3816 matches found
Adobe Reader: Multiple vulnerabilities
Background Adobe Reader formerly Adobe Acrobat Reader is a closed-source PDF reader. Description Multiple vulnerabilities were discovered in Adobe Reader. For further information please consult the CVE entries and the Adobe Security Bulletins referenced below. Impact A remote attacker might entic...
net-snmp: Authorization bypass
Background net-snmp bundles software for generating and retrieving SNMP data. Description The netsnmpudpfmtaddr function snmplib/snmpUDPDomain.c, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules. Impact A remote, unauthenticated attacker could bypass the...
Adobe products: Multiple vulnerabilities
Background Adobe Flash Player is a closed-source playback software for Flash SWF files. Adobe Reader is a closed-source PDF reader that plays Flash content as well. Description Multiple vulnerabilities have been reported in Adobe Flash Player: lakehu of Tencent Security Center reported an...
OpenSSL: Denial of service
Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description The ASN1STRINGprintex function does not properly check the provided length of a BMPString or...
pam_krb5: Privilege escalation
Background pamkrb5 is a a Kerberos v5 PAM module. Description The following vulnerabilities were discovered: pamkrb5 does not properly initialize the Kerberos libraries for setuid use CVE-2009-0360. Derek Chan reported that calls to pamsetcred are not properly handled when running setuid...
Mozilla products: Multiple vulnerabilities
Background Mozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the 'Mozilla...
OpenOffice.org: Two buffer overflows
Background OpenOffice.org is an open source office productivity suite, including word processing, spreadsheet, presentation, drawing, data charting, formula editing, and file conversion facilities. Description John Heasman of NGSSoftware has discovered a heap-based buffer overflow when parsing th...
ulogd: Remote execution of arbitrary code
Background ulogd is a userspace daemon for netfilter related logging. Description SUSE reported unspecified buffer overflows in ulogd involving the calculation of string lengths. Impact A remote attacker could trigger a possible buffer overflow through unspecified vectors, potentially leading to...
Sun JDK/JRE: Multiple vulnerabilities
Background The Sun Java Development Kit JDK and the Sun Java Runtime Environment JRE provide the Sun Java platform. Description Chris Evans has discovered multiple buffer overflows in Sun JDK and Sun JRE possibly related to various AWT or font layout functions. Tom Hawtin has discovered an...
gzip: Multiple vulnerabilities
Background gzip, the GNU zip compression utility, is a free and patent unencumbered replacement for the standard compress utility. Description Tavis Ormandy of the Google Security Team has reported multiple vulnerabilities in gzip. A stack buffer modification vulnerability was discovered in the L...
Mozilla Thunderbird: Multiple vulnerabilities
Background The Mozilla Thunderbird mail client is a redesign of the Mozilla Mail component. The goal is to produce a cross-platform stand-alone mail application using XUL XML User Interface Language. Description The following vulnerabilities have been reported: Benjamin Smedberg discovered that...
pdnsd: Denial of Service and potential arbitrary code execution
Background pdnsd is a proxy DNS server with permanent caching that is designed to cope with unreachable DNS servers. Description The pdnsd team has discovered an unspecified buffer overflow vulnerability. The PROTOS DNS Test Suite, by the Oulu University Secure Programming Group OUSPG, has also...
PHP: Multiple vulnerabilities
Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description Several vulnerabilities were discovered on PHP4 and PHP5 by Infigo, Tonu Samuel and Maksymilian Arciemowicz. These included a buffer overflow...
pam_ldap: Authentication bypass vulnerability
Background pamldap is a Pluggable Authentication Module which allows authentication against LDAP directories. Description When a pamldap client attempts to authenticate against an LDAP server that omits the optional error value from the PasswordPolicyResponseValue, the authentication attempt will...
Perl: Vulnerabilities in perl-suid wrapper
Background Perl is a stable, cross-platform programming language created by Larry Wall. The perl-suid wrapper allows the use of setuid perl scripts, i.e. user-callable Perl scripts which have elevated privileges. This function is enabled only if you have the perlsuid USE flag set. Description...
kdebase: KDM vulnerabilities
Background KDM is the desktop manager included with the K Desktop Environment. Description Firstly, versions of KDM =kde-base/kde-3.1.4' emerge '=kde-base/kde-3.1.4' emerge clean...
ImageMagick: Multiple Vulnerabilities
Background ImageMagick is a software suite to create, edit, and compose bitmap images, that can also read, write, and convert images in many other formats. Description Multiple vulnerabilities have been discovered in ImageMagick. Please review the CVE identifiers referenced below for details...
SABnzbd: Remote Code Execution
Background Free and easy binary newsreader with web interface. Description A vulnerability has been discovered in SABnzbd. Please review the CVE identifier referenced below for details. Impact A design flaw was discovered in SABnzbd that could allow remote code execution. Manipulating the...
Exiv2: Multiple Vulnerabilities
Background Exiv2 is a C++ library and set of tools for parsing, editing and saving Exif and IPTC metadata from images. Exif, the Exchangeable image file format, specifies the addition of metadata tags to JPEG, TIFF and RIFF files. Description Multiple vulnerabilities have been discovered in Exiv2...
GNU Binutils: Multiple Vulnerabilities
Background The GNU Binutils are a collection of tools to create, modify and analyse binary files. Many of the files use BFD, the Binary File Descriptor library, to do low-level manipulation. Description Multiple vulnerabilities have been discovered in GNU Binutils. Please review the CVE identifie...
libass: Denial of service
Background libass is a portable subtitle renderer for the ASS/SSA Advanced Substation Alpha/Substation Alpha subtitle format. Description A one-byte buffer overwrite in ASS font decoding could trigger an assertion failure resulting in denial of service. Impact An attacker with control over the AS...
gThumb: Arbitrary code execution
Background gThumb is an image viewer and browser for GNOME. Description A heap-based buffer overflow in gThumb’s cairoimagesurfacecreatefromjpeg function, located in extensions/cairoio/cairo-image-surface-jpeg.c was discovered. Impact A remote attacker could entice a user to open a specially...
FFmpeg: Multiple vulnerabilities
Background FFmpeg is a complete, cross-platform solution to record, convert and stream audio and video. Description Multiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...
DjVu: Multiple vulnerabilities
Background DjVu is a web-centric format and software platform for distributing documents and images. Description Multiple vulnerabilities have been discovered in DjVu. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
Okular: Local restricted command execution
Background Okular is a universal document viewer based on KPDF. Description A logic error was discovered in Okular, which results in trusting action links within a PDF, possibly allowing execution of a binary. Impact A remote attacker could entice a user to open a specially crafted PDF using...
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...
Python: Denial of service
Background Python is an interpreted, interactive, object-oriented programming language. Description An issue was discovered in urllib.request.AbstractBasicAuthHandler which allowed a remote attacker to send malicious data causing extensive regular expression backtracking. Impact An attacker could...
FontForge: Multiple vulnerabilities
Background FontForge is a PostScript font editor and converter. Description Multiple vulnerabilities have been discovered in FontForge. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted font using FontForge,...
GNU Screen: Buffer overflow
Background GNU Screen is a full-screen window manager that multiplexes a physical terminal between several processes, typically interactive shells. Description A buffer overflow was found in the way GNU Screen treated the special escape OSC 49. Impact A remote attacker, by writing a specially...
FFmpeg: Multiple vulnerabilities
Background FFmpeg is a complete, cross-platform solution to record, convert and stream audio and video. Description Multiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers referenced below for details. gst-plugins-libav is affected because this package is bundli...
MuPDF: Multiple vulnerabilities
Background A lightweight PDF, XPS, and E-book viewer. Description Multiple vulnerabilities have been discovered in MuPDF. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted PDF document using MuPDF possibly...
Ansible: Remote execution of arbitrary code
Background Ansible is a radically simple IT automation platform. Description An input validation vulnerability was found in Ansible’s handling of data sent from client systems. Impact An attacker with control over a client system being managed by Ansible and the ability to send facts back to the...
Ark: Unintended execution of scripts and executable files
Background Ark is a graphical file compression/decompression utility with support for multiple formats. Description A vulnerability was discovered in how Ark handles executable files while browsing a compressed archive. A user could unintentionally execute a malicious script which has the...
util-linux: Arbitrary code execution
Background util-linux is a suite of Linux programs including mount and umount, programs used to mount and unmount filesystems. Description A command injection flaw was discovered in util-linux’s “blkid” utility. It uses caching files /dev/.blkid.tab or /run/blkid/blkid.tab to store info about the...
GnuPG: RNG output is predictable
Background The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software. Description A long standing bug since 1998 in Libgcrypt see “GLSA 201610-04” below and GnuPG allows an attacker to predict the output from the standard RNG. Please review the “Entropy Loss...
OpenVPN: Multiple vulnerabilities
Background OpenVPN is a multi-platform, full-featured SSL VPN solution. Description Multiple vulnerabilities have been discovered in OpenVPN. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to recover plaintext from encrypted communications...
Puppet Server and Agent: Multiple vulnerabilities
Background Puppet Agent contains Puppet’s main code and all of the dependencies needed to run it, including Facter, Hiera, and bundled versions of Ruby and OpenSSL. Description Multiple vulnerabilities have been discovered in Puppet Server and Agent. Please review the CVE identifiers referenced...
BIND: Multiple Vulnerabilities
Background BIND Berkeley Internet Name Domain is a Name Server. Description Multiple vulnerabilities have been discovered in BIND. Please review the CVE identifiers referenced below for details. Impact A remote attacker can cause a denial of service condition by the lack of GeoIP databases, or vi...
D-Bus, GLib: Privilege escalation
Background D-Bus is a daemon providing a framework for applications to communicate with one another. GLib is a library providing a number of GNOME’s core objects and functions. Description When libdbus is used in a setuid program, a user can gain escalated privileges by leveraging the...
Rack: Multiple vulnerabilities
Background Rack is a modular Ruby web server interface. Description Multiple vulnerabilities have been discovered in Rack. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a...
ImageMagick: Multiple vulnerabilities
Background ImageMagick is a collection of tools and libraries for manipulating various image formats. Description Multiple vulnerabilities have been discovered in ImageMagick. Please review the CVE identifiers referenced below for details. Note that CVE-2012-1185 and CVE-2012-1186 were issued due...
Cacti: Multiple vulnerabilities
Background Cacti is a complete network graphing solution designed to harness the power of RRDTool’s data storage and graphing functionality. Description Multiple vulnerabilities have been discovered in Cacti. Please review the CVE identifiers referenced below for details. Impact A remote attacker...
BusyBox: Multiple vulnerabilities
Background BusyBox is set of tools for embedded systems and is a replacement for GNU Coreutils. Description Multiple vulnerabilities have been discovered in BusyBox. Please review the CVE identifiers referenced below for details. Impact A remote attacker could send a specially crafted DHCP reques...
OpenSSL: Multiple Vulnerabilities
Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced...
Squid: Multiple vulnerabilities
Background Squid is a full-featured web proxy cache. Description Multiple vulnerabilities have been discovered in Squid. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to bypass ACL restrictions or cause a Denial of Service condition. Workarou...
Chromium: Multiple vulnerabilities
Background Chromium is an open source web browser project. Description Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details. Impact A remote attacker could entice a user to open a specially crafted web site usi...
sudo: Privilege escalation
Background sudo allows a system administrator to give users the ability to run commands as other users. Description Two vulnerabilities have been discovered in sudo: When the sudoers file is configured with a Runas group, sudo does not prompt for a password when changing to the new group...
libxml2: User-assisted execution of arbitrary code
Background libxml2 is the XML C parser and toolkit developed for the Gnome project. Description The "xmlStringLenDecodeEntities" function in parser.c contains a boundary error which could possibly cause a heap-based buffer overflow. Impact A remote attacker could entice a user to open a specially...
Pure-FTPd: Multiple vulnerabilities
Background Pure-FTPd is a fast, production-quality and standards-compliant FTP server. Description Multiple vulnerabilities have been discovered in Pure-FTPd. Please review the CVE identifiers referenced below for details. Impact Remote unauthenticated attackers may be able to inject FTP commands...
gedit: Untrusted search path
Background gedit is a text editor for the GNOME desktop. Description James Vega reported that gedit uses the current working directory when searching for python modules, a vulnerability related to CVE-2008-5983. Impact A local attacker could entice a user to open gedit from a specially crafted...