3816 matches found
LibreOffice: Multiple Vulnerabilities
Background LibreOffice is a powerful office suite; its clean interface and powerful tools let you unleash your creativity and grow your productivity. Description Multiple vulnerabilities have been discovered in LibreOffice. Please review the CVE identifiers referenced below for details. Impact...
xfce4-settings: Browser Argument Injection
Background xfce4-settings contains the configuration system for the Xfce desktop environment. Description xfce4-settings does not sufficiently sanitize URLs opened via xdg4-mime-helper-tool which is called when a user clicks a link in e.g. Firefox. Impact The vulnerability can be leveraged into...
D-Bus: Denial of service
Background D-Bus is a message bus system which processes can use to talk to each other. Description It was discovered that D-Bus did not properly handle the situation when two usernames have the same numeric UID. Impact An attacker could possibly cause a Denial of Service condition or trigger oth...
VDE: Privilege escalation
Background VDE is an ethernet compliant virtual network that can be spawned over a set of physical computer over the Internet. Description It was discovered that Gentoo’s default VDE installation suffered from a privilege escalation vulnerability in the init script. This script calls an unsafe...
Smb4K: Arbitrary command execution as root
Background Smb4K is a SMB/CIFS Windows share browser for KDE. Description Smb4k contains a logic flaw in which mount helper binary does not properly verify the mount command it is being asked to run. Impact A local user can execute commands with the root privilege due to the mount helper being...
Bundler: Insecure installation
Background Bundler provides a consistent environment for Ruby projects by tracking and installing the exact gems and versions that are needed. Description Bundler, allows the installation of gems from different sources with the same names, when multiple top-level gem sources are used. Impact Remo...
kwalletd: Information disclosure
Background Kwalletd is is a credentials management application for KDE. Description Kwalletd in KWallet uses Blowfish with ECB mode instead of CBC mode when encrypting the password store. Impact Local attackers, with access to the password store, could conduct a codebook attack in order to obtain...
UnRTF: Multiple vulnerabilities
Background UnRTF is a command-line program which converts RTF documents to other formats. Description Multiple vulnerabilities have been discovered in UnRTF. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to execute arbitrary code with the...
chrony: Multiple vulnerabilities
Background chrony is a versatile implementation of the Network Time Protocol NTP. Description Multiple vulnerabilities have been discovered in chrony. Please review the CVE identifiers referenced below for details. Impact A remote attacker can cause arbitrary remote code execution or Denial of...
usbmuxd: User-assisted execution of arbitrary code
Background usbmuxd is a USB multiplex daemon for use with Apple iPhone and iPod Touch devices. Description The "receivepacket" function in libusbmuxd.c contains a boundary error when parsing the "SerialNumber" field of a USB device, which could cause a heap-based buffer overflow. Impact An attack...
PEAR Net_Traceroute: Command injection
Background PEAR NetTraceroute is an OS independent wrapper class for executing traceroute calls from PHP. Description Pasquale Imperato reported that the $host parameter to the traceroute function in Traceroute.php is not properly sanitized before being passed to exec. Impact A remote attacker...
GCC-XML: Insecure temporary file usage
Background GCC-XML is an XML output extension to the C++ front-end of GCC. Description Dmitry E. Oboukhov reported that findflags in GCC-XML does not handle "/tmp/.cxx" temporary files securely. Impact A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges...
Wicd: Information disclosure
Background Wicd is an open source wired and wireless network manager for Linux. Description Tiziano Mueller of Gentoo discovered that the DBus configuration file for Wicd allows arbitrary users to own the org.wicd.daemon object. Impact A local attacker could exploit this vulnerability to receive...
Amarok: User-assisted execution of arbitrary code
Background Amarok is an advanced music player. Description Tobias Klein has discovered multiple vulnerabilities in Amarok: Multiple integer overflows in the Audible::Tag::readTag function in metadata/audible/audibletag.cpp trigger heap-based buffer overflows CVE-2009-0135. Multiple array index...
gEDA: Insecure temporary file creation
Background gEDA is an Electronic Design Automation tool used for electrical circuit design. Description Dmitry E. Oboukhov reported an insecure temporary file usage within the sch2eaglepos.sh script. Impact A local attacker could perform symlink attacks to overwrite arbitrary files with the...
aview: Insecure temporary file usage
Background aview is an ASCII image viewer and animation player. Description Dmitry E. Oboukhov reported that aview uses the "/tmp/aview$$.pgm" file in an insecure manner when processing files. Impact A local attacker could perform symlink attacks to overwrite arbitrary files on the system with th...
HAVP: Denial of service
Background HAVP is a HTTP AntiVirus Proxy. Description Peter Warasin reported an infinite loop in sockethandler.cpp when connecting to a non-responsive HTTP server. Impact A remote attacker could send requests to unavailable servers, resulting in a Denial of Service. Workaround There is no known...
PECL APC: Buffer Overflow
Background PECL Alternative PHP Cache PECL APC is a free, open, and robust framework for caching and optimizing PHP intermediate code. Description Daniel Papasian discovered a stack-based buffer overflow in the apcsearchpaths function in the file apc.c when processing long filenames. Impact A...
ssl-cert eclass: Certificate disclosure
Background The ssl-cert eclass is a code module used by Gentoo ebuilds to generate SSL certificates. Description Robin Johnson reported that the docert function provided by ssl-cert.eclass can be called by source building stages of an ebuild, such as srccompile or srcinstall, which will result in...
Horde IMP: Security bypass
Background Horde IMP provides a web-based access to IMAP and POP3 mailboxes. Description Ulf Harnhammar, Secunia Research discovered that the "frame" and "frameset" HTML tags are not properly filtered out. He also reported that certain HTTP requests are executed without being checked. Impact A...
Feynmf: Insecure temporary file creation
Background Feynmf is a combined LaTeX and Metafont package for easy drawing of professional quality Feynman and maybe other diagrams. Description Kevin B. McCarty discovered that the feynmf.pl script creates a temporary "properly list" file at the location "$TMPDIR/feynmf$PID.pl", where $PID is t...
Nagios Plugins: Two buffer overflows
Background The Nagios Plugins are an official set of plugins for Nagios, an open source host, service and network monitoring program. Description fabiodds reported a boundary checking error in the "checksnmp" plugin when processing SNMP "GET" replies that could lead to a stack-based buffer overfl...
Tk: Buffer overflow
Background Tk is a toolkit for creating graphical user interfaces. Description Reinhard Max discovered a boundary error in Tk when processing an interlaced GIF with two frames where the second is smaller than the first one. Impact A remote attacker could entice a user to open a specially crafted...
libexif: Buffer overflow
Background libexif is a library for parsing, editing and saving EXIF metadata from images. Description iDefense Labs have discovered that the exifdataloaddataentry function in libexif/exif-data.c improperly handles integer data while working with an image with many EXIF components, allowing an...
NVIDIA binary graphics driver: Privilege escalation vulnerability
Background The NVIDIA binary graphics driver from NVIDIA Corporation provides the kernel module and the GL modules for graphic acceleration on the NVIDIA based graphic cards. Description Rapid7 reported a boundary error in the NVIDIA binary graphics driver that leads to a buffer overflow in the...
DUMB: Heap buffer overflow
Background DUMB Dynamic Universal Music Bibliotheque is an IT, XM, S3M and MOD player library. Description Luigi Auriemma found a heap-based buffer overflow in the itreadenvelope function which reads the envelope values for volume, pan and pitch of the instruments referenced in a ".it" Impulse...
xine-lib: Buffer overflow
Background xine-lib is the core library of xine, a multimedia player. Description There is a stack based overflow in the libmms library included with xine-lib which can be triggered by malicious use of the sendcommand, stringutf16, getdata and getmediapacket functions. Impact A remote attacker...
Hashcash: Possible heap overflow
Background Hashcash is a utility for generating Hashcash tokens, a proof-of-work system to reduce the impact of spam. Description Andreas Seltenreich has reported a possible heap overflow in the arraypush function in hashcash.c, as a result of an incorrect amount of allocated memory for the "ARRA...
fbida: Insecure temporary file creation
Background fbida is a collection of image viewers and editors for the framebuffer console and X11. Description Jan Braun has discovered that the "fbgs" script provided by fbida insecurely creates temporary files in the "/var/tmp" directory. Impact A local attacker could create links in the...
MediaWiki: Cross-site scripting vulnerability
Background MediaWiki is a collaborative editing software, used by big projects like Wikipedia. Description MediaWiki fails to decode certain encoded URLs correctly. Impact By supplying specially crafted links, a remote attacker could exploit this vulnerability to inject malicious HTML or JavaScri...
ClamAV: Remote execution of arbitrary code
Background ClamAV is a GPL virus scanner. Description Zero Day Initiative ZDI reported a heap buffer overflow vulnerability. The vulnerability is due to an incorrect boundary check of the user-supplied data prior to copying it to an insufficiently sized memory buffer. The flaw occurs when the...
fetchmail: Password exposure in fetchmailconf
Background fetchmail is a utility that retrieves and forwards mail from remote systems using IMAP, POP, and other protocols. It ships with fetchmailconf, a graphical utility used to create configuration files. Description Thomas Wolff discovered that fetchmailconf opens the configuration file wit...
gtkdiskfree: Insecure temporary file creation
Background gtkdiskfree is a GTK-based GUI to show free disk space. Description Eric Romang discovered that gtkdiskfree insecurely creates a predictable temporary file to handle command output. Impact A local attacker could create a symbolic link in the temporary files directory, pointing to a val...
Mozilla Suite, Mozilla Firefox: Multiple vulnerabilities
Background The Mozilla Suite is a popular all-in-one web browser that includes a mail and news reader. Mozilla Firefox is the next-generation browser from the Mozilla project. Gecko is the layout engine used in both products. Description The Mozilla Suite and Firefox are both vulnerable to the...
Xpdf, Kpdf, GPdf: Denial of Service vulnerability
Background Xpdf, Kpdf and GPdf are PDF file viewers that run under the X Window System. Kpdf and GPdf both contain Xpdf code. Kpdf is also part of kdegraphics. Description Xpdf, Kpdf and GPdf do not handle a broken table of embedded TrueType fonts correctly. After detecting such a table, Xpdf, Kp...
Heartbeat: Insecure temporary file creation
Background Heartbeat is a component of the High-Availability Linux project. It it used to perform death-of-node detection, communications and cluster management. Description Eric Romang has discovered that Heartbeat insecurely creates temporary files with predictable filenames. Impact A local...
gedit: Format string vulnerability
Background gedit is the official text editor of the GNOME desktop environement. Description A format string vulnerability exists when opening files with names containing format specifiers. Impact A specially crafted file with format specifiers in the filename can cause arbitrary code execution...
xv: Filename handling vulnerability
Background xv is an interactive image manipulation package for X11. Description Tavis Ormandy of the Gentoo Linux Security Audit Team identified a flaw in the handling of image filenames by xv. Impact Successful exploitation would require a victim to process a specially crafted image with a...
Cyrus IMAP Server: Multiple overflow vulnerabilities
Background The Cyrus IMAP Server is an efficient, highly-scalable IMAP e-mail server. Description Possible single byte overflows have been found in the imapd annotate extension and mailbox handling code. Furthermore stack buffer overflows have been found in fetchnews, the backend and imapd. Impac...
TikiWiki: Arbitrary command execution
Background TikiWiki is a web-based groupware and content management system CMS, using PHP, ADOdb and Smarty. Description TikiWiki does not validate files uploaded to the "temp" directory. Impact A malicious user could run arbitrary commands on the server by uploading and calling a PHP script...
VDR: Arbitrary file overwriting issue
Background Video Disk Recorder VDR is a Linux-based digital video recorder. The VDR program handles the On Screen Menu system that offers complete control over channel settings, timers and recordings. Description Javier Fernandez-Sanguino Pena from the Debian Security Audit Team discovered that V...
TikiWiki: Arbitrary command execution
Background TikiWiki is a web-based groupware and content management system CMS, using PHP, ADOdb and Smarty. Description TikiWiki lacks a check on uploaded images in the Wiki edit page. Impact A malicious user could run arbitrary commands on the server by uploading and calling a PHP script...
mpg123: Playlist buffer overflow
Background mpg123 is a MPEG Audio Player. Description Bartlomiej Sieka discovered that mpg123 contains an unsafe strcat to an array in playlist.c. This code vulnerability may lead to a buffer overflow. Impact A remote attacker could craft a malicious playlist which, when used, would result in the...
ncompress: Buffer overflow
Background ncompress is a utility handling compression and decompression of Lempel-Ziv archives, compatible with the original nix compress and uncompress utilities .Z extensions. Description compress and uncompress do not properly check bounds on command line options, including the filename. Larg...
Buffer overflow in Midnight Commander
Background Midnight Commander is a visual file manager. Description A stack-based buffer overflow has been found in Midnight Commander's virtual filesystem. Impact This overflow allows an attacker to run arbitrary code on the user's computer during the symlink conversion process. Workaround While...
oftpd DoS vulnerability
Background Quote from http://www.time-travellers .org/oftpd/ "oftpd is designed to be as secure as an anonymous FTP server can possibly be. It runs as non-root for most of the time, and uses the Unix chroot command to hide most of the systems directories from external users - they cannot change...
GCC: Flawed Code Generation
Background The GNU Compiler Collection includes front ends for C, C++, Objective-C, Fortran, Ada, Go, D and Modula-2 as well as libraries for these languages libstdc++,.... Description A vulnerability has been discovered in GCC. Please review the CVE identifier referenced below for details. Impac...
ncurses: Multiple Vulnerabilities
Background Free software emulation of curses in System V. Description Multiple vulnerabilities have been discovered in ncurses. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround ...
SDL_ttf: Arbitrary Memory Write
Background SDLttf is a wrapper around the FreeType and Harfbuzz libraries, allowing you to use TrueType fonts to render text in SDL applications. Description A vulnerability has been discovered in SDLttf. Please review the CVE identifier referenced below for details. Impact SDLttf was discovered ...
RDoc: Remote Code Execution
Background RDoc produces HTML and command-line documentation for Ruby projects. Description A vulnerability has been discovered in RDoc. Please review the CVE identifier referenced below for details. Impact When parsing .rdocoptions used for configuration in RDoc as a YAML file, object injection...