3816 matches found
Motion: Denial of service
Background Motion is a program that monitors the video signal from one or more cameras and is able to detect motions. Description The Motion HTTP server does not correctly perform URL decoding. If the HTTP server receives a request for a URL containing an incomplete percent-encoded character, a...
Chromium, Google Chrome: Multiple vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...
Asterisk: Root privilege escalation
Background A Modular Open Source PBX System. Description It was discovered that Gentoo’s Asterisk ebuild does not properly set permissions on its data directories. This only affects OpenRC systems, as the flaw was exploitable via the init script. Impact A local attacker could escalate privileges...
SPICE VDAgent: Arbitrary command injection
Background Provides a complete open source solution for remote access to virtual machines in a seamless way so you can play videos, record audio, share USB devices and share folders without complications. Description SPICE VDAgent does not properly escape save directory before passing to shell...
Urban Terror: Multiple vulnerabilities
Background Urban Terror is a free multiplayer first person shooter developed by FrozenSand, that will run on any Quake III Arena compatible engine. Description Multiple vulnerabilities have been discovered in Urban Terror. Please review the CVE identifiers referenced below for details. Impact A...
e2fsprogs: Heap-based buffer overflow
Background e2fsprogs is a set of utilities for maintaining the ext2, ext3 and ext4 file systems. Description A heap-based buffer overflow was discovered in openfs.c in the libext2fs library in e2fsprogs. Impact A remote attacker could entice a user to use ext2fs library for example, fsck on a...
Mutt: Heap-based buffer overflow
Background Mutt is a small but very powerful text-based mail client. Description A heap-based buffer overflow was discovered in Mutt’s muttsubstrdup function. Impact A remote attacker could cause a Denial of Service condition. Workaround There is no known workaround at this time. Resolution All...
Varnish: Multiple vulnerabilities
Background Varnish is a web application accelerator. Description Varnish fails to properly validate input from HTTP headers, and does not deny requests with multiple Content-Length headers. Impact Remote attackers could conduct an HTTP response splitting attack, which may further enable them to...
rsync: Multiple vulnerabilities
Background File transfer program to keep remote files into sync. Description Multiple vulnerabilities have been discovered in rsync. Please review the CVE identifiers referenced below for details. Impact Remote attackers could write arbitrary files via symlink attacks. Workaround There is no know...
mpg123: User-assisted execution of arbitrary code
Background mpg123 is a realtime MPEG 1.0/2.0/2.5 audio player for layers 1, 2 and 3. Description An issue has been found in mpg123 when decoding specifically crafted MP3 file, that causes a heap-based buffer overflow. Impact A remote attacker could entice a user to open a specially crafted MPEG...
GnuPG: Denial of service
Background The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software. Description GnuPG does not properly handle a specially crated compressed packet resulting in an infinite loop. Impact A context-dependent attacker can cause a Denial of Service. Workaround...
DenyHosts: Denial of service
Background DenyHosts is a script intended to be run by Linux system administrators to help thwart SSH server attacks. Description DenyHosts does not properly define the regular expressions used when parsing SSH authentication logs. Impact A remote attacker could possibly cause a Denial of Service...
Mutt: Arbitrary code execution
Background Mutt is a small but powerful text-based mail client. Description A heap-based buffer overflow has been discovered in the muttcopyhdr function. Impact A remote attacker could send a specially crafted message, possibly resulting in execution of arbitrary code with the privileges of the...
Charybdis, ShadowIRCd: Denial of service
Background Charybdis is the Atheme Project’s IRC daemon based on ratbox. ShadowIRCd is an IRC daemon based on Charybdis that adds several useful features. Description A vulnerability has been discovered in Charybdis and ShadowIRCd. Please review the CVE identifier referenced below for details...
Chrony: Multiple vulnerabilities
Background Chrony is a pair of programs which are used to maintain the accuracy of the system clock on a computer. Description Multiple vulnerabilities have been discovered in Chrony. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly cause a...
pidgin-knotify: Arbitrary code execution
Background pidgin-knotify is a Pidgin plug-in to display message notifications in KDE. Description pidgin-knotify does not properly sanitize shell metacharacters from received messages. Impact A remote attacker could send a specially crafted instant message, possibly resulting in execution of...
libXfont: Multiple vulnerabilities
Background libXfont is an X11 font rasterisation library. Description Multiple vulnerabilities have been discovered in libXfont. Please review the CVE identifiers referenced below for details. Impact A local attacker could use a specially crafted file to gain privileges or cause a Denial of Servi...
International Components for Unicode: Denial of service
Background International Components for Unicode is a set of C/C++ and Java libraries providing Unicode and Globalization support for software applications. Description Multiple vulnerabilities have been discovered in International Components for Unicode. Please review the CVE identifiers referenc...
Banshee: Arbitrary code execution
Background Banshee is a multimedia management and playback application for GNOME. Description Banshee places a zero-length directory name in PATH, which allows libraries to be loaded from the working directory. Impact A local attacker could put specially crafted library into working directory of...
GNUstep Base library: Multiple vulnerabilities
Background GNUstep Base library is a free software package implementing the API of the OpenStep Foundation Kit tm, including later additions. Description Multiple vulnerabilities have been discovered in GNUstep Base library. Please review the CVE identifiers referenced below for details. Impact A...
Libgdiplus: Arbitrary code execution
Background Libgdiplus is the Mono library that provide a GDI+ comptible API on non-Windows operating systems. Description An integer overflow flaw has been discovered in Libgdiplus. Impact A remote attacker could entice a user to open a specially-crafted TIFF/JPEG/BMP file, potentially resulting ...
libvirt: Multiple vulnerabilities
Background libvirt is a C toolkit for manipulating virtual machines. Description An error in the virNetMessageFree function in rpc/virnetserverclient.c can lead to a use-after-free. Additionally, a socket leak in the remoteDispatchStoragePoolListAllVolumes command can lead to file descriptor...
Snack: User-assisted execution of arbitrary code
Background Snack is a sound toolkit for creating multi-platform audio applications with scripting languages. Description The GetWavHeader function in jkSoundFile.c does not have boundary checks when parsing format sub-chunks or unknown sub-chunks. Impact A remote attacker could entice a user to...
GIMP: Multiple vulnerabilities
Background GIMP is the GNU Image Manipulation Program. Description Multiple vulnerabilities have been discovered in GIMP. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a...
sudo: Privilege escalation
Background sudo allows a system administrator to give users the ability to run commands as other users. Access to commands may also be granted on a range to hosts. Description An error in sudo may allow unintended IPv4 hosts to be granted access to commands. Impact A local attacker could gain...
msmtp: X.509 NULL spoofing vulnerability
Background msmtp is an SMTP client and SMTP plugin for mail user agents such as Mutt. Description A vulnerability have been discovered in msmtp. Please review the CVE identifier referenced below for details. Impact A remote attacker might employ a specially crafted certificate to conduct...
TeX Live: Multiple vulnerabilities
Background TeX Live is a complete TeX distribution. Description Multiple vulnerabilities have been discovered in texlive-core. Please review the CVE identifiers referenced below for details. Impact These vulnerabilities might allow user-assisted remote attackers to execute arbitrary code via a...
libmikmod: User-assisted execution of arbitrary code
Background libmikmod is a library to play a wide range of module formats. Description Multiple boundary errors have been found in loadit.c in libmikmod, which may cause a buffer overflow. Impact A remote attacker could entice a user to open specially crafted files in an application linked against...
iSCSI Enterprise Target: Arbitrary code execution
Background iSCSI Enterprise Target is an open source iSCSI target with professional features. Description Multiple functions in usr/iscsi/isns.c of iSCSI Enterprise Target contain format string errors. Impact A remote attacker could send a specially-crafted Internet Storage Name Service iSNS...
radvd: Multiple vulnerabilities
Background radvd is an IPv6 router advertisement daemon for Linux and BSD. Description Multiple vulnerabilities have been discovered in radvd. Please review the CVE identifiers referenced below for details. Impact A remote unauthenticated attacker may be able to gain escalated privileges, escalat...
dstat: Untrusted search path
Background dstat is a versatile system resource monitor written in Python. Description Robert Buchholz of the Gentoo Security Team reported that dstat includes the current working directory and subdirectories in the Python module search path sys.path before calling "import". Impact A local attack...
libsndfile: User-assisted execution of arbitrary code
Background libsndfile is a C library for reading and writing files containing sampled sound. Description The following vulnerabilities have been found in libsndfile: Tobias Klein reported that the headerread function in src/common.c uses user input for calculating a buffer size, possibly leading ...
Scilab: Insecure temporary file usage
Background Scilab is a scientific software package for numerical computations. Description Dmitry E. Oboukhov reported an insecure temporary file usage within the scilink, scidoc and scidem scripts. Impact A local attacker could perform symlink attacks to overwrite arbitrary files with the...
ClamAV: Multiple vulnerabilities
Background Clam AntiVirus is a free anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Description Moritz Jodeit reported an off-by-one error within the getunicodename function in libclamav/vbaextract.c when processing VBA project files CVE-2008-5050. Ilja van...
Git: User-assisted execution of arbitrary code
Background Git is a distributed version control system. Description Multiple boundary errors in the functions diffaddremove and diffchange when processing overly long repository path names were reported. Impact A remote attacker could entice a user to run commands like "git-diff" or "git-grep" on...
Wireshark: Multiple Denials of Service
Background Wireshark is a network protocol analyzer with a graphical front-end. Description The following vulnerabilities were reported: Multiple buffer overflows in the NCP dissector CVE-2008-3146. Infinite loop in the NCP dissector CVE-2008-3932. Invalid read in the tvbuncompress function when...
Newsbeuter: User-assisted execution of arbitrary code
Background Newsbeuter is a RSS/Atom feed reader for the text console. Description J.H.M. Dassen reported that the open-in-browser command does not properly escape shell metacharacters in the URL before passing it to system. Impact A remote attacker could entice a user to open a feed with speciall...
R: Insecure temporary file creation
Background R is a GPL licensed implementation of S, a language and environment for statistical computing and graphics. Description Dmitry E. Oboukhov reported that the "javareconf" script uses temporary files in an insecure manner. Impact A local attacker could exploit this vulnerability to...
Courier Authentication Library: SQL injection vulnerability
Background The Courier Authentication Library is a generic authentication API that encapsulates the process of validating account passwords. Description It has been discovered that some input e.g. the username passed to the library are not properly sanitised before being used in SQL queries. Impa...
OpenLDAP: Denial of Service vulnerability
Background OpenLDAP Software is an open source implementation of the Lightweight Directory Access Protocol. Description Cameron Hotchkies discovered an error within the parsing of ASN.1 BER encoded packets in the "bergetnext" function in libraries/liblber/io.c. Impact A remote unauthenticated...
xine-lib: User-assisted execution of arbitrary code
Background xine-lib is the core library package for the xine media player, and other players such as Amarok, Codeine/Dragon Player and Kaffeine. Description Multiple vulnerabilities have been discovered in xine-lib: Alin Rad Pop of Secunia reported an array indexing vulnerability in the...
Pan: User-assisted execution of arbitrary code
Background Pan is a newsreader for the GNOME desktop. Description Pavel Polischouk reported a boundary error in the PartsBatch class when processing .nzb files. Impact A remote attacker could entice a user to open a specially crafted .nzb file, possibly resulting in the remote execution of...
Poppler: User-assisted execution of arbitrary code
Background Poppler is a cross-platform PDF rendering library originally based on Xpdf. Description Felipe Andres Manzano reported a memory management issue in the Page class constructor/destructor. Impact A remote attacker could entice a user to open a specially crafted PDF file with a...
Blender: Multiple vulnerabilities
Background Blender is a 3D creation, animation and publishing program. Description Stefan Cornelius Secunia Research reported a boundary error within the imbloadhdr function in in the file source/blender/imbuf/intern/radiancehdr.c when processing RGBE images CVE-2008-1102. Multiple vulnerabilitie...
Mantis: Cross-Site Scripting
Background Mantis is a web-based bug tracking system. Description seiji reported that the filename for the uploaded file in bugreport.php is not properly sanitised before being stored. Impact A remote attacker could upload a file with a specially crafted to a bug report, resulting in the executio...
libcdio: User-assisted execution of arbitrary code
Background libcdio is a library for accessing CD-ROM and CD images. Description Devon Miller reported a boundary error in the "printiso9660recurse" function in files cd-info.c and iso-info.c when processing long filenames within Joliet images. Impact A remote attacker could entice a user to open ...
GNU Emacs: Multiple vulnerabilities
Background GNU Emacs is a highly extensible and customizable text editor. Description Drake Wilson reported that the hack-local-variables function in GNU Emacs 22 does not properly match assignments of local variables in a file against a list of unsafe or risky variables, allowing to override the...
Balsa: Buffer overflow
Background Balsa is a highly configurable email client for GNOME. Description Evil Ninja Squirrel discovered a stack-based buffer overflow in the irfetchseq function when receiving a long response to a FETCH command CVE-2007-5007. Impact A remote attacker could entice a user to connect to a...
QGit: Insecure temporary file creation
Background QGit is a graphical interface to git repositories that allows you to browse revisions history, view patch content and changed files. Description Raphael Marichez discovered that the DataLoader::doStart method creates temporary files in an insecure manner and executes them. Impact A loc...
Wireshark: Multiple vulnerabilities
Background Wireshark is a network protocol analyzer with a graphical front-end. Description Wireshark doesn't properly handle chunked encoding in HTTP responses CVE-2007-3389, iSeries capture files CVE-2007-3390, certain types of DCP ETSI packets CVE-2007-3391, and SSL or MMS packets CVE-2007-339...