3816 matches found
Asterisk: Denial of service
Background Asterisk is an open source telephony engine and toolkit. Description Multiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers and Asterisk Project Security Advisories referenced below for details. Impact A remote attacker could possibly cause a Denia...
Opera: Multiple vulnerabilities
Background Opera is a fast web browser that is available free of charge. Description Multiple vulnerabilities have been discovered in Opera. Please review the CVE identifiers and Opera Release Notes referenced below for details. Impact A remote attacker could entice a user to open a specially...
HPLIP: Multiple vulnerabilities
Background The Hewlett-Packard Linux Imaging and Printing system HPLIP provides drivers for HP's inkjet and laser printers, scanners and fax machines. Description Two vulnerabilities have been found in HPLIP: The "hpmudgetpml" function in pml.c contains a boundary error which could cause a...
Rack: Denial of service
Background Rack is a modular Ruby web server interface. Description Rack does not properly randomize hash functions to protect against hash collision attacks. Impact A remote attacker could send a specially crafted form post, possibly resulting in a Denial of Service condition. Workaround There i...
JasPer: User-assisted execution of arbitrary code
Background The JasPer Project is an open-source initiative to provide a free software-based reference implementation of the codec specified in the JPEG-2000 Part-1 jpeg2k standard. Description Two vulnerabilities have been found in JasPer: The jpccoxgetcompparms function in libjasper/jpc/jpccs.c...
Evince: Multiple vulnerabilities
Background Evince is a document viewer for multiple document formats, including PostScript. Description Multiple vulnerabilities have been discovered in Evince. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to load a DVI file with a...
feh: Multiple vulnerabilities
Background feh is a fast, lightweight imageviewer using imlib2. Description Multiple vulnerabilities have been discovered in feh. Please review the CVE identifiers referenced below for details. Impact A malicious entity might entice a user to visit a URL using the --wget-timestamp option, thus...
IO::Socket::SSL: Certificate validation error
Background IO::Socket::SSL is a Perl class implementing an object oriented interface to SSL sockets. Description The vendor reported that IO::Socket::SSL does not properly handle Common Name CN fields. Impact A remote attacker might employ a specially crafted certificate to conduct...
OpenAFS: Arbitrary code execution
Background OpenAFS is a distributed file system. Description Two vulnerabilities were discovered: Simon Wilkinson discovered from a bug report by Toby Blake that the cache manager of OpenAFS contains a heap-based buffer overflow which is related to the use of the ERRPTR macro CVE-2009-1250. A...
libTIFF: User-assisted execution of arbitrary code
Background libTIFF provides support for reading and manipulating TIFF Tagged Image File Format images. Description Two vulnerabilities have been reported in libTIFF: wololo reported a buffer underflow in the LZWDecodeCompat function CVE-2009-2285. Tielei Wang of ICST-ERCIS, Peking University...
GnuTLS: Multiple vulnerabilities
Background GnuTLS is an Open Source implementation of the TLS 1.0 and SSL 3.0 protocols. Description The following vulnerabilities were found in GnuTLS: Miroslav Kratochvil reported that lib/pk-libgcrypt.c does not properly handle corrupt DSA signatures, possibly leading to a double-free...
OpenTTD: Execution of arbitrary code
Background OpenTTD is a clone of Transport Tycoon Deluxe. Description Multiple buffer overflows have been reported in OpenTTD, when storing long for client names CVE-2008-3547, in the TruncateString function in src/gfx.cpp CVE-2008-3576 and in src/openttd.cpp when processing a large filename...
OpenSSL: Denial of service
Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Ossi Herrala and Jukka Taimisto of Codenomicon discovered two vulnerabilities: A double free call in the...
exiftags: Multiple vulnerabilities
Background exiftags is a library and set of tools for parsing, editing and saving Exif metadata from images. Exif, the Exchangeable image file format, specifies the addition of metadata tags to JPEG, TIFF and RIFF files. Description Meder Kydyraliev Google Security discovered that Exif metadata i...
Multi-Threaded DAAP Daemon: Multiple vulnerabilities
Background Multi-Threaded DAAP Daemon mt-daapd, also known as the Firefly Media Server, is a software to serve digital music to the Roku Soundbridge and Apple's iTunes. Description nnp discovered multiple vulnerabilities in the XML-RPC handler in the file webserver.c. The wsaddarg function contai...
Samba: Execution of arbitrary code
Background Samba is a suite of SMB and CIFS client/server programs for UNIX. Description Two vulnerabilities have been reported in nmbd. Alin Rad Pop Secunia Research discovered a boundary checking error in the replynetbiospacket function which could lead to a stack-based buffer overflow...
Poppler, KDE: User-assisted execution of arbitrary code
Background Poppler is a cross-platform PDF rendering library originally based on Xpdf. KOffice is an integrated office suite for KDE. KWord is the KOffice word processor. KPDF is a KDE-based PDF viewer included in the kdegraphics package. Description Alin Rad Pop Secunia Research discovered sever...
Star: Directory traversal vulnerability
Background The Star program provides the ability to create and extract tar archives. Description Robert Buchholz of the Gentoo Security team discovered a directory traversal vulnerability in the hasdotdot function which does not identify //.. slash slash dot dot sequences in file names inside tar...
LibXfont, TightVNC: Multiple vulnerabilities
Background LibXfont is the X.Org font library. TightVNC is a VNC client/server for X displays. Description The libXfont code is prone to several integer overflows, in functions ProcXCMiscGetXIDList, bdfReadCharacters and FontFileInitTable. TightVNC contains a local copy of this code and is also...
KHTML: Cross-site scripting (XSS) vulnerability
Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. KHTML is the HTML interpreter used in Konqueror and other parts of KDE. Description The KHTML code allows for the execution of JavaScript code located inside the "Title" HTML element, a relat...
OpenLDAP: Insecure usage of /tmp during installation
Background OpenLDAP Software is an open source implementation of the Lightweight Directory Access Protocol. Description Tavis Ormandy of the Gentoo Linux Security Team has discovered that the file gencert.sh distributed with the Gentoo ebuild for OpenLDAP does not exit upon the existence of a...
Mozilla Firefox: Multiple vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Description An anonymous researcher found evidence of memory corruption in the way Mozilla Firefox handles certain types of SVG comment DOM nodes. Additionally, Frederik Reiss discovered a heap-based buffer...
KOffice shared libraries: Heap corruption
Background KOffice is an integrated office suite for KDE. koffice-libs is a package containing shared librares used by KOffice programs. Description Kees Cook of Ubuntu discovered that 'KLaola::readBigBlockDepot' in klaola.cc fills 'numofbbdblocks' while reading a .ppt PowerPoint file without...
LHa: Multiple vulnerabilities
Background LHa is a console-based program for packing and unpacking LHarc archives. Description Tavis Ormandy of the Google Security Team discovered several vulnerabilities in the LZH decompression component used by LHa. The maketable function of unlzh.c contains an array index error and a buffer...
GNU gv: Stack overflow
Background GNU gv is a viewer for PostScript and PDF documents. Description GNU gv does not properly boundary check user-supplied data before copying it into process buffers. Impact An attacker could entice a user to open a specially crafted document with GNU gv and execute arbitrary code with th...
OpenSSL: Multiple vulnerabilities
Background OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. Description Tavis Ormandy and Will Drewry, both of the Google Security Team, discovered that the SSLgetsharedciphers function contains a buffer...
Streamripper: Multiple remote buffer overflows
Background Streamripper extracts and records individual MP3 file tracks from SHOUTcast streams. Description Ulf Harnhammar, from the Debian Security Audit Project, has found that Streamripper is vulnerable to multiple stack based buffer overflows caused by improper bounds checking when processing...
OpenTTD: Remote Denial of service
Background OpenTTD is a clone of Transport Tycoon Deluxe. Description OpenTTD is vulnerable to a Denial of Service attack due to a flaw in the manner the game server handles errors in command packets. Impact An authenticated attacker can cause a Denial of Service by sending an invalid error numbe...
WordPress: Arbitrary command execution
Background WordPress is a PHP and MySQL based content management and publishing system. Description rgod discovered that WordPress insufficiently checks the format of cached username data. Impact An attacker could exploit this vulnerability to execute arbitrary commands by sending a specially...
Mozilla Thunderbird: Multiple vulnerabilities
Background Mozilla Thunderbird is the next-generation mail client from the Mozilla project. Description Several vulnerabilities were found and fixed in Mozilla Thunderbird. Impact A remote attacker could craft malicious emails that would leverage these issues to inject and execute arbitrary scrip...
flex: Potential insecure code generation
Background flex is a programming tool used to generate scanners programs which recognize lexical patterns in text. Description Chris Moore discovered a buffer overflow in a special class of lexicographical scanners generated by flex. Only scanners generated by grammars which use either REJECT, or...
ImageMagick: Format string vulnerability
Background ImageMagick is an application suite to manipulate and convert images. It is often used as a utility backend by web applications like forums, content management systems or picture galleries. Description The SetImageInfo function was found vulnerable to a format string mishandling. Danie...
OpenVPN: Multiple vulnerabilities
Background OpenVPN is a multi-platform, full-featured SSL VPN solution. Description The OpenVPN client contains a format string bug in the handling of the foreignoption in options.c. Furthermore, when the OpenVPN server runs in TCP mode, it may dereference a NULL pointer under specific error...
phpLDAPadmin: Authentication bypass
Background phpLDAPadmin is a web-based LDAP client allowing to easily manage LDAP servers. Description Alexander Gerasiov discovered a flaw in login.php preventing the application from validating whether anonymous bind has been disabled in the target LDAP server configuration. Impact Anonymous...
AWStats: Arbitrary code execution using malicious Referrer information
Background AWStats is an advanced log file analyzer and statistics generator. In HTTP reports it parses Referrer information in order to display the most common Referrer values that caused users to visit the website. Description When using a URLPlugin, AWStats fails to sanitize Referrer URL data...
WordPress: Multiple vulnerabilities
Background WordPress is a PHP and MySQL based content management and publishing system. Description James Bercegay of the GulfTech Security Research Team discovered that WordPress insufficiently checks data passed to the XML-RPC server. He also discovered that WordPress has several cross-site...
PeerCast: Format string vulnerability
Background PeerCast is a media streaming system based on P2P technology. Description James Bercegay of the GulfTech Security Research Team discovered that PeerCast insecurely implements formatted printing when receiving a request with a malformed URL. Impact A remote attacker could exploit this...
Mailutils: SQL Injection
Background GNU Mailutils is a collection of mail-related utilities. Description When GNU Mailutils is built with the "mysql" or "postgres" USE flag, the sqlescapestring function of the authentication module fails to properly escape the "" character, rendering it vulnerable to a SQL command...
libTIFF: Buffer overflow
Background libTIFF provides support for reading and manipulating TIFF Tag Image File Format images. Description Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a stack based buffer overflow in the libTIFF library when reading a TIFF image with a malformed BitsPerSample tag. Impac...
Pound: Buffer overflow vulnerability
Background Pound is a reverse proxy, load balancer and HTTPS front-end. Description Steven Van Acker has discovered a buffer overflow vulnerability in the "addport" function in Pound. Impact A remote attacker could send a request for an overly long hostname parameter, which could lead to the remo...
Emacs, XEmacs: Format string vulnerabilities in movemail
Background GNU Emacs and XEmacs are highly extensible and customizable text editors. movemail is an Emacs utility that can fetch mail on remote mail servers. Description Max Vozeler discovered that the movemail utility contains several format string errors. Impact An attacker could set up a...
LessTif: Multiple vulnerabilities in libXpm
Background LessTif is a clone of OSF/Motif, which is a standard user interface toolkit available on Unix and Linux. Description Multiple vulnerabilities, including buffer overflows, out of bounds memory access and directory traversals, have been discovered in libXpm, which is shipped as a part of...
Perl: rmtree and DBI tmpfile vulnerabilities
Background Perl is a cross platform programming language. The DBI is the standard database interface module for Perl. Description Javier Fernandez-Sanguino Pena discovered that the DBI library creates temporary files in an insecure, predictable way CAN-2005-0077. Paul Szabo found out that...
a2ps: Multiple vulnerabilities
Background a2ps is an Any to Postscript filter that can convert to Postscript from many filetypes. fixps is a script that fixes errors in Postscript files. psmandup produces a Postscript file for printing in manual duplex mode. Description Javier Fernandez-Sanguino Pena discovered that the a2ps...
Sun and Blackdown Java: Applet privilege escalation
Background Sun and Blackdown both provide implementations of Java Development Kits JDK and Java Runtime Environments JRE. All these implementations provide a Java plug-in that can be used to execute Java applets in a restricted environment for web browsers. Description All Java plug-ins are subje...
GD: Integer overflow
Background The GD graphics library is an open source library which allows programmers to easily generate PNG, JPEG, GIF and WBMP images from many different programming languages. Description infamous41md found an integer overflow in the memory allocation procedure of the GD routine that handles...
xv: Buffer overflows in image handling
Background xv is a multi-format image manipulation utility. Description Multiple buffer overflow and integer handling vulnerabilities have been discovered in xv's image processing code. These vulnerabilities have been found in the xvbmp.c, xviris.c, xvpcx.c and xvpm.c source files. Impact An...
Squid: Denial of service when using NTLM authentication
Background Squid is a full-featured Web Proxy Cache designed to run on Unix systems. It supports proxying and caching of HTTP, FTP, and other URLs, as well as SSL support, cache hierarchies, transparent caching, access control lists and many other features. Description Squid 2.5.x versions contai...
Apache 2: Remote denial of service attack
Background The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems. The goal of this project is to provide a secure, efficient and extensible server that provides services in tune with the current HTTP standards. Description A bu...
Webmin: Multiple vulnerabilities
Background Webmin is a web-based administration tool for Unix. It supports a wide range of applications including Apache, DNS, file sharing and others. Description Webmin contains two security vulnerabilities. One allows any user to view the configuration of any module and the other could allow a...