3816 matches found
Multiple vulnerabilities in metamail
Background Metamail is a program that decodes MIME encoded mail. It is therefore often automatically called when an email is received or read. Description Ulf Harnhammar found two format string bugs and two buffer overflow bugs in Metamail. Impact A remote attacker could send a malicious email...
Two buffer overflows in lftp
Background lftp is a multithreaded command-line based FTP client. It allows you to execute multiple commands simultaneously or in the background. If features mirroring capabilities, resuming downloads, etc. Description Two buffer overflows exist in lftp. Both can occur when the user connects to a...
Asterisk: Multiple Vulnerabilities
Background Asterisk is an open source telephony engine and toolkit. Description Multiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
curl: Multiple Vulnerabilities
Background A command line tool and library for transferring data with URLs. Description Multiple vulnerabilities have been discovered in curl. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...
GnuPG: Multiple Vulnerabilities
Background The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software. Description Multiple vulnerabilities have been discovered in GnuPG. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...
Mozilla Firefox: Multiple Vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
Rebar3: Command Injection
Background A sophisticated build-tool for Erlang projects that follows OTP principles. Description Rebar3 is vulnerable to OS command injection via the URL parameter of a dependency specification. Impact A vulnerability has been discovered in Rebar3. Please review the CVE identifier referenced...
e2fsprogs: Arbitrary Code Execution
Background e2fsprogs is a set of utilities for maintaining the ext2, ext3 and ext4 file systems. Description Multiple vulnerabilities have been discovered in e2fsprogs. Please review the CVE identifiers referenced below for details. Impact An out-of-bounds read/write vulnerability was found in...
Mozilla Thunderbird: Multiple vulnerabilities
Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...
JHead: Multiple vulnerabilities
Background JHead is an exif jpeg header manipulation tool. Description Multiple vulnerabilities have been discovered in JHead. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround a...
Portage: Man-in-the-middle
Background Portage is the package management and distribution system for Gentoo. Description A vulnerability was discovered in emerge-delta-webrsync and Portage that did not properly validate the revocation status of GPG keys. Impact A remote attacker could conduct a man-in-the-middle attack...
Wireshark: Multiple vulnerabilities
Background Wireshark is a network protocol analyzer formerly known as ethereal. Description Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact A remote attacker can cause a Denial of Service condition via specially...
Catfish: Multiple Vulnerabilities
Background Catfish is a versatile file searching tool. Description Multiple vulnerabilities have been discovered in Catfish. Please review the CVE identifiers referenced below for details. Impact A local attacker could gain escalated privileges via a specially crafted shared library. Workaround...
FreeType: Arbitrary code execution
Background FreeType is a high-quality and portable font engine. Description A stack-based buffer overflow exists in Freetype’s cf2hintmapbuild function in cff/cf2hints.c. Impact A remote attacker may be able to execute arbitrary code or cause a Denial of Service condition via specially crafted fo...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
Mumble: Multiple vulnerabilities
Background Mumble is low-latency voice chat software intended for use with gaming. Description Multiple vulnerabilities have been discovered in Mumble: A crafted length prefix value can trigger a heap-based buffer overflow or NULL pointer dereference in the opuspacketgetsamplesperframe function...
Links: Denial of service
Background Links is a web browser which runs in both graphics and text modes. Description An integer overflow vulnerability was found in the parsing of HTML tables in the Links web browser when running in graphical mode. Impact A remote attacker could possibly cause a Denial of Service condition...
Pixman: User-assisted execution of arbitrary code
Background Pixman is a pixel manipulation library. Description The trapezoid handling code in Pixman contains an integer underflow vulnerability. Impact A context-dependent attacker could entice a user to open a specially crafted file using an application linked against Pixman, possibly resulting...
Asterisk: Multiple vulnerabilities
Background Asterisk is an open source telephony engine and toolkit. Description Multiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers referenced below for details. Impact A remote attacker could execute arbitrary code with the privileges of the process, caus...
Festival: Arbitrary code execution
Background Festival is a Text to Speech Engine from The Centre for Speech Technology Research. Description A vulnerability in Festival Server has an incorrect path in LDLIBRARYPATH, which allows local users to place a Trojan horse shared library in the current working directory. Impact A local...
rdesktop: Directory Traversal
Background rdesktop is a Remote Desktop Protocol RDP Client. Description A vulnerability has been discovered in rdesktop. Please review the CVE identifier referenced below for details. Impact Remote RDP servers may be able to read or overwrite arbitrary files via a .. dot dot in a pathname...
fastjar: Directory traversal
Background fastjar is a Java archiver written in C. Description Two directory traversal vulnerabilities have been discovered in fastjar. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted JAR file, possibly...
NUT: Arbitrary code execution
Background The Network UPS Tools NUT provide support for power devices. Description An error in the addchar function in parseconf.c may cause a buffer overflow. Impact A remote attacker could send a specially crafted string to upsd, possibly resulting in execution of arbitrary code with the...
MaraDNS: Arbitrary code execution
Background MaraDNS is a proxy DNS server with permanent caching. Description A long DNS hostname with a large number of labels could trigger a buffer overflow in the compressadddlabelpoints function of dns/Compress.c. Impact A remote unauthenticated attacker could execute arbitrary code or cause ...
XEmacs: User-assisted execution of arbitrary code
Background XEmacs is a highly extensible and customizable text editor. Description Tielei Wang reported multiple integer overflow vulnerabilities in the tiffinstantiate, pnginstantiate and jpeginstantiate functions in glyphs-eimage.c, all possibly leading to heap-based buffer overflows. Impact A...
C* music player: Insecure temporary file usage
Background The C Music Player cmus is a modular and very configurable ncurses-based audio player. Description Dmitry E. Oboukhov reported that cmus-status-display does not handle the "/tmp/cmus-status" temporary file securely. Impact A local attacker could perform symlink attacks to overwrite...
Streamripper: Multiple vulnerabilities
Background Streamripper is a tool for extracting and recording mp3 files from a Shoutcast stream. Description Stefan Cornelius from Secunia Research reported multiple buffer overflows in the httpparsescheader, httpgetpls and httpgetm3u functions in lib/http.c when parsing overly long HTTP headers...
WordNet: Execution of arbitrary code
Background WordNet is a large lexical database of English. Description Jukka Ruohonen initially reported a boundary error within the searchwn function in src/wn.c. A thorough investigation by the oCERT team revealed several other vulnerabilities in WordNet: Jukka Ruohonen and Rob Holland oCERT...
Motion: Execution of arbitrary code
Background Motion is a program that monitors the video signal from one or more cameras and is able to detect motions. Description Nico Golde reported an off-by-one error within the readclient function in the webhttpd.c file, leading to a stack-based buffer overflow. Stefan Cornelius Secunia...
Comix: Multiple vulnerabilities
Background Comix is a GTK comic book viewer. Description Comix does not properly sanitize filenames containing shell metacharacters when they are passed to the rar, unrar, or jpegtran programs CVE-2008-1568. Comix also creates directories with predictable names CVE-2008-1796. Impact A remote...
PeerCast: Buffer overflow
Background PeerCast is a client and server for P2P-radio network Description Luigi Auriemma reported a heap-based buffer overflow within the "handshakeHTTP" function when processing HTTP requests. Impact A remote attacker could send a specially crafted request to the vulnerable server, possibly...
PEAR::MDB2: Information disclosure
Background PEAR::MDB2 is a database abstraction layer for PHP aimed to provide a common API for all supported relational database management systems. A LOB "large object" is a database field holding binary data. Description priyadi discovered that the request to store a URL string as a LOB is...
Hugin: Insecure temporary file creation
Background Hugin is a GUI for creating and processing panoramic images. Description Suse Linux reported that Hugin creates the "hugindebugoptimresults.txt" temporary file in an insecure manner. Impact A local attacker could exploit this vulnerability with a symlink attack, potentially overwriting...
FLAC: Buffer overflow
Background The Xiph.org Free Lossless Audio Codec FLAC library is the reference implementation of the FLAC audio file format. It contains encoders and decoders in library and executable form. Description Sean de Regge reported multiple integer overflows when processing FLAC media files that could...
Tomboy: User-assisted execution of arbitrary code
Background Tomboy is a GTK-based desktop note-taking application written in C and the Mono C. Description Jan Oravec reported that the "/usr/bin/tomboy" script sets the "LDLIBRARYPATH" environment variable incorrectly, which might result in the current working directory . to be included when...
rsync: Two buffer overflows
Background rsync is a file transfer program to keep remote directories synchronized. Description Sebastian Krahmer from the SUSE Security Team discovered two off-by-one errors in the function "fname" in file sender.c when processing overly long directory names. Impact A remote attacker could enti...
tcpdump: Integer overflow
Background tcpdump is a tool for capturing and inspecting network traffic. Description mu-b from Digital Labs discovered that the return value of a snprintf call is not properly checked before being used. This could lead to an integer overflow. Impact A remote attacker could send specially crafte...
pam_ldap: Authentication bypass vulnerability
Background pamldap is a Pluggable Authentication Module which allows authentication against LDAP directories. Description Steve Rigler discovered that pamldap does not correctly handle "PasswordPolicyResponse" control responses from an LDAP directory. This causes the pamauthenticate function to...
ClamAV: Denial of service
Background ClamAV is a GPL virus scanner. Description Hendrik Weimer discovered that ClamAV fails to properly handle deeply nested MIME multipart/mixed content. Impact By sending a specially crafted email with deeply nested MIME multipart/mixed content an attacker could cause ClamAV to crash...
libgsf: Buffer overflow
Background The GNOME Structured File Library is an I/O library that can read and write common file types and handle structured formats that provide file-system-in-a-file semantics. Description "infamous41md" has discovered that the "oleinitinfo" function may allocate too little memory for storing...
SeaMonkey: Multiple vulnerabilities
Background The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as 'Mozilla Application Suite'. Description The SeaMonkey project is vulnerable to arbitrary JavaScript bytecode execution and arbitrary code execution...
libmusicbrainz: Multiple buffer overflows
Background libmusicbrainz is a client library used to access MusicBrainz music meta data. Description Luigi Auriemma reported a possible buffer overflow in the MBHttp::Download function of lib/http.cpp as well as several possible buffer overflows in lib/rdfparse.c. Impact A remote attacker could ...
CAPI4Hylafax fax receiver: Execution of arbitrary code
Background CAPI4Hylafax makes it possible to send and receive faxes via CAPI and AVM Fritz!Cards. Description Lionel Elie Mamane discovered an error in c2faxrecv, which doesn't properly sanitize TSI strings when handling incoming calls. Impact A remote attacker can send null \0 and shell...
Ethereal: Multiple vulnerabilities in protocol dissectors
Background Ethereal is a feature-rich network protocol analyzer. Description Coverity discovered numerous vulnerabilities in versions of Ethereal prior to 0.99.0, including: buffer overflows in the ALCAP CVE-2006-1934, COPS CVE-2006-1935 and telnet CVE-2006-1936 dissectors. buffer overflows in th...
Cacti: Multiple vulnerabilities in included ADOdb
Background Cacti is a complete web-based frontend to rrdtool. ADOdb is a PHP-based database abstraction layer which is included in Cacti. Description Several vulnerabilities have been identified in the copy of ADOdb included in Cacti. Andreas Sandblad discovered a dynamic code evaluation...
Heimdal: rshd privilege escalation
Background Heimdal is a free implementation of Kerberos 5. Description An unspecified privilege escalation vulnerability in the rshd server of Heimdal has been reported. Impact Authenticated users could exploit the vulnerability to escalate privileges or to change the ownership and content of...
GStreamer FFmpeg plugin: Heap-based buffer overflow
Background The GStreamer FFmpeg plugin uses code from the FFmpeg library to provide fast colorspace conversion and multimedia decoders to the GStreamer open source media framework. Description The GStreamer FFmpeg plugin contains derived code from the FFmpeg library, which is vulnerable to a heap...
Netpbm: Buffer overflow in pnmtopng
Background Netpbm is a package of 220 graphics programs and a programming library, including pnmtopng, a tool to convert PNM image files to the PNG format. Description RedHat reported that pnmtopng is vulnerable to a buffer overflow. Impact An attacker could craft a malicious PNM file and entice ...
Shorewall: Security policy bypass
Background Shorewall is a high level tool for configuring Netfilter, the firewall facility included in the Linux Kernel. Description Shorewall fails to enforce security policies if configured with "MACLISTDISPOSITION" set to "ACCEPT" or "MACLISTTTL" set to a value greater or equal to 0. Impact A...
dhcpcd: Denial of Service vulnerability
Background dhcpcd is a standards compliant DHCP client daemon. It requests an IP address and other information from the DHCP server, automatically configures the network interface, and tries to renew the lease time. Description infamous42md discovered that dhcpcd can be tricked to read past the e...