6583 matches found
ffmpeg -- out-of-bounds array access
NVD reports: The msrledecodepal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2015-44 Certificate verification bypass through the HTTP/2 Alt-Svc header MFSA 2015-43 Loading privileged content through Reader mode...
krb5 1.11 -- New release/fix multiple vulnerabilities
The MIT Kerberos team announces the availability of MIT Kerberos 5 Release 1.11.6: Handle certain invalid RFC 1964 GSS tokens correctly to avoid invalid memory reference vulnerabilities. CVE-2014-4341 Fix memory management vulnerabilities in GSSAPI SPNEGO. CVE-2014-4343 CVE-2014-4344 Fix buffer...
unzip -- heap based buffer overflow in iconv patch
Ubuntu Security Notice USN-2502-1 reports: unzip could be made to run programs if it opened a specially crafted file...
libidn -- out-of-bounds read issue with invalid UTF-8 input
Simon Josefsson reports: stringpreputf8toucs4 now rejects invalid UTF-8. This function has always been documented to not validate that the input UTF-8 string is actually valid UTF-8...
asterisk -- Multiple vulnerabilities
The Asterisk project reports: AST-2014-012 - Mixed IP address families in access control lists may permit unwanted traffic. AST-2014-018 - AMI permission escalation through DB dialplan function...
phpMyAdmin -- XSRF/CSRF due to DOM based XSS in the micro history feature
The phpMyAdmin development team reports: XSRF/CSRF due to DOM based XSS in the micro history feature. By deceiving a logged-in user to click on a crafted URL, it is possible to perform remote code execution and in some cases, create a root account due to a DOM based XSS vulnerability in the micro...
phpMyAdmin -- XSS vulnerabilities
The phpMyAdmin development team reports: Multiple XSS vulnerabilities in browse table, ENUM editor, monitor, query charts and table relations pages. With a crafted database, table or a primary/unique key column name it is possible to trigger an XSS when dropping a row from the table. With a craft...
nginx -- inject commands into SSL session vulnerability
The nginx project reports: Security: pipelined commands were not discarded after STARTTLS command in SMTP proxy CVE-2014-3556; the bug had appeared in 1.5.6...
krfb -- Possible Denial of Service or code execution via integer overflow
Albert Aastals Cid reports: krfb embeds libvncserver which embeds liblzo2, it contains various flaws that result in integer overflow problems. This potentially allows a malicious application to create a possible denial of service or code execution. Due to the need to exploit precise details of th...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 3 security fixes in this release: 358038 High CVE-2014-1740: Use-after-free in WebSockets. Credit to Collin Payne. 349898 High CVE-2014-1741: Integer overflow in DOM ranges. Credit to John Butler. 356690 High CVE-2014-1742: Use-after-free in editing. Credit to...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 31 vulnerabilities fixed in this release, including: 354123 High CVE-2014-1716: UXSS in V8. Credit to Anonymous. 353004 High CVE-2014-1717: OOB access in V8. Credit to Anonymous. 348332 High CVE-2014-1718: Integer overflow in compositor. Credit to Aaron Staple...
mutt -- denial of service, potential remote code execution
Beatrice Torracca and Evgeni Golov report: A buffer overflow has been discovered that could result in denial of service or potential execution of arbitrary code. This condition can be triggered by malformed RFC2047 header lines...
strongswan -- Remote Authentication Bypass
strongSwan developers report: Remote attackers are able to bypass authentication by rekeying an IKESA during 1 initiation or 2 re-authentication, which triggers the IKESA state to be set to established. Only installations that actively initiate or re-authenticate IKEv2 IKESAs are affected...
www/chromium --multiple vulnerabilities
Google Chrome Releases reports: 7 vulnerabilities fixed in this release, including: 344881 High CVE-2014-1700: Use-after-free in speech. Credit to Chamal de Silva. 342618 High CVE-2014-1701: UXSS in events. Credit to aidanhs. 333058 High CVE-2014-1702: Use-after-free in web database. Credit to...
nagios -- denial of service vulnerability
Eric Stanley reports: Most CGIs previously incremented the input variable counter twice when it encountered a long key value. This could cause the CGI to read past the end of the list of CGI variables...
libxml2 -- entity substitution DoS
Stefan Cornelius reports: It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substitution in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a...
ruby -- Hostname check bypassing vulnerability in SSL client
Ruby Developers report: Ruby's SSL client implements hostname identity check but it does not properly handle hostnames in the certificate that contain null bytes...
polarssl -- denial of service vulnerability
Paul Bakker reports: A bug in the logic of the parsing of PEM encoded certificates in x509parsecrt can result in an infinite loop, thus hogging processing power. While parsing a Certificate message during the SSL/TLS handshake, PolarSSL extracts the presented certificates and sends them on to be...
samba -- Private key in key.pem world readable
The Samba project reports: Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information by reading the key file, as demonstrated by access to the local filesyst...
strongSwan -- ECDSA signature verification issue
strongSwan security team reports: If the openssl plugin is used for ECDSA signature verification an empty, zeroed or otherwise invalid signature is handled as a legitimate one. Both IKEv1 and IKEv2 are affected. Affected are only installations that have enabled and loaded the OpenSSL crypto backe...
NVIDIA UNIX driver -- ARGB cursor buffer overflow in "NoScanout" mode
NVIDIA Unix security team reports: When the NVIDIA driver for the X Window System is operated in "NoScanout" mode, and an X client installs an ARGB cursor that is larger than the expected size 64x64 or 256x256, depending on the driver version, the driver will overflow a buffer. This can cause a...
dns/bind9* -- Malicious Regex Can Cause Memory Exhaustion
ISC reports: A critical defect in BIND 9 allows an attacker to cause excessive memory consumption in named or other programs linked to libdns...
moinmoin -- Multiple vulnerabilities
MoinMoin developers report the following vulnerabilities as fixed in version 1.9.6: remote code execution vulnerability in twikidraw/anywikidraw action, path traversal vulnerability in AttachFile action, XSS issue, escape page name in rss link. CVE entries at MITRE furher clarify: Multiple...
nagios -- buffer overflow in history.cgi
full disclosure reports: history.cgi is vulnerable to a buffer overflow due to the use of sprintf with user supplied data that has not been restricted in size...
tomcat -- bypass of security constraints
The Apache Software Foundation reports: When using FORM authentication it was possible to bypass the security constraint checks in the FORM authenticator by appending "/jsecuritycheck" to the end of the URL if some other component such as the Single-Sign-On valve had called request.setUserPrincip...
otrs -- XSS vulnerability could lead to remote code execution
The OTRS Project reports: This advisory covers vulnerabilities discovered in the OTRS core system. This is a variance of the XSS vulnerability, where an attacker could send a specially prepared HTML email to OTRS which would cause JavaScript code to be executed in your browser while displaying th...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2012-57 Miscellaneous memory safety hazards rv:15.0/ rv:10.0.7 MFSA 2012-58 Use-after-free issues found using Address Sanitizer MFSA 2012-59 Location object can be shadowed using Object.defineProperty MFSA 2012-60 Escalation of privilege through about:newtab MFSA...
quagga -- BGP OPEN denial of service vulnerability
CERT reports: If a pre-configured BGP peer sends a specially-crafted OPEN message with a malformed ORF capability TLV, Quagga bgpd process will erroneously try to consume extra bytes from the input packet buffer. The process will detect a buffer overrun attempt before it happens and immediately...
sudo -- netmask vulnerability
Todd Miller reports: Sudo supports granting access to commands on a per-host basis. The host specification may be in the form of a host name, a netgroup, an IP address, or an IP network an IP address with an associated netmask. When IPv6 support was added to sudo, a bug was introduced that caused...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 112983 Low CVE-2011-3083: Browser crash with video + FTP. Credit to Aki Helin of OUSPG. 113496 Low CVE-2011-3084: Load links from internal pages in their own process. Credit to Brett Wilson of the Chromium development community. 118374 Medium CVE-2011-3085: UI...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2012-13 XSS with Drag and Drop and Javascript: URL MFSA 2012-14 SVG issues found with Address Sanitizer MFSA 2012-15 XSS with multiple Content Security Policy headers MFSA 2012-16 Escalation of privilege with Javascript: URL as home page MFSA 2012-17 Crash when...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 105867 High CVE-2011-3031: Use-after-free in v8 element wrapper. Credit to Chamal de Silva. 108037 High CVE-2011-3032: Use-after-free in SVG value handling. Credit to Arthur Gerkis. 108406 115471 High CVE-2011-3033: Buffer overflow in the Skia drawing library. Cred...
databases/postgresql*-client -- multiple vulnerabilities
The PostgreSQL Global Development Group reports: These vulnerabilities could allow users to define triggers that execute functions on which the user does not have EXECUTE permission, allow SSL certificate spoofing and allow line breaks in object names to be exploited to execute code when loading ...
Python -- DoS via malformed XML-RPC / HTTP POST request
Jan Lieskovsky reports, A denial of service flaw was found in the way Simple XML-RPC Server module of Python processed client connections, that were closed prior the complete request body has been received. A remote attacker could use this flaw to cause Python Simple XML-RPC based server process ...
kdelibs4, rekonq -- input validation failure
KDE Security Advisory reports: The default rendering type for a QLabel is QLabel::AutoText, which uses heuristics to determine whether to render the given content as plain text or rich text. KSSL and Rekonq did not properly force its QLabels to use QLabel::PlainText. As a result, if given a...
codeigniter -- SQL injection vulnerability
The CodeIgniter changelog reports: An improvement was made to the MySQL and MySQLi drivers to prevent exposing a potential vector for SQL injection on sites using multi-byte character sets in the database client connection. An incompatibility in PHP versions 5.0.7 with mysqlsetcharset creates a...
bugzilla -- multiple serious vulnerabilities
A Bugzilla Security Advisory reports: This advisory covers three security issues that have recently been fixed in the Bugzilla code: A weakness in Bugzilla could allow a user to gain unauthorized access to another Bugzilla account. A weakness in the Perl CGI.pm module allows injecting HTTP header...
isc-dhcp-server -- Empty link-address denial of service
ISC reports: If the server receives a DHCPv6 packet containing one or more Relay-Forward messages, and none of them supply an address in the Relay-Forward link-address field, then the server will crash. This can be used as a single packet crash attack vector...
Wireshark -- DoS in the BER-based dissectors
Secunia reports: A vulnerability has been discovered in Wireshark, which can be exploited by malicious people to cause a DoS Denial of Service. The vulnerability is caused due to an infinite recursion error in the "dissectunknownber" function in epan/dissectors/packet-ber.c and can be exploited t...
tiff -- buffer overflow vulnerability
Kevin Finisterre reports: Multiple integer overflows in the handling of TIFF files may result in a heap buffer overflow. Opening a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution. The issues are addressed through improved bounds checking...
mahara -- sql injection vulnerability
The Debian security team reports: It was discovered that mahara, an electronic portfolio, weblog, and resume builder is not properly escaping input when generating a unique username based on a remote user name from a single sign-on application. An attacker can use this to compromise the mahara...
png -- libpng decompression denial of service
A vulnerability in libpng can result in denial of service conditions when a remote attacker tricks a victim to open a specially-crafted PNG file. The PNG project describes the problem in an advisory: Because of the efficient compression method used in Portable Network Graphics PNG files, a small...
bugzilla -- information leak
A Bugzilla Security Advisory reports: When a bug is in a group, none of its information other than its status and resolution should be visible to users outside that group. It was discovered that as of 3.3.2, Bugzilla was showing the alias of the bug a very short string used as a shortcut for...
Xpdf -- Multiple Vulnerabilities
SecurityFocus reports: Some vulnerabilities have been reported in Xpdf, which can be exploited by malicious people to potentially compromise a user's system. 1 Multiple integer overflows in "SplashBitmap::SplashBitmap" can be exploited to cause heap-based buffer overflows. 2 An integer overflow...
apr -- multiple vulnerabilities
Secunia reports: Some vulnerabilities have been reported in APR-util, which can be exploited by malicious users and malicious people to cause a DoS Denial of Service. A vulnerability is caused due to an error in the processing of XML files and can be exploited to exhaust all available memory via ...
libxine -- multiple vulnerabilities
xine developers report: Fix another possible int overflow in the 4XM demuxer. ref. TKADV2009-004, CVE-2009-0385 Fix an integer overflow in the Quicktime demuxer...
epiphany -- untrusted search path vulnerability
CVE Mitre reports: Untrusted search path vulnerability in the Python interface in Epiphany 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySysSetArgv function...
php5-gd -- uninitialized memory information disclosure vulnerability
According to CVE-2008-5498 entry: Array index error in the "imageRotate" function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument aka the "bgdcolor" or "clrBack" argument for an indexed image...
rubygem-rails -- SQL injection vulnerability
Jonathan Weiss reports, that it is possible to perform an SQL injection in Rails applications via not correctly sanitized :limit and :offset parameters. It is possible to change arbitrary values in affected tables or gain access to the sensitive data...