3816 matches found
Dnsmasq: Denial of service
Background Dnsmasq is a lightweight, easy to configure DNS forwarder and DHCP server. Description An out-of-bounds read vulnerability has been found in the tcprequest function in Dnsmasq. Impact A remote attacker could send a specially crafted DNS request, possibly resulting in a Denial of Servic...
NetworkManager: Denial of service
Background NetworkManager is an universal network configuration daemon for laptops, desktops, servers and virtualization hosts. Description IPv6 Neighbour Discovery ICMP broadcast containing a non-route with a low hop limit causes a Denial of Service by lowering the hop limit on existing IPv6...
MySQL and MariaDB: Multiple vulnerabilities
Background MySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an enhanced, drop-in replacement for MySQL. Description Multiple vulnerabilities have been discovered in MySQL and MariaDB. Please review the CVE identifiers referenced below for details. Impact A remote attacker coul...
NTP: Multiple vulnerabilities
Background NTP is a protocol designed to synchronize the clocks of computers over a network. The net-misc/ntp package contains the official reference implementation by the NTP Project. Description Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced...
RSYSLOG: Denial of service
Background RSYSLOG is an enhanced multi-threaded syslogd with database support and more. Description Multiple vulnerabilities have been discovered in RSYSLOG. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker may be able to create a Denial of...
AMD64 x86 emulation base libraries: Multiple vulnerabilities
Background AMD64 x86 emulation base libraries provides pre-compiled 32-bit libraries. Description Multiple vulnerabilities have been discovered in AMD64 x86 emulation base libraries. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker may be able to...
Apache Portable Runtime, APR Utility Library: Denial of service
Background The Apache Portable Runtime aka APR provides a set of APIs for creating platform-independent applications. The Apache Portable Runtime Utility Library aka APR-Util provides an interface to functionality such as XML parsing, string matching and database connections. Description Multiple...
Ruby OpenID: Denial of service
Background Ruby OpenID is a robust library for verifying and serving OpenID identities. Description An XML entity parsing error has been discovered in Ruby OpenID. Impact A remote attacker could send a specially crafted XML file, possibly resulting in a Denial of Service condition. Workaround The...
BIND: Denial of service
Background BIND is the Berkeley Internet Name Domain Server. Description Multiple vulnerabilities have been discovered in BIND. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to cause a Denial of Service condition. Workaround There is no known...
Perl, Locale Maketext Perl module: Multiple vulnerabilities
Background Perl is Larry Wall’s Practical Extraction and Report Language. Locale::Maketext is a Perl module - framework for localization. Description Multiple vulnerabilities have been discovered in Perl and Locale::Maketext Perl module. Please review the CVE identifiers referenced below for...
Quassel: Multiple Vulnerabilities
Background Quassel is a Qt4/KDE4 IRC client suppporting a remote daemon for 24/7 connectivity. Description Two vulnerabilities have been found in Quassel: Quassel does not properly handle multiple CTCP requests CVE-2010-3443. Quassel, when used with certain versions of Qt and PostgreSQL, does not...
PuTTY: Multiple Vulnerabilities
Background PuTTY is a telnet and SSH client. Description Multiple vulnerabilities have been discovered in PuTTY. Please review the CVE identifiers referenced below for details. Impact An attacker could entice a user to open connection to specially crafted SSH server, possibly resulting in executi...
RPM: Multiple vulnerabilities
Background The Red Hat Package Manager RPM is a command line driven package management system capable of installing, uninstalling, verifying, querying, and updating computer software packages. Description Multiple vulnerabilities have been found in RPM: fsm.c fails to properly strip setuid and...
GnuTLS: Multiple vulnerabilities
Background GnuTLS is an Open Source implementation of the TLS 1.2 and SSL 3.0 protocols. Description Multiple vulnerabilities have been found in GnuTLS: An error in libgnutls does not properly sanitize "\0" characters from certificate fields CVE-2009-2730. An error in the TLS and SSL protocols...
VirtualBox: Multiple vulnerabilities
Background VirtualBox is a powerful virtualization product from Oracle. Description Multiple unspecified vulnerabilities have been discovered in VirtualBox. Please review the CVE identifiers referenced below for details. Impact A local attacker may be able to gain escalated privileges via unknown...
TinTin++: Multiple vulnerabilities
Background TinTin++ is a free MUD gaming client. Description Multiple vulnerabilities have been discovered in TinTin++. Please review the CVE identifiers referenced below for details. Impact Remote unauthenticated attackers may be able to execute arbitrary code with the privileges of the TinTin++...
libxml2: Multiple vulnerabilities
Background libxml2 is the XML C parser and toolkit developed for the Gnome project. Description Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details. Impact A local or remote attacker may be able to execute arbitrary code with th...
Clam AntiVirus: Multiple vulnerabilities
Background Clam AntiVirus short: ClamAV is an anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Description Multiple vulnerabilities have been discovered in Clam AntiVirus. Please review the CVE identifiers referenced below for details. Impact An unauthenticat...
D-Bus: Multiple vulnerabilities
Background D-Bus is a message bus system, a simple way for applications to talk to each other. Description Multiple vulnerabilities have been discovered in D-Bus. Please review the CVE identifiers referenced below for details. Impact The vulnerabilities allow for local Denial of Service daemon...
Dovecot: Multiple vulnerabilities
Background Dovecot is an IMAP and POP3 server written with security primarily in mind. Description Multiple vulnerabilities have been discovered in Dovecot. Please review the CVE identifiers referenced below for details. Impact A remote attacker could exploit these vulnerabilities to cause the...
VirtualBox: Multiple vulnerabilities
Background The VirtualBox family provides powerful x86 virtualization products. Description Thomas Biege of SUSE discovered multiple vulnerabilities: A shell metacharacter injection in popen CVE-2009-3692 and a possible buffer overflow in strncpy in the VBoxNetAdpCtl configuration tool. An...
Wireshark: Multiple vulnerabilities
Background Wireshark is a versatile network protocol analyzer. Description Multiple vulnerabilities have been discovered in Wireshark: Ryan Giobbi reported an integer overflow in wiretap/erf.c CVE-2009-3829. The vendor reported multiple unspecified vulnerabilities in the Bluetooth L2CAP, RADIUS,...
WebSVN: Multiple vulnerabilities
Background WebSVN is a web-based browsing tool for Subversion repositories written in PHP. Description James Bercegay of GulfTech Security reported a Cross-site scripting XSS vulnerability in the getParameterisedSelfUrl function in index.php CVE-2008-5918 and a directory traversal vulnerability i...
NDISwrapper: Arbitrary remote code execution
Background NDISwrapper is a Linux kernel module that enables the use of Microsoft Windows drivers for wireless network devices. Description Anders Kaseorg reported multiple buffer overflows related to long ESSIDs. Impact A physically proximate attacker could send packets over a wireless network...
VLC: Multiple vulnerabilities
Background VLC is a cross-platform media player and streaming server. Description Tobias Klein reported the following vulnerabilities: A stack-based buffer overflow when processing CUE image files in modules/access/vcd/cdrom.c CVE-2008-5032. A stack-based buffer overflow when processing RealText...
Portage: Untrusted search path local root vulnerability
Background Portage is Gentoo's package manager which is responsible for installing, compiling and updating all packages on the system through the Gentoo rsync tree. Description The Gentoo Security Team discovered that several ebuilds, such as sys-apps/portage, net-mail/fetchmail or app-editors/le...
UUDeview: Insecure temporary file creation
Background UUdeview is encoder and decoder supporting various binary formats. NZBGet is a command-line based binary newsgrabber supporting .nzb files. Description UUdeview makes insecure usage of the tempnam function when creating temporary files. NZBGet includes a copy of the vulnerable code...
MPlayer: User-assisted execution of arbitrary code
Background MPlayer is a media player including support for a wide range of audio and video formats. Description ksOSe reported an integer overflow vulnerability in the sdpplinparse function in the file stream/realrtsp/sdpplin.c, which can be exploited to overwrite arbitrary memory regions via an...
OpenOffice.org: Multiple vulnerabilities
Background OpenOffice.org is an open source office productivity suite, including word processing, spreadsheet, presentation, drawing, data charting, formula editing, and file conversion facilities. Description iDefense Labs reported multiple vulnerabilities in OpenOffice.org: multiple heap-based...
InspIRCd: Denial of service
Background InspIRCd Inspire IRCd is a modular C++ IRC daemon. Description The "namesx" and "uhnames" modules do not properly validate network input, leading to a buffer overflow. Impact A remote attacker can send specially crafted IRC commands to the server, causing a Denial of Service. Workaroun...
phpMyAdmin: Information disclosure
Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL databases from a web-browser. Description Cezary Tomczak reported that an undefined UploadDir variable exposes an information disclosure vulnerability when running on shared hosts. Impact A remote attack...
bzip2: Denial of service
Background bzip2 is a free and open source lossless data compression program. Description The Oulu University discovered that bzip2 does not properly check offsets provided by the bzip2 file, leading to a buffer overread. Impact Remote attackers can entice a user or automated system to open a...
Cacti: Multiple vulnerabilities
Background Cacti is a web-based network graphing and reporting tool. Description The following inputs are not properly sanitized before being processed: "viewtype" parameter in the file graph.php, "filter" parameter in the file graphview.php, "action" and "loginusername" parameters in the file...
Gallery: Multiple vulnerabilities
Background Gallery is a web-based application for creating and viewing photo albums. Description The Gallery developement team reported and fixed critical vulnerabilities during an internal audit CVE-2007-6685, CVE-2007-6686, CVE-2007-6687, CVE-2007-6688, CVE-2007-6689, CVE-2007-6690,...
Firebird: Multiple buffer overflows
Background Firebird is a multi-platfrom, open source relational database. Description Adriano Lima and Ramon de Carvalho Valle reported that functions iscattachdatabase and isccreatedatabase do not perform proper boundary checking when processing their input. Impact A remote attacker could send...
3proxy: Denial of service
Background 3proxy is a really tiny cross-platform proxy servers set, including HTTP, HTTPS, FTP, SOCKS and POP3 support. Description 3proxy contains a double free vulnerability in the ftpprchild function, which frees param-hostname and calls the parsehostname function, which in turn attempts to...
libpng: Multiple Denials of Service
Background libpng is a free ANSI C library used to process and manipulate PNG images. Description An off-by-one error when handling ICC profile chunks in the pngsetiCCP function was discovered CVE-2007-5266. George Cook and Jeff Phillips reported several errors in pngrtran.c, the use of logical...
SiteBar: Multiple issues
Background SiteBar is a PHP application that allows users to store their bookmarks on a web server. Description Tim Brown discovered these multiple issues: the translation module does not properly sanitize the value to the "dir" parameter CVE-2007-5491, CVE-2007-5694; the translation module also...
Opera: Multiple vulnerabilities
Background Opera is a multi-platform web browser. Description Michael A. Puls II discovered an unspecified flaw when launching external email or newsgroup clients CVE-2007-5541. David Bloom discovered that when displaying frames from different websites, the same-origin policy is not correctly...
OpenSSL: Multiple vulnerabilities
Background OpenSSL is an implementation of the Secure Socket Layer and Transport Layer Security protocols. Description Moritz Jodeit reported an off-by-one error in the SSLgetsharedciphers function, resulting from an incomplete fix of CVE-2006-3738. A flaw has also been reported in the...
FreeType: User-assisted execution of arbitrary code
Background FreeType is a True Type Font rendering library. Description Greg MacManus of iDefense Labs has discovered an integer overflow in the function bdfReadCharacters when parsing BDF fonts. Impact A remote attacker could entice a user to use a specially crafted BDF font, possibly resulting i...
Aircrack-ng: Remote execution of arbitrary code
Background Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. Description Jonathan So reported that the airodump-ng module does not correctly check the size of 802.11 authentication packets before copying them into a...
Inkscape: Two format string vulnerabilities
Background Inkscape is a vector graphics editor, using Scalable Vector Graphics SVG Format. Description Kees Cook has discovered two vulnerabilities in Inkscape. The application does not properly handle format string specifiers in some dialog boxes. Inkscape is also vulnerable to another format...
file: Integer underflow
Background file is a utility that guesses a file format by scanning binary data for patterns. Description Jean-Sebastien Guay-Leroux reported an integer underflow in fileprintf function. Impact A remote attacker could entice a user to run the "file" program on a specially crafted file that would...
KDE kfile JPEG info plugin: Denial of service
Background The KDE kfile-info JPEG plugin provides meta-information about JPEG files. Description Marcus Meissner of the SUSE security team discovered a stack overflow vulnerability in the code processing EXIF information in the kfile JPEG info plugin. Impact A remote attacker could entice a user...
GNU Radius: Format string vulnerability
Background GNU Radius is a GNU version of Radius, a server for remote user authentication and accounting. Description A format string vulnerability was found in the sqllog function from the SQL accounting code for radiusd. That function is only used if one or more of the "postgresql", "mysql" or...
Netkit FTP Server: Privilege escalation
Background net-ftp/netkit-ftpd is the Linux Netkit FTP server with optional SSL support. Description Paul Szabo reported that an incorrect seteuid call after the chdir function can allow an attacker to access a normally forbidden directory, in some very particular circumstances, for example when...
Asterisk: Multiple vulnerabilities
Background Asterisk is an open source implementation of a telephone private branch exchange PBX. Description Asterisk contains buffer overflows in channels/chanmgcp.c from the MGCP driver and in channels/chanskinny.c from the Skinny channel driver for Cisco SCCP phones. It also dangerously handle...
Tikiwiki: Arbitrary command execution
Background Tikiwiki is a web-based groupware and content management system, developed with PHP, ADOdb and Smarty. Description A vulnerability in jhot.php allows for an unrestricted file upload to the img/wiki/ directory. Additionally, an XSS exists in the highlight parameter of...
MySQL: SQL Injection
Background MySQL is a popular multi-threaded, multi-user SQL server. Description MySQL is vulnerable to an injection flaw in mysqlrealescape when used with multi-byte characters. Impact Due to a flaw in the multi-byte character process, an attacker is still able to inject arbitary SQL statements...