6580 matches found
shibboleth-sp -- DoS vulnerability
Shibboleth consortium reports: Shibboleth SP software crashes on well-formed but invalid XML. The Service Provider software contains a code path with an uncaught exception that can be triggered by an unauthenticated attacker by supplying well-formed but schema-invalid XML in the form of SAML...
cURL -- Multiple Vulnerability
cURL reports: libcurl can wrongly send HTTP credentials when re-using connections. libcurl allows applications to set credentials for the upcoming transfer with HTTP Basic authentication, like with CURLOPTUSERPWD for example. Name and password. Just like all other libcurl options the credentials...
cacti -- Multiple XSS and SQL injection vulnerabilities
The Cacti Group, Inc. reports: Important Security Fixes Multiple XSS and SQL injection vulnerabilities Changelog bug: Fixed SQL injection VN: JVN78187936 / TN:JPCERT98968540 bug0002542: FG-VD-15-017 Cacti Cross-Site Scripting Vulnerability Notification bug0002571: SQL Injection and Location heade...
Adobe Flash Player -- critical vulnerabilities
Adobe reports: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. These updates resolve a vulnerability CVE-2015-3096 that could be...
strongswan -- Information Leak Vulnerability
strongSwan Project reports: An information leak vulnerability was fixed that, in certain IKEv2 setups, allowed rogue servers with a valid certificate accepted by the client to trick it into disclosing user credentials even plain passwords if the client accepts EAP-GTC. This was caused because...
gnutls -- MD5 downgrade in TLS signatures
Karthikeyan Bhargavan reports: GnuTLS does not by default support MD5 signatures. Indeed the RSA-MD5 signature-hash algorithm needs to be explicitly enabled using the priority option VERIFYALLOWSIGNRSAMD5. In the NORMAL and SECURE profiles, GnuTLS clients do not offer RSA-MD5 in the signature...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 45 new security fixes, including: 456518 High CVE-2015-1235: Cross-origin-bypass in HTML parser. Credit to anonymous. 313939 Medium CVE-2015-1236: Cross-origin-bypass in Blink. Credit to Amitay Dobo. 461191 High CVE-2015-1237: Use-after-free in IPC. Credit to Khali...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA-2015-11 Miscellaneous memory safety hazards rv:36.0 / rv:31.5 MFSA-2015-12 Invoking Mozilla updater will load locally stored DLL files MFSA-2015-13 Appended period to hostnames can bypass HPKP and HSTS protections MFSA-2015-14 Malicious WebGL content crash when...
cURL -- URL request injection vulnerability
cURL reports: When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. If the given URL contains line feeds and carriage returns those will be sent along to the proxy too, which allows the program to for example send a separate HTTP...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 42 security fixes in this release, including: 389734 High CVE-2014-7899: Address bar spoofing. Credit to Eli Grey. 406868 High CVE-2014-7900: Use-after-free in pdfium. Credit to Atte Kettunen from OUSPG. 413375 High CVE-2014-7901: Integer overflow in pdfium. Credit...
libpurple/pidgin -- multiple vulnerabilities
The pidgin development team reports:...
OpenSSL -- multiple vulnerabilities
The OpenSSL Project reports: A flaw in OBJobj2txt may cause pretty printing functions such as X509nameoneline, X509nameprintex et al. to leak some information from the stack. CVE-2014-3508 The issue affects OpenSSL clients and allows a malicious server to crash the client with a null pointer...
foreman-proxy SSL verification issue
Foreman Security reports: The smart proxy when running in an SSL-secured mode permits incoming API calls to any endpoint without requiring, or performing any verification of an SSL client certificate. This permits any client with access to the API to make requests and perform actions permitting...
OpenSSL -- Local Information Disclosure
OpenSSL reports: A flaw in the implementation of Montgomery Ladder Approach would create a side-channel that leaks sensitive timing information. A local attacker might be able to snoop a signing process and might recover the signing key from it...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 28 security fixes in this release, including: 334897 High CVE-2013-6652: Issue with relative paths in Windows sandbox named pipe policy. Credit to tyranid. 331790 High CVE-2013-6653: Use-after-free related to web contents. Credit to Khalil Zhani. 333176 High...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 14 security fixes in this release, including: 330420 High CVE-2013-6649: Use-after-free in SVG images. Credit to Atte Kettunen of OUSPG. 331444 High CVE-2013-6650: Memory corruption in V8. This issue was fixed in v8 version 3.22.24.16. Credit to Christian Holler...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 11 security fixes in this release, including: 249502 High CVE-2013-6646: Use-after-free in web workers. Credit to Collin Payne. 326854 High CVE-2013-6641: Use-after-free related to forms. Credit to Atte Kettunen of OUSPG. 324969 High CVE-2013-6642: Address bar...
redis -- sensitive information leak through command history file
Redis team reports: The redis-cli history file in linenoise is created with the default OS umask value which makes it world readable in most systems and could potentially expose authentication credentials to other users...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2013-76 Miscellaneous memory safety hazards rv:24.0 / rv:17.0.9 MFSA 2013-77 Improper state in HTML5 Tree Builder with templates MFSA 2013-78 Integer overflow in ANGLE library MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning MFSA 2013-80...
samba -- denial of service vulnerability
The Samba project reports: All current released versions of Samba are vulnerable to a denial of service on an authenticated or guest connection. A malformed packet can cause the smbd server to loop the CPU performing memory allocations and preventing any further service. A connection to a file...
PuTTY -- Four security holes in versions before 0.63
Simon Tatham reports: This 0.63 release fixes multiple security holes in previous versions of PuTTY, which can allow an SSH-2 server to make PuTTY overrun or underrun buffers and crash. ... These vulnerabilities can be triggered before host key verification, which means that you are not even safe...
suPHP -- Privilege escalation
suPHP developer Sebastian Marsching reports: When the suPHPPHPPath was set, modsuphp would use the specified PHP executable to pretty-print PHP source files MIME type x-httpd-php-source or application/x-httpd-php-source. However, it would not sanitize the environment. Thus a user that was allowed...
sudo -- Potential bypass of tty_tickets constraints
Todd Miller reports: A potentially malicious program run by a user with sudo access may be able to bypass the "ttyticket" constraints. In order for this to succeed there must exist on the machine a terminal device that the user has previously authenticated themselves on via sudo within the last...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 156567 High CVE-2012-5133: Use-after-free in SVG filters. Credit to miaubiz. 148638 Medium CVE-2012-5130: Out-of-bounds read in Skia. Credit to Atte Kettunen of OUSPG. 155711 Low CVE-2012-5132: Browser crash with chunked encoding. Credit to Attila Szász. 158249 Hi...
xlockmore -- local exploit
Ignatios Souvatzis of NetBSD reports: Due to an error in the dclock screensaver in xlockmore, users who explicitly use this screensaver or a random mix of screensavers using something like "xlockmore -mode random" may have their screen unlocked unexpectedly at a random time...
bugzilla -- multiple vulnerabilities
A Bugzilla Security Advisory reports: The following security issues have been discovered in Bugzilla: LDAP Injection When the user logs in using LDAP, the username is not escaped when building the uid=$username filter which is used to query the LDAP directory. This could potentially lead to LDAP...
puppet -- multiple vulnerabilities
puppet -- multiple vulnerabilities Arbitrary file read on the puppet master from authenticated clients high. It is possible to construct an HTTP get request from an authenticated client with a valid certificate that will return the contents of an arbitrary file on the Puppet master that the maste...
haproxy -- buffer overflow
HAProxy reports: A flaw was reported in HAProxy where, due to a boundary error when copying data into the trash buffer, an external attacker could cause a buffer overflow. Exploiting this flaw could lead to the execution of arbitrary code, however it requires non-default settings for the...
puppet -- Multiple Vulnerabilities
Multiple vulnerabilities exist in puppet that can result in arbitrary code execution, arbitrary file read access, denial of service, and arbitrary file write access. Please review the details in each of the CVEs for additional information...
clamav -- multiple vulnerabilities
MITRE Advisories report: The TAR parser allows remote attackers to bypass malware detection via a POSIX TAR file with an initial aliases character sequence. The TAR parser allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR fi...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2011-46 loadSubScript unwraps XPCNativeWrapper scope parameter 1.9.2 branch MFSA 2011-47 Potential XSS against sites using Shift-JIS MFSA 2011-48 Miscellaneous memory safety hazards rv:8.0 MFSA 2011-49 Memory corruption while profiling using Firebug MFSA 2011-50...
ffmpeg -- multiple vulnerabilities
Ubuntu Security Notice USN-1320-1 reports: Phillip Langlois discovered that FFmpeg incorrectly handled certain malformed QDM2 streams. If a user were tricked into opening a crafted QDM2 stream file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary...
BIND -- Remote DoS with certain RPZ configurations
ISC reports: Two defects were discovered in ISC's BIND 9.8 code. These defects only affect BIND 9.8 servers which have recursion enabled and which use a specific feature of the software known as Response Policy Zones RPZ and where the RPZ zone contains a specific rule/action pattern...
linux-flashplugin -- multiple vulnerabilities
Adobe Product Security Incident Response Team reports: Critical vulnerabilities have been identified in Adobe Flash Player 10.3.183.7 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.186.6 and earlier versions for Android. These vulnerabilities could cau...
Apache APR -- DoS vulnerabilities
The Apache Portable Runtime Project reports: A flaw was discovered in the aprfnmatch function in the Apache Portable Runtime APR library 1.4.4 or any backported versions that contained the upstream fix for CVE-2011-0419. This could cause httpd workers to enter a hung state 100% CPU utilization...
gdm -- privilege escalation vulnerability
Sebastian Krahmer reports: It was discovered that the GNOME Display Manager gdm cleared the cache directory, which is owned by an unprivileged user, with the privileges of the root user. A race condition exists in gdm where a local user could take advantage of this by writing to the cache directo...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2011-01 Miscellaneous memory safety hazards rv:1.9.2.14/ 1.9.1.17 MFSA 2011-02 Recursive eval call causes confirm dialogs to evaluate to true MFSA 2011-03 Use-after-free error in JSON.stringify MFSA 2011-04 Buffer overflow in JavaScript upvarMap MFSA 2011-05 Buff...
php -- multiple vulnerabilities
PHP developers reports: Security Enhancements and Fixes in PHP 5.3.5: Fixed bug 53632 PHP hangs on numeric value 2.2250738585072011e-308. CVE-2010-4645 Security Enhancements and Fixes in PHP 5.2.17: Fixed bug 53632 PHP hangs on numeric value 2.2250738585072011e-308. CVE-2010-4645...
php-filter -- Denial of Service
The following DoS condition in filter extension was fixed in PHP 5.3.4 and PHP 5.2.15: Stack consumption vulnerability in the filtervar function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTERVALIDATEEMAIL mode is used, allows remote attackers to cause a denial of service memory...
linux-flashplugin -- multiple vulnerabilities
Adobe Product Security Incident Response Team reports: Critical vulnerabilities have been identified in Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player 10.1.95.1 for Android. These vulnerabilities, including CVE-2010-3654...
mozilla -- multiple vulnerabilities
Mozilla Project reports: MFSA 2010-07 Fixes for potentially exploitable crashes ported to the legacy branch MFSA 2010-06 Scriptable plugin execution in SeaMonkey mail MFSA 2009-68 NTLM reflection vulnerability MFSA 2009-62 Download filename spoofing with RTL override MFSA 2009-59 Heap buffer...
krb5 -- multiple denial of service vulnerabilities
Two vulnerabilities in krb5 can be used by remote attackers in denial of service attacks. The MIT security advisories report this as follows: An unauthenticated remote attacker can send an invalid request to a KDC process that will cause it to crash due to an assertion failure, creating a denial ...
linux-flashplugin -- multiple vulnerabilities
Adobe Product Security Incident Response Team reports: A critical vulnerability has been identified in Adobe Flash Player version 10.0.42.34 and earlier. This vulnerability CVE-2010-0186 could subvert the domain sandbox and make unauthorized cross-domain requests. This update also resolves a...
curl -- libcurl buffer overflow vulnerability
The cURL project reports in a security advisory: Using the affected libcurl version to download compressed content over HTTP, an application can ask libcurl to automatically uncompress data. When doing so, libcurl can wrongly send data up to 64K in size to the callback which thus is much larger...
libsndfile -- CAF processing integer overflow vulnerability
Secunia reports: The vulnerability is caused due to an integer overflow error in the processing of CAF description chunks. This can be exploited to cause a heap-based buffer overflow by tricking the user into processing a specially crafted CAF audio file...
amarok -- multiple vulnerabilities
Secunia reports: Tobias Klein has reported some vulnerabilities in Amarok, which potentially can be exploited by malicious people to compromise a user's system. Two integer overflow errors exist within the "Audible::Tag::readTag" function in src/metadata/audible/audibletag.cpp. These can be...
qemu -- Heap overflow in Cirrus emulation
Aurelien Jarno reports: CVE-2008-4539: fix a heap overflow in Cirrus emulation The code in hw/cirrusvga.c has changed a lot between CVE-2007-1320 has been announced and the patch has been applied. As a consequence it has wrongly applied and QEMU is still vulnerable to this bug if using VNC...
opera -- multiple vulnerabilities
Opera reports: If a malicious page redirects Opera to a specially crafted address URL, it can cause Opera to crash. Given sufficient address content, the crash could cause execution of code controlled by the attacking page. Once a Java applet has been cached, if a page can predict the cache path...
mysql -- empty bit-string literal denial of service
MySQL reports: The vulnerability is caused due to an error when processing an empty bit-string literal and can be exploited to crash the server via a specially crafted SQL statement...
python -- multiple vulnerabilities
Secunia reports: Some vulnerabilities have been reported in Python, where some have unknown impact and others can potentially be exploited by malicious people to cause a DoS Denial of Service or to compromise a vulnerable system. Various integer overflow errors exist in core modules e.g...