3816 matches found
Mozilla Firefox: Multiple vulnerabilities
Background Mozilla Firefox is the next-generation web browser from the Mozilla project. Description A number of vulnerabilities were found and fixed in Mozilla Firefox. For details please consult the references below. Impact By enticing the user to visit a malicious website, a remote attacker can...
zoo: Buffer overflow
Background zoo is a file archiving utility for maintaining collections of files, written by Rahul Dhesi. Description zoo is vulnerable to a new buffer overflow due to insecure use of the strcpy function when trying to create an archive from certain directories or filenames. Impact An attacker cou...
IMAP Proxy: Format string vulnerabilities
Background IMAP Proxy also known as up-imapproxy proxies IMAP transactions between an IMAP client and an IMAP server. Description Steve Kemp discovered two format string errors in IMAP Proxy. Impact A remote attacker could design a malicious IMAP server and entice someone to connect to it using...
cURL: Off-by-one errors in URL handling
Background cURL is a command line tool for transferring files with URL syntax, supporting numerous protocols. Description Stefan Esser from the Hardened-PHP Project has reported a vulnerability in cURL that allows for a local buffer overflow when cURL attempts to parse specially crafted URLs. The...
Ethereal: Multiple vulnerabilities in protocol dissectors
Background Ethereal is a feature-rich network protocol analyzer. Description There are numerous vulnerabilities in versions of Ethereal prior to 0.10.13, including: The SLIM3 and AgentX dissectors could overflow a buffer CVE-2005-3243. iDEFENSE discovered a buffer overflow in the SRVLOC dissector...
phpMyAdmin: Local file inclusion and XSS vulnerabilities
Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the web. Description Stefan Esser discovered that by calling certain PHP files directly, it was possible to workaround the grabglobals.lib.php security model and overwrite the $cfg configuration...
Net-SNMP: Insecure RPATH
Background Net-SNMP is a suite of applications used to implement the Simple Network Management Protocol. Description James Cloos reported that Perl modules from the Net-SNMP package look for libraries in an untrusted location. This is due to a flaw in the Gentoo package, and not the Net-SNMP suit...
pstotext: Remote execution of arbitrary code
Background pstotext is a program that works with GhostScript to extract plain text from PostScript and PDF files. Description Max Vozeler reported that pstotext calls the GhostScript interpreter on untrusted PostScript files without specifying the -dSAFER option. Impact An attacker could craft a...
Ruby: Arbitrary command execution through XML-RPC
Background Ruby is an interpreted scripting language for quick and easy object-oriented programming. XML-RPC is a remote procedure call protocol encoded in XML. Description Nobuhiro IMAI reported that an invalid default value in "utils.rb" causes the security protections of the XML-RPC server to...
webapp-config: Insecure temporary file handling
Background webapp-config is a Gentoo Linux utility to help manage the installation of web-based applications. Description Eric Romang discovered webapp-config uses a predictable temporary filename while processing certain options, resulting in a race condition. Impact Successful exploitation of t...
Gaim: Multiple Denial of Service issues
Background Gaim is a full featured instant messaging client which handles a variety of instant messaging protocols. Description Specially crafted SNAC packets sent by other instant-messaging users can cause Gaim to loop endlessly CAN-2005-0472. Malformed HTML code could lead to invalid memory...
PostgreSQL: Buffer overflows in PL/PgSQL parser
Background PostgreSQL is a SQL compliant, open source object-relational database management system. Description PostgreSQL is vulnerable to several buffer overflows in the PL/PgSQL parser. Impact A remote attacker could send a malicious query resulting in the execution of arbitrary code with the...
SquirrelMail: Multiple vulnerabilities
Background SquirrelMail is a webmail package written in PHP. It supports IMAP and SMTP and can optionally be installed with SQL support. Description SquirrelMail fails to properly sanitize certain strings when decoding specially-crafted strings, which can lead to PHP file inclusion and XSS...
ImageMagick: PSD decoding heap overflow
Background ImageMagick is a collection of tools to read, write and manipulate images in many formats. Description Andrei Nigmatulin discovered that a Photoshop Document PSD file with more than 24 layers could trigger a heap overflow. Impact An attacker could potentially design a mailicous PSD ima...
KDE FTP KIOslave: Command injection
Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. KDE provided KIOslaves for many protocols in the kdelibs package, one of them being FTP. These are used by KDE applications such as Konqueror. Description The FTP KIOslave fails to properly...
rssh, scponly: Unrestricted command execution
Background rssh and scponly are two restricted shells, allowing only a few predefined commands. They are often used as a complement to OpenSSH to provide access to remote users without providing any remote execution privileges. Description Jason Wies discovered that when receiving an authorized...
SquirrelMail: Encoded text XSS vulnerability
Background SquirrelMail is a webmail package written in PHP. It supports IMAP and SMTP, and can optionally be installed with SQL support. Description SquirrelMail fails to properly sanitize certain strings when decoding specially-crafted headers. Impact By enticing a user to read a...
Subversion: Metadata information leak
Background Subversion is a versioning system designed to be a replacement for CVS. modauthzsvn is an Apache module to do path-based authentication for Subversion repositories. Description There is a bug in modauthzsvn that causes it to reveal logged metadata regarding commits to protected areas...
Gaim: MSN protocol parsing function buffer overflow
Background Gaim is a multi-protocol instant messaging client for Linux which supports many instant messaging protocols. Description Sebastian Krahmer of the SuSE Security Team has discovered a remotely exploitable buffer overflow vulnerability in the code handling MSN protocol parsing. Impact By...
Roundup: Filesystem access vulnerability
Background Roundup is a simple to use issue-tracking system with command-line, web, and e-mail interfaces. Description Improper handling of a specially crafted URL allows access to the server's filesystem, which could contain sensitive information. Impact An attacker could view files owned by the...
Horde-IMP: Input validation vulnerability for Internet Explorer users
Background Horde-IMP is the Internet Messaging Program. It is written in PHP and provides webmail access to IMAP and POP3 accounts. Description Horde-IMP fails to properly sanitize email messages that contain malicious HTML or script code so that it is not safe for users of Internet Explorer when...
Subversion: Remote heap overflow
Background Subversion is a revision control system that aims to be a "compelling replacement for CVS". It enjoys wide use in the open source community. svnserve allows access to Subversion repositories using URIs with the svn://, svn+ssh://, and other tunelled svn+:// protocols. Description The s...
Libxml2 URI Parsing Buffer Overflow Vulnerabilities
Background Description Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6. When the libxml2 library fetches a remote resource via FTP or HTTP, libxml2 uses parsing routines that can overflow a buffer caused by improper bounds checking if they are passed a URL longer than 4096...
XChat: malformed dcc send request denial of service
Background XChat is a multiplatform IRC client. Description There is a remotely exploitable bug in XChat 2.0.6 that could lead to a denial of service attack. Gentoo wishes to thank lloydbates for discovering this bug, as well as jcdutton and rac for submitting patches to fix the bug. Impact A...
rsync: Multiple Vulnerabilities
Background rsync is a server and client utility that provides fast incremental file transfers. It is used to efficiently synchronize files between hosts and is used by emerge to fetch Gentoo's Portage tree. Description Multiple vulnerabilities have been discovered in rsync. Please review the CVE...
Pillow: Multiple Vulnerabilities
Background The friendly PIL fork. Description Multiple vulnerabilities have been discovered in Pillow. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time. Resolution...
QtWebEngine: Multiple Vulnerabilities
Background QtWebEngine is a library for rendering dynamic web content in Qt5 and Qt6 C++ and QML applications. Description Multiple vulnerabilities have been discovered in QtWebEngine. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...
Wireshark: Multiple Vulnerabilities
Background Wireshark is a versatile network protocol analyzer. Description Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
GLib: Multiple Vulnerabilities
Background GLib is a library providing a number of GNOME's core objects and functions. Description Multiple vulnerabilities have been discovered in GLib. Please review the referenced CVEs for details. Impact GVariant deserialization is vulnerable to an exponential blowup issue where a crafted...
man-db: privilege escalation
Background man-db is a man replacement that utilizes BerkeleyDB instead of flat files. Description A root privilege escalation through setuid executable and cron job has been discovered in man-db. Please review the CVE identifier referenced below for details. Impact A local user with access to th...
LibreCAD: Multiple Vulnerabilities
Background LibreCAD is a generic 2D CAD program. Description Multiple vulnerabilities have been discovered in LibreCAD. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this...
Mozilla Firefox: Multiple Vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
D-Bus: Multiple Vulnerabilities
Background D-Bus is a daemon providing a framework for applications to communicate with one another. Description Multiple vulnerabilities have been discovered in D-Bus. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
PostgreSQL: Multiple Vulnerabilities
Background PostgreSQL is an open source object-relational database management system. Description Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaroun...
libjxl: Denial of Service
Background libjxl is the JPEG XL image format reference implementation. Description libjxl contains an unecessary assertion in jxl::LowMemoryRenderPipeline::Init. Impact An attacker can cause a denial of service of the libjxl process via a crafted input file. Workaround There is no known workarou...
Cacti: Remote code execution
Background Cacti is a complete frontend to rrdtool. Description The sideid parameter in datadebug.php does not properly verify input allowing SQL injection. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition...
Qt GUI: Buffer overflow
Background The GUI module and platform plugins for the Qt5 framework. Description It was discovered that Qt GUI’s XBM parser did not properly handle X BitMap files. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time. Resolution Al...
PostgreSQL: Multiple vulnerabilities
Background PostgreSQL is an open source object-relational database management system. Description Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaroun...
libetpan: Improper STARTTLS handling
Background libetpan is a portable, efficient middleware for different kinds of mail access. Description It was discovered that libetpan was not properly handling state within the STARTTLS protocol handshake. Impact There may be a breach of integrity or confidentiality in connections made using...
Bubblewrap: Arbitrary code execution
Background Bubblewrap is an unprivileged sandboxing tool namespaces-powered chroot-like solution. Description Bubblewrap misuses temporary directories in /tmp as a mount point. Impact This flaw may allow possible execution of code or prevention of running Bubblewrap. Workaround There is no known...
GnuTLS: DTLS protocol regression
Background GnuTLS is an Open Source implementation of the TLS and SSL protocols. Description It was discovered that DTLS client did not contribute any randomness to the DTLS negotiation. Impact Please review the referenced advisory for details. Workaround There is no known workaround at this time...
EDE: Privilege escalation
Background A package that simplifies the task of creating, building, and debugging large programs with Emacs. It provides some of the features of an IDE, or Integrated Development Environment, in Emacs. Description An untrusted search path vulnerability was discovered in EDE. Impact A local...
WebkitGTK+: Multiple vulnerabilities
Background WebKitGTK+ is a full-featured port of the WebKit rendering engine. Description Multiple vulnerabilities have been discovered in WebkitGTK+. Please review the referenced CVE Identifiers for details. Impact An attacker, by enticing a user to visit maliciously crafted web content, may be...
elfutils: Multiple vulnerabilities
Background Elfutils provides a library and utilities to access, modify and analyse ELF objects. Description Multiple vulnerabilities have been discovered in elfutils. Please review the referenced CVE identifiers for details. Impact A remote attacker could possibly cause a Denial of Service...
nettle: Information disclosure
Background Nettle is a cryptographic library that is designed to fit easily in almost any context: In cryptographic toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like lsh or GnuPG, or even in kernel space. Description It was found that nettle’s RSA and DSA...
jbig2dec: Multiple vulnerabilities
Background jbig2dec is a decoder implementation of the JBIG2 image compression format. Description Multiple vulnerabilities have been discovered in jbig2dec. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user or automated system to process...
vzctl: Security bypass
Background vzctl is a set of control tools for the OpenVZ server virtualization solution. Description It was discovered that vzctl determined the virtual environment VE layout based on the presence of root.hdd/DiskDescriptor.xml in the VE private directory. This allows local simfs container CT ro...
SNMP: Denial of service
Background SNMP is a widely used protocol for monitoring the health and welfare of network equipment. Description A specially crafted trap message triggers a conversion to an erroneous variable type when the -OQ option is used. Impact A remote attacker could possibly cause a Denial of Service...
libxml2: Denial of service
Background libxml2 is the XML C parser and toolkit developed for the Gnome project. Description libxml2 returns the empty string when the allocation limit is encountered while constructing the attribute value string. Impact A remote attacker may be able to cause Denial of Service via a specially...
mod_wsgi: Privilege escalation
Background modwsgi is an Apache2 module for running Python WSGI applications. Description Two vulnerabilities have been found in modwsgi: Error codes returned by setuid are not properly handled CVE-2014-0240 A memory leak exists via the “Content-Type” header CVE-2014-0242 Impact A local attacker...