3816 matches found
IcedTea: Multiple Vulnerabilities
Background IcedTea’s aim is to provide OpenJDK in a form suitable for easy configuration, compilation and distribution with the primary goal of allowing inclusion in GNU/Linux distributions. Description Multiple vulnerabilities have been discovered in IcedTea. Please review the CVE identifiers...
OpenVPN: Multiple Vulnerabilities
Background OpenVPN is a multi-platform, full-featured SSL VPN solution. Description Multiple vulnerabilities have been discovered in OpenVPN. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no kno...
liblouis: Multiple Vulnerabilities
Background liblouis is an open-source braille translator and back-translator. Description Multiple vulnerabilities have been discovered in liblouis. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is...
X.Org X11 library: Multiple Vulnerabilities
Background X.Org is an implementation of the X Window System. The X.Org X11 library provides the X11 protocol library files. Description Multiple vulnerabilities have been discovered in X.Org X11 library. Please review the CVE identifiers referenced below for details. Impact Please review the...
borgmatic: Shell Injection
Background borgmatic is simple, configuration-driven backup software for servers and workstations. Description Prevent shell injection attacks within the PostgreSQL hook, the MongoDB hook, the SQLite hook, the "borgmatic borg" action, and command hook variable/constant interpolation. Impact Shell...
Binwalk: Multiple Vulnerabilities
Background Binwalk is a tool for identifying files embedded inside firmware images. Description Multiple vulnerabilities have been discovered in Binwalk. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround The...
Asterisk: Multiple vulnerabilities
Background A Modular Open Source PBX System. Description Multiple vulnerabilities have been discovered in Asterisk. Please review the security advisories referenced below for details. Impact An attacker could cause a possible Denial of Service condition. Workaround There is no known workaround at...
Xfig: Arbitrary code execution
Background Xfig is an interactive drawing tool. Description Xfig contains a buffer overflow vulnerability in processing certain FIG images. Impact A remote attacker could entice a user to open a specially-crafted file, potentially resulting in arbitrary code execution or a Denial of Service...
Cyrus-SASL: Denial of service
Background Cyrus-SASL is an implementation of the Simple Authentication and Security Layer. Description In the GNU C Library glibc from version 2.17 onwards, the crypt function call can return NULL when the salt violates specifications or the system is in FIPS-140 mode and a DES or MD5 hashed...
python-updater: Untrusted search path
Background python-updater is a script used to remerge python packages when changing Python version. Description Robert Buchholz of the Gentoo Security Team reported that python-updater includes the current working directory and subdirectories in the Python module search path sys.path before calli...
NX: User-assisted execution of arbitrary code
Background NoMachine's NX establishes remote connections to X11 desktops over small bandwidth links. NX and NX Node are the compression core libraries, whereas NX is used by FreeNX and NX Node by the binary-only NX servers. Description Multiple integer overflow and buffer overflow vulnerabilities...
Speex: User-assisted execution of arbitrary code
Background Speex is an audio compression format designed for speech that is free of patent restrictions. Description oCERT reported that the Speex library does not properly validate the "mode" value it derives from Speex streams, allowing for array indexing vulnerabilities inside multiple player...
Evolution: Format string vulnerability
Background Evolution is a GNOME groupware application. Description Ulf Harnhammar from Secunia Research discovered a format string error in the emfmultipartencrypted function in the file mail/em-format.c when reading certain data e.g. the "Version:" field from an encrypted e-mail. Impact A remote...
R: Multiple vulnerabilities
Background R is a GPL licensed implementation of S, a language and environment for statistical computing and graphics. PCRE is a library providing functions for Perl-compatible regular expressions. Description R includes a copy of PCRE which is vulnerable to multiple buffer overflows and memory...
OpenOffice.org: Heap-based buffer overflow
Background OpenOffice.org is an open source office productivity suite, including word processing, spreadsheet, presentation, drawing, data charting, formula editing, and file conversion facilities. Description iDefense Labs reported that the TIFF parsing code uses untrusted values to calculate...
Sylpheed, Sylpheed-Claws: Buffer overflow in LDIF importer
Background Sylpheed is a lightweight email client and newsreader. Sylpheed-Claws is a 'bleeding edge' version of Sylpheed. They both support the import of address books in LDIF Lightweight Directory Interchange Format. Description Colin Leroy reported buffer overflow vulnerabilities in Sylpheed a...
lm_sensors: Insecure temporary file creation
Background lmsensors is a software package that provides drivers for monitoring the temperatures, voltages, and fans of Linux systems with hardware monitoring devices. Description Javier Fernandez-Sanguino Pena has discovered that lmsensors insecurely creates temporary files with predictable...
BidWatcher: Format string vulnerability
Background BidWatcher is a free auction tool for eBay users to keep track of their auctions. Description Ulf Harnhammar discovered a format string vulnerability in "netstuff.cpp". Impact Remote attackers can potentially exploit this vulnerability by sending specially crafted responses via an eBay...
UnRTF: Buffer overflow
Background UnRTF is a utility to convert files in the Rich Text Format into other formats. Description An unchecked strcat in unrtf may overflow the bounds of a static buffer. Impact Using a specially crafted file, possibly delivered by e-mail or over the web, an attacker may execute arbitrary co...
Ruby: CGI::Session creates files insecurely
Background Ruby is an Object Oriented, interpreted scripting language used for many system scripting tasks. It can also be used for CGI web applications. Description The CGI::Session::FileStore implementation and presumably CGI::Session::PStore, which allow data associated with a particular Sessi...
Multiple Vulnerabilities in Samba
Background Samba is a package which allows UNIX systems to act as file servers for Windows computers. It also allows UNIX systems to mount shares exported by a Samba/CIFS/Windows server. smbmount is a program in the Samba package which allows normal users on a UNIX system to mount remote shares...
Cross-realm trust vulnerability in Heimdal
Background Heimdal is a free implementation of Kerberos 5. Description Heimdal does not properly perform certain consistency checks for cross-realm requests, which allows remote attackers with control of a realm to impersonate others in the cross-realm trust path. Impact Remote attackers with...
phpMyAdmin < 2.5.6-rc1: possible attack against export.php
Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL databased over the Web. Description One component of the phpMyAdmin software package export.php does not properly verify input that is passed to it from a remote user. Since the input is used to include...
FreeRADIUS: heap exploit and NULL pointer dereference vulnerability
Background FreeRADIUS is a popular open source RADIUS server. Description FreeRADIUS versions below 0.9.3 are vulnerable to a heap exploit, however, the attack code must be in the form of a valid RADIUS packet which limits the possible exploits. Also corrected in the 0.9.3 release is another...
Emacs: Multiple Vulnerabilities
Background Emacs is the extensible, customizable, self-documenting real-time display editor. org-mode is an Emacs mode for notes and project planning. Description Multiple vulnerabilities have been discovered in Emacs, org-mode. Please review the CVE identifiers referenced below for details. Impa...
X.Org X server, XWayland: Multiple Vulnerabilities
Background The X Window System is a graphical windowing system based on a client/server model. Description Multiple vulnerabilities have been discovered in X.Org X server and XWayland. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...
gst-plugins-good: Multiple Vulnerabilities
Background gst-plugins-good contains a set of plugins for the GStreamer open source multimedia framework. Description Multiple vulnerabilities have been discovered in gst-plugins-good. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...
re2c: Denial of Service
Background re2c is a tool for generating C-based recognizers from regular expressions. Description Please review the CVE identifier referenced below for details. Impact Please review the CVE identifier referenced below for details. Workaround There is no known workaround at this time. Resolution...
Zsh: Prompt Expansion Vulnerability
Background A shell designed for interactive use, although it is also a powerful scripting language. Description Multiple vulnerabilities have been discovered in Zsh. Please review the CVE identifiers referenced below for details. Impact A vulnerability in prompt expansion could be exploited throu...
RedCloth: ReDoS Vulnerability
Background RedCloth is a module for using Textile in Ruby Description A vulnerability has been discovered in RedCloth. Please review the CVE identifier referenced below for details. Impact RedCloth is vulnerable to a regular expression denial of service "ReDoS" attack via the sanitizehtml functio...
libapreq2: Buffer Overflow
Background libapreq is a shared library with associated modules for manipulating client request data via the Apache API. Description A buffer overflow could occur when processing multipart form uploads. Impact An attacker could submit a crafted multipart form to trigger the buffer overflow and...
jupyter_core: Arbitrary Code Execution
Background jupytercore contains core Jupyter functionality. Description jupytercore trusts files for execution in the current working directory without validating ownership of those files. Impact By writing to a directory that is used a the current working directory for jupytercore by another use...
xmonad-contrib: Arbitrary code execution
Background xmonad-contrib is a set of third party tiling algorithms, configurations, and scripts for xmonad. Description A vulnerability in the Xmonad.Hooks.DynamicLog module could allow a malicious website with a specially crafted title to inject commands into the title bar which would be execut...
udisks: Arbitrary code execution
Background udisks is an abstraction for enumerating block devices and performing operations on them. Description A stack-based buffer overflow can be triggered when udisks is given a long path name as a mount point. Impact A local attacker could possibly execute arbitrary code with the privileges...
ldns: Arbitrary code execution
Background ldns is a fast DNS library with the goal to simplify DNS programming and to allow developers to easily create software conforming to current RFCs and Internet drafts. Description ldns contains a heap-based buffer overflow in the ldnsrrnewfrmstrinternal function. Impact A remote attacke...
Imlib2: User-assisted execution of arbitrary code
Background Imlib2 is replacement library from the Enlightenment project for libraries like libXpm. Description Julien Danjou reported a pointer arithmetic error and a heap-based buffer overflow within the load function of the XPM image loader. Impact A remote attacker could entice a user to proce...
DBmail: Data disclosure
Background DBMail is a mail storage and retrieval daemon that uses SQL databases as its data store. IMAP and POP3 can be used to retrieve mails from the database. Description A vulnerability in DBMail's authldap module when used in conjunction with an Active Directory server has been reported by...
Ruby-GNOME2: Format string error
Background Ruby-GNOME2 is a set of bindings for using GTK+ within the Ruby programming language. Description Chris Rohlf discovered that the "Gtk::MessageDialog.new" method in the file gtk/src/rbgtkmessagedialog.c does not properly sanitize the "message" parameter before passing it to the...
Gallery: Multiple vulnerabilities
Background Gallery is a PHP based photo album manager. Description Merrick Manalastas and Nicklous Roberts have discovered multiple vulnerabilities in the WebDAV and Reupload modules. Impact A remote attacker could exploit these vulnerabilities to bypass security restrictions and rename, replace...
GDM: Local Denial of service
Background GDM is the GNOME display manager. Description The result of a gstrsplit call is incorrectly parsed in the files daemon/gdm.c, daemon/gdmconfig.c, gui/gdmconfig.c and gui/gdmflexiserver.c, allowing for a null pointer dereference. Impact A local user could send a crafted message to...
Xfce Terminal: Remote arbitrary code execution
Background Xfce Terminal is a console tool for the Xfce desktop environment. Description Lasse Karkkainen discovered that the function terminalhelperexecute in file terminal-helper.c does not properly escape the URIs before processing. Impact A remote attacker could entice a user to open a...
Squid: Multiple Denial of Service vulnerabilities
Background Squid is a multi-protocol proxy server. Description Squid fails to correctly handle ftp:// URI's. There is also an error in the externalacl queue which can cause an infinite looping condition. Impact An attacker could attempt to retrieve a specially crafted URI via a Squid server causi...
Dia: Arbitrary code execution through XFig import
Background Dia is a GTK+ based diagram creation program. Description infamous41md discovered multiple buffer overflows in Dia's XFig file import plugin. Impact By enticing a user to import a specially crafted XFig file into Dia, an attacker could exploit this issue to execute arbitrary code with...
Sun and Blackdown Java: Applet privilege escalation
Background Sun and Blackdown both provide implementations of the Java Development Kit JDK and Java Runtime Environment JRE. Description Both Sun's and Blackdown's JDK and JRE may allow untrusted applets to elevate privileges. Impact A remote attacker could embed a malicious Java applet in a web...
tla: Multiple vulnerabilities in included libneon
Background GNU Arch tla is a revision control system suited for widely distributed development. Description Multiple format string vulnerabilities and a heap overflow vulnerability were discovered in the code of the neon library GLSA 200405-01 and 200405-13. Current versions of the tla package...
ipsec-tools contains an X.509 certificates vulnerability.
Background From http://ipsec-tools.sourceforge.net/ : "IPsec-Tools is a port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation." Description racoon a utility in the ipsec-tools package does not verify digital signatures on Phase1 packets. This means that anybody holding the correct...
Monkeyd Denial of Service vulnerability
Background The Monkey HTTP daemon is a Web server written in C that works under Linux and is based on the HTTP/1.1 protocol. It aims to develop a fast, efficient and small web server. Description A bug in the URI processing of incoming requests allows for a Denial of Service to be launched agains...
CVS: possible root compromise when using CVS pserver
Background CVS, which stands for Concurrent Versions System, is a client/server application which tracks changes to sets of files. It allows multiple users to work concurrently on files, and then merge their changes back into the main tree which can be on a remote system. It also allows branching...
YAML-LibYAML: Shell injection
Background YAML-LibYAML provides YAML Serialization using XS and libyaml for Perl. Description YAML-LibYAML uses the legacy '2-arg' open call which is susceptible to shell injection via malicious filenames. Impact Shell injection may be used to execute arbitrary code using a malicious filename...
Tracker miners: Sandbox weakness
Background The Tracker miners are a collection of data extractors for the GNOME Tracker. Description A vulnerability has been discovered in Tracker minders. Please review the CVE identifier referenced below for details. Impact Please review the referenced CVE identifier for details. Workaround...