3816 matches found
KDE Libraries: Multiple vulnerabilities
Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like operating systems. KDE Libraries contains libraries needed by all KDE applications. Description Multiple vulnerabilities have been discovered in KDE Libraries. Please review the CVE identifiers referenced below...
Wireshark: Multiple vulnerabilities
Background Wireshark is a network protocol analyzer formerly known as ethereal. Description Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact A remote attacker can cause arbitrary code execution or a Denial of Servic...
IcedTea JDK: Multiple vulnerabilities
Background IcedTea is a distribution of the Java OpenJDK source code built with free build tools. Description Multiple vulnerabilities have been discovered in the IcedTea JDK. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary...
sudo: Privilege escalation
Background sudo allows a system administrator to give users the ability to run commands as other users. Access to commands may also be granted on a range to hosts. Description When the Sudo envreset option is disabled it is enabled by default, certain environment variables are not blacklisted as...
Konqueror: Multiple vulnerabilities
Background Konqueror is the KDE web browser and file manager. Description Multiple vulnerabilities have been discovered in Konqueror. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted web site using Konqueror,...
Libav: Multiple vulnerabilities
Background Libav is a complete solution to record, convert and stream audio and video. Description Multiple vulnerabilities have been discovered in Libav. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted media...
spice-gtk: Privilege escalation
Background spice-gtk is a set of GObject and Gtk objects for connecting to Spice servers and a client GUI. Description spice-gtk does not properly sanitize the DBUSSYSTEMBUSADDRESS environment variable. Impact A local attacker may be able to gain escalated privileges. Workaround There is no known...
polkit, Spice-Gtk, systemd, HPLIP, libvirt: Privilege escalation
Background polkit is a toolkit for managing policies relating to unprivileged processes communicating with privileged processes. Description polkit has a race condition which potentially allows a process to change its UID/EUID via suid or pkexec before authentication is completed. Impact A local...
Django: Multiple vulnerabilities
Background Django is a Python-based web framework. Description Multiple vulnerabilities have been discovered in Django. Please review the CVE identifiers referenced below for details. Impact A remote attacker could execute code with the privileges of the process, modify SQL queries, or disclose...
Network Audio System: Multiple vulnerabilities
Background Network Audio System is a network transparent, client/server audio transport system. Description Multiple vulnerabilities have been discovered in Network Audio System. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker could possibly...
Asterisk: Multiple vulnerabilities
Background Asterisk is an open source telephony engine and toolkit. Description Multiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers below for details. Impact A remote attacker that gains access to a privileged Asterisk account can execute arbitrary system...
Dnsmasq: Denial of Service
Background Dnsmasq is a lightweight, easy to configure DNS forwarder and DHCP server. Description When used with certain libvirt configurations Dnsmasq replies to queries from prohibited interfaces. Impact A remote attackers can cause a Denial of Service via spoofed TCP based DNS queries...
DenyHosts: Denial of service
Background DenyHosts is a script intended to be run by Linux system administrators to help thwart SSH server attacks. Description DenyHosts does not properly define the regular expressions used when parsing SSH authentication logs. Impact A remote attacker could possibly cause a Denial of Service...
cURL: Multiple vulnerabilities
Background cURL is a command line tool for transferring files with URL syntax, supporting numerous protocols. Description Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details. Impact A remote attacker could cause a man-in-the-middle...
nginx: Arbitrary code execution
Background nginx is a robust, small, and high performance HTTP and reverse proxy server. Description A bug in the SPDY implementation in nginx was found which might cause a heap memory buffer overflow in a worker process by using a specially crafted request. The SPDY implementation is not enabled...
Mozilla Network Security Service: Multiple vulnerabilities
Background The Mozilla Network Security Service is a library implementing security features like SSL v2/v3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME and X.509 certificates. Description Multiple vulnerabilities have been discovered in the Mozilla Network Security Service. Please review the CV...
rxvt-unicode: User-assisted execution of arbitrary code
Background rxvt-unicode urxvt is a clone of the rxvt terminal emulator. Description rxvt-unicode does not properly handle OSC escape sequences, including those used to read and write X window properties. Impact A remote attacker could entice a user to run a specially crafted file using...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
cups-filters: Multiple vulnerabilities
Background cups-filters is an OpenPrinting CUPS Filters. Description Multiple vulnerabilities have been discovered in cups-filters. Please review the CVE identifiers referenced below for more details about the vulnerabilities. Impact A remote attackers could possibly execute arbitrary code...
Opera: Multiple vulnerabilities
Background Opera is a fast web browser that is available free of charge. Description Multiple vulnerabilities have been discovered in Opera. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted web page using Oper...
memcached: Multiple vulnerabilities
Background memcached is a high-performance, distributed memory object caching system Description memcached authentication could be bypassed when using SASL due to a flaw related to SASL authentication state. Also several heap-based buffer overflows due to integer conversions when parsing certain...
KDirStat: Arbitrary command execution
Background KDirStat is a graphical disk usage utility for KDE. Description Missing escape of executable shell command in KDirStat can be used to insert malicious shell commands. Impact A local attacker could possibly execute arbitrary shell command with the privileges of the process. Workaround...
FreeRADIUS: Arbitrary code execution
Background FreeRADIUS is an open source RADIUS authentication server. Description Large passwords can trigger a stack-based buffer overflow in FreeRADIUS’s rlmpap module when authenticating against an LDAP server. Impact An authenticated user could set a specially crafted long password, possibly...
libXfont: Multiple vulnerabilities
Background libXfont is an X11 font rasterisation library. Description Multiple vulnerabilities have been discovered in libXfont. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker could use a specially crafted file to gain privileges, cause a Denia...
lighttpd: Multiple vulnerabilities
Background lighttpd is a lightweight high-performance web server. Description Multiple vulnerabilities have been discovered in lighttpd. Please review the CVE identifiers referenced below for details. Impact A remote attacker could create a Denial of Service condition. Futhermore, a remote attack...
GnuTLS: Multiple vulnerabilities
Background GnuTLS is an Open Source implementation of the TLS 1.2 and SSL 3.0 protocols. Description Multiple vulnerabilities have been discovered in GnuTLS. Please review the CVE identifiers referenced below for details. Impact A remote attacker could utilize multiple vectors to spoof arbitrary...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
Echoping: Buffer Overflow Vulnerabilities
Background Echoping is a small program to test performances of a remote host by sending it TCP packets. Description A boundary error exists within the “TLSreadline” function, which can be exploited to overflow a global buffer by sending an overly long encrypted HTTP reply to Echoping. Also, a...
Mumble: Multiple vulnerabilities
Background Mumble is low-latency voice chat software intended for use with gaming. Description Multiple vulnerabilities have been discovered in Mumble: A crafted length prefix value can trigger a heap-based buffer overflow or NULL pointer dereference in the opuspacketgetsamplesperframe function...
SystemTap: Denial of service
Background SystemTap is a kernel profiling and instrumentation tool. Description SystemTap does not properly handle DWARF expressions when unwinding the stack. Impact A local attacker with SystemTap permissions could trigger a kernel panic, causing a Denial of Service condition. Workaround...
Mutt: Arbitrary code execution
Background Mutt is a small but powerful text-based mail client. Description A heap-based buffer overflow has been discovered in the muttcopyhdr function. Impact A remote attacker could send a specially crafted message, possibly resulting in execution of arbitrary code with the privileges of the...
D-Bus, GLib: Privilege escalation
Background D-Bus is a daemon providing a framework for applications to communicate with one another. GLib is a library providing a number of GNOME’s core objects and functions. Description When libdbus is used in a setuid program, a user can gain escalated privileges by leveraging the...
Fail2ban: Multiple vulnerabilities
Background Fail2ban is a tool for parsing log files and banning IP addresses which show suspicious behavior. Description Multiple vulnerabilities have been discovered in Fail2ban. Please review the CVE identifiers referenced below for details. Impact A remote attacker could send a crafted URL to ...
libarchive: Multiple vulnerabilities
Background libarchive is a library for manipulating different streaming archive formats, including certain tar variants, several cpio formats, and both BSD and GNU ar variants. Description Multiple vulnerabilities have been discovered in libarchive. Please review the CVE identifiers referenced...
xmonad-contrib: Arbitrary code execution
Background xmonad-contrib is a set of third party tiling algorithms, configurations, and scripts for xmonad. Description A vulnerability in the Xmonad.Hooks.DynamicLog module could allow a malicious website with a specially crafted title to inject commands into the title bar which would be execut...
LibYAML: Arbitrary code execution
Background LibYAML is a YAML 1.1 parser and emitter written in C. Description The yamlparserscanuriescapes function does not properly expand strings passed as input, which can result in a heap-based buffer overflow. Impact An attacker could provide a specially-crafted YAML document, which, when...
X2Go Server: Privilege Escalation
Background X2Go is an open source terminal server project. Description X2Go Server is prone to a local privilege-escalation vulnerability. Impact A local attacker could gain escalated privileges. Workaround There is no known workaround at this time. Resolution All X2Go Server users should upgrade...
Apache Portable Runtime, APR Utility Library: Denial of service
Background The Apache Portable Runtime aka APR provides a set of APIs for creating platform-independent applications. The Apache Portable Runtime Utility Library aka APR-Util provides an interface to functionality such as XML parsing, string matching and database connections. Description Multiple...
Charybdis, ShadowIRCd: Denial of service
Background Charybdis is the Atheme Project’s IRC daemon based on ratbox. ShadowIRCd is an IRC daemon based on Charybdis that adds several useful features. Description A vulnerability has been discovered in Charybdis and ShadowIRCd. Please review the CVE identifier referenced below for details...
JBIG-KIT: Denial of service
Background JBIG-KIT is a software implementation of the JBIG1 data compression standard. Description JBIG-KIT contains a stack-based buffer overflow in the jbgdecin function in libjbig/jbig.c. Impact A remote attacker could possibly cause a Denial of Service condition via a specially crafted imag...
util-linux: Multiple vulnerabilities
Background util-linux is a suite of Linux programs including mount and umount, programs used to mount and unmount filesystems. Description Multiple vulnerabilities have been discovered in util-linux. Please review the CVE identifiers referenced below for details. Impact A local attacker may be ab...
Symfony: Information disclosure
Background Symfony is a professional, open-source PHP5 web development framework. Description Symfony does not properly sanitize input for upload requests. Impact A remote attacker could send a specially crafted file upload request, possibly resulting in disclosure of sensitive information...
MCrypt: User-assisted execution of arbitrary code
Background MCrypt is a replacement of the old unix crypt1 utility. Description Multiple vulnerabilities have been discovered in MCrypt: A boundary error in MCrypt could cause a stack-based buffer overflow CVE-2012-4409. MCrypt contains multiple format string errors CVE-2012-4426. MCrypt does not...
lib3ds: User-assisted execution of arbitrary code
Background lib3ds is a library for managing 3D-Studio Release 3 and 4 .3DS files. Description An array index error has been discovered in lib3ds. Impact A remote attacker could entice a user to open a specially crafted 3DS file using an application linked against lib3ds, possibly resulting in...
Mono: Denial of service
Background Mono is an open source implementation of Microsoft’s .NET Framework. Description Mono does not properly randomize hash functions for form posts to protect against hash collision attacks. Impact A remote attacker could send specially crafted parameters, possibly resulting in a Denial of...
Pidgin: Multiple vulnerabilities
Background Pidgin is a GTK Instant Messenger client for a variety of instant messaging protocols. Description Multiple vulnerabilities have been discovered in Pidgin. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code wit...
Munin: Multiple vulnerabilities
Background Munin is an open source server monitoring tool. Description Multiple vulnerabilities have been discovered in Munin. Please review the CVE identifiers referenced below for details. Impact A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of...
OpenConnect: User-assisted execution of arbitrary code
Background OpenConnect is a free client for Cisco AnyConnect SSL VPN software. Description A stack-based buffer overflow error has been discovered in OpenConnect. Impact A remote attacker could entice a user to connect to a malicious VPN server, possibly resulting in execution of arbitrary code...
Bacula: Information disclosure
Background Bacula is a network based backup suite. Description Bacula does not properly enforce console access control lists. Impact A remote authenticated attacker may be able to bypass restrictions to obtain sensitive information. Workaround There is no known workaround at this time. Resolution...
Ruby OpenID: Denial of service
Background Ruby OpenID is a robust library for verifying and serving OpenID identities. Description An XML entity parsing error has been discovered in Ruby OpenID. Impact A remote attacker could send a specially crafted XML file, possibly resulting in a Denial of Service condition. Workaround The...