3816 matches found
XV: Multiple vulnerabilities
Background XV is an interactive image manipulation program for the X Window System. Description Greg Roelofs has reported multiple input validation errors in XV image decoders. Tavis Ormandy of the Gentoo Linux Security Audit Team has reported insufficient validation in the PDS Planetary Data...
Hashcash: Format string vulnerability
Background Hashcash is a utility for generating Hashcash tokens, a proof-of-work system to reduce the impact of spam. Description Tavis Ormandy of the Gentoo Linux Security Audit Team identified a flaw in the Hashcash utility that an attacker could expose by specifying a malformed reply address...
o3read: Buffer overflow during file conversion
Background o3read is a standalone converter for OpenOffice.org files. It allows a user to dump the contents tree o3read and convert to plain text o3totxt or to HTML o3tohtml Writer and Calc files. Description Wiktor Kopec discovered that the parsehtml function in o3read.c copies any number of byt...
Dillo: Format string vulnerability
Background Dillo is a small and fast multi-platform web browser based on GTK+. Description Gentoo Linux developer Tavis Ormandy found a format string bug in Dillo's handling of messages in aInterfacemsg. Impact An attacker could craft a malicious web page which, when accessed using Dillo, would...
Esearch: Insecure temp file handling
Background Esearch is a replacement for the Portage command "emerge search". It uses an index to speed up searching of the Portage tree. Description The eupdatedb utility uses a temporary file /tmp/esearchdb.py.tmp to indicate that the eupdatedb process is running. When run, eupdatedb checks to s...
UUDeview MIME Buffer Overflow
Background UUDeview is a program which is used to transmit binary files over the Internet in a text-only format. It is commonly used for email and Usenet attachments. It supports multiple encoding formats, including Base64, BinHex and UUEncoding. Description By decoding a MIME archive with...
Mozilla Thunderbird: Multiple Vulnerabilities
Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...
QtWebEngine: Multiple Vulnerabilities
Background QtWebEngine is a library for rendering dynamic web content in Qt5 and Qt6 C++ and QML applications. Description Multiple vulnerabilities have been discovered in QtWebEngine. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...
X.Org X server, XWayland: Multiple Vulnerabilities
Background The X Window System is a graphical windowing system based on a client/server model. Description Multiple vulnerabilities have been discovered in X.Org X server and XWayland. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...
IcedTea: Multiple Vulnerabilities
Background IcedTea’s aim is to provide OpenJDK in a form suitable for easy configuration, compilation and distribution with the primary goal of allowing inclusion in GNU/Linux distributions. Description Multiple vulnerabilities have been discovered in IcedTea. Please review the CVE identifiers...
liblouis: Multiple Vulnerabilities
Background liblouis is an open-source braille translator and back-translator. Description Multiple vulnerabilities have been discovered in liblouis. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is...
OpenVPN: Multiple Vulnerabilities
Background OpenVPN is a multi-platform, full-featured SSL VPN solution. Description Multiple vulnerabilities have been discovered in OpenVPN. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no kno...
Zsh: Prompt Expansion Vulnerability
Background A shell designed for interactive use, although it is also a powerful scripting language. Description Multiple vulnerabilities have been discovered in Zsh. Please review the CVE identifiers referenced below for details. Impact A vulnerability in prompt expansion could be exploited throu...
Asterisk: Multiple vulnerabilities
Background A Modular Open Source PBX System. Description Multiple vulnerabilities have been discovered in Asterisk. Please review the security advisories referenced below for details. Impact An attacker could cause a possible Denial of Service condition. Workaround There is no known workaround at...
xmonad-contrib: Arbitrary code execution
Background xmonad-contrib is a set of third party tiling algorithms, configurations, and scripts for xmonad. Description A vulnerability in the Xmonad.Hooks.DynamicLog module could allow a malicious website with a specially crafted title to inject commands into the title bar which would be execut...
Xfig: Arbitrary code execution
Background Xfig is an interactive drawing tool. Description Xfig contains a buffer overflow vulnerability in processing certain FIG images. Impact A remote attacker could entice a user to open a specially-crafted file, potentially resulting in arbitrary code execution or a Denial of Service...
NX: User-assisted execution of arbitrary code
Background NoMachine's NX establishes remote connections to X11 desktops over small bandwidth links. NX and NX Node are the compression core libraries, whereas NX is used by FreeNX and NX Node by the binary-only NX servers. Description Multiple integer overflow and buffer overflow vulnerabilities...
Speex: User-assisted execution of arbitrary code
Background Speex is an audio compression format designed for speech that is free of patent restrictions. Description oCERT reported that the Speex library does not properly validate the "mode" value it derives from Speex streams, allowing for array indexing vulnerabilities inside multiple player...
R: Multiple vulnerabilities
Background R is a GPL licensed implementation of S, a language and environment for statistical computing and graphics. PCRE is a library providing functions for Perl-compatible regular expressions. Description R includes a copy of PCRE which is vulnerable to multiple buffer overflows and memory...
OpenOffice.org: Heap-based buffer overflow
Background OpenOffice.org is an open source office productivity suite, including word processing, spreadsheet, presentation, drawing, data charting, formula editing, and file conversion facilities. Description iDefense Labs reported that the TIFF parsing code uses untrusted values to calculate...
Dia: Arbitrary code execution through XFig import
Background Dia is a GTK+ based diagram creation program. Description infamous41md discovered multiple buffer overflows in Dia's XFig file import plugin. Impact By enticing a user to import a specially crafted XFig file into Dia, an attacker could exploit this issue to execute arbitrary code with...
BidWatcher: Format string vulnerability
Background BidWatcher is a free auction tool for eBay users to keep track of their auctions. Description Ulf Harnhammar discovered a format string vulnerability in "netstuff.cpp". Impact Remote attackers can potentially exploit this vulnerability by sending specially crafted responses via an eBay...
UnRTF: Buffer overflow
Background UnRTF is a utility to convert files in the Rich Text Format into other formats. Description An unchecked strcat in unrtf may overflow the bounds of a static buffer. Impact Using a specially crafted file, possibly delivered by e-mail or over the web, an attacker may execute arbitrary co...
Ruby: CGI::Session creates files insecurely
Background Ruby is an Object Oriented, interpreted scripting language used for many system scripting tasks. It can also be used for CGI web applications. Description The CGI::Session::FileStore implementation and presumably CGI::Session::PStore, which allow data associated with a particular Sessi...
Multiple Vulnerabilities in Samba
Background Samba is a package which allows UNIX systems to act as file servers for Windows computers. It also allows UNIX systems to mount shares exported by a Samba/CIFS/Windows server. smbmount is a program in the Samba package which allows normal users on a UNIX system to mount remote shares...
Cross-realm trust vulnerability in Heimdal
Background Heimdal is a free implementation of Kerberos 5. Description Heimdal does not properly perform certain consistency checks for cross-realm requests, which allows remote attackers with control of a realm to impersonate others in the cross-realm trust path. Impact Remote attackers with...
phpMyAdmin < 2.5.6-rc1: possible attack against export.php
Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL databased over the Web. Description One component of the phpMyAdmin software package export.php does not properly verify input that is passed to it from a remote user. Since the input is used to include...
FreeRADIUS: heap exploit and NULL pointer dereference vulnerability
Background FreeRADIUS is a popular open source RADIUS server. Description FreeRADIUS versions below 0.9.3 are vulnerable to a heap exploit, however, the attack code must be in the form of a valid RADIUS packet which limits the possible exploits. Also corrected in the 0.9.3 release is another...
Emacs: Multiple Vulnerabilities
Background Emacs is the extensible, customizable, self-documenting real-time display editor. org-mode is an Emacs mode for notes and project planning. Description Multiple vulnerabilities have been discovered in Emacs, org-mode. Please review the CVE identifiers referenced below for details. Impa...
gst-plugins-good: Multiple Vulnerabilities
Background gst-plugins-good contains a set of plugins for the GStreamer open source multimedia framework. Description Multiple vulnerabilities have been discovered in gst-plugins-good. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...
AFLplusplus: Arbitrary Code Execution
Background The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicornmode, and a lot more! Description In AFL++ 4.05c, the CmpLog component uses the current working directory to resolv...
re2c: Denial of Service
Background re2c is a tool for generating C-based recognizers from regular expressions. Description Please review the CVE identifier referenced below for details. Impact Please review the CVE identifier referenced below for details. Workaround There is no known workaround at this time. Resolution...
QPDF: Buffer Overflow
Background QPDF: A content-preserving PDF document transformer. Description A vulnerability has been discovered in QPDF. Please review the CVE identifier referenced below for details. Impact QPDF has a heap-based buffer overflow in PlASCII85Decoder::write called from PlAESPDF::flush and...
RedCloth: ReDoS Vulnerability
Background RedCloth is a module for using Textile in Ruby Description A vulnerability has been discovered in RedCloth. Please review the CVE identifier referenced below for details. Impact RedCloth is vulnerable to a regular expression denial of service "ReDoS" attack via the sanitizehtml functio...
libapreq2: Buffer Overflow
Background libapreq is a shared library with associated modules for manipulating client request data via the Apache API. Description A buffer overflow could occur when processing multipart form uploads. Impact An attacker could submit a crafted multipart form to trigger the buffer overflow and...
jupyter_core: Arbitrary Code Execution
Background jupytercore contains core Jupyter functionality. Description jupytercore trusts files for execution in the current working directory without validating ownership of those files. Impact By writing to a directory that is used a the current working directory for jupytercore by another use...
OpenSMTPD: Multiple vulnerabilities
Background OpenSMTPD is a lightweight but featured SMTP daemon from OpenBSD. Description Multiple vulnerabilities have been discovered in OpenSMTPD. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges o...
OpenTTD: Denial of service
Background OpenTTD is a clone of Transport Tycoon Deluxe. Description The vulnerability is caused due to missing out-of-bound check within the “HandleCrashedAircraft” function. Impact A remote attacker could possibly cause a Denial of Service condition. Workaround There is no known workaround at...
udisks: Arbitrary code execution
Background udisks is an abstraction for enumerating block devices and performing operations on them. Description A stack-based buffer overflow can be triggered when udisks is given a long path name as a mount point. Impact A local attacker could possibly execute arbitrary code with the privileges...
ldns: Arbitrary code execution
Background ldns is a fast DNS library with the goal to simplify DNS programming and to allow developers to easily create software conforming to current RFCs and Internet drafts. Description ldns contains a heap-based buffer overflow in the ldnsrrnewfrmstrinternal function. Impact A remote attacke...
Imlib2: User-assisted execution of arbitrary code
Background Imlib2 is replacement library from the Enlightenment project for libraries like libXpm. Description Julien Danjou reported a pointer arithmetic error and a heap-based buffer overflow within the load function of the XPM image loader. Impact A remote attacker could entice a user to proce...
DBmail: Data disclosure
Background DBMail is a mail storage and retrieval daemon that uses SQL databases as its data store. IMAP and POP3 can be used to retrieve mails from the database. Description A vulnerability in DBMail's authldap module when used in conjunction with an Active Directory server has been reported by...
Kazehakase: Multiple vulnerabilities
Background Kazehakase is a web browser based on the Gecko engine. Description Kazehakase includes a copy of PCRE which is vulnerable to multiple buffer overflows and memory corruptions vulnerabilities GLSA 200711-30. Impact A remote attacker could entice a user to open specially crafted input e.g...
Ruby-GNOME2: Format string error
Background Ruby-GNOME2 is a set of bindings for using GTK+ within the Ruby programming language. Description Chris Rohlf discovered that the "Gtk::MessageDialog.new" method in the file gtk/src/rbgtkmessagedialog.c does not properly sanitize the "message" parameter before passing it to the...
Gallery: Multiple vulnerabilities
Background Gallery is a PHP based photo album manager. Description Merrick Manalastas and Nicklous Roberts have discovered multiple vulnerabilities in the WebDAV and Reupload modules. Impact A remote attacker could exploit these vulnerabilities to bypass security restrictions and rename, replace...
GDM: Local Denial of service
Background GDM is the GNOME display manager. Description The result of a gstrsplit call is incorrectly parsed in the files daemon/gdm.c, daemon/gdmconfig.c, gui/gdmconfig.c and gui/gdmflexiserver.c, allowing for a null pointer dereference. Impact A local user could send a crafted message to...
Xfce Terminal: Remote arbitrary code execution
Background Xfce Terminal is a console tool for the Xfce desktop environment. Description Lasse Karkkainen discovered that the function terminalhelperexecute in file terminal-helper.c does not properly escape the URIs before processing. Impact A remote attacker could entice a user to open a...
Mozilla Suite: Multiple vulnerabilities
Background The Mozilla Suite is a popular all-in-one web browser that includes a mail and news reader. Description Several vulnerabilities ranging from code execution with elevated privileges to information leaks affect the Mozilla Suite. Impact A remote attacker could entice a user to browse to ...
Squid: Multiple Denial of Service vulnerabilities
Background Squid is a multi-protocol proxy server. Description Squid fails to correctly handle ftp:// URI's. There is also an error in the externalacl queue which can cause an infinite looping condition. Impact An attacker could attempt to retrieve a specially crafted URI via a Squid server causi...
Sun and Blackdown Java: Applet privilege escalation
Background Sun and Blackdown both provide implementations of the Java Development Kit JDK and Java Runtime Environment JRE. Description Both Sun's and Blackdown's JDK and JRE may allow untrusted applets to elevate privileges. Impact A remote attacker could embed a malicious Java applet in a web...