3816 matches found
PostgreSQL: Multiple vulnerabilities
Background PostgreSQL is an open source object-relational database management system. Description Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact A remote attacker could spoof SSL connections. Furthermore, a remot...
Postfixadmin: Multiple vulnerabilities
Background Postfixadmin is a web-based management tool for Postfix-style virtual domains and users. Description Multiple SQL injection vulnerabilities CVE-2012-0811 and cross-site scripting vulnerabilities CVE-2012-0812 have been found in Postfixadmin. Impact A remote attacker could exploit these...
NUT: Arbitrary code execution
Background The Network UPS Tools NUT provide support for power devices. Description An error in the addchar function in parseconf.c may cause a buffer overflow. Impact A remote attacker could send a specially crafted string to upsd, possibly resulting in execution of arbitrary code with the...
mod_rpaf: Denial of service
Background modrpaf is a reverse proxy add forward module for backend Apache servers. Description An error has been found in the way modrpaf handles X-Forwarded-For headers. Please review the CVE identifier referenced below for details. Impact A remote attacker could send a specially crafted HTTP...
Pidgin: Arbitrary code execution
Background Pidgin is a GTK Instant Messenger client for a variety of instant messaging protocols. libpurple is the core library for Pidgin. Description A stack-based buffer overflow vulnerability has been found in the MXit protocol plug-in for libpurple. Impact A remote attacker could possibly...
file: Denial of service
Background file is a utility that guesses a file format by scanning binary data for patterns. Description Multiple out-of-bounds read errors and invalid pointer dereference errors have been found in cdf.c. Impact A remote attacker could entice a user to open a specially crafted Composite Document...
libjpeg-turbo: User-assisted execution of arbitrary code
Background libjpeg-turbo accelerates JPEG compression and decompression. Description A vulnerability in the getsos function in jdmarker.c could cause a heap-based buffer overflow. Impact A remote attacker could entice a user to open a specially crafted JPEG file in an application linked against...
Asterisk: Multiple vulnerabilities
Background Asterisk is an open source telephony engine and toolkit. Description Multiple vulnerabilities have been found in Asterisk: An error in manager.c allows shell access CVE-2012-2186. An error in Asterisk could cause all RTP ports to be exhausted CVE-2012-3812. A double-free error could...
SQLAlchemy: SQL injection
Background SQLAlchemy is a Python SQL toolkit and Object Relational Mapper. Description SQLAlchemy does not properly sanitize input passed from the “limit” and “offset” keywords to the select function before using it in an SQL query. Impact A remote attacker could exploit this vulnerability to...
Calligra: User-assisted execution of arbitrary code
Background Calligra is an office suite by KDE. Description An error in the read function in styles.cpp could cause a heap-based buffer overflow. Impact A remote attacker could entice a user to open a specially crafted ODF file, possibly resulting in execution of arbitrary code with the privileges...
Opera: Multiple vulnerabilities
Background Opera is a fast web browser that is available free of charge. Description Multiple vulnerabilities have been discovered in Opera. Please review the CVE identifiers and Opera Release Notes referenced below for details. Impact A remote attacker could entice a user to open a specially...
Libtasn1: Denial of service
Background Libtasn1 is a library used to parse ASN.1 Abstract Syntax Notation One objects, and perform DER Distinguished Encoding Rules decoding. Description Libtasn1 does not properly handle length fields when performing DER decoding. Impact A remote attacker could entice a user to open a...
Atheme IRC Services: Denial of service
Background Atheme is a portable and secure set of open-source and modular IRC services. CertFP is certificate fingerprinting used to authenticate users to nicknames. Description The “myuserdelete” function in account.c does not properly remove CertFP entries when deleting user accounts. Impact A...
SquidClamav: Denial of service
Background SquidClamav is a HTTP anti-virus for Squid based on ClamAV and ICAP. Description SquidClamav does not properly escape URLs before passing them to the system command call. Impact A remote attacker could send a specially crafted URL to SquidClamav, possibly resulting in a Denial of Servi...
LibreOffice: Multiple vulnerabilities
Background LibreOffice is a full office productivity suite. Description Multiple vulnerabilities have been found in LibreOffice: The Microsoft Word Document parser contains an out-of-bounds read error CVE-2011-2713. The Raptor RDF parser contains an XML External Entity expansion error...
Background International Components for Unicode ICU is a set of C/C++ and Java libraries providing Unicode and Globalization support for software applications. Description An error in the canonicalize function in uloc.cpp could cause a stack-based buffer overflow. Impact A remote attacker could...
PHP: Multiple vulnerabilities
Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
BIND: Multiple vulnerabilities
Background BIND is the Berkeley Internet Name Domain Server. Description Multiple vulnerabilities have been discovered in BIND: Domain names are not properly revoked due to an error in the cache update policy CVE-2012-1033. BIND accepts records with zero-length RDATA fields CVE-2012-1667. An...
Expat: Multiple vulnerabilities
Background Expat is a set of XML parsing libraries. Description Multiple vulnerabilities have been discovered in Expat. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted XML file in an application linked agains...
libTIFF: Multiple vulnerabilities
Background libTIFF provides support for reading and manipulating TIFF Tagged Image File Format images. Description Multiple vulnerabilities have been discovered in libTIFF. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple unspecified vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A...
Perl Config-IniFiles Module: Insecure temporary file usage
Background Config-IniFiles is a Perl module for reading .ini-style configuration files. Description The Perl Config-IniFiles module uses predicatable temporary file names. Impact A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running th...
Puppet: Multiple vulnerabilities
Background Puppet is a system configuration management tool written in Ruby. Description Multiple vulnerabilities have been found in Puppet: Puppet uses predictable file names for temporary files CVE-2012-1906. REST requests for a file in a remote filebucket are not handled properly by overriding...
socat: Arbitrary code execution
Background socat is a multipurpose bidirectional relay, similar to netcat. Description A vulnerability in the "xioscanreadline" function in xio-readline.c could cause a heap-based buffer overflow. Impact A remote attacker could possibly execute arbitrary code with the privileges of the socat...
libgdata: Man-in-the-Middle attack
Background libgdata is a GLib-based library for accessing online service APIs using the GData protocol. Description An error in the "gdataservicebuildsession" function of gdata-service.c prevents libgdata from properly validating certificates. Impact A remote attacker could perform...
Gajim: Multiple vulnerabilities
Background Gajim is a Jabber and XMPP client written in PyGTK. Description Multiple vulnerabilities have been discovered in Gajim. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted link using Gajim, possibly...
Chromium: Multiple vulnerabilities
Background Chromium is an open source web browser project. Description Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details. Impact A remote attacker could entice a user to open a specially crafted web site usi...
sudo: Privilege escalation
Background sudo allows a system administrator to give users the ability to run commands as other users. Access to commands may also be granted on a range to hosts. Description An error in sudo may allow unintended IPv4 hosts to be granted access to commands. Impact A local attacker could gain...
Keepalived: Denial of service
Background Keepalived is a strong & robust keepalive facility to the Linux Virtual Server project. Description The "pidfilewrite" function in pidfile.c in Keepalived writes PID files with insecure permissions. Impact A local attacker may be able to cause a Denial of Service of arbitrary processes...
libxml2: User-assisted execution of arbitrary code
Background libxml2 is the XML C parser and toolkit developed for the Gnome project. Description The "xmlXPtrEvalXPtrPart" function in xpointer.c contains an off-by-one error. Impact A remote attacker could entice a user or automated system to open a specially crafted XML document with an...
pidgin-otr: Arbitrary code execution
Background pidgin-otr messaging allows you to have private conversations over instant messaging. Description A format string vulnerability has been found in the "logmessagecb" function in otr-plugin.c. Impact A remote attacker could possibly execute arbitrary code with the privileges of the proce...
JRuby: Denial of service
Background JRuby is a Java-based Ruby interpreter implementation. Description JRuby does not properly randomize hash functions to protect against hash collision attacks. Impact A remote attacker could send a specially crafted input, possibly resulting in a Denial of Service condition. Workaround...
Gnash: Multiple vulnerabilities
Background Gnash is a GNU flash movie player that supports many SWF features. Description Multiple vulnerabilities have been found in Gnash: The "nsPluginInstance::setupCookies" function in plugin.cpp creates world-readable cookies with predictable file names CVE-2011-4328. The "GnashImage::size"...
ChaSen: User-assisted execution of arbitrary code
Background ChaSen is a Japanese morphological analysis system. Description An error in chalib.c of ChaSen could cause a buffer overflow. Impact A remote attacker could entice a user to open a specially crafted text file using ChaSen or an application using the ChaSen libraries, possibly resulting...
CUPS: Multiple vulnerabilities
Background CUPS, the Common Unix Printing System, is a full-featured print server. Description Multiple vulnerabilities have been discovered in CUPS. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to execute arbitrary code using specially...
X.Org X Server: Privilege escalation
Background The X Window System is a graphical windowing system based on a client/server model. Description The "LogVHdrMessageVerb" function in log.c contains a format string vulnerability. NOTE: Exposure to this vulnerability is reduced in Gentoo due to X.Org X Server being built with...
mod_fcgid: Multiple vulnerabilities
Background modfcgid is a binary-compatible alternative to modfastcgi with better process management. Description Multiple vulnerabilities have been found in modfcgid: An error in the "fcgidheaderbucketread" function in fcgidbucket.c could cause a stack-based buffer overflow CVE-2010-3872. An erro...
msmtp: X.509 NULL spoofing vulnerability
Background msmtp is an SMTP client and SMTP plugin for mail user agents such as Mutt. Description A vulnerability have been discovered in msmtp. Please review the CVE identifier referenced below for details. Impact A remote attacker might employ a specially crafted certificate to conduct...
nbd: Multiple vulnerabilities
Background nbd is a userland client/server for kernel network block device. Description Multiple vulnerabilities have been discovered in nbd. Please review the CVE identifiers referenced below for details. Impact nbd allows remote attackers to cause a denial of service NULL pointer dereference an...
Postfix: Multiple vulnerabilities
Background Postfix is Wietse Venema’s mailer that attempts to be fast, easy to administer, and secure, as an alternative to the widely-used Sendmail program. Description A vulnerability have been discovered in Postfix. Please review the CVE identifier referenced below for details. Impact An...
logrotate: Multiple vulnerabilities
Background logrotate rotates, compresses, and mails system logs. Description Multiple vulnerabilities have been discovered in logrotate. Please review the CVE identifiers referenced below for details. Impact A local attacker could use this flaw to truncate arbitrary system file, to change file...
TeX Live: Multiple vulnerabilities
Background TeX Live is a complete TeX distribution. Description Multiple vulnerabilities have been discovered in texlive-core. Please review the CVE identifiers referenced below for details. Impact These vulnerabilities might allow user-assisted remote attackers to execute arbitrary code via a...
Linux-PAM: Multiple vulnerabilities
Background Linux-PAM Pluggable Authentication Modules is an architecture allowing the separation of the development of privilege granting software from the development of secure and appropriate authentication schemes. Description Multiple vulnerabilities have been discovered in Linux-PAM. Please...
sendmail: X.509 NULL spoofing vulnerability
Background sendmail is a widely-used Mail Transport Agent MTA. Description A vulnerability has been discovered in sendmail. Please review the CVE identifier referenced below for details. Impact A remote attacker might employ a specially crafted certificate to conduct man-in-the-middle attacks on...
mount-cifs: Multiple vulnerabilites
Background mount-cifs is the cifs filesystem mount helper split from Samba. Description Multiple vulnerabilities have been discovered in mount-cifs. Please review the CVE identifiers referenced below for details. Impact The vulnerabilities allow local users to cause a denial of service mtab...
Links: SSL verification vulnerability
Background Links is a fast lightweight text and graphic web-browser. Description A SSL verification vulnerability and two unspecified vulnerabilities have been discovered in Links. Please review the Secunia Advisory referenced below for details. Impact An attacker might conduct man-in-the-middle...
Samba: Multiple vulnerabilities
Background Samba is a suite of SMB and CIFS client/server programs. Description Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with root privileges, cause a Deni...
PyCrypto: Weak key generation
Background PyCrypto is the Python Cryptography Toolkit. Description An error in the generate function in ElGamal.py causes PyCrypto to generate weak ElGamal keys. Impact A remote attacker might be able to derive private keys. Workaround There is no known workaround at this time. Resolution All...
RPM: Multiple vulnerabilities
Background The Red Hat Package Manager RPM is a command line driven package management system capable of installing, uninstalling, verifying, querying, and updating computer software packages. Description Multiple vulnerabilities have been found in RPM: fsm.c fails to properly strip setuid and...
Apache HTTP Server: Multiple vulnerabilities
Background Apache HTTP Server is one of the most popular web servers on the Internet. Description Multiple vulnerabilities have been discovered in Apache HTTP Server. Please review the CVE identifiers referenced below for details. Impact A remote attacker might obtain sensitive information, gain...