3816 matches found
Go: Multiple Vulnerabilities
Background Go is an open source programming language that makes it easy to build simple, reliable, and efficient software. Description Multiple vulnerabilities have been discovered in Go. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...
OpenSC: Multiple Vulnerabilities
Background OpenSC contains tools and libraries for smart cards. Description Multiple vulnerabilities have been discovered in OpenSC. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
Fossil: Multiple vulnerabilities
Background Fossil is a simple, high-reliability, distributed software configuration management system. Description Multiple vulnerabilities have been discovered in Fossil. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a...
pump: User-assisted execution of arbitrary code
Background BOOTP and DHCP client for automatic IP configuration. Description It was discovered that there was an arbitrary code execution vulnerability in the pump DHCP/BOOTP client. Impact A remote attacker, by enticing a user to connect to a malicious server, could cause the execution of...
Dovecot: Multiple vulnerabilities
Background Dovecot is an open source IMAP and POP3 email server. Description Multiple vulnerabilities have been discovered in Dovecot. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details Workaround There is no known...
Evince: Command injection
Background Evince is a document viewer for multiple document formats, including PostScript. Description A vulnerability was discovered in Evince’s handling of filenames while printing PDF files. Impact A remote attacker, by enticing the user to process a specially crafted file, could execute...
Go: User-assisted execution of arbitrary code
Background Go is an open source programming language that makes it easy to build simple, reliable, and efficient software. Description A command injection flaw was discovered in the source code build phase because of the “go get” command, which does not block -fplugin= and -plugin arguments. Impa...
minicom: Remote execution of arbitrary code
Background Minicom is a text-based serial port communications program. Description In minicom before version 2.7.1, the escparms buffer in vt100.c is vulnerable to an overflow. Impact A remote attacker, able to connect to a minicom port, could possibly execute arbitrary code with the privileges o...
Shadow: Multiple vulnerabilities
Background Shadow is a set of tools to deal with user accounts. Description Multiple vulnerabilities have been discovered in Shadow. Please review the CVE identifiers referenced below for details. Impact A local attacker could possibly cause a Denial of Service condition, gain privileges via...
libjpeg-turbo: User-assisted execution of arbitrary code
Background libjpeg-turbo is a JPEG image codec that uses SIMD instructions MMX, SSE2, NEON, AltiVec to accelerate baseline JPEG compression and decompression. Description The accelerated Huffman decoder was previously invoked if there were 128 bytes in the input buffer. However, it is possible to...
GPL Ghostscript: User-assisted execution of arbitrary code
Background Ghostscript is an interpreter for the PostScript language and for PDF. Description An integer overflow flaw was discovered that leads to an out-of-bounds read and write in gsttf.ps. Impact A remote attacker could entice a user to open a specially crafted file, possibly resulting in the...
exFAT: Multiple vulnerabilities
Background A full-featured exFAT file system implementation for Unix-like systems. Description Two vulnerabilities were found in exFAT. A malformed input can cause a write heap overflow or cause an endless loop. Impact Remote attackers could execute arbitrary code or cause Denial of Service...
libbsd: Arbitrary code execution
Background This library provides useful functions commonly found on BSD systems, and lacking on others like GNU systems, thus making it easier to port projects with strong BSD origins, without needing to embed the same code over and over again on each project. Description libbsd contains a buffer...
Chromium: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Description Multiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details...
libwmf: Multiple vulnerabilities
Background libwmf is a library for converting WMF files. Description Multiple vulnerabilities have been discovered in libwmf. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process or cause...
Git: Arbitrary command execution
Background Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Description A vulnerability in Git causing Git-compatible clients that access case-insensitive or case-normalizing filesystems to...
Perl: Denial of service
Background Perl is a highly capable, feature-rich programming language. Description Sregmatch function lacks proper checks before passing arguments to atoi Impact A remote attacker could send a specially crafted input, possibly resulting in a Denial of Service condition. Workaround There is no...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
file: Denial of service
Background The file utility attempts to identify a file’s format by scanning binary data for patterns. Description Multiple issues with the ELF parser used by the file utility have been detected and fixed. Impact A context-dependent attacker can cause Denial of Service. Workaround There is no kno...
D-Bus: Denial of service
Background D-Bus is a message bus system, a simple way for applications to talk to one another. Description D-Bus doesn’t validate the source of ActivationFailure signals. Impact A local attacker could possibly cause a Denial of Service condition. Workaround There is no known workaround at this...
JasPer: Multiple Vulnerabilities
Background JasPer is a software-based implementation of the codec specified in the JPEG-2000 Part-1 standard. Description Multiple vulnerabilities have been discovered in JasPer. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a...
Xen: Multiple Vunlerabilities
Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact A remote attacker can utilize multiple vectors to execute arbitrary code, cause Denial of Service, or gain access to...
Django: Multiple vulnerabilities
Background Django is a Python-based web framework. Description Multiple vulnerabilities have been discovered in Django. Please review the CVE identifiers referenced below for details. Impact A remote attacker could execute code with the privileges of the process, modify SQL queries, or disclose...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple unspecified vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A...
Calligra: User-assisted execution of arbitrary code
Background Calligra is an office suite by KDE. Description An error in the read function in styles.cpp could cause a heap-based buffer overflow. Impact A remote attacker could entice a user to open a specially crafted ODF file, possibly resulting in execution of arbitrary code with the privileges...
libvirt: Multiple vulnerabilities
Background libvirt is a C toolkit to manipulate virtual machines. Description Multiple vulnerabilities have been discovered in libvirt. Please review the CVE identifiers referenced below for details. Impact These vulnerabilities allow a remote attacker to cause a Denial of Service condition on th...
Chromium: Multiple vulnerabilities
Background Chromium is an open source web browser project. Description Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details. Impact A remote attacker could entice a user to open a specially crafted web site usi...
GnuPG: User-assisted execution of arbitrary code
Background The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software. The GPGSM utility in GnuPG is responsible for processing X.509 certificates, signatures and encryption as well as S/MIME messages. Description The GPGSM utility in GnuPG contains a...
Prewikka: password disclosure
Background Prewikka is a graphical front-end analysis console for the Prelude Hybrid IDS Framework. Description The permissions of the prewikka.conf file are set world readable. Impact A local attacker could obtain the SQL database password used by Prewikka. Workaround There is no known workaroun...
Clam AntiVirus: Multiple vulnerabilities
Background Clam AntiVirus short: ClamAV is an anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Description Multiple vulnerabilities were discovered in Clam AntiVirus. For further information, please consult the CVE entries referenced below. Impact A remote...
ImageMagick: User-assisted execution of arbitrary code
Background ImageMagick is a collection of tools and libraries for manipulating various image formats. Description Tielei Wang has discovered that the XMakeImage function in magick/xwindow.c is prone to an integer overflow, possibly leading to a buffer overflow. Impact A remote attacker could enti...
Pidgin: Multiple vulnerabilities
Background Pidgin formerly Gaim is an instant messaging client for a variety of instant messaging protocols. Description Multiple vulnerabilities have been discovered in Pidgin: Veracode reported a boundary error in the "XMPP SOCKS5 bytestream server" when initiating an outgoing file transfer...
ntp: Certificate validation error
Background ntp contains the client and daemon implementations for the Network Time Protocol. Description It has been reported that ntp incorrectly checks the return value of the EVPVerifyFinal, a vulnerability related to CVE-2008-5077 GLSA 200902-02. Impact A remote attacker could exploit this...
phpMyAdmin: Multiple vulnerabilities
Background phpMyAdmin is a web-based management tool for MySQL databases. Description Multiple vulnerabilities have been reported in phpMyAdmin: libraries/databaseinterface.lib.php in phpMyAdmin allows remote authenticated users to execute arbitrary code via a request to serverdatabases.php with ...
BIND: Incorrect signature verification
Background ISC BIND is the Internet Systems Consortium implementation of the Domain Name System DNS protocol. Description BIND does not properly check the return value from the OpenSSL functions to verify DSA CVE-2009-0025 and RSA CVE-2009-0265 certificates. Impact A remote attacker could bypass...
KTorrent: Multiple vulnerabilitites
Background KTorrent is a BitTorrent program for KDE. Description The web interface plugin does not restrict access to the torrent upload functionality CVE-2008-5905 and does not sanitize request parameters properly CVE-2008-5906 . Impact A remote attacker could send specially crafted parameters t...
Postfix: Local privilege escalation vulnerability
Background Postfix is Wietse Venema's mailer that attempts to be fast, easy to administer, and secure, as an alternative to the widely-used Sendmail program. Description Sebastian Krahmer of SuSE has found that Postfix allows to deliver mail to root-owned symlinks in an insecure manner under...
Asterisk: Multiple vulnerabilities
Background Asterisk is an open source telephony engine and tool kit. Description Asterisk upstream developers reported multiple vulnerabilities: The Call Detail Record Postgres logging engine cdrpgsql does not correctly escape the ANI and DNIS arguments before using them in SQL statements...
Squid: Denial of service
Background Squid is a multi-protocol proxy server. Description The Wikimedia Foundation reported a memory leak vulnerability when performing cache updates. Impact A remote attacker could perform numerous specially crafted requests to the vulnerable server, resulting in a Denial of Service...
Python: User-assisted execution of arbitrary code
Background Python is an interpreted, interactive, object-oriented programming language. Description Slythers Bro discovered multiple integer overflows in the imageop module, one of them in the tovideo method, in various locations in files imageop.c, rbgimgmodule.c, and also in other files. Impact...
OpenSSL: Remote execution of arbitrary code
Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Andy Polyakov reported a vulnerability in the OpenSSL toolkit, that is caused due to an unspecified...
PDFKit, ImageKits: Buffer overflow
Background PDFKit is a framework for rendering of PDF content in GNUstep applications. ImageKits is a collection of frameworks to support imaging in GNUstep applications. Description Maurycy Prodeus discovered an integer overflow vulnerability possibly leading to a stack-based buffer overflow in...
Poppler: Two buffer overflow vulnerabilities
Background Poppler is a cross-platform PDF rendering library originally based on Xpdf. Description Poppler and Xpdf are vulnerable to an integer overflow in the StreamPredictor::StreamPredictor function, and a stack overflow in the StreamPredictor::getNextLine function. The original vulnerability...
flac123: Buffer overflow
Background flac123 is a command-line application for playing FLAC audio files. Description A possible buffer overflow vulnerability has been reported in the localvcentryparsevalue function in vorbiscomment.c. Impact An attacker could entice a user to play a specially crafted audio file, which cou...
Apache mod_jk: Directory traversal
Background Apache modjk is a connector for the Tomcat web server. Description Apache modjk decodes the URL within Apache before passing them to Tomcat, which decodes them a second time. Impact A remote attacker could browse a specially crafted URL on an Apache server running modjk, possibly gaini...
SquirrelMail G/PGP plugin: Arbitrary code execution
Background SquirrelMail is a webmail package written in PHP. It supports IMAP and SMTP protocols. Description The functions deletekey, gpgchecksignpgpmime and gpgrecvkey used in the SquirrelMail G/PGP encryption plugin do not properly escape user-supplied data. Impact An authenticated user could...
File: Denial of service
Background file is a utility that identifies a file format by scanning binary data for patterns. Description Conor Edberg discovered an error in the way file processes a specific regular expression. Impact A remote attacker could entice a user to open a specially crafted file, using excessive CPU...
xine-lib: Heap-based buffer overflow
Background xine-lib is the core library package for the xine media player. Description xine-lib does not check boundaries on data being read into buffers from DMO video files in code that is shared with MPlayer DMOVideoDecoder.c. Impact An attacker could entice a user to play a specially crafted...
LSAT: Insecure temporary file creation
Background The Linux Security Auditing Tool LSAT is a post install security auditor which checks many system configurations and local network settings on the system for common security or configuration errors and for packages that are not needed. Description LSAT insecurely writes in /tmp with a...
Snort: Remote execution of arbitrary code
Background Snort is a widely deployed intrusion detection program. Description The Snort DCE/RPC preprocessor does not properly reassemble certain types of fragmented SMB and DCE/RPC packets. Impact A remote attacker could send specially crafted fragmented SMB or DCE/RPC packets, without the need...