6585 matches found
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 7 security fixes in this release, including: 548273 High CVE-2015-6788: Type confusion in extensions. Credit to anonymous. 557981 High CVE-2015-6789: Use-after-free in Blink. Credit to cloudfuzzer. 542054 Medium CVE-2015-6790: Escaping issue in saved pages. Credit ...
Joomla! -- Core - SQL Injection/ACL Violation vulnerabilities
The JSST and the Joomla! Security Center report: 20151001 - Core - SQL Injection Inadequate filtering of request data leads to a SQL Injection vulnerability. 20151002 - Core - ACL Violations Inadequate ACL checks in comcontenthistory provide potential read access to data which should be access...
wolfssl -- leakage of private key information
Florian Weimer of Redhat discovered that an optimization in RSA signature validation can result in disclosure of the server's private key under certain fault conditions...
qemu -- denial of service vulnerability in e1000 NIC support
Prasad J Pandit, Red Hat Product Security Team, reports: Qemu emulator built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing transmit descriptor data when sending a network packet. A privileged user inside guest could use this flaw to...
ansible -- multiple vulnerabilities
Ansible, Inc. reports: Ensure that hostnames match certificate names when using HTTPS - resolved in Ansible 1.9.2 Improper symlink handling in zone, jail, and chroot connection plugins could lead to escape from confined environment - resolved in Ansible 1.9.2...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 37 security fixes in this release, including: 474029 High CVE-2015-1252: Sandbox escape in Chrome. Credit to anonymous. 464552 High CVE-2015-1253: Cross-origin bypass in DOM. Credit to anonymous. 444927 High CVE-2015-1254: Cross-origin bypass in Editing. Credit to...
Quassel IRC -- SQL injection vulnerability
Quassel IRC developers report: Restarting a PostgreSQL database while Quassel Core is running would not properly re-initialize the database session inside Quassel, bringing back an old security issue CVE-2013-4422...
qt4-imageformats, qt4-gui, qt5-gui -- Multiple Vulnerabilities in Qt Image Format Handling
Richard J. Moore reports: Due to two recent vulnerabilities identified in the built-in image format handling code, it was decided that this area required further testing to determine if further issues remained. Fuzzing using afl-fuzz located a number of issues in the handling of BMP, ICO and GIF...
osc -- shell command injection via crafted _service files
SUSE Security Update reports: osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a service file...
bind -- denial of service vulnerability
ISC reports: When configured to perform DNSSEC validation, named can crash when encountering a rare set of conditions in the managed trust anchors...
FreeBSD -- Buffer overflow in stdio
Problem Description: A programming error in the standard I/O library's sflush function could erroneously adjust the buffered stream's internal state even when no write actually occurred in the case when write2 system call returns an error. Impact: The accounting mismatch would accumulate, if the...
sox -- input sanitization errors
oCERT reports: The sox command line tool is affected by two heap-based buffer overflows, respectively located in functions startread and AdpcmReadBlock. A specially crafted wav file can be used to trigger the vulnerabilities...
twiki -- remote Perl code execution
TWiki developers report: The debugenableplugins request parameter allows arbitrary Perl code execution. Using an HTTP GET request towards a TWiki server, add a specially crafted debugenableplugins request parameter to TWiki's view script typically port 80/TCP. Prior authentication may or may not ...
FreeBSD -- Deadlock in the NFS server
Problem Description: The kernel holds a lock over the source directory vnode while trying to convert the target directory file handle to a vnode, which needs to be returned with the lock held, too. This order may be in violation of normal lock order, which in conjunction with other threads that...
apache -- several vulnerabilities
Apache HTTP SERVER PROJECT reports: Clean up cookie logging with fewer redundant string parsing passes. Log only cookies with a value assignment. Prevents segfaults when logging truncated cookies. moddav: Keep track of length of cdata properly when removing leading spaces. Eliminates a potential...
chromium -- multiple memory corruption issues
Google Chrome Releases reports: 319117 319125 Critical CVE-2013-6632: Multiple memory corruption issues. Credit to Pinkie Pie...
FreeBSD -- Incorrect privilege validation in the NFS server
Problem Description: The kernel incorrectly uses client supplied credentials instead of the one configured in exports5 when filling out the anonymous credential for a NFS export, when -network or -host restrictions are used at the same time. Impact: The remote client may supply privileged...
phpMyAdmin -- XSS due to unescaped HTML output in Create View page
The phpMyAdmin development team reports: When creating a view with a crafted name and an incorrect CREATE statement, it is possible to trigger an XSS. This vulnerability can be triggered only by someone who logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users from...
xorg -- protocol handling issues in X Window System client libraries
freedesktop.org reports: Ilja van Sprundel, a security researcher with IOActive, has discovered a large number of issues in the way various X client libraries handle the responses they receive from servers, and has worked with X.Org's security team to analyze, confirm, and fix these issues. Most ...
dropbear -- exposure of sensitive information, DoS
The Dropbear project reports: A weakness and a vulnerability have been reported in Dropbear SSH Server, which can be exploited by malicious people to disclose certain sensitive information and cause a DoS...
ModSecurity -- XML External Entity Processing Vulnerability
Positive Technologies has reported a vulnerability in ModSecurity, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS Denial Of Serice. The vulnerability is caused due to an error when parsing external XML entities and can be exploited to e.g...
roundcube -- arbitrary file disclosure vulnerability
RoundCube development team reports: After getting reports about a possible vulnerability of Roundcube which allows an attacker to modify its users preferences in a way that he/she can then read files from the server, we now published updated packages as well as patches that fix this security issu...
puppet26 -- multiple vulnerabilities
Moses Mendoza reports: A vulnerability found in Puppet could allow an authenticated client to cause the master to execute arbitrary code while responding to a catalog request. Specifically, in order to exploit the vulnerability, the puppet master must be made to invoke the 'template' or...
drupal7 -- Denial of service
Drupal Security Team reports: Drupal core's Image module allows for the on-demand generation of image derivatives. This capability can be abused by requesting a large number of new derivatives which can fill up the server disk space, and which can cause a very high CPU load. Either of these effec...
FreeBSD -- BIND remote DoS with deliberately crafted DNS64 query
Problem description: Due to a software defect a crafted query can cause named8 to crash with an assertion failure...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 161564 High CVE-2012-5138: Incorrect file path handling. Credit to Google Chrome Security Team Jüri Aedla. 162835 High CVE-2012-5137: Use-after-free in media source handling. Credit to Pinkie Pie...
tomcat -- Denial of Service
The Apache Software Foundation reports: The checks that limited the permitted size of request headers were implemented too late in the request parsing process for the HTTP NIO connector. This enabled a malicious user to trigger an OutOfMemoryError by sending a single request with very large...
tomcat -- authentication weaknesses
The Apache Software Foundation reports: Three weaknesses in Tomcat's implementation of DIGEST authentication were identified and resolved: Tomcat tracked client rather than server nonces and nonce count. When a session ID was present, authentication was bypassed. The user name and password were n...
otrs -- XSS vulnerability
OTRS Security Advisory reports: This advisory covers vulnerabilities discovered in the OTRS core system. This is a variance of the XSS vulnerability, where an attacker could send a specially prepared HTML email to OTRS which would cause JavaScript code to be executed in your browser while...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 154983154987 Critical CVE-2012-5112: SVG use-after-free and IPC arbitrary file write. Credit to Pinkie Pie...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 121347 Medium CVE-2012-2865: Out-of-bounds read in line breaking. Credit to miaubiz. 134897 High CVE-2012-2866: Bad cast with run-ins. Credit to miaubiz. 135485 Low CVE-2012-2867: Browser crash with SPDY. 136881 Medium CVE-2012-2868: Race condition with workers and...
ansible -- enable host key checking in paramiko connection type
Ansible changelog reports: Host key checking is on by default. Disable it if you like by adding hostkeychecking=False in the default section of /etc/ansible/ansible.cfg or /ansible.cfg or by exporting ANSIBLEHOSTKEYCHECKING=False...
OpenSSL -- DTLS and TLS 1.1, 1.2 denial of service
OpenSSL security team reports: A flaw in the OpenSSL handling of CBC mode ciphersuites in TLS 1.1, 1.2 and DTLS can be exploited in a denial of service attack on both clients and servers...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 106413 High CVE-2011-3078: Use after free in floats handling. Credit to Google Chrome Security Team Marty Barbella and independent later discovery by miaubiz. 117627 Medium CVE-2011-3079: IPC validation failure. Credit to PinkiePie. 121726 Medium CVE-2011-3080: Rac...
typo -- Cross-Site Scripting
Typo Security Team reports: Failing to properly encode the output, the default TYPO3 Exception Handler is susceptible to Cross-Site Scripting. We are not aware of a possibility to exploit this vulnerability without third party extensions being installed that put user input in exception messages...
libpurple -- Remote DoS via an MSN OIM message that lacks UTF-8 encoding
US-CERT reports: The msnoimreporttouser function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers to cause a denial of service application crash via an OIM message that lacks UTF-8 encoding...
bugzilla Cross-Site Request Forgery
A Bugzilla Security Advisory reports: The following security issues have been discovered in Bugzilla: Due to a lack of validation of the enctype form attribute when making POST requests to xmlrpc.cgi, a possible CSRF vulnerability was discovered. If a user visits an HTML page with some malicious...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 106484 High CVE-2011-3924: Use-after-free in DOM selections. Credit to Arthur Gerkis. 108461 High CVE-2011-3928: Use-after-free in DOM handling. Credit to wushi of team509 reported through ZDI ZDI-CAN-1415. 108605 High CVE-2011-3927: Uninitialized value in Skia...
couchdb -- DOM based Cross-Site Scripting via Futon UI
Jan Lehnardt reports: Query parameters passed into the browser-based test suite are not sanitised, and can be used to load external resources. An attacker may execute JavaScript code in the browser, using the context of the remote user...
mpack -- Information disclosure
The oss-security list reports: Incorrect permissions on temporary files can lead to information disclosure...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2011-53 Miscellaneous memory safety hazards rv:9.0 MFSA 2011-54 Potentially exploitable crash in the YARR regular expression library MFSA 2011-55 nsSVGValue out-of-bounds access MFSA 2011-56 Key detection without JavaScript via SVG animation MFSA 2011-58 Crash...
krb5 -- KDC null pointer dereference in TGS handling
The MIT Kerberos Team reports: In releases krb5-1.9 and later, the KDC can crash due to a NULL pointer dereference in code that handles TGS Ticket Granting Service requests. The trigger condition is trivial to produce using unmodified client software, but requires the ability to authenticate as a...
php5 -- header splitting attack via carriage-return character
Rui Hirokawa reports: As of PHP 5.1.2, header can no longer be used to send multiple response headers in a single call to prevent the HTTP Response Splitting Attack. header only checks the linefeed LF, 0x0A as line-end marker, it doesn't check the carriage-return CR, 0x0D. However, some browsers...
freetype -- Some type 1 fonts handling vulnerabilities
The FreeType project reports: A couple of vulnerabilities in handling Type 1 fonts...
libxml -- Integer overflow
Integer overflow in xpath.c, allows context-dependent attackers to to cause a denial of service crash and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions...
bugzilla -- multiple vulnerabilities
A Bugzilla Security Advisory reports: The following security issues have been discovered in Bugzilla: Internet Explorer 8 and older, and Safari before 5.0.6 do content sniffing when viewing a patch in "Raw Unified" mode, which could trigger a cross-site scripting attack due to the execution of...
Unbound -- an empty error packet handling assertion failure
Unbound developer reports: NLnet Labs was notified of an error in Unbound's code-path for error replies which is triggered under special conditions. The error causes the program to abort...
Erlang -- ssh library uses a weak random number generator
US-CERT reports: The Erlang/OTP ssh library implements a number of cryptographic operations that depend on cryptographically strong random numbers. Unfortunately the RNG used by the library is not cryptographically strong, and is further weakened by the use of predictable seed material. The RNG...
mailman -- CSRF hardening in parts of the web interface
The late Tokio Kikuchi reported: We may have to set lifetime for input forms because of recent activities on cross-site request forgery CSRF. The form lifetime is successfully deployed in frameworks like web.py or plone etc. Proposed branch lp:tkikuchi/mailman/form-lifetime implement lifetime in...
PivotX -- administrator password reset vulnerability
US CERT reports: PivotX contains a vulnerability that allows an attacker to change the password of any account just by guessing the username. Version 2.2.4 has been reported to not be affected. This vulnerability is being exploited in the wild and users should immediately upgrade to 2.2.5 or late...