3816 matches found
Multi-Threaded DAAP Daemon: Multiple vulnerabilities
Background Multi-Threaded DAAP Daemon mt-daapd, also known as the Firefly Media Server, is a software to serve digital music to the Roku Soundbridge and Apple's iTunes. Description nnp discovered multiple vulnerabilities in the XML-RPC handler in the file webserver.c. The wsaddarg function contai...
Star: Directory traversal vulnerability
Background The Star program provides the ability to create and extract tar archives. Description Robert Buchholz of the Gentoo Security team discovered a directory traversal vulnerability in the hasdotdot function which does not identify //.. slash slash dot dot sequences in file names inside tar...
LibXfont, TightVNC: Multiple vulnerabilities
Background LibXfont is the X.Org font library. TightVNC is a VNC client/server for X displays. Description The libXfont code is prone to several integer overflows, in functions ProcXCMiscGetXIDList, bdfReadCharacters and FontFileInitTable. TightVNC contains a local copy of this code and is also...
KHTML: Cross-site scripting (XSS) vulnerability
Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. KHTML is the HTML interpreter used in Konqueror and other parts of KDE. Description The KHTML code allows for the execution of JavaScript code located inside the "Title" HTML element, a relat...
OpenLDAP: Insecure usage of /tmp during installation
Background OpenLDAP Software is an open source implementation of the Lightweight Directory Access Protocol. Description Tavis Ormandy of the Gentoo Linux Security Team has discovered that the file gencert.sh distributed with the Gentoo ebuild for OpenLDAP does not exit upon the existence of a...
Mozilla Firefox: Multiple vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Description An anonymous researcher found evidence of memory corruption in the way Mozilla Firefox handles certain types of SVG comment DOM nodes. Additionally, Frederik Reiss discovered a heap-based buffer...
KOffice shared libraries: Heap corruption
Background KOffice is an integrated office suite for KDE. koffice-libs is a package containing shared librares used by KOffice programs. Description Kees Cook of Ubuntu discovered that 'KLaola::readBigBlockDepot' in klaola.cc fills 'numofbbdblocks' while reading a .ppt PowerPoint file without...
LHa: Multiple vulnerabilities
Background LHa is a console-based program for packing and unpacking LHarc archives. Description Tavis Ormandy of the Google Security Team discovered several vulnerabilities in the LZH decompression component used by LHa. The maketable function of unlzh.c contains an array index error and a buffer...
GNU gv: Stack overflow
Background GNU gv is a viewer for PostScript and PDF documents. Description GNU gv does not properly boundary check user-supplied data before copying it into process buffers. Impact An attacker could entice a user to open a specially crafted document with GNU gv and execute arbitrary code with th...
OpenSSL: Multiple vulnerabilities
Background OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. Description Tavis Ormandy and Will Drewry, both of the Google Security Team, discovered that the SSLgetsharedciphers function contains a buffer...
Streamripper: Multiple remote buffer overflows
Background Streamripper extracts and records individual MP3 file tracks from SHOUTcast streams. Description Ulf Harnhammar, from the Debian Security Audit Project, has found that Streamripper is vulnerable to multiple stack based buffer overflows caused by improper bounds checking when processing...
OpenTTD: Remote Denial of service
Background OpenTTD is a clone of Transport Tycoon Deluxe. Description OpenTTD is vulnerable to a Denial of Service attack due to a flaw in the manner the game server handles errors in command packets. Impact An authenticated attacker can cause a Denial of Service by sending an invalid error numbe...
WordPress: Arbitrary command execution
Background WordPress is a PHP and MySQL based content management and publishing system. Description rgod discovered that WordPress insufficiently checks the format of cached username data. Impact An attacker could exploit this vulnerability to execute arbitrary commands by sending a specially...
flex: Potential insecure code generation
Background flex is a programming tool used to generate scanners programs which recognize lexical patterns in text. Description Chris Moore discovered a buffer overflow in a special class of lexicographical scanners generated by flex. Only scanners generated by grammars which use either REJECT, or...
ImageMagick: Format string vulnerability
Background ImageMagick is an application suite to manipulate and convert images. It is often used as a utility backend by web applications like forums, content management systems or picture galleries. Description The SetImageInfo function was found vulnerable to a format string mishandling. Danie...
OpenVPN: Multiple vulnerabilities
Background OpenVPN is a multi-platform, full-featured SSL VPN solution. Description The OpenVPN client contains a format string bug in the handling of the foreignoption in options.c. Furthermore, when the OpenVPN server runs in TCP mode, it may dereference a NULL pointer under specific error...
phpLDAPadmin: Authentication bypass
Background phpLDAPadmin is a web-based LDAP client allowing to easily manage LDAP servers. Description Alexander Gerasiov discovered a flaw in login.php preventing the application from validating whether anonymous bind has been disabled in the target LDAP server configuration. Impact Anonymous...
AWStats: Arbitrary code execution using malicious Referrer information
Background AWStats is an advanced log file analyzer and statistics generator. In HTTP reports it parses Referrer information in order to display the most common Referrer values that caused users to visit the website. Description When using a URLPlugin, AWStats fails to sanitize Referrer URL data...
PeerCast: Format string vulnerability
Background PeerCast is a media streaming system based on P2P technology. Description James Bercegay of the GulfTech Security Research Team discovered that PeerCast insecurely implements formatted printing when receiving a request with a malformed URL. Impact A remote attacker could exploit this...
Mailutils: SQL Injection
Background GNU Mailutils is a collection of mail-related utilities. Description When GNU Mailutils is built with the "mysql" or "postgres" USE flag, the sqlescapestring function of the authentication module fails to properly escape the "" character, rendering it vulnerable to a SQL command...
libTIFF: Buffer overflow
Background libTIFF provides support for reading and manipulating TIFF Tag Image File Format images. Description Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a stack based buffer overflow in the libTIFF library when reading a TIFF image with a malformed BitsPerSample tag. Impac...
Pound: Buffer overflow vulnerability
Background Pound is a reverse proxy, load balancer and HTTPS front-end. Description Steven Van Acker has discovered a buffer overflow vulnerability in the "addport" function in Pound. Impact A remote attacker could send a request for an overly long hostname parameter, which could lead to the remo...
Emacs, XEmacs: Format string vulnerabilities in movemail
Background GNU Emacs and XEmacs are highly extensible and customizable text editors. movemail is an Emacs utility that can fetch mail on remote mail servers. Description Max Vozeler discovered that the movemail utility contains several format string errors. Impact An attacker could set up a...
LessTif: Multiple vulnerabilities in libXpm
Background LessTif is a clone of OSF/Motif, which is a standard user interface toolkit available on Unix and Linux. Description Multiple vulnerabilities, including buffer overflows, out of bounds memory access and directory traversals, have been discovered in libXpm, which is shipped as a part of...
Perl: rmtree and DBI tmpfile vulnerabilities
Background Perl is a cross platform programming language. The DBI is the standard database interface module for Perl. Description Javier Fernandez-Sanguino Pena discovered that the DBI library creates temporary files in an insecure, predictable way CAN-2005-0077. Paul Szabo found out that...
a2ps: Multiple vulnerabilities
Background a2ps is an Any to Postscript filter that can convert to Postscript from many filetypes. fixps is a script that fixes errors in Postscript files. psmandup produces a Postscript file for printing in manual duplex mode. Description Javier Fernandez-Sanguino Pena discovered that the a2ps...
Sun and Blackdown Java: Applet privilege escalation
Background Sun and Blackdown both provide implementations of Java Development Kits JDK and Java Runtime Environments JRE. All these implementations provide a Java plug-in that can be used to execute Java applets in a restricted environment for web browsers. Description All Java plug-ins are subje...
GD: Integer overflow
Background The GD graphics library is an open source library which allows programmers to easily generate PNG, JPEG, GIF and WBMP images from many different programming languages. Description infamous41md found an integer overflow in the memory allocation procedure of the GD routine that handles...
xv: Buffer overflows in image handling
Background xv is a multi-format image manipulation utility. Description Multiple buffer overflow and integer handling vulnerabilities have been discovered in xv's image processing code. These vulnerabilities have been found in the xvbmp.c, xviris.c, xvpcx.c and xvpm.c source files. Impact An...
Squid: Denial of service when using NTLM authentication
Background Squid is a full-featured Web Proxy Cache designed to run on Unix systems. It supports proxying and caching of HTTP, FTP, and other URLs, as well as SSL support, cache hierarchies, transparent caching, access control lists and many other features. Description Squid 2.5.x versions contai...
Apache 2: Remote denial of service attack
Background The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems. The goal of this project is to provide a secure, efficient and extensible server that provides services in tune with the current HTTP standards. Description A bu...
Webmin: Multiple vulnerabilities
Background Webmin is a web-based administration tool for Unix. It supports a wide range of applications including Apache, DNS, file sharing and others. Description Webmin contains two security vulnerabilities. One allows any user to view the configuration of any module and the other could allow a...
MPlayer, xine-lib: vulnerabilities in RTSP stream handling
Background MPlayer is a movie player capable of handling multiple multimedia file formats. xine-lib is a multimedia player library used by several graphical user interfaces, including xine-ui. They both use the same code to handle Real-Time Streaming Protocol RTSP streams from RealNetworks server...
Util-linux login may leak sensitive data
Background Util-linux is a suite of essential system utilites, including login, agetty, fdisk. Description In some situations the login program could leak sensitive data due to an incorrect usage of a reallocated pointer. NOTE: Only users who have PAM support disabled on their systems i.e. -PAM i...
GnuPG: ElGamal signing keys compromised and format string vulnerability
Background GnuPG is a popular open source signing and encryption tool. Description Two flaws have been found in GnuPG 1.2.3. First, ElGamal signing keys can be compromised. These keys are not commonly used, but this is "a significant security failure which can lead to a compromise of almost all...
glibc: getgrouplist buffer overflow vulnerability
Background glibc is the GNU C library. Description A bug in the getgrouplist function can cause a buffer overflow if the size of the group list is too small to hold all the user's groups. This overflow can cause segmentation faults in user applications. This vulnerability exists only when an...
ytnef: Multiple Vulnerabilities
Background ytnef is a TNEF stream reader for reading winmail.dat files. Description The TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service and potentially code execution due to a double free which can be triggered via a crafted file. The SwapWord...
Commons-BeanUtils: Improper Access Restriction
Background Commons-beanutils provides easy-to-use wrappers around Reflection and Introspection APIs Description A vulnerability has been discovered in Commons-BeanUtils. Please review the CVE identifier referenced below for details. Impact Please review the referenced CVE identifiers for details...
Dalli: Code Injection
Background Dalli is a high performance pure Ruby client for accessing memcached servers. Description A vulnerability was found in Dalli. Affected is the function self.metaset of the file lib/dalli/protocol/meta/requestformatter.rb of the component Meta Protocol Handler. The manipulation leads to...
CUPS: Multiple Vulnerabilities
Background CUPS, the Common Unix Printing System, is a full-featured print server. Description Multiple vulnerabilities have been discovered in CUPS. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There i...
OpenSSL: Multiple Vulnerabilities
Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced...
libgit2: Privilege Escalation Vulnerability
Background libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API. Description A vulnerability has been discovered in libgit2. Please review the CVE identifier referenced below for details. Impact Usages of a malicious craft...
multipath-tools: Multiple Vulnerabilities
Background multipath-tools are used to drive the Device Mapper multipathing driver. Description Multiple vulnerabilities have been discovered in multipath-tools. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
glibc: Multiple vulnerabilities
Background glibc is a package that contains the GNU C library. Description Multiple vulnerabilities have been discovered in glibc. Please review the CVE identifiers referenced below for details. Impact An attacker could elevate privileges from a local user to root. Workaround There is no known...
Oracle VirtualBox: Multiple Vulnerabilities
Background VirtualBox is a powerful virtualization product from Oracle. Description Multiple vulnerabilities have been discovered in VirtualBox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...
libebml: Heap buffer overflow vulnerability
Background libebml is a C++ library to parse EBML files. Description On 32bit builds of libebml, the length of a string is miscalculated, potentially leading to an exploitable heap overflow. Impact An attacker able to provide arbitrary input to libebml could achieve arbitrary code execution...
Puma: Multiple Vulnerabilities
Background Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack. Description Multiple vulnerabilities have been discovered in Puma. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
GNU Readline: Multiple vulnerabilities
Background The GNU Readline library provides a set of functions for use by applications that allow users to edit command lines as they are typed in. Description Multiple vulnerabilities have been discovered in GNU Readline. Please review the CVE identifiers referenced below for details. Impact...
Patch: Multiple vulnerabilities
Background Patch takes a patch file containing a difference listing produced by the diff program and applies those differences to one or more original files, producing patched versions. Description Multiple vulnerabilities have been discovered in Patch. Please review the CVE identifiers reference...
util-linux: User-assisted execution of arbitrary code
Background util-linux is a suite of Linux programs including mount and umount, programs used to mount and unmount filesystems. Description It was discovered that the umount bash-completion as provided by util-linux does not escap mount point paths. Impact An attacker controlling a volume label...