3816 matches found
Texinfo: Buffer overflow
Background Texinfo is the official documentation system of the GNU project. Description Miloslav Trmac from Red Hat discovered a buffer overflow in the "readline" function of texindex.c. The "readline" function is called by the texi2dvi and texindex commands. Impact By enticing a user to open a...
Cscope: Multiple buffer overflows
Background Cscope is a developer's tool for browsing source code. Description Unchecked use of strcpy and scanf leads to several buffer overflows. Impact A user could be enticed to open a carefully crafted file which would allow the attacker to execute arbitrary code with the permissions of the...
GTetrinet: Remote code execution
Background GTetrinet is a networked Tetris clone for GNOME 2. Description Michael Gehring has found that GTetrinet fails to properly handle array indexes. Impact An attacker can potentially execute arbitrary code by sending a negative number of players to the server. Workaround There is no known...
AlsaPlayer: Multiple buffer overflows
Background AlsaPlayer is a heavily multithreaded PCM player that tries to utilize ALSA utilities and drivers. As of June 2004, the project is inactive. Description AlsaPlayer contains three buffer overflows: in the function that handles the HTTP connections, the GTK interface, and the CDDB queryi...
pike: SQL injection vulnerability
Background Pike is a general purpose programming language, able to be used for multiple tasks. Description Some input is not properly sanitised before being used in a SQL statement in the underlying PostgreSQL database. Impact A remote attacker could provide malicious input to a pike program, whi...
EnergyMech: Denial of service
Background EnergyMech is an IRC bot programmed in C. Description A bug in EnergyMech fails to handle empty CTCP NOTICEs correctly, and will cause a crash from a segmentation fault. Impact By sending an empty CTCP NOTICE, a remote attacker could exploit this vulnerability to cause a Denial of...
libextractor: Two heap-based buffer overflows
Background libextractor is a library used to extract metadata from arbitrary files. Description Luigi Auriemma has found two heap-based buffer overflows in libextractor 0.5.13 and earlier: one of them occurs in the asfreadheader function in the ASF plugin, and the other occurs in the parsetrakato...
zoo: Stack-based buffer overflow
Background zoo is a file archiving utility for maintaining collections of files, written by Rahul Dhesi. Description Jean-Sebastien Guay-Leroux discovered a boundary error in the fullpath function in misc.c when processing overly long file and directory names in ZOO archives. Impact An attacker...
rssh: Privilege escalation
Background rssh is a restricted shell, allowing only a few commands like scp or sftp. It is often used as a complement to OpenSSH to provide limited access to users. Description Max Vozeler discovered that the rsshchroothelper command allows local users to chroot into arbitrary directories. Impac...
GTK+ 2, GdkPixbuf: Multiple XPM decoding vulnerabilities
Background GTK+ the GIMP Toolkit is a toolkit for creating graphical user interfaces. The GdkPixbuf library provides facilities for image handling. It is available as a standalone library and also packaged with GTK+ 2. Description iDEFENSE reported a possible heap overflow in the XPM loader...
Zope: File inclusion through RestructuredText
Background Zope is an application server that can be used to build content management systems, intranets, portals or other custom applications. Description Zope honors file inclusion directives in RestructuredText objects by default. Impact An attacker could exploit the vulnerability by sending...
xine-lib: Format string vulnerability
Background xine-lib is a multimedia library which can be utilized to create multimedia frontends. It includes functions to retrieve information about audio CD contents from public CDDB servers. Description Ulf Harnhammar discovered a format string bug in the routines handling CDDB server response...
Uim: Privilege escalation vulnerability
Background Uim is a multilingual input method library which provides secure and useful input method for all languages. Description Masanari Yamamoto discovered that Uim uses environment variables incorrectly. This bug causes a privilege escalation if setuid/setgid applications are linked to libui...
zlib: Buffer overflow
Background zlib is a widely used free and patent unencumbered data compression library. Description zlib improperly handles invalid data streams which could lead to a buffer overflow. Impact By creating a specially crafted compressed data stream, attackers can overwrite data structures for...
Binutils, elfutils: Buffer overflow
Background The GNU Binutils are a collection of tools to create, modify and analyse binary files. Many of the files use BFD, the Binary File Descriptor library, to do low-level manipulation. Elfutils provides a library and utilities to access, modify and analyse ELF objects. Description Tavis...
openMosixview: Insecure temporary file creation
Background The openMosixview package contains several tools used to manage openMosix clusters, including openMosixview the main monitoring and administration application and openMosixcollector a daemon collecting cluster and node information. Description Gangstuck and Psirac from Rexotec discover...
MPlayer: Two heap overflow vulnerabilities
Background MPlayer is a media player capable of handling multiple multimedia file formats. Description Heap overflows have been found in the code handling RealMedia RTSP and Microsoft Media Services streams over TCP MMST. Impact By setting up a malicious server and enticing a user to use its...
CVS: Multiple vulnerabilities
Background CVS Concurrent Versions System is an open-source network-transparent version control system. It contains both a client utility and a server. Description Alen Zukich has discovered several serious security issues in CVS, including at least one buffer overflow CAN-2005-0753, memory leaks...
libexif: Buffer overflow vulnerability
Background libexif is a library for parsing, editing and saving EXIF data. Description libexif contains a buffer overflow vulnerability in the EXIF tag validation code. When opening an image with a specially crafted EXIF tag, the lack of validation can cause applications linked to libexif to cras...
LinPopUp: Buffer overflow in message reply
Background LinPopUp is a graphical application that acts as a frontend to Samba client messaging functions, allowing a Linux desktop to communicate with a Microsoft Windows computer that runs Winpopup. Description Stephen Dranger discovered that LinPopUp contains a buffer overflow in string.c,...
Samba: Integer overflow
Background Samba is a freely available SMB/CIFS implementation which allows seamless interoperability of file and print services to other SMB/CIFS clients. Description Samba contains a bug when unmarshalling specific MS-RPC requests from clients. Impact A remote attacker may be able to execute...
ProZilla: Multiple vulnerabilities
Background ProZilla is a download accelerator for Linux. Description ProZilla contains several exploitable buffer overflows in the code handling the network protocols. Impact A remote attacker could setup a malicious server and entice a user to retrieve files from that server using ProZilla. This...
Apache 2.0: Denial of Service by memory consumption
Background The Apache HTTP Server is one of the most popular web servers on the Internet. Description Chintan Trivedi discovered a vulnerability in Apache httpd 2.0 that is caused by improper enforcing of the field length limit in the header-parsing code. Impact By sending a large amount of...
MIME-tools: Virus detection evasion
Background MIME-tools is a Perl module containing functions to handle MIME attachments. Description MIME-tools doesn't correctly parse attachment boundaries with an empty name boundary="". Impact An attacker could send a carefully crafted email and evade detection on some email virus-scanning...
Archive::Zip: Virus detection evasion
Background Archive::Zip is a Perl module containing functions to handle ZIP archives. Description Archive::Zip can be used by email scanning software like amavisd-new to uncompress attachments before virus scanning. By modifying the uncompressed size of archived files in the global header of the...
PuTTY: Pre-authentication buffer overflow
Background PuTTY is a free implementation of Telnet and SSH for Win32 and Unix platforms, along with an xterm terminal emulator. Description PuTTY fails to do proper bounds checking on SSH2MSGDEBUG packets. The "stringlen" parameter value is incorrectly checked due to signedness issues. Note that...
sharutils: Buffer overflows in shar.c and unshar.c
Background sharutils contains utilities to manage shell archives. Description sharutils contains two buffer overflows. Ulf Harnhammar discovered a buffer overflow in shar.c, where the length of data returned by the wc command is not checked. Florian Schilhabel discovered another buffer overflow i...
Apache: Exposure of protected directories
Background The Apache HTTP server is one of most popular web servers on the Internet. Description A bug in the way Apache handles the Satisfy directive, which is used to require that certain conditions client host, client authentication, etc be met before access to a certain directory is granted,...
getmail: Filesystem overwrite vulnerability
Background getmail is a reliable fetchmail replacement that supports Maildir, Mboxrd and external MDA delivery. Description David Watson discovered a vulnerability in getmail when it is configured to run as root and deliver mail to the maildirs/mbox files of untrusted local users. A malicious loc...
star: Suid root vulnerability
Background star is an enhanced tape archiver, much like tar, that is recognized for it's speed as well as it's enhanced mt/rmt support. Description A suid root vulnerability exists in versions of star that are configured to use ssh for remote tape access. Impact Attackers with local user level...
rsync: Potential information leakage
Background rsync is a utility that provides fast incremental file transfers. It is used to efficiently synchronize files between hosts and is used by emerge to fetch Gentoo's Portage tree. rsyncd is the rsync daemon, which listens to connections from rsync clients. Description The paths sent by t...
Nessus: "adduser" race condition vulnerability
Background Nessus is a free and powerful network security scanner. Description A race condition can occur in "nessus-adduser" if the user has not configured their TMPDIR variable. Impact A malicious user could exploit this bug to escalate privileges to the rights of the user running...
Midnight Commander: Multiple vulnerabilities
Background Midnight Commander is a visual console file manager. Description Numerous security issues have been discovered in Midnight Commander, including several buffer overflow vulnerabilities, multiple vulnerabilities in the handling of temporary file and directory creation, and multiple forma...
Insecure Temporary File Creation In MySQL
Background MySQL is a popular open-source multi-threaded, multi-user SQL database server. Description The MySQL bug reporting utility mysqlbug creates a temporary file to log bug reports to. A malicious local user with write access to the /tmp directory could create a symbolic link of the name...
Spidermonkey: Multiple Vulnerabilities
Background SpiderMonkey is Mozilla’s JavaScript and WebAssembly Engine, used in Firefox, Servo and various other projects. It is written in C++, Rust and JavaScript. You can embed it into C++ and Rust projects, and it can be run as a stand-alone shell. Description Multiple vulnerabilities have be...
yt-dlp: Multiple Vulnerabilities
Background yt-dlp is a youtube-dl fork with additional features and fixes. Description Multiple vulnerabilities have been found in yt-dlp. Please review the referenced CVE identifiers for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
Redis: Multiple Vulnerabilities
Background Redis is an open source BSD licensed, in-memory data structure store, used as a database, cache and message broker. Description Multiple vulnerabilities have been discovered in Redis. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CV...
Go: Multiple Vulnerabilities
Background Go is an open source programming language that makes it easy to build simple, reliable, and efficient software. Description Multiple vulnerabilities have been discovered in Go. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...
containerd: Multiple Vulnerabilities
Background containerd is a daemon with an API and a command line client, to manage containers on one machine. It uses runC to run containers according to the OCI specification. Description Multiple vulnerabilities have been discovered in containerd. Please review the CVE identifiers referenced...
GNU Coreutils: Buffer Overflow Vulnerability
Background The GNU Core Utilities are the basic file, shell and text manipulation utilities of the GNU operating system. Description A vulnerability has been discovered in the Coreutils "split" program that can lead to a heap buffer overflow and possibly arbitrary code execution. Impact Please...
PuTTY: Multiple Vulnerabilities
Background PuTTY is a free implementation of Telnet and SSH for Windows and Unix platforms, along with an xterm terminal emulator. Description Multiple vulnerabilities have been discovered in PuTTY. Please review the CVE identifiers referenced below for details. Impact Please review the reference...
PoDoFo: Multiple Vulnerabilities
Background PoDoFo is a free portable C++ library to work with the PDF file format. Description Please review the referenced CVE identifiers for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time. Resolution All PoDoFo use...
SDDM: Privilege Escalation
Background SDDM is a modern display manager for X11 and Wayland sessions aiming to be fast, simple and beautiful. It uses modern technologies like QtQuick, which in turn gives the designer the ability to create smooth, animated user interfaces. Description A vulnerability has been discovered in...
GNAT Ada Suite: Remote Code Execution
Background The GNAT Ada Suite is an Ada development environment. Description A vulnerability has been discovered in GNAT Ada Suite. Please review the CVE identifier referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workarou...
R: Directory Traversal
Background R is a language and environment for statistical computing and graphics. Description The native R package installation mechanisms do not sufficiently validate installed source packages for path traversal. Impact Installation of a malicious R package could result in an arbitrary file...
Mozilla Thunderbird: Multiple Vulnerabilities
Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...
dbus-broker: Multiple Vulnerabilities
Background dbus-broker is a Linux D-Bus message broker. Description Multiple vulnerabilities have been discovered in dbus-broker. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaroun...
Kitty: Arbitrary Code Execution
Background Kitty is a fast, feature-rich, GPU-based terminal. Description Carter Sande discovered that maliciously constructed control sequences can cause Kitty to display a notification that, when clicked, can cause Kitty to execute arbitrary commands. Impact Kitty can produce notifications that...
HarfBuzz: Multiple vulnerabilities
Background HarfBuzz is an OpenType text shaping engine. Description Multiple vulnerabilities have been discovered in HarfBuzz. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround a...
Mechanize: Command injection
Background Mechanize is a Ruby library used for automating interaction with websites. Description Mechanize does not neutralize filename input and could allow arbitrary code execution if an attacker can control filenames used by Mechanize. Impact Please review the referenced CVE identifiers for...