6585 matches found
ImageMagick7 -- multiple vulnerabilities
Multiple sources report: CVE-2016-9298: heap overflow in WaveletDenoiseImage, fixed in ImageMagick7-7.0.3.6, discovered 2016-10-31 CVE-2016-8866: memory allocation failure in AcquireMagickMemory incomplete previous fix for CVE-2016-8862, not fixed yet with the release of this announcement,...
MySQL -- Multiple vulnerabilities
Oracle reports: The quarterly Critical Patch Update contains 22 new security fixes for Oracle MySQL 5.5.49, 5.6.30, 5.7.13 and earlier...
libreoffice -- use-after-free vulnerability
Talos reports: An exploitable Use After Free vulnerability exists in the RTF parser LibreOffice. A specially crafted file can cause a use after free resulting in a possible arbitrary code execution. To exploit the vulnerability a malicious file needs to be opened by the user via vulnerable...
expat2 -- denial of service
Adam Maris reports: It was found that original patch for issues CVE-2015-1283 and CVE-2015-2716 used overflow checks that could be optimized out by some compilers applying certain optimization settings, which can cause the vulnerability to remain even after applying the patch...
xen-tools -- Unsanitised guest input in libxl device handling code
The Xen Project reports: Various parts of libxl device-handling code inappropriately use information from partially guest controlled areas of xenstore. A malicious guest administrator can cause denial of service by resource exhaustion. A malicious guest administrator can confuse and/or deny servi...
xercesi-c3 -- multiple vulnerabilities
Apache reports: The Xerces-C XML parser fails to successfully parse a DTD that is deeply nested, and this causes a stack overflow, which makes a denial of service attack against many applications possible by an unauthenticated attacker. Also, CVE-2016-2099: Use-after-free vulnerability in...
php -- multiple vulnerabilities
The PHP Group reports: BCMath: Fixed bug 72093 bcpowmod accepts negative scale and corrupts one definition. Exif: Fixed bug 72094 Out of bounds heap read access in exif header processing. GD: Fixed bug 71912 libgd: signedness vulnerability. CVE-2016-3074 Intl: Fixed bug 72061 Out-of-bounds reads ...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: MFSA 2016-39 Miscellaneous memory safety hazards rv:46.0 / rv:45.1 / rv:38.8 MFSA 2016-42 Use-after-free and buffer overflow in Service Workers MFSA 2016-44 Buffer overflow in libstagefright with CENC offsets MFSA 2016-45 CSP not applied to pages sent with...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 20 security fixes in this release, including: 590275 High CVE-2016-1652: Universal XSS in extension bindings. Credit to anonymous. 589792 High CVE-2016-1653: Out-of-bounds write in V8. Credit to Choongwoo Han. 591785 Medium CVE-2016-1651: Out-of-bounds read in Pdfi...
exim -- local privillege escalation
The Exim development team reports: All installations having Exim set-uid root and using 'perlstartup' are vulnerable to a local privilege escalation. Any user who can start an instance of Exim and this is normally any user can gain root privileges. If you do not use 'perlstartup' you should be sa...
upnp -- multiple vulnerabilities
Matthew Garett reports: Reported this to upstream 8 months ago without response, so: libupnp's default behaviour allows anyone to write to your filesystem. Seriously. Find a device running a libupnp based server Shodan says there's rather a lot, and POST a file to /testfile. Then GET /testfile...
Bugzilla security issues
Bugzilla Security Advisory During the generation of a dependency graph, the code for the HTML image map is generated locally if a local dot installation is used. With escaped HTML characters in a bug summary, it is possible to inject unfiltered HTML code in the map file which the CreateImagemap...
NSS -- MD5 downgrade in TLS 1.2 signatures
The Mozilla Project reports: Security researcher Karthikeyan Bhargavan reported an issue in Network Security Services NSS where MD5 signatures in the server signature within the TLS 1.2 ServerKeyExchange message are still accepted. This is an issue since NSS has officially disallowed the acceptin...
mediawiki -- multiple vulnerabilities
MediaWiki reports: T117899 SECURITY: $wgArticlePath can no longer be set to relative paths that do not begin with a slash. This enabled trivial XSS attacks. Configuration values such as "http://my.wiki.com/wiki/$1" are fine, as are "/wiki/$1". A value such as "$1" or "wiki/$1" is not and will now...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2015-134 Miscellaneous memory safety hazards rv:43.0 / rv:38.5 MFSA 2015-135 Crash with JavaScript variable assignment with unboxed objects MFSA 2015-136 Same-origin policy violation using perfomance.getEntries and history navigation MFSA 2015-137 Firefox allows...
phpMyAdmin -- Content spoofing vulnerability
The phpMyAdmin development team reports: This vulnerability allows an attacker to perform a content spoofing attack using the phpMyAdmin's redirection mechanism to external sites. We consider this vulnerability to be non critical since the spoofed content is escaped and no HTML injection is...
java -- multiple vulnerabilities
Oracle reports: This Critical Patch Update contains 25 new security fixes for Oracle Java SE. 24 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password...
flash -- remote code execution
Adobe reports: These updates resolve type confusion vulnerabilities that could lead to code execution CVE-2015-7645, CVE-2015-7647, CVE-2015-7648...
elasticsearch -- directory traversal attack via snapshot API
Elastic reports: Vulnerability Summary: Elasticsearch versions from 1.0.0 to 1.6.0 are vulnerable to a directory traversal attack. Remediation Summary: Users should upgrade to 1.6.1 or later, or constrain access to the snapshot API to trusted sources...
Adobe Flash Player -- critical vulnerabilities
Adobe reports: Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit targeting CVE-2015-5119 has been publicly published...
rubygem-paperclip -- validation bypass vulnerability
Jon Yurek reports: Thanks to MORI Shingo of DeNA Co., Ltd. for reporting this. There is an issue where if an HTML file is uploaded with a .html extension, but the content type is listed as being image/jpeg, this will bypass a validation checking for images. But it will also pass the spoof check,...
avidemux26 -- multiple vulnerabilities in bundled FFmpeg
The Mageia project reports: Avidemux is built with a bundled set of FFmpeg libraries. The bundled FFmpeg version has been updated from 1.2.10 to 1.2.12 to fix these security issues and other bugs fixed upstream in FFmpeg...
libxml2 -- Enforce the reader to run in constant memory
Daniel Veilland reports: Enforce the reader to run in constant memory. One of the operation on the reader could resolve entities leading to the classic expansion issue. Make sure the buffer used for xmlreader operation is bounded. Introduce a new allocation type for the buffers for this effect...
xen-kernel -- Information leak through version information hypercall
The Xen Project reports: The code handling certain sub-operations of the HYPERVISORxenversion hypercall fails to fully initialize all fields of structures subsequently copied back to guest memory. Due to this hypervisor stack contents are copied into the destination of the operation, thus becomin...
GNU binutils -- multiple vulnerabilities
US-CERT/NIST reports: The bfdXXiswapaouthdrin function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service out-of-bounds write and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2014-48 Miscellaneous memory safety hazards rv:30.0 / rv:24.6 MFSA 2014-49 Use-after-free and out of bounds issues found using Address Sanitizer MFSA 2014-51 Use-after-free in Event Listener Manager MFSA 2014-52 Use-after-free with SMIL Animation Controller MFSA...
django -- multiple vulnerabilities
The Django project reports: These releases address an unexpected code-execution issue, a caching issue which can expose CSRF tokens and a MySQL typecasting issue. While these issues present limited risk and may not affect all Django users, we encourage all users to evaluate their own risk and...
phpMyAdmin -- Self-XSS due to unescaped HTML output in import.
The phpMyAdmin development team reports: When importing a file with crafted filename, it is possible to trigger an XSS. We consider this vulnerability to be non critical...
mumble -- NULL pointer dereference and heap-based buffer overflow
Mumble reports: A malformed Opus voice packet sent to a Mumble client could trigger a NULL pointer dereference or an out-of-bounds array access. A malformed Opus voice packet sent to a Mumble client could trigger a heap-based buffer overflow...
openssl -- multiple vulnerabilities
OpenSSL development team reports: Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f 6 Jan 2014: Fix for TLS record tampering bug CVE-2013-4353 Fix for TLS version checking bug CVE-2013-6449 Fix for DTLS retransmission bug CVE-2013-6450...
file -- out-of-bounds access in search rules with offsets from input file
Aaron Reffett reports: softmagic.c in file ... and libmagic allows context-dependent attackers to cause a denial of service out-of-bounds memory access and crash via crafted offsets in the softmagic of a PE executable...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 15 security fixes in this release, including: 307159 Medium CVE-2013-6634: Session fixation in sync related to 302 redirects. Credit to Andrey Labunets. 314469 High CVE-2013-6635: Use-after-free in editing. Credit to cloudfuzzer. 322959 Medium CVE-2013-6636: Addres...
lighttpd -- multiple vulnerabilities
lighttpd security advisories report: It is possible to inadvertantly enable vulnerable ciphers when using ssl.cipher-list. In certain cases setuid and similar can fail, potentially triggering lighttpd to restart running as root. If FAMMonitorDirectory fails, the memory intended to store the conte...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 5 security fixes in this release, including: 292422 High CVE-2013-2925: Use after free in XHR. Credit to Atte Kettunen of OUSPG. 294456 High CVE-2013-2926: Use after free in editing. Credit to cloudfuzzer. 297478 High CVE-2013-2927: Use after free in forms. Credit ...
gstreamer-ffmpeg -- Multiple vulnerabilities in bundled libav
Bundled version of libav in gstreamer-ffmpeg contains a number of vulnerabilities...
typo3 -- Multiple vulnerabilities in TYPO3 Core
Typo Security Team reports: It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting and Remote Code Execution. TYPO3 bundles flash files for video and audio playback. Old versions of FlowPlayer and flashmedia are susceptible to Cross-Site Scripting. No authentication is...
net/openafs -- buffer overflow
Nickolai Zeldovich reports: An attacker with the ability to manipulate AFS directory ACLs may crash the fileserver hosting that volume. In addition, once a corrupt ACL is placed on a fileserver, its existence may crash client utilities manipulating ACLs on that server...
django -- multiple vulnerabilities
The Django Project reports: These security releases fix four issues: one potential phishing vector, one denial-of-service vector, an information leakage issue, and a range of XML vulnerabilities. Host header poisoning an attacker could cause Django to generate and display URLs that link to...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 143439 High CVE-2012-2889: UXSS in frame handling. Credit to Sergey Glazunov. 143437 High CVE-2012-2886: UXSS in v8 bindings. Credit to Sergey Glazunov. 139814 High CVE-2012-2881: DOM tree corruption with plug-ins. Credit to Chamal de Silva. 135432 High...
www/chromium -- multiple vulnerabilities
Google Chrome Releases reports: 129898 High CVE-2012-2842: Use-after-free in counter handling. Credit to miaubiz. 130595 High CVE-2012-2843: Use-after-free in layout height tracking. Credit to miaubiz. 133450 High CVE-2012-2844: Bad object access with JavaScript in PDF. Credit to Alexey Samsonov ...
php5-sqlite -- open_basedir bypass
MITRE CVE team reports: The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the openbasedir protection mechanism via unspecified vectors...
chromium -- cross-site scripting vulnerability
Google Chrome Releases reports: 117226 117230 Critical CVE-2011-3046: UXSS and bad history navigation. Credit to Sergey Glazunov...
php -- arbitrary remote code execution vulnerability
Secunia reports: A vulnerability has been reported in PHP, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a logic error within the "phpregistervariableex" function phpvariables.c when hashing form posts and updating a hash table,...
acroread9 -- Multiple Vulnerabilities
The Adobe Security Team reports: An unspecified vulnerability in the U3D component allows remote attackers to execute arbitrary code or cause a denial of service attack via unknown vectors. A heap-based buffer overflow allows attackers to execute arbitrary code via unspecified vectors...
Samba -- cross site scripting and request forgery vulnerabilities
Samba security advisory reports: All current released versions of Samba are vulnerable to a cross-site request forgery in the Samba Web Administration Tool SWAT. By tricking a user who is authenticated with SWAT into clicking a manipulated URL on a different web page, it is possible to manipulate...
php -- crash on crafted tag in exif
US-CERT/NIST reports: exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service application crash via an image with a crafted Image File Directory IFD that triggers a buffer over-read...
linux-flashplugin -- remote code execution vulnerability
Adobe Product Security Incident Response Team reports: A critical vulnerability exists in Flash Player 10.2.153.1 and earlier versions Adobe Flash Player 10.2.154.25 and earlier for Chrome users for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 10.2.156.12 and earlier versions for...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: Fixed in 15.0.874.121: 103259 High CVE-2011-3900: Out-of-bounds write in v8. Credit to Christian Holler. Fixed in 15.0.874.120: 100465 High CVE-2011-3892: Double free in Theora decoder. Credit to Aki Helin of OUSPG. 100492 100543 Medium CVE-2011-3893: Out of bounds...
Webkit-gtk2 -- Multiple Vulnabilities
Gustavo Noronha Silva reports: The patches to fix the following CVEs are included with help from Vincent Danen and other members of the Red Hat security team:...
bugzilla -- information disclosure
A Bugzilla Security Advisory reports: Normally, information about time-tracking estimated hours, actual hours, hours worked, and deadlines is restricted to users in the "time-tracking group". However, any user was able, by crafting their own search URL, to search for bugs based using those fields...