scripting and Cross-Site Request Forgery
2009-12-11	piwik -- php code execution
2009-12-10	dovecot -- Insecure directory permissions
2009-12-09	linux-flashplugin -- multiple vulnerabilities
	rt -- Session fixation vulnerability
	ruby -- heap overflow vulnerability
2009-12-08	expat2 -- buffer over-read and crash
2009-12-08	expat2 -- Parser crash with specially formatted UTF-8 sequences
2009-12-01	opera -- multiple vulnerabilities
2009-11-28	libtool -- Library Search Path Privilege Escalation Issue
2009-11-24	libvorbis -- multiple vulnerabilities
2009-11-23	bugzilla -- information leak
2009-11-23	cacti -- cross-site scripting issues
2009-11-14	wordpress -- multiple vulnerabilities
2009-11-06	p5-HTML-Parser -- denial of service
2009-11-05	gd -- '_gdGetColors' remote buffer overflow vulnerability
2009-11-05	typo3 -- multiple vulnerabilities in TYPO3 Core
2009-11-03	vlc -- stack overflow in MPA, AVI and ASF demuxer
2009-11-02	KDE -- multiple vulnerabilities
2009-10-31	opera -- multiple vulnerabilities
2009-10-28	Enhanced cTorrent -- stack-based overflow
2009-10-28	mozilla -- multiple vulnerabilities
2009-10-25	elinks -- buffer overflow vulnerability
2009-10-22	squidGuard -- multiple vulnerabilities
2009-10-20	Xpdf -- Multiple Vulnerabilities
2009-10-16	django -- denial-of-service attack
2009-10-13	phpmyadmin -- XSS and SQL injection vulnerabilities
2009-10-12	php5 -- Multiple security issues
2009-10-07	virtualbox -- privilege escalation
2009-10-06	FreeBSD -- Devfs / VFS NULL pointer race condition
2009-10-06	FreeBSD -- kqueue pipe race conditions
2009-09-30	mybb -- multiple vulnerabilities
2009-09-22	drupal -- multiple vulnerabilities
2009-09-18	fwbuilder -- security issue in temporary file handling
2009-09-17	bugzilla -- two SQL injections, sensitive data exposure
2009-09-14	horde-base -- multiple vulnerabilities
2009-09-14	nginx -- remote denial of service vulnerability
2009-09-13	ikiwiki -- insufficient blacklisting in teximg plugin
2009-09-13	xapian-omega -- cross-site scripting vulnerability
2009-09-10	mozilla firefox -- multiple vulnerabilities
2009-09-09	cyrus-imapd -- Potential buffer overflow in Sieve
2009-09-08	silc-toolkit -- Format string vulnerabilities
2009-09-04	opera -- multiple vulnerabilities
2009-09-02	dnsmasq -- TFTP server remote code injection vulnerability
2009-08-25	apache22 -- several vulnerabilities
2009-08-20	pidgin -- MSN overflow parsing SLP messages
2009-08-17	GnuTLS -- improper SSL certificate verification
	GnuTLS -- multiple vulnerabilities
	memcached -- memcached stats maps Information Disclosure Weakness
2009-08-12	wordpress -- remote admin password reset vulnerability
2009-08-11	fetchmail -- improper SSL certificate subject verification
2009-08-07	joomla15 -- com_mailto Timeout Issue
2009-08-06	subversion -- heap overflow vulnerability
2009-08-05	bugzilla -- product name information leak
2009-08-04	mozilla -- multiple vulnerabilities
2009-08-04	silc-client -- Format string vulnerability
2009-08-02	SquirrelMail -- Plug-ins compromise
2009-08-01	BIND -- Dynamic update message remote DoS
2009-07-29	mono -- XML signature HMAC truncation spoofing
2009-07-27	squid -- several remote denial of service vulnerabilities
2009-07-17	mozilla -- corrupt JIT state after deep return from native function
2009-07-15	isc-dhcp-client -- Stack overflow vulnerability
2009-07-13	drupal -- multiple vulnerabilities
2009-07-03	nfsen -- remote command execution
2009-06-30	nagios -- Command Injection Vulnerability
2009-06-30	phpmyadmin -- XSS vulnerability
2009-06-23	tor-devel -- DNS resolution vulnerability
2009-06-16	cscope -- buffer overflow
	cscope -- multiple buffer overflows
	joomla -- multiple vulnerabilities
	pidgin -- multiple vulnerabilities
2009-06-15	git -- denial of service vulnerability
2009-06-13	ruby -- BigDecimal denial of service vulnerability
2009-06-12	mozilla -- multiple vulnerabilities
2009-06-08	apr -- multiple vulnerabilities
2009-06-04	dokuwiki -- Local File Inclusion with register_globals on
2009-05-30	eggdrop -- denial of service vulnerability
	libsndfile -- multiple vulnerabilities
	openssl -- denial of service in DTLS implementation
	slim -- local disclosure of X authority magic cookie
	wireshark -- PCNFSD Dissector Denial of Service Vulnerability
2009-05-21	imap-uw -- University of Washington IMAP c-client Remote Format String Vulnerability
2009-05-20	ntp -- stack-based buffer overflow
2009-05-19	nsd -- buffer overflow vulnerability
2009-05-17	libxine -- multiple vulnerabilities
2009-05-17	libxine -- multiple vulnerabilities
2009-05-16	libwmf -- embedded GD library Use-After-Free vulnerability
	libwmf -- integer overflow vulnerability
	mod_perl -- cross-site scripting
	moinmoin -- cross-site scripting vulnerabilities
	php -- ini database truncation inside dba_replace() function
2009-05-15	cyrus-sasl -- buffer overflow vulnerability
2009-05-14	drupal -- cross-site scripting
2009-05-13	ghostscript -- buffer overflow vulnerability
	moinmoin -- multiple cross site scripting vulnerabilities
	pango -- integer overflow
2009-05-09	wireshark -- multiple vulnerabilities
2009-05-07	cups -- remote code execution and DNS rebinding
2009-05-07	FreeBSD -- remotely exploitable crash in OpenSSL
2009-05-06	quagga -- Denial of Service
2009-05-04	openfire -- Openfire No Password Changes Security Bypass
2009-04-30	drupal -- cross site scripting
2009-04-22	mozilla -- multiple vulnerabilities
2009-04-18	freetype2 -- multiple vulnerabilities
	poppler -- Poppler Multiple Vulnerabilities
	xpdf -- multiple vulnerabilities
2009-04-17	ejabberd -- cross-site scripting vulnerability
2009-04-15	phpmyadmin -- insufficient output sanitizing when generating configuration file
2009-04-15	ziproxy -- multiple vulnerability
2009-04-11	drupal6-cck -- cross-site scripting
2009-03-27	pivot-weblog -- file deletion vulnerability
2009-03-25	phpmyadmin -- insufficient output sanitizing when generating configuration file
2009-03-23	amarok -- multiple vulnerabilities
2009-03-22	wireshark -- multiple vulnerabilities
2009-03-18	netatalk -- arbitrary command execution in papd daemon
2009-03-16	ffmpeg -- 4xm processing memory corruption vulnerability
	gstreamer-plugins-good -- multiple memory overflows
	libsndfile -- CAF processing integer overflow vulnerability
	php-mbstring -- php mbstring buffer overflow vulnerability
	phppgadmin -- directory traversal with register_globals enabled
	proftpd -- multiple sql injection vulnerabilities
	roundcube -- webmail script insertion and php code injection
	zabbix -- php frontend multiple vulnerabilities
2009-03-15	opera -- multiple vulnerabilities
2009-03-11	apache -- Cross-site scripting vulnerability
2009-03-11	epiphany -- untrusted search path vulnerability
2009-03-04	curl -- cURL/libcURL Location: Redirect URLs Security Bypass
2009-03-04	pngcrush -- libpng Uninitialised Pointer Arrays Vulnerability
2009-02-18	Zend Framework -- Local File Inclusion vulnerability in Zend_View::render()
2009-02-17	dia -- remote command execution vulnerability
2009-02-15	pycrypto -- ARC2 module buffer overflow
2009-02-14	varnish -- Varnish HTTP Request Parsing Denial of Service
2009-02-13	tor -- multiple vulnerabilities
2009-02-11	codeigniter -- arbitrary script execution in the new Form Validation class
	firefox -- multiple vulnerabilities
	pyblosxom -- atom flavor multiple XML injection vulnerabilities
	typo3 -- cross-site scripting and information disclosure
2009-02-09	amaya -- multiple buffer overflow vulnerabilities
	phplist -- local file inclusion vulnerability
	squid -- remote denial of service vulnerability
	typo3 -- multiple vulnerabilities
	websvn -- multiple vulnerabilities
2009-02-06	sudo -- certain authorized users could run commands as any user
2009-02-04	drupal -- multiple vulnerabilities
2009-02-03	perl -- Directory Permissions Race Condition
2009-01-30	ganglia -- buffer overflow vulnerability
2009-01-30	moinmoin -- multiple cross site scripting vulnerabilities
2009-01-29	tor -- unspecified memory corruption vulnerability
2009-01-28	glpi -- SQL Injection
2009-01-25	openfire -- multiple vulnerabilities
2009-01-21	ipset-tools -- Denial of Service Vulnerabilities
2009-01-20	Teamspeak Server -- Directory Traversal Vulnerability
2009-01-19	git -- gitweb privilege escalation
2009-01-19	optipng -- arbitrary code execution via crafted BMP image
2009-01-15	gtar -- GNU TAR safer_name_suffix Remote Denial of Service Vulnerability
2009-01-15	mplayer -- vulnerability in STR files processor
2009-01-13	cgiwrap -- XSS Vulnerability
2009-01-12	nagios -- web interface privilege escalation vulnerability
2009-01-11	imap-uw -- imap c-client buffer overflow
	imap-uw -- local buffer overflow vulnerabilities
	libcdaudio -- remote buffer overflow and code execution
	mysql -- empty bit-string literal denial of service
	mysql -- privilege escalation and overwrite of the system table information
	mysql -- remote dos via malformed password packet
	mysql -- renaming of arbitrary tables by authenticated users
	pdfjam -- insecure temporary files
	verlihub -- insecure temporary file usage and arbitrary command execution
2009-01-05	FreeBSD -- arc4random(9) predictable sequence vulnerability
	FreeBSD -- Cross-site request forgery in ftpd(8)
	FreeBSD -- IPv6 Neighbor Discovery Protocol routing vulnerability
	FreeBSD -- netgraph / bluetooth privilege escalation
	php5-gd -- uninitialized memory information disclosure vulnerability
	xterm -- DECRQSS remote command execution vulnerability
2009-01-04	awstats -- multiple XSS vulnerabilities
2009-01-03	p5-File-Path -- rmtree allows creation of setuid files
2009-01-02	vim -- multiple vulnerabilities in the netrw module
2008-12-31	vinagre -- format string vulnerability
2008-12-30	mplayer -- twinvq processing buffer overflow vulnerability
	mysql -- MyISAM table privileges security bypass vulnerability for symlinked paths
	roundcube -- remote execution of arbitrary code
	twiki -- multiple vulnerabilities
2008-12-26	ampache -- insecure temporary file usage
2008-12-19	drupal -- multiple vulnerabilities
	mediawiki -- multiple vulnerabilities
	mozilla -- multiple vulnerabilities
	opera -- multiple vulnerabilities
2008-12-11	phpmyadmin -- cross-site request forgery vulnerability
2008-12-08	php5 -- potential magic_quotes_gpc vulnerability
2008-12-07	dovecot-managesieve -- Script Name Directory Traversal Vulnerability
	habari -- Cross-Site Scripting Vulnerability
	mgetty+sendfax -- symlink attack via insecure temporary files
	php -- multiple vulnerabilities
	wireshark -- SMTP Processing Denial of Service Vulnerability
2008-12-06	mantis -- multiple vulnerabilities
	mantis -- php code execution vulnerability
	vlc -- arbitrary code execution in the RealMedia processor
2008-12-04	squirrelmail -- Cross site scripting vulnerability
2008-11-29	cups -- potential buffer overflow in PNG reading code
	hplip -- hpssd Denial of Service
	openoffice -- arbitrary code execution vulnerabilities
	samba -- potential leakage of arbitrary memory contents
	wordpress -- header rss feed script insertion vulnerability
2008-11-24	imlib2 -- XPM processing buffer overflow vulnerability
2008-11-23	streamripper -- multiple buffer overflows
2008-11-22	mantis -- session hijacking vulnerability
2008-11-19	dovecot -- ACL plugin bypass vulnerabilities
	libxml2 -- multiple vulnerabilities
	openfire -- multiple vulnerabilities
2008-11-18	enscript -- arbitrary code execution vulnerability
2008-11-18	syslog-ng2 -- startup directory leakage in the chroot environment
2008-11-16	gnutls -- X.509 certificate chain validation vulnerability
2008-11-14	net-snmp -- DoS for SNMP agent via crafted GETBULK request
2008-11-13	mozilla -- multiple vulnerabilities
2008-11-12	faad2 -- heap overflow vulnerability
2008-11-10	clamav -- off-by-one heap overflow in VBA project parser
2008-11-09	trac -- potential DOS vulnerability
2008-11-08	vlc -- cue processing stack overflow
2008-11-07	emacs -- run-python vulnerability
2008-11-03	opera -- multiple vulnerabilities
2008-11-02	qemu -- Heap overflow in Cirrus emulation
2008-10-31	phpmyadmin -- Cross-Site Scripting Vulnerability
2008-10-28	opera -- multiple vulnerabilities
2008-10-27	libspf2 -- Buffer overflow
2008-10-25	flyspray -- multiple vulnerabilities
2008-10-25	openx -- sql injection vulnerability
2008-10-24	wordpress -- snoopy "_httpsrequest()" shell command execution vulnerability
2008-10-22	drupal -- multiple vulnerabilities
2008-10-22	wordpress -- remote privilege escalation
2008-10-19	libxine -- denial of service vulnerability
2008-10-17	linux-flashplugin -- multiple vulnerabilities
2008-10-15	libxml2 -- two vulnerabilities
2008-10-12	drupal -- multiple vulnerabilities
2008-10-10	cups -- multiple vulnerabilities
2008-10-10	opera -- multiple vulnerabilities
2008-10-01	mplayer -- multiple integer overflows
2008-10-01	mysql -- command line client input validation vulnerability
2008-09-27	lighttpd -- multiple vulnerabilities
2008-09-26	bitlbee -- account recreation security issues
2008-09-24	mozilla -- multiple vulnerabilities
2008-09-23	phpmyadmin -- Cross-Site Scripting Vulnerability
	proftpd -- Long Command Processing Vulnerability
	squirrelmail -- Session hijacking vulnerability
2008-09-19	gallery -- multiple vulnerabilities
2008-09-17	phpmyadmin -- Code execution vulnerability
2008-09-14	twiki -- Arbitrary code execution in session files
2008-09-12	clamav -- CHM Processing Denial of Service
2008-09-12	neon -- NULL pointer dereference in Digest domain support
2008-09-11	horde -- multiple vulnerabilities
2008-09-10	mysql -- MyISAM table privileges security bypass vulnerability
	python -- multiple vulnerabilities
	rubygem-rails -- SQL injection vulnerability
2008-09-05	FreeBSD -- amd64 swapgs local privilege escalation
	FreeBSD -- nmount(2) local arbitrary code execution
	FreeBSD -- Remote kernel panics on IPv6 connections
2008-08-25	opera -- multiple vulnerabilities
2008-08-21	gnutls -- "gnutls_handshake()" Denial of Service
2008-08-20	joomla -- flaw in the reset token validation
2008-08-19	cdf3 -- Buffer overflow vulnerability
2008-08-18	drupal -- multiple vulnerabilities
2008-08-16	ruby -- DNS spoofing vulnerability
	ruby -- DoS vulnerability in WEBrick
	ruby -- multiple vulnerabilities in safe level
2008-08-15	Bugzilla -- Directory Traversal in importxml.pl
2008-08-07	openvpn-devel -- arbitrary code execution
2008-07-18	phpmyadmin -- cross site request forgery vulnerabilities
2008-07-13	drupal -- multiple vulnerabilities
2008-07-13	FreeBSD -- DNS cache poisoning
2008-07-09	poppler -- uninitialized pointer
2008-07-04	py-pylons -- Path traversal bug
2008-07-03	FreeType 2 -- Multiple Vulnerabilities
2008-07-01	fetchmail -- potential crash in -v -v verbose mode (revised patch)
2008-06-28	phpmyadmin -- Cross Site Scripting Vulnerabilities
2008-06-24	apache -- multiple vulnerabilities
2008-06-22	php -- input validation error in safe_mode
2008-06-21	ruby -- multiple integer and buffer overflow vulnerabilities
2008-06-21	vim -- Vim Shell Command Injection Vulnerabilities
2008-06-20	fetchmail -- potential crash in -v -v verbose mode
2008-06-15	xorg -- multiple vulnerabilities
2008-06-14	moinmoin -- superuser privilege escalation
2008-06-13	Courier Authentication Library -- SQL Injection
2008-06-01	ikiwiki -- cleartext passwords
2008-05-31	ikiwiki -- empty password security hole
2008-05-30	linux-flashplugin -- unspecified remote code execution vulnerability
2008-05-28	Nagios -- Cross Site Scripting Vulnerability
2008-05-27	spamdyke -- open relay
2008-05-21	peercast -- arbitrary code execution
2008-05-17	libvorbis -- various security issues
2008-05-14	django -- XSS vulnerability
2008-05-11	vorbis-tools -- Speex header processing vulnerability
2008-05-08	qemu -- "drive_init()" Disk Format Security Bypass
2008-05-07	swfdec -- exposure of sensitive information
2008-05-02	mt-daapd -- integer overflow
2008-05-02	sdl_image -- buffer overflow vulnerabilities
2008-04-26	gnupg -- memory corruption vulnerability
2008-04-25	extman -- password bypass vulnerability
	firefox -- javascript garbage collector vulnerability
	mailman -- script insertion vulnerability
	mksh -- TTY attachment privilege escalation
	openfire -- unspecified denial of service
	php -- integer overflow vulnerability
	png -- unknown chunk processing uninitialized memory access
	python -- Integer Signedness Error in zlib Module
	serendipity -- multiple cross site scripting vulnerabilities
2008-04-24	libxine -- array index vulnerability
	phpmyadmin -- Shared Host Information Disclosure
	phpmyadmin -- Username/Password Session File Information Disclosure
	postgresql -- multiple vulnerabilities
2008-04-15	clamav -- Multiple Vulnerabilities
2008-04-13	ikiwiki -- cross site request forging
2008-04-13	lighttpd -- OpenSSL Error Queue Denial of Service Vulnerability
2008-04-06	postfix-policyd-weight -- working directory symlink vulnerability
2008-04-05	opera -- multiple vulnerabilities
	powerdns-recursor -- DNS cache poisoning
	suphp -- multiple local privilege escalation vulnerabilities
2008-03-30	mozilla -- multiple vulnerabilities
2008-03-26	silc -- pkcs_decode buffer overflow
2008-03-20	bzip2 -- crash with certain malformed archive files
2008-03-11	qemu -- unchecked block read/write vulnerability
2008-03-10	dovecot -- security hole in blocking passdbs
2008-03-06	mplayer -- multiple vulnerabilities
2008-03-05	ghostscript -- zseticcspace() function buffer overflow vulnerability
2008-03-04	phpmyadmin -- SQL injection vulnerability
2008-02-29	pcre -- buffer overflow vulnerability
2008-02-26	libxine -- buffer overflow vulnerability
2008-02-25	coppermine -- multiple vulnerabilities
2008-02-25	moinmoin -- multiple vulnerabilities
2008-02-22	mozilla -- multiple vulnerabilities
	openldap -- modrdn Denial of Service vulnerability
	opera -- multiple vulnerabilities
2008-02-15	clamav -- ClamAV libclamav PE File Integer Overflow Vulnerability
2008-02-12	cacti -- Multiple security vulnerabilities have been discovered
2008-02-11	ikiwiki -- javascript insertion via uris
2008-02-09	zenphoto -- XSS vulnerability
2008-02-04	jetty -- multiple vulnerability
2008-01-29	libxine -- buffer overflow vulnerability
2008-01-23	xorg -- multiple vulnerabilities
2008-01-22	claws-mail -- insecure temporary file creation
2008-01-22	xfce -- multiple vulnerabilities
2008-01-19	IRC Services-- Denial of Service Vulnerability
2008-01-19	libxine -- buffer overflow vulnerability
2008-01-15	geeklog xss vulnerability
2008-01-11	drupal -- cross site request forgery
	drupal -- cross site scripting (register_globals)
	drupal -- cross site scripting (utf8)
2008-01-10	maradns -- CNAME record resource rotation denial of service
2008-01-04	linux-realplayer -- multiple vulnerabilities
2008-01-03	linux-flashplugin -- multiple vulnerabilities
2007-12-29	dovecot -- Specific LDAP + auth cache configuration may mix up user logins
2007-12-25	gallery2 -- multiple vulnerabilities
2007-12-20	e2fsprogs -- heap buffer overflow
2007-12-19	opera -- multiple vulnerabilities
	peercast -- buffer overflow vulnerability
	wireshark -- multiple vulnerabilities
2007-12-17	ganglia-webfrontend -- XSS vulnerabilities
2007-12-12	drupal -- SQL injection vulnerability
	qemu -- Translation Block Local Denial of Service Vulnerability
	samba -- buffer overflow vulnerability
	smbftpd -- format string vulnerability
2007-12-10	jetty -- multiple vulnerabilities
2007-12-08	liveMedia -- DoS vulnerability
2007-12-05	GNU finger vulnerability
2007-12-04	Squid -- Denial of Service Vulnerability
2007-11-28	rubygem-rails -- JSON XSS vulnerability
2007-11-27	firefox -- multiple remote unspecified memory corruption vulnerabilities
	ikiwiki -- improper symlink verification vulnerability
	rubygem-rails -- session-fixation vulnerability
2007-11-21	phpmyadmin -- Cross Site Scripting
2007-11-21	samba -- multiple vulnerabilities
2007-11-16	php -- multiple security vulnerabilities
2007-11-13	flac -- media file processing integer overflow vulnerabilities
2007-11-13	net-snmp -- denial of service via GETBULK request
2007-11-12	mt-daapd -- denial of service vulnerability
	plone -- unsafe data interpreted as pickles
	xpdf -- multiple remote Stream.CC vulnerabilities
2007-11-11	phpmyadmin -- cross-site scripting vulnerability
2007-11-09	cups -- off-by-one buffer overflow
	gallery2 -- multiple vulnerabilities
	tikiwiki -- multiple vulnerabilities
2007-11-06	pcre -- arbitrary code execution
2007-11-06	perl -- regular expressions unicode data buffer overflow
2007-11-05	gftp -- multiple vulnerabilities
2007-11-05	perdition -- str_vwrite format string vulnerability
2007-11-04	dircproxy -- remote denial of service
2007-11-01	wordpress -- cross-site scripting
2007-10-30	openldap -- multiple remote denial of service vulnerabilities
2007-10-27	py-django -- denial of service vulnerability
2007-10-25	opera -- multiple vulnerabilities
2007-10-24	drupal --- multiple vulnerabilities
2007-10-23	ldapscripts -- Command Line User Credentials Disclosure
2007-10-22	firefox -- OnUnload Javascript browser entrapment vulnerability
2007-10-17	phpmyadmin -- cross-site scripting vulnerability
2007-10-16	phpmyadmin -- cross-site scripting vulnerability
2007-10-11	nagios-plugins -- Long Location Header Buffer Overflow Vulnerability
2007-10-11	png -- multiple vulnerabilities
2007-10-10	ImageMagick -- multiple vulnerabilities
2007-10-08	jdk/jre -- Applet Caching May Allow Network Access Restrictions to be Circumvented
2007-10-08	xfs -- multiple vulnerabilities
2007-10-05	tcl/tk -- buffer overflow in ReadImage function
2007-10-04	firebird -- multiple remote buffer overflow vulnerabilities
2007-10-01	id3lib -- insecure temporary file creation
2007-09-21	bugzilla -- multiple vulnerabilities
	clamav -- multiple remote Denial of Service vulnerabilities
	mediawiki -- cross site scripting vulnerability
	samba -- nss_info plugin privilege escalation vulnerability
	wordpress -- remote sql injection vulnerability
2007-09-20	bugzilla -- "createmailregexp" security bypass vulnerability
	coppermine -- multiple vulnerabilities
	openoffice -- arbitrary command execution vulnerability
2007-09-19	flyspray -- authentication bypass
	kdm -- passwordless login vulnerability
	konquerer -- address bar spoofing
	mozilla -- code execution via Quicktime media-link files
2007-09-11	apache -- multiple vulnerabilities
2007-09-11	php -- multiple vulnerabilities
2007-09-10	lighttpd -- FastCGI header overrun in mod_fastcgi
2007-09-05	lsh -- multiple vulnerabilities
2007-09-05	rkhunter -- insecure temporary file creation
2007-09-02	fetchmail -- denial of service on reject of local warning message
2007-09-01	gtar -- Directory traversal vulnerability
2007-08-27	claws-mail -- POP3 Format String Vulnerability
2007-08-21	rsync -- off by one stack overflow
2007-08-15	opera -- Vulnerability in javascript handling
2007-08-02	FreeBSD -- Buffer overflow in tcpdump(1)
	FreeBSD -- Predictable query ids in named(8)
	fsplib -- multiple vulnerabilities
	joomla -- multiple vulnerabilities
2007-07-31	xpdf -- stack based buffer overflow
2007-07-29	mutt -- buffer overflow vulnerability
2007-07-28	drupal -- Cross site request forgeries
	drupal -- Multiple cross-site scripting vulnerabilities
	p5-Net-DNS -- multiple Vulnerabilities
	phpsysinfo -- url Cross-Site Scripting
2007-07-27	vim -- Command Format String Vulnerability
2007-07-26	libvorbis -- Multiple memory corruption flaws
2007-07-24	dokuwiki -- XSS vulnerability in spellchecker backend
	tomcat -- multiple vulnerabilities
	tomcat -- XSS vulnerability in sample applications
2007-07-21	lighttpd -- multiple vulnerabilities
2007-07-19	mozilla -- multiple vulnerabilities
2007-07-19	opera -- multiple vulnerabilities
2007-07-18	linux-flashplugin -- critical vulnerabilities
2007-07-06	wireshark -- Multiple problems
2007-07-03	typespeed -- arbitrary code execution
2007-06-29	gd -- multiple vulnerabilities
2007-06-28	flac123 -- stack overflow in comment parsing
2007-06-25	evolution-data-server -- remote execution of arbitrary code vulnerability
2007-06-21	xpcd -- buffer overflow
2007-06-19	clamav -- multiple vulnerabilities
2007-06-18	p5-Mail-SpamAssassin -- local user symlink-attack DoS vulnerability
2007-06-18	vlc -- format string vulnerability and integer overflow
2007-06-12	cups -- Incomplete SSL Negotiation Denial of Service
2007-06-09	c-ares -- DNS Cache Poisoning Vulnerability
	webmin -- cross site scripting vulnerability
	wordpress -- unmoderated comments disclosure
	wordpress -- XMLRPC SQL Injection
2007-06-07	mplayer -- cddb stack overflow
2007-06-05	mod_jk -- information disclosure
2007-06-04	phppgadmin -- cross site scripting vulnerability
2007-06-04	typo3 -- email header injection
2007-06-01	findutils -- GNU locate heap buffer overrun
2007-05-24	FreeType 2 -- Heap overflow vulnerability
2007-05-23	FreeBSD -- heap overflow in file(1)
2007-05-21	squirrelmail -- Cross site scripting in HTML filter
2007-05-16	png -- DoS crash vulnerability
2007-05-16	samba -- multiple vulnerabilities
2007-05-07	php -- multiple vulnerabilities
2007-05-01	qemu -- several vulnerabilities
2007-04-30	p5-Imager -- possibly exploitable buffer overflow
2007-04-28	FreeBSD -- IPv6 Routing Header 0 is dangerous
2007-04-24	mod_perl -- remote DoS in PATH_INFO parsing
2007-04-19	claws-mail -- APOP vulnerability
2007-04-14	lighttpd -- DOS when access files with mtime 0
2007-04-14	lighttpd -- Remote DOS in CRLF parsing
2007-04-13	freeradius -- EAP-TTLS Tunnel Memory Leak Remote DOS Vulnerability
2007-04-09	fetchmail -- insecure APOP authentication
2007-04-08	mcweject -- exploitable buffer overflow
2007-04-08	WebCalendar -- "noSet" variable overwrite vulnerability
2007-04-05	zope -- cross-site scripting vulnerability
2007-03-21	Squid -- TRACE method handling denial of service
2007-03-16	samba -- format string bug in afsacl.so VFS plugin
	samba -- potential Denial of Service bug in smbd
	sql-ledger -- security bypass vulnerability
2007-03-11	ktorrent -- multiple vulnerabilities
2007-03-09	mplayer -- DMO File Parsing Buffer Overflow Vulnerability
2007-03-09	trac -- cross site scripting vulnerability
2007-03-05	mod_jk -- long URL stack overflow vulnerability
2007-02-27	bind -- Multiple Denial of Service vulnerabilities
	FreeBSD -- Jail rc.d script privilege escalation
	FreeBSD -- Kernel memory disclosure in firewire(4)
	gtar -- name mangling symlink vulnerability
2007-02-26	libarchive -- Infinite loop in corrupt archives handling in libarchive
2007-02-26	OpenSSL -- Multiple problems in crypto(3)
2007-02-24	mozilla -- multiple vulnerabilities
2007-02-21	snort -- DCE/RPC preprocessor vulnerability
2007-02-17	php -- multiple vulnerabilities
2007-02-17	rar -- password prompt buffer overflow vulnerability
2007-01-17	joomla -- multiple remote vulnerabilities
2007-01-15	sircd -- remote operator privilege escalation vulnerability
2007-01-15	sircd -- remote reverse DNS buffer overflow
2007-01-12	cacti -- Multiple vulnerabilities
2007-01-08	mplayer -- buffer overflow in the code for RealMedia RTSP streams.
2007-01-06	fetchmail -- crashes when refusing a message bound for an MDA
2007-01-06	fetchmail -- TLS enforcement problem/MITM attack/password exposure
2007-01-05	drupal -- multiple vulnerabilities
2007-01-05	opera -- multiple vulnerabilities
2007-01-03	w3m -- format string vulnerability
2006-12-27	plone -- user can masquerade as a group
2006-12-21	proftpd -- remote code execution vulnerabilities
2006-12-19	bind9 -- Denial of Service in named(8)
	gzip -- multiple vulnerabilities
	openssl -- Incorrect PKCS#1 v1.5 padding validation in crypto(3)
2006-12-18	sql-ledger -- multiple vulnerabilities
2006-12-14	dbus -- match_rule_equal() Weakness
2006-12-14	evince -- Buffer Overflow Vulnerability
2006-12-13	tdiary -- injection vulnerability
	wv -- Multiple Integer Overflow Vulnerabilities
	wv2 -- Integer Overflow Vulnerability
2006-12-12	clamav -- Multipart Nestings Denial of Service
2006-12-11	tnftpd -- Remote root Exploit
2006-12-07	gnupg -- remotely controllable function pointer
2006-12-07	libxine -- multiple buffer overflow vulnerabilities
2006-12-04	ruby -- cgi.rb library Denial of Service
2006-12-02	ImageMagick -- SGI Image File heap overflow vulnerability
	libmusicbrainz -- multiple buffer overflow vulnerabilities
	tdiary -- cross site scripting vulnerability
2006-11-30	gtar -- GNUTYPE_NAMES directory traversal vulnerability
2006-11-30	kronolith -- arbitrary local file inclusion vulnerability
2006-11-27	gnupg -- buffer overflow
2006-11-14	proftpd -- Remote Code Execution Vulnerability
2006-11-14	unzoo -- Directory Traversal Vulnerability
2006-11-11	bugzilla -- multiple vulnerabilities
2006-11-08	Imlib2 -- multiple image file processing vulnerabilities
2006-11-04	ruby -- cgi.rb library Denial of Service
2006-10-29	mysql -- database "case-sensitive" privilege escalation
	mysql -- database suid privilege escalation
	screen -- combined UTF-8 characters vulnerability
2006-10-22	kdelibs -- integer overflow in khtml
2006-10-21	Serendipity -- XSS Vulnerabilities
2006-10-20	asterisk -- remote heap overwrite vulnerability
2006-10-20	opera -- URL parsing heap overflow vulnerability
2006-10-19	plone -- unprotected MembershipTool methods
2006-10-18	drupal -- cross site request forgeries
	drupal -- HTML attribute injection
	drupal -- multiple XSS vulnerabilities
	ingo -- local arbitrary shell command execution
2006-10-16	clamav -- CHM unpacker and PE rebuilding vulnerabilities
2006-10-16	NVIDIA UNIX driver -- arbitrary root code execution vulnerability
2006-10-15	tkdiff -- temporary file symlink privilege escalation
2006-10-15	vtiger -- multiple remote file inclusion vulnerabilities
2006-10-14	google-earth -- heap overflow in the KML engine
2006-10-07	python -- buffer overrun in repr() for unicode strings
2006-10-07	torrentflux -- User-Agent XSS Vulnerability
2006-10-06	php -- _ecalloc Integer Overflow Vulnerability
2006-10-05	mambo -- multiple SQL injection vulnerabilities
	mono -- "System.CodeDom.Compiler" Insecure Temporary Creation
	openldap -- slapd acl selfwrite Security Issue
	php -- open_basedir Race Condition Vulnerability
	tin -- buffer overflow vulnerabilities
2006-10-04	phpbb -- NULL byte injection vulnerability
2006-10-03	postnuke -- admin section SQL injection
2006-10-02	cscope -- Buffer Overflow Vulnerabilities
	freetype -- LWFN Files Buffer Overflow Vulnerability
	gnutls -- RSA Signature Forgery Vulnerability
	MT -- Search Unspecified XSS
	phpmyadmin -- XSRF vulnerabilities
2006-09-30	dokuwiki -- multiple vulnerabilities
	dokuwiki -- multiple vulnerabilities
	openssh -- multiple vulnerabilities
	punbb -- NULL byte injection vulnerability
	tikiwiki -- multiple vulnerabilities
2006-09-26	freeciv -- Denial of Service Vulnerabilities
	freeciv -- Packet Parsing Denial of Service Vulnerability
	plans -- multiple vulnerabilities
2006-09-25	eyeOS -- multiple XSS security bugs
2006-09-22	libmms -- stack-based buffer overflow
	opera -- RSA Signature Forgery
	zope -- restructuredText "csv_table" Information Disclosure
2006-09-15	mozilla -- multiple vulnerabilities
2006-09-14	win32-codecs -- multiple vulnerabilities
2006-09-13	drupal-pubcookie -- authentication may be bypassed
2006-09-13	php -- multiple vulnerabilities
2006-09-12	linux-flashplugin7 -- arbitrary code execution vulnerabilities
2006-09-04	mailman -- Multiple Vulnerabilities
2006-09-02	gtetrinet -- remote code execution
2006-09-02	hlstats -- multiple cross site scripting vulnerabilities
2006-08-30	joomla -- multiple vulnerabilities
2006-08-23	sppp -- buffer overflow vulnerability
2006-08-17	horde -- Phishing and Cross-Site Scripting Vulnerabilities
2006-08-15	globus -- Multiple tmpfile races
2006-08-13	alsaplayer -- multiple vulnerabilities
	mysql -- format string vulnerability
	postgresql -- encoding based SQL injection
	postgresql -- multiple vulnerabilities
	x11vnc -- authentication bypass vulnerability
2006-08-12	squirrelmail -- random variable overwrite vulnerability
2006-08-10	rubygem-rails -- evaluation of ruby code
2006-08-08	clamav -- heap overflow vulnerability
2006-08-02	drupal -- XSS vulnerability
2006-08-02	gnupg -- 2 more possible memory allocation attacks
2006-07-29	ruby -- multiple vulnerabilities
2006-07-28	apache -- mod_rewrite buffer overflow vulnerability
2006-07-27	mozilla -- multiple vulnerabilities
2006-07-14	zope -- information disclosure vulnerability
2006-07-13	drupal -- multiple vulnerabilities
2006-07-11	shoutcast -- cross-site scripting, information exposure
2006-07-10	samba -- memory exhaustion DoS in smbd
2006-07-10	twiki -- multiple file extensions file upload vulnerability
2006-07-07	trac -- reStructuredText breach of privacy and denial of service vulnerability
2006-07-05	horde -- various problems in dereferrer
2006-07-05	mambo -- SQL injection vulnerabilities
2006-07-03	phpmyadmin -- cross site scripting vulnerability
2006-07-02	webmin, usermin -- arbitrary file disclosure vulnerability
2006-06-30	Joomla -- multiple vulnerabilities
2006-06-30	mutt -- Remote Buffer Overflow Vulnerability
2006-06-27	hashcash -- heap overflow vulnerability
2006-06-25	gnupg -- user id integer overflow vulnerability
2006-06-17	horde -- multiple parameter cross site scripting vulnerabilities
2006-06-16	WebCalendar -- information disclosure vulnerability
2006-06-14	sendmail -- Incorrect multipart message handling
2006-06-11	dokuwiki -- multiple vulnerabilities
2006-06-11	libxine -- buffer overflow vulnerability
2006-06-09	smbfs -- chroot escape
2006-06-09	ypserv -- Inoperative access controls in ypserv
2006-06-08	freeradius -- authentication bypass vulnerability
2006-06-08	freeradius -- multiple vulnerabilities
2006-06-05	dokuwiki -- spellchecker remote PHP code execution
	drupal -- multiple vulnerabilities
	squirrelmail -- plugin.php local file inclusion vulnerability
2006-06-01	MySQL -- Information Disclosure and Buffer Overflow Vulnerabilities
2006-06-01	MySQL -- SQL-injection security vulnerability
2006-05-23	cscope -- buffer overflow vulnerabilities
2006-05-23	frontpage -- cross site scripting vulnerability
2006-05-22	coppermine -- "file" Local File Inclusion Vulnerability
	coppermine -- File Inclusion Vulnerabilities
	coppermine -- Multiple File Extensions Vulnerability
2006-05-21	phpmyadmin -- XSRF vulnerabilities
2006-05-18	vnc -- authentication bypass vulnerability
2006-05-14	phpldapadmin -- Cross-Site Scripting and Script Insertion vulnerabilities
2006-05-06	fswiki -- XSS vulnerability
2006-05-06	mysql50-server -- COM_TABLE_DUMP arbitrary code execution
2006-05-05	awstats -- arbitrary command execution vulnerability
2006-05-03	clamav -- Freshclam HTTP Header Buffer Overflow Vulnerability
	firefox -- denial of service vulnerability
	phpwebftp -- "language" Local File Inclusion
2006-05-02	trac -- Wiki Macro Script Insertion Vulnerability
2006-05-01	jabberd -- SASL Negotiation Denial of Service Vulnerability
2006-04-27	amaya -- Attribute Value Buffer Overflow Vulnerabilities
	cacti -- ADOdb "server.php" Insecure Test Script Security Issue
	ethereal -- Multiple Protocol Dissector Vulnerabilities
	lifetype -- ADOdb "server.php" Insecure Test Script Security Issue
2006-04-25	asterisk -- denial of service vulnerability, local system access
2006-04-23	crossfire-server -- denial of service and remote code execution vulnerability
	p5-DBI -- insecure temporary file creation vulnerability
	wordpress -- full path disclosure
	xine -- multiple remote string vulnerabilities
	zgv, xzgv -- heap overflow vulnerability
2006-04-22	cyrus-sasl -- DIGEST-MD5 Pre-Authentication Denial of Service
2006-04-19	FreeBSD -- FPU information disclosure
2006-04-18	plone -- "member_id" Parameter Portrait Manipulation Vulnerability
2006-04-16	mailman -- Private Archive Script Cross-Site Scripting
2006-04-16	mozilla -- multiple vulnerabilities
2006-04-10	f2c -- insecure temporary files
2006-04-07	kaffeine -- buffer overflow vulnerability
	mplayer -- Multiple integer overflows
	thunderbird -- javascript execution
2006-04-06	clamav -- Multiple Vulnerabilities
	phpmyadmin -- 'set_theme' Cross-Site Scripting
	phpmyadmin -- XSS vulnerabilities
2006-04-05	dia -- XFig Import Plugin Buffer Overflow
	mediawiki -- cross site scripting vulnerability
	mediawiki -- hardcoded placeholder string security bypass vulnerability
	mod_pubcookie -- cross site scripting vulnerability
	netpbm -- buffer overflow in pnmtopng
	openvpn -- LD_PRELOAD code execution on client through malicious or compromised server
	pubcookie-login-server -- cross site scripting vulnerability
	samba -- Exposure of machine account credentials in winbind log files
	zoo -- stack based buffer overflow
2006-03-29	freeradius -- EAP-MSCHAPv2 Authentication Bypass
2006-03-28	horde -- remote code execution vulnerability in the help viewer
2006-03-27	linux-realplayer -- buffer overrun
2006-03-27	linux-realplayer -- heap overflow
2006-03-24	ipsec -- reply attack vulnerability
	OPIE -- arbitrary password change
	sendmail -- race condition vulnerability
2006-03-21	xorg-server -- privilege escalation
2006-03-20	curl -- TFTP packet buffer overflow vulnerability
2006-03-20	heimdal -- Multiple vulnerabilities
2006-03-17	drupal -- multiple vulnerabilities
2006-03-15	horde -- "url" disclosure of sensitive information vulnerability
2006-03-15	linux-flashplugin -- arbitrary code execution vulnerability
2006-03-12	nfs -- remote denial of service
2006-03-12	openssh -- remote denial of service
2006-03-10	GnuPG does not detect injection of unsigned data
2006-03-09	mplayer -- heap overflow in the ASF demuxer
2006-03-04	SSH.COM SFTP server -- format string vulnerability
2006-03-03	gtar -- invalid headers buffer overflow
2006-02-27	bugzilla -- multiple vulnerabilities
2006-02-24	squirrelmail -- multiple vulnerabilities
2006-02-20	abiword, koffice -- stack based buffer overflow vulnerabilities
	gedit -- format string vulnerability
	WebCalendar -- unauthorized access vulnerability
2006-02-18	postgresql81-server -- SET ROLE privilege escalation
2006-02-17	gnupg -- false positive signature verification
2006-02-16	heartbeat -- insecure temporary file creation vulnerability
	libtomcrypt -- weak signature scheme with ECC keys
	mantis -- "view_filters_page.php" cross site scripting vulnerability
	phpbb -- multiple vulnerabilities
	postgresql -- character conversion and tsearch2 vulnerabilities
	rssh -- privilege escalation vulnerability
	sudo -- arbitrary command execution
	tor -- malicious tor server can locate a hidden service
2006-02-15	kpdf -- heap based buffer overflow
	perl, webmin, usermin -- perl format string integer wrap vulnerability
	phpicalendar -- cross site scripting vulnerability
	phpicalendar -- file disclosure vulnerability
2006-02-14	FreeBSD -- Infinite loop in SACK handling
	FreeBSD -- Local kernel memory disclosure
	IEEE 802.11 -- buffer overflow
	ipfw -- IP fragment denial of service
	pf -- IP fragment handling panic
2006-02-07	kpopup -- local root exploit and local denial of service
2006-01-27	cpio -- multiple vulnerabilities
	cvsbug -- race condition
	ee -- temporary file privilege escalation
	texindex -- temporary file privilege escalation
2006-01-23	fetchmail -- crash when bouncing a message
2006-01-23	sge -- local root exploit in bundled rsh executable
2006-01-10	clamav -- possible heap overflow in the UPX code
2006-01-09	milter-bogom -- headerless message crash
2006-01-07	bogofilter -- heap corruption through excessively long words
2006-01-07	bogofilter -- heap corruption through malformed input
2006-01-04	rxvt-unicode -- restore permissions on tty devices
2006-01-01	apache -- mod_imap cross-site scripting flaw
2005-12-22	nbd-server -- buffer overflow vulnerability
2005-12-22	scponly -- local privilege escalation exploits
2005-12-19	fetchmail -- null pointer dereference in multidrop mode with headerless email
2005-12-14	mantis -- "t_core_path" file inclusion vulnerability
2005-12-14	mantis -- "view_filters_page.php" cross-site scripting vulnerability
2005-12-11	horde -- Cross site scripting vulnerabilities in several of Horde's templates
	kronolith -- Cross site scripting vulnerabilities in several of the calendar name and event data fields
	mnemo -- Cross site scripting vulnerabilities in several of the notepad name and note data fields
	nag -- Cross site scripting vulnerabilities in several of the tasklist name and task data fields
	turba -- Cross site scripting vulnerabilities in several of the address book name and contact data fields
2005-12-09	curl -- URL buffer overflow vulnerability
2005-12-07	ffmpeg -- libavcodec buffer overflow vulnerability
	phpmyadmin -- register_globals emulation "import_blacklist" manipulation
	phpmyadmin -- XSS vulnerabilities
	trac -- search module SQL injection vulnerability
2005-12-01	drupal -- multiple vulnerabilities
2005-11-30	mambo -- "register_globals" emulation layer overwrite vulnerability
	opera -- command line URL shell command injection
	opera -- multiple vulnerabilities
2005-11-27	ghostscript -- insecure temporary file creation vulnerability
2005-11-22	horde -- Cross site scripting vulnerabilities in MIME viewers
2005-11-16	phpmyadmin -- HTTP Response Splitting vulnerability
2005-11-13	Macromedia flash player -- swf file handling arbitrary code
2005-11-13	phpSysInfo -- "register_globals" emulation layer overwrite vulnerability
2005-11-10	flyspray -- cross-site scripting vulnerabilities
2005-11-10	p5-Mail-SpamAssassin -- long message header denial of service
2005-11-07	qpopper -- multiple privilege escalation vulnerabilities
2005-11-04	pear-PEAR -- PEAR installer arbitrary code execution vulnerability
2005-11-01	openvpn -- arbitrary code execution on client through malicious or compromised server
	openvpn -- potential denial-of-service on servers in TCP mode
	PHP -- multiple vulnerabilities
	skype -- multiple buffer overflow vulnerabilities
	squid -- FTP server response handling denial of service
2005-10-31	base -- PHP SQL injection vulnerability
2005-10-30	fetchmail -- fetchmailconf local password exposure
2005-10-30	lynx -- remote buffer overflow
2005-10-27	ruby -- vulnerability in the safe level settings
2005-10-20	xloadimage -- buffer overflows in NIFF image title handling
2005-10-18	snort -- Back Orifice preprocessor buffer overflow vulnerability
2005-10-15	gallery2 -- file disclosure vulnerability
2005-10-15	WebCalendar -- remote file inclusion vulnerability
2005-10-12	openssl -- potential SSL 2.0 rollback
2005-10-11	phpmyadmin -- local file inclusion vulnerability
2005-10-11	zope -- expose RestructuredText functionality to untrusted users
2005-10-09	libxine -- format string vulnerability
2005-10-05	imap-uw -- mailbox name handling remote buffer vulnerability
2005-10-02	picasm -- buffer overflow vulnerability
2005-10-02	weex -- remote format string vulnerability
2005-10-01	cfengine -- arbitrary file overwriting vulnerability
2005-10-01	uim -- privilege escalation vulnerability
2005-09-29	phpmyfaq -- SQL injection, takeover, path disclosure, remote code execution
2005-09-24	clamav -- arbitrary code execution and DoS vulnerabilities
2005-09-23	firefox & mozilla -- multiple vulnerabilities
2005-09-22	firefox & mozilla -- command line URL shell command injection
2005-09-17	apache -- Certificate Revocation List (CRL) off-by-one vulnerability
2005-09-17	squirrelmail -- _$POST variable handling allows for various attacks
2005-09-15	squid -- possible denial of service condition regarding NTLM authentication
2005-09-15	X11 server -- pixmap allocation vulnerability
2005-09-13	unzip -- permission race vulnerability
2005-09-10	firefox & mozilla -- buffer overflow vulnerability
2005-09-04	htdig -- cross site scripting vulnerability
	squid -- Denial Of Service Vulnerability in sslConnectTimeout
	squid -- Possible Denial Of Service Vulnerability in store.c
2005-09-03	bind -- buffer overrun vulnerability
2005-09-03	bind9 -- denial of service
2005-09-02	urban -- stack overflow vulnerabilities
2005-08-29	fswiki -- command injection vulnerability
2005-08-27	evolution -- remote format string vulnerabilities
2005-08-27	pam_ldap -- authentication bypass vulnerability
2005-08-26	pcre -- regular expression buffer overflow
2005-08-23	elm -- remote buffer overflow in Expires header
2005-08-19	openvpn -- denial of service: client certificate validation can disconnect unrelated clients
	openvpn -- denial of service: malicious authenticated "tap" client can deplete server virtual memory
	openvpn -- denial of service: undecryptable packet from authorized client can disconnect unrelated clients
	openvpn -- multiple TCP clients connecting with the same certificate at the same time can crash the server
2005-08-17	tor -- diffie-hellman handshake flaw
2005-08-16	acroread -- plug-in buffer overflow vulnerability
2005-08-15	pear-XML_RPC -- remote PHP code injection vulnerability
2005-08-14	awstats -- arbitrary code execution vulnerability
2005-08-12	gaim -- AIM/ICQ away message buffer overflow
	gaim -- AIM/ICQ non-UTF-8 filename crash
	libgadu -- multiple vulnerabilities
	xpdf -- disk fill DoS vulnerability
2005-08-09	gforge -- XSS and email flood vulnerabilities
2005-08-08	postnuke -- multiple vulnerabilities
2005-08-05	devfs -- ruleset bypass
	ipsec -- Incorrect key usage in AES-XCBC-MAC
	mambo -- multiple vulnerabilities
	zlib -- buffer overflow vulnerability
2005-08-03	proftpd -- format string vulnerabilities
2005-08-01	nbsmtp -- format string vulnerability
2005-07-31	gnupg -- OpenPGP symmetric encryption vulnerability
	phpmyadmin -- cross site scripting vulnerability
	sylpheed -- MIME-encoded file name buffer overflow vulnerability
	vim -- vulnerabilities in modeline handling: glob, expand
2005-07-30	ethereal -- multiple protocol dissectors vulnerabilities
	jabberd -- 3 buffer overflows
	opera -- download dialog spoofing vulnerability
	opera -- image dragging vulnerability
	tiff -- buffer overflow vulnerability
2005-07-26	apache -- http request smuggling
2005-07-25	clamav -- multiple remote buffer overflows
2005-07-23	egroupware -- multiple cross-site scripting (XSS) and SQL injection vulnerabilities
2005-07-23	isc-dhcpd -- format string vulnerabilities
2005-07-22	fetchmail -- denial of service/crash from malicious POP3 server
2005-07-21	dnrd -- remote buffer and stack overflow vulnerabilities
2005-07-21	PowerDNS -- LDAP backend fails to escape all queries
2005-07-20	fetchmail -- remote root/code injection from malicious POP3 server
2005-07-18	kdebase -- Kate backup file permission leak
2005-07-16	drupal -- PHP code execution vulnerabilities
2005-07-16	firefox & mozilla -- multiple vulnerabilities
2005-07-09	mysql-server -- insecure temporary file creation
	net-snmp -- fixproc insecure temporary file creation
	phpbb -- multiple vulnerabilities
	phpSysInfo -- cross site scripting vulnerability
	shtool -- insecure temporary file creation
2005-07-08	bugzilla -- multiple vulnerabilities
	ekg -- insecure temporary file creation
	nwclient -- multiple vulnerabilities
	pear-XML_RPC -- information disclosure vulnerabilities
	phppgadmin -- "formLanguage" local file inclusion vulnerability
2005-07-06	acroread -- buffer overflow vulnerability
	acroread -- insecure temporary file creation
	clamav -- cabinet file handling DoS vulnerability
	clamav -- MS-Expand file handling DoS vulnerability
	zlib -- buffer overflow vulnerability
2005-07-05	cacti -- multiple vulnerabilities
	net-snmp -- remote DoS vulnerability
	wordpress -- multiple vulnerabilities
	wordpress -- multiple vulnerabilities
2005-07-03	pear-XML_RPC -- arbitrary remote code execution
2005-07-03	phpbb -- remote PHP code execution vulnerability
2005-06-29	bzip2 -- denial of service and permission race vulnerabilities
	kernel -- ipfw packet matching errors with address tables
	kernel -- TCP connection stall denial of service
2005-06-24	ethereal -- multiple protocol dissectors vulnerabilities
	linux-realplayer -- RealText parsing heap overflow
	tor -- information disclosure
2005-06-23	ruby -- arbitrary command execution on XMLRPC server
2005-06-21	cacti -- potential SQL injection and cross site scripting attacks
2005-06-20	opera -- "javascript:" URL cross-site scripting vulnerability
	opera -- redirection cross-site scripting vulnerability
	opera -- XMLHttpRequest security bypass
	razor-agents -- denial of service vulnerability
	sudo -- local race condition vulnerability
	trac -- file upload/download vulnerability
2005-06-18	acroread -- XML External Entity vulnerability
	gzip -- directory traversal and permission race vulnerabilities
	p5-Mail-SpamAssassin -- denial of service vulnerability
	squirrelmail -- Several cross site scripting vulnerabilities
	tcpdump -- infinite loops in protocol decoding
2005-06-17	fd_set -- bitmap index overflow in multiple applications
	gaim -- MSN Remote DoS vulnerability
	gaim -- Yahoo! remote crash vulnerability
	gallery -- cross-site scripting
	gallery -- remote code injection via HTTP_POST_VARS
	kstars -- exploitable set-user-ID application fliccd
2005-06-09	leafnode -- denial of service vulnerability
2005-06-03	gforge -- directory traversal vulnerability
	imap-uw -- authentication bypass when CRAM-MD5 is enabled
	racoon -- remote denial-of-service
	squid -- denial-of-service vulnerabilities
	xli -- integer overflows in image size calculations
	xloadimage -- arbitrary command execution when handling compressed files
	xloadimage -- buffer overflow in FACES image handling
	yamt -- buffer overflow and directory traversal issues
2005-06-01	linux_base -- vulnerabilities in Red Hat 7.1 libraries
	mailman -- generated passwords are poor quality
	mailman -- password disclosure
	squirrelmail -- XSS and remote code injection vulnerabilities
	sympa -- buffer overflow in "queue"
	tomcat -- Tomcat Manager cross-site scripting
	xtrlock -- X display locking bypass
	xview -- multiple buffer overflows in xv_parse_one
2005-05-29	fswiki -- XSS problem in file upload form
2005-05-22	freeradius -- sql injection and denial of service vulnerability
	oops -- format string vulnerability
	ppxp -- local root exploit
2005-05-19	cdrdao -- unspecified privilege escalation vulnerability
	squid -- DNS lookup spoofing vulnerability
	squid -- possible abuse of cachemgr.cgi
2005-05-14	gaim -- MSN remote DoS vulnerability
2005-05-14	gaim -- remote crash on some protocols
2005-05-13	kernel -- information disclosure when using HTT
2005-05-13	leafnode -- fetchnews denial-of-service triggered by transmission abort/timeout
2005-05-12	mozilla -- "Wrapped" javascript: urls bypass security checks
2005-05-12	mozilla -- privilege escalation via non-DOM property overrides
2005-05-11	mozilla -- code execution via javascript: IconURL vulnerability
	qmail -- 64 bit integer overflows with possible remote code execution on large SMTP requests
	qmail -- 64 bit integer overflows with possible remote code execution on large SMTP requests
	qmail -- 64 bit integer overflows with possible remote code execution on large SMTP requests
2005-05-09	groff -- groffer uses temporary files unsafely
2005-05-09	groff -- pic2graph and eqn2graph are vulnerable to symlink attack through temporary files
2005-05-01	coppermine -- IP spoofing and XSS vulnerability
	rsnapshot -- local privilege escalation
	sharutils -- unshar insecure temporary file creation
2005-04-27	ImageMagick -- ReadPNMImage() heap overflow vulnerability
2005-04-25	gaim -- AIM/ICQ remote denial of service vulnerability
	gaim -- remote DoS on receiving malformed HTML
	mplayer & libxine -- MMS and Real RTSP buffer overflow vulnerabilities
2005-04-23	kdewebdev -- kommander untrusted code execution vulnerability
2005-04-22	junkbuster -- heap corruption vulnerability and configuration modification vulnerability
2005-04-22	kdelibs -- kimgio input validation errors
2005-04-19	gld -- format string and buffer overflow vulnerabilities
2005-04-17	axel -- remote buffer overflow
2005-04-16	firefox -- arbitrary code execution in sidebar panel
	firefox -- PLUGINSPAGE privileged javascript execution
	jdk -- jar directory traversal vulnerability
	mozilla -- code execution through javascript: favicons
	mozilla -- javascript "lambda" replace exposes memory contents
	mozilla -- privilege escalation via DOM property overrides
2005-04-13	openoffice -- DOC document heap overflow vulnerability
2005-04-12	portupgrade -- insecure temporary file handling vulnerability
2005-04-10	gaim -- jabber remote crash
	gaim -- remote DoS on receiving certain messages over IRC
	gaim -- remote DoS on receiving malformed HTML
	php -- readfile() DoS vulnerability
	squid -- DoS on failed PUT/POST requests vulnerability
2005-04-05	horde -- Horde Page Title Cross-Site Scripting Vulnerability
2005-04-04	wu-ftpd -- remote globbing DoS vulnerability
2005-04-02	hashcash -- format string vulnerability
2005-03-26	clamav -- zip handling DoS vulnerability
2005-03-24	firefox -- arbitrary code execution from sidebar panel
	mozilla -- heap buffer overflow in GIF image processing
	wine -- information disclosure due to insecure temporary file handling
2005-03-23	sylpheed -- buffer overflow in header processing
2005-03-21	kdelibs -- local DCOP denial of service vulnerability
2005-03-21	xv -- filename handling format string vulnerability
2005-03-15	phpmyadmin -- increased privilege vulnerability
2005-03-14	ethereal -- multiple protocol dissectors vulnerabilities
	grip -- CDDB response multiple matches buffer overflow vulnerability
	mysql-server -- multiple remote vulnerabilities
2005-03-13	rxvt-unicode -- buffer overflow vulnerability
2005-03-08	libexif -- buffer overflow vulnerability
	phpmyadmin -- arbitrary file include and XSS vulnerabilities
	phpmyadmin -- information disclosure vulnerability
2005-03-05	phpbb -- Insuffient check against HTML code in usercp_register.php
2005-03-04	postnuke -- cross-site scripting (XSS) vulnerabilities
	postnuke -- SQL injection vulnerabilities
	realplayer -- remote heap overflow
2005-03-03	ImageMagick -- format string vulnerability
2005-03-01	lighttpd -- script source disclosure vulnerability
2005-03-01	uim -- privilege escalation vulnerability
2005-02-28	phpbb -- privilege elevation and path disclosure
2005-02-27	curl -- authentication buffer overflow vulnerability
	cyrus-imapd -- multiple buffer overflow vulnerabilities
	sup -- format string vulnerability
2005-02-26	mozilla -- arbitrary code execution vulnerability
2005-02-26	mozilla -- insecure temporary directory vulnerability
2005-02-24	mkbold-mkitalic -- format string vulnerability
2005-02-23	phpbb -- multiple information disclosure vulnerabilities
2005-02-22	unace -- multiple vulnerabilities
2005-02-20	putty -- pscp/psftp heap corruption vulnerabilities
2005-02-18	bidwatcher -- format string vulnerability
	gftp -- directory traversal vulnerability
	kdelibs -- insecure temporary file creation
	opera -- "data:" URI handler spoofing vulnerability
	opera -- kfmclient exec command execution vulnerability
2005-02-17	postgresql -- multiple buffer overflows in PL/PgSQL parser
2005-02-16	awstats -- arbitrary command execution
2005-02-14	emacs -- movemail format string vulnerability
2005-02-14	powerdns -- DoS vulnerability
2005-02-13	mod_python -- information leakage vulnerability
	ngircd -- buffer overflow vulnerability
	ngircd -- format string vulnerability
2005-02-12	mailman -- directory traversal vulnerability
2005-02-11	enscript -- multiple vulnerabilities
2005-02-08	ethereal -- multiple protocol dissectors vulnerabilities
	postgresql -- privilege escalation vulnerability
	squid -- correct handling of oversized HTTP reply headers
2005-02-03	python -- SimpleXMLRPCServer.py allows unrestricted traversal
2005-02-02	perl -- vulnerabilities in PERLIO_DEBUG handling
2005-02-01	newsfetch -- server response buffer overflow vulnerability
	newsgrab -- directory traversal vulnerability
	newsgrab -- insecure file and directory creation
	newspost -- server response buffer overflow vulnerability
2005-01-28	squid -- buffer overflow in WCCP recvfrom() call
2005-01-26	xpdf -- makeFileKey2() buffer overflow vulnerability
2005-01-25	evolution -- arbitrary code execution vulnerability
2005-01-25	zhcon -- unauthorized file access
2005-01-24	bugzilla -- cross-site scripting vulnerability
	mod_dosevasive -- insecure temporary file creation
	opera -- multiple vulnerabilities in Java implementation
	squid -- possible cache-poisoning via malformed HTTP responses
	web browsers -- window injection vulnerabilities
2005-01-23	yamt -- arbitrary command execution vulnerability
2005-01-22	horde -- XSS vulnerabilities
2005-01-22	squid -- HTTP response splitting cache pollution attack
2005-01-21	egroupware -- arbitrary file download in JiNN
	fcron -- multiple vulnerabilities
	imlib -- xpm heap buffer overflows and integer overflows
	mc -- multiple vulnerabilities
	perl -- File::Path insecure file/directory permissions
	quake2 -- multiple critical vulnerabilities
	realplayer -- arbitrary file deletion and other vulnerabilities
	sudo -- environmental variable CDPATH is not cleared
2005-01-19	konversation -- shell script command injection
2005-01-19	squid -- no sanity check of usernames in squid_ldap_auth
2005-01-18	awstats -- remote command execution vulnerability
	cups-base -- CUPS server remote DoS vulnerability
	ImageMagick -- PSD handler heap overflow vulnerability
	mozilla -- insecure permissions for some downloaded files
	tiff -- divide-by-zero denial-of-service
	zgv -- exploitable heap overflows
2005-01-17	cups-base -- HPGL buffer overflow vulnerability
2005-01-17	cups-lpr -- lppasswd multiple vulnerabilities
2005-01-16	mysql-scripts -- mysqlaccess insecure temporary file creation
2005-01-16	unrtf -- buffer overflow vulnerability
2005-01-13	mozilla -- heap overflow in NNTP handler
2005-01-13	mpg123 -- buffer overflow vulnerability
2005-01-12	libxine -- DVD subpicture decoder heap overflow
	libxine -- multiple buffer overflows in RTSP
	libxine -- multiple vulnerabilities in VideoCD handling
	squid -- buffer overflow vulnerability in gopherToHTML
	squid -- denial of service with forged WCCP messages
2005-01-11	hylafax -- unauthorized login vulnerability
2005-01-11	xshisen -- local buffer overflows
2005-01-10	helvis -- arbitrary file deletion problem
2005-01-10	helvis -- information leak vulnerabilities
2005-01-08	dillo -- format string vulnerability
2005-01-07	tnftp -- mget does not check for directory escapes
2005-01-06	pcal -- buffer overflow vulnerabilities
	tiff -- directory entry count integer overflow vulnerability
	tiff -- tiffdump integer overflow vulnerability
	vim -- vulnerabilities in modeline handling
2005-01-05	exim -- two buffer overflow vulnerabilities
2005-01-03	golddig -- local buffer overflow vulnerabilities
	greed -- insecure GRX file processing
	mpg123 -- playlist processing buffer overflow vulnerability
2005-01-02	up-imapproxy -- multiple vulnerabilities
2005-01-01	kdelibs3 -- konqueror FTP command injection vulnerability
2004-12-30	a2ps -- insecure temporary file creation
2004-12-29	libxine -- buffer-overflow vulnerability in aiff support
2004-12-26	jabberd -- denial-of-service vulnerability
2004-12-23	ethereal -- multiple vulnerabilities
	squid -- confusing results on empty acl declarations
	xpdf -- buffer overflow vulnerability
2004-12-22	phpbb -- arbitrary command execution and other vulnerabilities
2004-12-21	acroread5 -- mailListIsPdf() buffer overflow vulnerability
	ecartis -- unauthorised access to admin interface
	krb5 -- heap buffer overflow vulnerability in libkadm5srv
	mplayer -- multiple vulnerabilities
	samba -- integer overflow vulnerability
2004-12-17	php -- multiple vulnerabilities
2004-12-16	mysql -- ALTER MERGE denial of service vulnerability
	mysql -- erroneous access restrictions applied to table renames
	mysql -- FTS request denial of service vulnerability
	mysql -- GRANT access restriction problem
	mysql -- mysql_real_connect buffer overflow vulnerability
2004-12-15	phpmyadmin -- command execution vulnerability
2004-12-15	phpmyadmin -- file disclosure vulnerability
2004-12-14	wget -- multiple vulnerabilities
2004-12-12	konqueror -- Password Disclosure for SMB Shares
2004-12-11	mod_access_referer -- null pointer dereference vulnerability
2004-12-09	squid -- possible information disclosure
2004-12-08	viewcvs -- information leakage
2004-12-07	cscope -- symlink attack vulnerability
2004-12-04	bnc -- remotely exploitable buffer overflow in getnickuserhost
2004-12-02	rockdodger -- buffer overflows
2004-12-02	rssh & scponly -- arbitrary command execution
2004-12-01	sudoscript -- signal delivery vulnerability
2004-12-01	zip -- long path buffer overflow
2004-11-30	jabberd -- remote buffer overflow vulnerability
2004-11-27	Open DC Hub -- remote buffer overflow vulnerability
2004-11-26	unarj -- directory traversal vulnerability
2004-11-26	unarj -- long filename buffer overflow
2004-11-25	jdk/jre -- Security Vulnerability With Java Plugin
2004-11-25	ProZilla -- server response buffer overflow vulnerabilities
2004-11-22	Cyrus IMAPd -- APPEND command uses undefined programming construct
	Cyrus IMAPd -- FETCH command out of bounds memory corruption
	Cyrus IMAPd -- IMAPMAGICPLUS preauthentification overflow
	Cyrus IMAPd -- PARTIAL command out of bounds memory corruption
2004-11-20	phpMyAdmin -- cross-site scripting vulnerabilities
2004-11-18	Overflow error in fetch
2004-11-17	smbd -- buffer-overrun vulnerability
2004-11-15	proxytunnel -- format string vulnerability
2004-11-15	twiki -- arbitrary shell command execution
2004-11-13	ruby -- CGI DoS
2004-11-13	sudo -- privilege escalation with bash scripts
2004-11-12	gnats -- format string vulnerability
	samba -- potential remote DoS vulnerability
	squirrelmail -- cross site scripting vulnerability
2004-11-11	ez-ipupdate -- format string vulnerability
	hafiye -- lack of terminal escape sequence filtering
	ImageMagick -- EXIF parser buffer overflow
2004-11-10	apache2 multiple space header denial-of-service vulnerability
2004-11-10	socat -- format string vulnerability
2004-11-09	libxml -- remote buffer overflows
2004-11-08	p5-Archive-Zip -- virus detection evasion
2004-11-06	apache mod_include buffer overflow vulnerability
2004-11-06	postgresql-contrib -- insecure temporary file creation
2004-11-05	gd -- integer overflow
2004-11-04	putty -- buffer overflow vulnerability in ssh2 support
2004-11-03	wzdftpd -- remote DoS
2004-10-27	horde -- cross-site scripting vulnerability in help window
2004-10-26	bogofilter -- RFC 2047 decoder denial-of-service vulnerability
2004-10-25	gaim -- buffer overflow in MSN protocol support
	gaim -- Content-Length header denial-of-service vulnerability
	gaim -- heap overflow exploitable by malicious GroupWise server
	gaim -- malicious smiley themes
	gaim -- MSN denial-of-service vulnerabilities
	gaim -- multiple buffer overflows
	rssh -- format string vulnerability
	xpdf -- integer overflow vulnerabilities
2004-10-23	mod_ssl -- SSLCipherSuite bypass
2004-10-23	mpg123 -- buffer overflow in URL handling
2004-10-21	apache2 -- SSL remote DoS
2004-10-20	a2ps -- insecure command line argument handling
	cabextract -- insecure directory handling
	phpmyadmin -- remote command execution vulnerability
2004-10-19	ifmail -- unsafe set-user-ID application
2004-10-19	imwheel -- insecure handling of PID file
2004-10-18	squid -- NTLM authentication denial-of-service vulnerability
2004-10-17	apache13-modssl -- format string vulnerability in proxy support
2004-10-17	cacti -- SQL injection
2004-10-15	tor -- remote DoS and loss of anonymity
2004-10-13	CUPS -- local information disclosure
	freeradius -- denial-of-service vulnerability
	icecast -- Cross-Site Scripting Vulnerability
	icecast -- HTTP header overflow
	sharutils -- buffer overflows
	tiff -- multiple integer overflows
	tiff -- RLE decoder heap overflows
	wordpress -- XSS in administration panel
	xerces-c2 -- Attribute blowup denial-of-service
2004-10-12	cyrus-sasl -- potential buffer overflow in DIGEST-MD5 plugin
	mail-notification -- denial-of-service vulnerability
	squid -- SNMP module denial-of-service vulnerability
	zinf -- potential buffer overflow playlist support
2004-10-08	cyrus-sasl -- dynamic library loading and set-user-ID applications
2004-10-05	bmon -- unsafe set-user-ID application
	gnutls -- certificate chain verification DoS
	imp3 -- XSS hole in the HTML viewer
	php -- php_variables memory disclosure
	xv -- exploitable buffer overflows
2004-10-04	Boundary checking errors in syscons
2004-10-04	getmail -- symlink vulnerability during maildir delivery
2004-10-03	distcc -- incorrect parsing of IP access control rules
2004-10-03	racoon -- improper certificate handling
2004-09-30	mozilla -- hostname spoofing bug
	mozilla -- scripting vulnerabilities
	mozilla -- users may be lured into bypassing security dialogs
	samba -- remote file disclosure
2004-09-28	mozilla -- BMP decoder vulnerabilities
	mozilla -- multiple heap buffer overflows
	mozilla -- vCard stack buffer overflow
2004-09-27	php -- memory_limit related vulnerability
2004-09-27	php -- strip_tags cross-site scripting vulnerability
2004-09-26	subversion -- WebDAV fails to protect metadata
2004-09-23	lha -- numerous vulnerabilities when extracting archives
2004-09-23	mysql -- heap buffer overflow with prepared statements
2004-09-22	mozilla -- automated file upload
	mozilla -- built-in CA certificates may be overridden
	mozilla -- NULL bytes in FTP URLs
	mozilla -- security icon spoofing
2004-09-21	rssh -- file name disclosure bug
2004-09-20	Cyrus IMSPd multiple vulnerabilities
	gnu-radius -- SNMP-related denial-of-service
	sudo -- sudoedit information disclosure
2004-09-19	apache -- heap overflow in mod_proxy
2004-09-15	apache -- ap_resolve_env buffer overflow
	apache -- apr_uri_parse IPv6 address handling vulnerability
	cups -- print queue browser denial-of-service
	gdk-pixbuf -- image decoding vulnerabilities
	mod_dav -- lock related denial-of-service
	php -- vulnerability in RFC 1867 file upload processing
	xpm -- image decoding vulnerabilities
2004-09-14	mozilla -- POP client heap overflow
	mozilla -- SOAPParameter integer overflow
	mpg123 buffer overflow
	openoffice -- document disclosure
	samba3 DoS attack
	webmin -- insecure temporary file creation at installation time
2004-08-31	ImageMagick -- BMP decoder buffer overflow
	imlib -- BMP decoder heap buffer overflow
	imlib2 -- BMP decoder buffer overflow
	krb5 -- ASN.1 decoder denial-of-service vulnerability
	krb5 -- double-free vulnerabilities
2004-08-27	nss -- exploitable buffer overflow in SSLv2 protocol handler
2004-08-27	ripMIME -- decoding bug allowing content filter bypass
2004-08-26	gnomevfs -- unsafe URI handling
	kdelibs -- konqueror cross-domain cookie injection
	moinmoin -- ACL group bypass
	rsync -- path sanitizing vulnerability
	SoX buffer overflows when handling .WAV files
2004-08-23	SpamAssassin -- denial-of-service in tokenize_headers
2004-08-22	courier-imap -- format string vulnerability in debug mode
	fidogate -- write files as `news' user
	mysql -- mysqlhotcopy insecure temporary file creation
	qt -- image loader vulnerabilities
2004-08-17	cvs -- numerous vulnerabilities
2004-08-17	tnftpd -- remotely exploitable vulnerability
2004-08-16	Ruby insecure file permissions in the CGI session management
2004-08-13	Arbitrary code execution via a format string vulnerability in jftpgw
2004-08-12	acroread uudecoder input validation error
	gaim remotely exploitable vulnerabilities in MSN component
	kdelibs insecure temporary file handling
	Mutiple browser frame injection vulnerability
	popfile file disclosure
2004-08-04	ImageMagick png vulnerability fix
2004-08-04	libpng stack-based buffer overflow and other code concerns
2004-07-30	Mozilla / Firefox user interface spoofing vulnerability
2004-07-30	Mozilla certificate spoofing
2004-07-21	Multiple Potential Buffer Overruns in Samba
2004-07-11	multiple vulnerabilities in ethereal
2004-07-11	multiple vulnerabilities in ethereal
2004-07-05	"Content-Type" XSS vulnerability affecting other webmail systems
	Format string vulnerability in SSLtelnet
	MySQL authentication bypass / buffer overflow
2004-07-03	Pavuk HTTP Location header overflow
2004-07-03	Several vulnerabilities found in PHPNuke
2004-07-02	GNATS local privilege elevation
2004-07-02	Remote code injection in phpMyAdmin
2004-06-30	Linux binary compatibility mode input validation error
2004-06-28	MoinMoin administrative group name privilege escalation vulnerability
2004-06-28	XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0
2004-06-25	isc-dhcp3-server buffer overflow in logging mechanism
2004-06-25	Remote Denial of Service of HTTP server and client
2004-06-24	Gallery 1.4.3 and ealier user authentication bypass
2004-06-09	Buffer overflow in Squid NTLM authentication helper
2004-06-07	jailed processes can manipulate host routing tables
2004-05-26	buffer cache invalidation implementation issues
2004-05-21	leafnode denial-of-service triggered by article request
	leafnode fetchnews denial-of-service triggered by missing header
	leafnode fetchnews denial-of-service triggered by truncated transmission
2004-05-19	cvs pserver remote heap buffer overflow
	neon date parsing vulnerability
	subversion date parsing vulnerability
2004-05-18	URI handler vulnerabilities in several browsers
2004-05-12	Cyrus IMAP pre-authentication heap overflow vulnerability
2004-05-06	exim buffer overflow when verify = header_syntax is used
2004-05-06	phpBB session table exhaustion
2004-05-05	heimdal kadmind remote heap buffer overflow
2004-05-02	lha buffer overflows and path traversal issues
	libpng denial-of-service
	Midnight Commander buffer overflows, format string bugs, and insecure temporary file handling
	pound remotely exploitable vulnerability
	proftpd IP address access control list breakage
	rsync path traversal issue
	xine-lib arbitrary file overwrite
2004-04-23	ident2 double byte buffer overflow
	phpBB IP address spoofing
	xchat remotely exploitable buffer overflow (Socks5)
2004-04-16	MySQL insecure temporary file creation (mysqlbug)
2004-04-15	kdepim exploitable buffer overflow in VCF reader
2004-04-15	neon format string vulnerabilities
2004-04-14	CVS path validation errors
2004-04-14	racoon remote denial of service vulnerability (ISAKMP header length field)
2004-04-07	jailed processes can attach to other jails
	many out-of-sequence TCP packets denial-of-service
	mksnap_ffs clears file system options
	racoon fails to verify signature during Phase 1
	racoon remote denial of service vulnerability (IKE Generic Payload Header)
	shmat reference counting bug
2004-04-03	Midnight Commander buffer overflow during symlink resolution
2004-04-02	Incorrect cross-realm trust handling in Heimdal
2004-03-31	Courier mail services: remotely exploitable buffer overflows
	isakmpd payload handling denial-of-service vulnerabilities
	mplayer heap overflow in http requests
	tcpdump ISAKMP payload handling remote denial-of-service
2004-03-29	ecartis buffer overflows and input validation bugs
	setsockopt(2) IPv6 sockets input validation error
	zebra/quagga denial of service vulnerability
2004-03-28	Buffer overflows and format string bugs in Emil
	Critical SQL injection in phpBB
	oftpd denial-of-service vulnerability (PORT command)
2004-03-26	ezbounce remote format string vulnerability
	insecure temporary file creation in xine-check, xine-bugreport
	multiple vulnerabilities in ethereal
	multiple vulnerabilities in phpBB
	squid ACL bypass due to URL decoding bug
2004-03-25	racoon security association deletion vulnerability
2004-03-18	uudeview buffer overflows
2004-03-17	ModSecurity for Apache 2.x remote off-by-one overflow
2004-03-17	OpenSSL ChangeCipherSpec denial-of-service vulnerability
2004-03-08	Apache 1.3 IP address access control failure on some 64-bit platforms
	Apache 2 mod_ssl denial-of-service
	wu-ftpd ftpaccess `restricted-uid'/`restricted-gid' directive may be bypassed
2004-03-07	mpg123 vulnerabilities
2004-03-06	GNU Anubis buffer overflows and format string vulnerabilities
2004-03-05	multiple buffer overflows in xboing
2004-03-03	mod_python denial-of-service vulnerability in parse_qs
2004-02-25	Darwin Streaming Server denial-of-service vulnerability
	fetchmail -- denial-of-service vulnerability
	hsftp format string vulnerabilities
	lbreakout2 vulnerability in environment variable handling
	libxml2 stack buffer overflow in URI parsing
	mailman denial-of-service vulnerability in MailCommandHandler
	mailman XSS in admin script
	mailman XSS in create script
	mailman XSS in user options page
	SQL injection vulnerability in phpnuke
2004-02-22	file disclosure in phpMyAdmin
2004-02-22	Vulnerabilities in H.323 implementations
2004-02-18	metamail format string bugs and buffer overflows
2004-02-15	mnGoSearch buffer overflow in UdmDocToTextBuf()
2004-02-13	GNU libtool insecure temporary file handling
2004-02-12	Buffer overflow in Mutt 1.4
	Buffer overflows in XFree86 servers
	CCE contains exploitable buffer overflows
	ChiTeX/ChiLaTeX unsafe set-user-id root
	clamav remote denial-of-service
	icecast 1.x multiple vulnerabilities
	nap allows arbitrary file access
	pine insecure URL handling
	pine remote denial-of-service attack
	pine remotely exploitable buffer overflow in newmail.c
	pine remotely exploitable vulnerabilities
	rsync buffer overflow in server mode
	Samba 3.0.x password initialization bug
	seti@home remotely exploitable buffer overflow
	Several remotely exploitable buffer overflows in gaim
2004-02-10	Apache-SSL optional client certificate vulnerability
2004-01-19	fsp buffer overflow and directory traversal vulnerabilities
2004-01-19	L2TP, ISAKMP, and RADIUS parsing vulnerabilities in tcpdump
2004-01-08	Buffer overflow in INN control message handling
2004-01-05	ProFTPD ASCII translation bug resulting in remote root compromise
2003-12-12	bind8 negative cache poison attack
	ElGamal sign+encrypt keys created by GnuPG can be compromised
	lftp HTML parsing vulnerability
	Mathopd buffer overflow
	qpopper format string vulnerability
2003-10-25	Buffer overflow in pam_smb password handling
	Buffer overflows in libmcrypt
	fetchmail -- address parsing vulnerability