6585 matches found
dovecot -- Buffer overflow reading extension header
Aki Tuomi reports: Vulnerability Details: When reading FTS or POP3-UIDL header from dovecot index, the input buffer size is not bound, and data is copied to target structure causing stack overflow. Risk: This can be used for local root privilege escalation or executing arbitrary code in dovecot...
PostgreSQL -- two vulnerabilities
The PostgreSQL project reports: CVE-2018-10915: Certain host connection parameters defeat client-side security defenses libpq, the client connection API for PostgreSQL that is also used by other connection libraries, had an internal issue where it did not reset all of its connection state variabl...
vlc -- Use after free vulnerability
Mitre reports: VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions...
asterisk -- multiple vulnerabilities
The Asterisk project reports: AST-2018-004 - When processing a SUBSCRIBE request the respjsippubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed despite having a fixed limit of 32. If more than 32 Accep...
cURL -- Multiple vulnerabilities
The cURL project reports: libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HT...
The Bouncy Castle Crypto APIs: CVE-2017-13098 ("ROBOT")
The Legion of the Bouncy Castle reports: Release: 1.59 CVE-2017-13098 "ROBOT", a Bleichenbacher oracle in TLS when RSA key exchange is negotiated. This potentially affected BCJSSE servers and any other TLS servers configured to use JCE for the underlying crypto - note the two TLS implementations...
OpenSSL -- Multiple vulnerabilities
The OpenSSL project reports: bnsqrx8xinternal carry bug on x8664 CVE-2017-3736 Severity: Moderate There is a carry propagating bug in the x8664 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very...
Flash Player -- multiple vulnerabilities
Adobe reports: These updates resolve memory corruption vulnerabilities that could lead to remote code execution CVE-2017-11281, CVE-2017-11282...
chromium -- multiple vulnerabilities
Google Chrome releases reports: 5 security fixes in this release, including: 725032 High CVE-2017-5087: Sandbox Escape in IndexedDB. Reported by Ned Williamson on 2017-05-22 729991 High CVE-2017-5088: Out of bounds read in V8. Reported by Xiling Gong of Tencent Security Platform Department on...
ImageMagick -- multiple vulnerabilities
Please reference CVE/URL list for details...
MySQL -- multiple vulnerabilities
Oracle reports: Not all vulnerabilities are relevant for all flavors/versions of the servers and clients Vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability ...
phpmailer -- Remote Code Execution
SecurityFocus reports: PHPMailer is prone to an local information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks...
Irssi -- multiple vulnerabilities
Irssi reports: Five vulnerabilities have been located in Irssi A NULL pointer dereference in the nickcmp function found by Joseph Bisch. CWE-690 Use after free when receiving invalid nick message Issue 466, CWE-146 Out of bounds read in certain incomplete control codes found by Joseph Bisch...
lynx -- multiple vulnerabilities
Oracle reports: Lynx is vulnerable to POODLE by still supporting vulnerable version of SSL. Lynx is also vulnerable to URL attacks by incorrectly parsing hostnames ending with an '?'...
mysql -- multiple vulnerabilities
Oracle reports: Local security vulnerability in 'Server: Packaging' sub component...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: CVE-2016-2827 - Out-of-bounds read in mozilla::net::IsValidReferrerPolicy low CVE-2016-5256 - Memory safety bugs fixed in Firefox 49 critical CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 critical CVE-2016-5270 - Heap-buffer-overflow in...
Remote-Code-Execution vulnerability in mysql and its variants CVE 2016-6662
LegalHackers' reports: RCE Bugs discovered in MySQL and its variants like MariaDB. It works by manipulating my.cnf files and using --malloc-lib. The bug seems fixed in MySQL 5.7.15 by Oracle...
wireshark -- multiple vulnerabilities
Wireshark development team reports: The following vulnerabilities have been fixed: wnpa-sec-2016-41 PacketBB crash. Bug 12577 wnpa-sec-2016-42 WSP infinite loop. Bug 12594 wnpa-sec-2016-44 RLC long loop. Bug 12660 wnpa-sec-2016-45 LDSS dissector crash. Bug 12662 wnpa-sec-2016-46 RLC dissector...
apache24 -- X509 Client certificate based authentication can be bypassed when HTTP/2 is used
Apache Software Foundation reports: The Apache HTTPD web server from 2.4.18-2.4.20 did not validate a X509 client certificate correctly when experimental module for the HTTP/2 protocol is used to access a resource. The net result is that a resource that should require a valid client certificate i...
tiff -- buffer overflow
Henri Salo reports: buffer overflow in gif2tiff tool...
VLC -- Possibly remote code execution via crafted file
The VLC project reports: Fix out-of-bound write in adpcm QT IMA codec CVE-2016-5108...
xen-kernel -- x86 software guest page walk PS bit handling flaw
The Xen Project reports: The Page Size PS page table entry bit exists at all page table levels other than L1. Its meaning is reserved in L4, and conditionally reserved in L3 and L2 depending on hardware capabilities. The software page table walker in the hypervisor, however, so far ignored that b...
perl5 -- taint mechanism bypass vulnerability
MITRE reports: Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 594574 High CVE-2016-1646: Out-of-bounds read in V8. 590284 High CVE-2016-1647: Use-after-free in Navigation. 590455 High CVE-2016-1648: Use-after-free in Extensions. 597518 CVE-2016-1650: Various fixes from internal audits, fuzzing and other initiatives. Multiple...
flash -- multiple vulnerabilities
Adobe reports: These updates resolve integer overflow vulnerabilities that could lead to code execution CVE-2016-0963, CVE-2016-0993, CVE-2016-1010. These updates resolve use-after-free vulnerabilities that could lead to code execution CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991,...
bind -- denial of service vulnerability
ISC reports: An error parsing input received by the rndc control channel can cause an assertion failure in sexpr.c or alist.c...
graphite2 -- code execution vulnerability
Talos reports: An exploitable denial of service vulnerability exists in the font handling of Libgraphite. A specially crafted font can cause an out-of-bounds read potentially resulting in an information leak or denial of service. A specially crafted font can cause a buffer overflow resulting in...
curl -- Credentials not checked
The cURL project reports: libcurl will reuse NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer...
Python -- Integer overflow in zipimport module
Python reports: Possible integer overflow and heap corruption in zipimporter.getdata...
cacti -- SQL injection vulnerabilities
NVD reports: SQL injection vulnerability in include/topgraphheader.php in Cacti 0.8.8f and earlier allows remote attackers to execute arbitrary SQL commands via the rraid parameter in a properties action to graph.php...
xen-kernel -- some pmu and profiling hypercalls log without rate limiting
The Xen Project reports: HYPERCALLxenoprofop and HYPERVISORxenpmuop log some errors and attempts at invalid operations. These log messages are not rate-limited, even though they can be triggered by guests. A malicious guest could cause repeated logging to the hypervisor console, leading to a Deni...
RT -- two XSS vulnerabilities
Best Practical reports: RT 4.0.0 and above are vulnerable to a cross-site scripting XSS attack via the user and group rights management pages. This vulnerability is assigned CVE-2015-5475. It was discovered and reported by Marcin Kopec at Data Reliance Shared Service Center. RT 4.2.0 and above ar...
groovy -- remote execution of untrusted code
Cédric Champeau reports: Description When an application has Groovy on the classpath and that it uses standard Java serialization mechanism to communicate between servers, or to store local data, it is possible for an attacker to bake a special serialized object that will execute code directly wh...
cups-filters -- texttopdf integer overflow
Stefan Cornelius from Red Hat reports: An integer overflow flaw leading to a heap-based buffer overflow was discovered in the way the texttopdf utility of cups-filter processed print jobs with a specially crafted line size. An attacker being able to submit print jobs could exploit this flaw to...
xen-tools -- Guest triggerable qemu MSI-X pass-through error messages
The Xen Project reports: Device model code dealing with guest PCI MSI-X interrupt management activities logs messages on certain supposedly invalid guest operations. A buggy or malicious guest repeatedly invoking such operations may result in the host disk to fill up, possibly leading to a Denial...
pcre -- multiple vulnerabilities
Venustech ADLAB reports: PCRE library is prone to a vulnerability which leads to Heap Overflow. During the compilation of a malformed regular expression, more data is written on the malloced block than the expected size output by compileregex. PCRE library is prone to a vulnerability which leads ...
xen-tools -- HVM qemu unexpectedly enabling emulated VGA graphics backends
The Xen Project reports: When instantiating an emulated VGA device for an x86 HVM guest qemu will by default enable a backend to expose that device, either SDL or VNC depending on the version of qemu and the build time configuration. The libxl toolstack library does not explicitly disable these...
chrony -- multiple vulnerabilities
Chrony News reports: CVE-2015-1853: DoS attack on authenticated symmetric NTP associations CVE-2015-1821: Heap-based buffer overflow in access configuration CVE-2015-1822: Use of uninitialized pointer in command processing...
Adobe Flash Player -- critical vulnerability
Adobe reports: Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and...
git -- Arbitrary command execution on case-insensitive filesystems
The Git Project reports: When using a case-insensitive filesystem an attacker can craft a malicious Git tree that will cause Git to overwrite its own .git/config file when cloning or checking out a repository, leading to arbitrary command execution in the client machine. If you are a hosting...
phpMyAdmin -- XSS and information disclosure vulnerabilities
The phpMyAdmin development team reports: With a crafted database, table or column name it is possible to trigger an XSS attack in the table browse page. With a crafted ENUM value it is possible to trigger XSS attacks in the table print view and zoom search pages. With a crafted value for font siz...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 42 security fixes in this release, including: 389734 High CVE-2014-7899: Address bar spoofing. Credit to Eli Grey. 406868 High CVE-2014-7900: Use-after-free in pdfium. Credit to Atte Kettunen from OUSPG. 413375 High CVE-2014-7901: Integer overflow in pdfium. Credit...
unzip -- out of boundary access issues in test_compr_eb
Ubuntu Security Notice USN-2489-1 reports: Michal Zalewski discovered that unzip incorrectly handled certain malformed zip archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 159 security fixes in this release, including 113 found using MemorySanitizer: 416449 Critical CVE-2014-3188: A special thanks to Jüri Aedla for a combination of V8 and IPC bugs that can lead to remote code execution outside of the sandbox. 398384 High...
net-snmp -- snmptrapd crash
Murray McAllister reports: A remote denial-of-service flaw was found in the way snmptrapd handled certain SNMP traps when started with the "-OQ" option. If an attacker sent an SNMP trap containing a variable with a NULL type where an integer variable type was expected, it would cause snmptrapd to...
tor -- traffic confirmation attack
The Tor Project reports: Tor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a circuit after an inbound RELAYEARLY cell is received by a client, which makes it easier for remote attackers to conduct traffic-confirmation attacks by using the pattern of RELAY and RELAYEARLY cells as a mean...
gnutls -- client-side memory corruption
GnuTLS project reports: This vulnerability affects the client side of the gnutls library. A server that sends a specially crafted ServerHello could corrupt the memory of a requesting client...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2014-34 Miscellaneous memory safety hazards rv:29.0 / rv:24.5 MFSA 2014-35 Privilege escalation through Mozilla Maintenance Service Installer MFSA 2014-36 Web Audio memory corruption issues MFSA 2014-37 Out of bounds read while decoding JPG images MFSA 2014-38...
nginx-devel -- SPDY heap buffer overflow
The nginx project reports: A bug in the experimental SPDY implementation in nginx was found, which might allow an attacker to cause a heap memory buffer overflow in a worker process by using a specially crafted request, potentially resulting in arbitrary code execution CVE-2014-0133. The problem...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 28 security fixes in this release, including: 334897 High CVE-2013-6652: Issue with relative paths in Windows sandbox named pipe policy. Credit to tyranid. 331790 High CVE-2013-6653: Use-after-free related to web contents. Credit to Khalil Zhani. 333176 High...