3816 matches found
X.Org X Server/X Keyboard Configuration Database: Screen lock bypass
Background The X Keyboard Configuration Database provides keyboard configuration for various X server implementations. Description Starting with the =x11-base/xorg-server-1.11 package, the X.Org X Server again provides debugging functionality that can be used terminate an application that...
Adobe Reader: Multiple vulnerabilities
Background Adobe Reader formerly Adobe Acrobat Reader is a closed-source PDF reader. Description Multiple vulnerabilities were discovered in Adobe Reader. For further information please consult the CVE entries and the Adobe Security Bulletins referenced below. Impact A remote attacker might entic...
sudo: Privilege escalation
Background sudo allows a system administrator to give users the ability to run commands as other users. Description Multiple vulnerabilities have been discovered in sudo: Glenn Waller and neonsignal reported that sudo does not properly handle access control of the "sudoedit" pseudo-command...
Clam AntiVirus: Multiple vulnerabilities
Background Clam AntiVirus short: ClamAV is an anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Description Multiple vulnerabilities have been found in ClamAV: The vendor reported a Divide-by-zero error in the PE "Portable Executable"; Windows .exe file handli...
CDF: User-assisted execution of arbitrary code
Background CDF is a library for the Common Data Format which is a self-describing data format for the storage and manipulation of scalar and multidimensional data. It is developed by the NASA. Description Leon Juranic reported multiple heap-based buffer overflows for instance in the ReadAEDRList6...
OpenSC: Multiple vulnerabilities
Background OpenSC provides a set of libraries and utilities to access smart cards. Description Multiple vulnerabilities were found in OpenSC: b.badrignans discovered that OpenSC incorrectly initialises private data objects CVE-2009-0368. Miquel Comas Marti discovered that src/tools/pkcs11-tool.c ...
MIT Kerberos 5: Multiple vulnerabilities
Background MIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. kadmind is the MIT Kerberos 5 administration daemon, KDC is the Key Distribution Center. Description Multiple vulnerabilities have been reported in MIT Kerberos 5: A free call on an uninitialized...
FFmpeg: Multiple vulnerabilities
Background FFmpeg is a complete solution to record, convert and stream audio and video. gst-plugins-ffmpeg is a FFmpeg based gstreamer plugin which includes a vulnerable copy of FFmpeg code. Mplayer is a multimedia player which also includes a vulnerable copy of the code. Description Multiple...
GnuTLS: Certificate validation error
Background GnuTLS is an open-source implementation of TLS 1.0 and SSL 3.0. Description Martin von Gagern reported that the gnutlsx509verifycertificate function in lib/x509/verify.c trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate. Impact A...
ClamAV: Multiple Denials of Service
Background Clam AntiVirus is a free anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Description Hanno boeck reported an error in libclamav/chmunpack.c when processing CHM files CVE-2008-1389. Other unspecified vulnerabilities were also reported, including a...
Apache: Denial of service
Background The Apache HTTP server is one of the most popular web servers on the Internet. Description Multiple vulnerabilities have been discovered in Apache: Dustin Kirkland reported that the modssl module can leak memory when the client reports support for a compression algorithm CVE-2008-1678...
FreeType: User-assisted execution of arbitrary code
Background FreeType is a font rendering library for TrueType Font TTF and Printer Font Binary PFB. Description Regenrecht reported multiple vulnerabilities in FreeType via iDefense: An integer overflow when parsing values in the Private dictionary table in a PFB file, leading to a heap-based buff...
Pngcrush: User-assisted execution of arbitrary code
Background Pngcrush is a multi platform optimizer for PNG Portable Network Graphics files. Description It has been reported that Pngcrush includes a copy of libpng that is vulnerable to a memory corruption GLSA 200804-15. Impact A remote attacker could entice a user to process a specially crafted...
gnome-screensaver: Privilege escalation
Background gnome-screensaver is a screensaver, designed to integrate with the Gnome desktop, that can replace xscreensaver. Description gnome-screensaver incorrectly handles the results of the getpwuid function in the file src/setuid.c when using directory servers like NIS during a network outage...
phpMyAdmin: SQL injection vulnerability
Background phpMyAdmin is a free web-based database administration tool. Description Richard Cunningham reported that phpMyAdmin uses the $REQUEST variable of $GET and $POST as a source for its parameters. Impact An attacker could entice a user to visit a malicious web application that sets an...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the popular SWF file format, which is commonly used to provide interactive websites, digital experiences and mobile content. Description Flash contains a copy of PCRE which is vulnerable to a heap-based buffer overflow GLSA 200711-30,...
Xfce: Multiple vulnerabilities
Background Xfce is a GTK+ 2 based desktop environment that allows to run a modern desktop environment on modest hardware. Description Gregory Andersen reported that the Xfce4 panel does not correctly calculate memory boundaries, leading to a stack-based buffer overflow in the...
OpenOffice.org: User-assisted arbitrary code execution
Background OpenOffice.org is an open source office productivity suite, including word processing, spreadsheet, presentation, drawing, data charting, formula editing, and file conversion facilities. Description The HSQLDB engine, as used in Openoffice.org, does not properly enforce restrictions to...
MySQL: Denial of service
Background MySQL is a popular multi-threaded, multi-user SQL server. Description Joe Gallo and Artem Russakovskii reported an error in the convertsearchmodetoinnobase function in hainnodb.cc in the InnoDB engine that is leading to a failed assertion when handling CONTAINS operations. Impact A...
Mozilla Firefox, SeaMonkey, XULRunner: Multiple vulnerabilities
Background Mozilla Firefox is a cross-platform web browser from Mozilla. SeaMonkey is a free, cross-platform Internet suite. Description Multiple vulnerabilities have been reported in Mozilla Firefox and SeaMonkey. Various errors in the browser engine and the Javascript engine can be exploited to...
OpenSSL: Remote execution of arbitrary code
Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Andy Polyakov reported a vulnerability in the OpenSSL toolkit, that is caused due to an unspecified...
Ampache: Multiple vulnerabilities
Background Ampache is a PHP-based tool for managing, updating and playing audio files via a web interface. Description LT discovered that the "match" parameter in albums.php is not properly sanitized before being processed. The Ampache development team also reported an error when handling user...
Macromedia Flash Player: Remote arbitrary code execution
Background The Macromedia Flash Player is a renderer for the popular SWF file type which is commonly used to provide interactive websites, digital experiences and mobile content. Description Mark Hills discovered some errors when interacting with a browser for keystrokes handling CVE-2007-2022...
Firebird: Buffer overflow
Background Firebird is an open source relational database that runs on Linux, Windows, and various UNIX systems. Description Cody Pierce from TippingPoint DVLabs has discovered a buffer overflow when processing "connect" requests with an overly large "pcnctcount" value. Impact An unauthenticated...
PHProjekt: Multiple vulnerabilities
Background PHProjekt is a project management and coordination tool written in PHP. Description Alexios Fakos from n.runs AG has discovered multiple vulnerabilities in PHProjekt, including the execution of arbitrary SQL commands using unknown vectors CVE-2007-1575, the execution of arbitrary PHP...
Tomcat: Information disclosure
Background Tomcat is the Apache Jakarta Project's official implementation of Java Servlets and Java Server Pages. Description Tomcat allows special characters like slash, backslash or URL-encoded backslash as a separator, while Apache does not. Impact A remote attacker could send a specially...
libwpd: Multiple vulnerabilities
Background libwpd is a library used to convert Wordperfect documents into other formats. Description libwpd contains heap-based overflows in two functions that convert WordPerfect document tables. In addition, it contains an integer overflow in a text-conversion function. Impact An attacker could...
Asterisk: Two SIP Denial of Service vulnerabilities
Background Asterisk is an open source implementation of a telephone private branch exchange PBX. Description The Madynes research team at INRIA has discovered that Asterisk contains a null pointer dereferencing error in the SIP channel when handling INVITE messages. Furthermore qwerty1979...
WordPress: Multiple vulnerabilities
Background WordPress is a popular personal publishing platform with a web interface. Description When decoding trackbacks with alternate character sets, WordPress does not correctly sanitize the entries before further modifying a SQL query. WordPress also displays different error messages in...
ncompress: Buffer Underflow
Background ncompress is a suite of utilities to create and extract Lempel-Ziff-Welch LZW compressed archives. Description Tavis Ormandy of the Google Security Team discovered a static buffer underflow in ncompress. Impact An attacker could create a specially crafted LZW archive, that when...
Ruby: Denial of service
Background Ruby is an interpreted scripting language for quick and easy object-oriented programming. It comes bundled with HTTP "WEBrick" and XMLRPC server objects. Description Ruby uses blocking sockets for WEBrick and XMLRPC servers. Impact An attacker could send large amounts of data to an...
Metamail: Buffer overflow
Background Metamail is a program that decodes MIME encoded mail. Description Ulf Harnhammar discovered a buffer overflow in Metamail when processing mime boundraries. Impact By sending a specially crafted email, attackers could potentially exploit this vulnerability to crash Metamail or to execut...
SquirrelMail: Cross-site scripting and IMAP command injection
Background SquirrelMail is a webmail package written in PHP. It supports IMAP and SMTP protocols. Description SquirrelMail does not validate the rightframe parameter in webmail.php, possibly allowing frame replacement or cross-site scripting CVE-2006-0188. Martijn Brinkers and Scott Hughes...
MPlayer: Multiple integer overflows
Background MPlayer is a media player capable of handling multiple multimedia file formats. Description MPlayer makes use of the FFmpeg library, which is vulnerable to a heap overflow in the avcodecdefaultgetbuffer function discovered by Simon Kilvington see GLSA 200601-06. Furthermore, AFI Securi...
Xpdf, Poppler: Heap overflow
Background Xpdf is a PDF file viewer that runs under the X Window System. Poppler is a PDF rendering library based on the Xpdf 3.0 code base. Description Dirk Mueller has reported a vulnerability in Xpdf. It is caused by a missing boundary check in the splash rasterizer engine when handling PDF...
Mozilla Thunderbird: Multiple vulnerabilities
Background Mozilla Thunderbird is the next-generation mail client from the Mozilla project. Description The following vulnerabilities were found and fixed in Mozilla Thunderbird: Mark Dowd from ISS X-Force reported an exploitable heap overrun in the GIF processing of obsolete Netscape extension 2...
phpMyAdmin: Multiple vulnerabilities
Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL databases from a web-browser. Description phpMyAdmin contains several security issues: Maksymilian Arciemowicz has discovered multiple variable injection vulnerabilities that can be exploited through...
UnAce: Buffer overflow and directory traversal vulnerabilities
Background UnAce is an utility to extract, view and test the contents of an ACE archive. Description Ulf Harnhammar discovered that UnAce suffers from buffer overflows when testing, unpacking or listing specially crafted ACE archives CAN-2005-0160. He also found out that UnAce is vulnerable to...
KPdf, KOffice: Stack overflow in included Xpdf code
Background KPdf is a KDE-based PDF viewer included in the kdegraphics package. KOffice is an integrated office suite for KDE. Description KPdf and KOffice both include Xpdf code to handle PDF files. Xpdf is vulnerable to a new stack overflow, as described in GLSA 200501-28. Impact An attacker cou...
tiff: New overflows in image decoding
Background The TIFF library contains encoding and decoding routines for the Tag Image File Format. It is called by numerous programs, including GNOME and KDE applications, to interpret TIFF images. Description infamous41md found a potential integer overflow in the directory entry count routines o...
Kaffeine, gxine: Remotely exploitable buffer overflow
Background Kaffeine and gxine are graphical front-ends for xine-lib multimedia library. Description KF of Secure Network Operations has discovered an overflow that occurs during the Content-Type header processing of Kaffeine. The vulnerable code in Kaffeine is reused from gxine, making gxine...
CUPS: Leakage of sensitive information
Background The Common UNIX Printing System CUPS is a cross-platform print spooler. Description When printing to a SMB-shared printer requiring authentication, CUPS leaks the user name and password to a logfile. Impact A local user could gain knowledge of sensitive authentication data. Workaround...
CUPS: Denial of service vulnerability
Background The Common UNIX Printing System CUPS is a cross-platform print spooler. Description Alvaro Martinez Echevarria discovered a hole in the CUPS Internet Printing Protocol IPP implementation that allows remote attackers to cause CUPS to stop listening on the IPP port. Impact A remote user...
Subversion: Vulnerability in mod_authz_svn
Background Subversion is an advanced version control system, similar to CVS, which supports additional functionality such as the ability to move, copy and delete files and directories. A Subversion server may be run as an Apache module, a standalone server svnserve, or on-demand over ssh a la CVS...
l2tpd: Buffer overflow
Background l2tpd is a GPL implentation of the Layer 2 Tunneling Protocol. Description Thomas Walpuski discovered a buffer overflow that may be exploitable by sending a specially crafted packet. In order to exploit the vulnerable code, an attacker would need to fake the establishment of an L2TP...
KDE URI Handler Vulnerabilities
Background The K Desktop Environment KDE is a powerful Free Software graphical desktop environment. KDE makes use of URI handlers to trigger various programs when specific URLs are received. Description The telnet, rlogin, ssh and mailto URI handlers in KDE do not check for '-' at the beginning o...
Tcpdump Vulnerabilities in ISAKMP Parsing
Background Tcpdump is a program for monitoring IP network traffic. Libpcap is a supporting library which is responsibile for capturing packets off a network interface. Description There are two specific vulnerabilities in tcpdump, outlined in reference 1 . In the first scenario, an attacker may...
OpenLDAP DoS Vulnerability
Background OpenLDAP is a suite of LDAP-related application and development tools. It includes slapd the standalone LDAP server, slurpd the standalone LDAP replication server, and various LDAP libraries, utilities and example clients. Description A password extended operation password EXOP which...
JHead: Multiple Vulnerabilities
Background JHead is an EXIF JPEG header manipulation tool. Description Multiple vulnerabilities have been discovered in JHead. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround a...
Python, PyPy3: Multiple Vulnerabilities
Background Python is an interpreted, interactive, object-oriented, cross-platform programming language. Description Multiple vulnerabilities have been discovered in Python, PyPy3. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers f...