wireshark-gtk: denial of service

CVE-2015-8742 denial of service The dissectCPMSetBindings function in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.1 does not validate the column size, which allows remote attackers to cause a denial of service memory consumption or application crash via a...

wordpress: cross-side scripting

A cross-site scripting vulnerability has been discovered that could allow a site to be compromised...

gajim: man-in-the-middle

It was found that gajim doesn't verify the origin of roster pushes thus allowing third parties to modify the roster. This vulnerability allows to intercept messages resulting in man-in-the-middle...

rtmpdump: multiple issues

Several issues have been found in the part of rtmpdump handling RTMP streams by LMX of Qihoo 360 Codesafe Team. These issues include memory leak, integer overflow, type confusion when dealing with AMF strings and objects, and several other parsing issues...

openvpn: out-of-bound read

The code always tried to copy-out a "struct sockaddrin6" even for IPv4 results, which reads more bytes than getaddrinfo is guaranteed to allocate...

flashplugin, lib32-flashplugin: multiple issues

CVE-2015-8459: Memory corruption vulnerabilities that could lead to code execution. Credited to Kai Kang of Tencent's Xuanwu LAB. - CVE-2015-8460: Memory corruption vulnerabilities that could lead to code execution. Credited to Jie Zeng of Qihoo 360. - CVE-2015-8634, CVE-2015-8635: Use-after-free...

libpng: buffer overflow

It was discovered that the pnggetPLTE and pngsetPLTE functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer...

nghttp2: use-after-free

nghttp2 1.6.0 fixes a heap-based use-after-free bug in idle stream handling code, where an idle/closed stream could possibly be destroyed while it was still referenced...

mediawiki: multiple issues

CVE-2015-8622: T117899 XSS from wikitext when $wgArticlePath='$1'. Internal review discovered an XSS vector when MediaWiki is configured with a non-standard configuration. - CVE-2015-8624: T119309 User::matchEditToken should use constant-time string comparison. Internal review discovered that...

thunderbird: multiple issues

CVE-2015-7201 cross-origin restriction bypass using data: and view-source: uri scheme: Security researcher Tsubasa Iinuma reported a mechanism to violate same-origin policy to content using data: and view-source: URIs to confuse protections and bypass restrictions. This resulted in the ability to...

claws-mail: buffer overflow

A remotely triggerable buffer overflow has been found in the code of claws-mail handling character conversion, in functions convjistoeuc, conveuctojis and convsjistoeuc, in codeconv.c. There was no bounds checking on buffers passed to these functions, some stack-based but other potentially...

python2-pyamf: XML external entity injection

PyAMF suffers from insufficient AMF input payload sanitization which results in the XML parser not preventing the processing of XML external entities XXE. A specially crafted AMF payload, containing malicious references to XML external entities, can be used to trigger denial of service DoS...

ruby: unsafe tainted string usage

There is an unsafe tainted string vulnerability in Fiddle and DL. This issue was originally reported and fixed with CVE-2009-5147 in DL, but reappeared after DL was reimplemented using Fiddle and libffi...

bind: denial of service

An error in the parsing of incoming responses allows some records with an incorrect class to be accepted by BIND instead of being rejected as malformed. This can trigger a REQUIRE assertion failure when those records are subsequently cached. Intentional exploitation of this condition is possible...

firefox: multiple issues

CVE-2015-7201 CVE-2015-7202 arbitrary code execution Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we...

keepassx: information disclosure

It was found that XML export function creates hidden XML file containing user passwords in plaintext without warning, when the export is canceled, which may go unnoticed by the user. In this case the password database was exported as the file .xml in the current working directory often $HOME or t...

flashplugin: multiple issues

CVE-2015-8045 CVE-2015-8060 CVE-2015-8408 CVE-2015-8416 CVE-2015-8417 CVE-2015-8418 CVE-2015-8419 CVE-2015-8443 CVE-2015-8444 CVE-2015-8047 CVE-2015-8451 CVE-2015-8455 arbitrary code execution Memory corruption vulnerabilities have been discovered that could lead to arbitrary code execution. -...

chromium: multiple issues

CVE-2015-6788 arbitrary code execution A type confusion vulnerability has been discovered in the handling of extensions that could possibly lead to arbitrary code execution. - CVE-2015-6789 arbitrary code execution A use-after free vulnerability has been discovered in Blink that could possibly...

libxml2: multiple issues

CVE-2015-1819 denial of service A denial of service flaw was found in the way the libxml2 library parsed certain XML files. An attacker could provide a specially crafted XML file that, when parsed by an application using libxml2, could cause that application to use an excessive amount of memory...

python-django, python2-django: information leakage

If an application allows users to specify an unvalidated format for dates and passes this format to the date filter, e.g. lastupdated|date:userdateformat , then a malicious user could obtain any secret in the application's settings by specifying a settings key instead of a date format. e.g...

nodejs: multiple issues

CVE-2015-6764 V8 out-of-bounds access vulnerability: A bug was discovered in V8's implementation of JSON.stringify that can result in out-of-bounds reads on arrays. The patch was included in this week's update of Chrome Stable. While this bug is high severity for browsers, it is considered lower...

openssl lib32-openssl: multiple issues

CVE-2015-3193 insecure private key in connection with DHE There is a carry propagating bug in the x8664 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not...

chromium: multiple issues

CVE-2015-6764: Out of bounds access in v8. Credit to Guang Gong of Qihoo 360 via pwn2own. - CVE-2015-6765, CVE-2015-6766, CVE-2015-6767: Use-after-free in AppCache. - CVE-2015-6768, CVE-2015-6770, CVE-2015-6772: Cross-origin bypass in DOM. Credit to Mariusz Mlynski. - CVE-2015-6769: Cross-origin...

jenkins: multiple issues

CVE-2015-5317 information leakage The Jenkins UI allowed users to see the names of jobs and builds otherwise inaccessible to them on the "Fingerprints" pages if those shared file fingerprints with fingerprinted files in accessible jobs. - CVE-2015-5318 cross-side request forgery The salt used to...

lib32-libpng: multiple issues

CVE-2015-7981 out-of-bounds read This is an array indexing error, which can lead to an out-of-bounds read of a static buffer. The result is now unsigned no longer negative, but now a huge positive number. - CVE-2015-8126 arbitrary code execution Buffer overflow vulnerabilities in functions...

libpng: multiple issues

CVE-2015-7981 out-of-bounds read This is an array indexing error, which can lead to an out-of-bounds read of a static buffer. The result is now unsigned no longer negative, but now a huge positive number. - CVE-2015-8126 arbitrary code execution Buffer overflow vulnerabilities in functions...

chromium: information leakage

The PDF viewer does not properly restrict scripting messages and API exposure, which allows remote attackers to bypass the Same Origin Policy via an unintended embedder or unintended plugin loading, related to pdf.js and outofprocessinstance.cc...

powerdns: denial of service

This bug was found using afl-fuzz in the packet parsing code. This bug, when exploited, causes an assertion error and consequent termination of the the pdnsserver process, causing a denial-of-service...

putty: arbitrary code execution

A potential memory-corrupting integer overflow has been discovered in the handling of the ECH erase characters control sequence in the terminal emulator. To exploit a vulnerability in the terminal emulator, an attacker must be able to insert a carefully crafted escape sequence into the terminal...

flashplugin: multiple issues

CVE-2015-7651 CVE-2015-7652 CVE-2015-7653 CVE-2015-7654 CVE-2015-7655 CVE-2015-7656 CVE-2015-7657 CVE-2015-7658 CVE-2015-7660 CVE-2015-7661 CVE-2015-7663 CVE-2015-8042 CVE-2015-8043 CVE-2015-8044 CVE-2015-8046 arbitrary code execution It has been discovered that multiple use-after-free...

nspr: arbitrary code execution

A logic bug in the handling of large allocations would allow exceptionally large allocations to be reported as successful, without actually allocating the requested memory. This may allow attackers to bypass security checks and obtain control of arbitrary memory...

nss: arbitrary code execution

Several issues existed within the ASN.1 decoder used by NSS for handling streaming BER data. While the majority of NSS uses a separate, unaffected DER decoder, several public routines also accept BER data, and thus are affected. An attacker that successfully exploited these issues can overflow th...

firefox: multiple issues

CVE-2015-4513 Miscellaneous memory safety hazards: Christian Holler, David Major, Jesse Ruderman, Tyson Smith, Boris Zbarsky, Randell Jesup, Olli Pettay, Karl Tomlinson, Jeff Walden, and Gary Kwong reported memory safety problems and crashes that affect Firefox ESR 38.3 and Firefox 41. -...

unzip: multiple issues

CVE-2015-7696 arbitrary code execution A heap buffer overflow triggered by unzipping a file with password that can lead to arbitrary code execution. - CVE-2015-7697 denial of service A denial of service with a file that never finishes unzipping...

phpmyadmin: content spoofing

This vulnerability allows an attacker to perform a content spoofing attack using the phpMyAdmin's redirection mechanism to external sites. This vulnerability is not considered to be critical since the spoofed content is escaped and no HTML injection is possible...

wordpress: multiple issues

CVE-2015-5714 cross-side scripting A cross-site scripting vulnerability has been discovered when processing shortcode tags. - CVE-2015-5715 insufficient permission restriction A vulnerability has been discovered, allowing users without proper permissions to publish private posts and make them...

lldpd: denial of service

CVE-2015-5714 denial of service A buffer overflow has been discovered when handling management address TLV. When a remote device was advertising a too large management address while still respecting TLV boundaries, lldpd would crash due to a buffer overflow. - CVE-2015-5715 denial of service A...

mariadb: denial of service

CVE-2015-4913 denial of service allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858. - CVE-2015-4870 denial of service allows remote authenticated users to affect availability via unknown vectors related to...

vorbis-tools: denial of service

Buffer overflow in the aiffopen function in oggenc/audio.c allows local attackers to cause a denial of service crash via a crafted AIFF file...

drupal: open redirect

The Overlay module in Drupal core displays administrative pages as a layer over the current page using JavaScript, rather than replacing the page in the browser window. The Overlay module does not sufficiently validate URLs prior to displaying their contents, leading to an open redirect...

jdk8-openjdk: multiple issues

CVE-2015-4734 information disclosure It was discovered that the JGSS component of OpenJDK did not properly hide Kerberos realm information from all error exceptions when running under Security Manager. An untrusted Java application or applet could use this flaw to obtain certain information about...

jre8-openjdk: multiple issues

CVE-2015-4734 information disclosure It was discovered that the JGSS component of OpenJDK did not properly hide Kerberos realm information from all error exceptions when running under Security Manager. An untrusted Java application or applet could use this flaw to obtain certain information about...

jre7-openjdk-headless: multiple issues

CVE-2015-4734 information disclosure It was discovered that the JGSS component of OpenJDK did not properly hide Kerberos realm information from all error exceptions when running under Security Manager. An untrusted Java application or applet could use this flaw to obtain certain information about...

jre7-openjdk: multiple issues

CVE-2015-4734 information disclosure It was discovered that the JGSS component of OpenJDK did not properly hide Kerberos realm information from all error exceptions when running under Security Manager. An untrusted Java application or applet could use this flaw to obtain certain information about...

jdk7-openjdk: multiple issues

CVE-2015-4734 information disclosure It was discovered that the JGSS component of OpenJDK did not properly hide Kerberos realm information from all error exceptions when running under Security Manager. An untrusted Java application or applet could use this flaw to obtain certain information about...

jre8-openjdk-headless: multiple issues

CVE-2015-4734 information disclosure It was discovered that the JGSS component of OpenJDK did not properly hide Kerberos realm information from all error exceptions when running under Security Manager. An untrusted Java application or applet could use this flaw to obtain certain information about...

ntp: multiple issues

CVE-2015-7871 authentication bypass An error handling logic error exists within ntpd that manifests due to improper error condition handling associated with certain crypto-NAK packets. An unauthenticated, off-path attacker can force ntpd processes on targeted servers to peer with time sources of...

spice: multiple issues

CVE-2015-3247 race condition flaw: A race condition flaw was found in spice's workerupdatemonitorsconfig function, leading to a heap-based memory corruption. A user in a guest could leverage this flaw to crash the host QEMU-KVM process or, possibly, execute arbitrary code with the privileges of...

flashplugin: arbitrary code execution

Several critical type confusion vulnerabilities CVE-2015-7645, CVE-2015-7647, CVE-2015-7648 have been identified in Adobe Flash Player 11.2.202.535 and earlier 11.x versions for Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected...

miniupnpc: arbitrary code execution

An exploitable buffer overflow vulnerability exists in the XML parser functionality of the MiniUPnP library. A specially crafted XML response can lead to a buffer overflow on the stack resulting in remote code execution. An attacker can set up a server on the local network to trigger this...