3816 matches found
Amarok: User-assisted execution of arbitrary code
Background Amarok is an advanced music player. Description Tobias Klein has discovered multiple vulnerabilities in Amarok: Multiple integer overflows in the Audible::Tag::readTag function in metadata/audible/audibletag.cpp trigger heap-based buffer overflows CVE-2009-0135. Multiple array index...
MPFR: Denial of service
Background MPFR is a library for multiple-precision floating-point computations with exact rounding. Description Multiple buffer overflows have been reported in the mpfrsnprintf and mpfrvsnprintf functions. Impact A remote user could exploit the vulnerability to cause a Denial of Service in an...
stunnel: Security bypass
Background The stunnel program is designed to work as an SSL encryption wrapper between a remote client and a local or remote server. OCSP Online Certificate Status Protocol, as described in RFC 2560, is an internet protocol used for obtaining the revocation status of an X.509 digital certificate...
MaraDNS: CNAME Denial of service
Background MaraDNS is a package that implements the Domain Name Service DNS with resolver and caching ability. Description Michael Krieger reported that a specially crafted DNS could prevent an authoritative canonical name CNAME record from being resolved because of an "improper rotation of...
Wireshark: Multiple vulnerabilities
Background Wireshark is a network protocol analyzer with a graphical front-end. Description Multiple buffer overflows and infinite loops were discovered in multiple dissector and parser components, including those for MP3 and NCP CVE-2007-6111, PPP CVE-2007-6112, DNP CVE-2007-6113, SSL and iSerie...
Nagios Plugins: Two buffer overflows
Background The Nagios Plugins are an official set of plugins for Nagios, an open source host, service and network monitoring program. Description fabiodds reported a boundary checking error in the "checksnmp" plugin when processing SNMP "GET" replies that could lead to a stack-based buffer overfl...
Tk: Buffer overflow
Background Tk is a toolkit for creating graphical user interfaces. Description Reinhard Max discovered a boundary error in Tk when processing an interlaced GIF with two frames where the second is smaller than the first one. Impact A remote attacker could entice a user to open a specially crafted...
MPlayer: Multiple buffer overflows
Background MPlayer is a media player incuding support for a wide range of audio and video formats. Description Stefan Cornelius and Reimar Doffinger of Secunia Research discovered several boundary errors in the functions cddbqueryparse, cddbparsematcheslist and cddbreadparse, each allowing for a...
libexif: Buffer overflow
Background libexif is a library for parsing, editing and saving EXIF metadata from images. Description iDefense Labs have discovered that the exifdataloaddataentry function in libexif/exif-data.c improperly handles integer data while working with an image with many EXIF components, allowing an...
wv library: Multiple integer overflows
Background wv is a library for conversion of MS Word DOC and RTF files. Description The wv library fails to do proper arithmetic checks in multiple places, possibly leading to integer overflows. Impact An attacker could craft a malicious file that, when handled with the wv library, could lead to...
ClamAV: Multiple Vulnerabilities
Background ClamAV is a GPL virus scanner. Description Damian Put and an anonymous researcher reported a potential heap-based buffer overflow vulnerability in rebuildpe.c responsible for the rebuilding of an unpacked PE file, and a possible crash in chmunpack.c in the CHM unpacker. Impact By sendi...
Audacious: Multiple heap and buffer overflows
Background Audacious is a media player that has been forked from Beep Media Player. Description Luigi Auriemma has found that the adplug library fails to verify the size of the destination buffers in the unpacking instructions, resulting in various possible heap and buffer overflows. Impact An...
Vixie Cron: Privilege Escalation
Background Vixie Cron is a command scheduler with extended syntax over cron. Description Roman Veretelnikov discovered that Vixie Cron fails to properly check whether it can drop privileges accordingly if setuid in docommand.c fails due to a user exceeding assigned resource limits. Impact Local...
BomberClone: Remote execution of arbitrary code
Background BomberClone is a remake of the classic game "BomberMan". It supports multiple players via IP network connection. Description Stefan Cornelius of the Gentoo Security team discovered multiple missing buffer checks in BomberClone's code. Impact By sending overly long error messages to the...
libtasn1, GNU TLS: Security flaw in DER decoding
Background Libtasn1 is a library used to parse ASN.1 Abstract Syntax Notation One objects, and perform DER Distinguished Encoding Rules decoding. Libtasn1 is included with the GNU TLS library, which is used by applications to provide a cryptographically secure communications channel. Description...
ClamAV: Remote execution of arbitrary code
Background ClamAV is a GPL virus scanner. Description Zero Day Initiative ZDI reported a heap buffer overflow vulnerability. The vulnerability is due to an incorrect boundary check of the user-supplied data prior to copying it to an insufficiently sized memory buffer. The flaw occurs when the...
mod_auth_pgsql: Multiple format string vulnerabilities
Background modauthpgsql is an Apache2 module that allows user authentication against a PostgreSQL database. Description The error logging functions of modauthpgsql fail to validate certain strings before passing them to syslog, resulting in format string vulnerabilities. Impact An unauthenticated...
NBD Tools: Buffer overflow in NBD server
Background The NBD Tools are the Network Block Device utilities allowing one to use remote block devices over a TCP/IP network. It includes a userland NBD server. Description Kurt Fitzner discovered that the NBD server allocates a request buffer that fails to take into account the size of the rep...
Xmail: Privilege escalation through sendmail
Background Xmail is an Internet and intranet mail server. Description iDEFENSE reported that the AddressFromAtPtr function in the sendmail program fails to check bounds on arguments passed from other functions, and as a result an exploitable stack overflow condition occurs when specifying the "-t...
fetchmail: Password exposure in fetchmailconf
Background fetchmail is a utility that retrieves and forwards mail from remote systems using IMAP, POP, and other protocols. It ships with fetchmailconf, a graphical utility used to create configuration files. Description Thomas Wolff discovered that fetchmailconf opens the configuration file wit...
TikiWiki: XSS vulnerability
Background TikiWiki is a web-based groupware and content management system CMS, using PHP, ADOdb and Smarty. Description Due to improper input validation, TikiWiki can be exploited to perform cross-site scripting attacks. Impact A remote attacker could exploit this to inject and execute malicious...
Mozilla Suite, Mozilla Firefox: Multiple vulnerabilities
Background The Mozilla Suite is a popular all-in-one web browser that includes a mail and news reader. Mozilla Firefox is the next-generation browser from the Mozilla project. Gecko is the layout engine used in both products. Description The Mozilla Suite and Firefox are both vulnerable to the...
Mailutils: Format string vulnerability in imap4d
Background The GNU Mailutils are a collection of mail-related utilities, including an IMAP4 server imap4d. Description The imap4d server contains a format string bug in the handling of IMAP SEARCH requests. Impact An authenticated IMAP user could exploit the format string error in imap4d to execu...
mlterm: Integer overflow vulnerability
Background mlterm is a multi-lingual terminal emulator. Description mlterm is vulnerable to an integer overflow that can be triggered by specifying a large image file as a background. This only effects users that have compiled mlterm with the 'gtk' USE flag, which enables gdk-pixbuf support. Impa...
Cyrus IMAP Server: Multiple overflow vulnerabilities
Background The Cyrus IMAP Server is an efficient, highly-scalable IMAP e-mail server. Description Possible single byte overflows have been found in the imapd annotate extension and mailbox handling code. Furthermore stack buffer overflows have been found in fetchnews, the backend and imapd. Impac...
FireHOL: Insecure temporary file creation
Background FireHOL is an iptables rules generator. Description FireHOL insecurely creates temporary files with predictable names. Impact A local attacker could create malicious symbolic links to arbitrary system files. When FireHOL is executed, this could lead to these files being overwritten wit...
Open DC Hub: Remote code execution
Background Open DC Hub is the hub software for the Direct Connect file sharing network. Description Donato Ferrante discovered a buffer overflow vulnerability in the RedirectAll command of the Open DC Hub. Impact Upon exploitation, a remote user with administrative privileges can execute arbitrar...
Netpbm: Multiple temporary file issues
Background Netpbm is a toolkit containing more than 200 separate utilities for manipulation and conversion of graphic images. Description Utilities contained in the Netpbm package prior to the 9.25 version contain defects in temporary file handling. They create temporary files with predictable...
Gallery: Arbitrary command execution
Background Gallery is a PHP script for maintaining online photo albums. Description The upload handling code in Gallery places uploaded files in a temporary directory. After 30 seconds, these files are deleted if they are not valid images. However, since the file exists for 30 seconds, a carefull...
Scorched 3D server chat box format string vulnerability
Background Scorched 3D is a game based loosely on the classic DOS game "Scorched Earth". Scorched 3D adds amongst other new features a 3D island environment and LAN and internet play. Scorched 3D is totally free and is available for multiple operating systems. Description Scorched 3D build 36.2 a...
Fetchmail 6.2.5 fixes a remote DoS
Background Fetchmail is a utility that retrieves and forwards mail from remote systems using IMAP, POP, and other protocols. Description Fetchmail versions 6.2.4 and earlier can be crashed by sending a specially-crafted email to a fetchmail user. This problem occurs because Fetchmail does not...
Linux kernel do_mremap() local privilege escalation vulnerability
Background The Linux kernel is responsible for memory management in a working system - to allow this, processes are allowed to allocate and unallocate memory. Description The memory subsystem allows for shrinking, growing, and moving of chunks of memory along any of the allocated memory areas whi...
Mbed TLS: Multiple Vulnerabilities
Background Mbed TLS previously PolarSSL is an “easy to understand, use, integrate and expand” implementation of the TLS and SSL protocols and the respective cryptographic algorithms and support code required. Description Multiple vulnerabilities have been discovered in Mbed TLS. Please review the...
PostgreSQL: Privilege Escalation
Background PostgreSQL is an open source object-relational database management system. Description A vulnerability has been discovered in PostgreSQL. Please review the CVE identifier referenced below for details. Impact An attacker able to create and drop non-temporary objects could inject SQL cod...
Freenet: Deanonymization Vulnerability
Background Freenet is an encrypted network without censorship. Description This release fixes a severe vulnerability in path folding that allowed to distinguish between downloaders and forwarders with an adapted node that is directly connected via opennet. Impact This release fixes a severe...
HarfBuzz: Denial of Service
Background HarfBuzz is an OpenType text shaping engine. Description Multiple vulnerabilities have been discovered in HarfBuzz. Please review the CVE identifiers referenced below for details. Impact hb-ot-layout-gsubgpos.hh in HarfBuzz allows attackers to trigger On^2 growth via consecutive marks...
KDE Plasma Workspaces: Privilege Escalation
Background KDE Plasma workspace is a widget based desktop environment designed to be fast and efficient. Description Multiple vulnerabilities have been discovered in KDE Plasma Workspaces. Please review the CVE identifiers referenced below for details. Impact KSmserver, KDE's XSMP manager,...
libcaca: Arbitary Code Execution
Background libcaca is a library that creates colored ASCII-art graphics. Description A vulnerability has been discovered in libcaca. Please review the CVE identifier referenced below for details. Impact A buffer overflow issue in cacaresize function in libcaca/caca/canvas.c may lead to local...
CUPS filters: Remote Code Execution
Background CUPS filters provides backends, filters, and other software that was once part of the core CUPS distribution. Description A vulnerability has been discovered in cups-filters. Please review the CVE identifier referenced below for details. Impact If you use beh to create an accessible...
MiniDLNA: Multiple Vulnerabilities
Background MiniDLNA is a simple media server software, with the aim of being fully compliant with DLNA/UPnP-AV clients. Description Multiple vulnerabilities have been discovered in MiniDLNA. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...
CGAL: Multiple Vulnerabilities
Background CGAL is a C++ library for geometric algorithms and data structures. Description Multiple vulnerabilities have been discovered in CGAL. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...
Transmission: Remote code execution
Background Transmission is a cross-platform BitTorrent client. Description Transmission mishandles some memory management which may allow manipulation of the heap. Impact A remote attacker could entice a user to open a specially crafted torrent file using Transmission, possibly resulting in...
MUNGE: Privilege escalation
Background An authentication service for creating and validating credentials. Description It was discovered that Gentoo’s default MUNGE installation suffered from a privilege escalation vulnerability munge user to root due to improper permissions and a runscript which called chown on a user...
MPFR: User-assisted execution of arbitrary code
Background MPFR is a library for multiple-precision floating-point computations with exact rounding. Description MPFR fails to adequately check user-supplied input, which could lead to a buffer overflow. Impact A remote attacker could possibly execute arbitrary code with the privileges of the...
Echoping: Buffer Overflow Vulnerabilities
Background Echoping is a small program to test performances of a remote host by sending it TCP packets. Description A boundary error exists within the “TLSreadline” function, which can be exploited to overflow a global buffer by sending an overly long encrypted HTTP reply to Echoping. Also, a...
stunnel: Arbitrary code execution
Background The stunnel program is designed to work as an SSL encryption wrapper between a client and a local or remote server. Description A buffer overflow vulnerability has been discovered in stunnel. Please review the CVE identifier referenced below for details. Impact A remote attacker could...
X2Go Server: Arbitrary code execution
Background X2Go is an open source terminal server project. Description A vulnerability in the setgid wrapper x2gosqlitewrapper.c does not hardcode an internal path to x2gosqlitewrapper.pl, allowing a remote attacker to change that path. Impact A remote attacker may be able to execute arbitrary co...
GEGL: User-assisted execution of arbitrary code
Background GEGL is a graph-based image processing framework. Description Multiple integer overflows in GEGL may cause a heap-based buffer overflow. Impact A remote attacker could entice a user to open a specially crafted PPM image using an application linked against GEGL, possibly resulting in...
libotr: Arbitrary code execution
Background libotr is a portable off-the-record messaging library. Description Multiple heap-based buffer overflows are present in the Base64 decoder of libotr. Impact A remote attacker could send a specially crafted OTR message, resulting in arbitrary code execution with the privileges of the...
foomatic-filters: User-assisted execution of arbitrary code
Background The foomatic-filters package contains wrapper scripts which are designed to be used with Foomatic. Description The foomatic-rip filter improperly handles command-line arguments, including those issued by FoomaticRIPCommandLine fields in PPD files. Impact A remote attacker could entice ...