6585 matches found
libav -- divide by zero
Agostino Sarubbo reports: libav: divide-by-zero in ffh263decodemba...
rt -- Remote DoS, Information disclosure and Session Hijackingvulnerabilities
Best Practical reports: RT 3.0.0 and above, if running on Perl 5.14.0 or higher, are vulnerable to a remote denial-of-service via the email gateway; any installation which accepts mail from untrusted sources is vulnerable, regardless of the permissions configuration inside RT. This...
django -- multiple vulnerabilities
The Django project reports: Today the Django team is issuing multiple releases -- Django 1.4.18, Django 1.6.10, and Django 1.7.3 -- as part of our security process. These releases are now available on PyPI and our download page. These releases address several security issues. We encourage all use...
asterisk -- Mitigation for libcURL HTTP request injection vulnerability
The Asterisk project reports: CVE-2014-8150 reported an HTTP request injection vulnerability in libcURL. Asterisk uses libcURL in its funccurl.so module the CURL dialplan function, as well as its resconfigcurl.so cURL realtime backend modules. Since Asterisk may be configured to allow for...
jasper -- multiple vulnerabilities
oCERT reports: The library is affected by a double-free vulnerability in function jasiccattrvaldestroy as well as a heap-based buffer overflow in function jp2decode. A specially crafted jp2 file can be used to trigger the vulnerabilities. oCERT reports: The library is affected by an off-by-one...
libvpx -- out-of-bounds write
The Mozilla Project reports: Using the Address Sanitizer tool, security researcher Abhishek Arya Inferno of the Google Chrome Security Team found an out-of-bounds write when buffering WebM format video containing frames with invalid tile sizes. This can lead to a potentially exploitable crash...
ansible -- remote code execution vulnerability
Ansible, Inc. reports: Incomplete Fix Remote Code Execution Vulnerability - Fixed in Ansible 1.6.4...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 4 security fixes in this release, including: 369525 High CVE-2014-3154: Use-after-free in filesystem api. Credit to Collin Payne. 369539 High CVE-2014-3155: Out-if-bounds read in SPDY. Credit to James March, Daniel Sommermann and Alan Frindell of Facebook. 369621...
OpenX -- SQL injection vulnerability
Revive reports: An SQL-injection vulnerability was recently discovered and reported to the Revive Adserver team by Florian Sander. The vulnerability is known to be already exploited to gain unauthorised access to the application using brute force mechanisms, however other kind of attacks might be...
asterisk -- multiple vulnerabilities
The Asterisk project reports: A 16 bit SMS message that contains an odd message length value will cause the message decoding loop to run forever. The message buffer is not on the stack but will be overflowed resulting in corrupted memory and an immediate crash. External control protocols, such as...
puppet -- multiple vulnerabilities
Puppet Labs reports: By using the resourcetype service, an attacker could cause puppet to load arbitrary Ruby files from the puppet master node's file system. While this behavior is not enabled by default, auth.conf settings could be modified to allow it. The exploit requires local file system...
nginx -- multiple vulnerabilities
The nginx project reports: A stack-based buffer overflow might occur in a worker process process while handling a specially crafted request, potentially resulting in arbitrary code execution. CVE-2013-2028 A security problem related to CVE-2013-2028 was identified, affecting some previous nginx...
java 7.x -- security manager bypass
US CERT reports: Java 7 Update 10 and earlier versions of Java 7 contain a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. The Java JRE plug-in provides its own Security Manager. Typically, a web applet runs with a security manager...
rubygem-actionpack -- Denial of Service
There is a DoS vulnerability in Action Pack digest authentication handling in authenticateorrequestwithhttpdigest...
wordpress -- multiple vulnerabilities
Wordpress reports: External code has been updated to non-vulnerable versions. In addition the following bugs have been fixed: Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances. Cross-site...
isc-dhcp-server -- server halt upon processing certain packets
ISC reports: A pair of defects cause the server to halt upon processing certain packets. The patch is to properly discard or process those packets...
roundcube -- XSS vulnerability
RoundCube development Team reports: We just published a new release which fixes a recently reported XSS vulnerability as an update to the stable 0.5 branch. Please update your installations with this new version or patch them with the fix which is also published in the downloads section or our...
opensaml2 -- unauthenticated login
OpenSAML developer reports: The Shibboleth software relies on the OpenSAML libraries to perform verification of signed XML messages such as attribute queries or SAML assertions. Both the Java and C++ versions are vulnerable to a so-called "wrapping attack" that allows a remote, unauthenticated...
mozilla -- multiple vulnerabilities
Mozilla Project reports: MFSA 2010-05 XSS hazard using SVG document and binary Content-Type MFSA 2010-04 XSS due to window.dialogArguments being readable cross-domain MFSA 2010-03 Use-after-free crash in HTML parser MFSA 2010-02 Web Worker Array Handling Heap Corruption Vulnerability MFSA 2010-01...
virtualbox -- privilege escalation
Sun reports: A security vulnerability in the VBoxNetAdpCtl configuration tool for certain Sun VirtualBox 3.0 packages may allow local unprivileged users who are authorized to run VirtualBox to execute arbitrary commands with root privileges...
nginx -- remote denial of service vulnerability
nginx development team reports: A segmentation fault might occur in worker process while specially crafted request handling...
OpenLDAP -- incorrect handling of NULL in certificate Common Name
Jan Lieskovsky reports: OpenLDAP does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authori...
libxml -- Stack consumption vulnerability
Stack consumption vulnerability allows context-dependent attackers to cause a denial of service application crash via a large depth of element declarations in a DTD...
apache22 -- several vulnerabilities
Apache ChangeLog reports: CVE-2009-1891: Fix a potential Denial-of-Service attack against moddeflate or other modules. CVE-2009-1195: Prevent the "Includes" Option from being enabled in an .htaccess file if the AllowOverride restrictions do not permit it. CVE-2009-1890: Fix a potential...
linux-flashplugin -- multiple vulnerabilities
Adobe Product Security Incident Response Team reports: Critical vulnerabilities have been identified in Adobe Flash Player version 10.0.32.18 and earlier. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system...
pngcrush -- libpng Uninitialised Pointer Arrays Vulnerability
Secunia reports: A vulnerability has been reported in Pngcrush, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to the use of vulnerable libpng code...
moinmoin -- multiple cross site scripting vulnerabilities
Secunia reports: Some vulnerabilities have been reported in MoinMoin, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to multiple parameters in action/AttachFile.py is not properly sanitised before being returned to the user. This can be exploited ...
extman -- password bypass vulnerability
Extmail team reports: Emergency update 4 fixes a serious security vulnerability. Successful exploit of this vulnerability would allow attacker to change user's password without knowing it by using specifically crafted HTTP request...
awstats -- multiple XSS vulnerabilities
Secunia reports: Morgan Todd has discovered a vulnerability in AWStats, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed in the URL to awstats.pl is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary...
nagios-plugins -- Long Location Header Buffer Overflow Vulnerability
A Secunia Advisory reports: The vulnerability is caused due to a boundary error within the redir function in checkhttp.c when processing HTTP Location: header information. This can be exploited to cause a buffer overflow by returning an overly long string in the "Location:" header to a vulnerable...
php -- multiple vulnerabilities
Multiple vulnerabilities have been found in PHP, including: buffer overflows, stack overflows, format string, and information disclosure vulnerabilities. The session extension contained safemode and openbasedir bypasses, but the FreeBSD Security Officer does not consider these real security...
lighttpd -- Remote DOS in CRLF parsing
Lighttpd SA: If the connection aborts during parsing "\r\n\r\n" the server might get into a infinite loop and use 100% of the CPU time. lighttpd still responses to other requests. This can be repeated until either the server limit for concurrent connections or file descriptors is reached. The bug...
gtar -- name mangling symlink vulnerability
Problem Description: Symlinks created using the "GNUTYPENAMES" tar extension can be absolute due to lack of proper sanity checks. Impact: If an attacker can get a user to extract a specially crafted tar archive the attacker can overwrite arbitrary files with the permissions of the user running...
ypserv -- Inoperative access controls in ypserv
Problem Description There are two documented methods of restricting access to NIS maps through ypserv8: through the use of the /var/yp/securenets file, and through the /etc/hosts.allow file. While both mechanisms are implemented in the server, a change in the build process caused the "securenets"...
gaim -- Yahoo! remote crash vulnerability
Jacopo Ottaviani reports that Gaim can be crashed by being offered files with names containing non-ASCII characters via the Yahoo! protocol...
phpmyadmin -- arbitrary file include and XSS vulnerabilities
A phpMyAdmin security announcement reports: We received two bug reports by Maksymilian Arciemowicz about those vulnerabilities and we wish to thank him for his work. The vulnerabilities apply to those points: css/phpmyadmin.css.php was vulnerable against $cfg and GLOBALS variable injections. This...
Cyrus IMAPd -- IMAPMAGICPLUS preauthentification overflow
When the option imapmagicplus is activated on a server the PROXY and LOGIN commands suffer a standard stack overflow, because the username is not checked against a maximum length when it is copied into a temporary stack buffer. This bug is especially dangerous because it can be triggered before a...
apache -- ap_resolve_env buffer overflow
SITIC discovered a vulnerability in Apache 2's handling of environmental variable settings in the httpd configuration files the main httpd.conf' and .htaccess' files. According to a SITIC advisory: The buffer overflow occurs when expanding $ENVVAR constructs in .htaccess or httpd.conf files. The...
Gitlab -- Vulnerabilities
Gitlab reports: 1-click account takeover via XSS in the code editor in gitlab.com A DOS vulnerability in the 'description' field of the runner CSRF via K8s cluster-integration Using Set Pipeline Status of a Commit API incorrectly create a new pipeline when SHA and pipelineid did not match Redos o...
GLPI -- multiple vulnerabilities
GLPI team reports: GLPI 10.0.13 Changelog SECURITY - high SQL Injection in through the search engine CVE-2024-27096 SECURITY - moderate Blind SSRF using Arbitrary Object Instantiation CVE-2024-27098 SECURITY - moderate Stored XSS in dashboards CVE-2024-27104 SECURITY - moderate Reflected XSS in...
Gitlab -- vulnerabilities
Gitlab reports: Account Takeover via Password Reset without user interactions Attacker can abuse Slack/Mattermost integrations to execute slash commands as another user Bypass CODEOWNERS approval removal Workspaces able to be created under different root namespace Commit signature validation...
MariaDB -- Denial-of-Service vulnerability
The MariaDB project reports: Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete...
postgresql-server -- Memory disclosure in aggregate function calls
PostgreSQL Project reports: Certain aggregate function calls receiving "unknown"-type arguments could disclose bytes of server memory from the end of the "unknown"-type value to the next zero byte. One typically gets an "unknown"-type value via a string literal having no type designation. We have...
curl -- SOCKS5 heap buffer overflow
The curl team reports: This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the hostname to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that hostname can be is 255...
go -- multiple vulnerabilities
The Go project reports: cmd/go: go.mod toolchain directive allows arbitrary execution The go.mod toolchain directive, introduced in Go 1.21, could be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update includes 4 security fixes: 1476403 High CVE-2023-4761: Out of bounds memory access in FedCM. Reported by DarkNavy on 2023-08-28 1473247 High CVE-2023-4762: Type Confusion in V8. Reported by Rong Jian of VRI on 2023-08-16 1469928 High CVE-2023-4763: Use after...
samba -- multiple vulnerabilities
The Samba Team reports: CVE-2023-34967: Samba Spotlight mdssvc RPC Request Type Confusion DoS Vulnerability When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where keys are character strings and values can be any of the supported types in the...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update includes 15 security fixes: 1423304 Medium CVE-2023-2459: Inappropriate implementation in Prompts. Reported by Rong Jian of VRI on 2023-03-10 1419732 Medium CVE-2023-2460: Insufficient validation of untrusted input in Extensions. Reported by Martin Bajanik,...
rubygem-uri -- ReDoS vulnerability
Dominic Couture reports: A ReDoS issue was discovered in the URI component. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects...
GnuTLS -- timing sidechannel in RSA decryption
The GnuTLS project reports: A vulnerability was found that the response times to malformed RSA ciphertexts in ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding. Only TLS ciphertext processing is affected...