6585 matches found
elasticsearch and logstash -- remote OS command execution via dynamic scripting
Elastic reports: Vulnerability Summary: In Elasticsearch versions 1.1.x and prior, dynamic scripting is enabled by default. This could allow an attacker to execute OS commands. Remediation Summary: Disable dynamic scripting. Logstash 1.4.2 was bundled with Elasticsearch 1.1.1, which is vulnerable...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 23 security fixes in this release, including: 356653 High CVE-2014-1743: Use-after-free in styles. Credit to cloudfuzzer. 359454 High CVE-2014-1744: Integer overflow in audio. Credit to Aaron Staple. 346192 High CVE-2014-1745: Use-after-free in SVG. Credit to Atte...
LibYAML input sanitization errors
oCERT reports: The LibYAML project is an open source YAML 1.1 parser and emitter written in C. The library is affected by a heap-based buffer overflow which can lead to arbitrary code execution. The vulnerability is caused by lack of proper expansion for the string passed to the...
apache22 -- several vulnerabilities
Apache HTTP SERVER PROJECT reports: The modrewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 242322 Medium CVE-2013-2855: Memory corruption in dev tools API. Credit to "daniel.zulla". 242224 High CVE-2013-2856: Use-after-free in input handling. Credit to miaubiz. 240124 High CVE-2013-2857: Use-after-free in image handling. Credit to miaubiz. 239897 High...
dns/bind9* -- A recursive resolver can be crashed by a query for a malformed zone
ISC reports: A bug has been discovered in the most recent releases of BIND 9 which has the potential for deliberate exploitation as a denial-of-service attack. By sending a recursive resolver a query for a record in a specially malformed zone, an attacker can cause BIND 9 to exit with a fatal...
stunnel -- Remote Code Execution
Michal Trojnara reports: 64-bit versions of stunnel with the following conditions: NTLM authentication enabled CONNECT protocol negotiation enabled Configured in SSL client mode An attacker that can either control the proxy server specified in the "connect" option or execute MITM attacks on the T...
rubygem-rails -- SQL injection vulnerability
Ruby on Rails team reports: There is a SQL injection vulnerability in Active Record in ALL versions. Due to the way dynamic finders in Active Record extract options from method parameters, a method parameter can mistakenly be used as a scope. Carefully crafted requests can use the scope to inject...
mysql/mariadb/percona server -- multiple vulnerabilities
ORACLE reports: Multiple SQL injection vulnerabilities in the replication code Stack-based buffer overflow Heap-based buffer overflow...
apache22 -- several vulnerabilities
Apache HTTP SERVER PROJECT reports: low: XSS in modnegotiation when untrusted uploads are supported CVE-2012-2687 Possible XSS for sites which use modnegotiation and allow untrusted uploads to locations which have MultiViews enabled. low: insecure LDLIBRARYPATH handling CVE-2012-0883 This issue w...
asterisk -- remote crash vulnerability
Asterisk project reports: Skinny Channel Driver Remote Crash Vulnerability...
samba -- multiple vulnerabilities
The Samba project reports: These are security releases in order to address CVE-2013-4408 DCE-RPC fragment length field is incorrectly checked and CVE-2012-6150 pamwinbind login without requiremembershipof restrictions...
rubygem-activerecord -- multiple vulnerabilities
rubygem-activerecord -- multiple vulernabilities Due to the way Active Record interprets parameters in combination with the way that Rack parses query parameters, it is possible for an attacker to issue unexpected database queries with "IS NULL" where clauses. This issue does not let an attacker...
samba -- "root" credential remote code execution
Samba development team reports: Samba versions 3.6.3 and all versions previous to this are affected by a vulnerability that allows remote code execution as the "root" user from an anonymous connection. As this does not require an authenticated connection it is the most serious vulnerability...
fetchmail -- chosen plaintext attack against SSL CBC initialization vectors
Matthias Andree reports: Fetchmail version 6.3.9 enabled "all SSL workarounds" SSLOPALL which contains a switch to disable a countermeasure against certain attacks against block ciphers that permit guessing the initialization vectors, providing that an attacker can make the application fetchmail...
OpenTTD -- Denial of service (server) via slow read attack
The OpenTTD Team reports: Using a slow read type attack it is possible to prevent anyone from joining a server with virtually no resources. Once downloading the map no other downloads of the map can start, so downloading really slowly will prevent others from joining. This can be further aggravat...
krb5-appl -- telnetd code execution vulnerability
The MIT Kerberos Team reports: When an encryption key is supplied via the TELNET protocol, its length is not validated before the key is copied into a fixed-size buffer. Also see MITKRB5-SA-2011-008...
phpmyadmin -- Local file inclusion
Jan Lieskovsky reports: Importing a specially-crafted XML file which contains an XML entity injection permits to retrieve a local file limited by the privileges of the user running the web server...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2011-29 Security issues addressed in Firefox 6 MFSA 2011-28 Security issues addressed in Firefox 3.6.20...
ejabberd -- remote denial of service vulnerability
It's reported in CVE advisory that: expaterl.c in ejabberd before 2.1.7 and 3.x before 3.0.0-alpha-3, and exmpp before 0.9.7, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted XML documen...
webkit-gtk2 -- Multiple vurnabilities.
Gustavo Noronha Silva reports: This release has essentially security fixes. Refer to the WebKit/gtk/NEWS file inside the tarball for details. We would like to thank the Red Hat security team Huzaifa Sidhpurwala in particular and Michael Gilbert from Debian for their help in checking and pushing!...
mozilla -- multiple vulnerabilities
Mozilla Project reports: MFSA 2009-71 GeckoActiveXObject exception messages can be used to enumerate installed COM objects MFSA 2009-70 Privilege escalation via chrome window.opener MFSA 2009-69 Location bar spoofing vulnerabilities MFSA 2009-68 NTLM reflection vulnerability MFSA 2009-67 Integer...
postgresql -- multiple vulnerabilities
PostgreSQL project reports: PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which 1...
gd -- '_gdGetColors' remote buffer overflow vulnerability
CVE reports: The gdGetColors function in gdgd.c in PHP 5.2.11 and 5.3.0, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different...
openssl -- denial of service in DTLS implementation
Secunia reports: Some vulnerabilities have been reported in OpenSSL, which can be exploited by malicious people to cause a DoS. The library does not limit the number of buffered DTLS records with a future epoch. This can be exploited to exhaust all available memory via specially crafted DTLS...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: MFSA 2009-22: Firefox allows Refresh header to redirect to javascript: URIs MFSA 2009-21: POST data sent to wrong site when saving web page with embedded frame MFSA 2009-20: Malicious search plugins can inject code into arbitrary sites MFSA 2009-19: Same-origin...
ruby -- DNS spoofing vulnerability
The official ruby site reports: resolv.rb allow remote attackers to spoof DNS answers. This risk can be reduced by randomness of DNS transaction IDs and source ports...
openldap -- modrdn Denial of Service vulnerability
Secunia Advisory reports: A vulnerability has been reported in OpenLDAP, which can be exploited by malicious users to cause a DoS Denial of Service...
firefox -- OnUnload Javascript browser entrapment vulnerability
RedHat reports: Several flaws were found in the way in which Firefox displayed malformed web content. A web page containing specially-crafted content could potentially trick a user into surrendering sensitive information. CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334...
drupal --- multiple vulnerabilities
The Drupal Project reports: In some circumstances Drupal allows user-supplied data to become part of response headers. As this user-supplied data is not always properly escaped, this can be exploited by malicious users to execute HTTP response splitting attacks which may lead to a variety of...
tcl/tk -- buffer overflow in ReadImage function
A Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl/Tk, allows remote attackers to execute arbitrary code via multi-frame interlaced GIF files in which later frames are smaller than the first...
mozilla -- multiple vulnerabilities
The Mozilla Foundation reports of multiple security issues in Firefox, Seamonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program. MFSA 2007-08 onUnload + document.write memory corruption MFSA 2007-07 Embedded...
gzip -- multiple vulnerabilities
Problem Description Multiple programming errors have been found in gzip which can be triggered when gzip is decompressing files. These errors include insufficient bounds checks in buffer use, a NULL pointer dereference, and a potential infinite loop. Impact The insufficient bounds checks in buffe...
opera -- RSA Signature Forgery
Opera reports: A specially crafted digital certificate can bypass Opera's certificate signature verification. Forged certificates can contain any false information the forger chooses, and Opera will still present it as valid. Opera will not present any warning dialogs in this case, and the securi...
win32-codecs -- multiple vulnerabilities
The Apple Security Team reports that there are multiple vulnerabilities within QuickTime one of the plugins for win32-codecs. A remote attacker capable of creating a malicious SGI image, FlashPix, FLC movie, or a QuickTime movie can possibly lead to execution of arbitrary code or cause a Denial o...
mysql -- database suid privilege escalation
Dmitri Lenev reports a privilege escalation in MySQL. MySQL evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote and local authenticated users to gain privileges through a routine that has been made available...
linux-flashplugin -- arbitrary code execution vulnerability
Adobe reports: Critical vulnerabilities have been identified in Flash Player that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. A malicious SWF must be loaded in Flash Player by the user for an attacker to exploit these...
apache -- Certificate Revocation List (CRL) off-by-one vulnerability
Marc Stern reports an off-by-one vulnerability in within modssl. The vulnerability lies in modssl's Certificate Revocation List CRL. If Apache is configured to use a CRL this could allow an attacker to crash a child process causing a Denial of Service...
samba -- integer overflow vulnerability
Greg MacManus, iDEFENSE Labs reports: Remote exploitation of an integer overflow vulnerability in the smbd daemon included in Samba 2.0.x, Samba 2.2.x, and Samba 3.0.x prior to and including 3.0.9 could allow an attacker to cause controllable heap corruption, leading to execution of arbitrary...
tiff -- RLE decoder heap overflows
Chris Evans discovered several heap buffer overflows in libtiff's RLE decoder. These overflows could be triggered by a specially-crafted TIFF image file, resulting in an application crash and possibly arbitrary code execution...
libpng stack-based buffer overflow and other code concerns
Chris Evans has discovered multiple vulnerabilities in libpng, which can be exploited by malicious people to compromise a vulnerable system or cause a DoS Denial of Service...
SoX buffer overflows when handling .WAV files
Ulf Härnhammar discovered a pair of buffer overflows in the WAV file handling code of SoX. If an attacker can cause her victim to process a specially-crafted WAV file with SoX e.g. through social engineering or through some other program that relies on SoX, arbitrary code can be executed with the...
php -- strip_tags cross-site scripting vulnerability
Stefan Esser of e-matters discovered that PHP's striptags function would ignore certain characters during parsing of tags, allowing these tags to pass through. Select browsers could then parse these tags, possibly allowing cross-site scripting attacks...
vscode -- multiple vulnerabilities
VSCode developers report: The update addresses these issues, including a fix for a security vulnerability. Scope nodemodule binary resolution in js-debug Elevation of Privilege Vulnerability with VS Code server for web UI...
Gitlab -- vulnerabilities
Gitlab reports: ReDoS in branch search when using wildcards ReDoS in markdown render pipeline Redos on Discord integrations Redos on Google Chat Integration Denial of Service Attack via Pin Menu DoS by filtering tags and branches via the API MR approval via CSRF in SAML SSO Banned user from group...
electron{26,27,28} -- Use after free in Web Audio
Electron developers reports: This update fixes the following vulnerability: Security: backported fix for CVE-2024-0807...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 9 security fixes: 1501326 High CVE-2023-6702: Type Confusion in V8. Reported by Zhiyi Zhang and Zhunki from Codesafe Team of Legendsec at Qi'anxin Group on 2023-11-10 1502102 High CVE-2023-6703: Use after free in Blink. Reported by Cassidy...
electron{25,26} -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-5849. Security: backported fix for CVE-2023-5482...
graphics/webp heap buffer overflow
Google Chrome reports: Heap buffer overflow in WebP ... allowed a remote attacker to perform an out of bounds memory write...
MySQL -- Multiple vulnerabilities
Oracle reports: This Critical Patch Update contains 24 new security patches for Oracle MySQL. 11 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials...