22 matches found
EUVD-2018-0272
Malware in sbrugna...
CVE-2023-29465
SageMath FlintQS 1.0 relies on pathnames under TMPDIR typically world-writable, which for example allows a local user to overwrite files with the privileges of a different user who is running FlintQS...
CVE-2017-4998
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is potentially affected by a cross-site request forgery vulnerability. A remote low privileged attacker may potentially exploit the vulnerability to execute unauthorized requests on behalf of the victim, using the authenticated...
Google Chrome < 24.0.1312.56 Multiple Vulnerabilities
The version of Google Chrome installed on the remote host is earlier than 24.0.1312.56 and is, therefore, affected by the following vulnerabilities : - A use-after-free vulnerability exists related to font handling and canvas. CVE-2013-0839 - An error exists related to URL validation and the...
Google Chrome < 23.0.1271.91 Multiple Vulnerabilities
Binary data 6628.pasl...
Google Chrome < 23.0.1271.64 Multiple Vulnerabilities
Binary data 800919.prm...
Ubuntu Update for gimp USN-1147-1
Ubuntu Update for Linux kernel vulnerabilities USN-1147-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN11471.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for gimp USN-1147-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This...
Microsoft OLE Automation String Manipulation Heap Overflow (MS07-043; CVE-2007-2224)
Microsoft Object linking and embedding OLE Automation is the formal inter-process communication mechanism based on Component Object Model COM. It provides an infrastructure whereby applications called automation controllers can access and manipulate shared automation objects that are exported by...
Ubuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : libthai vulnerability (USN-887-1)
Tim Starling discovered that LibThai did not correctly handle long strings. A remote attacker could use specially-formed strings to execute arbitrary code with the user's privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security...
Ubuntu Update for gimp vulnerabilities USN-880-1
Ubuntu Update for Linux kernel vulnerabilities USN-880-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN8801.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for gimp vulnerabilities USN-880-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...
FreeBSD : fuser -- missing user's privileges check (4d6076fe-ee7a-11de-9cd0-001a926c7637)
Denis Barov reports : sysutils/fuser allows user to send any signal to any process when installed with suid bit. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2018 Jacques...
Ubuntu Update for vim vulnerability USN-505-1
Ubuntu Update for Linux kernel vulnerabilities USN-505-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN5051.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for vim vulnerability USN-505-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.n...
Ubuntu Update for libgtop2 vulnerability USN-407-1
Ubuntu Update for Linux kernel vulnerabilities USN-407-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN4071.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for libgtop2 vulnerability USN-407-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...
3ivx MPEG-4 < 5.0.2 Buffer Overflow
The 3ivx MPEG-4 compression suite is installed on the remote host. It contains an MP4 codec for use with media players such as Windows Media Player for creating and playing back MPEG-4 / MP4 files. The version of this codec on the remote host is affected by a buffer overflow vulnerability. If an...
USN-497-1: xfce4-terminal vulnerability
Lasse Kärkkäinen discovered that the Xfce Terminal did not correctly escape shell meta-characters during "Open Link" actions. If a remote attacker tricked a user into opening a specially crafted URI, they could execute arbitrary commands with the user's privileges...
Mozilla Thunderbird < 1.5.0.10 Multiple Vulnerabilities
The remote version of Mozilla Thunderbird suffers from various security issues, one of which may lead to execution of arbitrary code on the affected host subject to the user's privileges. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid24748; scriptversion"1.26";...
USN-426-1: Ekiga vulnerabilities
Mu Security discovered a format string vulnerability in Ekiga. If a user was running Ekiga and listening for incoming calls, a remote attacker could send a crafted call request, and execute arbitrary code with the user's privileges...
Ubuntu 4.10 / 5.04 / 5.10 : imagemagick vulnerabilities (USN-246-1)
Florian Weimer discovered that the delegate code did not correctly handle file names which embed shell commands CVE-2005-4601. Daniel Kobras found a format string vulnerability in the SetImageInfo function CVE-2006-0082. By tricking a user into processing an image file with a specially crafted fi...
Ubuntu 5.04 : ffmpeg vulnerability (USN-230-1)
Simon Kilvington discovered a buffer overflow in the avcodecdefaultgetbuffer function of the ffmpeg library. By tricking an user into opening a malicious movie which contains specially crafted PNG images, this could be exploited to execute arbitrary code with the user's privileges. Note that...
Ubuntu 4.10 / 5.04 / 5.10 : xine-lib vulnerability (USN-230-2)
USN-230-1 fixed a vulnerability in the ffmpeg library. The Xine library contains a copy of the ffmpeg code, thus it is vulnerable to the same flaw. For reference, this is the original advisory : Simon Kilvington discovered a buffer overflow in the avcodecdefaultgetbuffer function of the ffmpeg...