3816 matches found
c-icap: Denial of service
Background c-icap is an implementation of an ICAP server. It can be used with HTTP proxies that support the ICAP protocol to implement content adaptation and filtering services. Description c-icap contains a flaw in the parserequest function of request.c that may allow a remote denial of service...
sudo: Privilege escalation
Background sudo allows a system administrator to give users the ability to run commands as other users. Access to commands may also be granted on a range to hosts. Description When the Sudo envreset option is disabled it is enabled by default, certain environment variables are not blacklisted as...
Bacula: Information disclosure
Background Bacula is a network based backup suite. Description Bacula does not properly enforce console access control lists. Impact A remote authenticated attacker may be able to bypass restrictions to obtain sensitive information. Workaround There is no known workaround at this time. Resolution...
ArgyllCMS: User-assisted execution of arbitrary code
Background ArgyllCMS is an ICC compatible color management system that supports accurate ICC profile creation for scanners, cameras and film recorders. Description Multiple integer overflow vulnerabilities have been discovered in the ICC Format Library in ArgyllCMS. Impact A remote attacker could...
OpenSSL: Denial of service
Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description A flaw in the ssl3takemac function can result in a NULL pointer dereference. Impact A remote attacker cou...
CEDET: Privilege escalation
Background CEDET is a Collection of Emacs Development Environment Tools written with the end goal of creating an advanced development environment in Emacs. Description An untrusted search path vulnerability was discovered in CEDET. Impact A local attacker could escalate his privileges via a...
GNU TeXmacs: Privilege escalation
Background GNU TeXmacs is a free WYSIWYG editing platform with special features for scientists. Description The texmacs and tmmupadhelp scripts in TeXmacs place a zero-length directory name in the LDLIBRARYPATH, which might result in the current working directory . to be included when searching f...
OpenJPEG: User-assisted execution of arbitrary code
Background OpenJPEG is an open-source JPEG 2000 library. Description OpenJPEG contains an invalid free error and multiple buffer overflow flaws. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted JPEG file,...
libjpeg-turbo: User-assisted execution of arbitrary code
Background libjpeg-turbo accelerates JPEG compression and decompression. Description A vulnerability in the getsos function in jdmarker.c could cause a heap-based buffer overflow. Impact A remote attacker could entice a user to open a specially crafted JPEG file in an application linked against...
X.Org X Server: Privilege escalation
Background The X Window System is a graphical windowing system based on a client/server model. Description The "LogVHdrMessageVerb" function in log.c contains a format string vulnerability. NOTE: Exposure to this vulnerability is reduced in Gentoo due to X.Org X Server being built with...
CUPS: Multiple vulnerabilities
Background CUPS, the Common Unix Printing System, is a full-featured print server. Description Multiple vulnerabilities have been discovered in CUPS. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to execute arbitrary code using specially...
Wicd: Multiple vulnerabilities
Background Wicd is an open source wired and wireless network manager for Linux. Description Two vulnerabilities have been found in Wicd: Passwords and passphrases are written to /var/log/wicd CVE-2012-0813. Input from the daemon's D-Bus interface is not properly sanitized CVE-2012-2095. Impact A...
FreeType: Multiple vulnerabilities
Background FreeType is a high-quality and portable font engine. Description Multiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted font, possibly resulting ...
gif2png: User-assisted execution of arbitrary code
Background gif2png is a command line program that converts image files from the Graphics Interchange Format GIF format to the Portable Network Graphics PNG format. Description gif2png contains a command line parsing vulnerability that may result in a stack overflow due to an unexpectedly long inp...
SquirrelMail: Multiple vulnerabilities
Background SquirrelMail is a standards-based webmail package written in PHP. Description Multiple vulnerabilities were found in SquirrelMail: Niels Teusink reported multiple input sanitation flaws in certain encrypted strings in e-mail headers, related to contrib/decryptheaders.php, PHPSELF and t...
Horde: Multiple vulnerabilities
Background Horde is a web application framework written in PHP. Description Multiple vulnerabilities have been discovered in Horde: Stefan Esser of Sektion1 reported an error within the form library when handling image form fields CVE-2009-3236. Martin Geisler and David Wharton reported that an...
aMule: Parameter injection
Background aMule is an eMule-like client for the eD2k and Kademlia networks, supporting multiple platforms. Description Sam Hocevar discovered that the aMule preview function does not properly sanitize file names. Impact A remote attacker could entice a user to download a file with a specially...
Subversion: Remote execution of arbitrary code
Background Subversion is a versioning system designed to be a replacement for CVS. Description Matt Lewis of Google reported multiple integer overflows in the libsvndelta library, possibly leading to heap-based buffer overflows. Impact A remote attacker with commit access could exploit this...
udev: Multiple vulnerabilities
Background udev is the device manager used in the Linux 2.6 kernel series. Description Sebastian Krahmer of SUSE discovered the following two vulnerabilities: udev does not verify the origin of NETLINK messages properly CVE-2009-1185. A buffer overflow exists in the utilpathencode function in...
libsndfile: User-assisted execution of arbitrary code
Background libsndfile is a C library for reading and writing files containing sampled sound. Description Alin Rad Pop from Secunia Research reported an integer overflow when processing CAF description chunks, leading to a heap-based buffer overflow. Impact A remote attacker could entice a user to...
Vinagre: User-assisted execution of arbitrary code
Background Vinagre is a VNC Client for the GNOME Desktop. Description Alfredo Ortega Core Security Technologies reported a format string error in the vinagreutilsshowerror function in src/vinagre-utils.c. Impact A remote attacker could entice a user into opening a specially crafted .vnc file or...
libxml2: Multiple vulnerabilities
Background libxml2 is the XML eXtended Markup Language C parser and toolkit initially developed for the Gnome project. Description Multiple vulnerabilities were reported in libxml2: Andreas Solberg reported that libxml2 does not properly detect recursion during entity expansion in an attribute...
BitlBee: Security bypass
Background BitlBee is an IRC to IM gateway that support multiple IM protocols. Description Multiple unspecified vulnerabilities were reported, including a NULL pointer dereference. Impact A remote attacker could exploit these vulnerabilities to overwrite existing IM accounts. Workaround There is ...
Roundup: Permission bypass
Background Roundup is an issue-tracking system with command-line, web and e-mail interfaces. Description Philipp Gortan reported that the xml-rpc server in Roundup does not check property permissions CVE-2008-1475. Furthermore, Roland Meister discovered multiple vulnerabilities caused by...
KDE start_kdeinit: Multiple vulnerabilities
Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like operating systems. startkdeinit is a wrapper for kdeinit. Description Vulnerabilities have been reported in the processing of user-controlled data by startkdeinit, which is setuid root by default. Impact A loca...
Wireshark: Denial of service
Background Wireshark is a network protocol analyzer with a graphical front-end. Description Multiple unspecified errors exist in the SCTP, SNMP, and TFTP dissectors. Impact A remote attacker could cause a Denial of Service by sending a malformed packet. Workaround Disable the SCTP, SNMP, and TFTP...
Paramiko: Information disclosure
Background Paramiko is a Secure Shell Server implementation written in Python. Description Dwayne C. Litzenberger reported that the file "common.py" does not properly use RandomPool when using threads or forked processes. Impact A remote attacker could predict the values generated by applications...
SplitVT: Privilege escalation
Background SplitVT is a program for splitting terminals into two shells. Description Mike Ashton reported that SplitVT does not drop group privileges before executing the xprop utility. Impact A local attacker could exploit this vulnerability to gain the "utmp" group privileges. Workaround There ...
Claws Mail: Insecure temporary file creation
Background Claws Mail is a GTK based e-mail client. Description Nico Golde from Debian reported that the sylprint.pl script that is part of the Claws Mail tools creates temporary files in an insecure manner. Impact A local attacker could exploit this vulnerability to conduct symlink attacks to...
PCRE: Multiple vulnerabilities
Background PCRE is a library providing functions for Perl-compatible regular expressions. Description Tavis Ormandy Google Security discovered multiple vulnerabilities in PCRE. He reported an error when processing "\Q\E" sequences with unmatched "\E" codes that can lead to the compiled bytecode...
KDM: Local privilege escalation
Background KDM is the Display Manager for the graphical desktop environment KDE. It is part of the kdebase package. Description Kees Huijgen discovered an error when checking the credentials which can lead to a login without specifying a password. This only occurs when auto login is configured fo...
PhpWiki: Authentication bypass
Background PhpWiki is an application that creates a web site where anyone can edit the pages through HTML forms. Description The PhpWiki development team reported an authentication error within the file lib/WikiUser/LDAP.php when binding to an LDAP server with an empty password. Impact A remote...
KVIrc: Remote arbitrary code execution
Background KVIrc is a free portable IRC client based on Qt. Description Stefan Cornelius from Secunia Research discovered that the "parseIrcUrl" function in file src/kvirc/kernel/kviircurl.cpp does not properly sanitise parts of the URI when building the command for KVIrc's internal script system...
Webmin, Usermin: Cross-site scripting vulnerabilities
Background Webmin is a web-based administrative interface for Unix-like systems. Usermin is a simplified version of Webmin designed for use by normal users rather than system administrators. Description The pamlogin.cgi file does not properly sanitize user input before sending it back as output t...
GNU C Library: Integer overflow
Background The GNU C library is the standard C library used by Gentoo Linux systems. It provides programs with basic facilities and interfaces to system calls. ld.so is the dynamic linker which prepares dynamically linked programs for execution by resolving runtime dependencies and related...
file: Integer overflow
Background file is a utility that guesses a file format by scanning binary data for patterns. Description Colin Percival from FreeBSD reported that the previous fix for the fileprintf buffer overflow introduced a new integer overflow. Impact A remote attacker could entice a user to run the file...
ClamAV: Multiple vulnerabilities
Background ClamAV is a GPL virus scanner. Description iDefense Labs have reported a stack-based buffer overflow in the cabunstore function when processing negative values in .cab files. Multiple file descriptor leaks have also been reported in chmunpack.c, pdf.c and dblock.c when processing .chm...
NAS: Multiple vulnerabilities
Background NAS is a network transparent, client/server audio transport system. Description Luigi Auriemma has discovered multiple vulnerabilities in NAS, some of which include a buffer overflow in the function acceptattlocal, an integer overflow in the function ProcAuWriteElement, and a null...
FreeRADIUS: Denial of service
Background FreeRADIUS is an open source RADIUS authentication server implementation. Description The Coverity Scan project has discovered a memory leak within the handling of certain malformed Diameter format values inside an EAP-TTLS tunnel. Impact A remote attacker could send a large amount of...
X.Org X server: Multiple vulnerabilities
Background The X Window System is a graphical windowing system based on a client/server model. Description Multiple memory corruption vulnerabilities have been found in the ProcDbeGetVisualInfo and the ProcDbeSwapBuffers of the DBE extension, and ProcRenderAddGlyphs in the Render extension. Impac...
MIT Kerberos 5: Arbitrary Remote Code Execution
Background MIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. Description The Kerberos administration daemon, and possibly other applications using the GSS-API or RPC libraries, could potentially call a function pointer in a freed heap buffer, or attempt to fr...
Mono: Information disclosure
Background Mono provides the necessary software to develop and run .NET client and server applications on various platforms. Description Jose Ramon Palanco has discovered that the System.Web class in the XSP for the ASP.NET server 1.1 through 2.0 in Mono does not properly validate or sanitize loc...
Ruby: Denial of Service vulnerability
Background Ruby is a dynamic, open source programming language with a focus on simplicity and productivity. Description The readmultipart function of the CGI library shipped with Ruby cgi.rb does not properly check boundaries in MIME multipart content. This is a different issue than GLSA 200611-1...
Trac: Cross-site request forgery
Background Trac is a wiki and issue tracking system for software development projects. Description Trac allows users to perform certain tasks via HTTP requests without performing correct validation on those requests. Impact An attacker could entice an authenticated user to browse to a specially...
AdPlug: Multiple vulnerabilities
Background AdPlug is a free, cross-platform, and hardware-independent AdLib sound player library. Description AdPlug is vulnerable to buffer and heap overflows when processing the following types of files: CFF, MTK, DMO, U6M, DTM, and S3M. Impact By enticing a user to load a specially crafted fil...
Heartbeat: Denial of service
Background Heartbeat is a component of the High-Availability Linux project. It is used to perform death-of-node detection, communications and cluster management. Description Yan Rong Ge discovered that the peelnetstring function in clnetstring.c does not validate the "length" parameter of user...
Net::Server: Format string vulnerability
Background Net::Server is an extensible, generic Perl server engine. It is used by several Perl applications like Postgrey. Description The log function of Net::Server does not handle format string specifiers properly before they are sent to syslog. Impact By sending a specially crafted datastrea...
WordPress: Privilege escalation
Background WordPress is a PHP and MySQL based multiuser blogging system. Description The WordPress developers have confirmed a vulnerability in capability checking for plugins. Impact By exploiting a flaw, a user can circumvent WordPress access restrictions when using plugins. The actual impact...
shadow: Privilege escalation
Background shadow provides a set of utilities to deal with user accounts. Description When the mailbox is created in useradd, the "open" function does not receive the three arguments it expects while OCREAT is present, which leads to random permissions on the created file, before fchmod is...
MPlayer: Heap-based buffer overflow
Background MPlayer is a media player that supports many multimedia file types. Description Xfocus Team discovered multiple integer overflows that may lead to a heap-based buffer overflow. Impact An attacker could entice a user to play a specially crafted multimedia file, potentially resulting in...