3816 matches found
Qt: Integer overflow
Background Qt is a cross-platform GUI toolkit, which is used e.g. by KDE. Description An integer overflow flaw has been found in the pixmap handling of Qt. Impact By enticing a user to open a specially crafted pixmap image in an application using Qt, e.g. Konqueror, a remote attacker could be abl...
Python: Buffer Overflow
Background Python is an interpreted, interactive, object-oriented, cross-platform programming language. Description Benjamin C. Wiley Sittler discovered a buffer overflow in Python's "repr" function when handling UTF-32/UCS-4 encoded strings. Impact If a Python application processes...
Warzone 2100 Resurrection: Multiple buffer overflows
Background Warzone 2100 Resurrection is a real-time strategy game, developed by Pumpkin Studios and published by Eidos Interactive. Description Luigi Auriemma discovered two buffer overflow vulnerabilities in Warzone 2100 Resurrection. The recvTextMessage function of the Warzone 2100 Resurrection...
Wireshark: Multiple vulnerabilities
Background Wireshark, formerly known as Ethereal, is a popular network protocol analyzer. Description Wireshark dissectors have been found vulnerable to a large number of exploits, including off-by-one errors, buffer overflows, format string overflows and an infinite loop. Impact Running an...
mpg123: Heap overflow
Background mpg123 is a real time audio player designed for the MPEG format. Description In httpdget.c, a variable is assigned to the heap, and is supposed to receive a smaller allocation. As this variable was not terminated properly, strncpy will overwrite the data assigned next in memory. Impact...
KDM: Symlink vulnerability
Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. KDM is the KDE Display Manager and is part of the kdebase package. Description Ludwig Nussel discovered that KDM could be tricked into allowing users to read files that would otherwise not be...
Cacti: Multiple vulnerabilities in included ADOdb
Background Cacti is a complete web-based frontend to rrdtool. ADOdb is a PHP-based database abstraction layer which is included in Cacti. Description Several vulnerabilities have been identified in the copy of ADOdb included in Cacti. Andreas Sandblad discovered a dynamic code evaluation...
cURL/libcurl: Buffer overflow in the handling of TFTP URLs
Background cURL is a command line tool for transferring files with URL syntax, supporting numerous protocols. libcurl is the corresponding client-side library. Description Ulf Harnhammar reported a possible buffer overflow in the handling of TFTP URLs in libcurl due to the lack of boundary checks...
Freeciv: Denial of service
Background Freeciv is an open source turn-based multiplayer strategy game, similar to the famous Civilization series. Description Luigi Auriemma discovered that Freeciv could be tricked into the allocation of enormous chunks of memory when trying to uncompress malformed data packages, possibly...
Cube: Multiple vulnerabilities
Background Cube is an open source first person shooter game engine supporting multiplayer via LAN or internet. Description Luigi Auriemma reported that Cube is vulnerable to a buffer overflow in the sgetstr function CVE-2006-1100 and that the sgetstr and getint functions fail to verify the length...
Dropbear: Privilege escalation
Background Dropbear is an SSH server and client with a small memory footprint. Description Under certain conditions Dropbear could fail to allocate a sufficient amount of memory, possibly resulting in a buffer overflow. Impact By sending specially crafted data to the server, authenticated users...
AbiWord: New RTF import buffer overflows
Background AbiWord is a free and cross-platform word processing program. It allows to import RTF files into AbiWord documents. Description Chris Evans discovered a different set of buffer overflows than the one described in GLSA 200509-20 in the RTF import function in AbiWord. Impact An attacker...
KOffice, KWord: RTF import buffer overflow
Background KOffice is an integrated office suite for KDE. KWord is the KOffice word processor. Description Chris Evans discovered that the KWord RTF importer was vulnerable to a heap-based buffer overflow. Impact An attacker could entice a user to open a specially-crafted RTF file, potentially...
Squid: Denial of Service vulnerabilities
Background Squid is a full-featured Web proxy cache designed to run on Unix-like systems. It supports proxying and caching of HTTP, FTP, and other protocols, as well as SSL support, cache hierarchies, transparent caching, access control lists and many more features. Description Certain malformed...
Heimdal: Buffer overflow vulnerabilities
Background Heimdal is a free implementation of Kerberos 5 that includes a telnetd server. Description It has been reported that the "getterminaltype" function of Heimdal's telnetd server is vulnerable to buffer overflows. Impact An attacker could exploit this vulnerability to execute arbitrary co...
Gaim: Denial of Service vulnerabilities
Background Gaim is a full featured instant messaging client which handles a variety of instant messaging protocols. Description Jacopo Ottaviani discovered a vulnerability in the Yahoo! file transfer code when being offered files with names containing non-ASCII characters CAN-2005-1269. Hugo de...
xli, xloadimage: Multiple vulnerabilities
Background xli and xloadimage are X11 utilities for displaying and manipulating a wide range of image formats. Description Tavis Ormandy of the Gentoo Linux Security Audit Team has reported that xli and xloadimage contain a flaw in the handling of compressed images, where shell meta-characters ar...
gFTP: Directory traversal vulnerability
Background gFTP is a GNOME based, multi-threaded file transfer client. Description gFTP lacks input validation of filenames received by remote servers. Impact An attacker could entice a user to connect to a malicious FTP server and conduct a directory traversal attack by making use of specially...
ht://Dig: Cross-site scripting vulnerability
Background ht://Dig is an HTTP/HTML indexing and searching system. Description Michael Krax discovered that ht://Dig fails to validate the 'config' parameter before displaying an error message containing the parameter. This flaw could allow an attacker to conduct cross-site scripting attacks...
Mailman: Directory traversal vulnerability
Background Mailman is a Python-based mailing list server with an extensive web interface. Description Mailman contains an error in private.py which fails to properly sanitize input paths. Impact An attacker could exploit this flaw to obtain arbitrary files on the web server. Workaround There is n...
Newspost: Buffer overflow vulnerability
Background Newspost is a Usenet News binary autoposter. Description Niels Heinen has discovered a buffer overflow in the socketgetline function of Newspost, which can be triggered by providing long strings that do not end with a newline character. Impact A remote attacker could setup a malicious...
xine-lib: Multiple overflows
Background xine-lib is a multimedia library which can be utilized to create multimedia frontends. Description Ariel Berkman discovered that xine-lib reads specific input data into an array without checking the input size in demuxaiff.c, making it vulnerable to a buffer overflow CAN-2004-1300...
imlib: Buffer overflows in image decoding
Background imlib is an advanced replacement library for image manipulation libraries like libXpm. It is called by numerous programs, including gkrellm and several window managers, to help in displaying images. Description Pavel Kankovsky discovered that several overflows found in the libXpm libra...
Pavuk: Multiple buffer overflows
Background Pavuk is web spider and website mirroring tool. Description Pavuk contains several buffer overflow vulnerabilities in the code handling digest authentication and HTTP header processing. This issue is similar to GLSA 200407-19, but contains more vulnerabilities. Impact A remote attacker...
Cherokee: Format string vulnerability
Background Cherokee is an extra-light web server. Description Florian Schilhabel from the Gentoo Linux Security Audit Team found a format string vulnerability in the cherokeeloggerncsawritestring function. Impact Using a specially crafted URL when authenticating via authpam, a malicious user may ...
SoX: Multiple buffer overflows
Background SoX is a command line utility that can convert various formats of computer audio files in to other formats. Description Ulf Harnhammar discovered two buffer overflows in the sox and play commands when handling WAV files with specially crafted header fields. Impact By enticing a user to...
Squid ACL [url_regex] bypass vulnerability
Background Squid is a fully-featured Web Proxy Cache designed to run on Unix systems that supports proxying and caching of HTTP, FTP, and other URLs, as well as SSL support, cache hierarchies, transparent caching, access control lists and many other features. Description A bug in Squid allows use...
Dnsmasq: Multiple Vulnerabilities
Background Dnsmasq is a lightweight and easily-configurable DNS forwarder and DHCP server. Description Multiple vulnerabilities have been discovered in Dnsmasq. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
Docker: Multiple Vulnerabilities
Background Docker contains the the core functions you need to create Docker images and run Docker containers Description Multiple vulnerabilities have been discovered in Docker. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...
file: Stack Buffer Overread
Background The file utility attempts to identify a file’s format by scanning binary data for patterns. Description Multiple vulnerabilities have been discovered in file. Please review the CVE identifiers referenced below for details. Impact File has an stack-based buffer over-read in filecopystr ...
Mozilla Firefox: Multiple Vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
Sofia-SIP: Multiple Vulnerabilities
Background Sofia-SIP is an RFC3261 compliant SIP User-Agent library. Description Multiple vulnerabilities have been discovered in Sofia-SIP. Please review the CVE identifiers referenced below for details. Impact Multiple vulnerabilities have been discovered in Sofia-SIP. Please review the CVE...
xar: Unsafe Extraction
Background xar provides an easily extensible archive format. Description A vulnerability has been discovered in xar. Please review the CVE identifier referenced below for details. Impact xar allows for a forward-slash separated path to be specified in the file name property, e.g. x/foo – as long ...
TACACS+: Remote Code Execution
Background An updated version of Cisco's TACACS+ server. Description A vulnerabilitiy has been discovered in TACACS+. Please review the CVE identifier referenced below for details. Impact A lack of input validation exists in tacplus which, when pre or post auth commands are enabled, allows an...
libspf2: Multiple vulnerabilities
Background libspf2 is a library that implements the Sender Policy Framework, allowing mail transfer agents to make sure that an email is authorized by the domain name that it is coming from. Description Multiple vulnerabilities have been discovered in libspf2. Please review the CVE identifiers...
Ceph: Root Privilege Escalation
Background Ceph is a distributed network file system designed to provide excellent performance, reliability, and scalability. Description A vulnerability has been discovered in Ceph. Please review the CVE identifier referenced below for details. Impact The ceph-crash.service runs the ceph-crash...
RenderDoc: Multiple Vulnerabilities
Background RenderDoc is a free MIT licensed stand-alone graphics debugger that allows quick and easy single-frame capture and detailed introspection of any application using Vulkan, D3D11, OpenGL & OpenGL ES or D3D12 across Windows, Linux, Android, or Nintendo Switchâ„¢. Description Multiple...
libcue: Arbitrary Code Execution
Background libcue is a CUE Sheet Parser Library. Description libcue does not check bounds in a loop and suffers from an integer overflow flaw which can be exploited to take over the program. Impact Untrusted CUE sheet files can lead to arbitrary code execution. app-misc/tracker-minerscue uses...
dav1d: Denial of Service
Background dav1d is an AV1 decoder. Description In some circumstances, dav1d might treat an invalid frame as valid, resulting in a crash. Impact Malformed frame data can result in a denial of service. Workaround Users should avoid parsing untrusted video with dav1d. Resolution All dav1d users...
uptimed: Root Privilege Escalation
Background uptimed is a system uptime record daemon that keeps track of your highest uptimes. Description Via unnecessary file ownership modifications in the pkgpostinst ebuild phase, the uptimed user could change arbitrary files to be owned by the uptimed user at emerge-time. Impact The uptimed...
Kitty: Arbitrary Code Execution
Background Kitty is a fast, feature-rich, GPU-based terminal. Description Carter Sande discovered that maliciously constructed control sequences can cause Kitty to display a notification that, when clicked, can cause Kitty to execute arbitrary commands. Impact Kitty can produce notifications that...
gpsd: Arbitrary code execution
Background gpsd is a GPS daemon and library for USB/serial GPS devices and GPS/mapping clients. Description A stack-based buffer overflow was discovered in gpsd on port 2947/TCP or crafted JSON inputs. Impact A remote attacker could possibly execute arbitrary code with the privileges of the...
GNOME File Roller: Directory traversal
Background File Roller is an archive manager for the GNOME desktop environment. Description It was discovered that GNOME File Roller incorrectly handled symlinks. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time. Resolution All...
Claws Mail: Improper STARTTLS handling
Background Claws Mail is a GTK based e-mail client. Description It was discovered that Claws Mail was not properly handling state within the STARTTLS protocol handshake. Impact There may be a breach of integrity or confidentiality in connections made using Claws Mail with STARTTLS. Workaround The...
Mozilla Thunderbird: Multiple vulnerabilities
Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...
JHead: Multiple vulnerabilities
Background JHead is an exif jpeg header manipulation tool. Description Multiple vulnerabilities have been discovered in JHead. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround a...
Ming: Multiple vulnerabilities
Background A library for generating Macromedia Flash files. Description Multiple vulnerabilities have been discovered in Ming. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround a...
Portage: Man-in-the-middle
Background Portage is the package management and distribution system for Gentoo. Description A vulnerability was discovered in emerge-delta-webrsync and Portage that did not properly validate the revocation status of GPG keys. Impact A remote attacker could conduct a man-in-the-middle attack...
Teeworlds: Remote execution of arbitrary code on client
Background Teeworlds is an online multi-player platform 2D shooter. Description Teeworlds client contains a vulnerability allowing a malicious server to execute arbitrary code, or write to arbitrary physical memory via the CClient::ProcessServerPacket method. Impact A remote malicious server can...
Background FUSE provides an interface for filesystems implemented in userspace. Description The fusermount binary calls setuidgeteuid to reset the RUID when it invokes /bin/mount so that it can use privileged mount options that are normally restricted if RUID != EUID. FUSE does not properly clear...