6583 matches found
mailman -- hardening against malicious listowners injecting evil HTML scripts
Mark Sapiro reports: Existing protections against malicious listowners injecting evil scripts into listinfo pages have had a few more checks added. A few more error messages have had their values HTML escaped. The hash generated when SUBSCRIBEFORMSECRET is set could have been the same as one...
shibboleth-sp -- vulnerable to forged user attribute data
Shibboleth consortium reports: Shibboleth SP software vulnerable to additional data forgery flaws The XML processing performed by the Service Provider software has been found to be vulnerable to new flaws similar in nature to the one addressed in an advisory last month. These bugs involve the use...
gcab -- stack overflow
Upstream reports: A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file...
squid -- Vulnerable to Denial of Service attack
Louis Dion-Marcil reports: Due to incorrect pointer handling Squid is vulnerable to denial of service attack when processing ESI responses. This problem allows a remote server delivering certain ESI response syntax to trigger a denial of service for all clients accessing the Squid service. Due to...
rubygems -- deserialization vulnerability
oss-security mailing list: There is a possible unsafe object desrialization vulnerability in RubyGems. It is possible for YAML deserialization of gem specifications to bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution...
libraw -- denial of service and remote code execution
libraw developers report: A Stack-based Buffer Overflow was discovered in xtransinterpolate in internal/dcrawcommon.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack...
libtiff -- Improper Input Validation
libtiff developers report: There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd in LibTIFF 4.0.8, related to tifdirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack. There is a reachable assertion abort in the function...
ncurses -- multiple issues
ncurses developers reports: There are multiple illegal address access issues and an infinite loop issue. Please refer to the CVE list for details...
php-gd and gd -- Buffer over-read into uninitialized memory
PHP developers report: The GIF decoding function gdImageCreateFromGifCtx in gdgifin.c in the GD Graphics Library aka libgd, as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read 700 byt...
Cacti -- Cross-site scripting (XSS) vulnerability in auth_profile.php
kimiizhang reports: Cross-site scripting XSS vulnerability in authprofile.php in Cacti 1.1.13 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers...
tiff -- multiple vulnerabilities
Debian Security Advisory reports: Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code...
drupal -- Drupal Core - Multiple Vulnerabilities
Drupal Security Team Reports: CVE-2017-6920: PECL YAML parser unsafe object handling. CVE-2017-6921: File REST resource does not properly validate CVE-2017-6922: Files uploaded by anonymous users into a private file system can be accessed by other anonymous users...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 29 security fixes in this release, including: 695826 High CVE-2017-5057: Type confusion in PDFium. Credit to Guang Gong of Alpha Team, Qihoo 360 694382 High CVE-2017-5058: Heap use after free in Print Preview. Credit to Khalil Zhani 684684 High CVE-2017-5059: Type...
gitlab -- Various security issues
GitLab reports: Information Disclosure in Issue and Merge Request Trackers During an internal code review a critical vulnerability in the GitLab Issue and Merge Request trackers was discovered. This vulnerability could allow a user with access to assign ownership of an issue or merge request to...
NSS -- multiple vulnerabilities
Mozilla Foundation reports: An out-of-bounds write during Base64 decoding operation in the Network Security Services NSS library due to insufficient memory being allocated to the buffer. This results in a potentially exploitable crash. The NSS library has been updated to fix this issue to address...
NVIDIA UNIX driver -- multiple vulnerabilities in the kernel mode layer handler
NVIDIA Unix security team reports: NVIDIA GPU Display Driver contains vulnerabilities in the kernel mode layer handler where multiple integer overflows, improper access control, and improper validation of a user input may cause a denial of service or potential escalation of privileges...
cURL -- buffer overflow
The cURL project reports: printf floating point buffer overflow libcurl's implementation of the printf functions triggers a buffer overflow when doing a large floating point output. The bug occurs when the conversion outputs more than 255 bytes...
dovecot -- Dovecot DoS when passdb dict was used for authentication
Timo Sirainen reports: passdb/userdb dict: Don't double-expand %variables in keys. If dict was used as the authentication passdb, using specially crafted %variables in the username could be used to cause DoS...
libvncserver -- multiple buffer overflows
libvnc server reports: Two unrelated buffer overflows can be used by a malicious server to overwrite parts of the heap and crash the client or possibly execute arbitrary code...
urllib3 -- certificate verification failure
urllib3 reports: CVE-2016-9015: Certification verification failure...
PostgreSQL -- Denial-of-Service and Code Injection Vulnerabilities
PostgreSQL project reports: Security Fixes nested CASE expressions + database and role names with embedded special characters CVE-2016-5423: certain nested CASE expressions can cause the server to crash. CVE-2016-5424: database and role names with embedded special characters can allow code...
botan -- multiple vulnerabilities
Jack Lloyd reports: Botan 1.10.13 has been released backporting some side channel protections for ECDSA signatures CVE-2016-2849 and PKCS 1 RSA decryption CVE-2015-7827...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 6 security fixes in this release, including: 546677 High CVE-2016-1622: Same-origin bypass in Extensions. Credit to anonymous. 577105 High CVE-2016-1623: Same-origin bypass in DOM. Credit to Mariusz Mlynski. 509313 Medium CVE-2016-1625: Navigation bypass in Chrome...
phpmyadmin -- Multiple XSS vulnerabilities
The phpMyAdmin development team reports: With a crafted table name it is possible to trigger an XSS attack in the database search page. With a crafted SET value or a crafted search query, it is possible to trigger an XSS attacks in the zoom search page. With a crafted hostname header, it is...
FreeBSD -- SCTP ICMPv6 error message vulnerability
Problem Description: A lack of proper input checks in the ICMPv6 processing in the SCTP stack can lead to either a failed kernel assertion or to a NULL pointer dereference. In either case, a kernel panic will follow. Impact: A remote, unauthenticated attacker can reliably trigger a kernel panic i...
atheme-services -- multiple vulnerabilities
Mitre reports: modules/chanserv/flags.c in Atheme before 7.2.7 allows remote attackers to modify the Anope FLAGS behavior by registering and dropping the 1 LIST, 2 CLEAR, or 3 MODIFY keyword nicks. Buffer overflow in the xmlrpccharencode function in modules/transport/xmlrpc/xmlrpclib.c in Atheme...
dhcpcd -- multiple vulnerabilities
Nico Golde reports: heap overflow via malformed dhcp responses later in printoption via dhcpenvoption1 due to incorrect option length values. Exploitation is non-trivial, but I'd love to be proven wrong. invalid read/crash via malformed dhcp responses. not exploitable beyond DoS as far as I can...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 2 security fixes in this release, including: 569486 CVE-2015-6792: Fixes from internal audits and fuzzing...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 520422 High CVE-2015-1302: Information leak in PDF viewer. Credit to Rob Wu...
cups-filters -- code execution
Salvatore Bonaccorso reports: Cups Filters/Foomatic Filters does not consider backtick as an illegal escape character...
qemu -- denial of service vulnerability in virtio-net support
Prasad J Pandit, Red Hat Product Security Team, reports: Qemu emulator built with the Virtual Network Devicevirtio-net support is vulnerable to a DoS issue. It could occur while receiving large packets over the tuntap/macvtap interfaces and when guest's virtio-net driver did not support...
bind -- denial of service vulnerability
ISC reports: Parsing a malformed DNSSEC key can cause a validating resolver to exit due to a failed assertion in buffer.c. It is possible for a remote attacker to deliberately trigger this condition, for example by using a query which requires a response from a zone containing a deliberately...
qemu -- buffer overflow vulnerability in VNC
Prasad J Pandit, Red Hat Product Security Team, reports: Qemu emulator built with the VNC display driver support is vulnerable to a buffer overflow flaw leading to a heap memory corruption issue. It could occur while refreshing the server display surface via routine vncrefreshserversurface. A...
bind -- denial of service vulnerability
ISC reports: A very uncommon combination of zone data has been found that triggers a bug in BIND, with the result that named will exit with a "REQUIRE" failure in name.c when validating the data returned in answer to a recursive query. A recursive resolver that is performing DNSSEC validation can...
xen-tools -- Unmediated PCI register access in qemu
The Xen Project reports: Qemu allows guests to not only read, but also write all parts of the PCI config space but not extended config space of passed through PCI devices not explicitly dealt with for partial emulation purposes. Since the effect depends on the specific purpose of the the config...
squid -- client-first SSL-bump does not correctly validate X509 server certificate
Squid security advisory 2015:1 reports: Squid configured with client-first SSL-bump does not correctly validate X509 server certificate domain / hostname fields. The bug is important because it allows remote servers to bypass client certificate validation. Some attackers may also be able to use...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 5 security fixes in this release, including: 453279 High CVE-2015-1243: Use-after-free in DOM. Credit to Saif El-Sherei. 481777 CVE-2015-1250: Various fixes from internal audits, fuzzing and other initiatives...
Vulnerability in HWP document filter
US-CERT/NIST reports: The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write...
mozilla -- use-after-free
The Mozilla Project reports: MFSA 2015-45 Memory corruption during failed plugin initialization...
xen-tools -- Unmediated PCI command register access in qemu
The Xen Project reports: HVM guests are currently permitted to modify the memory and I/O decode bits in the PCI command register of devices passed through to them. Unless the device is an SR-IOV virtual function, after disabling one or both of these bits subsequent accesses to the MMIO or I/O por...
xen-kernel -- Information leak via internal x86 system device emulation
The Xen Project reports: Emulation routines in the hypervisor dealing with certain system devices check whether the access size by the guest is a supported one. When the access size is unsupported these routines failed to set the data to be returned to the guest for read accesses, so that...
qt4-gui, qt5-gui -- DoS vulnerability in the BMP image handler
Richard J. Moore reports: The builtin BMP decoder in QtGui prior to Qt 5.5 contained a bug that would lead to a division by zero when loading certain corrupt BMP files. This in turn would cause the application loading these hand crafted BMPs to crash...
krb5 1.12 -- New release/fix multiple vulnerabilities
The MIT Kerberos team announces the availability of MIT Kerberos 5 Release 1.12.3: Fix multiple vulnerabilities in the LDAP KDC back end. CVE-2014-5354 CVE-2014-5353 Fix multiple kadmind vulnerabilities, some of which are based in the gssrpc library. CVE-2014-5352 CVE-2014-5352 CVE-2014-9421...
krb5 -- Vulnerabilities in kadmind, libgssrpc, gss_process_context_token VU#540092
The MIT Kerberos team reports: CVE-2014-5353: The krb5ldapgetpasswordpolicyfromdn function in plugins/kdb/ldap/libkdbldap/ldappwdpolicy.c in MIT Kerberos 5 aka krb5 before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service daemon crash via a successful...
mini_httpd -- buffer overflow via snprintf
ACME Updates reports: minihttpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string, which triggers an incorrect response size calculation and an out-of-bounds read. rene ACME, the author, claims that the...
e2fsprogs -- potential buffer overflow in closefs()
Theodore Ts'o reports: On a carefully crafted filesystem that gets modified through tune2fs or debugfs, it is possible to trigger a buffer overrun when the file system is closed via closefs...
chicken -- buffer overrun in substring-index[-ci]
chicken developer Moritz Heidkamp reports: The substring-index-ci procedures of the data-structures unit are vulnerable to a buffer overrun attack when passed an integer greater than zero as the optional START argument. As a work-around you can switch to SRFI 13's string-contains procedure which...
unbound -- can be tricked into following an endless series of delegations, this consumes a lot of resources
Unbound developer reports: The resolver can be tricked into following an endless series of delegations, this consumes a lot of resources...
logstash -- Remote command execution in Logstash zabbix and nagios_nsca outputs
Elastic reports: The vulnerability impacts deployments that use the either the zabbix or the nagiosnsca outputs. In these cases, an attacker with an ability to send crafted events to any source of data for Logstash could execute operating system commands with the permissions of the Logstash...
mencoder -- potential buffer overrun when processing malicious lzo compressed input
Michael Niedermayer and Luca Barbato report in upstream ffmpeg: avutil/lzo: Fix integer overflow...