3816 matches found
protobuf-c: Multiple Vulnerabilities
Background protobuf-c is a protocol buffers implementation in C. Description Multiple denial of service vulnerabilities have been discovered in protobuf-c. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time. Resolution All...
OpenDKIM: Root privilege escalation
Background A community effort to develop and maintain a C library for producing DKIM-aware applications and an open source milter for providing DKIM service. Description It was discovered that Gentoo’s OpenDKIM ebuild does not properly set permissions or place the pid file in a safe directory...
GLib: Multiple vulnerabilities
Background GLib is a library providing a number of GNOME’s core objects and functions. Description Multiple vulnerabilities have been discovered in GLib. Please review the referenced bug for details. Impact Please review the referenced bugs for details. Workaround There is no known workaround at...
Mozilla Suite: Multiple vulnerabilities
Background The Mozilla Suite is an all-in-one Internet application suite including a web browser, an advanced e-mail and newsgroup client, IRC client and HTML editor. Description The following vulnerabilities were found and fixed in the Mozilla Suite: "mozbugra4" and "shutdown" discovered that th...
Horde Framework: Multiple XSS vulnerabilities
Background The Horde Framework is a PHP based framework for building web applications. It provides many modules including calendar, address book, CVS viewer and Internet Messaging Program. Description Cross-site scripting vulnerabilities have been discovered in various modules of the Horde...
MPlayer: Multiple overflows
Background MPlayer is a media player capable of handling multiple multimedia file formats. Description iDEFENSE, Ariel Berkman and the MPlayer development team found multiple vulnerabilities in MPlayer. These include potential heap overflows in Real RTSP and pnm streaming code, stack overflows in...
ppp: No denial of service vulnerability
Background ppp is a Unix implementation of the Point-to-Point Protocol. Description The pppd server improperly verifies header fields, potentially leading to a crash of the pppd process handling the connection. However, since a separate pppd process handles each ppp connection, this would not...
multi-gnome-terminal: Information leak
Background multi-gnome-terminal is an enhanced terminal emulator that is derived from gnome-terminal. Description multi-gnome-terminal contains debugging code that has been known to output active keystrokes to a potentially unsafe location. Output has been seen to show up in the '.xsession-errors...
Ethereal: security problems in ethereal 0.9.15
Background Ethereal is a popular network protocol analyzer. Description Ethereal contains buffer overflow vulnerabilities in the GTP, ISAKMP, and MEGACO protocol dissectors, and a heap overflow vulnerability in the SOCKS protocol dissector, which could cause Ethereal to crash or to execute...
DTrace: Arbitrary file creation via dtprobed
Background DTrace is a dynamic tracing tool for analysing or debugging the whole system. Specifically, dtprobed is a component of the DTrace system that keeps track of USDT probes within running processes, parsing and storing the DOF they provide for later consumption by dtrace proper. Descriptio...
inetutils: Remote Code Execution
Background Inetutils is a collection of common network programs including a telnet client and server. Description The telnetd server invokes /usr/bin/login normally running as root passing the value of the USER environment variable received from the client as the last parameter. If the client...
redict, redis: Multiple Vulnerabilities
Background Redis is an open source BSD licensed, in-memory data structure store, used as a database, cache and message broker. Description Multiple vulnerabilities have been discovered in Redis. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CV...
sysstat: Arbitrary Code Execution
Background sysstat is a package containing a number of performance monitoring utilities for Linux, including sar, mpstat, iostat and sa tools. Description A vulnerability has been discovered in sysstat. Please review the CVE identifier referenced below for details. This CVE improves on an...
glibc: Buffer Overflow
Background glibc is a package that contains the GNU C library. Description A vulnerability has been discovered in glibc. Please review the CVE identifier referenced below for details. Impact Please review the referenced CVE identifier for details. Workaround There is no known workaround at this...
NVIDIA Drivers: Privilege Escalation
Background NVIDIA Drivers are NVIDIA's accelerated graphics driver. Description A vulnerability has been discovered in NVIDIA Drivers. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifier for details. Workaround There is no known...
idna: Denial of Service
Background Internationalized Domain Names for Python IDNA 2008 and UTS 46 Description A vulnerability has been discovered in idna. Please review the CVE identifier referenced below for details. Impact Please review the referenced CVE identifier for details. Workaround There is no known workaround...
libvirt: Multiple Vulnerabilities
Background libvirt is a C toolkit for manipulating virtual machines. Description Multiple vulnerabilities have been discovered in libvirt. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
PostgreSQL: Multiple Vulnerabilities
Background PostgreSQL is an open source object-relational database management system. Description Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaroun...
Mozilla Firefox: Multiple Vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
libgit2: Multiple Vulnerabilities
Background libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language that supports C bindings. Description Multiple vulnerabilities have been discovere...
Ubiquiti UniFi: Privilege Escalation
Background Ubiquiti UniFi is a Management Controller for Ubiquiti Networks UniFi APs. Description A vulnerability has been discovered in Ubiquiti UniFi. Please review the CVE identifier referenced below for details. Impact The vulnerability allows a malicious actor with a local operational system...
IBM JDK/JRE: Multiple vulnerabilities
Background The IBM Java Development Kit JDK and the IBM Java Runtime Environment JRE provide the IBM Java platform. Description Because of sharing the same codebase, IBM JDK and JRE are affected by the vulnerabilities mentioned in GLSA 200804-20. Impact A remote attacker could entice a user to ru...
sudo: Arbitrary command execution
Background sudo allows a system administrator to give users the ability to run commands as other users. Description The sudoers file is used to define the actions sudo users are permitted to perform. Charles Morris discovered that a specific layout of the sudoers file could cause the results of a...
Cheetah: Untrusted module search path
Background Cheetah is a Python powered template engine and code generator. Description Brian Bird discovered that Cheetah searches for modules in the world-writable /tmp directory. Impact A malicious local user could place a module containing arbitrary code in /tmp, which when imported would run...
PHProjekt: setup.php vulnerability
Background PHProjekt is a modular groupware web application used to coordinate group activities and share files. Description Martin Muench, from it.sec, found a flaw in the setup.php file. Impact Successful exploitation of the flaw allows a remote attacker without admin rights to make unauthorize...
Horde-Chora: Remote code execution
Background Chora is a PHP-based SVN/CVS repository viewer by the HORDE project. Description A vulnerability in the diff viewer of Chora allows an attacker to inject shellcode. An attacker can exploit PHP's file upload functionality to upload a malicious binary to a vulnerable server, chmod it as...
GNU Automake symbolic link vulnerability
Background Automake is a tool for automatically generating Makefile.in' files which is often used in conjuction with Autoconf and other GNU Autotools to ease portability among applications. It also provides a standardized and light way of writing complex Makefiles through the use of many built-in...
GAIM 0.75 Remote overflows
Background Gaim is a multi-platform and multi-protocol instant messaging client. It is compatible with AIM , ICQ, MSN Messenger, Yahoo, IRC, Jabber, Gadu-Gadu, and the Zephyr networks. Description Yahoo changed the authentication methods to their IM servers, rendering GAIM useless. The GAIM team...
Exiv2: Multiple Vulnerabilities
Background Exiv2 is a C++ library and set of tools for parsing, editing and saving Exif and IPTC metadata from images. Description The following vulnerabilities have been discovered in Exiv2: 2 out of bounds reads, an integer overflow, and an uncaught exception. The worst of which can lead to a...
GnuPG: Arbitrary Code Execution
Background The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software. Description A vulnerability has been discovered in GnuPG's armor parser. Impact A remote attacker could entice a user or automated system to process a specially crafted signature file,...
sudo: Privilege escalation
Background sudo allows a system administrator to give users the ability to run commands as other users. Description Multiple vulnerabilities have been discovered in sudo. Please review the CVE identifiers referenced below for details. Impact An attacker can escalate privileges to root by providin...
XZ Utils: Use after free
Background XZ Utils is free general-purpose data compression software with a high compression ratio. Description A use-after-free has been discovered in XZ utils. Please review the CVE identifier referenced below for details. Impact The multithreaded .xz decoder in liblzma has a bug where invalid...
R: Arbitrary Code Execution
Background R is a language and environment for statistical computing and graphics. Description Deserialization of untrusted data can occur in the R statistical programming language, enabling a maliciously crafted RDS R Data Serialization formatted file or R package to run arbitrary code on an end...
ZNC: Remote Code Execution
Background ZNC is an advanced IRC bouncer. Description ZNC's modtcl could allow for remote code execution via a KICK. Impact A vulnerable ZNC with the modtcl module loaded could be exploited for remote code execution. Workaround Unload the modtcl module. Resolution All ZNC users should upgrade to...
Librsvg: Arbitrary File Read
Background Librsvg is a library to render SVG files using cairo as a rendering engine. Description A directory traversal problem in the URL decoder of librsvg could be used by local or remote attackers to disclose files on the local filesystem outside of the expected area, as demonstrated by...
Nautilus: Denial of Service
Background Default file manager for the GNOME desktop Description Please review the CVE identifier referenced below for details. Impact GNOME Nautilus allows a NULL pointer dereference and getbasename application crash via a pasted ZIP archive. Workaround There is no known workaround at this time...
Levenshtein: Remote Code Execution
Background Levenshtein is a Python extension for computing string edit distances and similarities. Description Fixed handling of numerous possible wraparounds in calculating the size of memory allocations; incorrect handling of which could cause denial of service or even possible remote code...
libXpm: Multiple Vulnerabilities
Background The X PixMap image format is an extension of the monochrome X BitMap format specified in the X protocol, and is commonly used in traditional X applications. Description Multiple vulnerabilities have been discovered in libXpm. Please review the CVE identifiers referenced below for...
GraphicsMagick: Multiple Vulnerabilities
Background GraphicsMagick is a collection of tools and libraries which support reading, writing, and manipulating images in many major formats. Description Multiple vulnerabilities have been discovered in GraphicsMagick. Please review the CVE identifiers referenced below for details. Impact Pleas...
Seamonkey: Multiple Vulnerabilities
Background The Seamonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the ‘Mozilla Application Suite’. Description Multiple vulnerabilities have been discovered in Seamonkey. Please review the CVE identifiers reference...
Minitube: Insecure temporary file usage
Background Minitube is a Qt4 YouTube desktop client. Description Tomáš Pružina reported that Minitube does not handle temporary files securely. Impact A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application. Workaround...
Festival: Privilege elevation
Background Festival is a text-to-speech accessibility program. Description Konstantine Shirow reported a vulnerability in default Gentoo configurations of Festival. The daemon is configured to run with root privileges and to listen on localhost, without requiring a password. Impact A local attack...
Mozilla Firefox: Multiple vulnerabilities
Background Mozilla Firefox is the next-generation web browser from the Mozilla project. Description The following vulnerabilities were found and fixed in Mozilla Firefox: "mozbugra4" and "shutdown" discovered that Firefox was improperly cloning base objects MFSA 2005-56. Michael Krax reported tha...
Clam Antivirus DoS vulnerability
Background Clam AntiVirus is a GPLed anti-virus toolkit, designed for integration with mail servers to perform attachment scanning. Clam AV also provides a command line scanner and a tool for fetching updates of the virus database. Description Oliver Eikemeier of Fillmore Labs discovered the...
PHP setting leaks from .htaccess files on virtual hosts
Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description If the server configuration "php.ini" file has "registerglobals = on" and a request is made to one virtual host which has "phpadminflag...
Commons-BeanUtils: Arbitary Code Execution
Background Commons-beanutils provides easy-to-use wrappers around Reflection and Introspection APIs Description Multiple vulnerabilities have been discovered in Commons-BeanUtils. Please review the CVE identifiers referenced below for details. Impact A special BeanIntrospector class was added in...
Asterisk: Multiple Vulnerabilities
Background Asterisk is an open source telephony engine and toolkit. Description Multiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
libvpx: Use after free
Background libvpx is the VP8 codec SDK used to encode and decode video streams, typically within a WebM format media file. Description A vulnerability has been discovered in libvpx. Please review the CVE identifier referenced below for details. Impact Please review the referenced CVE identifier f...
NTP: Multiple Vulnerabilities
Background NTP contains software for the Network Time Protocol. Description Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details. Impact The first four of these CVEs affect a function in libntp that is only used by ntpq, but not by...
ClamAV: Multiple Vulnerabilities
Background ClamAV is a GPL virus scanner. Description Multiple vulnerabilities have been discovered in ClamAV. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...