3816 matches found
PowerDNS Recursor: Multiple vulnerabilities
Background PowerDNS Recursor is a high-end, high-performance resolving name server Description Multiple vulnerabilities have been discovered in PowerDNS Recursor. Please review the CVE identifiers and PowerDNS blog post referenced below for details. Impact A remote attacker may be able to send...
Xen: Multiple Vunlerabilities
Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact A remote attacker can utilize multiple vectors to execute arbitrary code, cause Denial of Service, or gain access to...
Pango: Multiple vulnerabilities
Background Pango is an internationalized text layout and rendering library Description Multiple vulnerabilities have been discovered in Pango. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker could entice a user to load specially crafted text usi...
libTIFF: Multiple vulnerabilities
Background libTIFF provides support for reading and manipulating TIFF Tagged Image File Format images. Description Multiple vulnerabilities have been discovered in libTIFF. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple unspecified vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A...
Calligra: User-assisted execution of arbitrary code
Background Calligra is an office suite by KDE. Description An error in the read function in styles.cpp could cause a heap-based buffer overflow. Impact A remote attacker could entice a user to open a specially crafted ODF file, possibly resulting in execution of arbitrary code with the privileges...
libvirt: Multiple vulnerabilities
Background libvirt is a C toolkit to manipulate virtual machines. Description Multiple vulnerabilities have been discovered in libvirt. Please review the CVE identifiers referenced below for details. Impact These vulnerabilities allow a remote attacker to cause a Denial of Service condition on th...
Chromium: Multiple vulnerabilities
Background Chromium is an open source web browser project. Description Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details. Impact A remote attacker could entice a user to open a specially crafted web site usi...
GnuPG: User-assisted execution of arbitrary code
Background The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software. The GPGSM utility in GnuPG is responsible for processing X.509 certificates, signatures and encryption as well as S/MIME messages. Description The GPGSM utility in GnuPG contains a...
Prewikka: password disclosure
Background Prewikka is a graphical front-end analysis console for the Prelude Hybrid IDS Framework. Description The permissions of the prewikka.conf file are set world readable. Impact A local attacker could obtain the SQL database password used by Prewikka. Workaround There is no known workaroun...
Clam AntiVirus: Multiple vulnerabilities
Background Clam AntiVirus short: ClamAV is an anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Description Multiple vulnerabilities were discovered in Clam AntiVirus. For further information, please consult the CVE entries referenced below. Impact A remote...
ImageMagick: User-assisted execution of arbitrary code
Background ImageMagick is a collection of tools and libraries for manipulating various image formats. Description Tielei Wang has discovered that the XMakeImage function in magick/xwindow.c is prone to an integer overflow, possibly leading to a buffer overflow. Impact A remote attacker could enti...
Pidgin: Multiple vulnerabilities
Background Pidgin formerly Gaim is an instant messaging client for a variety of instant messaging protocols. Description Multiple vulnerabilities have been discovered in Pidgin: Veracode reported a boundary error in the "XMPP SOCKS5 bytestream server" when initiating an outgoing file transfer...
phpMyAdmin: Multiple vulnerabilities
Background phpMyAdmin is a web-based management tool for MySQL databases. Description Multiple vulnerabilities have been reported in phpMyAdmin: libraries/databaseinterface.lib.php in phpMyAdmin allows remote authenticated users to execute arbitrary code via a request to serverdatabases.php with ...
KTorrent: Multiple vulnerabilitites
Background KTorrent is a BitTorrent program for KDE. Description The web interface plugin does not restrict access to the torrent upload functionality CVE-2008-5905 and does not sanitize request parameters properly CVE-2008-5906 . Impact A remote attacker could send specially crafted parameters t...
Mozilla products: Multiple vulnerabilities
Background Mozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the 'Mozilla...
Asterisk: Multiple vulnerabilities
Background Asterisk is an open source telephony engine and tool kit. Description Asterisk upstream developers reported multiple vulnerabilities: The Call Detail Record Postgres logging engine cdrpgsql does not correctly escape the ANI and DNIS arguments before using them in SQL statements...
UnZip: User-assisted execution of arbitrary code
Background Info-ZIP's UnZip is a tool to list and extract files inside PKZIP compressed files. Description Tavis Ormandy of the Google Security Team discovered that the NEEDBITS macro in the inflatedynamic function in the file inflate.c can be invoked using invalid buffers, which can lead to a...
Squid: Denial of service
Background Squid is a multi-protocol proxy server. Description The Wikimedia Foundation reported a memory leak vulnerability when performing cache updates. Impact A remote attacker could perform numerous specially crafted requests to the vulnerable server, resulting in a Denial of Service...
Python: User-assisted execution of arbitrary code
Background Python is an interpreted, interactive, object-oriented programming language. Description Slythers Bro discovered multiple integer overflows in the imageop module, one of them in the tovideo method, in various locations in files imageop.c, rbgimgmodule.c, and also in other files. Impact...
PDFKit, ImageKits: Buffer overflow
Background PDFKit is a framework for rendering of PDF content in GNUstep applications. ImageKits is a collection of frameworks to support imaging in GNUstep applications. Description Maurycy Prodeus discovered an integer overflow vulnerability possibly leading to a stack-based buffer overflow in...
Poppler: Two buffer overflow vulnerabilities
Background Poppler is a cross-platform PDF rendering library originally based on Xpdf. Description Poppler and Xpdf are vulnerable to an integer overflow in the StreamPredictor::StreamPredictor function, and a stack overflow in the StreamPredictor::getNextLine function. The original vulnerability...
flac123: Buffer overflow
Background flac123 is a command-line application for playing FLAC audio files. Description A possible buffer overflow vulnerability has been reported in the localvcentryparsevalue function in vorbiscomment.c. Impact An attacker could entice a user to play a specially crafted audio file, which cou...
Qt: Multiple format string vulnerabilities
Background Qt is a cross-platform GUI framework, which is used e.g. by KDE. Description Tim Brown of Portcullis Computer Security Ltd and Dirk Mueller of KDE reported multiple format string errors in qWarning calls in files qtextedit.cpp, qdatatable.cpp, qsqldatabase.cpp, qsqlindex.cpp,...
Apache mod_jk: Directory traversal
Background Apache modjk is a connector for the Tomcat web server. Description Apache modjk decodes the URL within Apache before passing them to Tomcat, which decodes them a second time. Impact A remote attacker could browse a specially crafted URL on an Apache server running modjk, possibly gaini...
SquirrelMail G/PGP plugin: Arbitrary code execution
Background SquirrelMail is a webmail package written in PHP. It supports IMAP and SMTP protocols. Description The functions deletekey, gpgchecksignpgpmime and gpgrecvkey used in the SquirrelMail G/PGP encryption plugin do not properly escape user-supplied data. Impact An authenticated user could...
File: Denial of service
Background file is a utility that identifies a file format by scanning binary data for patterns. Description Conor Edberg discovered an error in the way file processes a specific regular expression. Impact A remote attacker could entice a user to open a specially crafted file, using excessive CPU...
xine-lib: Heap-based buffer overflow
Background xine-lib is the core library package for the xine media player. Description xine-lib does not check boundaries on data being read into buffers from DMO video files in code that is shared with MPlayer DMOVideoDecoder.c. Impact An attacker could entice a user to play a specially crafted...
LSAT: Insecure temporary file creation
Background The Linux Security Auditing Tool LSAT is a post install security auditor which checks many system configurations and local network settings on the system for common security or configuration errors and for packages that are not needed. Description LSAT insecurely writes in /tmp with a...
Snort: Remote execution of arbitrary code
Background Snort is a widely deployed intrusion detection program. Description The Snort DCE/RPC preprocessor does not properly reassemble certain types of fragmented SMB and DCE/RPC packets. Impact A remote attacker could send specially crafted fragmented SMB or DCE/RPC packets, without the need...
FFmpeg: Buffer overflows
Background FFmpeg is a very fast video and audio converter. Description FFmpeg contains buffer overflows in the AVI processing code. Impact An attacker could trigger the buffer overflows by enticing a user to load a specially crafted AVI file in an application using the FFmpeg library. This might...
x11vnc: Authentication bypass in included LibVNCServer code
Background x11vnc provides VNC servers for X displays. Description x11vnc includes vulnerable LibVNCServer code, which fails to properly validate protocol types effectively letting users decide what protocol to use, such as "Type 1 - None" GLSA-200608-05. x11vnc will accept this security type, ev...
Kiax: Arbitrary code execution
Background Kiax is a graphical softphone supporting the IAX protocol Inter Asterisk eXchange, which allows PC users to make VoIP calls to Asterisk servers. Description The iaxnetread function in the iaxclient library fails to properly handle IAX2 packets with truncated full frames or mini-frames...
Mutt: Buffer overflow
Background Mutt is a small but very powerful text-based mail client. Description TAKAHASHI Tamotsu has discovered that Mutt contains a boundary error in the "browsegetnamespace" function in browse.c, which can be triggered when receiving an overly long namespace from an IMAP server. Impact A...
bsd-games: Local privilege escalation in tetris-bsd
Background bsd-games is a collection of NetBSD games ported to Linux. Description Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that the checkscores function in scores.c reads in the data from the /var/games/tetris-bsd.scores file without validation, rendering it vulnerable to...
HylaFAX: Multiple vulnerabilities
Background HylaFAX is an enterprise-class system for sending and receiving facsimile messages and for sending alpha-numeric pages. Description Patrice Fournier discovered that HylaFAX runs the notify script on untrusted user input. Furthermore, users can log in without a password when HylaFAX is...
Macromedia Flash Player: Remote arbitrary code execution
Background The Macromedia Flash Player is a renderer for the popular SWF filetype which is commonly used to provide interactive websites, digital experiences and mobile content. Description When handling a SWF file, the Macromedia Flash Player incorrectly validates the frame type identifier store...
phpSysInfo: Multiple vulnerabilities
Background phpSysInfo displays various system stats via PHP scripts. Description Christopher Kunz from the Hardened-PHP Project discovered that phpSysInfo is vulnerable to local file inclusion, cross-site scripting and a HTTP Response Splitting attacks. Impact A local attacker may exploit the fil...
QDBM, ImageMagick, GDAL: RUNPATH issues
Background QDBM is a library of routines for managing a database. ImageMagick is a collection of tools to read, write and manipulate images. GDAL is a geospatial data abstraction library. Description Some packages may introduce insecure paths into the list of directories that are searched for...
Mantis: Multiple vulnerabilities
Background Mantis is a web-based bugtracking system written in PHP. Description Mantis contains several vulnerabilities, including: a remote file inclusion vulnerability an SQL injection vulnerability multiple cross site scripting vulnerabilities multiple information disclosure vulnerabilities...
Perl, Qt-UnixODBC, CMake: RUNPATH issues
Background Perl is a stable, cross-platform programming language created by Larry Wall. Qt-UnixODBC is an ODBC library for Qt. CMake is a cross-platform build environment. Description Some packages may introduce insecure paths into the list of directories that are searched for libraries at runtim...
Qt: Buffer overflow in the included zlib library
Background Qt is a cross-platform GUI toolkit used by KDE. Description Qt links to a bundled vulnerable version of zlib when emerged with the zlib USE-flag disabled. This may lead to a buffer overflow. Impact By creating a specially crafted compressed data stream, attackers can overwrite data...
PEAR XML-RPC, phpxmlrpc: PHP script injection vulnerability
Background The PEAR XML-RPC and phpxmlrpc libraries are both PHP implementations of the XML-RPC protocol. Description James Bercegay of GulfTech Security Research discovered that the PEAR XML-RPC and phpxmlrpc libraries fail to sanatize input sent using the "POST" method. Impact A remote attacker...
gxine: Format string vulnerability
Background gxine is a GTK+ and xine-lib based media player. Description Exworm discovered that gxine insecurely implements formatted printing in the hostname decoding function. Impact A remote attacker could entice a user to open a carefully crafted file with gxine, possibly leading to the...
FreeRADIUS: SQL injection and Denial of Service vulnerability
Background FreeRADIUS is an open source RADIUS authentication server implementation. Description Primoz Bratanic discovered that the sqlescapefunc function of FreeRADIUS may be vulnerable to a buffer overflow BID 13541. He also discovered that FreeRADIUS fails to sanitize user-input before using ...
Gaim: Denial of Service and buffer overflow vulnerabilties
Background Gaim is a full featured instant messaging client which handles a variety of instant messaging protocols. Description Stu Tomlinson discovered that Gaim is vulnerable to a remote stack based buffer overflow when receiving messages in certain protocols, like Jabber and SILC, with a very...
Mozilla Thunderbird: Multiple vulnerabilities
Background Mozilla Thunderbird is the next-generation mail client from the Mozilla project. Description The following vulnerabilities were found and fixed in Mozilla Thunderbird: Mark Dowd from ISS X-Force reported an exploitable heap overrun in the GIF processing of obsolete Netscape extension 2...
mod_python: Publisher Handler vulnerability
Background modpython is an Apache module that embeds the Python interpreter within the server allowing Python-based web-applications to be created. Description Graham Dumpleton discovered a vulnerability in modpython's Publisher Handler. Impact By requesting a specially crafted URL for a publishe...
Webmin: Information leak in Gentoo binary package
Background Webmin is a web-based system administration console allowing an administrator to easily configure servers and other features. Using the 'buildpkg' FEATURE, or the -b/-B emerge options, Portage can build reusable binary packages for any of the packages available through the Portage tree...
Python: Arbitrary code execution through SimpleXMLRPCServer
Background Python is an interpreted, interactive, object-oriented, cross-platform programming language. Description Graham Dumpleton discovered that XML-RPC servers making use of the SimpleXMLRPCServer library that use the registerinstance method to register an object without a dispatch method ar...