3816 matches found
Berkeley MPEG Tools: Multiple insecure temporary files
Background The Berkeley MPEG Tools are a collection of utilities for manipulating MPEG video technology, including an encoder mpegencode and various conversion utilities. Description Mike Frysinger of the Gentoo Security Team discovered that mpegencode and the conversion utilities were creating...
Net-SNMP: fixproc insecure temporary file creation
Background Net-SNMP is a suite of applications used to implement the Simple Network Management Protocol. Description The fixproc application of Net-SNMP creates temporary files with predictable filenames. Impact A malicious local attacker could exploit a race condition to change the content of th...
phpMyAdmin: Cross-site scripting vulnerability
Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL databases from a web-browser. Description Oriol Torrent Santiago has discovered that phpMyAdmin fails to validate input to the "convcharset" variable, rendering it vulnerable to cross-site scripting...
Midnight Commander: Multiple vulnerabilities
Background Midnight Commander is a visual console file manager. Description Midnight Commander contains several format string vulnerabilities CAN-2004-1004, buffer overflows CAN-2004-1005, a memory deallocation error CAN-2004-1092 and a buffer underflow CAN-2004-1176. Impact An attacker could...
phpMyAdmin: Multiple XSS vulnerabilities
Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL databases from a web-browser. Description Cedric Cochin has discovered multiple cross-site scripting vulnerabilities in phpMyAdmin. These vulnerabilities can be exploited through the PmaAbsoluteUri...
Cfengine: RSA Authentication Heap Corruption
Background Cfengine is an agent/software robot and a high level policy language for building expert systems to administrate and configure large computer networks. Description Two vulnerabilities have been found in cfservd. One is a buffer overflow in the AuthenticationDialogue function and the...
MPlayer: GUI filename handling overflow
Background MPlayer is a media player capable of handling multiple multimedia file formats. Description The MPlayer GUI code contains several buffer overflow vulnerabilities, and at least one in the TranslateFilename function is exploitable. Impact By enticing a user to play a file with a carefull...
giFT-FastTrack: remote denial of service attack
Background giFT-FastTrack is a plugin for the giFT file-sharing application. It allows giFT users to connect to the fasttrack network to share files. Description Alan Fitton found a vulnerability in the giFT-FastTrack plugin in version 0.8.6 and earlier. It can be used to remotely crash the giFT...
Opera: buffer overflows in 7.11 and 7.20
Background Opera is a multi-platform web browser. Description The Opera browser can cause a buffer allocated on the heap to overflow under certain HREFs when rendering HTML. The mail system is also deemed vulnerable and an attacker can send an email containing a malformed HREF, or plant the...
glibc: Multiple Vulnerabilities
Background glibc is a package that contains the GNU C library. Description Multiple vulnerabilities have been discovered in glibc. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workarou...
Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Microsoft Edge is a browser that combines a minimal design with...
Apache Batik: Multiple Vulnerabilities
Background Apache Batik is a Java-based toolkit for applications or applets that want to use images in the Scalable Vector Graphics SVG format for various purposes, such as display, generation or manipulation. Description Multiple vulnerabilities have been discovered in Apache Batik. Please revie...
Git: Multiple Vulnerabilities
Background Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Description Multiple vulnerabilities have been discovered in Git. Please review the CVE identifiers referenced below for details...
libksba: Remote Code Execution
Background Libksba is a X.509 and CMS PKCS7 library. Description An integer overflow in parsing ASN.1 objects could lead to a buffer overflow. Impact Crafted ASN.1 objects could trigger an integer overflow and buffer overflow to result in remote code execution. Workaround There is no known...
GDAL: Heap Buffer Overflow
Background GDAL is a geospatial data abstraction library. Description GDAL does not sufficiently sanitize input when loading PCIDSK binary segments. Impact Loading crafted PCIDSK data via GDAL could result in denial of service. Workaround There is no known workaround at this time. Resolution All...
hiredis, hiredis-py: Multiple Vulnerabilities
Background hiredis is a minimalistic C client library for the Redis database. hiredis-py is a Python extension that wraps hiredis. Description Hiredis is vulnerable to integer overflow if provided maliciously crafted or corrupted RESP mult-bulk protocol data. When parsing multi-bulk array-like...
Zutty: Arbitrary Code Execution
Background Zutty is an X terminal emulator rendering through OpenGL ES Compute Shaders. Description Zutty does not correctly handle invalid DECRQSS commands, which can be exploited to run arbitrary commands in the terminal. Impact Untrusted text written to the Zutty terminal can achieve arbitrary...
Smokeping: Multiple vulnerabilities
Background Smokeping is a powerful latency measurement tool Description Multiple vulnerabilities have been discovered in Smokeping. Please review the CVE identifiers referenced below for details. Impact A local attacker which gains access to the smokeping user could gain root privileges. Workarou...
Smarty: Multiple vulnerabilities
Background Smarty is a template engine for PHP. The "template security" feature of Smarty is designed to help reduce the risk of a system compromise when you have untrusted parties editing templates. Description Multiple vulnerabilities have been discovered in Smarty. Please review the CVE...
GRUB: Multiple Vulnerabilities
Background GNU GRUB is a multiboot boot loader used by most Linux systems. Description Multiple vulnerabilities have been discovered in GRUB. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no kno...
TCG TPM2 Software Stack: Information disclosure
Background TCG TPM2 Software Stack is a library to interface with trusted platform modules. Description TCG TPM2 Software Stack did not appropriately apply FAPI policies to protect data encrypted with the trusted platform module. Impact Data encrypted using TCG TPM2 Software Stack tpm2-tss may no...
libssh: Denial of service
Background libssh is a multiplatform C library implementing the SSHv2 protocol on client and server side. Description libssh was found to have a NULL pointer dereference in tftpserver.c if the function sshbuffernew returns NULL. Impact An attacker could cause a possible Denial of Service conditio...
arpwatch: Root privilege escalation
Background The ethernet monitor program; for keeping track of ethernet/ip address pairings. Description It was discovered that Gentoo’s arpwatch ebuild made excessive permission operations on its data directories, possibly changing ownership of unintended files. This only affects OpenRC systems, ...
FreeRDP: Multiple vulnerabilities
Background FreeRDP is a free implementation of the Remote Desktop Protocol. Description Multiple vulnerabilities have been discovered in FreeRDP. Please review the CVE identifiers referenced below for details. Impact An attacker could possibly cause a Denial of Service condition. Workaround There...
libgit2: Multiple vulnerabilities
Background libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API. Description Multiple vulnerabilities have been discovered in libgit2. Please review the CVE identifiers referenced below for details. Impact An attacker coul...
Asterisk: Multiple vulnerabilities
Background A Modular Open Source PBX System. Description Multiple vulnerabilities have been discovered in Asterisk. Please review the referenced CVE identifiers for details. Impact A remote attacker could execute arbitrary code, cause a denial of service condition, or cause an unauthorized data...
Xen: Multiple vulnerabilities
Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers and Xen Security Advisory referenced below for details. Impact A local attacker could potentially execute arbitrary code with privileges of Xen QEMU proce...
GnuTLS: Multiple vulnerabilities
Background GnuTLS is an Open Source implementation of the TLS and SSL protocols. Description Multiple heap and stack overflows and double free vulnerabilities have been discovered in GnuTLS by the OSS-Fuzz project. Please review the CVE identifiers referenced below for details. Impact A remote...
a2ps: Arbitrary code execution
Background a2ps is an Any to PostScript filter. Description a2ps’ fixps script does not invoke gs with the -dSAFER option. Impact Remote attackers, by enticing a user to process a specially crafted PostScript file, could delete arbitrary files or execute arbitrary code with the privileges of the...
X.Org X Server: Multiple vulnerabilities
Background The X Window System is a graphical windowing system based on a client/server model. Description Multiple vulnerabilities have been discovered in X.Org X Server. Please review the CVE identifiers referenced below for details. Impact An authenticated attacker could possibly cause a Denia...
LibRaw: Multiple vulnerabilities
Background LibRaw is a library for reading RAW files obtained from digital photo cameras. Description Multiple vulnerabilities have been discovered in LibRaw. Please review the CVE identifiers referenced below for details. Impact An attacker could execute arbitrary code, cause a Denial of Service...
runC: Privilege escalation
Background RunC is a CLI tool for spawning and running containers according to the OCI specification. Description A vulnerability was discovered in runC that allows additional container processes via ‘runc exec’ to be ptraced by the pid 1 of the container. This allows the main processes of the...
HDF5: Multiple vulnerabilities
Background HDF5 technology suite includes a data model, library, and file format for storing and managing data. Description Multiple arbitrary code execution vulnerabilities have been discovered in HDF5. Please review the CVE identifiers referenced below for details. Impact An attacker could...
Botan: Multiple vulnerabilities
Background Botan Japanese for peony is a cryptography library written in C++11. Description Multiple vulnerabilities have been discovered in Botan. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of...
dpkg: Arbitrary code execution
Background Debian package management system. Description Gentoo Linux developer, Hanno Böck, discovered an off-by-one error in the dpkg-deb component of dpkg, the Debian package management system, which triggers a stack-based buffer overflow. Impact An attacker could potentially execute arbitrary...
libsndfile: Multiple vulnerabilities
Background libsndfile is a C library for reading and writing files containing sampled sound. Description Multiple vulnerabilities have been discovered in libsndfile. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially...
DavFS2: Local privilege escalation
Background DavFS2 is a file system driver that allows you to mount a WebDAV server as a local disk drive. Description DavFS2 installs “/usr/sbin/mount.davfs” as setuid root. This utility uses “system” to call “/sbin/modprobe”. While the call to “modprobe” itself cannot be manipulated, a local...
Tar: Extract pathname bypass
Background The Tar program provides the ability to create and manipulate tar archives. Description Tar attempts to avoid path traversal attacks by removing offending parts of the element name at extract. This sanitizing leads to a vulnerability where the attacker can bypass the path names specifi...
Quagga: Arbitrary code execution
Background Quagga is a free routing daemon replacing Zebra supporting RIP, OSPF and BGP. Description A memcpy function in the VPNv4 NLRI parser of bgpmplsvpn.c does not properly check the upper-bound length of received Labeled-VPN SAFI routes data, which may allow for arbitrary code execution on...
Git: Multiple vulnerabilities
Background Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Description Git is vulnerable to the remote execution of arbitrary code by cloning repositories with large filenames or a large...
InspIRCd: Multiple vulnerabilities
Background InspIRCd is a modular Internet Relay Chat IRC server written in C++ which was created from scratch to be stable, modern and lightweight. Description Multiple vulnerabilities have been discovered in InspIRCd. Please review the CVE identifiers referenced below for details. Impact A remot...
IPython: User-assisted execution of arbitrary code
Background IPython is an advanced interactive shell for Python. Description IPython does not properly check the MIME type of a file. Impact A remote attacker could entice a user to open a specially crafted text file using IPython, possibly resulting in execution of arbitrary JavaScript with the...
Dnsmasq: Denial of service
Background Dnsmasq is a lightweight, easy to configure DNS forwarder and DHCP server. Description An out-of-bounds read vulnerability has been found in the tcprequest function in Dnsmasq. Impact A remote attacker could send a specially crafted DNS request, possibly resulting in a Denial of Servic...
NetworkManager: Denial of service
Background NetworkManager is an universal network configuration daemon for laptops, desktops, servers and virtualization hosts. Description IPv6 Neighbour Discovery ICMP broadcast containing a non-route with a low hop limit causes a Denial of Service by lowering the hop limit on existing IPv6...
Chromium: Multiple vulnerabilities
Background Chromium is an open-source web browser project. Description Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details. Impact A remote attacker could bypass security restrictions. Workaround There is no known workaround at...
MySQL and MariaDB: Multiple vulnerabilities
Background MySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an enhanced, drop-in replacement for MySQL. Description Multiple vulnerabilities have been discovered in MySQL and MariaDB. Please review the CVE identifiers referenced below for details. Impact A remote attacker coul...
BusyBox: Multiple vulnerabilities
Background BusyBox is set of tools for embedded systems and is a replacement for GNU Coreutils. Description Multiple vulnerabilities have been discovered in BusyBox. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker can load kernel modules without...
NTP: Multiple vulnerabilities
Background NTP is a protocol designed to synchronize the clocks of computers over a network. The net-misc/ntp package contains the official reference implementation by the NTP Project. Description Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced...
GPL Ghostscript: Multiple vulnerabilities
Background Ghostscript is an interpreter for the PostScript language and for PDF. Description Multiple vulnerabilities have been discovered in GPL Ghostscript. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker could entice a user to open a special...
libxml2: Denial of service
Background libxml2 is the XML C parser and toolkit developed for the Gnome project. Description parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled. Impact A context-dependent attacker could entice a user to a specially craft...