6585 matches found
prosody -- multiple vulnerabilities
The Prosody Team reports: Fix path traversal vulnerability in modhttpfiles CVE-2016-1231 Fix use of weak PRNG in generation of dialback secrets CVE-2016-1232...
Bugzilla security issues
Bugzilla Security Advisory During the generation of a dependency graph, the code for the HTML image map is generated locally if a local dot installation is used. With escaped HTML characters in a bug summary, it is possible to inject unfiltered HTML code in the map file which the CreateImagemap...
NSS -- MD5 downgrade in TLS 1.2 signatures
The Mozilla Project reports: Security researcher Karthikeyan Bhargavan reported an issue in Network Security Services NSS where MD5 signatures in the server signature within the TLS 1.2 ServerKeyExchange message are still accepted. This is an issue since NSS has officially disallowed the acceptin...
mediawiki -- multiple vulnerabilities
MediaWiki reports: T117899 SECURITY: $wgArticlePath can no longer be set to relative paths that do not begin with a slash. This enabled trivial XSS attacks. Configuration values such as "http://my.wiki.com/wiki/$1" are fine, as are "/wiki/$1". A value such as "$1" or "wiki/$1" is not and will now...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2015-134 Miscellaneous memory safety hazards rv:43.0 / rv:38.5 MFSA 2015-135 Crash with JavaScript variable assignment with unboxed objects MFSA 2015-136 Same-origin policy violation using perfomance.getEntries and history navigation MFSA 2015-137 Firefox allows...
java -- multiple vulnerabilities
Oracle reports: This Critical Patch Update contains 25 new security fixes for Oracle Java SE. 24 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password...
flash -- remote code execution
Adobe reports: These updates resolve type confusion vulnerabilities that could lead to code execution CVE-2015-7645, CVE-2015-7647, CVE-2015-7648...
elasticsearch -- directory traversal attack via snapshot API
Elastic reports: Vulnerability Summary: Elasticsearch versions from 1.0.0 to 1.6.0 are vulnerable to a directory traversal attack. Remediation Summary: Users should upgrade to 1.6.1 or later, or constrain access to the snapshot API to trusted sources...
Adobe Flash Player -- critical vulnerabilities
Adobe reports: Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit targeting CVE-2015-5119 has been publicly published...
rubygem-paperclip -- validation bypass vulnerability
Jon Yurek reports: Thanks to MORI Shingo of DeNA Co., Ltd. for reporting this. There is an issue where if an HTML file is uploaded with a .html extension, but the content type is listed as being image/jpeg, this will bypass a validation checking for images. But it will also pass the spoof check,...
avidemux26 -- multiple vulnerabilities in bundled FFmpeg
The Mageia project reports: Avidemux is built with a bundled set of FFmpeg libraries. The bundled FFmpeg version has been updated from 1.2.10 to 1.2.12 to fix these security issues and other bugs fixed upstream in FFmpeg...
libxml2 -- Enforce the reader to run in constant memory
Daniel Veilland reports: Enforce the reader to run in constant memory. One of the operation on the reader could resolve entities leading to the classic expansion issue. Make sure the buffer used for xmlreader operation is bounded. Introduce a new allocation type for the buffers for this effect...
xen-kernel -- Information leak through version information hypercall
The Xen Project reports: The code handling certain sub-operations of the HYPERVISORxenversion hypercall fails to fully initialize all fields of structures subsequently copied back to guest memory. Due to this hypervisor stack contents are copied into the destination of the operation, thus becomin...
GNU binutils -- multiple vulnerabilities
US-CERT/NIST reports: The bfdXXiswapaouthdrin function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service out-of-bounds write and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE...
mutt -- denial of service via crafted mail message
NVD reports: The writeoneheader function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service crash via a header with an empty body, which triggers a heap-based buffer overflow in the muttsubstrdup...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2014-48 Miscellaneous memory safety hazards rv:30.0 / rv:24.6 MFSA 2014-49 Use-after-free and out of bounds issues found using Address Sanitizer MFSA 2014-51 Use-after-free in Event Listener Manager MFSA 2014-52 Use-after-free with SMIL Animation Controller MFSA...
django -- multiple vulnerabilities
The Django project reports: These releases address an unexpected code-execution issue, a caching issue which can expose CSRF tokens and a MySQL typecasting issue. While these issues present limited risk and may not affect all Django users, we encourage all users to evaluate their own risk and...
phpMyAdmin -- Self-XSS due to unescaped HTML output in import.
The phpMyAdmin development team reports: When importing a file with crafted filename, it is possible to trigger an XSS. We consider this vulnerability to be non critical...
mumble -- NULL pointer dereference and heap-based buffer overflow
Mumble reports: A malformed Opus voice packet sent to a Mumble client could trigger a NULL pointer dereference or an out-of-bounds array access. A malformed Opus voice packet sent to a Mumble client could trigger a heap-based buffer overflow...
openssl -- multiple vulnerabilities
OpenSSL development team reports: Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f 6 Jan 2014: Fix for TLS record tampering bug CVE-2013-4353 Fix for TLS version checking bug CVE-2013-6449 Fix for DTLS retransmission bug CVE-2013-6450...
file -- out-of-bounds access in search rules with offsets from input file
Aaron Reffett reports: softmagic.c in file ... and libmagic allows context-dependent attackers to cause a denial of service out-of-bounds memory access and crash via crafted offsets in the softmagic of a PE executable...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 15 security fixes in this release, including: 307159 Medium CVE-2013-6634: Session fixation in sync related to 302 redirects. Credit to Andrey Labunets. 314469 High CVE-2013-6635: Use-after-free in editing. Credit to cloudfuzzer. 322959 Medium CVE-2013-6636: Addres...
lighttpd -- multiple vulnerabilities
lighttpd security advisories report: It is possible to inadvertantly enable vulnerable ciphers when using ssl.cipher-list. In certain cases setuid and similar can fail, potentially triggering lighttpd to restart running as root. If FAMMonitorDirectory fails, the memory intended to store the conte...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 5 security fixes in this release, including: 292422 High CVE-2013-2925: Use after free in XHR. Credit to Atte Kettunen of OUSPG. 294456 High CVE-2013-2926: Use after free in editing. Credit to cloudfuzzer. 297478 High CVE-2013-2927: Use after free in forms. Credit ...
gstreamer-ffmpeg -- Multiple vulnerabilities in bundled libav
Bundled version of libav in gstreamer-ffmpeg contains a number of vulnerabilities...
typo3 -- Multiple vulnerabilities in TYPO3 Core
Typo Security Team reports: It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting and Remote Code Execution. TYPO3 bundles flash files for video and audio playback. Old versions of FlowPlayer and flashmedia are susceptible to Cross-Site Scripting. No authentication is...
django -- multiple vulnerabilities
The Django Project reports: These security releases fix four issues: one potential phishing vector, one denial-of-service vector, an information leakage issue, and a range of XML vulnerabilities. Host header poisoning an attacker could cause Django to generate and display URLs that link to...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 143439 High CVE-2012-2889: UXSS in frame handling. Credit to Sergey Glazunov. 143437 High CVE-2012-2886: UXSS in v8 bindings. Credit to Sergey Glazunov. 139814 High CVE-2012-2881: DOM tree corruption with plug-ins. Credit to Chamal de Silva. 135432 High...
www/chromium -- multiple vulnerabilities
Google Chrome Releases reports: 129898 High CVE-2012-2842: Use-after-free in counter handling. Credit to miaubiz. 130595 High CVE-2012-2843: Use-after-free in layout height tracking. Credit to miaubiz. 133450 High CVE-2012-2844: Bad object access with JavaScript in PDF. Credit to Alexey Samsonov ...
php5-sqlite -- open_basedir bypass
MITRE CVE team reports: The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the openbasedir protection mechanism via unspecified vectors...
chromium -- cross-site scripting vulnerability
Google Chrome Releases reports: 117226 117230 Critical CVE-2011-3046: UXSS and bad history navigation. Credit to Sergey Glazunov...
php -- arbitrary remote code execution vulnerability
Secunia reports: A vulnerability has been reported in PHP, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a logic error within the "phpregistervariableex" function phpvariables.c when hashing form posts and updating a hash table,...
acroread9 -- Multiple Vulnerabilities
The Adobe Security Team reports: An unspecified vulnerability in the U3D component allows remote attackers to execute arbitrary code or cause a denial of service attack via unknown vectors. A heap-based buffer overflow allows attackers to execute arbitrary code via unspecified vectors...
Samba -- cross site scripting and request forgery vulnerabilities
Samba security advisory reports: All current released versions of Samba are vulnerable to a cross-site request forgery in the Samba Web Administration Tool SWAT. By tricking a user who is authenticated with SWAT into clicking a manipulated URL on a different web page, it is possible to manipulate...
php -- crash on crafted tag in exif
US-CERT/NIST reports: exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service application crash via an image with a crafted Image File Directory IFD that triggers a buffer over-read...
linux-flashplugin -- remote code execution vulnerability
Adobe Product Security Incident Response Team reports: A critical vulnerability exists in Flash Player 10.2.153.1 and earlier versions Adobe Flash Player 10.2.154.25 and earlier for Chrome users for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 10.2.156.12 and earlier versions for...
mozilla -- Heap buffer overflow mixing document.write and DOM insertion
The Mozilla Project reports: MFSA 2010-73 Heap buffer overflow mixing document.write and DOM insertion...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: Fixed in 15.0.874.121: 103259 High CVE-2011-3900: Out-of-bounds write in v8. Credit to Christian Holler. Fixed in 15.0.874.120: 100465 High CVE-2011-3892: Double free in Theora decoder. Credit to Aki Helin of OUSPG. 100492 100543 Medium CVE-2011-3893: Out of bounds...
Webkit-gtk2 -- Multiple Vulnabilities
Gustavo Noronha Silva reports: The patches to fix the following CVEs are included with help from Vincent Danen and other members of the Red Hat security team:...
bugzilla -- information disclosure
A Bugzilla Security Advisory reports: Normally, information about time-tracking estimated hours, actual hours, hours worked, and deadlines is restricted to users in the "time-tracking group". However, any user was able, by crafting their own search URL, to search for bugs based using those fields...
tinyproxy -- ACL lists ineffective when range is configured
When including a line to allow a network of IP addresses, the access to tinyproxy 56 is actually allowed for all IP addresses...
squid -- Denial of Service vulnerability in HTCP
Squid security advisory 2010:2 reports: Due to incorrect processing Squid is vulnerable to a denial of service attack when receiving specially crafted HTCP packets. This problem allows any machine to perform a denial of service attack on the Squid service when its HTCP port is open...
Wireshark -- Multiple vulnerabilities
Wireshark reports: Laurent Butti discovered that Wireshark failed to properly check record sizes for many packet capture file formats Wireshark could dereference a NULL pointer and crash. The RLC dissector could overflow a buffer...
libtool -- Library Search Path Privilege Escalation Issue
Secunia.com Do not attempt to load an unqualified module.la file from the current directory by default since doing so is insecure and is not compliant with the documentation...
mono -- XML signature HMAC truncation spoofing
Secunia reports: A security issue has been reported in Mono, which can be exploited by malicious people to conduct spoofing attacks. The security issue is caused due to an error when processing certain XML signatures...
libxine -- multiple vulnerabilities
Multiple vulnerabilities were fixed in libxine 1.1.16.2. Tobias Klein reports: FFmpeg contains a type conversion vulnerability while parsing malformed 4X movie files. The vulnerability may be exploited by a remote attacker to execute arbitrary code in the context of FFmpeg or an application using...
firefox -- multiple vulnerabilities
Mozilla Foundation reports: MFSA 2009-06: Directives to not cache pages ignored MFSA 2009-05: XMLHttpRequest allows reading HTTPOnly cookies MFSA 2009-04: Chrome privilege escalation via local .desktop files MFSA 2009-03: Local file stealing with SessionStore MFSA 2009-02: XSS using a chrome XBL...
dovecot-managesieve -- Script Name Directory Traversal Vulnerability
Secunia reports: The security issue is caused due to an input validation error when processing script names. This can be exploited to read or modify arbitrary files having ".sieve" extensions via directory traversal attacks, with the privileges of the attacker's user id...
FreeBSD -- IPv6 Neighbor Discovery Protocol routing vulnerability
Problem Description IPv6 routers may allow "on-link" IPv6 nodes to create and update the router's neighbor cache and forwarding information. A malicious IPv6 node sharing a common router but on a different physical segment from another node may be able to spoof Neighbor Discovery messages, allowi...
vim -- Vim Shell Command Injection Vulnerabilities
Rdancer.org reports: Improper quoting in some parts of Vim written in the Vim Script can lead to arbitrary code execution upon opening a crafted file...