3816 matches found
Python: Multiple vulnerabilities
Background Python is an interpreted, interactive, object-oriented programming language. Description Multiple vulnerabilities have been discovered in Python. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted ind...
Xen: Multiple vulnerabilities
Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact A local attacker could possibly execute arbitrary code with the privileges of the process, could gain privileges on t...
Facter: Privilege escalation
Background Facter is a cross-platform Ruby library for retrieving facts from operating systems. Description Facter includes the current working directory in the search path. Impact A local attacker may be able to gain escalated privileges. Workaround There is no known workaround at this time...
Munin: Multiple vulnerabilities
Background Munin is an open source server monitoring tool. Description Multiple vulnerabilities have been discovered in Munin. Please review the CVE identifiers referenced below for details. Impact A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of...
PHP: Multiple vulnerabilities
Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
mini_httpd: Arbitrary code execution
Background minihttpd is a small webserver with optional SSL and IPv6 support. Description minihttpd does not properly check for shell escapes when parsing HTTP requests. Impact A remote attacker could send specially crafted HTTP requests, possibly resulting in execution of arbitrary code with the...
Tor: Multiple vulnerabilities
Background Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service. Description Multiple vulnerabilities have been discovered in Tor. Please review the CVE identifiers referenced below for details. Impact A remote unauthenticated attack...
Ruby on Rails: Multiple vulnerabilities
Background Ruby on Rails is a web-application and persistence framework. Description The following vulnerabilities were discovered: sameer reported that lib/actioncontroller/cgiprocess.rb removes the :cookieonly attribute from the default session options CVE-2007-6077, due to an incomplete fix fo...
POV-Ray: User-assisted execution of arbitrary code
Background POV-Ray is a well known open-source ray tracer. Description POV-Ray uses a statically linked copy of libpng to view and output PNG files. The version shipped with POV-Ray is vulnerable to CVE-2008-3964, CVE-2008-1382, CVE-2006-3334, CVE-2006-0481, CVE-2004-0768. A bug in POV-Ray's buil...
Firebird: Multiple vulnerabilities
Background Firebird is a multi-platform, open source relational database. Description Firebird does not properly handle certain types of XDR requests, resulting in an integer overflow CVE-2008-0387. Furthermore, it is vulnerable to a buffer overflow when processing usernames CVE-2008-0467. Impact...
Cyrus-SASL: Buffer overflow and SASL_PATH vulnerabilities
Background Cyrus-SASL is an implementation of the Simple Authentication and Security Layer. Description Cyrus-SASL contains a remote buffer overflow in the digestmda5.c file. Additionally, under certain conditions it is possible for a local user to exploit a vulnerability in the way the SASLPATH...
NetKit-telnetd: buffer overflows in telnet and telnetd
Background NetKit-telnetd is a standard Linux telnet client and server from the NetKit utilities. Description A possible buffer overflow exists in the parsing of option strings by the telnet daemon, where proper bounds checking is not applied when writing to a buffer. Additionaly, another possibl...
Netatalk: Multiple Vulnerabilities including root remote code execution
Background Netatalk is a kernel level implementation of the AppleTalk Protocol Suite, which allows Unix hosts to act as file, print, and time servers for Apple computers. It includes several script utilities, including etc2ps.sh. Description Multiple vulnerabilities have been discovered in...
c-ares: Multiple Vulnerabilities
Background c-ares is a C library for asynchronous DNS requests including name resolves. Description Multiple vulnerabilities have been discovered in c-ares. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround...
Spice Server: Multiple Vulnerabilities
Background Provides a complete open source solution for remote access to virtual machines in a seamless way so you can play videos, record audio, share USB devices and share folders without complications. Description Multiple vulnerabilities have been discovered in Spice Server, please review the...
Nextcloud: Multiple Vulnerabilities
Background Nextcloud is a personal cloud that runs on your own server. Description Multiple vulnerabilities have been discovered in Nextcloud. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...
Blueman: Local privilege escalation
Background Blueman is a simple and intuitive GTK+ Bluetooth Manager. Description Where Polkit is not used and the default permissions have been changed on a specific rule file, control of a local DHCP daemon may be possible. Impact A local attacker may be able to achieve root privilege escalation...
Mozilla Firefox, Mozilla Thunderbird: Multiple vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox and Mozilla Thunderbird. Please review the CVE...
Nextcloud Desktop Sync client: Multiple vulnerabilities
Background Nextcloud Desktop Sync client can synchronize one or more directories to Nextcloud server. Description Multiple vulnerabilities have been discovered in Nextcloud Desktop Sync client. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...
ledger: Multiple vulnerabilities
Background Ledger is a powerful, double-entry accounting system that is accessed from the UNIX command-line. Description Multiple vulnerabilities have been discovered in ledger. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to process...
BusyBox: Multiple vulnerabilities
Background BusyBox is a set of tools for embedded systems and is a replacement for GNU Coreutils. Description Multiple vulnerabilities have been discovered in BusyBox. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code wi...
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices Description Multiple vulnerabilities have been discovered in Chromium and...
chkrootkit: Local privilege escalation
Background chkrootkit is a tool to locally check for signs of a rootkit. Description When /tmp is mounted without the noexec option chkrootkit will execute files in /tmp with root privileges. Impact A local attacker could possibly execute arbitrary code with root privileges. Workaround Users shou...
GNU C Library: Multiple vulnerabilities
Background The GNU C library is the standard C library used by Gentoo Linux systems. Description Multiple vulnerabilities have been discovered in the GNU C Library. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker could possibly execute arbitrary...
libXpm: Remote execution of arbitrary code
Background The X PixMap image format is an extension of the monochrome X BitMap format specified in the X protocol, and is commonly used in traditional X applications. Description An integer overflow was discovered in libXpm’s src/CrDatFrI.c file. On 64 bit systems, this allows an overflow to occ...
SQUASHFS: Multiple vulnerabilities
Background Squashfs is a compressed read-only filesystem for Linux. Squashfs is intended for general read-only filesystem use, for archival use i.e. in cases where a .tar.gz file may be used, and in constrained block device/memory systems e.g. embedded systems where low overhead is needed...
ADOdb: Multiple vulnerabilities
Background ADOdb is an abstraction library for PHP creating a common API for a wide range of database backends. Description Multiple vulnerabilities have been discovered in ADOdb. Please review the CVE identifiers referenced below for details. Impact A remote attacker, through the use of SQL...
7-Zip: Multiple vulnerabilities
Background 7-Zip is an open-source file archiver, an application used primarily to compress files. 7-Zip uses its own 7z archive format, but can read and write several other archive formats. Description Multiple vulnerabilities have been discovered in 7-Zip. Please review the CVE identifiers...
musl: Integer overflow
Background musl is a “libc”, an implementation of the standard library functionality described in the ISO C and POSIX standards, plus common extensions, intended for use on Linux-based systems. Description A vulnerability was discovered in musl’s tretnfarunparallel function buffer overflow logic,...
libvirt: Directory traversal
Background libvirt is a C toolkit for manipulating virtual machines. Description Normally, only privileged users can coerce libvirt into creating or opening existing files using the virStorageVol APIs; and such users already have full privilege to create any domain XML. But in the case of...
Xalan-Java: Arbitrary code execution
Background Xalan-Java is an XSLT processor for transforming XML documents into HTML, text, or other XML document types. Description The TransformerFactory in Apache Xalan-Java does not properly restrict access to certain properties when FEATURESECUREPROCESSING is enabled. This can also be exploit...
OpenOffice, LibreOffice: Multiple vulnerabilities
Background OpenOffice is the open source version of StarOffice, a full office productivity suite. LibreOffice is a fork of OpenOffice. Description Multiple vulnerabilities have been discovered in OpenOffice and Libreoffice. Please review the CVE identifiers referenced below for details. Impact A...
ClamAV: Multiple vulnerabilities
Background Clam AntiVirus ClamAV is an anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Description Multiple vulnerabilities have been discovered in ClamAV. Please review the CVE identifiers referenced below for details. Impact A remote attacker could send a...
libTIFF: Multiple vulnerabilities
Background libTIFF provides support for reading and manipulating TIFF Tagged Image File Format images. Description Multiple vulnerabilities have been discovered in libTIFF. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a...
Chromium, V8: Multiple vulnerabilities
Background Chromium is an open source web browser project. V8 is Google’s open source JavaScript engine. Description Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact A context-dependent...
GnuTLS: Multiple vulnerabilities
Background GnuTLS is an Open Source implementation of the TLS 1.2 and SSL 3.0 protocols. Description Multiple vulnerabilities have been discovered in GnuTLS. Please review the CVE identifiers referenced below for details. Impact An attacker could perform man-in-the-middle attacks to spoof arbitra...
libxml2: Denial of service
Background libxml2 is a library to manipulate XML files. Description The following vulnerabilities were reported after a test with the Codenomicon XML fuzzing framework: Two use-after-free vulnerabilities are possible when parsing a XML file with Notation or Enumeration attribute types...
FreeType 1: User-assisted execution of arbitrary code
Background FreeType is a True Type Font rendering library. Description Multiple issues found in FreeType 2 were also discovered in FreeType 1. For details on these issues, please review the Gentoo Linux Security Advisories and CVE identifiers referenced below. Impact A remote attacker could entic...
OpenSSL: Multiple vulnerabilities
Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been reported in OpenSSL: Marsh Ray of PhoneFactor and Martin Rex of SAP...
VLC: Multiple vulnerabilities
Background VLC is a cross-platform media player and streaming server. Description g reported the following vulnerabilities: An integer overflow leading to a heap-based buffer overflow in the Open function in modules/demux/tta.c CVE-2008-3732. A signedness error leading to a stack-based buffer...
Openfire: Denial of service
Background Openfire formerly Wildfire is a Java implementation of a complete Jabber server. Description Openfire's connection manager in the file ConnectionManagerImpl.java cannot handle clients that fail to read messages, and has no limit on their session's send buffer. Impact Remote authenticat...
Adobe Acrobat Reader: Multiple vulnerabilities
Background Adobe Acrobat Reader is a PDF reader released by Adobe. Description Multiple vulnerabilities have been discovered in Adobe Acrobat Reader, including: A file disclosure when using file:// in PDF documents CVE-2007-1199 Multiple buffer overflows in unspecified Javascript methods...
PostgreSQL: Multiple vulnerabilities
Background PostgreSQL is an open source object-relational database management system. Description If using the "expression indexes" feature, PostgreSQL executes index functions as the superuser during VACUUM and ANALYZE instead of the table owner, and allows SET ROLE and SET SESSION AUTHORIZATION...
Mozilla Firefox, SeaMonkey: Multiple vulnerabilities
Background Mozilla Firefox is a cross-platform web browser from Mozilla. SeaMonkey is a free, cross-platform Internet suite. Description Jesse Ruderman and Petko D. Petkov reported that the jar protocol handler in Mozilla Firefox and Seamonkey does not properly check MIME types CVE-2007-5947...
AWStats: Remote execution of arbitrary code
Background AWStats is an advanced log file analyzer and statistics generator. Description Hendrik Weimer has found that if updating the statistics via the web frontend is enabled, it is possible to inject arbitrary code via a pipe character in the "migrate" parameter. Additionally, r0t has...
KDE: Local Denial of service
Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. DCOP is KDE's simple IPC/RPC mechanism. Description Sebastian Krahmer discovered that it is possible to stall the dcopserver of other users. Impact An attacker could exploit this to cause a...
Xen: Multiple Vulnerabilities
Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...
libsndfile: Multiple Vulnerabilities
Background libsndfile is a C library for reading and writing files containing sampled sound. Description Multiple vulnerabilities have been discovered in libsndfile. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
libarchive: Multiple Vulnerabilities
Background libarchive is a library for manipulating different streaming archive formats, including certain tar variants, several cpio formats, and both BSD and GNU ar variants. Description Multiple vulnerabilities have been discovered in libarchive. Please review the CVE identifiers referenced...
curl: Multiple Vulnerabilities
Background A command line tool and library for transferring data with URLs. Description Multiple vulnerabilities have been discovered in curl. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...