3816 matches found
qtsvg: Multiple Vulnerabilities
Background qtsvg is a SVG rendering library for the Qt framework. Description Multiple vulnerabilities have been discovered in qtsvg. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
libcaca: Arbitary Code Execution
Background libcaca is a library that creates colored ASCII-art graphics. Description A vulnerability has been discovered in libcaca. Please review the CVE identifier referenced below for details. Impact A buffer overflow issue in cacaresize function in libcaca/caca/canvas.c may lead to local...
Icecast: Denial of service
Background Icecast is an open source alternative to shoutcast that supports mp3, ogg vorbis/theora and aac streaming. Description When streamauth handler is defined for URL authentication and a request is sent without login credentials, a Denial of Service condition can occur. Impact A remote...
GMime: Arbitrary code execution
Background GMime is a C/C++ library which may be used for the creation and parsing of messages using the Multipurpose Internet Mail Extension MIME. Description GMime contains a buffer overflow flaw in the GMIMEUUENCODELEN macro in gmime/gmime-encodings.h. Impact A context-dependent attacker could...
PCSC-Lite: Arbitrary code execution
Background PCSC-Lite is a PC/SC Architecture smartcard middleware library. Description PCSC-Lite contains a stack-based buffer overflow in the ATRDecodeAtr function in the Answer-to-Reset Handler atrhandler.c. Impact A physically proximate attacker could execute arbitrary code or cause a Denial o...
CTorrent: User-assisted arbitrary code execution
Background CTorrent is a BitTorrent client implemented in C++ to be lightweight and quick. Description CTorrent contains a stack-based buffer overflow in the btFiles::BuildFromMI function in trunk/btfiles.cpp. Impact A remote attacker could entice a user to open a specially crafted torrent file...
ChaSen: User-assisted execution of arbitrary code
Background ChaSen is a Japanese morphological analysis system. Description An error in chalib.c of ChaSen could cause a buffer overflow. Impact A remote attacker could entice a user to open a specially crafted text file using ChaSen or an application using the ChaSen libraries, possibly resulting...
TagLib: Multiple vulnerabilities
Background TagLib is a library for reading and editing audio meta data. Description Multiple vulnerabilities have been found in TagLib: The "analyzeCurrent" function in ape/apeproperties.cpp contains a division by zero error CVE-2012-1107. The "parse" function in inogg/xiphcomment.cpp contains an...
libzip: Multiple vulnerabilities
Background libzip is a library for manipulating zip archives. Description Two vulnerabilities have been found in the "zipreadcdir" function in zipopen.c of libzip: An incorrect loop construct, which could cause a heap-based buffer overflow CVE-2012-1162. An integer overflow, which may not restric...
NX Server Free Edition, NX Node: Privilege escalation
Background NX Server Free Edition is a remote display technology by No Machine. NX Node provides the shared components for NX Server. Description NX Server Free Edition and NX Node use nxconfigure.sh, a setuid script containing an unspecified vulnerability. Impact A local attacker could gain...
MLDonkey: Information disclosure
Background MLDonkey is a multi-network P2P application written in Ocaml, coming with its own Gtk GUI, web and telnet interface. Description Michael Peselnik reported that src/utils/lib/url.ml in the web interface of MLDonkey does not handle file names with leading double slashes properly. Impact ...
MPFR: Denial of service
Background MPFR is a library for multiple-precision floating-point computations with exact rounding. Description Multiple buffer overflows have been reported in the mpfrsnprintf and mpfrvsnprintf functions. Impact A remote user could exploit the vulnerability to cause a Denial of Service in an...
stunnel: Security bypass
Background The stunnel program is designed to work as an SSL encryption wrapper between a remote client and a local or remote server. OCSP Online Certificate Status Protocol, as described in RFC 2560, is an internet protocol used for obtaining the revocation status of an X.509 digital certificate...
Poppler: User-assisted execution of arbitrary code
Background Poppler is a cross-platform PDF rendering library originally based on Xpdf. Description Kees Cook from the Ubuntu Security Team reported that the CairoFont::create function in the file CairoFontEngine.cc does not verify the type of an embedded font object inside a PDF file before...
MaraDNS: CNAME Denial of service
Background MaraDNS is a package that implements the Domain Name Service DNS with resolver and caching ability. Description Michael Krieger reported that a specially crafted DNS could prevent an authoritative canonical name CNAME record from being resolved because of an "improper rotation of...
Wireshark: Multiple vulnerabilities
Background Wireshark is a network protocol analyzer with a graphical front-end. Description Multiple buffer overflows and infinite loops were discovered in multiple dissector and parser components, including those for MP3 and NCP CVE-2007-6111, PPP CVE-2007-6112, DNP CVE-2007-6113, SSL and iSerie...
MPlayer: Multiple buffer overflows
Background MPlayer is a media player incuding support for a wide range of audio and video formats. Description Stefan Cornelius and Reimar Doffinger of Secunia Research discovered several boundary errors in the functions cddbqueryparse, cddbparsematcheslist and cddbreadparse, each allowing for a...
wv library: Multiple integer overflows
Background wv is a library for conversion of MS Word DOC and RTF files. Description The wv library fails to do proper arithmetic checks in multiple places, possibly leading to integer overflows. Impact An attacker could craft a malicious file that, when handled with the wv library, could lead to...
ClamAV: Multiple Vulnerabilities
Background ClamAV is a GPL virus scanner. Description Damian Put and an anonymous researcher reported a potential heap-based buffer overflow vulnerability in rebuildpe.c responsible for the rebuilding of an unpacked PE file, and a possible crash in chmunpack.c in the CHM unpacker. Impact By sendi...
Audacious: Multiple heap and buffer overflows
Background Audacious is a media player that has been forked from Beep Media Player. Description Luigi Auriemma has found that the adplug library fails to verify the size of the destination buffers in the unpacking instructions, resulting in various possible heap and buffer overflows. Impact An...
Vixie Cron: Privilege Escalation
Background Vixie Cron is a command scheduler with extended syntax over cron. Description Roman Veretelnikov discovered that Vixie Cron fails to properly check whether it can drop privileges accordingly if setuid in docommand.c fails due to a user exceeding assigned resource limits. Impact Local...
BomberClone: Remote execution of arbitrary code
Background BomberClone is a remake of the classic game "BomberMan". It supports multiple players via IP network connection. Description Stefan Cornelius of the Gentoo Security team discovered multiple missing buffer checks in BomberClone's code. Impact By sending overly long error messages to the...
libtasn1, GNU TLS: Security flaw in DER decoding
Background Libtasn1 is a library used to parse ASN.1 Abstract Syntax Notation One objects, and perform DER Distinguished Encoding Rules decoding. Libtasn1 is included with the GNU TLS library, which is used by applications to provide a cryptographically secure communications channel. Description...
mod_auth_pgsql: Multiple format string vulnerabilities
Background modauthpgsql is an Apache2 module that allows user authentication against a PostgreSQL database. Description The error logging functions of modauthpgsql fail to validate certain strings before passing them to syslog, resulting in format string vulnerabilities. Impact An unauthenticated...
NBD Tools: Buffer overflow in NBD server
Background The NBD Tools are the Network Block Device utilities allowing one to use remote block devices over a TCP/IP network. It includes a userland NBD server. Description Kurt Fitzner discovered that the NBD server allocates a request buffer that fails to take into account the size of the rep...
Xmail: Privilege escalation through sendmail
Background Xmail is an Internet and intranet mail server. Description iDEFENSE reported that the AddressFromAtPtr function in the sendmail program fails to check bounds on arguments passed from other functions, and as a result an exploitable stack overflow condition occurs when specifying the "-t...
TikiWiki: XSS vulnerability
Background TikiWiki is a web-based groupware and content management system CMS, using PHP, ADOdb and Smarty. Description Due to improper input validation, TikiWiki can be exploited to perform cross-site scripting attacks. Impact A remote attacker could exploit this to inject and execute malicious...
SELinux PAM: Local password guessing attack
Background PAM Pluggable Authentication Modules is an architecture allowing the separation of the development of privilege granting software from the development of secure and appropriate authentication schemes. SELinux is an operating system based on Linux which includes Mandatory Access Control...
Mailutils: Format string vulnerability in imap4d
Background The GNU Mailutils are a collection of mail-related utilities, including an IMAP4 server imap4d. Description The imap4d server contains a format string bug in the handling of IMAP SEARCH requests. Impact An authenticated IMAP user could exploit the format string error in imap4d to execu...
mlterm: Integer overflow vulnerability
Background mlterm is a multi-lingual terminal emulator. Description mlterm is vulnerable to an integer overflow that can be triggered by specifying a large image file as a background. This only effects users that have compiled mlterm with the 'gtk' USE flag, which enables gdk-pixbuf support. Impa...
FireHOL: Insecure temporary file creation
Background FireHOL is an iptables rules generator. Description FireHOL insecurely creates temporary files with predictable names. Impact A local attacker could create malicious symbolic links to arbitrary system files. When FireHOL is executed, this could lead to these files being overwritten wit...
Open DC Hub: Remote code execution
Background Open DC Hub is the hub software for the Direct Connect file sharing network. Description Donato Ferrante discovered a buffer overflow vulnerability in the RedirectAll command of the Open DC Hub. Impact Upon exploitation, a remote user with administrative privileges can execute arbitrar...
Netpbm: Multiple temporary file issues
Background Netpbm is a toolkit containing more than 200 separate utilities for manipulation and conversion of graphic images. Description Utilities contained in the Netpbm package prior to the 9.25 version contain defects in temporary file handling. They create temporary files with predictable...
Gallery: Arbitrary command execution
Background Gallery is a PHP script for maintaining online photo albums. Description The upload handling code in Gallery places uploaded files in a temporary directory. After 30 seconds, these files are deleted if they are not valid images. However, since the file exists for 30 seconds, a carefull...
Scorched 3D server chat box format string vulnerability
Background Scorched 3D is a game based loosely on the classic DOS game "Scorched Earth". Scorched 3D adds amongst other new features a 3D island environment and LAN and internet play. Scorched 3D is totally free and is available for multiple operating systems. Description Scorched 3D build 36.2 a...
Fetchmail 6.2.5 fixes a remote DoS
Background Fetchmail is a utility that retrieves and forwards mail from remote systems using IMAP, POP, and other protocols. Description Fetchmail versions 6.2.4 and earlier can be crashed by sending a specially-crafted email to a fetchmail user. This problem occurs because Fetchmail does not...
Linux kernel do_mremap() local privilege escalation vulnerability
Background The Linux kernel is responsible for memory management in a working system - to allow this, processes are allowed to allocate and unallocate memory. Description The memory subsystem allows for shrinking, growing, and moving of chunks of memory along any of the allocated memory areas whi...
Mbed TLS: Multiple Vulnerabilities
Background Mbed TLS previously PolarSSL is an “easy to understand, use, integrate and expand” implementation of the TLS and SSL protocols and the respective cryptographic algorithms and support code required. Description Multiple vulnerabilities have been discovered in Mbed TLS. Please review the...
PostgreSQL: Privilege Escalation
Background PostgreSQL is an open source object-relational database management system. Description A vulnerability has been discovered in PostgreSQL. Please review the CVE identifier referenced below for details. Impact An attacker able to create and drop non-temporary objects could inject SQL cod...
Freenet: Deanonymization Vulnerability
Background Freenet is an encrypted network without censorship. Description This release fixes a severe vulnerability in path folding that allowed to distinguish between downloaders and forwarders with an adapted node that is directly connected via opennet. Impact This release fixes a severe...
HarfBuzz: Denial of Service
Background HarfBuzz is an OpenType text shaping engine. Description Multiple vulnerabilities have been discovered in HarfBuzz. Please review the CVE identifiers referenced below for details. Impact hb-ot-layout-gsubgpos.hh in HarfBuzz allows attackers to trigger On^2 growth via consecutive marks...
KDE Plasma Workspaces: Privilege Escalation
Background KDE Plasma workspace is a widget based desktop environment designed to be fast and efficient. Description Multiple vulnerabilities have been discovered in KDE Plasma Workspaces. Please review the CVE identifiers referenced below for details. Impact KSmserver, KDE's XSMP manager,...
CUPS filters: Remote Code Execution
Background CUPS filters provides backends, filters, and other software that was once part of the core CUPS distribution. Description A vulnerability has been discovered in cups-filters. Please review the CVE identifier referenced below for details. Impact If you use beh to create an accessible...
MiniDLNA: Multiple Vulnerabilities
Background MiniDLNA is a simple media server software, with the aim of being fully compliant with DLNA/UPnP-AV clients. Description Multiple vulnerabilities have been discovered in MiniDLNA. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...
CGAL: Multiple Vulnerabilities
Background CGAL is a C++ library for geometric algorithms and data structures. Description Multiple vulnerabilities have been discovered in CGAL. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...
Transmission: Remote code execution
Background Transmission is a cross-platform BitTorrent client. Description Transmission mishandles some memory management which may allow manipulation of the heap. Impact A remote attacker could entice a user to open a specially crafted torrent file using Transmission, possibly resulting in...
MUNGE: Privilege escalation
Background An authentication service for creating and validating credentials. Description It was discovered that Gentoo’s default MUNGE installation suffered from a privilege escalation vulnerability munge user to root due to improper permissions and a runscript which called chown on a user...
MPFR: User-assisted execution of arbitrary code
Background MPFR is a library for multiple-precision floating-point computations with exact rounding. Description MPFR fails to adequately check user-supplied input, which could lead to a buffer overflow. Impact A remote attacker could possibly execute arbitrary code with the privileges of the...
Echoping: Buffer Overflow Vulnerabilities
Background Echoping is a small program to test performances of a remote host by sending it TCP packets. Description A boundary error exists within the “TLSreadline” function, which can be exploited to overflow a global buffer by sending an overly long encrypted HTTP reply to Echoping. Also, a...
X2Go Server: Arbitrary code execution
Background X2Go is an open source terminal server project. Description A vulnerability in the setgid wrapper x2gosqlitewrapper.c does not hardcode an internal path to x2gosqlitewrapper.pl, allowing a remote attacker to change that path. Impact A remote attacker may be able to execute arbitrary co...