3816 matches found
RealPlayer: Heap overflow vulnerability
Background RealPlayer is a multimedia player capable of handling multiple multimedia file formats. Description RealPlayer is vulnerable to a heap overflow when opening RealMedia files which make use of RealText. Impact By enticing a user to play a specially crafted RealMedia file an attacker coul...
SpamAssassin 3, Vipul's Razor: Denial of Service vulnerability
Background SpamAssassin is an extensible email filter which is used to identify junk email. Vipul's Razor is a client for a distributed, collaborative spam detection and filtering network. Description SpamAssassin and Vipul's Razor contain a Denial of Service vulnerability when handling special...
MediaWiki: Cross-site scripting vulnerability
Background MediaWiki is a collaborative editing software, used by big projects like Wikipedia. Description MediaWiki incorrectly handles page template inclusions, rendering it vulnerable to cross-site scripting attacks. Impact A remote attacker could exploit this vulnerability to inject malicious...
OpenSLP: Multiple buffer overflows
Background OpenSLP is an open-source implementation of Service Location Protocol SLP. Description Multiple buffer overflows have been found in OpenSLP, when handling malformed SLP packets. Impact By sending specially crafted SLP packets, a remote attacker could potentially execute arbitrary code...
Squid: Multiple vulnerabilities
Background Squid is a full-featured Web proxy cache designed to run on Unix systems. It supports proxying and caching of HTTP, FTP, and other protocols, as well as SSL support, cache hierarchies, transparent caching, access control lists and many other features. Description Squid contains several...
tnftp: Arbitrary file overwriting
Background tnftp is a NetBSD FTP client with several advanced features. Description The 'mget' function in cmds.c lacks validation of the filenames that are supplied by the server. Impact An attacker running an FTP server could supply clients with malicious filenames, potentially allowing the...
shadow: Unauthorized modification of account information
Background shadow provides a set of utilities to deal with user accounts. Description Martin Schulze reported a flaw in the passwdcheck function in "libmisc/pwdcheck.c" which is used by chfn and chsh. Impact A logged-in local user with an expired password may be able to use chfn and chsh to chang...
LHa: Multiple vulnerabilities
Background LHa is a console-based program for packing and unpacking LHarc archives. Description The command line argument as well as the archive parsing code of LHa lack sufficient bounds checking. Furthermore, a shell meta character command execution vulnerability exists in LHa, since it does no...
eGroupWare: Multiple XSS vulnerabilities
Background eGroupWare is a suite of web-based group applications including calendar, address book, messenger and email. Description Joxean Koret recently discovered multiple cross site scripting vulnerabilities in various modules for the eGroupWare suite. This includes the calendar, address book,...
MoinMoin: Group ACL bypass
Background MoinMoin is a Python clone of WikiWiki, based on PikiPiki. Description MoinMoin contains two unspecified bugs, one allowing anonymous users elevated access when not using ACLs, and the other in the ACL handling in the PageEditor. Impact Restrictions on anonymous users were not properly...
SpamAssassin: Denial of Service vulnerability
Background SpamAssassin is an extensible email filter which is used to identify spam. Description SpamAssassin contains an unspecified Denial of Service vulnerability. Impact By sending a specially crafted message an attacker could cause a Denial of Service attack against the SpamAssassin service...
PuTTY: Pre-authentication arbitrary code execution
Background PuTTY is a free implementation of Telnet and SSH for Win32 and Unix platforms, along with an xterm terminal emulator. Description PuTTY contains a vulnerability allowing a malicious server to execute arbitrary code on the connecting client before host key verification. Impact When...
mit-krb5: Multiple buffer overflows in krb5_aname_to_localname
Background mit-krb5 is the free implementation of the Kerberos network authentication protocol by the Massachusetts Institute of Technology. Description The library function krb5anametolocalname contains multiple buffer overflows. This is only exploitable if explicit mapping or rules-based mappin...
Multiple Vulnerabilities in pwlib
Background pwlib is a multi-platform library designed for OpenH323. Description Multiple vulnerabilities have been found in the implimentation of protocol H.323 contained in pwlib. Most of the vulnerabilies are in the parsing of ASN.1 elements which would allow an attacker to use a maliciously...
GPL Ghostscript: Multiple Vulnerabilities
Background Ghostscript is an interpreter for the PostScript language and for PDF. Description Multiple vulnerabilities have been discovered in GPL Ghostscript. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workarou...
Slurm: Multiple Vulnerabilities
Background Slurm is a highly scalable resource manager. Description Multiple vulnerabilities have been discovered in Slurm. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at...
PJSIP: Heap Buffer Overflow
Background PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Description Please review the CVE identifier referenced below for details. Impact Please review the CVE identifier...
Nokogiri: Denial of Service
Background Nokogiri is an HTML, XML, SAX, and Reader parser. Description A denial of service vulnerability has been discovered in Nokogiri. Please review the CVE identifier referenced below for details. Impact Nokogiri fails to check the return value from xmlTextReaderExpand in the method...
Liferea: Remote Code Execution
Background Liferea is a feed reader/news aggregator that brings together all of the content from your favorite subscriptions into a simple interface that makes it easy to organize and browse feeds. Its GUI is similar to a desktop mail/news client, with an embedded web browser. Description A...
GLib: Privilege Escalation
Background GLib is a library providing a number of GNOME's core objects and functions. Description A vulnerability has been discovered in GLib. Please review the CVE identifier referenced below for details. Impact When a GDBus-based client subscribes to signals from a trusted system service such ...
LZ4: Memory Corruption
Background LZ4 is a lossless compression algorithm, providing compression speed 500 MB/s per core, scalable with multi-cores CPU. It features an extremely fast decoder, with speed in multiple GB/s per core, typically reaching RAM speed limits on multi-core systems. Description An attacker who...
Blender: Multiple Vulnerabilities
Background Blender is a 3D Creation/Animation/Publishing System. Description Multiple vulnerabilities have been discovered in Blender. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
libuv: Buffer Overread
Background libuv is a multi-platform support library with a focus on asynchronous I/O. Description libuv fails to ensure that a pointer lies within the bounds of a defined buffer in the uvidnatoascii function before reading and manipulating the memory at that address. Impact The overread can resu...
LibreOffice: Multiple Vulnerabilities
Background LibreOffice is a powerful office suite; its clean interface and powerful tools let you unleash your creativity and grow your productivity. Description Multiple vulnerabilities have been discovered in LibreOffice. Please review the CVE identifiers referenced below for details. Impact...
xfce4-settings: Browser Argument Injection
Background xfce4-settings contains the configuration system for the Xfce desktop environment. Description xfce4-settings does not sufficiently sanitize URLs opened via xdg4-mime-helper-tool which is called when a user clicks a link in e.g. Firefox. Impact The vulnerability can be leveraged into...
D-Bus: Denial of service
Background D-Bus is a message bus system which processes can use to talk to each other. Description It was discovered that D-Bus did not properly handle the situation when two usernames have the same numeric UID. Impact An attacker could possibly cause a Denial of Service condition or trigger oth...
VDE: Privilege escalation
Background VDE is an ethernet compliant virtual network that can be spawned over a set of physical computer over the Internet. Description It was discovered that Gentoo’s default VDE installation suffered from a privilege escalation vulnerability in the init script. This script calls an unsafe...
Bundler: Insecure installation
Background Bundler provides a consistent environment for Ruby projects by tracking and installing the exact gems and versions that are needed. Description Bundler, allows the installation of gems from different sources with the same names, when multiple top-level gem sources are used. Impact Remo...
Ansible: Privilege escalation
Background Ansible is a radically simple IT automation platform. Description The createscript function in the lxccontainer module of Ansible uses predictable temporary file names, making it vulnerable to a symlink attack. Impact Local attackers could write arbitrary files or gain escalated...
arpwatch: Privilege escalation
Background The ethernet monitor program; for keeping track of ethernet/ip address pairings. Description Arpwatch does not properly drop supplementary groups. Impact Attackers, if able to exploit arpwatch, could escalate privileges outside of the running process. Workaround There is no known...
kwalletd: Information disclosure
Background Kwalletd is is a credentials management application for KDE. Description Kwalletd in KWallet uses Blowfish with ECB mode instead of CBC mode when encrypting the password store. Impact Local attackers, with access to the password store, could conduct a codebook attack in order to obtain...
PLIB: Buffer overflow vulnerability
Background PLIB includes sound effects, music, a complete 3D engine, font rendering, a simple Windowing library, a game scripting language, a GUI, networking, 3D math library and a collection of handy utility functions. Description A buffer overflow in PLIB allows user-assisted remote attackers t...
Firebird: Buffer Overflow
Background Firebird is a multi-platform, open source relational database. Description The vulnerability is caused due to an error when processing requests from remote clients. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of...
PyPAM: Arbitrary code execution
Background PyPAM is a PAM binding for Python. Description PyPAM does not handle passwords correctly if there is NULL byte in the string. Impact A remote attacker could possibly execute arbitrary code or cause a Denial of Service condition. Workaround There is no known workaround at this time...
UnRTF: Multiple vulnerabilities
Background UnRTF is a command-line program which converts RTF documents to other formats. Description Multiple vulnerabilities have been discovered in UnRTF. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to execute arbitrary code with the...
chrony: Multiple vulnerabilities
Background chrony is a versatile implementation of the Network Time Protocol NTP. Description Multiple vulnerabilities have been discovered in chrony. Please review the CVE identifiers referenced below for details. Impact A remote attacker can cause arbitrary remote code execution or Denial of...
libproxy: User-assisted execution of arbitrary code
Background libproxy is a library for automatic proxy configuration management. Description A boundary error when processing the proxy.pac file could cause a stack-based buffer overflow. Impact A man-in-the-middle attacker could provide a specially crafted proxy.pac file on a remote server, possib...
libtar: Arbitraty code execution
Background libtar is a C library for manipulating POSIX tar files. Description An integer overflow error within the “thread” function when processing long names or link extensions can be exploited to cause a heap-based buffer overflow via a specially crafted archive. Impact A remote attacker coul...
libsndfile: Arbitrary code execution
Background Libsndfile is a C library for reading and writing files containing sampled sound through one standard library interface. Description An integer overflow flaw has been discovered in Libsndfile. Impact A remote attacker could entice a user to open a specially crafted PAF file using...
GNU ZRTP: Multiple vulnerabilities
Background GNU ZRTP is a C++ implementation of the ZRTP protocol. Description Multiple vulnerabilities have been discovered in GNU ZRTP. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of the proces...
FontForge: User-assisted execution of arbitrary code
Background FontForge is a PostScript font editor and converter. Description FontForge is vulnerable to an error when processing the "CHARSETREGISTRY" header in font files, which could cause a stack-based buffer overflow. Impact A remote attacker could entice a user to open a specially crafted BDF...
rgmanager: Privilege escalation
Background rgmanager is a clustered resource group manager. Description A vulnerability has been discovered in rgmanager. Please review the CVE identifier referenced below for details. Impact A local attacker could gain escalated privileges. Workaround There is no known workaround at this time...
Tor: Remote heap-based buffer overflow
Background Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service. Description Tor contains a heap-based buffer overflow in the processing of user or attacker supplied data. No additional information is available. Impact Successful...
Chromium: Multiple vulnerabilities
Background Chromium is an open-source web browser project. Description Multiple vulnerabilities were found in Chromium. For further information please consult the release notes referenced below. Impact A remote attacker could trick a user to perform a set of UI actions that trigger a possibly...
sudo: Privilege Escalation
Background sudo allows a system administrator to give users the ability to run commands as other users. Description Multiple vulnerabilities have been reported in sudo: Evan Broder and Anders Kaseorg of Ksplice, Inc. reported that the sudo 'secure path' feature does not properly handle multiple...
Newt: User-assisted execution of arbitrary code
Background Newt is a library for displaying text mode user interfaces. Description Miroslav Lichvar reported that Newt is prone to a heap-based buffer overflow in textbox.c. Impact A remote attacker could entice a user to enter a specially crafted string into a text dialog box rendered by Newt,...
PEAR Net_Traceroute: Command injection
Background PEAR NetTraceroute is an OS independent wrapper class for executing traceroute calls from PHP. Description Pasquale Imperato reported that the $host parameter to the traceroute function in Traceroute.php is not properly sanitized before being passed to exec. Impact A remote attacker...
Openswan: Denial of service
Background Openswan is an implementation of IPsec for Linux. Description Multiple vulnerabilities have been discovered in Openswan: Gerd v. Egidy reported a NULL pointer dereference in the Dead Peer Detection of the pluto IKE daemon as included in Openswan CVE-2009-0790. The Orange Labs...
GCC-XML: Insecure temporary file usage
Background GCC-XML is an XML output extension to the C++ front-end of GCC. Description Dmitry E. Oboukhov reported that findflags in GCC-XML does not handle "/tmp/.cxx" temporary files securely. Impact A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges...
Multiple Ralink wireless drivers: Execution of arbitrary code
Background All listed packages are external kernel modules that provide drivers for multiple Ralink devices. ralink-rt61 is released by ralinktech.com, the other packages by the rt2x00.serialmonkey.com project. Description Aviv reported an integer overflow in multiple Ralink wireless card drivers...