3816 matches found
Pure-FTPd: Multiple vulnerabilities
Background Pure-FTPd is a fast, production-quality and standards-compliant FTP server. Description Multiple vulnerabilities have been discovered in Pure-FTPd. Please review the CVE identifiers referenced below for details. Impact Remote unauthenticated attackers may be able to inject FTP commands...
gedit: Untrusted search path
Background gedit is a text editor for the GNOME desktop. Description James Vega reported that gedit uses the current working directory when searching for python modules, a vulnerability related to CVE-2008-5983. Impact A local attacker could entice a user to open gedit from a specially crafted...
phpCollab: Multiple vulnerabilities
Background phpCollab is a web-enabled groupware and project management software written in PHP. It uses SQL-based database backends. Description Multiple vulnerabilities have been found in phpCollab: rgod reported that data sent to general/sendpassword.php via the loginForm parameter is not...
VLC: Multiple vulnerabilities
Background VLC is a cross-platform media player and streaming server. Description Remi Denis-Courmont reported that VLC loads plugins from the current working directory in an unsafe manner CVE-2008-2147. Alin Rad Pop Secunia Research reported an integer overflow error in the Open function in the...
Doomsday: Multiple vulnerabilities
Background The Doomsday Engine deng is a modern gaming engine for popular ID games like Doom, Heretic and Hexen. Description Luigi Auriemma discovered multiple buffer overflows in the DNetPlayerEvent function, the MsgWrite function and the NetSvReadCommands function. He also discovered errors whe...
MadWifi: Multiple vulnerabilities
Background The MadWifi driver provides support for Atheros based IEEE 802.11 Wireless Lan cards. Description Md Sohail Ahmad from AirTight Networks has discovered a divison by zero in the athbeaconconfig function CVE-2007-2830. The vendor has corrected an input validation error in the...
Smb4K: Multiple vulnerabilities
Background Smb4K is a SMB/CIFS Windows share browser for KDE. Description Kees Cook of the Ubuntu Security Team has identified multiple vulnerabilities in Smb4K. The writeFile function of smb4k/core/smb4kfileio.cpp makes insecure usage of temporary files. The writeFile function also stores the...
libTIFF: Multiple buffer overflows
Background libTIFF provides support for reading and manipulating TIFF images. Description A buffer overflow has been found in the t2pwritepdfstring function in tiff2pdf, which can been triggered with a TIFF file containing a DocumentName tag with UTF-8 characters. An additional buffer overflow ha...
Mozilla Suite: Multiple vulnerabilities
Background The Mozilla Suite is a popular all-in-one web browser that includes a mail and news reader. Description Several vulnerabilities were found in Mozilla Suite. Version 1.7.13 was released to fix them. Impact A remote attacker could craft malicious web pages or emails that would leverage...
GnuPG: Incorrect signature verification
Background GnuPG The GNU Privacy Guard is a free replacement for PGP Pretty Good Privacy. As GnuPG does not rely on any patented algorithms, it can be used without any restrictions. gpgv is the OpenPGP signature verification tool provided by the GnuPG system. Description Tavis Ormandy of the Gent...
Perl: Format string errors can lead to code execution
Background Perl is a stable, cross-platform programming language created by Larry Wall. It contains printf functions that allows construction of strings from format specifiers and parameters, like the C printf functions. A well-known class of vulnerabilities, called format string errors, result o...
Mozilla Suite, Mozilla Firefox: Remote compromise
Background The Mozilla Suite is a popular all-in-one web browser that includes a mail and news reader. Mozilla Firefox is the next-generation browser from the Mozilla project. Description The Mozilla Suite and Firefox do not properly protect "IFRAME" JavaScript URLs from being executed in context...
Kommander: Insecure remote script execution
Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. Kommander is a visual dialog editor and interpreter for KDE applications, part of the kdewebdev package. Description Kommander executes data files from possibly untrusted locations without us...
Konqueror: Java sandbox vulnerabilities
Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. Konqueror is the KDE web browser and file manager. Description Konqueror contains two errors that allow JavaScript scripts and Java applets to have access to restricted Java classes. Impact A...
Perl: Insecure temporary file creation
Background Perl is a stable, cross-platform programming language created by Larry Wall. Description Some Perl modules create temporary files in world-writable directories with predictable names. Impact A local attacker could create symbolic links in the temporary files directory, pointing to a...
cdrtools: Local root vulnerability in cdrecord if set SUID root
Background The cdrtools package is a set of tools for CD recording, including the popular cdrecord command-line utility. Description Max Vozeler discovered that the cdrecord utility, when set to SUID root, fails to drop root privileges before executing a user-supplied RSH program. By default,...
Linux Kernel: Multiple DoS and permission vulnerabilities
Background The Linux kernel is responsible for managing the core aspects of a GNU/Linux system, providing an interface for core system applications as well as providing the essential structure and capability to access hardware that is needed for a running system. Description The Linux kernel allo...
Ethereal: Multiple security problems
Background Ethereal is a feature rich network protocol analyzer. Description There are multiple vulnerabilities in versions of Ethereal earlier than 0.10.5, including: In some cases the iSNS dissector could cause Ethereal to abort. If there was no policy name for a handle for SMB SID snooping it...
FreeS/WAN, Openswan, strongSwan: Vulnerabilities in certificate handling
Background FreeS/WAN, Openswan, strongSwan and Super-FreeS/WAN are Open Source implementations of IPsec for the Linux operating system. They are all based on the discontinued FreeS/WAN project. Description All these IPsec implementations have several bugs in the verifyx509cert function, which...
CVS heap overflow vulnerability
Background CVS Concurrent Versions System is an open-source network-transparent version control system. It contains both a client utility and a server. Description Stefan Esser discovered a heap overflow in the CVS server, which can be triggered by sending malicious "Entry" lines and manipulating...
libpng denial of service vulnerability
Background libpng is a standard library used to process PNG Portable Network Graphics images. Description libpng provides two functions pngchunkerror and pngchunkwarning for default error and warning messages handling. These functions do not perform proper bounds checking on the provided message,...
ipsec-tools and iputils contain a remote DoS vulnerability
Background From http://ipsec-tools.sourceforge.n et/ "IPsec-Tools is a port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation." iputils is a collection of network monitoring tools, including racoon, ping and ping6. Description When racoon receives an ISAKMP header, it allocates memo...
Updated kernel packages fix the AMD64 ptrace vulnerability
Background Description A vulnerability has been discovered by Andi Kleen in the ptrace emulation code for AMD64 platforms when eflags are processed, allowing a local user to obtain elevated priveleges. The Common Vulnerabilities and Exposures project, http://cve.mitre.org, has assigned...
nginx: Multiple Vulnerabilities
Background nginx is a robust, small, and high performance HTTP and reverse proxy server. Description Multiple vulnerabilities have been discovered in nginx. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround...
NVIDIA Drivers: Multiple Vulnerabilities
Background NVIDIA Drivers are NVIDIA's accelerated graphics driver. Description Multiple vulnerabilities have been discovered in NVIDIA Drivers. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...
Samba: Multiple Vulnerabilities
Background Samba is a suite of SMB and CIFS client/server programs. Description Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
Apache Log4j: Multiple Vulnerabilities
Background Log4j is a Java logging framework that supports various use cases with a rich set of components, a separate API, and a performance-optimized implementation. Description Multiple vulnerabilities hav been discovered in Apache Log4j. Please review the CVE identifiers referenced below for...
WebKitGTK+: Multiple Vulnerabilities
Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Description Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE...
Apache XML-RPC: Multiple Vulnerabilities
Background Apache XML-RPC previously known as Helma XML-RPC is a Java implementation of XML-RPC, a popular protocol that uses XML over HTTP to implement remote procedure calls. Description Multiple vulnerabilities have been discovered in Apache XML-RPC. Please review the CVE identifiers reference...
OpenSSH: Multiple Vulnerabilities
Background OpenSSH is a free application suite consisting of server and clients that replace tools like telnet, rlogin, rcp and ftp with more secure versions offering additional functionality. Description Multiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers...
UnZip: Multiple Vulnerabilities
Background Info-ZIP’s UnZip is a tool to list and extract files inside PKZIP compressed files. Description Multiple vulnerabilities have been discovered in UnZip. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
LibTIFF: Multiple Vulnerabilities
Background LibTIFF provides support for reading and manipulating TIFF Tagged Image File Format images. Description Multiple vulnerabilities have been discovered in LibTIFF. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...
snakeyaml: Multiple Vulnerabilities
Background snakeyaml is a YAML 1.1 parser and emitter for Java. Description Multiple vulnerabilities have been discovered in snakeyaml. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
Lua: Multiple Vulnerabilities
Background Lua is a powerful, efficient, lightweight, embeddable scripting language. It supports procedural programming, object-oriented programming, functional programming, data-driven programming, and data description. Description Multiple vulnerabilities have been discovered in Lua. Please...
LibRaw: Stack buffer overread
Background LibRaw is a library for reading RAW files obtained from digital photo cameras. Description LibRaw incorrectly handles parsing DNG fields in some cases, potentially resulting in a buffer overread leading to denial of service. Impact An attacker capable of providing crafted input to LibR...
Tcpreplay: Multiple vulnerabilities
Background Tcpreplay is a suite of utilities for UNIX systems for editing and replaying network traffic which was previously captured by tools like tcpdump and ethereal/wireshark. Description Multiple vulnerabilities have been discovered in Tcpreplay. Please review the CVE identifiers referenced...
libTIFF: Multiple vulnerabilities
Background The TIFF library contains encoding and decoding routines for the Tag Image File Format. It is called by numerous programs, including GNOME and KDE applications, to interpret TIFF images. Description Multiple vulnerabilities have been discovered in LibTIFF. Please review the referenced...
VirtualBox: Multiple vulnerabilities
Background VirtualBox is a powerful virtualization product from Oracle. Description Multiple vulnerabilities have been discovered in VirtualBox. Please review the CVE identifiers referenced below for details. Impact An attacker could take control of VirtualBox resulting in the execution of...
PowerDNS: information disclosure
Background The PowerDNS nameserver is an authoritative-only nameserver which uses a flexible backend architecture. Description It was discovered that PowerDNS did not properly handle certain unknown records. Impact An authorized attacker with the ability to insert crafted records into a zone migh...
SeaMonkey: Multiple vulnerabilities
Background The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as “Mozilla Application Suite”. Description Multiple vulnerabilities have been discovered in SeaMonkey. Please review referenced release notes for more...
Mozilla Firefox: Remote code execution
Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Invalid assumptions when emitting the the MCallGetProperty opcode in the JavaScript JIT may result in a use-after-free condition. Impact A remote attacker could possibly execute arbitrary code wi...
BlueZ: Arbitrary code execution
Background Set of tools to manage Bluetooth devices for Linux. Description It was discovered that there was a double-free vulnerability in Bluez after the service discovery which occurs after a Bluetoth Low Energy BLE connection has been established to a device. Impact A remote attacker, by...
GStreamer RTSP Server: Denial of service
Background RTSP server library based on GStreamer. Description It was discovered that GStreamer RTSP Server did not properly handle authentication. Impact A remote attacker, by sending specially crafted authentication requests, could possibly cause a Denial of Service condition. Workaround There ...
OpenJDK: Multiple vulnerabilities
Background OpenJDK is a free and open-source implementation of the Java Platform, Standard Edition. Description Multiple vulnerabilities have been discovered in OpenJDK. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
Chromium, Google Chrome: Heap buffer overflow
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description A buffer overflow has been discovered in Chromium and Google...
Groovy: Arbitrary code execution
Background A multi-faceted language for the Java platform Description It was discovered that there was a vulnerability within the Java serialization/deserialization process. Impact An attacker, by crafting a special serialized object, could execute arbitrary code. Workaround There is no known...
cURL: Multiple vulnerabilities
Background A command line tool and library for transferring data with URLs. Description Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details. Impact Remote attackers could cause a Denial of Service condition, disclose sensitive...
Cacti: Multiple vulnerabilities
Background Cacti is a complete frontend to rrdtool. Description Multiple vulnerabilities have been discovered in Cacti. Please review the CVE identifiers referenced below for details. Impact Remote attackers could execute arbitrary code or bypass intended access restrictions. Workaround There is ...
cURL: Certificate validation error
Background cURL is a tool and libcurl is a library for transferring data with URL syntax. Description cURL and applications linked against libcurl support “OCSP stapling”, also known as the TLS Certificate Status Request extension using the CURLOPTSSLVERIFYSTATUS option. When telling cURL to use...
Mozilla Firefox: Multiple vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code wi...