6585 matches found
gitlab -- Remote code execution on project import
GitLab developers report: Today we are releasing versions 10.3.4, 10.2.6, and 10.1.6 for GitLab Community Edition CE and Enterprise Edition EE. These versions contain a number of important security fixes, including two that prevent remote code execution, and we strongly recommend that all GitLab...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 2 security fixes in this release, including: 788453 High CVE-2017-15429: UXSS in V8. Reported by Anonymous on 2017-11-24 794792 Various fixes from internal audits, fuzzing and other initiatives...
libraw -- multiple DoS vulnerabilities
Secunia Research reports: CVE-2017-16909: An error related to the "LibRaw::panasonicloadraw" function dcrawcommon.cpp can be exploited to cause a heap-based buffer overflow and subsequently cause a crash via a specially crafted TIFF image. CVE-2017-16910: An error within the...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 35 security fixes in this release, including: 762930 High CVE-2017-5124: UXSS with MHTML. Reported by Anonymous on 2017-09-07 749147 High CVE-2017-5125: Heap overflow in Skia. Reported by Anonymous on 2017-07-26 760455 High CVE-2017-5126: Use after free in PDFium...
ffmpeg -- multiple vulnerabilities
MITRE reports: Multiple vulnerabilities have been found in FFmpeg. Please refer to CVE list for details. Note: CVE-2017-15186 and CVE-2017-15672 affect only the 3.3 branch before 3.3.5, CVE-2017-16840 and CVE-2017-17081 have been fixed in 3.4.1. They're listed here for completeness of the record...
unbound -- vulnerability in the processing of wildcard synthesized NSEC records
Unbound reports: We discovered a vulnerability in the processing of wildcard synthesized NSEC records. While synthesis of NSEC records is allowed by RFC4592, these synthesized owner names should not be used in the NSEC processing. This does, however, happen in Unbound 1.6.7 and earlier versions...
weechat -- crash in logger plugin
WeeChat reports: security problem: a crash can happen in logger plugin when converting date/time specifiers in file mask...
libgd -- Denial of servica via double free
libgd developers report: Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors...
chromium -- multiple vulnerabilities
Google Chrome releases reports: 22 security fixes in this release, including: 737023 High CVE-2017-5111: Use after free in PDFium. Reported by Luat Nguyen on KeenLab, Tencent on 2017-06-27 740603 High CVE-2017-5112: Heap buffer overflow in WebGL. Reported by Tobias Klein on 2017-07-10 747043 High...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: Several security fixes in this release, including: 780450 High CVE-2018-6031: Use after free in PDFium. Reported by Anonymous on 2017-11-01 787103 High CVE-2018-6032: Same origin bypass in Shared Worker. Reported by Jun Kokatsu @shhnjk on 2017-11-20 793620 High...
Flash Player -- multiple vulnerabilities
Adobe reports: These updates resolve security bypass vulnerability that could lead to information disclosure CVE-2017-3080. These updates resolve memory corruption vulnerability that could lead to remote code execution CVE-2017-3099. These updates resolve memory corruption vulnerability that coul...
evince and atril -- command injection vulnerability in CBT handler
GNOME reports: The comic book backend in evince 3.24.0 and earlier is vulnerable to a command injection bug that can be used to execute arbitrary commands when a CBT file is opened. The same vulnerability affects atril, the Evince fork...
chromium -- multiple vulnerabilities
Google Chrome releases reports: 30 security fixes in this release Please reference CVE/URL list for details...
strongswan -- Denial-of-service vulnerability in the x509 plugin
strongSwan security team reports: ASN.1 CHOICE types are not correctly handled by the ASN.1 parser when parsing X.509 certificates with extensions that use such types. This could lead to infinite looping of the thread parsing a specifically crafted certificate...
roundcube -- arbitrary password resets
Roundcube reports: Roundcube Webmail allows arbitrary password resets by authenticated users. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin...
xen-kernel -- broken check in memory_exchange() permits PV guest breakout
The Xen Project reports: The XSA-29 fix introduced an insufficient check on XENMEMexchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays. A malicious or buggy 64-bit PV guest may be able to access all of system memory, allowing fo...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 5 security fixes in this release, including: 698622 Critical CVE-2017-5055: Use after free in printing. Credit to Wadih Matar 699166 High CVE-2017-5054: Heap buffer overflow in V8. Credit to Nicolas Trippar of Zimperium zLabs 662767 High CVE-2017-5052: Bad cast in...
openssl -- timing attack vulnerability
Cesar Pereida Garcia reports: The signing function in crypto/ecdsa/ecdsaossl.c in certain OpenSSL versions and forks is vulnerable to timing attacks when signing with the standardized elliptic curve P-256 despite featuring constant-time curve operations and modular inversion. A software defect...
xen-kernel -- x86 64-bit bit test instruction emulation broken
The Xen Project reports: The x86 instructions BT, BTC, BTR, and BTS, when used with a destination memory operand and a source register rather than an immediate operand, access a memory location offset from that specified by the memory operand as specified by the high bits of the register source. ...
ImageMagick -- heap overflow vulnerability
Bastien Roucaries reports: Imagemagick before 3cbfb163cff9e5b8cdeace8312e9bfee810ed02b suffer from a heap overflow in WaveletDenoiseImage. This problem is easily trigerrable from a Perl script...
django -- multiple vulnerabilities
The Django project reports: Today the Django team released Django 1.10.3, Django 1.9.11, and 1.8.16. These releases addresses two security issues detailed below. We encourage all users of Django to upgrade as soon as possible. User with hardcoded password created when running tests on Oracle DNS...
flash -- multiple vulnerabilities
Adobe reports: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. These updates resolve a type confusion vulnerabilit...
ruby-saml -- XML signature wrapping attack
RubySec reports: ruby-saml prior to version 1.3.0 is vulnerable to an XML signature wrapping attack in the specific scenario where there was a signature that referenced at the same time 2 elements but past the scheme validator process since 1 of the element was inside the encrypted assertion...
squid -- multiple vulnerabilities
The squid development team reports: Please reference CVE/URL list for details...
hostapd and wpa_supplicant -- psk configuration parameter update allowing arbitrary data to be written
Jouni Malinen reports: psk configuration parameter update allowing arbitrary data to be written 2016-1 - CVE-2016-4476/CVE-2016-4477...
wireshark -- multiple vulnerabilities
Wireshark development team reports: The following vulnerabilities have been fixed: wnpa-sec-2016-19 The NCP dissector could crash. Bug 11591 wnpa-sec-2016-20 TShark could crash due to a packet reassembly bug. Bug 11799 wnpa-sec-2016-21 The IEEE 802.11 dissector could crash. Bug 11824, Bug 12187...
moodle -- multiple vulnerabilities
Marina Glancy reports: MSA-16-0003: Incorrect capability check when displaying users emails in Participants list MSA-16-0004: XSS from profile fields from external db MSA-16-0005: Reflected XSS in moddata advanced search MSA-16-0006: Hidden courses are shown to students in Event Monitor...
websvn -- reflected cross-site scripting
Sebastien Delafond reports: Jakub Palaczynski discovered that websvn, a web viewer for Subversion repositories, does not correctly sanitize user-supplied input, which allows a remote user to run reflected cross-site scripting attacks...
PostgreSQL -- Security Fixes for Regular Expressions, PL/Java.
PostgreSQL project reports: Security Fixes for Regular Expressions, PL/Java CVE-2016-0773: This release closes security hole CVE-2016-0773, an issue with regular expression regex parsing. Prior code allowed users to pass in expressions which included out-of-range Unicode characters, triggering a...
wordpress -- multiple vulnerabilities
Samuel Sidler reports: WordPress 4.4.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.4.1 and earlier are affected by two security issues: a possible SSRF for certain local URIs, reported ...
ffmpeg -- remote attacker can access local files
Arch Linux reports: ffmpeg has a vulnerability in the current version that allows the attacker to create a specially crafted video file, downloading which will send files from a user PC to a remote attacker server. The attack does not even require the user to open that file — for example, KDE...
webkit -- UI spoof
webkit reports: The ScrollView::paint function in platform/scroll/ScrollView.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to spoof the UI by extending scrollbar painting into the parent frame...
Ruby -- unsafe tainted string vulnerability
Ruby developer reports: There is an unsafe tainted string vulnerability in Fiddle and DL. This issue was originally reported and fixed with CVE-2009-5147 in DL, but reappeared after DL was reimplemented using Fiddle and libffi. And, about DL, CVE-2009-5147 was fixed at Ruby 1.9.1, but not fixed a...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 7 security fixes in this release, including: 548273 High CVE-2015-6788: Type confusion in extensions. Credit to anonymous. 557981 High CVE-2015-6789: Use-after-free in Blink. Credit to cloudfuzzer. 542054 Medium CVE-2015-6790: Escaping issue in saved pages. Credit ...
Joomla! -- Core - SQL Injection/ACL Violation vulnerabilities
The JSST and the Joomla! Security Center report: 20151001 - Core - SQL Injection Inadequate filtering of request data leads to a SQL Injection vulnerability. 20151002 - Core - ACL Violations Inadequate ACL checks in comcontenthistory provide potential read access to data which should be access...
wolfssl -- leakage of private key information
Florian Weimer of Redhat discovered that an optimization in RSA signature validation can result in disclosure of the server's private key under certain fault conditions...
qemu -- denial of service vulnerability in e1000 NIC support
Prasad J Pandit, Red Hat Product Security Team, reports: Qemu emulator built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing transmit descriptor data when sending a network packet. A privileged user inside guest could use this flaw to...
ansible -- multiple vulnerabilities
Ansible, Inc. reports: Ensure that hostnames match certificate names when using HTTPS - resolved in Ansible 1.9.2 Improper symlink handling in zone, jail, and chroot connection plugins could lead to escape from confined environment - resolved in Ansible 1.9.2...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 37 security fixes in this release, including: 474029 High CVE-2015-1252: Sandbox escape in Chrome. Credit to anonymous. 464552 High CVE-2015-1253: Cross-origin bypass in DOM. Credit to anonymous. 444927 High CVE-2015-1254: Cross-origin bypass in Editing. Credit to...
Quassel IRC -- SQL injection vulnerability
Quassel IRC developers report: Restarting a PostgreSQL database while Quassel Core is running would not properly re-initialize the database session inside Quassel, bringing back an old security issue CVE-2013-4422...
qt4-imageformats, qt4-gui, qt5-gui -- Multiple Vulnerabilities in Qt Image Format Handling
Richard J. Moore reports: Due to two recent vulnerabilities identified in the built-in image format handling code, it was decided that this area required further testing to determine if further issues remained. Fuzzing using afl-fuzz located a number of issues in the handling of BMP, ICO and GIF...
osc -- shell command injection via crafted _service files
SUSE Security Update reports: osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a service file...
bind -- denial of service vulnerability
ISC reports: When configured to perform DNSSEC validation, named can crash when encountering a rare set of conditions in the managed trust anchors...
FreeBSD -- Buffer overflow in stdio
Problem Description: A programming error in the standard I/O library's sflush function could erroneously adjust the buffered stream's internal state even when no write actually occurred in the case when write2 system call returns an error. Impact: The accounting mismatch would accumulate, if the...
sox -- input sanitization errors
oCERT reports: The sox command line tool is affected by two heap-based buffer overflows, respectively located in functions startread and AdpcmReadBlock. A specially crafted wav file can be used to trigger the vulnerabilities...
FreeBSD -- Deadlock in the NFS server
Problem Description: The kernel holds a lock over the source directory vnode while trying to convert the target directory file handle to a vnode, which needs to be returned with the lock held, too. This order may be in violation of normal lock order, which in conjunction with other threads that...
apache -- several vulnerabilities
Apache HTTP SERVER PROJECT reports: Clean up cookie logging with fewer redundant string parsing passes. Log only cookies with a value assignment. Prevents segfaults when logging truncated cookies. moddav: Keep track of length of cdata properly when removing leading spaces. Eliminates a potential...
chromium -- multiple memory corruption issues
Google Chrome Releases reports: 319117 319125 Critical CVE-2013-6632: Multiple memory corruption issues. Credit to Pinkie Pie...
FreeBSD -- Incorrect privilege validation in the NFS server
Problem Description: The kernel incorrectly uses client supplied credentials instead of the one configured in exports5 when filling out the anonymous credential for a NFS export, when -network or -host restrictions are used at the same time. Impact: The remote client may supply privileged...
phpMyAdmin -- XSS due to unescaped HTML output in Create View page
The phpMyAdmin development team reports: When creating a view with a crafted name and an incorrect CREATE statement, it is possible to trigger an XSS. This vulnerability can be triggered only by someone who logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users from...