3816 matches found
NASM: Multiple Vulnerabilities
Background NASM is a 80x86 assembler that has been created for portability and modularity. NASM supports Pentium, P6, SSE MMX, and 3DNow extensions. It also supports a wide range of objects formats ELF, a.out, COFF, etc, and has its own disassembler. Description Multiple vulnerabilities have been...
systemd: Multiple Vulnerabilities
Background A system and service manager. Description Multiple vulnerabilities have been discovered in systemd. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...
lesspipe: Arbitrary Code Exeecution
Background lesspipe is a preprocessor for less. Description lesspipe has support for parsing Perl storable "PST" files, Impact A crafted Perl storable file which is passed into lesspipe could result in arbitrary code execution. Workaround There is no known workaround at this time. Resolution All...
HarfBuzz: Multiple vulnerabilities
Background HarfBuzz is an OpenType text shaping engine. Description Multiple vulnerabilities have been discovered in HarfBuzz. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround a...
Mozilla Thunderbird: Multiple Vulnerabilities
Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...
Cacti: Multiple vulnerabilities
Background Cacti is a complete frontend to rrdtool. Description Multiple vulnerabilities have been discovered in Cacti. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this...
BeanShell: Arbitrary code execution
Background BeanShell is a small, free, embeddable Java source interpreter with object scripting language features, written in Java. Description An application that includes BeanShell on the classpath may be vulnerable if another part of the application uses Java serialization or XStream to...
KDE Systemsettings: Privilege escalation
Background KDE workspace configuration module for setting the date and time has a helper program which runs as root for performing actions. Description KDE Systemsettings fails to properly validate user input before passing it as argument in context of higher privilege. Impact A local attacker...
t1utils: Arbitrary code execution
Background t1utils is a collection of simple Type 1 font manipulation programs. Description t1utils has a buffer overflow in the setcsstart function in t1disasm.c. Impact A remote attacker could cause a denial of service and possibly execute arbitrary code via a crafted font file. Workaround Ther...
Exiv2: Denial of service
Background Exiv2 is a C++ library and a command line utility to manage image metadata. Description Exiv2 has a buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp. Impact A remote attacker could possibly cause a Denial of Service condition via a specially crafted AVI file...
libevent: User-assisted execution of arbitrary code
Background libevent is a library to execute a function when a specific event occurs on a file descriptor. Description Multiple integer overflow errors in libevent could cause a heap-based buffer overflow. Impact A context-dependent attacker could cause an application linked against libevent to pa...
Aircrack-ng: User-assisted execution of arbitrary code
Background Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. Description Multiple vulnerabilities have been discovered in Aircrack-ng. Please review the CVE identifiers referenced below for details. Impact A local...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
DjVu: User-assisted execution of arbitrary code
Background DjVu is a web-centric format and software platform for distributing documents and images. Description A vulnerability has been discovered in DjVu. Please review the CVE identifier referenced below for details. Impact A remote attacker could entice a user to open a specially crafted DjV...
libexif, exif: Multiple vulnerabilities
Background libexif is a library for parsing, editing and saving Exif metadata from images. exif is a small command line interface for libexif. Description Multiple vulnerabilities have been discovered in libexif and exif. Please review the CVE identifiers referenced below for details. Impact A...
Openswan: User-assisted execution of arbitrary code
Background Openswan is an implementation of IPsec for Linux. Description A buffer overflow flaw has been discovered in Openswan when using Opportunistic Encryption. Impact A remote attacker could send a specially crafted DNS TXT record, possibly resulting in execution of arbitrary code with the...
Git: Privilege escalation
Background Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Description Git contains a stack-based buffer overflow in the isgitdirectory function in setup.c. Impact A local attacker could ga...
Libgdiplus: Arbitrary code execution
Background Libgdiplus is the Mono library that provide a GDI+ comptible API on non-Windows operating systems. Description An integer overflow flaw has been discovered in Libgdiplus. Impact A remote attacker could entice a user to open a specially-crafted TIFF/JPEG/BMP file, potentially resulting ...
cabextract: Multiple vulnerabilities
Background cabextract is free software for extracting Microsoft cabinet files. Description Multiple vulnerabilities have been discovered in cabextract. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially-crafted archive ...
SWI-Prolog : Multiple vulnerabilities
Background SWI-Prolog is a free, small, and standard compliant Prolog compiler. Description Multiple vulnerabilities have been discovered in SWI-Prolog: An error in the canoniseFileName function could cause a stack-based buffer overflow CVE-2012-6089. An error in the expand function could cause a...
Vixie cron: Denial of service
Background Paul Vixie’s cron daemon, a fully featured crond implementation. Description Vixie cron contains a race condition relating to atime and mtime values of temporary files. Impact A local attacker could change the modification time of files, possibly resulting in a Denial of Service...
TPTEST: Arbitrary code execution
Background TPTEST is a tool to measure the speed of a user’s Internet connection. Description The GetStatsFromLine function in TPTEST is vulnerable to buffer overflows from STATS lines with long email and pwd fields. Impact A remote attacker could send a specially-crafted STATS line, possibly...
libgdata: Man-in-the-Middle attack
Background libgdata is a GLib-based library for accessing online service APIs using the GData protocol. Description An error in the "gdataservicebuildsession" function of gdata-service.c prevents libgdata from properly validating certificates. Impact A remote attacker could perform...
Puppet: Multiple vulnerabilities
Background Puppet is a system configuration management tool written in Ruby. Description Multiple vulnerabilities have been found in Puppet: Puppet uses predictable file names for temporary files CVE-2012-1906. REST requests for a file in a remote filebucket are not handled properly by overriding...
socat: Arbitrary code execution
Background socat is a multipurpose bidirectional relay, similar to netcat. Description A vulnerability in the "xioscanreadline" function in xio-readline.c could cause a heap-based buffer overflow. Impact A remote attacker could possibly execute arbitrary code with the privileges of the socat...
Conky: Privilege escalation
Background Conky is an advanced, highly configurable system monitor for X. Description A privilege escalation vulnerability due to an insecure temporary file was found in Conky. Impact A local attacker could possibly overwrite arbitrary files with the privileges of the user running Conky...
LMBench: Insecure temporary file usage
Background LMBench is a suite of simple, portable benchmarks for UNIX platforms. Description Dmitry E. Oboukhov reported that the rccs and STUFF scripts do not handle "/tmp/sdiff." temporary files securely. NOTE: There might be further occurances of insecure temporary file usage. Impact A local...
libvorbis: User-assisted execution of arbitrary code
Background libvorbis is the reference implementation of the Xiph.org Ogg Vorbis audio file format. It is used by many applications for playback of Ogg Vorbis files. Description Lucas Adamski reported that libvorbis does not correctly process file headers, related to static mode headers and encodi...
GStreamer plug-ins: User-assisted execution of arbitrary code
Background The GStreamer plug-ins provide decoders to the GStreamer open source media framework. Description Multiple vulnerabilities have been reported in several GStreamer plug-ins: Tobias Klein reported two heap-based buffer overflows and an array index error in the qtdemuxparsesamples functio...
libwmf: User-assisted execution of arbitrary code
Background libwmf is a library for converting WMF files. Description The embedded fork of the GD library introduced a "use-after-free" vulnerability in a modification which is specific to libwmf. Impact A remote attacker could entice a user to open a specially crafted WMF file, possibly resulting...
IPSec Tools: Denial of service
Background The IPSec Tools are a port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation. They include racoon, an Internet Key Exchange daemon for automatically keying IPsec connections. Description The following vulnerabilities have been found in the racoon daemon as shipped with...
nfs-utils: Access restriction bypass
Background nfs-utils contains the client and daemon implementations for the NFS protocol. Description Michele Marcionelli reported that nfs-utils invokes the hostsctl function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups. Impact A remote attacker could bypass...
Valgrind: Untrusted search path
Background Valgrind is an open-source memory debugger. Description Tavis Ormandy reported that Valgrind loads a .valgrindrc file in the current working directory, executing commands specified there. Impact A local attacker could prepare a specially crafted .valgrindrc file and entice a user to ru...
Ampache: Insecure temporary file usage
Background Ampache is a PHP based tool for managing, updating and playing audio files via a web interface. Description Dmitry E. Oboukhov reported an insecure temporary file usage within the gather-messages.sh script. Impact A local attacker could perform symlink attacks to overwrite arbitrary...
GNU ed: User-assisted execution of arbitrary code
Background GNU ed is a basic line editor. red is a restricted version of ed that does not allow shell command execution. Description Alfredo Ortega from Core Security Technologies reported a heap-based buffer overflow in the stripescapes function when processing overly long filenames. Impact A...
PeerCast: Buffer overflow
Background PeerCast is a client and server for P2P-radio networks. Description Nico Golde reported a boundary error in the HTTP::getAuthUserPass function when processing overly long HTTP Basic authentication requests. Impact A remote attacker could send a specially crafted HTTP request to the...
Poppler: User-assisted execution of arbitrary code
Background Poppler is a cross-platform PDF rendering library originally based on Xpdf. Description Felipe Andres Manzano reported a memory management issue in the Page class constructor/destructor. Impact A remote attacker could entice a user to open a specially crafted PDF file with a...
GnuTLS: Execution of arbitrary code
Background GnuTLS is an implementation of Secure Sockets Layer SSL 3.0 and Transport Layer Security TLS 1.0, 1.1 and 1.2. Description Ossi Herrala and Jukka Taimisto of Codenomicon reported three vulnerabilities in libgnutls of GnuTLS: "Client Hello" messages containing an invalid server name can...
Mantis: Cross-Site Scripting
Background Mantis is a web-based bug tracking system. Description seiji reported that the filename for the uploaded file in bugreport.php is not properly sanitised before being stored. Impact A remote attacker could upload a file with a specially crafted to a bug report, resulting in the executio...
CherryPy: Directory traversal vulnerability
Background CherryPy is a Python-based, object-oriented web development framework. Description CherryPy does not sanitize the session id, provided as a cookie value, in the FileSession.getfilepath function before using it as part of the file name. Impact A remote attacker could exploit this...
OpenAFS: Denial of service
Background OpenAFS is a distributed network filesystem. Description Russ Allbery, Jeffrey Altman, Dan Hyde and Thomas Mueller discovered a race condition due to an improper handling of the clients callbacks lists. Impact A remote attacker could construct cases which trigger the race condition,...
Exiv2: Integer overflow
Background Exiv2 is a C++ library and set of tools for parsing, editing and saving Exif and IPTC metadata from images. Exif, the Exchangeable image file format, specifies the addition of metadata tags to JPEG, TIFF and RIFF files. Description Meder Kydyraliev Google Security discovered an integer...
Syslog-ng: Denial of service
Background Syslog-ng is a flexible and scalable system logger. Description Oriol Carreras reported a NULL pointer dereference in the logmsgparse function when processing timestamps without a terminating whitespace character. Impact A remote attacker could send a specially crafted event to a...
MadWifi: Denial of service
Background The MadWifi driver provides support for Atheros based IEEE 802.11 Wireless Lan cards. Description Clemens Kolbitsch and Sylvester Keil reported an error when processing beacon frames with an overly large "length" value in the "xrates" element. Impact A remote attacker could act as an...
Net::DNS: Multiple vulnerabilities
Background Net::DNS is a Perl implementation of a DNS resolver. Description hjp discovered an error when handling DNS query IDs which make them partially predictable. Steffen Ullrich discovered an error in the dnexpand function which could lead to an endless loop. Impact A remote attacker could...
NVClock: Insecure file usage
Background NVClock is an utility for changing NVidia graphic chipsets internal frequency. Description Tavis Ormandy of the Gentoo Linux Security Team discovered that NVClock makes usage of an insecure temporary file in the /tmp directory. Impact A local attacker could create a specially crafted...
SpamAssassin: Long URI Denial of service
Background SpamAssassin is an extensible email filter used to identify junk email. Description SpamAssassin does not correctly handle very long URIs when scanning emails. Impact An attacker could cause SpamAssassin to consume large amounts of CPU and memory resources by sending one or more emails...
McAfee VirusScan: Insecure DT_RPATH
Background McAfee VirusScan for Linux is a commercial antivirus solution for Linux. Description Jakub Moc of Gentoo Linux discovered that McAfee VirusScan was distributed with an insecure DTRPATH which included the current working directory, rather than $ORIGIN which was probably intended. Impact...
TIN: Multiple buffer overflows
Background TIN is a threaded NNTP and spool based UseNet newsreader for a variety of platforms. Description Urs Janssen and Aleksey Salow have reported multiple buffer overflows in TIN. Additionally, the OpenPKG project has reported an allocation off-by-one flaw which can lead to a buffer overflo...
TikiWiki: Multiple vulnerabilities
Background TikiWiki is an open source content management system written in PHP. Description In numerous files TikiWiki provides an empty sortmode parameter, causing TikiWiki to display additional information, including database authentication credentials, in certain error messages. TikiWiki also...