3816 matches found
kdebase: KDM vulnerabilities
Background KDM is the desktop manager included with the K Desktop Environment. Description Firstly, versions of KDM =kde-base/kde-3.1.4' emerge '=kde-base/kde-3.1.4' emerge clean...
ImageMagick: Multiple Vulnerabilities
Background ImageMagick is a software suite to create, edit, and compose bitmap images, that can also read, write, and convert images in many other formats. Description Multiple vulnerabilities have been discovered in ImageMagick. Please review the CVE identifiers referenced below for details...
SABnzbd: Remote Code Execution
Background Free and easy binary newsreader with web interface. Description A vulnerability has been discovered in SABnzbd. Please review the CVE identifier referenced below for details. Impact A design flaw was discovered in SABnzbd that could allow remote code execution. Manipulating the...
Exiv2: Multiple Vulnerabilities
Background Exiv2 is a C++ library and set of tools for parsing, editing and saving Exif and IPTC metadata from images. Exif, the Exchangeable image file format, specifies the addition of metadata tags to JPEG, TIFF and RIFF files. Description Multiple vulnerabilities have been discovered in Exiv2...
Oracle JDK/JRE: Multiple vulnerabilities
Background Java Platform, Standard Edition Java SE lets you develop and deploy Java applications on desktops and servers, as well as in today's demanding embedded environments. Java offers the rich user interface, performance, versatility, portability, and security that today's applications...
GNU Binutils: Multiple Vulnerabilities
Background The GNU Binutils are a collection of tools to create, modify and analyse binary files. Many of the files use BFD, the Binary File Descriptor library, to do low-level manipulation. Description Multiple vulnerabilities have been discovered in GNU Binutils. Please review the CVE identifie...
FFmpeg: Multiple vulnerabilities
Background FFmpeg is a complete, cross-platform solution to record, convert and stream audio and video. Description Multiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...
Okular: Local restricted command execution
Background Okular is a universal document viewer based on KPDF. Description A logic error was discovered in Okular, which results in trusting action links within a PDF, possibly allowing execution of a binary. Impact A remote attacker could entice a user to open a specially crafted PDF using...
DjVu: Multiple vulnerabilities
Background DjVu is a web-centric format and software platform for distributing documents and images. Description Multiple vulnerabilities have been discovered in DjVu. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
FontForge: Multiple vulnerabilities
Background FontForge is a PostScript font editor and converter. Description Multiple vulnerabilities have been discovered in FontForge. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted font using FontForge,...
GNU Screen: Buffer overflow
Background GNU Screen is a full-screen window manager that multiplexes a physical terminal between several processes, typically interactive shells. Description A buffer overflow was found in the way GNU Screen treated the special escape OSC 49. Impact A remote attacker, by writing a specially...
ZeroMQ: Arbitrary code execution
Background Looks like an embeddable networking library but acts like a concurrency framework. Description A buffer overflow was discovered in ZeroMQ. Impact An attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround Ther...
QEMU: Multiple vulnerabilities
Background QEMU is a generic and open source machine emulator and virtualizer. Description Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...
Mozilla Thunderbird: Multiple vulnerabilities
Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the referenced Mozilla Foundation Security Advisories and CVE identifiers below for details. Impact A remo...
OpenSSL: Multiple vulnerabilities
Background OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Description Multiple vulnerabilities have been discovered in OpenSSL. Please review the referenced CVE identifiers for details. Impact A remote...
Graphite: Multiple vulnerabilities
Background Graphite is a “smart font” system developed specifically to handle the complexities of lesser-known languages of the world. Description Multiple vulnerabilities have been discovered in Graphite. Please review the referenced CVE identifiers for details. Impact A remote attacker could...
MuPDF: Multiple vulnerabilities
Background A lightweight PDF, XPS, and E-book viewer. Description Multiple vulnerabilities have been discovered in MuPDF. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to process a specially crafted PDF document or image using MuPDF,...
FFmpeg: Multiple vulnerabilities
Background FFmpeg is a complete, cross-platform solution to record, convert and stream audio and video. Description Multiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers referenced below for details. gst-plugins-libav is affected because this package is bundli...
MuPDF: Multiple vulnerabilities
Background A lightweight PDF, XPS, and E-book viewer. Description Multiple vulnerabilities have been discovered in MuPDF. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted PDF document using MuPDF possibly...
Ansible: Remote execution of arbitrary code
Background Ansible is a radically simple IT automation platform. Description An input validation vulnerability was found in Ansible’s handling of data sent from client systems. Impact An attacker with control over a client system being managed by Ansible and the ability to send facts back to the...
Ark: Unintended execution of scripts and executable files
Background Ark is a graphical file compression/decompression utility with support for multiple formats. Description A vulnerability was discovered in how Ark handles executable files while browsing a compressed archive. A user could unintentionally execute a malicious script which has the...
util-linux: Arbitrary code execution
Background util-linux is a suite of Linux programs including mount and umount, programs used to mount and unmount filesystems. Description A command injection flaw was discovered in util-linux’s “blkid” utility. It uses caching files /dev/.blkid.tab or /run/blkid/blkid.tab to store info about the...
GnuPG: RNG output is predictable
Background The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software. Description A long standing bug since 1998 in Libgcrypt see “GLSA 201610-04” below and GnuPG allows an attacker to predict the output from the standard RNG. Please review the “Entropy Loss...
OpenVPN: Multiple vulnerabilities
Background OpenVPN is a multi-platform, full-featured SSL VPN solution. Description Multiple vulnerabilities have been discovered in OpenVPN. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to recover plaintext from encrypted communications...
libpng: User-assisted execution of arbitrary code
Background libpng is a standard library used to process PNG Portable Network Graphics images. It is used by several programs, including web browsers and potentially server processes. Description Two vulnerabilities have been discovered in libpng: The pnguserversioncheck function contains an...
BIND: Multiple Vulnerabilities
Background BIND Berkeley Internet Name Domain is a Name Server. Description Multiple vulnerabilities have been discovered in BIND. Please review the CVE identifiers referenced below for details. Impact A remote attacker can cause a denial of service condition by the lack of GeoIP databases, or vi...
policycoreutils: Privilege escalation
Background policycoreutils is a collection of SELinux policy utilities. Description The seunshare utility is owned by root with 4755 permissions which can be exploited by a setuid system call. Impact A local attacker may be able to gain escalated privileges. Workaround There is no known workaroun...
D-Bus, GLib: Privilege escalation
Background D-Bus is a daemon providing a framework for applications to communicate with one another. GLib is a library providing a number of GNOME’s core objects and functions. Description When libdbus is used in a setuid program, a user can gain escalated privileges by leveraging the...
LibYAML: Arbitrary code execution
Background LibYAML is a YAML 1.1 parser and emitter written in C. Description The yamlparserscanuriescapes function does not properly expand strings passed as input, which can result in a heap-based buffer overflow. Impact An attacker could provide a specially-crafted YAML document, which, when...
Pidgin: Multiple vulnerabilities
Background Pidgin is a GTK Instant Messenger client for a variety of instant messaging protocols. Description Multiple vulnerabilities have been discovered in Pidgin. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code wit...
ImageMagick: Multiple vulnerabilities
Background ImageMagick is a collection of tools and libraries for manipulating various image formats. Description Multiple vulnerabilities have been discovered in ImageMagick. Please review the CVE identifiers referenced below for details. Note that CVE-2012-1185 and CVE-2012-1186 were issued due...
Rack: Multiple vulnerabilities
Background Rack is a modular Ruby web server interface. Description Multiple vulnerabilities have been discovered in Rack. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a...
Cacti: Multiple vulnerabilities
Background Cacti is a complete network graphing solution designed to harness the power of RRDTool’s data storage and graphing functionality. Description Multiple vulnerabilities have been discovered in Cacti. Please review the CVE identifiers referenced below for details. Impact A remote attacker...
OpenSSL: Multiple Vulnerabilities
Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced...
Squid: Multiple vulnerabilities
Background Squid is a full-featured web proxy cache. Description Multiple vulnerabilities have been discovered in Squid. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to bypass ACL restrictions or cause a Denial of Service condition. Workarou...
Chromium: Multiple vulnerabilities
Background Chromium is an open source web browser project. Description Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details. Impact A remote attacker could entice a user to open a specially crafted web site usi...
sudo: Privilege escalation
Background sudo allows a system administrator to give users the ability to run commands as other users. Description Two vulnerabilities have been discovered in sudo: When the sudoers file is configured with a Runas group, sudo does not prompt for a password when changing to the new group...
libxml2: User-assisted execution of arbitrary code
Background libxml2 is the XML C parser and toolkit developed for the Gnome project. Description The "xmlStringLenDecodeEntities" function in parser.c contains a boundary error which could possibly cause a heap-based buffer overflow. Impact A remote attacker could entice a user to open a specially...
Pure-FTPd: Multiple vulnerabilities
Background Pure-FTPd is a fast, production-quality and standards-compliant FTP server. Description Multiple vulnerabilities have been discovered in Pure-FTPd. Please review the CVE identifiers referenced below for details. Impact Remote unauthenticated attackers may be able to inject FTP commands...
gedit: Untrusted search path
Background gedit is a text editor for the GNOME desktop. Description James Vega reported that gedit uses the current working directory when searching for python modules, a vulnerability related to CVE-2008-5983. Impact A local attacker could entice a user to open gedit from a specially crafted...
phpCollab: Multiple vulnerabilities
Background phpCollab is a web-enabled groupware and project management software written in PHP. It uses SQL-based database backends. Description Multiple vulnerabilities have been found in phpCollab: rgod reported that data sent to general/sendpassword.php via the loginForm parameter is not...
VLC: Multiple vulnerabilities
Background VLC is a cross-platform media player and streaming server. Description Remi Denis-Courmont reported that VLC loads plugins from the current working directory in an unsafe manner CVE-2008-2147. Alin Rad Pop Secunia Research reported an integer overflow error in the Open function in the...
Doomsday: Multiple vulnerabilities
Background The Doomsday Engine deng is a modern gaming engine for popular ID games like Doom, Heretic and Hexen. Description Luigi Auriemma discovered multiple buffer overflows in the DNetPlayerEvent function, the MsgWrite function and the NetSvReadCommands function. He also discovered errors whe...
Mozilla products: Multiple vulnerabilities
Background Mozilla Firefox is an open-source web browser from the Mozilla Project, and Mozilla Thunderbird an email client. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the 'Mozilla Application Suite'...
MadWifi: Multiple vulnerabilities
Background The MadWifi driver provides support for Atheros based IEEE 802.11 Wireless Lan cards. Description Md Sohail Ahmad from AirTight Networks has discovered a divison by zero in the athbeaconconfig function CVE-2007-2830. The vendor has corrected an input validation error in the...
Smb4K: Multiple vulnerabilities
Background Smb4K is a SMB/CIFS Windows share browser for KDE. Description Kees Cook of the Ubuntu Security Team has identified multiple vulnerabilities in Smb4K. The writeFile function of smb4k/core/smb4kfileio.cpp makes insecure usage of temporary files. The writeFile function also stores the...
Mozilla Suite: Multiple vulnerabilities
Background The Mozilla Suite is a popular all-in-one web browser that includes a mail and news reader. Description Several vulnerabilities were found in Mozilla Suite. Version 1.7.13 was released to fix them. Impact A remote attacker could craft malicious web pages or emails that would leverage...
GnuPG: Incorrect signature verification
Background GnuPG The GNU Privacy Guard is a free replacement for PGP Pretty Good Privacy. As GnuPG does not rely on any patented algorithms, it can be used without any restrictions. gpgv is the OpenPGP signature verification tool provided by the GnuPG system. Description Tavis Ormandy of the Gent...
Perl: Format string errors can lead to code execution
Background Perl is a stable, cross-platform programming language created by Larry Wall. It contains printf functions that allows construction of strings from format specifiers and parameters, like the C printf functions. A well-known class of vulnerabilities, called format string errors, result o...
Mozilla Suite, Mozilla Firefox: Remote compromise
Background The Mozilla Suite is a popular all-in-one web browser that includes a mail and news reader. Mozilla Firefox is the next-generation browser from the Mozilla project. Description The Mozilla Suite and Firefox do not properly protect "IFRAME" JavaScript URLs from being executed in context...