3816 matches found
Asterisk: Multiple vulnerabilities
Background Asterisk is an open source telephony engine and toolkit. Description Multiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers below for details. Impact A remote attacker that gains access to a privileged Asterisk account can execute arbitrary system...
cURL: Multiple vulnerabilities
Background cURL is a command line tool for transferring files with URL syntax, supporting numerous protocols. Description Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details. Impact A remote attacker could cause a man-in-the-middle...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
lib3ds: User-assisted execution of arbitrary code
Background lib3ds is a library for managing 3D-Studio Release 3 and 4 .3DS files. Description An array index error has been discovered in lib3ds. Impact A remote attacker could entice a user to open a specially crafted 3DS file using an application linked against lib3ds, possibly resulting in...
grep: User-assisted execution of arbitrary code
Background grep is the GNU regular expression matcher. Description An integer overflow flaw has been discovered in grep. Impact An attacker could entice a user to run grep on a specially crafted file, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial...
LibYAML: Arbitrary code execution
Background LibYAML is a YAML 1.1 parser and emitter written in C. Description A heap-based buffer overflow flaw was found in the way libyaml parsed YAML tags. Impact A remote attacker could provide a specially-crafted YAML document which when parsed by LibYAML, would cause the application to cras...
FreeType: Multiple vulnerabilities
Background FreeType is a high-quality and portable font engine. Description Multiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker could entice a user to open a specially crafted font, possibly...
Tomboy: Privilege escalation
Background Tomboy is a desktop note-taking application. Description Tomboy places a zero-length directory name in the LDLIBRARYPATH, which might result in the current working directory . to be included when searching for dynamically linked libraries. NOTE: This vulnerability exists due to an...
Netpbm: User-assisted arbitrary code execution
Background Netpbm is a toolkit for manipulation of graphic images, including conversion of images between a variety of different formats. Description A stack-based buffer overflow exists in converter/ppm/xpmtoppm.c in Netpbm. Impact A remote attacker could entice a user to open a specially crafte...
GNU Automake: Multiple vulnerabilities
Background GNU Automake is a tool for automatically generating Makefile.in files compliant with the GNU Coding Standards. Description Multiple vulnerabilities have been discovered in GNU Automake. Please review the CVE identifiers referenced below for details. Impact A local attacker could execut...
LibRaw, libkdcraw: Multiple vulnerabilities
Background LibRaw is a library for reading RAW files obtained from digital photo cameras. libkdcraw is a wrapper for LibRaw within KDE. Description Multiple vulnerabilities have been discovered in LibRaw and libkdcraw. Please review the CVE identifiers referenced below for details. Impact A remot...
Gajim: Multiple vulnerabilities
Background Gajim is a Jabber and XMPP client written in PyGTK. Description Multiple vulnerabilities have been discovered in Gajim. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted link using Gajim, possibly...
gif2png: Multiple vulnerabilities
Background gif2png converts images from GIF format to PNG format. Description Two vulnerabilities have been found in gif2png: A boundary error in gif2png.c could cause a buffer overflow CVE-2010-4694. The patch for CVE-2009-5018 causes gif2png to truncate GIF pathnames CVE-2010-4695. Impact A...
abcm2ps: Multiple vulnerabilities
Background abcm2ps is a program to convert abc files to Postscript files. Description Multiple vulnerabilities have been discovered in abcm2ps: Boundary errors in the PUT0 and PUT1 macros, the trimtitle function, or a long "-O" command line option can lead to a buffer overflow CVE-2010-3441. A...
Wget: Certificate validation error
Background GNU Wget is a free software package for retrieving files using HTTP, HTTPS and FTP, the most widely-used Internet protocols. Description The vendor reported that Wget does not properly handle Common Name CN fields in X.509 certificates that contain an ASCII NUL \0 character...
nginx: Remote execution of arbitrary code
Background nginx is a robust, small and high performance HTTP and reverse proxy server. Description Chris Ries reported a heap-based buffer underflow in the ngxhttpparsecomplexuri function in http/ngxhttpparse.c when parsing the request URI. Impact A remote attacker might send a specially crafted...
Apache Portable Runtime, APR Utility Library: Execution of arbitrary code
Background The Apache Portable Runtime aka APR provides a set of APIs for creating platform-independent applications. The Apache Portable Runtime Utility Library aka APR-Util provides an interface to functionality such as XML parsing, string matching and databases connections. Description Matt...
Linux-PAM: Privilege escalation
Background Linux-PAM Pluggable Authentication Modules is an architecture allowing the separation of the development of privilege granting software from the development of secure and appropriate authentication schemes. Description Marcus Granado repoted that Linux-PAM does not properly handle user...
Syslog-ng: Chroot escape
Background Syslog-ng is a flexible and scalable system logger. Description Florian Grandel reported that Syslog-ng does not call chdir before chroot which leads to an inherited file descriptor to the current working directory. Impact A local attacker might exploit a separate vulnerability in...
ProFTPD: Multiple vulnerabilities
Background ProFTPD is an advanced and very configurable FTP server. Description The following vulnerabilities were reported: Percent characters in the username are not properly handled, which introduces a single quote character during variable substitution by modsql CVE-2009-0542. Some invalid,...
Audacity: User-assisted execution of arbitrary code
Background Audacity is a free cross-platform audio editor. Description Houssamix discovered a boundary error in the Stringparse::getnonspacequoted function in lib-src/allegro/strparse.cpp. Impact A remote attacker could entice a user into importing a specially crafted .gro file, resulting in the...
Tremulous: User-assisted execution of arbitrary code
Background Tremulous is a team-based First Person Shooter game. Description It has been reported that Tremulous includes a vulnerable version of the ioQuake3 engine GLSA 200605-12, CVE-2006-2236. Impact A remote attacker could entice a user to connect to a malicious games server, possibly resulti...
JHead: Multiple vulnerabilities
Background JHead is an exif jpeg header manipulation tool. Description Marc Merlin and John Dong reported multiple vulnerabilities in JHead: A buffer overflow in the DoCommand function when processing the cmd argument and related to potential string overflows CVE-2008-4575. An insecure creation o...
Bacula: Information disclosure
Background Bacula is a network based backup suite. Description Matthijs Kooijman reported that the "makecatalogbackup" script uses the MySQL password as a command line argument when invoking other programs. Impact A local attacker could list the processes on the local machine when the script is...
X.Org X server: Multiple vulnerabilities
Background The X Window System is a graphical windowing system based on a client/server model. Description Regenrecht reported multiple vulnerabilities in various X server extensions via iDefense: The SProcSecurityGenerateAuthorization and SProcRecordCreateContext functions of the RECORD and...
Common Data Format library: User-assisted execution of arbitrary code
Background The Common Data Format library is a scientific data management package which allows programmers and application developers to manage and manipulate scalar, vector, and multi-dimensional data arrays in a platform independent fashion. Description Alfredo Ortega Core Security Technologies...
Wireshark: Denial of service
Background Wireshark is a network protocol analyzer with a graphical front-end. Description Errors exist in: the X.509sat dissector because of an uninitialized variable and the Roofnet dissector because a NULL pointer may be passed to the gvsnprintf function CVE-2008-1561. the LDAP dissector...
lighttpd: Multiple vulnerabilities
Background lighttpd is a lightweight high-performance web server. Description Julien Cayzax discovered that an insecure default setting exists in moduserdir in lighttpd. When userdir.path is not set the default value used is $HOME. It should be noted that the "nobody" user's $HOME is "/"...
PCRE: Buffer overflow
Background PCRE is a Perl-compatible regular expression library. GLib includes a copy of PCRE. Description PCRE contains a buffer overflow vulnerability when processing a character class containing a very large number of characters with codepoints greater than 255. Impact A remote attacker could...
unp: Arbitrary command execution
Background unp is a script for unpacking various file formats. Description Erich Schubert from Debian discovered that unp does not escape file names properly before passing them to calls of the shell. Impact A remote attacker could entice a user or automated system to unpack a compressed archive...
Samba: Execution of arbitrary code
Background Samba is a suite of SMB and CIFS client/server programs for UNIX. Description Alin Rad Pop Secunia Research discovered a boundary checking error in the sendmailslot function which could lead to a stack-based buffer overflow. Impact A remote attacker could send a specially crafted...
Lookup: Insecure temporary file creation
Background Lookup is a search interface to books and dictionnaries for Emacs. Description Tatsuya Kinoshita reported that the ndeb-binary function does not handle temporay files correctly. Impact A local attacker could use a symlink attack to overwrite files with the privileges of the user runnin...
Mozilla Thunderbird: Multiple vulnerabilities
Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been reported in Mozilla Thunderbird's HTML browser engine CVE-2007-5339 and JavaScript engine CVE-2007-5340 that can be exploited to cause a memory corruption...
Mono: Buffer overflow
Background Mono provides the necessary software to develop and run .NET client and server applications on various platforms. Description IOActive discovered an error in the Mono.Math.BigInteger class, in the reduction step of the Montgomery-based Pow methods, that could lead to a buffer overflow...
HPLIP: Privilege escalation
Background The Hewlett-Packard Linux Imaging and Printing system HPLIP provides drivers for HP's inkjet and laser printers, scanners and fax machines. It integrates with the Common UNIX Printing System CUPS and Scanner Access Now Easy SANE. Description Kees Cook from the Ubuntu Security team...
RPCSEC_GSS library: Buffer overflow
Background librpcsecgss is an implementation of RPCSECGSS for secure RPC communications. Description A stack based buffer overflow has been discovered in the svcauthgssvalidate function in file lib/rpc/svcauthgss.c when processing an overly long string in a RPC message. Impact A remote attacker...
id3lib: Insecure temporary file creation
Background id3lib is an open-source, cross-platform software development library for reading, writing, and manipulating ID3v1 and ID3v2 tags. Description Nikolaus Schulz discovered that the function RenderV2ToFile in file src/tagfile.cpp creates temporary files in an insecure manner. Impact A loc...
Streamripper: Buffer overflow
Background Streamripper is a tool for extracting and recording mp3 files from a Shoutcast stream. Description Chris Rohlf discovered several boundary errors in the httplibparsescheader function when processing HTTP headers. Impact A remote attacker could entice a user to connect to a malicious...
XnView: Stack-based buffer overflow
Background XnView is software to view and convert graphics files. XPixMap XPM is a simple ascii-based graphics format. Description XnView is vulnerable to a stack-based buffer overflow while processing an XPM file with an overly long section string greater than 1024 bytes. Impact An attacker coul...
Evolution: User-assisted execution of arbitrary code
Background Evolution is the mail client of the GNOME desktop environment. Description Ulf Harnhammar from Secunia Research has discovered a format string error in the writehtml function in the file calendar/gui/e-cal-component-memo-preview.c. Impact A remote attacker could entice a user to open a...
libexif: Integer overflow vulnerability
Background libexif is a library for parsing, editing and saving Exif data. Description Victor Stinner reported an integer overflow in the exifdataloaddataentry function from file exif-data.c while handling Exif data. Impact An attacker could entice a user to process a file with specially crafted...
IPsec-Tools: Denial of service
Background IPsec-Tools is a port of KAME's implementation of the IPsec utilities. It contains a collection of network monitoring tools, including racoon, ping, and ping6. Description The isakmpinforecv function in src/racoon/isakmpinf.c does not always check that DELETE ISAKMPNPTYPED and NOTIFY...
BEAST: Denial of service
Background BEdevilled Audio SysTem is an audio compositor, supporting a wide range of audio formats. Description BEAST, which is installed as setuid root, fails to properly check whether it can drop privileges accordingly if seteuid fails due to a user exceeding assigned resource limits. Impact A...
OpenOffice.org: Multiple vulnerabilities
Background OpenOffice.org is an open source office productivity suite, including word processing, spreadsheet, presentation, drawing, data charting, formula editing, and file conversion facilities. Description John Heasman of NGSSoftware has discovered a stack-based buffer overflow in the StarCal...
Squid: Denial of service
Background Squid is a multi-protocol proxy server. Description Squid incorrectly handles TRACE requests that contain a "Max-Forwards" header field with value "0" in the clientProcessRequest function. Impact A remote attacker can send specially crafted TRACE HTTP requests that will terminate the...
Snort: Denial of service
Background Snort is a widely deployed intrusion detection program. Description Randy Smith, Christian Estan and Somesh Jha discovered that the rule matching algorithm of Snort can be exploited in a way known as a "backtracking attack" to perform numerous time-consuming operations. Impact A remote...
GnuTLS: RSA Signature Forgery
Background GnuTLS is an implementation of SSL 3.0 and TLS 1.0. Description verify.c fails to properly handle excess data in digestAlgorithm.parameters field while generating a hash when using an RSA key with exponent 3. RSA keys that use exponent 3 are commonplace. Impact Remote attackers could...
libwmf: Buffer overflow vulnerability
Background libwmf is a library for reading and converting vector images in Microsoft's native Windows Metafile Format WMF. Description infamous41md discovered that libwmf fails to do proper bounds checking on the MaxRecordSize variable in the WMF file header. This could lead to an head-based buff...
Courier MTA: Denial of Service vulnerability
Background Courier MTA is an integrated mail and groupware server based on open protocols. Description Courier MTA has fixed a security issue relating to usernames containing the "=" character, causing high CPU utilization. Impact An attacker could exploit this vulnerability by sending a speciall...
LibVNCServer: Authentication bypass
Background LibVNCServer is a GPL'ed library for creating VNC servers. Description LibVNCServer fails to properly validate protocol types effectively letting users decide what protocol to use, such as "Type 1 - None". LibVNCServer will accept this security type, even if it is not offered by the...