3816 matches found
Mantis: Cross-Site Scripting
Background Mantis is a web-based bug tracking system. Description seiji reported that the filename for the uploaded file in bugreport.php is not properly sanitised before being stored. Impact A remote attacker could upload a file with a specially crafted to a bug report, resulting in the executio...
libcdio: User-assisted execution of arbitrary code
Background libcdio is a library for accessing CD-ROM and CD images. Description Devon Miller reported a boundary error in the "printiso9660recurse" function in files cd-info.c and iso-info.c when processing long filenames within Joliet images. Impact A remote attacker could entice a user to open ...
GNU Emacs: Multiple vulnerabilities
Background GNU Emacs is a highly extensible and customizable text editor. Description Drake Wilson reported that the hack-local-variables function in GNU Emacs 22 does not properly match assignments of local variables in a file against a list of unsafe or risky variables, allowing to override the...
Balsa: Buffer overflow
Background Balsa is a highly configurable email client for GNOME. Description Evil Ninja Squirrel discovered a stack-based buffer overflow in the irfetchseq function when receiving a long response to a FETCH command CVE-2007-5007. Impact A remote attacker could entice a user to connect to a...
QGit: Insecure temporary file creation
Background QGit is a graphical interface to git repositories that allows you to browse revisions history, view patch content and changed files. Description Raphael Marichez discovered that the DataLoader::doStart method creates temporary files in an insecure manner and executes them. Impact A loc...
Wireshark: Multiple vulnerabilities
Background Wireshark is a network protocol analyzer with a graphical front-end. Description Wireshark doesn't properly handle chunked encoding in HTTP responses CVE-2007-3389, iSeries capture files CVE-2007-3390, certain types of DCP ETSI packets CVE-2007-3391, and SSL or MMS packets CVE-2007-339...
Evolution: User-assisted remote execution of arbitrary code
Background Evolution is the mail client of the GNOME desktop environment. Camel is the Evolution Data Server module that handles mail functions. Description The imaprescan function of the file camel-imap-folder.c does not properly sanitize the "SEQUENCE" response sent by an IMAP server before bei...
XScreenSaver: Privilege escalation
Background XScreenSaver is a widely used screen saver collection shipped on systems running the X11 Window System. Description XScreenSaver incorrectly handles the results of the getpwuid function in drivers/lock.c when using directory servers during a network outage. Impact A local user can cras...
GIMP: Buffer overflow
Background GIMP is the GNU Image Manipulation Program. Description Marsu discovered that the "setcolortable" function in the SUNRAS plugin is vulnerable to a stack-based buffer overflow. Impact An attacker could entice a user to open a specially crafted .RAS file, possibly leading to the executio...
Vixie Cron: Denial of service
Background Vixie Cron is a command scheduler with extended syntax over cron. Description During an internal audit, Raphael Marichez of the Gentoo Linux Security Team found that Vixie Cron has weak permissions set on Gentoo, allowing for a local user to create hard links to system and users cron...
mgv: Stack overflow in included gv code
Background mgv is a Postscript viewer with a Motif interface, based on Ghostview and GNU gv. Description mgv includes code from gv that does not properly boundary check user-supplied data before copying it into process buffers. Impact An attacker could entice a user to open a specially crafted...
ELinks: Arbitrary Samba command execution
Background ELinks is a text mode web browser. Description Teemu Salmela discovered an error in the validation code of "smb://" URLs used by ELinks, the same issue as reported in GLSA 200612-16 concerning Links. Impact A remote attacker could entice a user to browse to a specially crafted "smb://"...
xine-ui: Format string vulnerabilities
Background xine-ui is a skin-based user interface for xine. xine is a free multimedia player. It plays CDs, DVDs, and VCDs, and can also decode other common multimedia formats. Description Due to the improper handling and use of format strings, the errorscreatewindow function in errors.c does not...
w3m: Format string vulnerability
Background w3m is a multi-platform text-based web browser. Description w3m in -dump or -backend mode does not correctly handle printf format string specifiers in the Common Name CN field of an X.509 SSL certificate. Impact An attacker could entice a user to visit a malicious website that would lo...
ProFTPD: Remote execution of arbitrary code
Background ProFTPD is a highly-configurable FTP server. Description Evgeny Legerov discovered a stack-based buffer overflow in the sreplace function in support.c, as well as a buffer overflow in in the modtls module. Additionally, an off-by-two error related to the CommandBufferSize configuration...
Mono: Insecure temporary file creation
Background Mono provides the necessary software to develop and run .NET client and server applications. Description Sebastian Krahmer of the SuSE Security Team discovered that the System.CodeDom.Compiler classes of Mono create temporary files with insecure permissions. Impact A local attacker cou...
Texinfo: Buffer overflow
Background Texinfo is the official documentation system of the GNU project. Description Miloslav Trmac from Red Hat discovered a buffer overflow in the "readline" function of texindex.c. The "readline" function is called by the texi2dvi and texindex commands. Impact By enticing a user to open a...
Cscope: Multiple buffer overflows
Background Cscope is a developer's tool for browsing source code. Description Unchecked use of strcpy and scanf leads to several buffer overflows. Impact A user could be enticed to open a carefully crafted file which would allow the attacker to execute arbitrary code with the permissions of the...
GTetrinet: Remote code execution
Background GTetrinet is a networked Tetris clone for GNOME 2. Description Michael Gehring has found that GTetrinet fails to properly handle array indexes. Impact An attacker can potentially execute arbitrary code by sending a negative number of players to the server. Workaround There is no known...
AlsaPlayer: Multiple buffer overflows
Background AlsaPlayer is a heavily multithreaded PCM player that tries to utilize ALSA utilities and drivers. As of June 2004, the project is inactive. Description AlsaPlayer contains three buffer overflows: in the function that handles the HTTP connections, the GTK interface, and the CDDB queryi...
pike: SQL injection vulnerability
Background Pike is a general purpose programming language, able to be used for multiple tasks. Description Some input is not properly sanitised before being used in a SQL statement in the underlying PostgreSQL database. Impact A remote attacker could provide malicious input to a pike program, whi...
Wireshark: Multiple vulnerabilities
Background Wireshark, formerly known as Ethereal, is a popular network protocol analyzer. Description Wireshark dissectors have been found vulnerable to a large number of exploits, including off-by-one errors, buffer overflows, format string overflows and an infinite loop. Impact Running an...
EnergyMech: Denial of service
Background EnergyMech is an IRC bot programmed in C. Description A bug in EnergyMech fails to handle empty CTCP NOTICEs correctly, and will cause a crash from a segmentation fault. Impact By sending an empty CTCP NOTICE, a remote attacker could exploit this vulnerability to cause a Denial of...
zoo: Stack-based buffer overflow
Background zoo is a file archiving utility for maintaining collections of files, written by Rahul Dhesi. Description Jean-Sebastien Guay-Leroux discovered a boundary error in the fullpath function in misc.c when processing overly long file and directory names in ZOO archives. Impact An attacker...
rssh: Privilege escalation
Background rssh is a restricted shell, allowing only a few commands like scp or sftp. It is often used as a complement to OpenSSH to provide limited access to users. Description Max Vozeler discovered that the rsshchroothelper command allows local users to chroot into arbitrary directories. Impac...
Zope: File inclusion through RestructuredText
Background Zope is an application server that can be used to build content management systems, intranets, portals or other custom applications. Description Zope honors file inclusion directives in RestructuredText objects by default. Impact An attacker could exploit the vulnerability by sending...
Uim: Privilege escalation vulnerability
Background Uim is a multilingual input method library which provides secure and useful input method for all languages. Description Masanari Yamamoto discovered that Uim uses environment variables incorrectly. This bug causes a privilege escalation if setuid/setgid applications are linked to libui...
zlib: Buffer overflow
Background zlib is a widely used free and patent unencumbered data compression library. Description zlib improperly handles invalid data streams which could lead to a buffer overflow. Impact By creating a specially crafted compressed data stream, attackers can overwrite data structures for...
openMosixview: Insecure temporary file creation
Background The openMosixview package contains several tools used to manage openMosix clusters, including openMosixview the main monitoring and administration application and openMosixcollector a daemon collecting cluster and node information. Description Gangstuck and Psirac from Rexotec discover...
MPlayer: Two heap overflow vulnerabilities
Background MPlayer is a media player capable of handling multiple multimedia file formats. Description Heap overflows have been found in the code handling RealMedia RTSP and Microsoft Media Services streams over TCP MMST. Impact By setting up a malicious server and enticing a user to use its...
CVS: Multiple vulnerabilities
Background CVS Concurrent Versions System is an open-source network-transparent version control system. It contains both a client utility and a server. Description Alen Zukich has discovered several serious security issues in CVS, including at least one buffer overflow CAN-2005-0753, memory leaks...
libexif: Buffer overflow vulnerability
Background libexif is a library for parsing, editing and saving EXIF data. Description libexif contains a buffer overflow vulnerability in the EXIF tag validation code. When opening an image with a specially crafted EXIF tag, the lack of validation can cause applications linked to libexif to cras...
LinPopUp: Buffer overflow in message reply
Background LinPopUp is a graphical application that acts as a frontend to Samba client messaging functions, allowing a Linux desktop to communicate with a Microsoft Windows computer that runs Winpopup. Description Stephen Dranger discovered that LinPopUp contains a buffer overflow in string.c,...
Samba: Integer overflow
Background Samba is a freely available SMB/CIFS implementation which allows seamless interoperability of file and print services to other SMB/CIFS clients. Description Samba contains a bug when unmarshalling specific MS-RPC requests from clients. Impact A remote attacker may be able to execute...
ProZilla: Multiple vulnerabilities
Background ProZilla is a download accelerator for Linux. Description ProZilla contains several exploitable buffer overflows in the code handling the network protocols. Impact A remote attacker could setup a malicious server and entice a user to retrieve files from that server using ProZilla. This...
Apache 2.0: Denial of Service by memory consumption
Background The Apache HTTP Server is one of the most popular web servers on the Internet. Description Chintan Trivedi discovered a vulnerability in Apache httpd 2.0 that is caused by improper enforcing of the field length limit in the header-parsing code. Impact By sending a large amount of...
MIME-tools: Virus detection evasion
Background MIME-tools is a Perl module containing functions to handle MIME attachments. Description MIME-tools doesn't correctly parse attachment boundaries with an empty name boundary="". Impact An attacker could send a carefully crafted email and evade detection on some email virus-scanning...
PuTTY: Pre-authentication buffer overflow
Background PuTTY is a free implementation of Telnet and SSH for Win32 and Unix platforms, along with an xterm terminal emulator. Description PuTTY fails to do proper bounds checking on SSH2MSGDEBUG packets. The "stringlen" parameter value is incorrectly checked due to signedness issues. Note that...
Apache: Exposure of protected directories
Background The Apache HTTP server is one of most popular web servers on the Internet. Description A bug in the way Apache handles the Satisfy directive, which is used to require that certain conditions client host, client authentication, etc be met before access to a certain directory is granted,...
getmail: Filesystem overwrite vulnerability
Background getmail is a reliable fetchmail replacement that supports Maildir, Mboxrd and external MDA delivery. Description David Watson discovered a vulnerability in getmail when it is configured to run as root and deliver mail to the maildirs/mbox files of untrusted local users. A malicious loc...
star: Suid root vulnerability
Background star is an enhanced tape archiver, much like tar, that is recognized for it's speed as well as it's enhanced mt/rmt support. Description A suid root vulnerability exists in versions of star that are configured to use ssh for remote tape access. Impact Attackers with local user level...
rsync: Potential information leakage
Background rsync is a utility that provides fast incremental file transfers. It is used to efficiently synchronize files between hosts and is used by emerge to fetch Gentoo's Portage tree. rsyncd is the rsync daemon, which listens to connections from rsync clients. Description The paths sent by t...
Nessus: "adduser" race condition vulnerability
Background Nessus is a free and powerful network security scanner. Description A race condition can occur in "nessus-adduser" if the user has not configured their TMPDIR variable. Impact A malicious user could exploit this bug to escalate privileges to the rights of the user running...
Midnight Commander: Multiple vulnerabilities
Background Midnight Commander is a visual console file manager. Description Numerous security issues have been discovered in Midnight Commander, including several buffer overflow vulnerabilities, multiple vulnerabilities in the handling of temporary file and directory creation, and multiple forma...
Insecure Temporary File Creation In MySQL
Background MySQL is a popular open-source multi-threaded, multi-user SQL database server. Description The MySQL bug reporting utility mysqlbug creates a temporary file to log bug reports to. A malicious local user with write access to the /tmp directory could create a symbolic link of the name...
Spidermonkey: Multiple Vulnerabilities
Background SpiderMonkey is Mozilla’s JavaScript and WebAssembly Engine, used in Firefox, Servo and various other projects. It is written in C++, Rust and JavaScript. You can embed it into C++ and Rust projects, and it can be run as a stand-alone shell. Description Multiple vulnerabilities have be...
yt-dlp: Multiple Vulnerabilities
Background yt-dlp is a youtube-dl fork with additional features and fixes. Description Multiple vulnerabilities have been found in yt-dlp. Please review the referenced CVE identifiers for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
GNU Coreutils: Buffer Overflow Vulnerability
Background The GNU Core Utilities are the basic file, shell and text manipulation utilities of the GNU operating system. Description A vulnerability has been discovered in the Coreutils "split" program that can lead to a heap buffer overflow and possibly arbitrary code execution. Impact Please...
PoDoFo: Multiple Vulnerabilities
Background PoDoFo is a free portable C++ library to work with the PDF file format. Description Please review the referenced CVE identifiers for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time. Resolution All PoDoFo use...
SDDM: Privilege Escalation
Background SDDM is a modern display manager for X11 and Wayland sessions aiming to be fast, simple and beautiful. It uses modern technologies like QtQuick, which in turn gives the designer the ability to create smooth, animated user interfaces. Description A vulnerability has been discovered in...