3816 matches found
aRts: Privilege escalation
Background aRts is a real time modular system for synthesizing audio used by KDE. artswrapper is a helper application used to start the aRts daemon. Description artswrapper fails to properly check whether it can drop privileges accordingly if setuid fails due to a user exceeding assigned resource...
PAM-MySQL: Multiple vulnerabilities
Background PAM-MySQL is a PAM module used to authenticate users against a MySQL backend. Description A flaw in handling the result of pamgetitem as well as further unspecified flaws were discovered in PAM-MySQL. Impact By exploiting the mentioned flaws an attacker can cause a Denial of Service an...
rsync: Potential integer overflow
Background rsync is a server and client utility that provides fast incremental file transfers. It is used to efficiently synchronize files between hosts and is used by emerge to fetch Gentoo's Portage tree. Description An integer overflow was found in the receivexattr function from the extended...
xine-ui: Format string vulnerabilities
Background xine-ui is a skin-based user interface for xine. xine is a free multimedia player. It plays CDs, DVDs, and VCDs, and can also decode other common multimedia formats. Description Ludwig Nussel discovered that xine-ui incorrectly implements formatted printing. Impact By constructing a...
GnuPG: Incorrect signature verification
Background The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software that may be used without restriction, as it does not rely on any patented algorithms. GnuPG can be used to digitally sign messages, a method of ensuring the authenticity of a message using...
Macromedia Flash Player: Remote arbitrary code execution
Background The Macromedia Flash Player is a renderer for the popular SWF filetype which is commonly used to provide interactive websites, digital experiences and mobile content. Description When handling a SWF file, the Macromedia Flash Player incorrectly validates the frame type identifier store...
Qt: Buffer overflow in the included zlib library
Background Qt is a cross-platform GUI toolkit used by KDE. Description Qt links to a bundled vulnerable version of zlib when emerged with the zlib USE-flag disabled. This may lead to a buffer overflow. Impact By creating a specially crafted compressed data stream, attackers can overwrite data...
phpWebSite: Arbitrary command execution through XML-RPC and SQL injection
Background phpWebSite is a web site content management system. Description phpWebSite uses an XML-RPC library that improperly handles XML-RPC requests and responses with malformed nested tags. Furthermore, "matrixkiller" reported that phpWebSite is vulnerable to an SQL injection attack. Impact A...
Compress::Zlib: Buffer overflow
Background The Compress::Zlib is a Perl module which provides an interface to the zlib compression library. Description Compress::Zlib 1.34 contains a local vulnerable version of zlib, which may lead to a buffer overflow. Impact By creating a specially crafted compressed data stream, attackers ca...
PHP: Script injection through XML-RPC
Background PHP is a general-purpose scripting language widely used to develop web-based applications. It can run inside a web server using the modphp module or the CGI version of PHP, or can run stand-alone in a CLI. Description James Bercegay has discovered that the XML-RPC implementation in PHP...
zlib: Buffer overflow
Background zlib is a widely used free and patent unencumbered data compression library. Description Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a buffer overflow in zlib. A bounds checking operation failed to take invalid data into account, allowing a specifically malformed...
GNU shtool, ocaml-mysql: Insecure temporary file creation
Background GNU shtool is a compilation of small shell scripts into a single shell tool. The ocaml-mysql package includes the GNU shtool code. Description Eric Romang has discovered that GNU shtool insecurely creates temporary files with predictable filenames CAN-2005-1751. On closer inspection,...
Mailutils: Multiple vulnerabilities in imap4d and mail
Background GNU Mailutils is a collection of mail-related utilities, including an IMAP4 server imap4d and a Mail User Agent mail. Description infamous41d discovered several vulnerabilities in GNU Mailutils. imap4d does not correctly implement formatted printing of command tags CAN-2005-1523, fails...
PostgreSQL: Multiple vulnerabilities
Background PostgreSQL is a SQL compliant, open source object-relational database management system. Description PostgreSQL gives public EXECUTE access to a number of character conversion routines, but doesn't validate the given arguments CAN-2005-1409. It has also been reported that the...
RealPlayer, Helix Player: Buffer overflow vulnerability
Background RealPlayer is a multimedia player capable of handling multiple multimedia file formats. Helix Player is the Open Source version of RealPlayer. Description Piotr Bania has discovered a buffer overflow vulnerability in RealPlayer and Helix Player when processing malicious RAM files. Impa...
telnet-bsd: Multiple buffer overflows
Background telnet-bsd provides a command line telnet client which is used for remote login using the telnet protocol. Description A buffer overflow has been identified in the envoptadd function of telnet-bsd, where a response requiring excessive escaping can cause a heap-based buffer overflow...
wpa_supplicant: Buffer overflow vulnerability
Background wpasupplicant is a WPA Supplicant with support for WPA and WPA2 IEEE 802.11i / RSN. Description wpasupplicant contains a possible buffer overflow due to the lacking validation of received EAPOL-Key frames. Impact An attacker could cause the crash of wpasupplicant using a specially...
lighttpd: Script source disclosure
Background lighttpd is a small-footprint, fast, compliant and very flexible web-server which is optimized for high-performance environments. Description lighttpd uses file extensions to determine which elements are programs that should be executed and which are static pages that should be sent...
Python: Arbitrary code execution through SimpleXMLRPCServer
Background Python is an interpreted, interactive, object-oriented, cross-platform programming language. Description Graham Dumpleton discovered that XML-RPC servers making use of the SimpleXMLRPCServer library that use the registerinstance method to register an object without a dispatch method ar...
Evolution: Integer overflow in camel-lock-helper
Background Evolution is a GNOME groupware application similar to Microsoft Outlook. Description Max Vozeler discovered an integer overflow in the camel-lock-helper application, which is installed as setgid mail by default. Impact A local attacker could exploit this vulnerability to execute...
teTeX, pTeX, CSTeX: Multiple vulnerabilities
Background teTeX is a complete and open source TeX distribution. CSTeX is another TeX distribution including Czech and Slovak support. pTeX is another alternative that allows Japanese publishing with TeX. xdvizilla is an auxiliary script used to integrate DVI file viewing in Mozilla-based browser...
PDFlib: Multiple overflows in the included TIFF library
Background PDFlib is a library providing functions to handle PDF files. It includes a modified TIFF library used to process TIFF images. Description The TIFF library is subject to several known vulnerabilities see GLSA 200410-11. Most of these overflows also apply to PDFlib. Impact A remote...
Speedtouch USB driver: Privilege escalation vulnerability
Background The speedtouch package contains a driver for the ADSL SpeedTouch USB modem. Description The Speedtouch USB driver contains multiple format string vulnerabilities in modemrun, pppoa2 and pppoa3. This flaw is due to an improperly made syslog system call. Impact A malicious local user cou...
MySQL: Multiple vulnerabilities
Background MySQL is a popular open-source, multi-threaded, multi-user SQL database server. Description The following vulnerabilities were found and fixed in MySQL: Oleksandr Byelkin found that ALTER TABLE ... RENAME checks CREATE/INSERT rights of the old table instead of the new one CAN-2004-0835...
phpMyAdmin: Multiple vulnerabilities
Background phpMyAdmin is a popular, web-based MySQL administration tool written in PHP. It allows users to administer a MySQL database from a web-browser. Description Two serious vulnerabilities exist in phpMyAdmin. The first allows any user to alter the server configuration variables including...
aspell: Buffer overflow in word-list-compress
Background aspell is a popular spell-checker. Dictionaries are available for many languages. Description aspell includes a utility for handling wordlists called word-list-compress. This utility fails to do proper bounds checking when processing words longer than 256 bytes. Impact If an attacker...
Multiple vulnerabilities in sysstat
Background sysstat is a package containing a number of performance monitoring utilities for Linux, including sar, mpstat, iostat and sa tools Description There are two vulnerabilities in the way sysstat handles symlinks: 1. The isag utility, which displays sysstat data in a graphical format,...
glibc: getgrouplist buffer overflow vulnerability
Background glibc is the GNU C library. Description A bug in the getgrouplist function can cause a buffer overflow if the size of the group list is too small to hold all the user's groups. This overflow can cause segmentation faults in user applications. This vulnerability exists only when an...
calibre: Multiple Vulnerabilities
Background calibre is a powerful and easy to use e-book manager. Description Multiple vulnerabilities have been discovered in calibre. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
QtNetwork: Multiple Vulnerabilities
Background QtNetwork provides a set of APIs for programming applications that use TCP/IP. It is part of the Qt framework. Description Multiple vulnerabilities have been discovered in QtNetwork. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...
Rack: Multiple Vulnerabilities
Background Rack is a modular Ruby web server interface. Description Multiple vulnerabilities have been discovered in Rack. Please review the CVE identifiers referenced below for details. Impact A possible denial of service vulnerability was found in the multipart parsing component of Rack. A...
libinput: format string vulnerability when using xf86-input-libinput
Background A library to handle input devices in Wayland and, via xf86-input-libinput, in X.org. Description An attacker may be able to run malicious code by exploiting a format string vulnerability. Please review the CVE identifier referenced below for details. Impact When a device is detected by...
wpa_supplicant, hostapd: Multiple Vulnerabilities
Background wpasupplicant is a WPA Supplicant with support for WPA and WPA2 IEEE 802.11i / RSN. hostapd is a user space daemon for access point and authentication servers. Description Multiple vulnerabilities have been discovered in hostapd and wpasupplicant. Please review the CVE identifiers...
OWASP ModSecurity Core Rule Set: Multiple Vulnerabilities
Background Modsecurity Core Rule Set is the OWASP ModSecurity Core Rule Set. Description Multiple vulnerabilities have been discovered in OWASP ModSecurity Core Rule Set. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for detail...
Vim, gVim: Multiple Vulnerabilities
Background Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim. Description Multiple vulnerabilities have been discovered in Vim, gVim. Please review the CVE identifiers referenced below for details. Impact Please review the...
Mozilla Thunderbird: Multiple Vulnerabilities
Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...
Mozilla Firefox: Multiple Vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
Go: Multiple Vulnerabilities
Background Go is an open source programming language that makes it easy to build simple, reliable, and efficient software. Description Multiple vulnerabilities have been discovered in Go. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...
OpenSC: Multiple Vulnerabilities
Background OpenSC contains tools and libraries for smart cards. Description Multiple vulnerabilities have been discovered in OpenSC. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
Fossil: Multiple vulnerabilities
Background Fossil is a simple, high-reliability, distributed software configuration management system. Description Multiple vulnerabilities have been discovered in Fossil. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a...
NTP: Multiple vulnerabilities
Background NTP contains software for the Network Time Protocol. Description Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaroun...
PCRE2: Denial of service
Background PCRE2 is a project based on PCRE Perl Compatible Regular Expressions which has a new and revised API. Description PCRE2 has a flaw when handling JIT-compiled regex using the \X pattern. Impact An attacker could cause a possible Denial of Service condition. Workaround There is no known...
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...
Xen: Multiple vulnerabilities
Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...
Squid: Multiple vulnerabilities
Background Squid is a full-featured Web proxy cache designed to run on Unix systems. It supports proxying and caching of HTTP, FTP, and other URLs, as well as SSL support, cache hierarchies, transparent caching, access control lists and many other features. Description Multiple vulnerabilities ha...
LibreOffice: Multiple vulnerabilities
Background LibreOffice is a powerful office suite; its clean interface and powerful tools let you unleash your creativity and grow your productivity. Description Multiple vulnerabilities have been discovered in LibreOffice. Please review the CVE identifiers referenced below for details. Impact...
polkit: Multiple vulnerabilities
Background polkit is a toolkit for managing policies relating to unprivileged processes communicating with privileged processes. Description Multiple vulnerabilities have been discovered in polkit. Please review the CVE identifiers referenced below for details. Impact Please review the referenced...
Open vSwitch: Remote execution of arbitrary code
Background Open vSwitch is a production quality multilayer virtual switch. Description A buffer overflow was discovered in lib/flow.c in ovs-vswitchd. Impact A remote attacker, using a specially crafted MPLS packet, could execute arbitrary code. Workaround There is no known workaround at this tim...
libjpeg-turbo: User-assisted execution of arbitrary code
Background libjpeg-turbo is a JPEG image codec that uses SIMD instructions MMX, SSE2, NEON, AltiVec to accelerate baseline JPEG compression and decompression. Description The accelerated Huffman decoder was previously invoked if there were 128 bytes in the input buffer. However, it is possible to...
GPL Ghostscript: User-assisted execution of arbitrary code
Background Ghostscript is an interpreter for the PostScript language and for PDF. Description An integer overflow flaw was discovered that leads to an out-of-bounds read and write in gsttf.ps. Impact A remote attacker could entice a user to open a specially crafted file, possibly resulting in the...