3816 matches found
yaml-cpp: Denial of service
Background yaml-cpp is a YAML parser and emitter in C++. Description The function Scanner::peek in scanner.cpp may have an assertion failure. Impact An attacker could cause a possible Denial of Service condition. Workaround There is no known workaround at this time. Resolution All yaml-cpp users...
HylaFAX: Multiple vulnerabilities
Background HylaFAX is an enterprise-class system for sending and receiving facsimile messages and for sending alpha-numeric pages. Description Multiple vulnerabilities have been discovered in HylaFAX. Please review the CVE identifiers referenced below for details. Impact Please review the...
libssh: Denial of service
Background libssh is a multiplatform C library implementing the SSHv2 protocol on client and server side. Description It was discovered that libssh could crash when AES-CTR ciphers are used. Impact A remote attacker running a malicious client or server could possibly crash the counterpart...
ZNC: Privilege escalation
Background ZNC is an advanced IRC bouncer. Description It was discovered that ZNC’s “Modules.cpp” allows remote authenticated non-admin users to escalate privileges. Impact A remote authenticated attacker could escalate privileges and subsequently execute arbitrary code or conduct a Denial of...
LibXcursor: User-assisted execution of arbitrary code
Background X.Org X11 libXcursor runtime library. Description It was discovered that libXcursor is prone to several heap overflows when parsing malicious files. Impact A remote attacker, by enticing a user to process a specially crafted cursor file, could possibly execute arbitrary code with the...
libksba: Denial of Service and information disclosure
Background Libksba is a X.509 and CMS PKCS7 library. Description It was found that an unproportionate amount of memory is allocated when parsing crafted certificates in libskba, which may lead to Denial of Service condition. Moreover in libksba 1.3.4, allocated memory is uninitialized and could...
spice: Multiple vulnerabilities
Background Provides a complete open source solution for remote access to virtual machines in a seamless way so you can play videos, record audio, share usb devices and share folders without complications. Description Multiple vulnerabilities have been discovered in spice, please review the CVE...
MuPDF: User-assisted execution of arbitrary code
Background MuPDF is a lightweight PDF viewer and toolkit written in portable C. Description Multiple vulnerabilities have been discovered in MuPDF. Please review the CVE identifier and Secunia Research referenced below for details. Impact A remote attacker could entice a user to open a specially...
Network Audio System: Multiple vulnerabilities
Background Network Audio System is a network transparent, client/server audio transport system. Description Multiple vulnerabilities have been discovered in Network Audio System. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker could possibly...
Fail2ban: Multiple vulnerabilities
Background Fail2ban is a tool for parsing log files and banning IP addresses which show suspicious behavior. Description Multiple vulnerabilities have been discovered in Fail2ban. Please review the CVE identifiers referenced below for details. Impact A remote attacker could send a crafted URL to ...
X2Go Server: Privilege Escalation
Background X2Go is an open source terminal server project. Description X2Go Server is prone to a local privilege-escalation vulnerability. Impact A local attacker could gain escalated privileges. Workaround There is no known workaround at this time. Resolution All X2Go Server users should upgrade...
OpenConnect: User-assisted execution of arbitrary code
Background OpenConnect is a free client for Cisco AnyConnect SSL VPN software. Description A stack-based buffer overflow error has been discovered in OpenConnect. Impact A remote attacker could entice a user to connect to a malicious VPN server, possibly resulting in execution of arbitrary code...
JBIG-KIT: Denial of service
Background JBIG-KIT is a software implementation of the JBIG1 data compression standard. Description JBIG-KIT contains a stack-based buffer overflow in the jbgdecin function in libjbig/jbig.c. Impact A remote attacker could possibly cause a Denial of Service condition via a specially crafted imag...
WeeChat: Multiple vulnerabilities
Background Wee Enhanced Environment for Chat WeeChat is a light and extensible console IRC client. Description Two vulnerabilities have been discovered in WeeChat: The hookprocess function does not properly handle shell expansions CVE-2012-5534. WeeChat does not properly decode colors which could...
QtCore: Denial of service
Background The Qt toolkit is a comprehensive C++ application development framework. Description A vulnerability in QXmlSimpleReader’s XML entity parsing has been discovered. Impact A remote attacker could entice a user to open a specially crafted XML file using an application linked against QtCor...
Mednafen: Arbitrary code execution
Background Mednafen is an advanced NES, GB/GBC/GBA, TurboGrafx 16/CD, NGPC and Lynx emulator. Description An unspecified vulnerability has been discovered in Mednafen when using network play. Impact A remote server could execute arbitrary code with the privileges of the process. Workaround There ...
Setuptools: Man-in-the-Middle attack
Background Setuptools is a manager for Python packages. Description Setuptools does not check the integrity of downloaded Python packages. Impact A remote attacker could perform man-in-the-middle attacks to execute arbitrary code with the privileges of the process. Workaround There is no known...
isync: Man-in-the-Middle attack
Background isync is an IMAP and MailDir mailbox synchronizer. Description isync does not properly verify the server’s hostname against the CN field in the SSL certificate. Impact A remote server could perform man-in-the-middle attacks to disclose passwords or obtain other sensitive information...
Bash: Multiple vulnerabilities
Background Bash is the standard GNU Bourne Again SHell. Description Two vulnerabilities have been found in Bash: Bash example scripts do not handle temporary files securely CVE-2008-5374. Improper bounds checking in Bash could cause a stack-based buffer overflow CVE-2012-3410. Impact A remote...
Pidgin: Arbitrary code execution
Background Pidgin is a GTK Instant Messenger client for a variety of instant messaging protocols. libpurple is the core library for Pidgin. Description A stack-based buffer overflow vulnerability has been found in the MXit protocol plug-in for libpurple. Impact A remote attacker could possibly...
Gnash: Multiple vulnerabilities
Background Gnash is a GNU flash movie player that supports many SWF features. Description Multiple vulnerabilities have been found in Gnash: The "nsPluginInstance::setupCookies" function in plugin.cpp creates world-readable cookies with predictable file names CVE-2011-4328. The "GnashImage::size"...
TeX Live: Multiple vulnerabilities
Background TeX Live is a complete TeX distribution. Description Multiple vulnerabilities have been discovered in texlive-core. Please review the CVE identifiers referenced below for details. Impact These vulnerabilities might allow user-assisted remote attackers to execute arbitrary code via a...
OpenJPEG: User-assisted execution of arbitrary code
Background OpenJPEG is an open-source JPEG 2000 library. Description An error in jp2.c of OpenJPEG could allow an out-of-bounds write error. Impact A remote attacker could entice a user to open a specially crafted JPEG file, possibly resulting in execution of arbitrary code or a Denial of Service...
fence: Multiple symlink vulnerabilities
Background fence is an I/O group fencing system. Description The fenceapc, fenceapcsnmp CVE-2008-4579 and fencemanual CVE-2008-4580 programs contain symlink vulnerabilities. Impact These vulnerabilities may allow arbitrary files to be overwritten with root privileges. Workaround There is no known...
multipath-tools: World-writeable socket
Background multipath-tools are used to drive the Device Mapper multipathing driver. Description multipath-tools uses world-writable permissions for the socket file /var/run/multipathd.sock. Impact Local users could send arbitrary commands to the multipath daemon, causing cluster failures and data...
aria2: Multiple vulnerabilities
Background aria2 is a download utility with resuming and segmented downloading with HTTP/HTTPS/FTP/BitTorrent support. Description Tatsuhiro Tsujikawa reported a buffer overflow in DHTRoutingTableDeserializer.cc CVE-2009-3575 and a format string vulnerability in the AbstractCommand::onAbort...
cURL: Certificate validation error
Background cURL is a command line tool for transferring files with URL syntax, supporting numerous protocols. Description Scott Cantor reported that cURL does not properly handle fields in X.509 certificates that contain an ASCII NUL \0 character. Specifically, the processing of such fields is...
TkMan: Insecure temporary file usage
Background TkMan is a graphical, hypertext manual page and Texinfo browser for UNIX. Description Dmitry E. Oboukhov reported that TkMan does not handle the "/tmp/tkman" and "/tmp/ll" temporary files securely. Impact A local attacker could perform symlink attacks to overwrite arbitrary files with...
Perl Compress::Raw modules: Denial of service
Background Compress::Raw::Zlib and Compress::Raw::Bzip2 are Perl low-level interfaces to the zlib and bzip2 compression libraries. Description Leo Bergolth reported an off-by-one error in the inflate function in Zlib.xs of Compress::Raw::Zlib, possibly leading to a heap-based buffer overflow...
Ghostscript: User-assisted execution of arbitrary code
Background Ghostscript is an interpreter for the PostScript language and the Portable Document Format PDF. Description Jan Lieskovsky from the Red Hat Security Response Team discovered the following vulnerabilities in Ghostscript's ICC Library: Multiple integer overflows CVE-2009-0583. Multiple...
BlueZ: Arbitrary code execution
Background BlueZ is a set of Bluetooth tools and system daemons for Linux. Description It has been reported that the Bluetooth packet parser does not validate string length fields in SDP packets. Impact A physically proximate attacker using a Bluetooth device with an already established trust...
xterm: User-assisted arbitrary commands execution
Background xterm is a terminal emulator for the X Window system. Description Paul Szabo reported an insufficient input sanitization when processing Device Control Request Status String DECRQSS sequences. Impact A remote attacker could entice a user to display a file containing specially crafted...
Avahi: Denial of service
Background Avahi is a system that facilitates service discovery on a local network. Description Hugo Dias reported a failed assertion in the originatesfromlocallegacyunicastsocket function in avahi-core/server.c when processing mDNS packets with a source port of 0. Impact A remote attacker could...
Mgetty: Insecure temporary file usage
Background Mgetty is a set of fax and voice modem programs. Description Dmitry E. Oboukhov reported that the "spooldir" directory in fax/faxspool.in is created in an insecure manner. Impact A local attacker could exploit this vulnerability to overwrite arbitrary files with the privileges of the...
Postfix: Denial of service
Background Postfix is Wietse Venema's mailer that attempts to be fast, easy to administer, and secure, as an alternative to the widely-used Sendmail program. Description It has been discovered than Postfix leaks an epoll file descriptor when executing external commands, e.g. user-controlled...
Amarok: Insecure temporary file creation
Background Amarok is an advanced music player. Description Dwayne Litzenberger reported that the MagnatuneBrowser::listDownloadComplete function in magnatunebrowser/magnatunebrowser.cpp uses the albuminfo.xml temporary file in an insecure manner. Impact A local attacker could perform a symlink...
yelp: User-assisted execution of arbitrary code
Background yelp is the default help browser for GNOME. Description Aaron Grattafiori reported a format string vulnerability in the windowerror function in yelp-window.c. Impact A remote attacker can entice a user to open specially crafted "man:" or "ghelp:" URIs in yelp, or an application using...
MoinMoin: Privilege escalation
Background MoinMoin is an advanced and extensible Wiki Engine. Description It has been reported that the user form processing in the file userform.py does not properly manage users when using Access Control Lists or a non-empty superusers list. Impact A remote attacker could exploit this...
CUPS: Integer overflow vulnerability
Background CUPS provides a portable printing layer for UNIX-based operating systems. Description Thomas Pollet reported a possible integer overflow vulnerability in the PNG image handling in the file filter/image-png.c. Impact A malicious user might be able to execute arbitrary code with the...
OpenLDAP: Denial of Service vulnerabilities
Background OpenLDAP Software is an open source implementation of the Lightweight Directory Access Protocol. Description The following errors have been discovered in OpenLDAP: Tony Blake discovered an error which exists within the normalisation of "objectClasses" CVE-2007-5707. Thomas Sesselmann...
E2fsprogs: Multiple buffer overflows
Background E2fsprogs provides utilities for use with the ext2 and ext3 file systems including the libext2fs library that allows user-level programs to manipulate an ext2 or ext3 file system. Description Rafal Wojtczuk McAfee AVERT Research discovered multiple integer overflows in libext2fs, that...
Perl: Buffer overflow
Background Perl is a stable, cross-platform programming language created by Larry Wall. Description Tavis Ormandy and Will Drewry Google Security Team discovered a heap-based buffer overflow in the Regular Expression engine regcomp.c that occurs when switching from byte to Unicode UTF-8 character...
TRAMP: Insecure temporary file creation
Background TRAMP is a remote file editing package for GNU Emacs, a highly extensible and customizable text editor. Description Stefan Monnier discovered that the tramp-make-tramp-temp-file function creates temporary files in an insecure manner. Impact A local attacker could create symbolic links ...
DenyHosts: Denial of service
Background DenyHosts is designed to monitor SSH servers for repeated failed login attempts. Description Daniel B. Cid discovered that DenyHosts used an incomplete regular expression to parse failed login attempts, a different issue than GLSA 200701-01. Impact A remote unauthenticated attacker can...
T1Lib: Buffer overflow
Background T1Lib is a library for rasterizing bitmaps from Adobe Type 1 fonts. Description Hamid Ebadi discovered a boundary error in the intT1EnvGetCompletePath function which can lead to a buffer overflow when processing an overly long filename. Impact A remote attacker could entice a user to...
Courier-IMAP: Remote execution of arbitrary code
Background Courier-IMAP is an IMAP server which is part of the Courier mail system. It provides access only to maildirs. Description CJ Kucera has discovered that some Courier-IMAP scripts don't properly handle the XMAILDIR variable, allowing for shell command injection. Impact A remote attacker...
zziplib: Buffer Overflow
Background The zziplib library is a lightweight library for extracting data from files archived in a single zip file. Description dmcox dmcox discovered a boundary error in the zzipopensharedio function from zzip/file.c . Impact A remote attacker could entice a user to run a zziplib function with...
RAR, UnRAR: Buffer overflow
Background RAR and UnRAR provide command line interfaces for compressing and decompressing RAR files. Description RAR and UnRAR contain a boundary error when processing password-protected archives that could result in a stack-based buffer overflow. Impact A remote attacker could entice a user to...
VLC media player: Format string vulnerability
Background VLC media player is a multimedia player for various audio and video formats. Description Kevin Finisterre has discovered that when handling media locations, various functions throughout VLC media player make improper use of format strings. Impact An attacker could entice a user to open...
libgtop: Privilege escalation
Background libgtop facilitates the libgtopdaemon, which is used by GNOME to obtain information about remote systems. Description Liu Qishuai discovered that glibtopgetprocmaps in sysdeps/linux/procmap.c does not properly allocate memory for storing a filename, allowing certain filenames to cause...