3816 matches found
Gnumeric: User-assisted execution of arbitrary code
Background The Gnumeric spreadsheet is a versatile application developed as part of the GNOME Office project. Description Multiple integer overflow and signedness errors have been reported in the excelreadHLINK function in file plugins/excel/ms-excel-read.c when processing XLS HLINK opcodes. Impa...
ngIRCd: Denial of service
Background ngIRCd is a free open source daemon for Internet Relay Chat IRC. Description The IRCPART function in the file irc-channel.c does not properly check the number of parameters, referencing an invalid pointer if no channel is supplied. Impact A remote attacker can exploit this vulnerabilit...
ELinks: User-assisted execution of arbitrary code
Background ELinks is a text-mode web browser. Description Arnaud Giersch discovered that the "addfilenametostring" function in file intl/gettext/loadmsgcat.c uses an untrusted relative path, allowing for a format string attack with a malicious .po file. Impact A local attacker could entice a user...
Amarok: User-assisted remote execution of arbitrary code
Background Amarok is an advanced music player. Description The Magnatune downloader doesn't quote the "mcurrentAlbumFileName" parameter while calling the "unzip" shell command. Impact A compromised or malicious Magnatune server can remotely execute arbitrary shell code with the rights of the user...
ClamAV: Multiple Vulnerabilities
Background ClamAV is a GPL virus scanner. Description Damian Put and an anonymous researcher reported a potential heap-based buffer overflow vulnerability in rebuildpe.c responsible for the rebuilding of an unpacked PE file, and a possible crash in chmunpack.c in the CHM unpacker. Impact By sendi...
Vixie Cron: Privilege Escalation
Background Vixie Cron is a command scheduler with extended syntax over cron. Description Roman Veretelnikov discovered that Vixie Cron fails to properly check whether it can drop privileges accordingly if setuid in docommand.c fails due to a user exceeding assigned resource limits. Impact Local...
Quagga Routing Suite: Multiple vulnerabilities
Background The Quagga Routing Suite implements three major routing protocols: RIP v1/v2/v3, OSPF v2/v3 and BGP4. Description Konstantin V. Gavrilenko discovered two flaws in the Routing Information Protocol RIP daemon that allow the processing of RIP v1 packets carrying no authentication even whe...
FreeRADIUS: Authentication bypass in EAP-MSCHAPv2 module
Background FreeRADIUS is an open source RADIUS authentication server implementation. Description FreeRADIUS suffers from insufficient input validation in the EAP-MSCHAPv2 state machine. Impact An attacker could cause the server to bypass authentication checks by manipulating the EAP-MSCHAPv2 clie...
BomberClone: Remote execution of arbitrary code
Background BomberClone is a remake of the classic game "BomberMan". It supports multiple players via IP network connection. Description Stefan Cornelius of the Gentoo Security team discovered multiple missing buffer checks in BomberClone's code. Impact By sending overly long error messages to the...
giflib: Multiple vulnerabilities
Background giflib is a library for reading and writing GIF images. Description Chris Evans and Daniel Eisenbud independently discovered two out-of-bounds memory write operations and a NULL pointer dereference in giflib. Impact An attacker could craft a malicious GIF image and entice users to load...
SELinux PAM: Local password guessing attack
Background PAM Pluggable Authentication Modules is an architecture allowing the separation of the development of privilege granting software from the development of secure and appropriate authentication schemes. SELinux is an operating system based on Linux which includes Mandatory Access Control...
Dia: Arbitrary code execution through SVG import
Background Dia is a gtk+ based diagram creation program released under the GPL license. Description Joxean Koret discovered that the SVG import plugin in Dia fails to properly sanitise data read from an SVG file. Impact An attacker could create a specially crafted SVG file, which, when imported...
Hylafax: Insecure temporary file creation in xferfaxstats script
Background Hylafax is a client-server fax package for class 1 and 2 fax modems. Description Javier Fernandez-Sanguino has discovered that xferfaxstats cron script supplied by Hylafax insecurely creates temporary files with predictable filenames. Impact A local attacker could create symbolic links...
Evolution: Format string vulnerabilities
Background Evolution is a GNOME groupware application. Description Ulf Harnhammar discovered that Evolution is vulnerable to format string bugs when viewing attached vCards and when displaying contact information from remote LDAP servers or task list data from remote servers CAN-2005-2549. He als...
Qpopper: Multiple Vulnerabilities
Background Qpopper is a widely used server for the POP3 protocol. Description Jens Steube discovered that Qpopper doesn't drop privileges to process local files from normal users CAN-2005-1151. The upstream developers discovered that Qpopper can be forced to create group or world writeable files...
sharutils: Insecure temporary file creation
Background sharutils is a collection of tools to deal with shar archives. Description Joey Hess has discovered that the program unshar, which is a part of sharutils, creates temporary files in a world-writable directory with predictable names. Impact A local attacker could create symbolic links i...
Xzabite dyndnsupdate: Multiple vulnerabilities
Background dyndnsupdate is a dyndns.org data updater written by Fredrik "xzabite" Haglund. Description Toby Dickenson discovered that dyndnsupdate suffers from multiple overflows. Impact A remote attacker, posing as a dyndns.org server, could execute arbitrary code with the rights of the user...
mpg123: Buffer overflow
Background mpg123 is a real-time MPEG audio player. Description mpg123 improperly parses frame headers in input streams. Impact By inducing a user to play a malicious file, an attacker may be able to exploit a buffer overflow to execute arbitrary code with the permissions of the user running...
Shoutcast Server: Remote code execution
Background Shoutcast Server is Nullsoft's streaming audio server. It runs on a variety of platforms, including Linux, and is extremely popular with Internet broadcasters. Description Part of the Shoutcast Server Linux binary has been found to improperly handle sprintf parsing. Impact A malicious...
ncpfs: Buffer overflow in ncplogin and ncpmap
Background ncpfs is a NCP protocol network filesystem that allows access to Netware services, for example to mount volumes of NetWare servers or print to NetWare print queues. Description Karol Wiesek discovered a buffer overflow in the handling of the '-T' option in the ncplogin and ncpmap...
ez-ipupdate: Format string vulnerability
Background ez-ipupdate is a utility for updating host name information for a large number of dynamic DNS services. Description Ulf Harnhammar from the Debian Security Audit Project discovered a format string vulnerability in ez-ipupdate. Impact An attacker could exploit this to execute arbitrary...
mpg123: Buffer overflow vulnerabilities
Background mpg123 is a MPEG Audio Player. Description Buffer overflow vulnerabilities in the getauthfromURL and httpopen functions have been reported by Carlos Barros. Additionally, the Gentoo Linux Sound Team fixed additional boundary checks which were found to be lacking. Impact By enticing a...
Netpbm: Multiple temporary file issues
Background Netpbm is a toolkit containing more than 200 separate utilities for manipulation and conversion of graphic images. Description Utilities contained in the Netpbm package prior to the 9.25 version contain defects in temporary file handling. They create temporary files with predictable...
gv: Exploitable Buffer Overflow
Background gv is a PostScript and PDF viewer for X which provides a user interface for the ghostscript interpreter. Description gv contains a buffer overflow vulnerability where an unsafe sscanf call is used to interpret PDF and PostScript files. Impact By enticing a user to view a malformed PDF ...
XChat 2.0.x SOCKS5 Vulnerability
Background XChat is a multiplatform IRC client. Description The SOCKS 5 proxy code in XChat is vulnerable to a remote exploit. Users would have to be using XChat through a SOCKS 5 server, enable SOCKS 5 traversal which is disabled by default and also connect to an attacker's custom proxy server...
Python, PyPy: Multiple Vulnerabilities
Background Python is an interpreted, interactive, object-oriented, cross-platform programming language. Description Multiple vulnerabilities have been discovered in Python, PyPy3. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers f...
FreeType: Remote Code Execution
Background FreeType is a high-quality and portable font engine. Description Multiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details. Impact An out of bounds write exists in FreeType when attempting to parse font subglyph structures...
Cacti: Multiple Vulnerabilities
Background Cacti is a web-based network graphing and reporting tool. Description Multiple vulnerabilities have been discovered in Cacti. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
Perl: Multiple Vulnerabilities
Background Perl is Larry Wall’s Practical Extraction and Report Language. Description Multiple vulnerabilities have been discovered in Perl. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no know...
PostgreSQL: Privilege Escalation
Background PostgreSQL is an open source object-relational database management system. Description A vulnerability has been discovered in PostgreSQL. Please review the CVE identifier referenced below for details. Impact An attacker able to create and drop non-temporary objects could inject SQL cod...
stb: Multiple Vulnerabilities
Background A set of single-file public domain or MIT licensed libraries for C/C++ Description Multiple vulnerabilities have been discovered in stb. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is ...
VLC: Multiple Vulnerabilities
Background VLC is a cross-platform media player and streaming server. Description Multiple vulnerabilities have been discovered in VLC. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
pypy, pypy3: Multiple Vulnerabilities
Background A fast, compliant alternative implementation of the Python language. Description Multiple vulnerabilities have been discovered in pypy. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is n...
protobuf, protobuf-python: Denial of Service
Background Google's Protocol Buffers are an extensible mechanism for serializing structured data. Description A vulnerability has been discovered in protobuf and protobuf-python. Please review the CVE identifiers referenced below for details. Impact A parsing vulnerability for the MessageSet type...
PostgreSQL: Multiple Vulnerabilities
Background PostgreSQL is an open source object-relational database management system. Description Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaroun...
Bitcoin: Denial of Service
Background Bitcoin Core consists of both "full-node" software for fully validating the blockchain as well as a bitcoin wallet. Description Please review the CVE identifier referenced below for details. Impact Bitcoin Core, when debug mode is not used, allows attackers to cause a denial of service...
TigerVNC: Multiple Vulnerabilities
Background TigerVNC is a high-performance VNC server/client. Description Multiple vulnerabilities have been discovered in TigerVNC. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
SDL_ttf: Arbitrary Memory Write
Background SDLttf is a wrapper around the FreeType and Harfbuzz libraries, allowing you to use TrueType fonts to render text in SDL applications. Description A vulnerability has been discovered in SDLttf. Please review the CVE identifier referenced below for details. Impact SDLttf was discovered ...
btrbk: Remote Code Execution
Background btrbk is a backup tool for btrfs subvolumes, taking advantage of btrfs specific capabilities to create atomic snapshots and transfer them incrementally to your backup locations. Description A vulnerability has been discovered in btrbk. Please review the CVE identifier referenced below...
slixmpp: Insufficient Certificate Validation
Background slixmpp is a Python 3 library for XMPP. Description slixmpp does not validate hostnames in certificates used by connected servers. Impact An attacker could perform a man-in-the-middle attack on users' connections to servers with slixmpp. Workaround There is no known workaround at this...
Transmission: Remote code execution
Background Transmission is a cross-platform BitTorrent client. Description Transmission mishandles some memory management which may allow manipulation of the heap. Impact A remote attacker could entice a user to open a specially crafted torrent file using Transmission, possibly resulting in...
FlightGear, SimGear: Multiple vulnerabilities
Background FlightGear is an open-source flight simulator. It supports a variety of popular platforms Windows, Mac, Linux, etc. and is developed by skilled volunteers from around the world. Source code for the entire project is available and licensed under the GNU General Public License. SimGear i...
MPFR: User-assisted execution of arbitrary code
Background MPFR is a library for multiple-precision floating-point computations with exact rounding. Description MPFR fails to adequately check user-supplied input, which could lead to a buffer overflow. Impact A remote attacker could possibly execute arbitrary code with the privileges of the...
MirBSD Korn Shell: Arbitrary code execution
Background MirBSD Korn Shell is an actively developed free implementation of the Korn Shell programming language and a successor to the Public Domain Korn Shell. Description Improper sanitation of environment import allows for appending of values to passed parameters. Impact An attacker who alrea...
OptiPNG: User-assisted execution of arbitrary code
Background OptiPNG is a PNG optimizer that recompresses image files to a smaller size, without losing any information. Description A use-after-free vulnerability exists in the palette reduction functionality of OptiPNG. Impact A remote attacker could entice a user to open a specially crafted imag...
GEGL: User-assisted execution of arbitrary code
Background GEGL is a graph-based image processing framework. Description Multiple integer overflows in GEGL may cause a heap-based buffer overflow. Impact A remote attacker could entice a user to open a specially crafted PPM image using an application linked against GEGL, possibly resulting in...
TPP: User-assisted execution of arbitrary code
Background TPP is an ncurses-based text presentation tool. Description TPP templates may contain a --exec clause, the contents of which are automatically executed without confirmation from the user. Impact A remote attacker could entice a user to open a specially crafted file using TPP, possibly...
aria2: Directory traversal
Background aria2 is a download utility with resuming and segmented downloading with HTTP/HTTPS/FTP/BitTorrent support. Description A directory traversal vulnerability was discovered in aria2. Impact A remote attacker could entice a user to download from a specially crafted metalink file, resultin...
Maildrop: privilege escalation
Background maildrop is the mail filter/mail delivery agent that is used by the Courier Mail Server. Description Christoph Anton Mitterer reported that maildrop does not properly drop its privileges when run as root. Impact A local attacker could create a specially crafted .mailfilter file, possib...
WeeChat: Denial of service
Background Wee Enhanced Environment for Chat WeeChat is a light and extensible console IRC client. Description Sebastien Helleu reported an array out-of-bounds error in the colored message handling. Impact A remote attacker could send a specially crafted PRIVMSG command, possibly leading to a...