3816 matches found
Mozilla Network Security Service (NSS): RSA signature forgery
Background The Mozilla Network Security Service is a library implementing security features like SSL v.2/v.3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME and X.509 certificates. Description Daniel Bleichenbacher discovered that it might be possible to forge signatures signed by RSA keys with th...
Motor: Execution of arbitrary code
Background Motor is a text mode based programming environment for Linux, with a syntax highlighting feature, project manager, makefile generator, gcc and gdb front-end, and CVS integration. Description In November 2005, Zone-H Research reported a boundary error in the ktools library in the...
fbida: Arbitrary command execution
Background fbida is a collection of image viewers and editors for the framebuffer console and X11. fbgs is a PostScript and PDF viewer for the linux framebuffer console. Description Toth Andras has discovered a typographic mistake in the "fbgs" script, shipped with fbida if the "fbcon" and "pdf"...
OpenLDAP: Buffer overflow
Background OpenLDAP is a suite of LDAP-related applications and development tools. It includes slapd the standalone LDAP server, slurpd the standalone LDAP replication server, various LDAP libraries, utilities and example clients. Description slurpd contains a buffer overflow when reading very lo...
Asterisk: IAX2 video frame buffer overflow
Background Asterisk is an open source implementation of a telephone private branch exchange PBX. Description Asterisk fails to properly check the length of truncated video frames in the IAX2 channel driver which results in a buffer overflow. Impact An attacker could exploit this vulnerability by...
Mozilla Firefox: Multiple vulnerabilities
Background Mozilla Firefox is the next-generation web browser from the Mozilla project. Description A number of vulnerabilities were found and fixed in Mozilla Firefox. For details please consult the references below. Impact By enticing the user to visit a malicious website, a remote attacker can...
zoo: Buffer overflow
Background zoo is a file archiving utility for maintaining collections of files, written by Rahul Dhesi. Description zoo is vulnerable to a new buffer overflow due to insecure use of the strcpy function when trying to create an archive from certain directories or filenames. Impact An attacker cou...
IMAP Proxy: Format string vulnerabilities
Background IMAP Proxy also known as up-imapproxy proxies IMAP transactions between an IMAP client and an IMAP server. Description Steve Kemp discovered two format string errors in IMAP Proxy. Impact A remote attacker could design a malicious IMAP server and entice someone to connect to it using...
cURL: Off-by-one errors in URL handling
Background cURL is a command line tool for transferring files with URL syntax, supporting numerous protocols. Description Stefan Esser from the Hardened-PHP Project has reported a vulnerability in cURL that allows for a local buffer overflow when cURL attempts to parse specially crafted URLs. The...
Xpdf, GPdf, CUPS, Poppler: Multiple vulnerabilities
Background Xpdf and GPdf are PDF file viewers that run under the X Window System. Poppler is a PDF rendering library based on Xpdf code. The Common UNIX Printing System CUPS is a cross-platform print spooler. It makes use of Xpdf code to handle PDF files. Description infamous41md discovered that...
Ethereal: Multiple vulnerabilities in protocol dissectors
Background Ethereal is a feature-rich network protocol analyzer. Description There are numerous vulnerabilities in versions of Ethereal prior to 0.10.13, including: The SLIM3 and AgentX dissectors could overflow a buffer CVE-2005-3243. iDEFENSE discovered a buffer overflow in the SRVLOC dissector...
phpMyAdmin: Local file inclusion and XSS vulnerabilities
Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the web. Description Stefan Esser discovered that by calling certain PHP files directly, it was possible to workaround the grabglobals.lib.php security model and overwrite the $cfg configuration...
Net-SNMP: Insecure RPATH
Background Net-SNMP is a suite of applications used to implement the Simple Network Management Protocol. Description James Cloos reported that Perl modules from the Net-SNMP package look for libraries in an untrusted location. This is due to a flaw in the Gentoo package, and not the Net-SNMP suit...
pstotext: Remote execution of arbitrary code
Background pstotext is a program that works with GhostScript to extract plain text from PostScript and PDF files. Description Max Vozeler reported that pstotext calls the GhostScript interpreter on untrusted PostScript files without specifying the -dSAFER option. Impact An attacker could craft a...
Kopete: Vulnerability in included Gadu library
Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. Kopete also part of kdenetwork is the KDE Instant Messenger. Description Kopete contains an internal copy of libgadu and is therefore subject to several input validation vulnerabilities in...
Ruby: Arbitrary command execution through XML-RPC
Background Ruby is an interpreted scripting language for quick and easy object-oriented programming. XML-RPC is a remote procedure call protocol encoded in XML. Description Nobuhiro IMAI reported that an invalid default value in "utils.rb" causes the security protections of the XML-RPC server to...
webapp-config: Insecure temporary file handling
Background webapp-config is a Gentoo Linux utility to help manage the installation of web-based applications. Description Eric Romang discovered webapp-config uses a predictable temporary filename while processing certain options, resulting in a race condition. Impact Successful exploitation of t...
Gaim: Multiple Denial of Service issues
Background Gaim is a full featured instant messaging client which handles a variety of instant messaging protocols. Description Specially crafted SNAC packets sent by other instant-messaging users can cause Gaim to loop endlessly CAN-2005-0472. Malformed HTML code could lead to invalid memory...
PostgreSQL: Buffer overflows in PL/PgSQL parser
Background PostgreSQL is a SQL compliant, open source object-relational database management system. Description PostgreSQL is vulnerable to several buffer overflows in the PL/PgSQL parser. Impact A remote attacker could send a malicious query resulting in the execution of arbitrary code with the...
SquirrelMail: Multiple vulnerabilities
Background SquirrelMail is a webmail package written in PHP. It supports IMAP and SMTP and can optionally be installed with SQL support. Description SquirrelMail fails to properly sanitize certain strings when decoding specially-crafted strings, which can lead to PHP file inclusion and XSS...
Mailman: Cross-site scripting vulnerability
Background Mailman is a Python-based mailing list server with an extensive web interface. Description Florian Weimer has discovered a cross-site scripting vulnerability in the error messages that are produced by Mailman. Impact By enticing a user to visiting a specially-crafted URL, an attacker c...
KDE FTP KIOslave: Command injection
Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. KDE provided KIOslaves for many protocols in the kdelibs package, one of them being FTP. These are used by KDE applications such as Konqueror. Description The FTP KIOslave fails to properly...
rssh, scponly: Unrestricted command execution
Background rssh and scponly are two restricted shells, allowing only a few predefined commands. They are often used as a complement to OpenSSH to provide access to remote users without providing any remote execution privileges. Description Jason Wies discovered that when receiving an authorized...
Subversion: Metadata information leak
Background Subversion is a versioning system designed to be a replacement for CVS. modauthzsvn is an Apache module to do path-based authentication for Subversion repositories. Description There is a bug in modauthzsvn that causes it to reveal logged metadata regarding commits to protected areas...
GTK+ 2, gdk-pixbuf: Multiple image decoding vulnerabilities
Background GTK+ GIMP Toolkit + is a toolkit for creating graphical user interfaces. The GdkPixbuf library provides facilities for image handling. It is available as a standalone library as well as shipped with GTK+ 2. Description A vulnerability has been discovered in the BMP image preprocessor...
Gaim: MSN protocol parsing function buffer overflow
Background Gaim is a multi-protocol instant messaging client for Linux which supports many instant messaging protocols. Description Sebastian Krahmer of the SuSE Security Team has discovered a remotely exploitable buffer overflow vulnerability in the code handling MSN protocol parsing. Impact By...
Roundup: Filesystem access vulnerability
Background Roundup is a simple to use issue-tracking system with command-line, web, and e-mail interfaces. Description Improper handling of a specially crafted URL allows access to the server's filesystem, which could contain sensitive information. Impact An attacker could view files owned by the...
Horde-IMP: Input validation vulnerability for Internet Explorer users
Background Horde-IMP is the Internet Messaging Program. It is written in PHP and provides webmail access to IMAP and POP3 accounts. Description Horde-IMP fails to properly sanitize email messages that contain malicious HTML or script code so that it is not safe for users of Internet Explorer when...
Subversion: Remote heap overflow
Background Subversion is a revision control system that aims to be a "compelling replacement for CVS". It enjoys wide use in the open source community. svnserve allows access to Subversion repositories using URIs with the svn://, svn+ssh://, and other tunelled svn+:// protocols. Description The s...
Libxml2 URI Parsing Buffer Overflow Vulnerabilities
Background Description Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6. When the libxml2 library fetches a remote resource via FTP or HTTP, libxml2 uses parsing routines that can overflow a buffer caused by improper bounds checking if they are passed a URL longer than 4096...
PHP: Multiple Vulnerabilities
Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact Please review th...
rsync: Multiple Vulnerabilities
Background rsync is a server and client utility that provides fast incremental file transfers. It is used to efficiently synchronize files between hosts and is used by emerge to fetch Gentoo's Portage tree. Description Multiple vulnerabilities have been discovered in rsync. Please review the CVE...
Pillow: Multiple Vulnerabilities
Background The friendly PIL fork. Description Multiple vulnerabilities have been discovered in Pillow. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time. Resolution...
QtWebEngine: Multiple Vulnerabilities
Background QtWebEngine is a library for rendering dynamic web content in Qt5 and Qt6 C++ and QML applications. Description Multiple vulnerabilities have been discovered in QtWebEngine. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...
Gitea: Multiple Vulnerabilities
Background Gitea is a painless self-hosted Git service. Description Multiple vulnerabilities have been discovered in Gitea. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at...
GLib: Multiple Vulnerabilities
Background GLib is a library providing a number of GNOME's core objects and functions. Description Multiple vulnerabilities have been discovered in GLib. Please review the referenced CVEs for details. Impact GVariant deserialization is vulnerable to an exponential blowup issue where a crafted...
man-db: privilege escalation
Background man-db is a man replacement that utilizes BerkeleyDB instead of flat files. Description A root privilege escalation through setuid executable and cron job has been discovered in man-db. Please review the CVE identifier referenced below for details. Impact A local user with access to th...
LibreCAD: Multiple Vulnerabilities
Background LibreCAD is a generic 2D CAD program. Description Multiple vulnerabilities have been discovered in LibreCAD. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this...
D-Bus: Multiple Vulnerabilities
Background D-Bus is a daemon providing a framework for applications to communicate with one another. Description Multiple vulnerabilities have been discovered in D-Bus. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
Mozilla Firefox: Multiple Vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
LibreOffice: Arbitrary Code Execution
Background LibreOffice is a powerful office suite; its clean interface and powerful tools let you unleash your creativity and grow your productivity. Description LibreOffice links using the vnd.libreoffice.command scheme could be constructed to call internal macros with arbitrary arguments. Which...
PostgreSQL: Multiple Vulnerabilities
Background PostgreSQL is an open source object-relational database management system. Description Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaroun...
Shadow: TOCTOU Race
Background Shadow contains utilities to deal with user accounts Description A TOCTOU race condition was discovered in shadow. A local attacker with write privileges in a directory removed or copied by usermod/userdel could potentially exploit this flaw when the administrator invokes...
Apptainer: Lack of Digital Signature Hash Verification
Background Apptainer is the container system for secure high-performance computing. Description The Go module "sif" version 2.8.0 and older, which is a statically linked dependency of Apptainer, does not verify that the hash algorithms used are cryptographically secure when verifying digital...
Wireshark: Multiple Vulnerabilities
Background Wireshark is a versatile network protocol analyzer. Description Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
Cacti: Remote code execution
Background Cacti is a complete frontend to rrdtool. Description The sideid parameter in datadebug.php does not properly verify input allowing SQL injection. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition...
GDK-PixBuf: Denial of service
Background GDK-PixBuf is an image loading library for GTK+. Description It was discovered that the GDK-PixBuf library did not properly handle certain GIF images. Impact A remote attacker could entice a user to open a specially crafted GIF image in an application linked against GDK-PixBuf library,...
Qt GUI: Buffer overflow
Background The GUI module and platform plugins for the Qt5 framework. Description It was discovered that Qt GUI’s XBM parser did not properly handle X BitMap files. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time. Resolution Al...
PostgreSQL: Multiple vulnerabilities
Background PostgreSQL is an open source object-relational database management system. Description Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaroun...
Xen: Multiple vulnerabilities
Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...