6585 matches found
samba -- multiple vulnerabilities
The Samba Team reports: CVE-2019-14861: An authenticated user can crash the DCE/RPC DNS management server by creating records with matching the zone name. CVE-2019-14870: The DelegationNotAllowed Kerberos feature restriction was not being applied when processing protocol transition requests...
go -- invalid headers are normalized, allowing request smuggling
The Go project reports: net/http through net/textproto used to accept and normalize invalid HTTP/1.1 headers with a space before the colon, in violation of RFC 7230. If a Go server is used behind a reverse proxy that accepts and forwards but doesn't normalize such invalid headers, the reverse pro...
asterisk -- Remote Crash Vulnerability in audio transcoding
The Asterisk project reports: When audio frames are given to the audio transcoding support in Asterisk the number of samples are examined and as part of this a message is output to indicate that no samples are present. A change was done to suppress this message for a particular scenario in which...
FreeBSD -- Multiple vulnerabilities in bzip2
Problem Description: The decompressor used in bzip2 contains a bug which can lead to an out-of-bounds write when processing a specially crafted bzip21 file. bzip2recover contains a heap use-after-free bug which can be triggered when processing a specially crafted bzip21 file. Impact: An attacker...
drupal -- Drupal core - Moderately critical
Drupal Security Team reports: CVE-2019-11831: By-passing protection of Phar Stream Wrapper Interceptor. In order to intercept file invocations like fileexists or stat on compromised Phar archives the base name has to be determined and checked before allowing to be handled by PHP Phar stream...
FreeBSD -- SAE confirm missing state validation
Problem Description: When hostapd is used to operate an access point with SAE Simultaneous Authentication of Equals; also known as WPA3-Personal, an invalid authentication sequence could result in the hostapd process terminating due to a NULL pointer dereference when processing SAE confirm messag...
couchdb -- administrator privilege escalation
Apache CouchDB PMC reports: Database Administrator could achieve privilege escalation to the account that CouchDB runs under, by abusing insufficient validation in the HTTP API, escaping security controls implemented in previous releases...
znc -- multiple vulnerabilities
Mitre reports: ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf. ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files...
asterisk -- PJSIP endpoint presence disclosure when using ACL
The Asterisk project reports: When endpoint specific ACL rules block a SIP request they respond with a 403 forbidden. However, if an endpoint is not identified then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot b...
patch -- multiple vulnerabilities
NVD reports: An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuitdifftype function in pch.c, aka a "mangled rename" issue. A double free exists in the anotherhunk function in pch...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 4 security fixes in this release: 835887 Critical: Chain leading to sandbox escape. Reported by Anonymous on 2018-04-23 836858 High CVE-2018-6121: Privilege Escalation in extensions 836141 High CVE-2018-6122: Type confusion in V8 833721 High CVE-2018-6120: Heap...
perl -- multiple vulnerabilities
perldelta: CVE-2018-6797: heap-buffer-overflow WRITE of size 1 in Sregatom regcomp.c A crafted regular expression could cause a heap buffer write overflow, with control over the bytes written. perl 132227 CVE-2018-6798: Heap-buffer-overflow in Perlbytedumpstring utf8.c Matching a crafted locale...
chromium -- vulnerability
Google Chrome Releases reports: 3 security fixes in this release: 831963 Critical CVE-2018-6118: Use after free in Media Cache. Reported by Ned Williamson on 2018-04-12 837635 Various fixes from internal audits, fuzzing and other initiatives...
SQLite -- Corrupt DB can cause a NULL pointer dereference
MITRE reports: SQLite databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c...
PostgreSQL vulnerabilities
The PostgreSQL project reports: CVE-2018-1052: Fix the processing of partition keys containing multiple expressions only for PostgreSQL-10.x CVE-2018-1053: Ensure that all temporary files made with "pgupgrade" are non-world-readable...
OpenJPEG -- integer overflow
NVD reports: In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opjt1encodecblks function openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file...
mercurial -- multiple issues
mercurial developers reports: Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks...
Flash Player -- multiple vulnerabilities
Adobe reports: These updates resolve security bypass vulnerability that could lead to information disclosure CVE-2017-3085. These updates resolve type confusion vulnerability that could lead to remote code execution CVE-2017-3106...
webkit2-gtk3 -- multiple vulnerabilities
The Webkit gtk team reports: Please reference CVE/URL list for details...
poppler -- multiple denial of service issues
Poppler developers report: Poppler is prone to a stack-based buffer-overflow vulnerability. Successful exploits may allow attackers to crash the affected application, resulting in denial-of-service condition. Due to the nature of this issue, arbitrary code execution may be possible but this has n...
miniupnpc -- integer signedness error
Tintinweb reports: An integer signedness error was found in miniupnp's miniwget allowing an unauthenticated remote entity typically located on the local network segment to trigger a heap corruption or an access violation in miniupnp's http response parser when processing a specially crafted...
icoutils -- check_offset overflow on 64-bit systems
Choongwoo Han reports: An exploitable crash exists in the wrestool utility on 64-bit systems where the result of subtracting two pointers exceeds the size of int...
hdf5 -- multiple vulnerabilities
Talos Security reports: CVE-2016-4330 TALOS-2016-0176 - HDF5 Group libhdf5 H5TARRAY Code Execution Vulnerability CVE-2016-4331 TALOS-2016-0177 - HDF5 Group libhdf5 H5ZNBIT Code Execution Vulnerability CVE-2016-4332 TALOS-2016-0178 - HDF5 Group libhdf5 Shareable Message Type Code Execution...
Drupal Code -- Multiple Vulnerabilities
The Drupal development team reports: Inconsistent name for term access query Less critical - Drupal 7 and Drupal 8 Drupal provides a mechanism to alter database SELECT queries before they are executed. Contributed and custom modules may use this mechanism to restrict access to certain entities by...
freeimage -- code execution vulnerability
TALOS reports: An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the FreeImage library...
django -- CSRF protection bypass on a site with Google Analytics
Django Software Foundation reports: An interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection...
Pillow -- multiple vulnerabilities
Pillow reports: Pillow prior to 3.3.2 may experience integer overflow errors in map.c when reading specially crafted image files. This may lead to memory disclosure or corruption. Pillow prior to 3.3.2 and PIL 1.1.7 at least do not check for negative image sizes in ImagingNew in Storage.c. A...
bind -- denial of service vulnerability
ISC reports: A query name which is too long can cause a segmentation fault in lwresd...
wireshark -- multiple vulnerabilities
Wireshark development team reports: The following vulnerabilities have been fixed: wnpa-sec-2016-29 The SPOOLS dissector could go into an infinite loop. Discovered by the CESG. wnpa-sec-2016-30 The IEEE 802.11 dissector could crash. Bug 11585 wnpa-sec-2016-31 The IEEE 802.11 dissector could crash...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory: Description SECURITY-170 / CVE-2016-3721 Arbitrary build parameters are passed to build scripts as environment variables SECURITY-243 / CVE-2016-3722 Malicious users with multiple user accounts can prevent other users from logging in SECURITY-250 / CVE-2016-3723...
tiff -- denial of service
Aladdin Mubaied reports: Buffer-overflow in gif2tiff utility...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: MFSA 2016-01 Miscellaneous memory safety hazards rv:44.0 / rv:38.6 MFSA 2016-02 Out of Memory crash when parsing GIF format images MFSA 2016-03 Buffer overflow in WebGL after out of memory allocation MFSA 2016-04 Firefox allows for control characters to be set in cooki...
isc-dhcpd -- Denial of Service
ISC reports: A badly formed packet with an invalid IPv4 UDP length field can cause a DHCP server, client, or relay program to terminate abnormally...
flash -- multiple vulnerabilities
Adobe reports: These updates resolve a type confusion vulnerability that could lead to code execution CVE-2015-8644. These updates resolve an integer overflow vulnerability that could lead to code execution CVE-2015-8651. These updates resolve use-after-free vulnerabilities that could lead to cod...
hostapd and wpa_supplicant -- multiple vulnerabilities
Jouni Malinen reports: wpasupplicant unauthorized WNM Sleep Mode GTK control. 2015-6 - CVE-2015-5310 EAP-pwd missing last fragment length validation. 2015-7 - CVE-2015-5315 EAP-pwd peer error path failure on unexpected Confirm message. 2015-8 - CVE-2015-5316...
xen-kernel -- Long latency populate-on-demand operation is not preemptible
The Xen Project reports: When running an HVM domain in Populate-on-Demand mode, Xen would sometimes search the domain for memory to reclaim, in response to demands for population of other pages in the same domain. This search runs without preemption. The guest can, by suitable arrangement of its...
VirtualBox -- undisclosed vulnerabilities
Oracle reports reports: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8, when using a Windows guest, allows local users to affect availability via unknown vectors related to Core. Unspecified...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2015-96 Miscellaneous memory safety hazards rv:41.0 / rv:38.3 MFSA 2015-97 Memory leak in mozTCPSocket to servers MFSA 2015-98 Out of bounds read in QCMS library with ICC V4 profile attributes MFSA 2015-99 Site attribute spoofing on Android by pasting URL with...
mediawiki -- multiple vulnerabilities
MediaWiki reports: Internal review discovered that Special:DeletedContributions did not properly protect the IP of autoblocked users. This fix makes the functionality of Special:DeletedContributions consistent with Special:Contributions and Special:BlockList. Internal review discovered that...
qemu, xen-tools -- QEMU leak of uninitialized heap memory in rtl8139 device model
The Xen Project reports: The QEMU model of the RTL8139 network card did not sufficiently validate inputs in the C+ mode offload emulation. This results in uninitialized memory from the QEMU process's heap being leaked to the domain as well as to the network. A guest may be able to read sensitive...
Botan BER Decoder vulnerabilities
The botan developers reports: Excess memory allocation in BER decoder - The BER decoder would allocate a fairly arbitrary amount of memory in a length field, even if there was no chance the read request would succeed. This might cause the process to run out of memory or invoke the OOM killer. Cra...
Adobe Flash Player -- critical vulnerabilities
Adobe reports: Critical vulnerabilities CVE-2015-5122, CVE-2015-5123 have been identified. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of reports that exploits targeting these vulnerabilities have been...
openssl -- alternate chains certificate forgery vulnerability
OpenSSL reports: During certificate verification, OpenSSL starting from version 1.0.1n and 1.0.2b will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain chec...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2015-59 Miscellaneous memory safety hazards rv:39.0 / rv:31.8 / rv:38.1 MFSA 2015-60 Local files or privileged URLs in pages can be opened into new tabs MFSA 2015-61 Type confusion in Indexed Database Manager MFSA 2015-62 Out-of-bound read while computing an...
qemu -- denial of service vulnerability in MSI-X support
Prasad J Pandit, Red Hat Product Security Team, reports: Qemu emulator built with the PCI MSI-X support is vulnerable to null pointer dereference issue. It occurs when the controller attempts to write to the pending bit arrayPBA memory region. Because the MSI-X MMIO support did not define the...
xen-kernel -- vulnerability in the iret hypercall handler
The Xen Project reports: A buggy loop in Xen's compatiret function iterates the wrong way around a 32-bit index. Any 32-bit PV guest kernel can trigger this vulnerability by attempting a hypercalliret with EFLAGS.VM set. Given the use of get/putuser, and that the virtual addresses in question are...
dcraw -- integer overflow condition
ocert reports: The dcraw tool, as well as several other projects re-using its code, suffers from an integer overflow condition which lead to a buffer overflow. The vulnerability concerns the 'len' variable, parsed without validation from opened images, used in the ljpegstart function. A malicious...
subversion -- DoS vulnerabilities
Subversion Project reports: Subversion HTTP servers with FSFS repositories are vulnerable to a remotely triggerable excessive memory use with certain REPORT requests. Subversion moddavsvn and svnserve are vulnerable to a remotely triggerable assertion DoS vulnerability for certain requests with...
Several vulnerabilities in libav
The libav project reports: utvideodec: Handle sliceheight being zero CVE-2014-9604 tiff: Check that there is no aliasing in pixel format selection CVE-2014-8544...
qemu -- denial of service vulnerability
Daniel P. Berrange reports: The VNC server websockets decoder will read and buffer data from websockets clients until it sees the end of the HTTP headers, as indicated by \r\n\r\n. In theory this allows a malicious to trick QEMU into consuming an arbitrary amount of RAM...