Note: After some upstream versioning limbo, this is the official first release
of argus 3.0 considered to be an release-candidate. Bug fixes for this
version will make its way into the upcoming 3.0.1!
CVE-2007-6714 (Medium) :
DBMail before 2.2.9, when using authldap with an LDAP server that supports anonymous login
such as Active Directory, allows remote attackers to bypass authentication via an empty
password, which causes the LDAP bind to indicate success based on anonymous authentication.
CVE-2008-0053 (High) :
Multiple buffer overflows in the HP-GL/2-to-PostScript filter in CUPS before 1.3.6 might allow
remote attackers to execute arbitrary code via a crafted HP-GL/2 file.
CVE-2008-1373 (High) :
Buffer overflow in the gif_read_lzw in CUPS 1.3.6 allows remote attackers to have an unknown
impact via a GIF file with a large code_size value, a similar issue to CVE-2006-4484.
CVE-2008-1657 (Medium ) :
OpenSSH before 4.9 allows remote authenticated users to bypass the sshd_config
ForceCommand directive by modifying the .ssh/rc session file.
CVE-2008-1372 (Medium) :
bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service
(crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS
GENOME test suite for Archive Formats.
CVE-2008-1530 (High) :
GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and
possibly execute arbitrary code via crafted duplicate keys that are imported from key servers,
which triggers "memory corruption around deduplication of user IDs."
CVE-2008-1530 (High) :
GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and
possibly execute arbitrary code via crafted duplicate keys that are imported from key servers,
which triggers "memory corruption around deduplication of user IDs."
CVE-2008-1768 (Medium) :
Multiple integer overflows in VLC before 0.8.6f allow remote attackers to cause a denial of
service (crash) via the (1) MP4 demuxer, (2) Real demuxer, and (3) Cinepak codec, which
triggers a buffer overflow.
CVE-2008-1769 (Medium) :
VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via a crafted
Cinepak file that triggers an out-of-bounds array access and memory corruption.
CVE-2007-5198 (Medium) :
Buffer overflow in the redir function in check_http.c in Nagios Plugins before 1.4.10, when
running with the -f (follow) option, allows remote web servers to execute arbitrary code via
Location header responses (redirects) with a large number of leading "L" characters.
CVE-2007-5623 (Medium) :
Buffer overflow in the check_snmp function in Nagios Plugins (nagios-plugins) 1.4.10 allows
remote attackers to cause a denial of service (crash) via crafted snmpget replies.
CVE-2007-5624 (Medium) :
Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10 allows remote attackers to inject
arbitrary web script or HTML via unknown vectors to unspecified CGI scripts.
CVE-2008-1360 (Medium) :
Cross-site scripting (XSS) vulnerability in Nagios before 2.11 allows remote attackers to inject
arbitrary web script or HTML via unknown vectors to unspecified CGI scripts, a different issue
than CVE-2007-5624.
CVE-2008-0171 (Medium) :
regex/v4/perl_matcher_non_recursive.hpp in the Boost regex library (aka Boost.Regex) in Boost
1.33 and 1.34 allows context-dependent attackers to cause a denial of service (failed assertion
and crash) via an invalid regular expression.
CVE-2008-0172 (Medium) :
The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka
Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of
service (NULL dereference and crash) via an invalid regular expression.
CVE-2008-1720 (High) :
Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute (xattr) support enabled, might
allow remote attackers to execute arbitrary code via unknown vectors.
CVE-2007-1276 (Medium) :
Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and
Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted
filename.
CVE-2007-3156 (Medium) :
Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and
Usermin before 1.280 allow remote attackers to inject arbitrary web script or HTML via the (1) cid,
(2) message, or (3) question parameter. NOTE: some of these details are obtained from third
party information.
CVE-2007-5066 (High) :
Unspecified vulnerability in Webmin before 1.370 on Windows allows remote authenticated users
to execute arbitrary commands via a crafted URL.
CVE-2008-0720 (Medium) :
Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 1.390 and Usermin 1.300 and 1.320
allows remote attackers to inject arbitrary web script or HTML via the search parameter to
webmin_search.cgi (aka the search section), and possibly other components accessed through
a "search box" or "open file box." NOTE: some of these details are obtained from third party
information.
CVE-2008-0564 (Medium) :
Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow remote
attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) editing
templates and (2) the list's "info attribute" in the web administrator interface, a different
vulnerability than CVE-2006-3636.
CVE-2007-6389 (Low) :
The notify feature in GNOME screensaver (gnome-screensaver) 2.20.0 might allow local users to
read the clipboard contents and X selection data for a locked session by using ctrl-V.
CVE-2008-0887 (Medium) :
gnome-screensaver before 2.22.1, when a remote authentication server is enabled, crashes
upon an unlock attempt during a network outage, which allows physically proximate attackers to
gain access to the locked session, a related issue to CVE-2007-1859.