6583 matches found
zookeeper -- Denial Of Service
zookeeper developers report: Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from...
ruby -- multiple vulnerabilities
Ruby blog: CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf If a malicious format string which contains a precious specifier is passed and a huge minus value is also passed to the specifier, buffer underrun may be caused. In such situation, the result may contains heap, or the Ruby...
xen-kernel -- x86: Mishandling of SYSCALL singlestep during emulation
The Xen Project reports: The typical behaviour of singlestepping exceptions is determined at the start of the instruction, with a DB trap being raised at the end of the instruction. SYSCALL and SYSRET, although we don't implement it behave differently because the typical behaviour allows userspac...
squid -- multiple vulnerabilities
Squid security advisory 2016:10 reports: Due to incorrect comparison of request headers Squid can deliver responses containing private data to clients it should not have reached. This problem allows a remote attacker to discover private and sensitive information about another clients browsing...
asterisk -- Authentication Bypass
The Asterisk project reports: The chansip channel driver has a liberal definition for whitespace when attempting to strip the content between a SIP header name and a colon character. Rather than following RFC 3261 and stripping only spaces and horizontal tabs, Asterisk treats any non-printable...
xen-kernel -- x86 null segments not always treated as unusable
The Xen Project reports: The Xen x86 emulator erroneously failed to consider the unusability of segments when performing memory accesses. The intended behaviour is as follows: The user data segment %ds, %es, %fs and %gs selectors may be NULL in 32-bit to prevent access. In 64-bit, NULL has a...
node.js -- multiple vulnerabilities
Node.js v6.9.0 LTS contains the following security fixes, specific to v6.x: Disable auto-loading of openssl.cnf: Don't automatically attempt to load an OpenSSL configuration file, from the OPENSSLCONF environment variable or from the default location for the current platform. Always triggering a...
ImageMagick7 -- multiple vulnerabilities
Multiple sources report: CVE-2016-9298: heap overflow in WaveletDenoiseImage, fixed in ImageMagick7-7.0.3.6, discovered 2016-10-31 CVE-2016-8866: memory allocation failure in AcquireMagickMemory incomplete previous fix for CVE-2016-8862, not fixed yet with the release of this announcement,...
xen-kernel -- x86: Disallow L3 recursive pagetable for 32-bit PV guests
The Xen Project reports: On real hardware, a 32-bit PAE guest must leave the USER and RW bit clear in L3 pagetable entries, but the pagetable walk behaves as if they were set. The L3 entries are cached in processor registers, and don't actually form part of the pagewalk. When running a 32-bit PV...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 48 security fixes in this release, including: 610600 High CVE-2016-1706: Sandbox escape in PPAPI. Credit to Pinkie Pie xisigr of Tencent's Xuanwu Lab 613949 High CVE-2016-1708: Use-after-free in Extensions. Credit to Adam Varsan 614934 High CVE-2016-1709:...
libarchive -- multiple vulnerabilities
Hanno Bock and Cisco Talos report: Out of bounds heap read in RAR parser Signed integer overflow in ISO parser TALOS-2016-0152 CVE-2016-4300: 7-Zip readSubStreamsInfo Integer Overflow TALOS-2016-0153 CVE-2016-4301: mtree parsedevice Stack Based Buffer Overflow TALOS-2016-0154 CVE-2016-4302:...
xen-tools -- Unsanitised guest input in libxl device handling code
The Xen Project reports: Various parts of libxl device-handling code inappropriately use information from partially guest controlled areas of xenstore. A malicious guest administrator can cause denial of service by resource exhaustion. A malicious guest administrator can confuse and/or deny servi...
xen-tools -- Unrestricted qemu logging
The Xen Project reports: When the libxl toolstack launches qemu for HVM guests, it pipes the output of stderr to a file in /var/log/xen. This output is not rate-limited in any way. The guest can easily cause qemu to print messages to stderr, causing this file to become arbitrarily large. The disk...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 5 security fixes in this release, including: 605766 High CVE-2016-1667: Same origin bypass in DOM. Credit to Mariusz Mlynski. 605910 High CVE-2016-1668: Same origin bypass in Blink V8 bindings. Credit to Mariusz Mlynski. 606115 High CVE-2016-1669: Buffer overflow i...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 9 security fixes in this release, including: 574802 High CVE-2016-1660: Out-of-bounds write in Blink. Credit to Atte Kettunen of OUSPG. 601629 High CVE-2016-1661: Memory corruption in cross-process frames. Credit to Wadih Matar. 603732 High CVE-2016-1662:...
xen-kernel -- x86 shadow pagetables: address width overflow
The Xen Project reports: In the x86 shadow pagetable code, the guest frame number of a superpage mapping is stored in a 32-bit field. If a shadowed guest can cause a superpage mapping of a guest-physical address at or above 2^44 to be shadowed, the top bits of the address will be lost, causing an...
libssh -- weak Diffie-Hellman secret generation
Andreas Schneider reports: libssh versions 0.1 and above have a bits/bytes confusion bug and generate an abnormally short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the recommended sizes of 1024...
ffmpeg -- multiple vulnerabilities
NVD reports: The updatedimensions function in libavcodec/vp8.c in FFmpeg through 2.8.1, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during multi-threaded operation, which allows remote attackers to cause a denial of service race conditi...
libxml2 -- multiple vulnerabilities
reports: CVE-2015-5312 Another entity expansion issue David Drysdale. CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey David Drysdale. CVE-2015-7498 Avoid processing entities after encoding conversion failures Daniel Veillard. CVE-2015-7499 1 Add xmlHaltParser to stop the...
xen-kernel -- Uncontrolled creation of large page mappings by PV guests
The Xen Project reports: The code to validate level 2 page table entries is bypassed when certain conditions are satisfied. This means that a PV guest can create writable mappings using super page mappings. Such writable mappings can violate Xen intended invariants for pages which Xen is supposed...
phpMyAdmin -- Content spoofing vulnerability
The phpMyAdmin development team reports: This vulnerability allows an attacker to perform a content spoofing attack using the phpMyAdmin's redirection mechanism to external sites. We consider this vulnerability to be non critical since the spoofed content is escaped and no HTML injection is...
lldpd -- Buffer overflow/Denial of service
The lldpd developer Vincent Bernat reports: A buffer overflow may allow arbitrary code execution only if hardening was disabled. Malformed packets should not make lldpd crash. Ensure we can handle them by not using assert in this part...
flash -- multiple vulnerabilities
Adobe reports: These updates resolve a type confusion vulnerability that could lead to code execution CVE-2015-5573. These updates resolve use-after-free vulnerabilities that could lead to code execution CVE-2015-5570, CVE-2015-5574, CVE-2015-5581, CVE-2015-5584, CVE-2015-6682. These updates...
Adobe Flash Player -- critical vulnerabilities
Adobe reports: Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit targeting CVE-2015-5119 has been publicly published...
apache22 -- chunk header parsing defect
Apache Foundation reports: CVE-2015-3183 core: Fix chunk header parsing defect. Remove aprbrigadeflatten, buffering and duplicated code from the HTTPIN filter, parse chunks in a single pass with zero copy. Limit accepted chunk-size to 2^63-1 and be strict about chunk-ext authorized characters...
cups -- multiple vulnerabilities
CUPS development team reports: The new release addresses two security vulnerabilities, add localizations for German and Russian, and includes several general bug fixes. Changes include: Security: Fixed CERT VU 810572/CVE-2015-1158/CVE-2015-1159 exploiting the dynamic linker STR 4609 Security: The...
wireshark -- multiple vulnerabilities
Wireshark development team reports: The following vulnerabilities have been fixed. wnpa-sec-2015-12 The LBMR dissector could go into an infinite loop. Bug 11036 CVE-2015-3808, CVE-2015-3809 wnpa-sec-2015-13 The WebSocket dissector could recurse excessively. Bug 10989 CVE-2015-3810 wnpa-sec-2015-1...
Adobe Flash Player -- critical vulnerabilities
Adobe reports: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2015-3043 exists in...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA-2015-30 Miscellaneous memory safety hazards rv:37.0 / rv:31.6 MFSA-2015-31 Use-after-free when using the Fluendo MP3 GStreamer plugin MFSA-2015-32 Add-on lightweight theme installation approval bypassed through MITM attack MFSA-2015-33 resource:// documents can...
ffmpeg -- multiple vulnerabilities
Please reference CVE/URL list for details...
rest-client -- plaintext password disclosure
The open sourced vulnerability database reports: REST Client for Ruby contains a flaw that is due to the application logging password information in plaintext. This may allow a local attacker to gain access to password information...
bind -- denial of service vulnerability
ISC reports: We have today posted updated versions of 9.9.6 and 9.10.1 to address a significant security vulnerability in DNS resolution. The flaw was discovered by Florian Maury of ANSSI, and applies to any recursive resolver that does not support a limit on the number of recursions...
asterisk -- Multiple vulnerabilities
The Asterisk project reports: AST-2014-014 - High call load may result in hung channels in ConfBridge. AST-2014-017 - Permission escalation through ConfBridge actions/dialplan functions...
fish -- local privilege escalation and remote code execution
Fish developer David Adam reports: This release fixes a number of local privilege escalation vulnerability and one remote code execution vulnerability...
libvncserver -- multiple security vulnerabilities
Nicolas Ruff reports: Integer overflow in MallocFrameBuffer on client side. Lack of malloc return value checking on client side. Server crash on a very large ClientCutText message. Server crash when scaling factor is set to zero. Multiple stack overflows in File Transfer feature...
subversion -- several vulnerabilities
Subversion Project reports: Using the Serf RA layer of Subversion for HTTPS uses the aprfnmatch API to handle matching wildcards in certificate Common Names and Subject Alternate Names. However, aprfnmatch is not designed for this purpose. Instead it is designed to behave like common shell...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2014-66 IFRAME sandbox same-origin access through redirect MFSA 2014-65 Certificate parsing broken by non-standard character encoding MFSA 2014-64 Crash in Skia library when scaling high quality images MFSA 2014-63 Use-after-free while when manipulating...
tomcat -- multiple vulnerabilities
Tomcat Security Team reports: Tomcat does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference,...
Python -- buffer overflow in socket.recvfrom_into()
Vincent Danen via Red Hat Issue Tracker reports: A vulnerability was reported in Python's socket module, due to a boundary error within the sockrecvfrominto function, which could be exploited to cause a buffer overflow. This could be used to crash a Python application that uses the...
file -- out-of-bounds access in search rules with offsets from input file
Aaron Reffett reports: softmagic.c in file ... and libmagic allows context-dependent attackers to cause a denial of service out-of-bounds memory access and crash via crafted offsets in the softmagic of a PE executable...
cURL library -- cert name check ignore with GnuTLS
cURL project reports: libcurl is vulnerable to a case of missing out the checking of the certificate CN or SAN name field when the digital signature verification is turned off. libcurl offers two separate and independent options for verifying a server's TLS certificate. CURLOPTSSLVERIFYPEER and...
gstreamer-ffmpeg -- Multiple vulnerabilities in bundled libav
Bundled version of libav in gstreamer-ffmpeg contains a number of vulnerabilities...
puppet -- multiple vulnerabilities
Puppet Labs reports: By using the resourcetype service, an attacker could cause puppet to load arbitrary Ruby files from the puppet master node's file system. While this behavior is not enabled by default, auth.conf settings could be modified to allow it. The exploit requires local file system...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 176882 High CVE-2013-0902: Use-after-free in frame loader. Credit to Chamal de Silva. 176252 High CVE-2013-0903: Use-after-free in browser navigation handling. Credit to "chromium.khalil". 172926 172331 High CVE-2013-0904: Memory corruption in Web Audio. Credit to...
net/openafs -- buffer overflow
Nickolai Zeldovich reports: An attacker with the ability to manipulate AFS directory ACLs may crash the fileserver hosting that volume. In addition, once a corrupt ACL is placed on a fileserver, its existence may crash client utilities manipulating ACLs on that server...
piwigo -- CSRF/Path Traversal
High-Tech Bridge Security Research Lab reports: The CSRF vulnerability exists due to insufficient verification of the HTTP request origin in "/admin.php" script. A remote attacker can trick a logged-in administrator to visit a specially crafted webpage and create arbitrary PHP file on the remote...
tomcat -- denial of service
The Apache Software Foundation reports: When using the NIO connector with sendfile and HTTPS enabled, if a client breaks the connection while reading the response an infinite loop is entered leading to a denial of service...
bugzilla -- multiple vulnerabilities
A Bugzilla Security Advisory reports: The following security issues have been discovered in Bugzilla: Information Leak If the visibility of a custom field is controlled by a product or a component of a product you cannot see, their names are disclosed in the JavaScript code generated for this...
FreeBSD -- OpenSSL multiple vulnerabilities
Problem description: OpenSSL fails to clear the bytes used as block cipher padding in SSL 3.0 records when operating as a client or a server that accept SSL 3.0 handshakes. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 113902 High CVE-2011-3050: Use-after-free with first-letter handling. Credit to miaubiz. 116162 High CVE-2011-3045: libpng integer issue from upstream. Credit to Glenn Randers-Pehrson of the libpng project. 116461 High CVE-2011-3051: Use-after-free in CSS cross-fad...