3816 matches found
BitchX: Multiple vulnerabilities
Background BitchX is an IRC client. Description bannedit reported a boundary error when handling overly long IRC MODE messages CVE-2007-4584. Nico Golde reported an insecure creation of a temporary file within the ehostname function CVE-2007-5839. Impact A remote attacker could entice a user to...
Lighttpd: Multiple vulnerabilities
Background Lighttpd is a lightweight HTTP web server. Description Stefan Esser discovered errors with evidence of memory corruption in the code parsing the headers. Several independent researchers also reported errors involving the handling of HTTP headers, the modauth and modscgi modules, and th...
libpng: Denial of service
Background libpng is a free ANSI C library used to process and manipulate PNG images. Description Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that a vulnerability exists in the sPLT chunk handling code of libpng, a large sPLT chunk may cause an application to attempt to read...
Mozilla Firefox: Multiple vulnerabilities
Background Mozilla Firefox is a redesign of the Mozilla Navigator component. The goal is to produce a cross-platform stand-alone browser application. Description The following vulnerabilities have been reported: Benjamin Smedberg discovered that chrome URL's could be made to reference remote file...
KPdf, KWord: Multiple overflows in included Xpdf code
Background KPdf is a KDE-based PDF viewer included in the kdegraphics package. KWord is a KDE-based word processor also included in the koffice package. Description KPdf and KWord both include Xpdf code to handle PDF files. This Xpdf code is vulnerable to several heap overflows GLSA 200512-08 as...
Py2Play: Remote execution of arbitrary Python code
Background Py2Play is a peer-to-peer network game engine written in Python. Pickling is a Python feature allowing to serialize Python objects into string representations called pickles that can be sent over the network. Description Arc Riley discovered that Py2Play uses Python pickles to send...
OpenTTD: Format string vulnerabilities
Background OpenTTD is an open source clone of the simulation game "Transport Tycoon Deluxe" by Microprose. Description Alexey Dobriyan discovered several format string vulnerabilities in OpenTTD. Impact A remote attacker could exploit these vulnerabilities to crash the OpenTTD server or client an...
Utempter symlink vulnerability
Background Utempter is an application that allows non-privileged apps to write utmp login info, which otherwise needs root access. Description Utempter contains a vulnerability that may allow local users to overwrite arbitrary files via a symlink attack. Impact This vulnerability may allow...
Multiple format string vulnerabilities in cadaver
Background According to http://www.webdav.org/cadaver, cadaver is a command-line WebDAV client for Unix. It supports file upload, download, on-screen display, namespace operations move/copy, collection creation and deletion, and locking operations. Description Cadaver code includes the neon...
FFmpeg: Multiple Vulnerabilities
Background FFmpeg is a complete solution to record, convert and stream audio and video. Description Multiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround...
squashfs-tools: Multiple Vulnerabilities
Background Squashfs is a compressed read-only filesystem for Linux. Squashfs is intended for general read-only filesystem use, for archival use i.e. in cases where a .tar.gz file may be used, and in constrained block device/memory systems e.g. embedded systems where low overhead is needed...
libxml2: Multiple Vulnerabilities
Background libxml2 is the XML C parser and toolkit developed for the GNOME project. Description Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround The...
Wireshark: Multiple vulnerabilities
Background Wireshark is a network protocol analyzer formerly known as ethereal. Description Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There...
Ark: Arbitrary code execution
Background Ark is a graphical file compression/decompression utility with support for multiple formats. Description It was discovered that Ark incorrectly handled symbolic links in tar archive files. Impact A remote attacker could entice a user to open a specially crafted archive using Ark,...
libjpeg-turbo: Information disclosure
Background libjpeg-turbo is a MMX, SSE, and SSE2 SIMD accelerated JPEG library. Description It was discovered that libjpeg-turbo incorrectly handled certain PPM files. Impact A remote attacker could entice a user to open a specially crafted PPM file using an application linked against...
Xen: Buffer overflow
Background Xen is a bare-metal hypervisor. Description An out-of-bounds read/write access issue was found in the USB emulator when using QEMU. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround There...
Mozilla Firefox, Mozilla Thunderbird: Multiple vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox and Mozilla Thunderbird. Please review the CVE...
WebKitGTK+: Multiple vulnerabilities
Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Description Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE...
GLib Networking: Improper certificate validation
Background Network-related giomodules for glib Description GTlsClientConnection skips hostname verification of the server’s TLS certificate if the application fails to specify the expected server identity. Impact There may be a breach of integrity or confidentiality in connections made using GLib...
Libreswan: Denial of service
Background Libreswan is a free software implementation of the most widely supported and standarized VPN protocol based on “IPsec” and the Internet Key Exchange “IKE”. Description As a result of a bug in handling certain bogus encrypted IKEv1, while building a log message that the packet has been...
json-c: Multiple vulnerabilities
Background json-c is a JSON implementation in C. Description Multiple vulnerabilities have been discovered in json-c. Please review the CVE identifiers referenced below for details. Impact A remote/local attacker could send a specially crafted file possibly resulting in a Denial of Service...
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...
GNU Wget: Arbitrary code execution
Background GNU Wget is a free software package for retrieving files using HTTP, HTTPS and FTP, the most widely-used Internet protocols. Description A buffer overflow was discovered in GNU’s Wget. Impact An attacker could possibly execute arbitrary code with the privileges of the process or cause ...
GNU Wget: Multiple vulnerabilities
Background GNU Wget is a free software package for retrieving files using HTTP, HTTPS and FTP, the most widely-used Internet protocols. Description Multiple vulnerabilities have been discovered in Wget. Please review the referenced CVE identifiers for details. Impact A remote attacker, by enticin...
Git: Security bypass
Background Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Description Timo Schmid discovered that the Git restricted shell incorrectly filtered allowed commands. Impact A remote attacker...
FileZilla: Buffer overflow
Background FileZilla is an open source FTP client. Description FileZilla is affected by the same vulnerability as reported in “GLSA 201703-03” because the package included a vulnerable copy of PuTTY. Please read the GLSA for PuTTY referenced below for details. Impact A remote attacker, utilizing...
ImageMagick: Multiple vulnerabilities
Background ImageMagick is a collection of tools and libraries for many image formats. Description Multiple vulnerabilities have been discovered in ImageMagick. Please review the CVE identifiers referenced below for details. Impact A remote attacker, by enticing a user to process a specially craft...
TigerVNC: Integer overflow
Background TigerVNC is a high-performance VNC server/client. Description TigerVNC is impacted by the same vulnerability as found in CVE-2014-6051. An integer overflow, leading to a heap-based buffer overflow, was found in the way screen sizes were handled. Impact A remote attacker, utilizing a...
Docker: Privilege escalation
Background Docker is the world’s leading software containerization platform. Description Docker does not properly distinguish between numeric UIDs and string usernames. Impact Local attackers could possibly escalate their privileges. Workaround There is no known workaround at this time. Resolutio...
nghttp2: Denial of service
Background Nghttp2 is an implementation of HTTP/2 and its header compression algorithm HPACK in C. Description Nghttpd, nghttp, and libnghttp2asio applications do not limit the memory usage for the incoming HTTP header field. If a peer sends a specially crafted HTTP/2 HEADERS frame and CONTINUATI...
LinuxCIFS utils: Buffer overflow
Background The LinuxCIFS utils are a collection of tools for managing Linux CIFS Client Filesystems. Description A stack-based buffer overflow was discovered in cifskey.c or cifscreds.c in LinuxCIFS, as used in “pamcifscreds.” Impact A remote attacker could exploit this vulnerability to cause an...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
Python: Multiple vulnerabilities
Background Python is an interpreted, interactive, object-oriented programming language. Description Multiple vulnerabilities have been discovered in Python. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker may be able to execute arbitrary code or...
Libav: Multiple vulnerabilities
Background Libav is a complete solution to record, convert and stream audio and video. Description Multiple vulnerabilities have been discovered in Libav. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted media...
libvirt: Denial of service
Background libvirt is a C toolkit for manipulating virtual machines. Description Multiple vulnerabilities have been discovered in libvirt. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker may be able to cause Denial of Service. Workaround There i...
Chromium: Multiple vulnerabilities
Background Chromium is an open-source web browser project. Description Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details. Impact A remote attacker could conduct a number of attacks which include: cross site scripting attacks,...
memcached: Multiple vulnerabilities
Background memcached is a high-performance, distributed memory object caching system Description memcached authentication could be bypassed when using SASL due to a flaw related to SASL authentication state. Also several heap-based buffer overflows due to integer conversions when parsing certain...
OpenSSL: Information Disclosure
Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been found in OpenSSL: OpenSSL incorrectly handles memory in the TLS...
Python: Multiple vulnerabilities
Background Python is an interpreted, interactive, object-oriented programming language. Description Multiple vulnerabilities have been discovered in Python. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly cause a Denial of Service condition ...
GIMP: Multiple vulnerabilities
Background GIMP is the GNU Image Manipulation Program. Description Multiple vulnerabilities have been discovered in GIMP. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted KiSS palette, GIF image or XWD file...
MediaWiki: Multiple vulnerabilities
Background The MediaWiki wiki web application as used on wikipedia.org. Description Multiple vulnerabilities have been discovered in MediaWiki. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to execute arbitrary code, perform man-in-the-middle...
PolarSSL: Multiple vulnerabilities
Background PolarSSL is a cryptographic library for embedded systems. Description Multiple vulnerabilities have been discovered in PolarSSL. Please review the CVE identifiers referenced below for details. Impact A remote attacker might be able to cause Denial of Service, conduct a man-in-the middl...
klibc: Command Injection
Background klibc is a minimalistic libc used for making an initramfs. Description The ipconfig utility in klibc writes DHCP options to /tmp/net-$DEVICE.conf, and this file is later sourced by other scripts to get defined variables. The options written to this file are not properly escaped. Impact...
PolicyKit: Multiple vulnerabilities
Background PolicyKit is a toolkit for controlling privileges for system-wide services. Description Multiple vulnerabilities have been found in PolicyKit: Error messages in the pkexec utility disclose the existence of local files CVE-2010-0750. The pkexec utility initially checks the effective use...
Chromium, V8: Multiple vulnerabilities
Background Chromium is an open-source web browser project. V8 is Google's open source JavaScript engine. Description Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact A local attacker could ga...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers and Adobe Security Advisories and Bulletins reference...
Bugzilla: Multiple vulnerabilities
Background Bugzilla is the bug-tracking system from the Mozilla project. Description Multiple vulnerabilities have been discovered in Bugzilla. Please review the CVE identifiers referenced below for details. Impact A remote attacker could conduct cross-site scripting attacks, conduct script...
F-PROT Antivirus: Multiple Denial of Service vulnerabilities
Background F-PROT Antivirus is a multi-platform virus scanner for workstations and mail servers. Description The following vulnerabilities were found: Multiple errors when processing UPX, ASPack or Microsoft Office files CVE-2008-3243. Infinite Sergio Alvarez of n.runs AG reported an invalid memo...
Linux Audit: Buffer overflow
Background Linux Audit is a set of userspace utilities for storing and processing auditing records. Description A stack-based buffer overflow has been reported in the auditlogusercommand function in the file lib/auditlogging.c when processing overly long arguments. Impact A local attacker could...