6583 matches found
php-filter -- Denial of Service
The following DoS condition in filter extension was fixed in PHP 5.3.4 and PHP 5.2.15: Stack consumption vulnerability in the filtervar function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTERVALIDATEEMAIL mode is used, allows remote attackers to cause a denial of service memory...
linux-flashplugin -- multiple vulnerabilities
Adobe Product Security Incident Response Team reports: Critical vulnerabilities have been identified in Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player 10.1.95.1 for Android. These vulnerabilities, including CVE-2010-3654...
krb5 -- multiple denial of service vulnerabilities
Two vulnerabilities in krb5 can be used by remote attackers in denial of service attacks. The MIT security advisories report this as follows: An unauthenticated remote attacker can send an invalid request to a KDC process that will cause it to crash due to an assertion failure, creating a denial ...
linux-flashplugin -- multiple vulnerabilities
Adobe Product Security Incident Response Team reports: A critical vulnerability has been identified in Adobe Flash Player version 10.0.42.34 and earlier. This vulnerability CVE-2010-0186 could subvert the domain sandbox and make unauthorized cross-domain requests. This update also resolves a...
curl -- libcurl buffer overflow vulnerability
The cURL project reports in a security advisory: Using the affected libcurl version to download compressed content over HTTP, an application can ask libcurl to automatically uncompress data. When doing so, libcurl can wrongly send data up to 64K in size to the callback which thus is much larger...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: MFSA 2009-32 JavaScript chrome privilege escalation MFSA 2009-31 XUL scripts bypass content-policy checks MFSA 2009-30 Incorrect principal set for file: resources loaded via location bar MFSA 2009-29 Arbitrary code execution using event listeners attached to an element...
libsndfile -- CAF processing integer overflow vulnerability
Secunia reports: The vulnerability is caused due to an integer overflow error in the processing of CAF description chunks. This can be exploited to cause a heap-based buffer overflow by tricking the user into processing a specially crafted CAF audio file...
sudo -- certain authorized users could run commands as any user
Todd Miller reports: A bug was introduced in Sudo's group matching code in version 1.6.9 when support for matching based on the supplemental group vector was added. This bug may allow certain users listed in the sudoers file to run a command as a different user than their access rule specifies...
amarok -- multiple vulnerabilities
Secunia reports: Tobias Klein has reported some vulnerabilities in Amarok, which potentially can be exploited by malicious people to compromise a user's system. Two integer overflow errors exist within the "Audible::Tag::readTag" function in src/metadata/audible/audibletag.cpp. These can be...
qemu -- Heap overflow in Cirrus emulation
Aurelien Jarno reports: CVE-2008-4539: fix a heap overflow in Cirrus emulation The code in hw/cirrusvga.c has changed a lot between CVE-2007-1320 has been announced and the patch has been applied. As a consequence it has wrongly applied and QEMU is still vulnerable to this bug if using VNC...
opera -- multiple vulnerabilities
Opera reports: If a malicious page redirects Opera to a specially crafted address URL, it can cause Opera to crash. Given sufficient address content, the crash could cause execution of code controlled by the attacking page. Once a Java applet has been cached, if a page can predict the cache path...
mysql -- empty bit-string literal denial of service
MySQL reports: The vulnerability is caused due to an error when processing an empty bit-string literal and can be exploited to crash the server via a specially crafted SQL statement...
python -- multiple vulnerabilities
Secunia reports: Some vulnerabilities have been reported in Python, where some have unknown impact and others can potentially be exploited by malicious people to cause a DoS Denial of Service or to compromise a vulnerable system. Various integer overflow errors exist in core modules e.g...
linux-flashplugin -- unspecified remote code execution vulnerability
Adobe Product Security Incident Response Team reports: An exploit appears to be taking advantage of a known vulnerability, reported by Mark Dowd of the ISS X-Force and wushi of team509, that was resolved in Flash Player 9.0.124.0 CVE-2007-0071. This exploit does NOT appear to include a new,...
qemu -- unchecked block read/write vulnerability
Ian Jackson reports on the debian-security mailinglist: When a block device read or write request is made by the guest, nothing checks that the request is within the range supported by the backend, but the code in the backend typically assumes that the request is sensible. Depending on the backen...
pcre -- buffer overflow vulnerability
PCRE developers report: A character class containing a very large number of characters with codepoints greater than 255 in UTF-8 mode, of course caused a buffer overflow...
sdl_image -- buffer overflow vulnerabilities
Secunia reports: Two vulnerabilities have been reported in SDLimage, which can be exploited by malicious people to cause a Denial of Service or potentially compromise an application using the library. A boundary error within the LWZReadByte function in IMGgif.c can be exploited to trigger the...
openoffice -- arbitrary command execution vulnerability
iDefense reports: Remote exploitation of multiple integer overflow vulnerabilities within OpenOffice, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code. These vulnerabilities exist within the TIFF parsing code of the OpenOffice suite. When...
samba -- nss_info plugin privilege escalation vulnerability
The Samba development team reports: The idmapad.so library provides an nssinfo extension to Winbind for retrieving a user's home directory path, login shell and primary group id from an Active Directory domain controller. This functionality is enabled by defining the "winbind nss info" smb.conf...
gtar -- Directory traversal vulnerability
Red Hat reports: A path traversal flaw was discovered in the way GNU tar extracted archives. A malicious user could create a tar archive that could write to arbitrary files to which the user running GNU tar had write access. Red Hat credits Dmitry V. Levin for reporting the issue...
vim -- Command Format String Vulnerability
A Secunia Advisory reports: A format string error in the "helptagsone" function in src/excmds.c when running the "helptags" command can be exploited to execute arbitrary code via specially crafted help files...
mozilla -- multiple vulnerabilities
The Mozilla Foundation reports of multiple security issues in Firefox, Seamonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program. MFSA 2007-25 XPCNativeWrapper pollution MFSA 2007-24 Unauthorized access to...
clamav -- multiple vulnerabilities
Clamav had been found vulnerable to multiple vulnerabilities: Improper checking for the end of an buffer causing an unspecified attack vector. Insecure temporary file handling, which could be exploited to read sensitive information. A flaw in the parser engine which could allow a remote attacker ...
mplayer -- DMO File Parsing Buffer Overflow Vulnerability
"Moritz Jodeit reports: There's an exploitable buffer overflow in the current version of MPlayer v1.0rc1 which can be exploited with a maliciously crafted video file. It is hidden in the DMOVideoDecoder function of loader/dmo/DMOVideoDecoder.c' file...
libxine -- buffer overflow vulnerability
xine Team reports: A new xine-lib version is now available. This release contains a security fix array index vulnerability which may lead to a stack buffer overflow...
cscope -- Buffer Overflow Vulnerabilities
Secunia reports: Will Drewry has reported some vulnerabilities in Cscope, which potentially can be exploited by malicious people to compromise a vulnerable system. Various boundary errors within the parsing of file lists or the expansion of environment variables can be exploited to cause...
frontpage -- cross site scripting vulnerability
Esteban Martinez Fayo reports: The FrontPage Server Extensions 2002 included in Windows Sever 2003 IIS 6.0 and available as a separate download for Windows 2000 and XP has a web page /vtibin/vtiadm/fpadmdll.dll that is used for administrative purposes. This web page is vulnerable to cross site...
netpbm -- buffer overflow in pnmtopng
Ubuntu reports: A buffer overflow was found in the "pnmtopng" conversion program. By tricking an user or automated system to process a specially crafted PNM image with pnmtopng, this could be exploited to execute arbitrary code with the privileges of the user running pnmtopng...
libwww -- multiple vulnerabilities
Mitre reports: The HTBoundaryputblock function in HTBound.c for W3C libwww w3c-libwww allows remote servers to cause a denial of service segmentation fault via a crafted multipart/byteranges MIME message that triggers an out-of-bounds read. The big2toUtf8 function in lib/xmltok.c in libexpat in...
gallery -- cross-site scripting
Gallery includes several cross-site scripting vulnerabilities that could allow malicious content to be injected...
evolution -- arbitrary code execution vulnerability
Martin Joey Schulze reports: Max Vozeler discovered an integer overflow in the helper application camel-lock-helper which runs setuid root or setgid mail inside of Evolution, a free groupware suite. A local attacker can cause the setuid root helper to execute arbitrary code with elevated privileg...
squid -- denial-of-service vulnerabilities
The Squid team reported several denial-of-service vulnerabilities related to the handling of DNS responses and NT Lan Manager messages. These may allow an attacker to crash the Squid cache...
hylafax -- unauthorized login vulnerability
A flaw in HylaFAX may allow an attacker to bypass normal authentication by spoofing their DNS PTR records...
perl -- File::Path insecure file/directory permissions
Jeroen van Wolffelaar reports that the Perl module File::Path contains a race condition wherein traversed directories and files are temporarily made world-readable/writable...
Cyrus IMAPd -- PARTIAL command out of bounds memory corruption
Due to a bug within the argument parser of the partial command an argument like "bodyp" will be wrongly detected as "body.peek". Because of this the bufferposition gets increased by 10 instead of 5 and could therefore point outside the allocated memory buffer for the rest of the parsing process. ...
xpm -- image decoding vulnerabilities
Chris Evans discovered several vulnerabilities in the libXpm image decoder: A stack-based buffer overflow in xpmParseColors An integer overflow in xpmParseColors A stack-based buffer overflow in ParsePixels and ParseAndPutPixels The X11R6.8.1 release announcement reads: This version is purely a...
ImageMagick -- BMP decoder buffer overflow
Marcus Meissner discovered that ImageMagick's BMP decoder would crash when loading the test BMP file created by Chris Evans for testing the previous Qt vulnerability...
MySQL authentication bypass / buffer overflow
By submitting a carefully crafted authentication packet, it is possible for an attacker to bypass password authentication in MySQL 4.1. Using a similar method, a stack buffer used in the authentication mechanism can be overflowed...
buffer cache invalidation implementation issues
Programming errors in the implementation of the msync2 system call involving the MSINVALIDATE operation lead to cache consistency problems between the virtual memory system and on-disk contents. In some situations, a user with read access to a file may be able to prevent changes to that file from...
zebra/quagga denial of service vulnerability
A remote attacker could cause zebra/quagga to crash by sending a malformed telnet command to their management port...
mpg123 buffer overflow
The mpg123 software version 0.59r contains a buffer overflow vulnerability which may permit the execution of arbitrary code as the owner of the mpg123 process...
tiff -- divide-by-zero denial-of-service
A US-CERT vulnerability note reports: An Integer overflow in the LibTIFF library may allow a remote attacker to cause a divide-by-zero error that results in a denial-of-service condition...
Vaultwarden -- Multiple vulnerabilities
The Vaultwarden project reports: GHSA-937x-3j8m-7w7p Unconfirmed Owner Can Purge Entire Organization Vault. GHSA-569v-845w-g82p Cross-Org Group Binding Enables Unauthorized Read And Write Access Into Another Organization GHSA-6j4w-g4jh-xjfx Refresh tokens not invalidated on security stamp rotatio...
electron30 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-5493. Security: backported fix for CVE-2024-5831. Security: backported fix for CVE-2024-5832. Security: backported fix for CVE-2024-6100. Security: backported fix for CVE-2024-6101...
PostgreSQL server -- Potentially allowing authenicated database users to see data that they shouldn't.
PostgreSQL project reports: A security vulnerability was found in the system views pgstatsext and pgstatsextexprs, potentially allowing authenticated database users to see data they shouldn't. If this is of concern in your installation, run the SQL script...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 10 security fixes: 1497984 High CVE-2023-6508: Use after free in Media Stream. Reported by Cassidy Kim@cassidy6564 on 2023-10-31 1494565 High CVE-2023-6509: Use after free in Side Panel Search. Reported by Khalil Zhani on 2023-10-21 1480152 Medium...
electron{22,24} -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-4355. Security: backported fix for CVE-2023-4354. Security: backported fix for CVE-2023-4353. Security: backported fix for CVE-2023-4352. Security: backported fix for CVE-2023-4351...
redis -- heap overflow in COMMAND GETKEYS and ACL evaluation
Redis core team reports: Extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Specifically: using COMMAND GETKEYS and validation of key names in ACL...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update includes 4 security fixes: 1452137 High CVE-2023-3420: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2023-06-07 1447568 High CVE-2023-3421: Use after free in Media. Reported by Piotr Bania of Cisco Talos on 2023-05-22 1450397 High...
electron{23,24} -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-3215. Security: backported fix for CVE-2023-3216...