libssh2: man-in-the-middle

There is a bits/bytes confusion bug resulting in generation of a significantly short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the recommended sizes of 1024 and 2048 bits respectively. There ar...

lib32-libssh2: man-in-the-middle

There is a bits/bytes confusion bug resulting in generation of a significantly short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the recommended sizes of 1024 and 2048 bits respectively. There ar...

libgcrypt: secret key extraction

A vulnerability was found in a way the ECDH encryption algorithm decrypts data. An attacker with a specialized setup can extract the secret decryption key from a target located in an adjacent room within seconds. This is done by measuring the target's electromagnetic emanations...

libssh: man-in-the-middle

libssh versions 0.1 and above have a bits/bytes confusion bug and generate the an anormaly short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the recommended sizes of 1024 and 2048 bits...

chromium: multiple issues

Same-origin bypass in Blink and Sandbox escape in Chrome...

thunderbird: multiple issues

CVE-2015-7575 man-in-the-middle: Security researcher Karthikeyan Bhargavan reported an issue in Network Security Services NSS where MD5 signatures in the server signature within the TLS 1.2 ServerKeyExchange message are still accepted. This is an issue since NSS has officially disallowed the...

lib32-glibc: multiple issues

CVE-2015-7547 arbitrary code execution A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the...

glibc: multiple issues

CVE-2015-7547 arbitrary code execution A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the...

firefox: same-origin policy bypass

Jason Pang of OneSignal reported that service workers intercept responses to plugin network requests made through the browser. Plugins which make security decisions based on the content of network requests can have these decisions subverted if a service worker forges responses to those requests...

nghttp2: denial of service

HTTP/2 uses HPACK to compress header fields. The basic idea is that HTTP header field is stored in the receiver with the numeric index number. The memory used by this storage is tightly constrained, and it is 4KiB by default. When sender sends the same header field, it just sends the correspondin...

botan: multiple issues

CVE-2016-2194 denial of service The ressol function implements the Tonelli-Shanks algorithm for finding square roots could be sent into a nearly infinite loop due to a misplaced conditional check. This could occur if a composite modulus is provided, as this algorithm is only defined for primes...

kscreenlocker: access restriction bypass

A vulnerability has been discovered in kscreenlocker that is leading to access restriction bypass. Turning all screens off while the lock screen is shown can result in the screen being unlocked when turning a screen on again...

libsndfile: multiple issues

CVE-2014-9496 unspecified impact The sd2parsersrcfork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a 1 map offset or 2 rsrc marker, which triggers an out-of-bounds read. - CVE-2014-9756 denial of service The psffwrite function in fileio.c in...

lib32-libsndfile: multiple issues

CVE-2014-9496 unspecified impact The sd2parsersrcfork function in sd2.c in lib32-libsndfile allows attackers to have unspecified impact via vectors related to a 1 map offset or 2 rsrc marker, which triggers an out-of-bounds read. - CVE-2014-9756 denial of service The psffwrite function in...

libbsd: denial of service

CVE-2016-2090 buffer overflow libbsd 0.8.1 and earlier contains a buffer overflow in the function fgetwln. An "if" checks if it is necessary to reallocate memory in the target buffer. However this check is off by one, therefore an out of bounds write happens...

lib32-nettle: improper cryptographic calculations

CVE-2015-8803 CVE-2015-8804 CVE-2015-8805 improper cryptographic calculations It has been discovered that multiple carry propagation bugs are producing wrong results in calculations. They affect the NIST P-256 and P-384 curves. The P-256 bug is in the C code and affects multiple architectures...

nettle: improper cryptographic calculations

CVE-2015-8803 CVE-2015-8804 CVE-2015-8805 improper cryptographic calculations It has been discovered that multiple carry propagation bugs are producing wrong results in calculations. They affect the NIST P-256 and P-384 curves. The P-256 bug is in the C code and affects multiple architectures...

python-django: permission bypass

If a ModelAdmin uses saveas=True not the default, the admin provides an option when editing objects to "Save as new". A regression in Django 1.9 prevented that form submission from raising a "Permission Denied" error for users without the "add" permission...

curl: authentication bypass

A vulnerability was found in a way libcurl uses NTLM-authenticated proxy connections. Libcurl will reuse NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. Since NTLM-based authentication is...

python2-django: permission bypass

If a ModelAdmin uses saveas=True not the default, the admin provides an option when editing objects to "Save as new". A regression in Django 1.9 prevented that form submission from raising a "Permission Denied" error for users without the "add" permission...

lib32-curl: authentication bypass

A vulnerability was found in a way libcurl uses NTLM-authenticated proxy connections. Libcurl will reuse NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. Since NTLM-based authentication is...

lib32-openssl: man-in-the-middle

CVE-2015-3197 man-in-the-middle A flaw was found in the way malicious SSL/TLS clients could negotiate SSLv2 ciphers that have been disabled on the server. This could result in weak SSLv2 ciphers being used for SSL/TLS connections, making them vulnerable to man-in-the-middle attacks. -...

openssl: man-in-the-middle

CVE-2015-3197 man-in-the-middle A flaw was found in the way malicious SSL/TLS clients could negotiate SSLv2 ciphers that have been disabled on the server. This could result in weak SSLv2 ciphers being used for SSL/TLS connections, making them vulnerable to man-in-the-middle attacks. -...

nginx: denial of service

CVE-2016-0742 denial of service Invalid pointer dereference might occur during DNS server response processing if the "resolver" directive was used, allowing an attacker who is able to forge UDP packets from the DNS server to cause segmentation fault in a worker process. - CVE-2016-0746 denial of...

privoxy: denial of service

CVE-2016-1982 denial of service A vulnerability was discovered in a way the privoxy deals with corrupted chunk-encoded content. A maliciously crafted input can result in a remote denial of service. - CVE-2016-1983 denial of service A vulnerability was found in a way the privoxy processes specific...

ecryptfs-utils: privilege escalation

An unprivileged user can mount an ecryptfs over /proc/$pid because according to stat, it is a normal directory and owned by the user. However, the user is not actually permitted to create arbitrary directory entries in /proc/$pid, and ecryptfs' behavior might be enabling privilege escalation...

blueman: privilege escalation

A local privilege escalation vulnerability has been found in the Network::EnableNetwork method of blueman. An unsanitized string is received over DBUS into the dhcphandler parameter and passed to eval, thus allowing arbitrary command execution with the privileges of the user running blueman...

linux-lts: privilege escalation

It was reported that possible use-after-free vulnerability in keyring facility, possibly leading to local privilege escalation, was found. Function joinsessionkeyring in security/keys/processkeys.c holds a reference to the requested keyring, but if that keyring is the same as the one being...

python2-rsa: signature forgery

The verify function in the RSA package for Python Python-RSA before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack...

python-rsa: signature forgery

The verify function in the RSA package for Python Python-RSA before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack...

mbedtls: man-in-the-middle

mbedTLS before 2.2.1 is vulnerable to the SLOTH attack, breaking MD5 signatures potentially used during TLS 1.2 handshakes to impersonate a TLS server...

chromium: multiple issues

CVE-2016-1612: The LoadIC::UpdateCaches function in ic/ic.cc in Google V8 does not ensure receiver compatibility before performing a cast of an unspecified variable, which allows remote attackers to cause a denial of service or possibly have unknown other impact via crafted JavaScript code...

libdwarf: denial of service

A problem has been discovered when the debugabbrev section is marked as NOBITS in the ELF file - in other words as a zero-init section rather than a section with contents in the file. Such a crafted section is leading to a null pointer dereference resulting in denial of service...

bind: denial of service

CVE-2015-8704 denial of service A buffer size check used to guard against overflow could cause named to exit with an INSIST failure In apl42.c. A server could exit while performing certain string formatting operations. Examples include but may not be limited to: 1 Slaves using text-format db...

linux: privilege escalation

It was reported that possible use-after-free vulnerability in keyring facility, possibly leading to local privilege escalation, was found. Function joinsessionkeyring in security/keys/processkeys.c holds a reference to the requested keyring, but if that keyring is the same as the one being...

go-ipfs: information leakage

This issue can affect RSA computations in crypto/rsa, which is used by crypto/tls. TLS servers on 32-bit systems could plausibly leak their RSA private key due to this issue. Other protocol implementations that create many RSA signatures could also be impacted in the same way. Specifically,...

hub: information leakage

This issue can affect RSA computations in crypto/rsa, which is used by crypto/tls. TLS servers on 32-bit systems could plausibly leak their RSA private key due to this issue. Other protocol implementations that create many RSA signatures could also be impacted in the same way. Specifically,...

syncthing: information leakage

This issue can affect RSA computations in crypto/rsa, which is used by crypto/tls. TLS servers on 32-bit systems could plausibly leak their RSA private key due to this issue. Other protocol implementations that create many RSA signatures could also be impacted in the same way. Specifically,...

roundcubemail: remote code execution

High-Tech Bridge Security Research Lab discovered a path traversal vulnerability in Roundcube. Vulnerability can be exploited to gain access to sensitive information and under certain circumstances to execute arbitrary code and totally compromise the vulnerable server. The vulnerability exists du...

ffmpeg: information leakage

A vulnerability in the way FFmpeg handles the concat CVE-2016-1897 and subfile CVE-2016-1898 protocols in a HTTP Live Streaming HLS M3U8 file allows a remote attacker to conduct a cross-origin attacks, and to access arbitrary local files on the vulnerable host. The attack uses a crafted M3U8 file...

ntp: time alteration

If ntpd is always started with the -g option, which is common and against long-standing recommendation, and if at the moment ntpd is restarted an attacker can immediately respond to enough requests from enough sources trusted by the target, which is difficult and not common, there is a window of...

keybase: information leakage

This issue can affect RSA computations in crypto/rsa, which is used by crypto/tls. TLS servers on 32-bit systems could plausibly leak their RSA private key due to this issue. Other protocol implementations that create many RSA signatures could also be impacted in the same way. Specifically,...

docker: information leakage

This issue can affect RSA computations in crypto/rsa, which is used by crypto/tls. TLS servers on 32-bit systems could plausibly leak their RSA private key due to this issue. Other protocol implementations that create many RSA signatures could also be impacted in the same way. Specifically,...

go: information leakage

This issue can affect RSA computations in crypto/rsa, which is used by crypto/tls. TLS servers on 32-bit systems could plausibly leak their RSA private key due to this issue. Other protocol implementations that create many RSA signatures could also be impacted in the same way. Specifically,...

openssh: multiple issues

CVE-2016-0777 information disclosure An information leak flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to leak portions of memory possibly including private SSH keys of a successfully authenticated OpenSSH client...

php: multiple issues

CVE-2016-1903 information disclosure An out-of-bounds vulnerability has been discovered in ext/gd/libgd/gdinterpolation.c in the gdImageRotateInterpolated function. The background color of an image is passed in as an integer that represents an index to the color palette. As there is a lack of...

libxslt: denial of service

A type confusion vulnerability was discovered in the xsltStylePreCompute function of libxslt. A remote attacker could possibly exploit this flaw to cause an application using libxslt to crash by tricking the application into processing a specially crafted XSLT document...

dhcpcd: denial of service

CVE-2016-1503 denial of service An issue has been discovered that can lead to a heap overflow via malformed dhcp responses later in printoption via dhcpenvoption1 due to incorrect option length values. - CVE-2016-1504 denial of service A malformed dhcp response can lead to an invalid read/crash...

wireshark-cli: denial of service

CVE-2015-8742 denial of service The dissectCPMSetBindings function in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.1 does not validate the column size, which allows remote attackers to cause a denial of service memory consumption or application crash via a...

wireshark-qt: denial of service

CVE-2015-8742 denial of service The dissectCPMSetBindings function in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.1 does not validate the column size, which allows remote attackers to cause a denial of service memory consumption or application crash via a...