6585 matches found
giflib -- heap overflow
Hans Jerry Illikainen reports: A heap overflow may occur in the giffix utility included in giflib-5.1.1 when processing records of the type IMAGEDESCRECORDTYPE' due to the allocated size of LineBuffer' equaling the value of the logical screen width, GifFileIn-SWidth', while subsequently having...
xen-kernel -- leak of main per-domain vcpu pointer array
The Xen Project reports: A domain's primary array of vcpu pointers can be allocated by a toolstack exactly once in the lifetime of a domain via the XENDOMCTLmaxvcpus hypercall. This array is leaked on domain teardown. This memory leak could -- over time -- exhaust the host's memory. A domain give...
wolfssl -- DDoS amplification in DTLS
Sebastian Ramacher identified an error in wolfSSL's implementation of the server side of the DTLS handshake, which could be abused for DDoS amplification or a DoS on the DTLS server itself...
ZendFramework1 -- SQL injection vulnerability
Zend Framework developers report: The PDO adapters of Zend Framework 1 do not filter null bytes values in SQL statements. A PDO adapter can treat null bytes in a query as a string terminator, allowing an attacker to add arbitrary SQL following a null byte, and thus create a SQL injection...
screen -- stack overflow
Kuang-che Wu reports: screen will recursively call MScrollV to depth n/256. This is time consuming and will overflow stack if n is huge...
go -- multiple vulnerabilities
Jason Buberel, Go Product Manager, reports: CVE-2015-5739 - "Content Length" treated as valid header CVE-2015-5740 - Double content-length headers does not return 400 error CVE-2015-5741 - Additional hardening, not sending Content-Length w/Transfer-Encoding, Closing connections...
cups-filters -- buffer overflow in texttopdf size allocation
Stefan Cornelius from Red Hat reports: A heap-based buffer overflow was discovered in the way the texttopdf utility of cups-filters processed print jobs with a specially crafted line size. An attacker being able to submit print jobs could exploit this flaw to crash texttopdf or, possibly, execute...
xen-kernel -- GNTTABOP_swap_grant_ref operation misbehavior
The Xen Project reports: With the introduction of version 2 grant table operations, a version check became necessary for most grant table related hypercalls. The GNTTABOPswapgrantref call was lacking such a check. As a result, the subsequent code behaved as if version 2 was in use, when a guest...
tidy -- heap-buffer-overflow
Geoff McLane reports: tidy is affected by a write out of bounds when processing malformed html files. This issue could be abused on server side applications that use php-tidy extension with user input. The issue was confirmed, analyzed, and fixed by the tidy5 maintainer...
PostgreSQL -- minor security problems.
PostgreSQL project reports: This update fixes three security vulnerabilities reported in PostgreSQL over the past few months. Nether of these issues is seen as particularly urgent. However, users should examine them in case their installations are vulnerable:. CVE-2015-3165 Double "free" after...
xen-kernel -- arm: vgic-v2: GICD_SGIR is not properly emulated
The Xen Project reports: When decoding a guest write to a specific register in the virtual interrupt controller Xen would treat an invalid value as a critical error and crash the host. By writing an invalid value to the GICD.SGIR register a guest can crash the host, resulting in a Denial of Servi...
xen-kernel -- arm: vgic: incorrect rate limiting of guest triggered logging
The Xen Project reports: On ARM systems the code which deals with virtualizing the GIC distributor would, under various circumstances, log messages on a guest accessible code path without appropriate rate limiting. A malicious guest could cause repeated logging to the hypervisor console, leading ...
FreeBSD -- SCTP SCTP_SS_VALUE kernel memory corruption and disclosure
Problem Description: Due to insufficient validation of the SCTP stream ID, which serves as an array index, a local unprivileged attacker can read or write 16-bits of kernel memory. Impact: An unprivileged process can read or modify 16-bits of memory which belongs to the kernel. This may lead to...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 62 security fixes in this release, including: 430353 High CVE-2014-7923: Memory corruption in ICU. Credit to yangdingning. 435880 High CVE-2014-7924: Use-after-free in IndexedDB. Credit to Collin Payne. 434136 High CVE-2014-7925: Use-after-free in WebAudio. Credit ...
WebKit-gtk -- Multiple vulnerabilities
Webkit release team reports: This release fixes the following security issues: CVE-2014-1344, CVE-2014-1384, CVE-2014-1385, CVE-2014-1386, CVE-2014-1387, CVE-2014-1388, CVE-2014-1389, CVE-2014-1390...
freetype -- Out of bounds stack-based read/write
Werner LEMBERG reports: The fix for CVE-2014-2240 was not 100% complete to fix the issue from the CVE completly...
flac -- Multiple vulnerabilities
Erik de Castro Lopo reports: Google Security Team member, Michele Spagnuolo, recently found two potential problems in the FLAC code base. They are: CVE-2014-9028: Heap buffer write overflow. CVE-2014-8962: Heap buffer read overflow...
Bugzilla multiple security issues
Bugzilla Security Advisory Unauthorized Account Creation An attacker creating a new Bugzilla account can override certain parameters when finalizing the account creation that can lead to the user being created with a different email address than originally requested. The overridden login name cou...
www/chromium -- multiple vulnerabilities
Google Chrome Releases reports: 4 security fixes in this release, including: 401362 High CVE-2014-3178: Use-after-free in rendering. Credit to miaubiz. 411014 CVE-2014-3179: Various fixes from internal audits, fuzzing and other initiatives...
security/ossec-hids-* -- root escalation via temp files
OSSEC reports: This correction will create the temp file for the hosts deny file in /var/ossec and will use mktemp where available to create NON-predictable temp file name. In cases where mktemp is not available we have written a BAD version of mktemp, but should be a little better then just...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 50 security fixes in this release, including: 386988 Critical CVE-2014-3176, CVE-2014-3177: A special reward to lokihardt@asrt for a combination of bugs in V8, IPC, sync, and extensions that can lead to remote code execution outside of the sandbox. 369860 High...
e2fsprogs -- buffer overflow if s_first_meta_bg too big
Theodore Ts'o reports: If sfirstmetabg is greater than the of number block group descriptor blocks, then reading or writing the block group descriptors will end up overruning the memory buffer allocated for the descriptors. The finding is credited to a vulnerability report from Jose Duart of Goog...
librsync -- collision vulnerability
Michael Samuel reports: librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, which makes it easier for remote attackers to modify transmitted data via a birthday attack...
libXfont -- X Font Service Protocol and Font metadata file handling issues
Alan Coopersmith reports: Ilja van Sprundel, a security researcher with IOActive, has discovered several issues in the way the libXfont library handles the responses it receives from xfs servers, and has worked with X.Org's security team to analyze, confirm, and fix these issues. Most of these...
linux-flashplugin -- multiple vulnerabilities
Adobe reports: These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system...
virtualbox-ose -- local vulnerability
Oracle reports: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.22, and 4.3.6 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core...
libXfont -- Stack buffer overflow in parsing of BDF font files in libXfont
freedesktop.org reports: A BDF font file containing a longer than expected string can cause a buffer overflow on the stack. Testing in X servers built with Stack Protector restulted in an immediate crash when reading a user-proveded specially crafted font. As libXfont is used to read user-specifi...
libyaml heap overflow resulting in possible code execution
libyaml was prone to a heap overflow that could result in arbitrary code execution. Pkg uses libyaml to parse the package manifests in some cases. Pkg also used libyaml to parse the remote repository until 1.2. RedHat Product Security Team reports on libyaml: A heap-based buffer overflow flaw was...
linux-flashplugin -- multiple vulnerabilities
Adobe reports: These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system...
varnish -- DoS vulnerability in Varnish HTTP cache
Varnish Cache Project reports: If Varnish receives a certain illegal request, and the subroutine 'vclerror' restarts the request, the varnishd worker process will crash with an assert. The varnishd management process will restart the worker process, but there will be a brief interruption of servi...
mod_fcgid -- possible heap buffer overwrite
Apache Project reports: Fix possible heap buffer overwrite...
cURL library -- heap corruption in curl_easy_unescape
cURL developers report: libcurl is vulnerable to a case of bad checking of the input data which may lead to heap corruption. The function curleasyunescape decodes URL-encoded strings to raw binary data. URL-encoded octets are represented with %HH combinations where HH is a two-digit hexadecimal...
asterisk -- multiple vulnerabilities
Asterisk project reports: Buffer Overflow Exploit Through SIP SDP Header Username disclosure in SIP channel driver Denial of Service in HTTP server...
perl -- denial of service via algorithmic complexity attack on hashing routines
Perl developers report: In order to prevent an algorithmic complexity attack against its hashing mechanism, perl will sometimes recalculate keys and redistribute the contents of a hash. This mechanism has made perl robust against attacks that have been demonstrated against other systems. Research...
FreeBSD -- Linux compatibility layer input validation error
Problem description: A programming error in the handling of some Linux system calls may result in memory locations being accessed without proper validation...
otrs -- XSS vulnerability in Internet Explorer could lead to remote code execution
The OTRS Project reports: This advisory covers vulnerabilities discovered in the OTRS core system. Due to the XSS vulnerability in Internet Explorer an attacker could send a specially prepared HTML email to OTRS which would cause JavaScript code to be executed in your Internet Explorer while...
pycrypto -- vulnerable ElGamal key generation
Dwayne C. Litzenberger of PyCrypto reports: In the ElGamal schemes for both encryption and signatures, g is supposed to be the generator of the entire Z^p group. However, in PyCrypto 2.5 and earlier, g is more simply the generator of a random sub-group of Z^p. The result is that the signature spa...
socat -- Heap-based buffer overflow
The socat development team reports: This vulnerability can be exploited when socat is invoked with the READLINE address this is usually only used interactively without option "prompt" and without option "noprompt" and an attacker succeeds to provide malicious data to the other arbitrary address...
Apache Traffic Server -- heap overflow vulnerability
CERT-FI reports: A heap overflow vulnerability has been found in the HTTP Hypertext Transfer Protocol protocol handling of Apache Traffic Server. The vulnerability allows an attacker to cause a denial of service or potentially to execute his own code by sending a specially modified HTTP message t...
drupal -- multiple vulnerabilities
Drupal development team reports: Cross Site Request Forgery vulnerability in Aggregator module CVE: CVE-2012-0826 An XSRF vulnerability can force an aggregator feed to update. Since some services are rate-limited e.g. Twitter limits requests to 150 per hour this could lead to a denial of service...
asterisk -- remote crash vulnerability in SIP channel driver
Asterisk project reports: A remote authenticated user can cause a crash with a malformed request due to an unitialized variable...
glpi -- remote attack via crafted POST request
The GLPI project reports: The autocompletion functionality in GLPI before 0.80.2 does not blacklist certain username and password fields, which allows remote attackers to obtain sensitive information via a crafted POST request...
Apache APR -- DoS vulnerabilities
The Apache Portable Runtime Project reports: Reimplement aprfnmatch from scratch using a non-recursive algorithm; now has improved compliance with the fnmatch spec...
krb5 -- MITKRB5-SA-2011-002, KDC vulnerable to hang when using LDAP back end
An advisory published by the MIT Kerberos team says: The MIT krb5 Key Distribution Center KDC daemon is vulnerable to denial of service attacks from unauthenticated remote attackers. CVE-2011-0281 and CVE-2011-0282 occur only in KDCs using LDAP back ends, but CVE-2011-0283 occurs in all krb5-1.9...
webkit-gtk2 -- Multiple vulnerabilities
Gustavo Noronha Silva reports: The patches to fix the following CVEs are included with help from Huzaifa Sidhpurwala from the Red Hat security team...
php-imap -- Denial of Service
The following DoS condition in IMAP extension was fixed in PHP 5.3.4 and PHP 5.2.15: A remote user can send specially crafted IMAP user name or password data to trigger a double free memory error in 'ext/imap/phpimap.c' and cause the target service to crash. It may be possible to execute arbitrar...
openssl -- TLS extension parsing race condition
OpenSSL Team reports: Rob Hulswit has found a flaw in the OpenSSL TLS server extension code parsing which on affected servers can be exploited in a buffer overrun attack. Any OpenSSL based TLS server is vulnerable if it is multi-threaded and uses OpenSSL's internal caching mechanism. Servers that...
Mailman -- cross-site scripting in web interface
Secunia reports: Two vulnerabilities have been reported in Mailman, which can be exploited by malicious users to conduct script insertion attacks. Certain input passed via the list descriptions is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary...
e107 -- code execution and XSS vulnerabilities
Secunia Research reported two vulnerabilities in e107: The first problem affects installations that have the Content Manager plugin enabled. This plugin does not sanitize the "contentheading" parameter correctly and is therefore vulnerable to a cross site scripting attack. The second vulnerabilit...
ejabberd -- queue overload denial of service vulnerability
The Red Hat security response team reports: A remotely exploitable DoS from XMPP client to ejabberd server via too many "client2server" messages causing the message queue on the server to get overloaded, leading to server crash has been found...