(Sep 13) Multiple vulnerabilities were discovered in the dissectors for LDAP, RTPS and NBAP and in the Netmon file parser, which could result in denial of service or the execution of arbitrary code. [More…]
Posts Tagged code
(Sep 4) Several vulnerabilities have been discovered in libmodplug, a library for mod music based on ModPlug, that might allow arbitrary code execution when processing specially-crafted ABC files through applications using the library, such as media players. [More…]
(Sep 3) Anton Kortunov reported a heap corruption in ImageMagick, a program collection and library for converting and manipulating image files. Crafted GIF files could cause ImageMagick to crash, potentially leading to arbitrary code execution. [More…]
(Sep 2) Colin Cuthbertson and Walter Doekes discovered two vulnerabilities in the SIP processing code of Asterisk – an open source PBX and telephony toolkit -, which could result in denial of service. [More…]
(Sep 1) Several denial-of-service vulnerabilities were discovered in the dcraw code base, a program for procesing raw format images from digital cameras. This update corrects them in the copy that is embedded in the exactimage package. [More…]
(Aug 29) Multiple security issues have been found in Icedove, Debian’s version of the Mozilla Thunderbird mail and news client. Multiple memory safety errors, missing permission checks and other implementation errors may lead to the execution of arbitrary code or cross-site scripting. [More…]
(Aug 27) Pedro Ribeiro and Huzaifa S. Sidhpurwala discovered multiple vulnerabilities in various tools shipped by the tiff library. Processing a malformed file may lead to denial of service or the execution of arbitrary code. [More…]
(Aug 7) Multiple security issues have been found in Iceweasel, Debian’s version of the Mozilla Firefox web browser: Multiple memory safety errors, missing permission checks and other implementation errors may lead to the execution of arbitrary code, cross-site scripting, privilege [More…]
(Jul 25) Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service. [More…]
(Jul 17) It was discovered that PHP could perform an invalid free request when processing crafted XML documents, corrupting the heap and potentially leading to arbitrary code execution. Depending on the PHP application, this vulnerability could be exploited remotely. [More…]
(Jul 15) Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service. [More…]
(Jun 26) It was discovered that puppet, a centralized configuration management system, did not correctly handle YAML payloads. A remote attacker could use a specially-crafted payload to execute arbitrary code on the puppet master. [More…]
(Jun 9) It was discovered that applications using the mesa library, a free implementation of the OpenGL API, may crash or execute arbitrary code due to an out of bounds memory access in the library. This vulnerability only affects systems with Intel chipsets. [More…]
(Jun 2) Multiple vulnerabilities were discovered in the dissectors for GTPv2, ASN.1 BER, PPP CCP, DCP ETSI, MPEG DSM-CC and Websocket, which could result in denial of service or the execution of arbitrary code. [More…]
(Mar 20) A cross-site scripting vulnerability was discovered in smokeping, a latency logging and graphing system. Input passed to the “displaymode” parameter was not properly sanitized. An attacker could use this flaw to execute arbitrary HTML and script code in a user’s browser session in [More…]
(Mar 15) A buffer overflow was discovered in the Firebird database server, which could result in the execution of arbitrary code. In addition, a denial of service vulnerability was discovered in the TraceManager. [More…]
(Mar 15) A buffer overflow was discovered in the Firebird database server, which could result in the execution of arbitrary code. For the stable distribution (squeeze), this problem has been fixed in [More…]
(Mar 14) Multiple vulnerabilities were discovered in the dissectors for the MS-MMS, RTPS, RTPS2, Mount, ACN, CIMD and DTLS protocols, which could result in denial of service or the execution of arbitrary code. [More…]
(Mar 9) Yves Orton discovered a flaw in the rehashing code of Perl. This flaw could be exploited to carry out a denial of service attack against code that uses arbitrary user input as hash keys. Specifically an attacker could create a set of keys of a hash causing a denial of service via [More…]
(Mar 4) Multiple buffer overflows were discovered in OpenAFS, the implementation of the distributed filesystem AFS, which might result in denial of service or the execution of arbitrary code. Further information is available at http://www.openafs.org/security. [More…]
(Feb 16) Several vulnerabilities have been discovered in FFmpeg, a multimedia player, server and encoder. Multiple input validations in the decoders/ demuxers for Shorten, Chines AVS video, VP5, VP6, AVI, AVS and MPEG-1/2 files could lead to the execution of arbitrary code. [More…]
(Feb 16) Multiple vulnerabilities were discovered in the dissectors for the CLNP, DTLS, DCP-ETSI and NTLMSSP protocols, which could result in denial of service or the execution of arbitrary code. [More…]
(Jan 24) It was discovered that a bug in the server capability negotiation code of ircd-ratbox could result in denial of service. For the stable distribution (squeeze), this problem has been fixed in [More…]
(Jan 15) It was discovered that the e1000 emulation code in QEMU does not enforce frame size limits in the same way as the real hardware does. This could trigger buffer overflows in the guest operating system driver for that network card, assuming that the host system does not [More…]
(Jan 15) It was discovered that the e1000 emulation code in QEMU does not enforce frame size limits in the same way as the real hardware does. This could trigger buffer overflows in the guest operating system driver for that network card, assuming that the host system does not [More…]
(Dec 29) It was discovered that missing input validation in the twikidraw and anywikidraw actions can result in the execution of arbitrary code. This security issue in being actively exploited. [More…]
(Dec 30) Marc Schoenefeld discovered that an integer overflow in the ICC parsing code of Ghostscript can lead to the execution of arbitrary code. For the stable distribution (squeeze), this problem has been fixed in [More…]
(Dec 26) Bjorn Mork and Laurent Butti discovered crashes in the PPP and RTPS2 dissectors, which could potentially result in the execution of arbitrary code. [More…]
(Dec 16) The tiff library for handling TIFF image files contained a stack-based buffer overflow, potentially allowing attackers who can submit such files to a vulnerable system to execute arbitrary code. [More…]