3816 matches found
Sylpheed, Claws Mail: User-assisted remote execution of arbitrary code
Background Sylpheed and Claws Mail are two GTK based e-mail clients. Description Ulf Harnhammar from Secunia Research discovered a format string error in the incputerror function in file src/inc.c. Impact A remote attacker could entice a user to connect to a malicious POP server sending specially...
po4a: Insecure temporary file creation
Background po4a is a set of tools for helping with the translation of documentation. Description The po4a development team reported a race condition in the gettextize function when creating the file "/tmp/gettextization.failed.po". Impact A local attacker could perform a symlink attack, possibly...
Amarok: User-assisted remote execution of arbitrary code
Background Amarok is an advanced music player. Description The Magnatune downloader doesn't quote the "mcurrentAlbumFileName" parameter while calling the "unzip" shell command. Impact A compromised or malicious Magnatune server can remotely execute arbitrary shell code with the rights of the user...
CHMlib: User-assisted remote execution of arbitrary code
Background CHMlib is a library for the MS CHM Compressed HTML file format plus extracting and HTTP server utils. Description When certain CHM files that contain tables and objects stored in pages are parsed by CHMlib, an unsanitized value is passed to the alloca function resulting in a shift of t...
Links: Arbitrary Samba command execution
Background Links is a web browser running in both graphics and text modes. Description Teemu Salmela discovered that Links does not properly validate "smb://" URLs when it runs smbclient commands. Impact A remote attacker could entice a user to browse to a specially crafted "smb://" URL and execu...
Tor: Several vulnerabilities
Background Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service. Description Some integer overflows exist when adding elements to the smartlists. Non-printable characters received from the network are not properly sanitised before...
RAR: Format string and buffer overflow vulnerabilities
Background RAR is a powerful archive manager that can decompress RAR, ZIP and other files, and can create new archives in RAR and ZIP file format. Description Tan Chew Keong reported about two vulnerabilities found in RAR: A format string error exists when displaying a diagnostic error message th...
libgda: Format string vulnerabilities
Background libgda is the library handling the data abstraction layer in the Gnome data access architecture GNOME-DB. It can also be used by non-GNOME applications to manage data stored in databases or XML files. Description Steve Kemp discovered two format string vulnerabilities in the gdalogerro...
Netpbm: Arbitrary code execution in pstopnm
Background Netpbm is a package of 220 graphics programs and a programming libraries, including pstopnm. pstopnm is a tool which converts PostScript files to PNM image files. Description Max Vozeler reported that pstopnm calls the GhostScript interpreter on untrusted PostScript files without...
Clam AntiVirus: Integer overflows
Background Clam AntiVirus is a GPL anti-virus toolkit, designed for integration with mail servers to perform attachment scanning. Clam AntiVirus also provides a command line scanner and a tool for fetching updates of the virus database. Description Neel Mehta and Alex Wheeler discovered that Clam...
rsnapshot: Local privilege escalation
Background rsnapshot is a filesystem snapshot utility based on rsync, allowing local and remote systems backups. Description The copysymlink subroutine in rsnapshot follows symlinks when changing file ownership, instead of changing the ownership of the symlink itself. Impact Under certain...
Ringtone Tools: Buffer overflow vulnerability
Background Ringtone Tools is a program for creating ringtones and logos for mobile phones. Description Qiao Zhang has discovered a buffer overflow vulnerability in the 'parseemelody' function in 'parseemelody.c'. Impact A remote attacker could entice a Ringtone Tools user to open a specially...
Vilistextum: Buffer overflow vulnerability
Background Vilistextum is an HTML to text converter. Description Ariel Berkman discovered that Vilistextum unsafely reads data into an array without checking the length. This code vulnerability may lead to a buffer overflow. Impact A remote attacker could craft a malicious webpage which, when...
kdelibs: Cross-domain cookie injection vulnerability
Background KDE is a widely-used desktop environment based on the Qt toolkit. kcookiejar in kdelibs is responsible for storing and managing HTTP cookies. Konqueror uses kcookiejar for storing and managing cookies. Description kcookiejar contains a vulnerability which may allow a malicious website ...
mod_ssl: Format string vulnerability
Background modssl provides Secure Sockets Layer encryption and authentication to Apache 1.3. Description A bug in sslengineext.c makes modssl vulnerable to a ssllog related format string vulnerability in the modproxy hook functions. Impact Given the right server configuration, an attacker could...
Opera: Multiple spoofing vulnerabilities
Background Opera is a multi-platform web browser. Description Opera fails to remove illegal characters from an URI of a link and to check that the target frame of a link belongs to the same website as the link. Opera also updates the address bar before loading a page. Additionally, Opera contains...
Buffer overflows and format string vulnerabilities in LCDproc
Background LCDproc is a program that displays various bits of real-time system information on an LCD. It makes use of a local server LCDd to collect information to display on the LCD. Description Due to insufficient checking of client-supplied data, the LCDd server is susceptible to two buffer...
Insecure sandbox temporary lockfile vulnerabilities in Portage
Background Portage is Gentoo's package management system which is responsible for installing, compiling and updating any ebuilds on the system through the Gentoo rsync tree. Under default configurations, most ebuilds run under a sandbox which prevent the build process writing to the "real" system...
Apache mod_python Denial of Service vulnerability
Background Modpython is an Apache module that embeds the Python interpreter within the server allowing Python-based web-applications to be created. Description The Apache Foundation has reported that modpython may be prone to Denial of Service attacks when handling a malformed query. Modpython...
Spidermonkey: Multiple Vulnerabilities
Background SpiderMonkey is Mozilla’s JavaScript and WebAssembly Engine, used in Firefox, Servo and various other projects. It is written in C++, Rust and JavaScript. You can embed it into C++ and Rust projects, and it can be run as a stand-alone shell. Description Multiple vulnerabilities have be...
icinga2: Multiple Vulnerabilities
Background Icinga2 is a distributed, general purpose, network monitoring engine. Description Multiple vulnerabilities have been discovered in Icinga2. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There ...
Bitcoin: Denial of Service
Background Bitcoin Core consists of both "full-node" software for fully validating the blockchain as well as a bitcoin wallet. Description Please review the CVE identifier referenced below for details. Impact Bitcoin Core, when debug mode is not used, allows attackers to cause a denial of service...
Mozilla Firefox: Multiple Vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
X.Org X11 library: Multiple Vulnerabilities
Background X.Org is an implementation of the X Window System. The X.Org X11 library provides the X11 protocol library files. Description Multiple vulnerabilities have been discovered in X.Org X11 library. Please review the CVE identifiers referenced below for details. Impact Please review the...
borgmatic: Shell Injection
Background borgmatic is simple, configuration-driven backup software for servers and workstations. Description Prevent shell injection attacks within the PostgreSQL hook, the MongoDB hook, the SQLite hook, the "borgmatic borg" action, and command hook variable/constant interpolation. Impact Shell...
Glade: Denial of Service
Background Glade is a RAD tool to enable quick & easy development of user interfaces for the GTK+ toolkit Version 3 only and the GNOME desktop environment. Description A vulnerability has been found in Glade which can lead to a denial of service when working with specific glade files. Impact A...
Transmission: Remote code execution
Background Transmission is a cross-platform BitTorrent client. Description Transmission mishandles some memory management which may allow manipulation of the heap. Impact A remote attacker could entice a user to open a specially crafted torrent file using Transmission, possibly resulting in...
FlightGear, SimGear: Multiple vulnerabilities
Background FlightGear is an open-source flight simulator. It supports a variety of popular platforms Windows, Mac, Linux, etc. and is developed by skilled volunteers from around the world. Source code for the entire project is available and licensed under the GNU General Public License. SimGear i...
libwww-perl: Multiple vulnerabilities
Background libwww is a collection of Perl modules providing a consistent interface to the World-Wide Web. Description Multiple vulnerabilities have been discovered in libwww-perl. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to...
VIPS: Privilege Escalation
Background VIPS is a free image processing system. Description VIPS places a zero-length directory name in the LDLIBRARYPATH, which might result in the current working directory . to be included when searching for dynamically linked libraries. Impact A local attacker could gain escalated privileg...
rssh: Access restriction bypass
Background rssh is a restricted shell, allowing only a few commands like scp or sftp. It is often used as a complement to OpenSSH to provide limited access to users. Description Multiple command line parsing and validation vulnerabilities have been discovered in rssh. Please review the CVE...
Cyrus-SASL: Denial of service
Background Cyrus-SASL is an implementation of the Simple Authentication and Security Layer. Description In the GNU C Library glibc from version 2.17 onwards, the crypt function call can return NULL when the salt violates specifications or the system is in FIPS-140 mode and a DES or MD5 hashed...
dhcpcd: Arbitrary code execution
Background dhcpcd is a fully featured, yet light weight RFC2131 compliant DHCP client. Description A vulnerability has been discovered in dhcpcd. Please review the CVE identifier referenced below for details. Impact The vulnerability might allow an attacker to execute arbitrary code on the DHCP...
libgssglue: Privilege escalation
Background libgssglue exports a GSSAPI interface which calls other random GSSAPI libraries. Description libgssglue does not securely use getenv when loading a library for a setuid application. Impact A local attacker could gain escalated privileges. Workaround There is no known workaround at this...
aria2: Directory traversal
Background aria2 is a download utility with resuming and segmented downloading with HTTP/HTTPS/FTP/BitTorrent support. Description A directory traversal vulnerability was discovered in aria2. Impact A remote attacker could entice a user to download from a specially crafted metalink file, resultin...
libcdaudio: User-assisted execution of arbitrary code
Background libcdaudio is a library of CD audio related routines. Description A heap-based buffer overflow has been reported in the cddbreaddiscdata function in cddb.c when processing overly long CDDB data. Impact A remote attacker could entice a user to connect to a malicious CDDB server, possibl...
ZNC: Privilege escalation
Background ZNC is an advanced IRC bouncer. Description cnu discovered multiple CRLF injection vulnerabilities in ZNC's webadmin module. Impact A remote authenticated attacker could modify the znc.conf configuration file and gain privileges via newline characters in e.g. the QuitMessage field, and...
PTeX: Multiple vulnerabilities
Background PTeX is a TeX distribution with Japanese support. It is used for creating and manipulating LaTeX documents. Description Multiple issues were found in the teTeX 2 codebase that PTeX builds upon GLSA 200709-17, GLSA 200711-26. PTeX also includes vulnerable code from the GD library GLSA...
NX: User-assisted execution of arbitrary code
Background NoMachine's NX establishes remote connections to X11 desktops over small bandwidth links. NX and NX Node are the compression core libraries, whereas NX is used by FreeNX and NX Node by the binary-only NX servers. Description Multiple integer overflow and buffer overflow vulnerabilities...
Evolution: Format string vulnerability
Background Evolution is a GNOME groupware application. Description Ulf Harnhammar from Secunia Research discovered a format string error in the emfmultipartencrypted function in the file mail/em-format.c when reading certain data e.g. the "Version:" field from an encrypted e-mail. Impact A remote...
Pulseaudio: Privilege escalation
Background Pulseaudio is a networked sound server with an advanced plugin system. Description Marcus Meissner from SUSE reported that the padroproot function does not properly check the return value of the system calls setuid, seteuid, setresuid and setreuid when dropping its privileges. Impact A...
AMD64 x86 emulation Qt library: Multiple vulnerabilities
Background Qt is a cross-platform GUI framework, which is used e.g. by KDE. The AMD64 x86 emulation Qt library packages Qt libraries for 32bit x86 emulation on AMD64. Description The Qt versions used by the AMD64 x86 emulation Qt libraries were vulnerable to several flaws GLSA 200708-16, GLSA...
ClamAV: Denial of service
Background ClamAV is a GPL virus scanner. Description Metaeye Security Group reported a NULL pointer dereference in ClamAV when processing RAR archives. Impact A remote attacker could send a specially crafted RAR archive to the clamd daemon, resulting in a crash and a Denial of Service. Workaroun...
Ekiga: Format string vulnerability
Background Ekiga is an open source VoIP and video conferencing application. Description Mu Security has discovered that Ekiga fails to implement formatted printing correctly. Impact An attacker could exploit this vulnerability to crash Ekiga and potentially execute arbitrary code by sending a...
Sylpheed, Sylpheed-Claws: Buffer overflow in LDIF importer
Background Sylpheed is a lightweight email client and newsreader. Sylpheed-Claws is a 'bleeding edge' version of Sylpheed. They both support the import of address books in LDIF Lightweight Directory Interchange Format. Description Colin Leroy reported buffer overflow vulnerabilities in Sylpheed a...
lm_sensors: Insecure temporary file creation
Background lmsensors is a software package that provides drivers for monitoring the temperatures, voltages, and fans of Linux systems with hardware monitoring devices. Description Javier Fernandez-Sanguino Pena has discovered that lmsensors insecurely creates temporary files with predictable...
ProFTPD: Format string vulnerabilities
Background ProFTPD is a configurable GPL-licensed FTP server software. Description "infamous42md" reported that ProFTPD is vulnerable to format string vulnerabilities when displaying a shutdown message containing the name of the current directory, and when displaying response messages to the clie...
XV: Multiple vulnerabilities
Background XV is an interactive image manipulation program for the X Window System. Description Greg Roelofs has reported multiple input validation errors in XV image decoders. Tavis Ormandy of the Gentoo Linux Security Audit Team has reported insufficient validation in the PDS Planetary Data...
Sylpheed, Sylpheed-claws: Buffer overflow on message display
Background Sylpheed is a lightweight email client and newsreader. Sylpheed-claws is a 'bleeding edge' version of Sylpheed. Description Sylpheed and Sylpheed-claws fail to properly handle messages containing attachments with MIME-encoded filenames. Impact An attacker can send a malicious email...
Hashcash: Format string vulnerability
Background Hashcash is a utility for generating Hashcash tokens, a proof-of-work system to reduce the impact of spam. Description Tavis Ormandy of the Gentoo Linux Security Audit Team identified a flaw in the Hashcash utility that an attacker could expose by specifying a malformed reply address...