xerces-c: denial of service

The Xerces-C XML parser fails to successfully parse a DTD that is deeply nested, and this causes a stack overflow, which makes a denial of service attack against many applications possible by an unauthenticated attacker...

vlc: arbitrary code execution

A buffer overflow has been found in the DecodeAdpcmImaQT function of VLC's QuickTime IMA decoder...

xerces-c: arbitrary code execution

The DTDScanner fails to account for the fact that peeking characters in the XMLReader class can raise an exception if an invalid character is encountered, and the exception crosses stack frames in an unsafe way that causes a higher level exception handler to access an already-freed object...

chromium: arbitrary code execution

Various fixes from internal audits, fuzzing and other initiatives, including multiple issues in the processing of malformed web content...

phpmyadmin: multiple issues

CVE-2016-5702 cookie attribute injection A vulnerability was found where, under some circumstances, an attacker can inject arbitrary values in the browser cookies. Only affected when PHPSELF is not set. - CVE-2016-5703 SQL injection A vulnerability was discovered that allows an SQL injection...

libdwarf: arbitrary code execution

CVE-2016-5027 denial of service Multiple NULL pointer dereference issues in several functions of libdwarf/dwarfleb.c, where leb128length was wrongly assumed non-NULL. - CVE-2016-5028 denial of service NULL pointer dereference issue in printframeinstbytes. - CVE-2016-5029 denial of service NULL...

libpurple: multiple issues

CVE-2016-2365 denial of service Specially crafted MXIT data sent via the server could potentially result in a null pointer dereference. - CVE-2016-2366 denial of service Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. - CVE-2016-2367 information...

wget: arbitrary file overwrite

GNU Wget when supplied with a malicious website link can be tricked into saving an arbitrary remote file supplied by an attacker, with arbitrary content and filename under the current directory. This can lead to potential code execution by creating system scripts such as .bashprofile and others...

lib32-flashplugin: multiple issues

CVE-2016-4122, CVE-2016-4123, CVE-2016-4124, CVE-2016-4125, CVE-2016-4127, CVE-2016-4128, CVE-2016-4129, CVE-2016-4130, CVE-2016-4131, CVE-2016-4132, CVE-2016-4133, CVE-2016-4134, CVE-2016-4137, CVE-2016-4141, CVE-2016-4150, CVE-2016-4151, CVE-2016-4152, CVE-2016-4153, CVE-2016-4154,...

lib32-glibc: denial of service

clntudpcall allocates a buffer, using alloca, to store the payload of an incoming socket error. If a malicious server floods the client with crafted ICMP and UDP packets, this can cause the client to allocate sufficiently many such temporary buffers to cause a stack frame overflow denial of...

glibc: denial of service

clntudpcall allocates a buffer, using alloca, to store the payload of an incoming socket error. If a malicious server floods the client with crafted ICMP and UDP packets, this can cause the client to allocate sufficiently many such temporary buffers to cause a stack frame overflow denial of...

flashplugin: multiple issues

CVE-2016-4122, CVE-2016-4123, CVE-2016-4124, CVE-2016-4125, CVE-2016-4127, CVE-2016-4128, CVE-2016-4129, CVE-2016-4130, CVE-2016-4131, CVE-2016-4132, CVE-2016-4133, CVE-2016-4134, CVE-2016-4137, CVE-2016-4141, CVE-2016-4150, CVE-2016-4151, CVE-2016-4152, CVE-2016-4153, CVE-2016-4154,...

expat: multiple issues

CVE-2012-6702 predictable random numbers It was found that when calling XMLParse ahead of rand, it causes the pseudo random generator to generate non-random predictable numbers. - CVE-2016-5300 denial of service It was found that original fix for CVE-2012-0876 used too little entropy for the hash...

lib32-expat: multiple issues

CVE-2012-6702 predictable random numbers It was found that when calling XMLParse ahead of rand, it causes the pseudo random generator to generate non-random predictable numbers. - CVE-2016-5300 denial of service It was found that original fix for CVE-2012-0876 used too little entropy for the hash...

haproxy: denial of service

A problem has been discovered with the new field "ruledenystatus" into struct httptxn, which is filled only by actions "http-request deny" and "http-request tarpit". It's then used in the deny code path to emit the proper error message, but is used uninitialized when the deny comes from a "reqden...

gnutls: arbitrary file overwrite

Setuid programs using GnuTLS could potentially allow an attacker to overwrite and corrupt arbitrary files in the filesystem. This issue was introduced in GnuTLS 3.4.12 with the GNUTLSKEYLOGFILE environment variable handling via getenv and fixed in GnuTLS 3.4.13 by switching to securegetenv where...

lib32-gnutls: arbitrary file overwrite

Setuid programs using GnuTLS could potentially allow an attacker to overwrite and corrupt arbitrary files in the filesystem. This issue was introduced in GnuTLS 3.4.12 with the GNUTLSKEYLOGFILE environment variable handling via getenv and fixed in GnuTLS 3.4.13 by switching to securegetenv where...

subversion: multiple issues

CVE-2016-2167 authentication restriction bypass The canonicalizeusername function in svnserve/cyrusauth.c, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm...

firefox: multiple issues

CVE-2016-2815 arbitrary code execution Mozilla developers and community members reported several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with...

qemu-arch-extra: multiple issues

CVE-2015-8558 denial of service An infinite-loop issue was found in the QEMU emulator built with USB EHCI emulation support. The flaw occurred during communication between the host controller interfaceEHCI and a respective device driver. These two communicate using an isochronous transfer...

qemu: multiple issues

CVE-2015-8558 denial of service An infinite-loop issue was found in the QEMU emulator built with USB EHCI emulation support. The flaw occurred during communication between the host controller interfaceEHCI and a respective device driver. These two communicate using an isochronous transfer...

chromium: multiple issues

CVE-2016-1696 cross-origin bypass: Cross-origin bypass in Extension bindings. Credit to anonymous. - CVE-2016-1697 cross-origin bypass: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. - CVE-2016-1698 information leakage: Information leak in Extension bindings. Credit to Rob Wu. -...

ntp: distributed denial of service amplification

CVE-2016-4953 distributed denial of service amplification An attacker who knows the origin timestamp and can send a spoofed packet containing a CRYPTO-NAK to an ephemeral peer target before any other response is sent can demobilize that association. Credit to Miroslav Lichvar of Red Hat -...

webkit2gtk: arbitrary code execution

WebKitGTK+ allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1856. Credit to Jeonghoon Shin at A.D.D and Liang Chen, Zhen Feng, wushi of KeenLab, Tencen...

nginx-mainline: denial of service

A vulnerability was found in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while handling the client request body...

nginx: denial of service

A vulnerability was found in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while handling the client request body...

chromium: multiple issues

CVE-2016-1672: Cross-origin bypass in extension bindings. Credit to Mariusz Mlynski. - CVE-2016-1673: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. - CVE-2016-1674: Cross-origin bypass in extensions. Credit to Mariusz Mlynski. - CVE-2016-1675: Cross-origin bypass in Blink. Credit to...

libxml2: multiple issues

CVE-2016-1762 denial of service A vulnerability has been discovered that allows remote attackers to cause a denial of service memory corruption via a crafted XML document. - CVE-2016-1833 denial of service A maliciously crafted file could cause the application to crash due to a heap-based...

libndp: man-in-the-middle

Libndp before version 1.6 does properly validate and check the origin of Neighbor Discovery Protocol NDP messages. An attacker on a non-local network can exploit this flaw to advertise a node as a router, which allows them to re-route the traffic through an attacker-controlled node...

bugzilla: cross-site scripting

An attacker can craft a malicious summary within a bug report to host malicious javascript code. This code will be served to a user when he or she navigates to the bug's dependency graph...

p7zip: arbitrary code execution

CVE-2016-2334 arbitrary code execution An exploitable heap overflow vulnerability exists in the NArchive::NHfs::CHandler::ExtractZlibFile method functionality of 7zip that can lead to arbitrary code execution. Before decompression, ExtractZlibFile method read block size and its offset from file...

lib32-expat: arbitrary code execution

CVE-2015-1283 arbitrary code execution Multiple integer overflows in the XMLGetBuffer function allow remote attackers to cause a denial of service heap-based buffer overflow or possibly arbitrary code execution via crafted XML data. This problem has already been fixed in version 2.1.0-1 but this...

expat: arbitrary code execution

CVE-2015-1283 arbitrary code execution Multiple integer overflows in the XMLGetBuffer function allow remote attackers to cause a denial of service heap-based buffer overflow or possibly arbitrary code execution via crafted XML data. This problem has already been fixed in version 2.1.0-1 but this...

thunderbird: arbitrary code execution

CVE-2016-2804: Gary Kwong, Christian Holler, Andrew McCreight, Boris Zbarsky, and Steve Fink reported memory safety problems and crashes. - CVE-2016-2805: Christian Holler reported a memory safety problem. - CVE-2016-2806: Gary Kwong, Christian Holler, Jesse Ruderman, Mats Palmgren, Carsten Book,...

lib32-glibc: multiple issues

CVE-2016-1234 arbitrary code execution It was found that glob implementation in glibc does not correctly handle overlong names in struct dirent buffers when GLOBALTDIRFUNC is used, causing a large stack-based buffer overflow with controlled length and content. - CVE-2016-3706 denial of service A...

glibc: multiple issues

CVE-2016-1234 arbitrary code execution It was found that glob implementation in glibc does not correctly handle overlong names in struct dirent buffers when GLOBALTDIRFUNC is used, causing a large stack-based buffer overflow with controlled length and content. - CVE-2016-3706 denial of service A...

flashplugin: arbitrary code execution

CVE-2016-1096: Memory corruption. Mateusz Jurczyk and Natalie Silvanovich of Google Project Zero. - CVE-2016-1097: Use-after-free. Wen Guanxing from Pangu LAB, working with the Chromium Vulnerability Rewards Program . - CVE-2016-1098: Memory corruption. Wen Guanxing from Pangu LAB. -...

chromium: multiple issues

CVE-2016-1667: Same origin bypass in DOM. Credit to Mariusz Mlynski. - CVE-2016-1668: Same origin bypass in Blink V8 bindings. Credit to Mariusz Mlynski. - CVE-2016-1669: Buffer overflow in V8. Credit to Choongwoo Han. - CVE-2016-1670: Race condition in loader. Credit to anonymous...

libksba: denial of service

An out-of-bound read access due to incorrect utf-8 strings handling has been in found in the ksbadntostr function. This issue is due to an incomplete fix for CVE-2016-4356, caused by an off-by-one error when handling incorrect utf-8 strings...

lib32-flashplugin: arbitrary code execution

CVE-2016-1096: Memory corruption. Mateusz Jurczyk and Natalie Silvanovich of Google Project Zero. - CVE-2016-1097: Use-after-free. Wen Guanxing from Pangu LAB, working with the Chromium Vulnerability Rewards Program . - CVE-2016-1098: Memory corruption. Wen Guanxing from Pangu LAB. -...

squid: multiple issues

CVE-2016-4554 cache poisoning, same-origin policy bypass: Due to incorrect input validation, Squid is vulnerable to a header smuggling attack leading to cache poisoning and bypass of the same-origin security policy in Squid and some client browsers. - CVE-2016-4555, CVE-2016-4556 denial of...

cacti: sql injection

A SQL injection vulnerability has been found in cacti, in the the hostgroupdata parameter of the graphview.php file...

mencoder: denial of service

A vulnerability has been discovered that is leading to a crash when playing a fuzzed gif file. The gif demuxes assumed in many places that widthheight is = INTMAX, however this was not always true and was leading to an integer overflow...

mplayer: denial of service

A vulnerability has been discovered that is leading to a crash when playing a fuzzed gif file. The gif demuxes assumed in many places that widthheight is = INTMAX, however this was not always true and was leading to an integer overflow...

gd: arbitrary code execution

A heap-based buffer overflow caused by an integer signedness error has been found in the libgd code handling compressed gd2 chunks...

mercurial: arbitrary code execution

Mercurial prior to 3.8 allowed arbitrary code execution when using the convert extension on Git repos with hostile names. This could affect automated code conversion services that allow arbitrary repository names. This is a further side-effect of Git CVE-2015-7545. Reported and fixed by Blake...

latex2rtf: arbitrary code execution

A format string vulnerability was found in the CmdKeywords function, where the user-controlled variable 'keywords' is passed as a format argument to vnsprintf, when processing the \keywords command in a TeX file...

chromium: multiple issues

CVE-2016-1660: Out-of-bounds write in Blink. Credit to Atte Kettunen of OUSPG. - CVE-2016-1661: Memory corruption in cross-process frames. Credit to Wadih Matar. - CVE-2016-1662: Use-after-free in extensions. Credit to Rob Wu. - CVE-2016-1663: Use-after-free in Blink's V8 bindings. Credit to...

quassel-core: denial of service

CVE-2016-4414 denial of service It was found that quasselcore is vulnerable to a denial of service attack by unauthenticated clients. The protocol negotiation did not take into account lack of a match, in which case PeerFactory::createPeer returns a nullptr, which is immediately dereferenced...

imagemagick: arbitrary code execution

It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities,...