6585 matches found
tomcat -- information disclosure vulnerability
The Apache Software Foundation reports: Important: Information Disclosure CVE-2016-8745...
RabbitMQ -- Authentication vulnerability
Pivotal.io reports: MQTT MQ Telemetry Transport connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected...
mailman -- CSRF protection enhancements
Mark Sapiro reports: CSRF protection has been extended to the user options page. This was actually fixed by Tokio Kikuchi as part of the fix for LP: 775294 and intended for Mailman 2.1.15, but that fix wasn't completely merged at the time. The full fix also addresses the admindb, and edithtml pag...
pcre -- heap overflow vulnerability
Mitre reports: The pcrecompile2 function in pcrecompile.c in PCRE 8.38 mishandles the /?:F?+?:^?Ra+"99-?J?'R'?'R'?'RR'?'R'\97?J?J?'R'?'R'\99|:?|?'R'\k'R'|?'R'H'R'RH'R/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service heap-based buffer...
xen-kernel -- VMX: guest user mode may crash guest with non-canonical RIP
The Xen Project reports: VMX refuses attempts to enter a guest with an instruction pointer which doesn't satisfy certain requirements. In particular, the instruction pointer needs to be canonical when entering a guest currently in 64-bit mode. This is the case even if the VM entry information...
openssl -- multiple vulnerabilities
OpenSSL project reports: BNmodexp may produce incorrect results on x8664 CVE-2015-3193 Certificate verify crash with missing PSS parameter CVE-2015-3194 X509ATTRIBUTE memory leak CVE-2015-3195 Race condition handling PSK identify hint CVE-2015-3196 Anon DH ServerKeyExchange with 0 p parameter...
libraw -- memory objects not properly initialized
ChenQin reports: The LibRaw raw image decoder has multiple vulnerabilities that can cause memory errors which may lead to code execution or other problems. In CVE-2015-8367, LibRaw's phaseonecorrect function does not handle memory initialization correctly, which may cause other problems...
libvirt -- ACL bypass using ../ to access beyond storage pool
Libvit development team reports: Various virStorageVol API operate on user-supplied volume names by concatenating the volume name to the pool location. Note that the virStoragePoolListVolumes API, when used on a storage pool backed by a directory in a file system, will only list volumes immediate...
mediawiki -- multiple vulnerabilities
MediaWiki reports: Wikipedia user RobinHood70 reported two issues in the chunked upload API. The API failed to correctly stop adding new chunks to the upload when the reported size was exceeded T91203, allowing a malicious users to upload add an infinite number of chunks for a single file upload...
qemu -- denial of service vulnerabilities in eepro100 NIC support
Prasad J Pandit, Red Hat Product Security Team, reports: Qemu emulator built with the i8255x PRO100 emulation support is vulnerable to an infinite loop issue. It could occur while processing a chain of commands located in the Command Block List CBL. Each Command BlockCB points to the next command...
Git -- Execute arbitrary code
Git release notes: Some protocols like git-remote-ext can execute arbitrary code found in the URL. The URLs that submodules use may come from arbitrary sources e.g., .gitmodules files in a remote repository, and can hurt those who blindly enable recursive fetch. Restrict the allowed protocols to...
Joomla! -- Core - XSS Vulnerability
The JSST and the Joomla! Security Center report: 20150908 - Core - XSS Vulnerability Inadequate escaping leads to XSS vulnerability in login module...
ffmpeg -- multiple vulnerabilities
NVD reports: The decodeihdrchunk function in libavcodec/pngdec.c in FFmpeg before 2.7.2 does not enforce uniqueness of the IHDR aka image header chunk in a PNG image, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact vi...
adminer -- XSS vulnerability
Jakub Vrana reports: Fix XSS in alter table...
clamav -- multiple vulnerabilities
ClamAV project reports: ClamAV 0.98.7 is here! This release contains new scanning features and bug fixes. Fix infinite loop condition on crafted y0da cryptor file. Identified and patch suggested by Sebastian Andrzej Siewior. CVE-2015-2221. Fix crash on crafted petite packed file. Reported and pat...
chromium -- multiple vulnerabilities
Chrome Releases reports: 11 security fixes in this release, including: 447906 High CVE-2015-1209: Use-after-free in DOM. Credit to Maksymillian. 453979 High CVE-2015-1210: Cross-origin-bypass in V8 bindings. Credit to anonymous. 453982 High CVE-2015-1211: Privilege escalation using service worker...
rabbitmq -- Security issues in management plugin
The RabbitMQ project reports: Some user-controllable content was not properly HTML-escaped before being presented to a user in the management web UI: When a user unqueued a message from the management UI, message details header names, arguments, etc. were displayed unescaped. An attacker could...
file -- multiple vulnerabilities
RedHat reports: Thomas Jarosch of Intra2net AG reported a number of denial of service issues resource consumption in the ELF parser used by file1. These issues were fixed in the 5.21 release of file1, but by mistake are missing from the changelog...
dbus -- incomplete fix for CVE-2014-3636 part A
Simon McVittie reports: The patch issued by the D-Bus maintainers for CVE-2014-3636 was based on incorrect reasoning, and does not fully prevent the attack described as "CVE-2014-3636 part A", which is repeated below. Preventing that attack requires raising the system dbus-daemon's RLIMITNOFILE...
samba -- multiple vulnerabilities
The samba project reports: A malformed packet can cause the nmbd server to loop the CPU and prevent any further NetBIOS name service. Valid unicode path names stored on disk can cause smbd to crash if an authenticated client attempts to read them using a non-unicode request...
gnutls -- client-side memory corruption
GnuTLS project reports: This vulnerability affects the client side of the gnutls library. A server that sends a specially crafted ServerHello could corrupt the memory of a requesting client...
chromium -- multiple vulnerabilities
Google Chrome Releases reports belatedly: 9 security fixes in this release, including: 354967 High CVE-2014-1730: Type confusion in V8. Credit to Anonymous. 349903 High CVE-2014-1731: Type confusion in DOM. Credit to John Butler. 359802 High CVE-2014-1736: Integer overflow in V8. Credit to SkyLin...
ruby -- Heap Overflow in Floating Point Parsing
Ruby developers report: Any time a string is converted to a floating point value, a specially crafted string can cause a heap overflow. This can lead to a denial of service attack via segmentation faults and possibly arbitrary code execution. Any program that converts input of unknown origin to...
PHP5 -- Heap corruption in XML parser
The PHP development team reports: ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service heap memory corruption or possibly have unspecified other impact via a crafted document that is processed by the...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 242322 Medium CVE-2013-2855: Memory corruption in dev tools API. Credit to "daniel.zulla". 242224 High CVE-2013-2856: Use-after-free in input handling. Credit to miaubiz. 240124 High CVE-2013-2857: Use-after-free in image handling. Credit to miaubiz. 239897 High...
phpMyAdmin -- Multiple security vulnerabilities
The phpMyAdmin development team reports: In some PHP versions, the pregreplace function can be tricked into executing arbitrary PHP code on the server. This is done by passing a crafted argument as the regular expression, containing a null byte. phpMyAdmin does not correctly sanitize an argument...
libarchive -- multiple vulnerabilities
MITRE reports: Integer signedness error in the archivewritezipdata function in archivewritesetformatzip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service crash via unspecified vectors, which triggers an improper...
apache22 -- several vulnerabilities
Apache HTTP SERVER PROJECT reports: low: XSS due to unescaped hostnames CVE-2012-3499 Various XSS flaws due to unescaped hostnames and URIs HTML output in modinfo, modstatus, modimagemap, modldap, and modproxyftp. moderate: XSS in modproxybalancer CVE-2012-4558 A XSS flaw affected the...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: Linux only 125225 Medium CVE-2012-2846: Cross-process interference in renderers. Credit to Google Chrome Security Team Julien Tinnes. 127522 Low CVE-2012-2847: Missing re-prompt to user upon excessive downloads. Credit to Matt Austin of Aspect Security. 127525 Medi...
linux-flashplugin -- multiple vulnerabilities
These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system...
BIND -- Large RRSIG RRsets and Negative Caching DoS
ISC reports: A BIND 9 DNS server set up to be a caching resolver is vulnerable to a user querying a domain with very large resource record sets RRSets when trying to negatively cache a response. This can cause the BIND 9 DNS server named process to crash...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2010-34 Miscellaneous memory safety hazards rv:1.9.2.7/ 1.9.1.11 MFSA 2010-35 DOM attribute cloning remote code execution vulnerability MFSA 2010-36 Use-after-free error in NodeIterator MFSA 2010-37 Plugin parameter EnsureCachedAttrParamArrays remote code executi...
KDM -- local privilege escalation vulnerability
KDE Security Advisory reports: KDM contains a race condition that allows local attackers to make arbitrary files on the system world-writeable. This can happen while KDM tries to create its control socket during user login. A local attacker with a valid local account can under certain circumstanc...
dojo -- cross-site scripting and other vulnerabilities
The Dojo Toolkit team reports: Some PHP files did not properly escape input. Some files could operate like "open redirects". A bad actor could form an URL that looks like it came from a trusted site, but the user would be redirected or load content from the bad actor's site. A file exposed a more...
GnuTLS -- improper SSL certificate verification
GnuTLS reports: By using a NUL byte in CN/SAN fields, it was possible to fool GnuTLS into 1 not printing the entire CN/SAN field value when printing a certificate and 2 cause incorrect positive matches when matching a hostname against a certificate...
libxml -- Multiple use-after-free vulnerabilities
Multiple use-after-free vulnerabilities in libxml 1.8.17 that allow context-dependent attackers to cause a denial of service application crash via crafted 1 Notation or 2 Enumeration attribute types in an XML file...
joomla -- flaw in the reset token validation
Joomla project reports: A flaw in the reset token validation mechanism allows for non-validating tokens to be forged. This will allow an unauthenticated, unauthorized user to reset the password of the first enabled user lowest id. Typically, this is an administrator user. Note, that changing the...
opera -- multiple vulnerabilities
Opera Software ASA reports about multiple security fixes: Fixed an issue where simulated text inputs could trick users into uploading arbitrary files, as reported by Mozilla. Image properties can no longer be used to execute scripts, as reported by Max Leonov. Fixed an issue where the...
mysql -- privilege escalation and overwrite of the system table information
MySQL reports: Using RENAME TABLE against a table with explicit DATA DIRECTORY and INDEX DIRECTORY options can be used to overwrite system table information by replacing the symbolic link points. the file to which the symlink points...
phpmyadmin -- cross-site scripting vulnerability
The DigiTrust Group reports: When creating a new database, a malicious user can use a client-side Web proxy to place malicious code in the db parameter of the POST request. Since dbcreate.php does not properly sanitize user-supplied input, an administrator could face a persistent XSS attack when...
phpmyadmin -- cross-site scripting vulnerability
The DigiTrust Group discovered serious XSS vulnerability in the phpMyAdmin serverstatus.php script. According to their report vulnerability can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site...
tcl/tk -- buffer overflow in ReadImage function
A Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl/Tk, allows remote attackers to execute arbitrary code via multi-frame interlaced GIF files in which later frames are smaller than the first...
xpdf -- stack based buffer overflow
The KDE Team reports: kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a vulnerability that can cause a stack based buffer overflow via a PDF file that exploits an integer overflow in StreamPredictor::StreamPredictor. Remotely supplied pdf files can be used to disrupt the kpdf viewe...
png -- DoS crash vulnerability
A Libpng Security Advisory reports: A grayscale PNG image with a malformed bad CRC tRNS chunk will crash some libpng applications. This vulnerability could be used to crash a browser when a user tries to view such a malformed PNG file. It is not known whether the vulnerability could be exploited...
FreeBSD -- Kernel memory disclosure in firewire(4)
Problem Description: In the FWGCROM ioctl, a signed integer comparison is used instead of an unsigned integer comparison when computing the length of a buffer to be copied from the kernel into the calling application. Impact: A user in the "operator" group can read the contents of kernel memory...
gzip -- multiple vulnerabilities
Problem Description Multiple programming errors have been found in gzip which can be triggered when gzip is decompressing files. These errors include insufficient bounds checks in buffer use, a NULL pointer dereference, and a potential infinite loop. Impact The insufficient bounds checks in buffe...
fetchmail -- remote root/code injection from malicious POP3 server
fetchmail's POP3/UIDL code does not truncate received UIDs properly. A malicious or compromised POP3 server can thus corrupt fetchmail's stack and inject code when fetchmail is using UIDL, either through configuration, or as a result of certain server capabilities. Note that fetchmail is run as...
tiff -- RLE decoder heap overflows
Chris Evans discovered several heap buffer overflows in libtiff's RLE decoder. These overflows could be triggered by a specially-crafted TIFF image file, resulting in an application crash and possibly arbitrary code execution...
mozilla -- POP client heap overflow
zen-parse discovered a heap buffer overflow in Mozilla's POP client implementation. A malicious POP server could exploit this vulnerability to cause Mozilla to execute arbitrary code...
mailman XSS in admin script
Dirk Mueller reports: I've found a cross-site scripting vulnerability in the admin interface of mailman 2.1.3 that allows, under certain circumstances, for anyone to retrieve the valid session cookie...