3816 matches found
PeerCast: Buffer overflow
Background PeerCast is a client and server for P2P-radio network Description Luigi Auriemma reported a heap-based buffer overflow within the "handshakeHTTP" function when processing HTTP requests. Impact A remote attacker could send a specially crafted request to the vulnerable server, possibly...
PEAR::MDB2: Information disclosure
Background PEAR::MDB2 is a database abstraction layer for PHP aimed to provide a common API for all supported relational database management systems. A LOB "large object" is a database field holding binary data. Description priyadi discovered that the request to store a URL string as a LOB is...
nss_ldap: Information disclosure
Background nssldap is a Name Service Switch module which allows 'passwd', 'group' and 'host' database information to be pulled from LDAP. Description Josh Burley reported that nssldap does not properly handle the LDAP connections due to a race condition that can be triggered by multi-threaded...
Feynmf: Insecure temporary file creation
Background Feynmf is a combined LaTeX and Metafont package for easy drawing of professional quality Feynman and maybe other diagrams. Description Kevin B. McCarty discovered that the feynmf.pl script creates a temporary "properly list" file at the location "$TMPDIR/feynmf$PID.pl", where $PID is t...
TORQUE: Insecure temporary file creation
Background TORQUE is a resource manager providing control over batch jobs and distributed compute nodes. Description TORQUE creates temporary files with predictable names. Please note that the TORQUE package shipped in Gentoo Portage is not vulnerable in the default configuration. Only systems wi...
NVIDIA binary graphics driver: Privilege escalation vulnerability
Background The NVIDIA binary graphics driver from NVIDIA Corporation provides the kernel module and the GL modules for graphic acceleration on the NVIDIA based graphic cards. Description Rapid7 reported a boundary error in the NVIDIA binary graphics driver that leads to a buffer overflow in the...
DUMB: Heap buffer overflow
Background DUMB Dynamic Universal Music Bibliotheque is an IT, XM, S3M and MOD player library. Description Luigi Auriemma found a heap-based buffer overflow in the itreadenvelope function which reads the envelope values for volume, pan and pitch of the instruments referenced in a ".it" Impulse...
xine-lib: Buffer overflow
Background xine-lib is the core library of xine, a multimedia player. Description There is a stack based overflow in the libmms library included with xine-lib which can be triggered by malicious use of the sendcommand, stringutf16, getdata and getmediapacket functions. Impact A remote attacker...
Hashcash: Possible heap overflow
Background Hashcash is a utility for generating Hashcash tokens, a proof-of-work system to reduce the impact of spam. Description Andreas Seltenreich has reported a possible heap overflow in the arraypush function in hashcash.c, as a result of an incorrect amount of allocated memory for the "ARRA...
fbida: Insecure temporary file creation
Background fbida is a collection of image viewers and editors for the framebuffer console and X11. Description Jan Braun has discovered that the "fbgs" script provided by fbida insecurely creates temporary files in the "/var/tmp" directory. Impact A local attacker could create links in the...
Cacti: Multiple vulnerabilities in included ADOdb
Background Cacti is a complete web-based frontend to rrdtool. ADOdb is a PHP-based database abstraction layer which is included in Cacti. Description Several vulnerabilities have been identified in the copy of ADOdb included in Cacti. Andreas Sandblad discovered a dynamic code evaluation...
MediaWiki: Cross-site scripting vulnerability
Background MediaWiki is a collaborative editing software, used by big projects like Wikipedia. Description MediaWiki fails to decode certain encoded URLs correctly. Impact By supplying specially crafted links, a remote attacker could exploit this vulnerability to inject malicious HTML or JavaScri...
Heimdal: rshd privilege escalation
Background Heimdal is a free implementation of Kerberos 5. Description An unspecified privilege escalation vulnerability in the rshd server of Heimdal has been reported. Impact Authenticated users could exploit the vulnerability to escalate privileges or to change the ownership and content of...
GStreamer FFmpeg plugin: Heap-based buffer overflow
Background The GStreamer FFmpeg plugin uses code from the FFmpeg library to provide fast colorspace conversion and multimedia decoders to the GStreamer open source media framework. Description The GStreamer FFmpeg plugin contains derived code from the FFmpeg library, which is vulnerable to a heap...
Netpbm: Buffer overflow in pnmtopng
Background Netpbm is a package of 220 graphics programs and a programming library, including pnmtopng, a tool to convert PNM image files to the PNG format. Description RedHat reported that pnmtopng is vulnerable to a buffer overflow. Impact An attacker could craft a malicious PNM file and entice ...
gtkdiskfree: Insecure temporary file creation
Background gtkdiskfree is a GTK-based GUI to show free disk space. Description Eric Romang discovered that gtkdiskfree insecurely creates a predictable temporary file to handle command output. Impact A local attacker could create a symbolic link in the temporary files directory, pointing to a val...
Xpdf, Kpdf, GPdf: Denial of Service vulnerability
Background Xpdf, Kpdf and GPdf are PDF file viewers that run under the X Window System. Kpdf and GPdf both contain Xpdf code. Kpdf is also part of kdegraphics. Description Xpdf, Kpdf and GPdf do not handle a broken table of embedded TrueType fonts correctly. After detecting such a table, Xpdf, Kp...
Heartbeat: Insecure temporary file creation
Background Heartbeat is a component of the High-Availability Linux project. It it used to perform death-of-node detection, communications and cluster management. Description Eric Romang has discovered that Heartbeat insecurely creates temporary files with predictable filenames. Impact A local...
dhcpcd: Denial of Service vulnerability
Background dhcpcd is a standards compliant DHCP client daemon. It requests an IP address and other information from the DHCP server, automatically configures the network interface, and tries to renew the lease time. Description infamous42md discovered that dhcpcd can be tricked to read past the e...
SpamAssassin 3, Vipul's Razor: Denial of Service vulnerability
Background SpamAssassin is an extensible email filter which is used to identify junk email. Vipul's Razor is a client for a distributed, collaborative spam detection and filtering network. Description SpamAssassin and Vipul's Razor contain a Denial of Service vulnerability when handling special...
gedit: Format string vulnerability
Background gedit is the official text editor of the GNOME desktop environement. Description A format string vulnerability exists when opening files with names containing format specifiers. Impact A specially crafted file with format specifiers in the filename can cause arbitrary code execution...
xv: Filename handling vulnerability
Background xv is an interactive image manipulation package for X11. Description Tavis Ormandy of the Gentoo Linux Security Audit Team identified a flaw in the handling of image filenames by xv. Impact Successful exploitation would require a victim to process a specially crafted image with a...
TikiWiki: Arbitrary command execution
Background TikiWiki is a web-based groupware and content management system CMS, using PHP, ADOdb and Smarty. Description TikiWiki does not validate files uploaded to the "temp" directory. Impact A malicious user could run arbitrary commands on the server by uploading and calling a PHP script...
VDR: Arbitrary file overwriting issue
Background Video Disk Recorder VDR is a Linux-based digital video recorder. The VDR program handles the On Screen Menu system that offers complete control over channel settings, timers and recordings. Description Javier Fernandez-Sanguino Pena from the Debian Security Audit Team discovered that V...
TikiWiki: Arbitrary command execution
Background TikiWiki is a web-based groupware and content management system CMS, using PHP, ADOdb and Smarty. Description TikiWiki lacks a check on uploaded images in the Wiki edit page. Impact A malicious user could run arbitrary commands on the server by uploading and calling a PHP script...
mpg123: Playlist buffer overflow
Background mpg123 is a MPEG Audio Player. Description Bartlomiej Sieka discovered that mpg123 contains an unsafe strcat to an array in playlist.c. This code vulnerability may lead to a buffer overflow. Impact A remote attacker could craft a malicious playlist which, when used, would result in the...
ncompress: Buffer overflow
Background ncompress is a utility handling compression and decompression of Lempel-Ziv archives, compatible with the original nix compress and uncompress utilities .Z extensions. Description compress and uncompress do not properly check bounds on command line options, including the filename. Larg...
Buffer overflow in Midnight Commander
Background Midnight Commander is a visual file manager. Description A stack-based buffer overflow has been found in Midnight Commander's virtual filesystem. Impact This overflow allows an attacker to run arbitrary code on the user's computer during the symlink conversion process. Workaround While...
oftpd DoS vulnerability
Background Quote from http://www.time-travellers .org/oftpd/ "oftpd is designed to be as secure as an anonymous FTP server can possibly be. It runs as non-root for most of the time, and uses the Unix chroot command to hide most of the systems directories from external users - they cannot change...
GCC: Flawed Code Generation
Background The GNU Compiler Collection includes front ends for C, C++, Objective-C, Fortran, Ada, Go, D and Modula-2 as well as libraries for these languages libstdc++,.... Description A vulnerability has been discovered in GCC. Please review the CVE identifier referenced below for details. Impac...
Slurm: Multiple Vulnerabilities
Background Slurm is a highly scalable resource manager. Description Multiple vulnerabilities have been discovered in Slurm. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at...
ncurses: Multiple Vulnerabilities
Background Free software emulation of curses in System V. Description Multiple vulnerabilities have been discovered in ncurses. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround ...
RDoc: Remote Code Execution
Background RDoc produces HTML and command-line documentation for Ruby projects. Description A vulnerability has been discovered in RDoc. Please review the CVE identifier referenced below for details. Impact When parsing .rdocoptions used for configuration in RDoc as a YAML file, object injection...
qtsvg: Multiple Vulnerabilities
Background qtsvg is a SVG rendering library for the Qt framework. Description Multiple vulnerabilities have been discovered in qtsvg. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
Blender: Multiple Vulnerabilities
Background Blender is a 3D Creation/Animation/Publishing System. Description Multiple vulnerabilities have been discovered in Blender. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
libuv: Buffer Overread
Background libuv is a multi-platform support library with a focus on asynchronous I/O. Description libuv fails to ensure that a pointer lies within the bounds of a defined buffer in the uvidnatoascii function before reading and manipulating the memory at that address. Impact The overread can resu...
D-Bus: Denial of service
Background D-Bus is a message bus system which processes can use to talk to each other. Description It was discovered that D-Bus did not properly handle the situation when two usernames have the same numeric UID. Impact An attacker could possibly cause a Denial of Service condition or trigger oth...
Smb4K: Arbitrary command execution as root
Background Smb4K is a SMB/CIFS Windows share browser for KDE. Description Smb4k contains a logic flaw in which mount helper binary does not properly verify the mount command it is being asked to run. Impact A local user can execute commands with the root privilege due to the mount helper being...
GMime: Arbitrary code execution
Background GMime is a C/C++ library which may be used for the creation and parsing of messages using the Multipurpose Internet Mail Extension MIME. Description GMime contains a buffer overflow flaw in the GMIMEUUENCODELEN macro in gmime/gmime-encodings.h. Impact A context-dependent attacker could...
PCSC-Lite: Arbitrary code execution
Background PCSC-Lite is a PC/SC Architecture smartcard middleware library. Description PCSC-Lite contains a stack-based buffer overflow in the ATRDecodeAtr function in the Answer-to-Reset Handler atrhandler.c. Impact A physically proximate attacker could execute arbitrary code or cause a Denial o...
CTorrent: User-assisted arbitrary code execution
Background CTorrent is a BitTorrent client implemented in C++ to be lightweight and quick. Description CTorrent contains a stack-based buffer overflow in the btFiles::BuildFromMI function in trunk/btfiles.cpp. Impact A remote attacker could entice a user to open a specially crafted torrent file...
ChaSen: User-assisted execution of arbitrary code
Background ChaSen is a Japanese morphological analysis system. Description An error in chalib.c of ChaSen could cause a buffer overflow. Impact A remote attacker could entice a user to open a specially crafted text file using ChaSen or an application using the ChaSen libraries, possibly resulting...
usbmuxd: User-assisted execution of arbitrary code
Background usbmuxd is a USB multiplex daemon for use with Apple iPhone and iPod Touch devices. Description The "receivepacket" function in libusbmuxd.c contains a boundary error when parsing the "SerialNumber" field of a USB device, which could cause a heap-based buffer overflow. Impact An attack...
NX Server Free Edition, NX Node: Privilege escalation
Background NX Server Free Edition is a remote display technology by No Machine. NX Node provides the shared components for NX Server. Description NX Server Free Edition and NX Node use nxconfigure.sh, a setuid script containing an unspecified vulnerability. Impact A local attacker could gain...
PEAR Net_Traceroute: Command injection
Background PEAR NetTraceroute is an OS independent wrapper class for executing traceroute calls from PHP. Description Pasquale Imperato reported that the $host parameter to the traceroute function in Traceroute.php is not properly sanitized before being passed to exec. Impact A remote attacker...
Amarok: User-assisted execution of arbitrary code
Background Amarok is an advanced music player. Description Tobias Klein has discovered multiple vulnerabilities in Amarok: Multiple integer overflows in the Audible::Tag::readTag function in metadata/audible/audibletag.cpp trigger heap-based buffer overflows CVE-2009-0135. Multiple array index...
MPFR: Denial of service
Background MPFR is a library for multiple-precision floating-point computations with exact rounding. Description Multiple buffer overflows have been reported in the mpfrsnprintf and mpfrvsnprintf functions. Impact A remote user could exploit the vulnerability to cause a Denial of Service in an...
Horde IMP: Security bypass
Background Horde IMP provides a web-based access to IMAP and POP3 mailboxes. Description Ulf Harnhammar, Secunia Research discovered that the "frame" and "frameset" HTML tags are not properly filtered out. He also reported that certain HTTP requests are executed without being checked. Impact A...
MaraDNS: CNAME Denial of service
Background MaraDNS is a package that implements the Domain Name Service DNS with resolver and caching ability. Description Michael Krieger reported that a specially crafted DNS could prevent an authoritative canonical name CNAME record from being resolved because of an "improper rotation of...
Wireshark: Multiple vulnerabilities
Background Wireshark is a network protocol analyzer with a graphical front-end. Description Multiple buffer overflows and infinite loops were discovered in multiple dissector and parser components, including those for MP3 and NCP CVE-2007-6111, PPP CVE-2007-6112, DNP CVE-2007-6113, SSL and iSerie...