3816 matches found
Sendmail: Denial of service
Background Sendmail is a popular mail transfer agent MTA. Description Frank Sheiness discovered that the mime8to7 function can recurse endlessly during the decoding of multipart MIME messages until the stack of the process is filled and the process crashes. Impact By sending specially crafted...
JPEG library: Denial of service
Background The JPEG library is able to load, handle and manipulate images in the JPEG format. Description Tavis Ormandy of the Gentoo Linux Auditing Team discovered that the vulnerable JPEG library ebuilds compile JPEG without the --maxmem feature which is not recommended. Impact By enticing a us...
Pound: HTTP request smuggling
Background Pound is a reverse proxy, load balancer and HTTPS front-end. It allows to distribute the load on several web servers and offers a SSL wrapper for web servers that do not support SSL directly. Description Pound fails to handle HTTP requests with conflicting "Content-Length" and...
phpWebSite: Local file inclusion
Background phpWebSite provides a complete web site content management system. Description rgod has reported that the "hubdir" parameter in "index.php" isn't properly verified. When "magicquotesgpc" is disabled, this can be exploited to include arbitrary files from local ressources. Impact If...
NetHack, Slash'EM, Falcon's Eye: Local privilege escalation
Background NetHack is the classic single player dungeon exploration game. Slash'EM and Falcon's Eye are NetHack variants. Description NetHack, Slash'EM and Falcon's Eye have been found to be incompatible with the system used for managing games on Gentoo Linux. As a result, they cannot be played...
Pngcrush: Buffer overflow
Background Pngcrush is an optimizer for PNG files. Description Carsten Lohrke of Gentoo Linux reported that Pngcrush contains a vulnerable version of zlib GLSA 200507-19. Impact By creating a specially crafted data stream, attackers can overwrite data structures for applications that use Pngcrush...
ADOdb: PostgresSQL command injection
Background ADOdb is an abstraction library for PHP creating a common API for a wide range of database backends. Description Andy Staudacher discovered that ADOdb does not properly sanitize all parameters. Impact By sending specifically crafted requests to an application that uses ADOdb and a...
Horde Application Framework: XSS vulnerability
Background The Horde Application Framework is a general-purpose web application framework written in PHP, providing classes for handling preferences, compression, browser detection, connection tracking, MIME, and more. Description The Horde Team reported a potential XSS vulnerability. Horde fails...
Mantis: XSS and SQL injection vulnerabilities
Background Mantis is a web-based bugtracking system written in PHP. Description Mantis fails to properly sanitize untrusted input before using it. This leads to an SQL injection and several cross-site scripting vulnerabilities. Impact An attacker could possibly use the SQL injection vulnerability...
fetchmail: Buffer Overflow
Background fetchmail is a utility that retrieves and forwards mail from remote systems using IMAP, POP, and other protocols. Description fetchmail does not properly validate UIDs coming from a POP3 mail server. The UID is placed in a fixed length buffer on the stack, which can be overflown. Impac...
KDE kimgio: PCX handling buffer overflow
Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. kimgio is the KDE image handler provided by kdelibs. Description kimgio fails to properly validate input when handling PCX files. Impact By enticing a user to load a specially-crafted PCX ima...
IPsec-Tools: racoon Denial of service
Background IPsec-Tools is a port of KAME's implementation of the IPsec utilities. It contains a collection of network monitoring tools, including racoon, ping, and ping6. Description Sebastian Krahmer has reported a potential remote Denial of Service vulnerability in the ISAKMP header parsing cod...
MySQL: Multiple vulnerabilities
Background MySQL is a fast, multi-threaded, multi-user SQL database server. Description MySQL fails to properly validate input for authenticated users with INSERT and DELETE privileges CAN-2005-0709 and CAN-2005-0710. Furthermore MySQL uses predictable filenames when creating temporary files with...
ImageMagick: Filename handling vulnerability
Background ImageMagick is a collection of tools and libraries for manipulating a wide variety of image formats. Description Tavis Ormandy of the Gentoo Linux Security Audit Team has identified a flaw in the handling of filenames by the ImageMagick utilities. Impact Successful exploitation may...
Qt: Untrusted library search path
Background Qt is a cross-platform GUI toolkit used by KDE. Description Tavis Ormandy of the Gentoo Linux Security Audit Team has discovered that Qt searches for shared libraries in an untrusted, world-writable directory. Impact A local attacker could create a malicious shared object that would be...
MediaWiki: Multiple vulnerabilities
Background MediaWiki is a collaborative editing software, used by big projects like Wikipedia. Description A security audit of the MediaWiki project discovered that MediaWiki is vulnerable to several cross-site scripting and cross-site request forgery attacks, and that the image deletion code doe...
ncpfs: Multiple vulnerabilities
Background ncpfs is a NCP protocol network filesystem driver that allows access to NetWare services, to mount volumes of NetWare servers or print to NetWare print queues. Description Erik Sjolund discovered two vulnerabilities in the programs bundled with ncpfs: there is a potentially exploitable...
MySQL: Insecure temporary file creation
Background MySQL is a fast, multi-threaded, multi-user SQL database server. Description Javier Fernandez-Sanguino Pena from the Debian Security Audit Project discovered that the 'mysqlaccess' script creates temporary files in world-writeable directories with predictable names. Impact A local...
Mozilla, Firefox, Thunderbird: Various vulnerabilities
Background Mozilla is a popular web browser that includes a mail and newsreader. Mozilla Firefox and Mozilla Thunderbird are respectively the next-generation browser and mail client from the Mozilla project. Description Maurycy Prodeus from isec.pl found a potentially exploitable buffer overflow ...
mit-krb5: Heap overflow in libkadm5srv
Background MIT krb5 is the free implementation of the Kerberos network authentication protocol by the Massachusetts Institute of Technology. Description The MIT Kerberos 5 administration library libkadm5srv contains a heap overflow in the code handling password changing. Impact Under specific...
Apache 1.3: Buffer overflow vulnerability in mod_include
Background The Apache HTTP server is one of the most popular web servers on the internet. modinclude is an Apache module to handle Server Side Includes SSI. Description A possible buffer overflow exists in the gettag function of modinclude.c. Impact If Server Side Includes SSI are enabled, a loca...
Foomatic: Arbitrary command execution in foomatic-rip filter
Background Foomatic is a system for connecting printer drivers with spooler systems such as CUPS and LPD. The foomatic-filters package contains wrapper scripts which are designed to be used with Foomatic. Description There is a vulnerability in the foomatic-filters package. This vulnerability is...
mpg123: Buffer overflow vulnerability
Background mpg123 is a MPEG Audio Player. Description mpg123 contains a buffer overflow in the code that handles layer2 decoding of media files. Impact An attacker can possibly exploit this bug with a specially-crafted mp3 or mp2 file to execute arbitrary code with the permissions of the user...
Samba: Denial of Service vulnerabilities
Background Samba is a freely available SMB/CIFS implementation which allows seamless interoperability of file and print services to other SMB/CIFS clients. smbd and nmbd are two daemons used by the Samba server. Description There is a defect in smbd's ASN.1 parsing. A bad packet received during t...
Python 2.2: Buffer overflow in getaddrinfo()
Background Python is an interpreted, interactive, object-oriented, cross-platform programming language. Description If IPV6 is disabled in Python 2.2, getaddrinfo is not able to handle IPV6 DNS requests properly and a buffer overflow occurs. Impact An attacker can execute arbitrary code as the us...
Pavuk: Digest authentication helper buffer overflow
Background Pavuk is web spider and website mirroring tool. Description Pavuk contains several buffer overflow vulnerabilities in the code handling digest authentication. Impact An attacker could cause a buffer overflow, leading to arbitrary code execution with the rights of the user running Pavuk...
Shorewall : Insecure temp file handling
Background Shorewall is a high level tool for configuring Netfilter, the firewall facility included in the Linux Kernel. Description Shorewall uses temporary files and directories in an insecure manner. A local user could create symbolic links at specific locations, eventually overwriting other...
Buffer overflow in Subversion
Background Subversion is a version control system intended to eventually replace CVS. Like CVS, it has an optional client-server architecture where the server can be an Apache server running modsvn, or an ssh program as in CVS's :ext: method. In addition to supporting the features found in CVS,...
Multiple remote buffer overflow vulnerabilities in Courier
Background Courier MTA is a multiprotocol mail server suite that provides webmail, mailing lists, IMAP, and POP3 services. Courier-IMAP is a standalone server that gives IMAP access to local mailboxes. Description The vulnerabilities have been found in the 'SHIFTJIS' converter in 'shiftjis.c' and...
CVS: malformed module request vulnerability
Background CVS, which stands for Concurrent Versions System, is a client/server application which tracks changes to sets of files. It allows multiple users to work concurrently on files, and then merge their changes back into the main tree which can be on a remote system. It also allows branching...
Libnids: remote code execution vulnerability
Background Libnids is a component of a network intrusion detection system. Description There is a bug in the part of libnids code responsible for TCP reassembly. The flaw probably allows remote code execution. Impact A remote attacker could possibly execute arbitrary code. Workaround There is no...
Bundler: Multiple Vulnerabilities
Background Bundler provides a consistent environment for Ruby projects by tracking and installing the exact gems and versions that are needed. Description Multiple vulnerabilities have been discovered in Bundler. Please review the CVE identifiers referenced below for details. Impact Please review...
cryptography: Multiple Vulnerabilities
Background cryptography is a package which provides cryptographic recipes and primitives to Python developers. Description Multiple vulnerabilities have been discovered in cryptography. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...
GNU Emacs, Org Mode: Multiple Vulnerabilities
Background GNU Emacs is a highly extensible and customizable text editor. Description Multiple vulnerabilities have been discovered in GNU Emacs. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...
SSSD: Command Injection
Background SSSD provides a set of daemons to manage access to remote directories and authentication mechanisms such as LDAP, Kerberos or FreeIPA. It provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources. Description A...
Kubelet: Privilege Escalation
Background Kubelet is a Kubernetes Node Agent. Description A vulnerability has been discovered in Kubelet. Please review the CVE identifier referenced below for details. Impact A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes...
Mozilla Thunderbird: Multiple Vulnerabilities
Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...
LibreOffice: Multiple Vulnerabilities
Background LibreOffice is a powerful office suite; its clean interface and powerful tools let you unleash your creativity and grow your productivity. Description Multiple vulnerabilities have been discovered in LibreOffice. Please review the CVE identifiers referenced below for details. Impact...
NBD Tools: Multiple Vulnerabilities
Background The NBD Tools are the Network Block Device utilities allowing one to use remote block devices over a TCP/IP network. It includes a userland NBD server. Description Multiple vulnerabilities have been discovered in NBD Tools. Please review the CVE identifiers referenced below for details...
LibRaw: Heap Buffer Overflow
Background LibRaw is a library for reading RAW files obtained from digital photo cameras. Description A vulnerability has been discovered in LibRaw. Please review the CVE identifier referenced below for details. Impact A heap-buffer-overflow in raw2imageex caused by a maliciously crafted file may...
Leptonica: Multiple Vulnerabilities
Background Leptonica is a C library for image processing and analysis. Description Multiple vulnerabilities have been discovered in Leptonica. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...
GNU Libmicrohttpd: Buffer Overflow Vulnerability
Background GNU libmicrohttpd is a small C library that makes it easy to run an HTTP server as part of another application. GNU Libmicrohttpd is free software and part of the GNU project. Description A buffer overflow vulnerability has been discovered in GNU Libmicrohttpd. Please review the CVE...
Wireshark: Multiple Vulnerabilities
Background Wireshark is a versatile network protocol analyzer. Description Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
Requests: Information Leak
Background Requests is an HTTP library for human beings. Description Requests is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin with authentication credentials encoded into the URL. Impact Users' proxy...
exif: Denial of Service
Background libexif is a library for parsing, editing and saving Exif metadata from images. exif is a small command line interface for libexif. Description There is a bug in exif's XML output format which can result in a null pointer dereference when outputting crafted JPEG EXIF data. Impact A...
Deluge: Cross-Site Scripting
Background Deluge is a BitTorrent client. Description Deluge does not sufficiently sanitize crafted torrent file data, leading to the application interpreting untrusted data as HTML. Impact An attacker can achieve XSS via a crafted torrent file. Workaround There is no known workaround at this tim...
yaml-cpp: Denial of service
Background yaml-cpp is a YAML parser and emitter in C++. Description The function Scanner::peek in scanner.cpp may have an assertion failure. Impact An attacker could cause a possible Denial of Service condition. Workaround There is no known workaround at this time. Resolution All yaml-cpp users...
HylaFAX: Multiple vulnerabilities
Background HylaFAX is an enterprise-class system for sending and receiving facsimile messages and for sending alpha-numeric pages. Description Multiple vulnerabilities have been discovered in HylaFAX. Please review the CVE identifiers referenced below for details. Impact Please review the...
libssh: Denial of service
Background libssh is a multiplatform C library implementing the SSHv2 protocol on client and server side. Description It was discovered that libssh could crash when AES-CTR ciphers are used. Impact A remote attacker running a malicious client or server could possibly crash the counterpart...
ZNC: Privilege escalation
Background ZNC is an advanced IRC bouncer. Description It was discovered that ZNC’s “Modules.cpp” allows remote authenticated non-admin users to escalate privileges. Impact A remote authenticated attacker could escalate privileges and subsequently execute arbitrary code or conduct a Denial of...