3816 matches found
Mercurial: Directory traversal
Background Mercurial is a distributed Source Control Management system. Description Jakub Wilk discovered a directory traversal vulnerabilty in the applydiff function in the mercurial/patch.py file. Impact A remote attacker could entice a user to import a specially crafted patch, possibly resulti...
Evolution: User-assisted execution of arbitrary code
Background Evolution is the mail client of the GNOME desktop environment. Description Alin Rad Pop Secunia Research reported two vulnerabilities in Evolution: A boundary error exists when parsing overly long timezone strings contained within iCalendar attachments and when the ITip formatter is...
Audacity: Insecure temporary file creation
Background Audacity is a free cross-platform audio editor. Description Viktor Griph reported that the "AudacityApp::OnInit" method in file src/AudacityApp.cpp does not handle temporary files properly. Impact A local attacker could exploit this vulnerability to conduct symlink attacks to delete...
libxml2: Denial of service
Background libxml2 is the XML eXtended Markup Language C parser and toolkit initially developed for the Gnome project. Description Brad Fitzpatrick reported that the xmlCurrentChar function does not properly handle some UTF-8 multibyte encodings. Impact A remote attacker could entice a user to op...
TikiWiki: Multiple vulnerabilities
Background TikiWiki is an open source content management system written in PHP. Description Jesus Olmos Gonzalez from isecauditors reported insufficient sanitization of the "movies" parameter in file tiki-listmovies.php CVE-2007-6528. Mesut Timur from H-Labs discovered that the input passed to th...
FLAC: Buffer overflow
Background The Xiph.org Free Lossless Audio Codec FLAC library is the reference implementation of the FLAC audio file format. It contains encoders and decoders in library and executable form. Description Sean de Regge reported multiple integer overflows when processing FLAC media files that could...
Tomboy: User-assisted execution of arbitrary code
Background Tomboy is a GTK-based desktop note-taking application written in C and the Mono C. Description Jan Oravec reported that the "/usr/bin/tomboy" script sets the "LDLIBRARYPATH" environment variable incorrectly, which might result in the current working directory . to be included when...
RealPlayer: Buffer overflow
Background RealPlayer is a multimedia player capable of handling multiple multimedia file formats. Description A stack-based buffer overflow vulnerability has been reported in the SmilTimeValue::parseWallClockValue function in smlprstime.cpp when handling HH:mm:ss.f type time formats. Impact By...
tcpdump: Integer overflow
Background tcpdump is a tool for capturing and inspecting network traffic. Description mu-b from Digital Labs discovered that the return value of a snprintf call is not properly checked before being used. This could lead to an integer overflow. Impact A remote attacker could send specially crafte...
OpenLDAP: Denial of Service vulnerability
Background OpenLDAP is a suite of LDAP-related applications and development tools. Description Evgeny Legerov has discovered that the truncation of an incoming authcid longer than 255 characters and ending with a space as the 255th character will lead to an improperly computed name length. This...
Avahi: "netlink" message vulnerability
Background Avahi is a system that facilitates service discovery on a local network. Description Avahi does not check that the netlink messages come from the kernel instead of a user-space process. Impact A local attacker could exploit this vulnerability by crafting malicious netlink messages and...
Screen: UTF-8 character handling vulnerability
Background Screen is a full-screen window manager that multiplexes a physical terminal between several processes, typically interactive shells. Description cstone and Richard Felker discovered a flaw in Screen's UTF-8 combining character handling. Impact The vulnerability can be exploited by...
GnuPG: Integer overflow vulnerability
Background The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software. Description Evgeny Legerov discovered a vulnerability in GnuPG that when certain packets are handled an integer overflow may occur. Impact By sending a specially crafted email to a user...
GIMP: Buffer overflow
Background GIMP is the GNU Image Manipulation Program. XCF is the native image file format used by GIMP. Description Henning Makholm discovered that the "xcfloadvector" function is vulnerable to a buffer overflow when loading a XCF file with a large "numaxes" value. Impact An attacker could explo...
Horde Web Application Framework: XSS vulnerability
Background The Horde Web Application Framework is a general-purpose web application framework written in PHP, providing classes for handling preferences, compression, browser detection, connection tracking, MIME, and more. Description Michael Marek discovered that the Horde Web Application...
Tikiwiki: SQL injection and multiple XSS vulnerabilities
Background Tikiwiki is a web-based groupware and content management system CMS, using PHP, ADOdb and Smarty. Description Tikiwiki fails to properly sanitize user input before processing it, including in SQL statements. Impact An attacker could execute arbitrary SQL statements on the underlying...
Ethereal: Multiple vulnerabilities in protocol dissectors
Background Ethereal is a feature-rich network protocol analyzer. Description Coverity discovered numerous vulnerabilities in versions of Ethereal prior to 0.99.0, including: buffer overflows in the ALCAP CVE-2006-1934, COPS CVE-2006-1935 and telnet CVE-2006-1936 dissectors. buffer overflows in th...
Horde Application Framework: Remote code execution
Background The Horde Application Framework is a general-purpose web application framework written in PHP, providing classes for handling preferences, compression, browser detection, connection tracking, MIME and more. Description Jan Schneider of the Horde team discovered a vulnerability in the...
KDE kjs: URI heap overflow vulnerability
Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. kjs is the javascript interpreter used in Konqueror and other parts of KDE. Description Maksim Orlovich discovered an incorrect bounds check in kjs when handling URIs. Impact By enticing a us...
OpenMotif, AMD64 x86 emulation X libraries: Buffer overflows in libUil library
Background OpenMotif provides a free version of the Motif toolkit for open source applications. The OpenMotif libraries are included in the AMD64 x86 emulation X libraries, which emulate the x86 32-bit architecture on the AMD64 64-bit architecture. Description xfocus discovered two potential buff...
OpenLDAP, Gauche: RUNPATH issues
Background OpenLDAP is a suite of LDAP-related application and development tools. Gauche is an R5RS Scheme interpreter. Description Gentoo packaging for OpenLDAP and Gauche may introduce insecure paths into the list of directories that are searched for libraries at runtime. Impact A local attacke...
mpg321: Format string vulnerability
Background mpg321 is a GPL replacement for mpg123, a command line audio player with support for ID3. ID3 is a tagging system that allows metadata to be embedded within media files. Description A routine security audit of the mpg321 package revealed a known security issue remained unpatched. The...
curl: NTLM response buffer overflow
Background curl is a command line tool for transferring files via many different protocols. Description curl fails to properly check boundaries when handling NTLM authentication. Impact With a malicious server an attacker could send a carefully crafted NTLM response to a connecting client leading...
UW IMAP: CRAM-MD5 authentication bypass
Background UW IMAP is the University of Washington IMAP toolkit which includes POP3 and IMAP daemons. Description A logic bug in the code handling CRAM-MD5 authentication incorrectly specifies the condition for successful authentication. Impact An attacker could exploit this vulnerability to...
Vim, gVim: Vulnerable options in modelines
Background Vim is an efficient, highly configurable improved version of the classic 'vi' text editor. gVim is the GUI version of Vim. Description Gentoo's Vim maintainer, Ciaran McCreesh, found several vulnerabilities related to the use of options in Vim modelines. Options like 'termcap',...
mirrorselect: Insecure temporary file creation
Background mirrorselect is a tool to help select distfiles mirrors for Gentoo. Description Ervin Nemeth discovered that mirrorselect creates temporary files in world-writable directories with predictable names. Impact A local attacker could create symbolic links in the temporary files directory,...
Ruby: Denial of Service issue
Background Ruby is an interpreted scripting language for quick and easy object-oriented programming. Ruby's CGI module can be used to build web applications. Description Ruby's developers found and fixed an issue in the CGI module that can be triggered remotely and cause an infinite loop. Impact ...
jabberd 1.x: Denial of Service vulnerability
Background Jabber is a set of streaming XML protocols enabling message, presence, and other structured information exchange between two hosts. jabberd is the original implementation of the Jabber protocol server. Description Jose Antonio Calvo found a defect in routines handling XML parsing of...
wv: Buffer overflow vulnerability
Background The wv library allows access to MS Word files. It can parse Word files and allow other applications, such as abiword, to import those files into their native formats. Description A use of strcat without proper bounds checking leads to an exploitable buffer overflow. The vulnerable code...
Multiple vulnerabilities in metamail
Background Metamail is a program that decodes MIME encoded mail. It is therefore often automatically called when an email is received or read. Description Ulf Harnhammar found two format string bugs and two buffer overflow bugs in Metamail. Impact A remote attacker could send a malicious email...
Two buffer overflows in lftp
Background lftp is a multithreaded command-line based FTP client. It allows you to execute multiple commands simultaneously or in the background. If features mirroring capabilities, resuming downloads, etc. Description Two buffer overflows exist in lftp. Both can occur when the user connects to a...
Asterisk: Multiple Vulnerabilities
Background Asterisk is an open source telephony engine and toolkit. Description Multiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
curl: Multiple Vulnerabilities
Background A command line tool and library for transferring data with URLs. Description Multiple vulnerabilities have been discovered in curl. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...
GnuPG: Multiple Vulnerabilities
Background The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software. Description Multiple vulnerabilities have been discovered in GnuPG. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...
e2fsprogs: Arbitrary Code Execution
Background e2fsprogs is a set of utilities for maintaining the ext2, ext3 and ext4 file systems. Description Multiple vulnerabilities have been discovered in e2fsprogs. Please review the CVE identifiers referenced below for details. Impact An out-of-bounds read/write vulnerability was found in...
Catfish: Multiple Vulnerabilities
Background Catfish is a versatile file searching tool. Description Multiple vulnerabilities have been discovered in Catfish. Please review the CVE identifiers referenced below for details. Impact A local attacker could gain escalated privileges via a specially crafted shared library. Workaround...
Mumble: Multiple vulnerabilities
Background Mumble is low-latency voice chat software intended for use with gaming. Description Multiple vulnerabilities have been discovered in Mumble: A crafted length prefix value can trigger a heap-based buffer overflow or NULL pointer dereference in the opuspacketgetsamplesperframe function...
libproxy: User-assisted execution of arbitrary code
Background libproxy is a library for automatic proxy configuration management. Description A boundary error when processing the proxy.pac file could cause a stack-based buffer overflow. Impact A man-in-the-middle attacker could provide a specially crafted proxy.pac file on a remote server, possib...
Links: Denial of service
Background Links is a web browser which runs in both graphics and text modes. Description An integer overflow vulnerability was found in the parsing of HTML tables in the Links web browser when running in graphical mode. Impact A remote attacker could possibly cause a Denial of Service condition...
stunnel: Arbitrary code execution
Background The stunnel program is designed to work as an SSL encryption wrapper between a client and a local or remote server. Description A buffer overflow vulnerability has been discovered in stunnel. Please review the CVE identifier referenced below for details. Impact A remote attacker could...
Pixman: User-assisted execution of arbitrary code
Background Pixman is a pixel manipulation library. Description The trapezoid handling code in Pixman contains an integer underflow vulnerability. Impact A context-dependent attacker could entice a user to open a specially crafted file using an application linked against Pixman, possibly resulting...
libsndfile: Arbitrary code execution
Background Libsndfile is a C library for reading and writing files containing sampled sound through one standard library interface. Description An integer overflow flaw has been discovered in Libsndfile. Impact A remote attacker could entice a user to open a specially crafted PAF file using...
Festival: Arbitrary code execution
Background Festival is a Text to Speech Engine from The Centre for Speech Technology Research. Description A vulnerability in Festival Server has an incorrect path in LDLIBRARYPATH, which allows local users to place a Trojan horse shared library in the current working directory. Impact A local...
GNU ZRTP: Multiple vulnerabilities
Background GNU ZRTP is a C++ implementation of the ZRTP protocol. Description Multiple vulnerabilities have been discovered in GNU ZRTP. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of the proces...
NUT: Arbitrary code execution
Background The Network UPS Tools NUT provide support for power devices. Description An error in the addchar function in parseconf.c may cause a buffer overflow. Impact A remote attacker could send a specially crafted string to upsd, possibly resulting in execution of arbitrary code with the...
MaraDNS: Arbitrary code execution
Background MaraDNS is a proxy DNS server with permanent caching. Description A long DNS hostname with a large number of labels could trigger a buffer overflow in the compressadddlabelpoints function of dns/Compress.c. Impact A remote unauthenticated attacker could execute arbitrary code or cause ...
Newt: User-assisted execution of arbitrary code
Background Newt is a library for displaying text mode user interfaces. Description Miroslav Lichvar reported that Newt is prone to a heap-based buffer overflow in textbox.c. Impact A remote attacker could entice a user to enter a specially crafted string into a text dialog box rendered by Newt,...
C* music player: Insecure temporary file usage
Background The C Music Player cmus is a modular and very configurable ncurses-based audio player. Description Dmitry E. Oboukhov reported that cmus-status-display does not handle the "/tmp/cmus-status" temporary file securely. Impact A local attacker could perform symlink attacks to overwrite...
Openswan: Denial of service
Background Openswan is an implementation of IPsec for Linux. Description Multiple vulnerabilities have been discovered in Openswan: Gerd v. Egidy reported a NULL pointer dereference in the Dead Peer Detection of the pluto IKE daemon as included in Openswan CVE-2009-0790. The Orange Labs...
Multiple Ralink wireless drivers: Execution of arbitrary code
Background All listed packages are external kernel modules that provide drivers for multiple Ralink devices. ralink-rt61 is released by ralinktech.com, the other packages by the rt2x00.serialmonkey.com project. Description Aviv reported an integer overflow in multiple Ralink wireless card drivers...