6585 matches found
diffoscope -- arbitrary file write
Ximin Luo reports: v67 introduced a security hole where diffoscope may write to arbitrary locations on disk depending on the contents of an untrusted archive...
flash -- multiple vulnerabilities
Adobe reports: These updates resolve a security bypass vulnerability that could lead to information disclosure CVE-2017-2938. These updates resolve use-after-free vulnerabilities that could lead to code execution CVE-2017-2932, CVE-2017-2936, CVE-2017-2937. These updates resolve heap buffer...
wget -- Access List Bypass / Race Condition
Dawid Golunski reports: GNU wget in version 1.17 and earlier, when used in mirroring/recursive mode, is affected by a Race Condition vulnerability that might allow remote attackers to bypass intended wget access list restrictions specified with -A parameter...
guile2 -- multiple vulnerabilities
Ludovic Courtès reports: The REPL server is vulnerable to the HTTP inter-protocol attack The ‘mkdir’ procedure of GNU Guile, an implementation of the Scheme programming language, temporarily changed the process’ umask to zero. During that time window, in a multithreaded application, other threads...
xen-kernel -- CR0.TS and CR0.EM not always honored for x86 HVM guests
The Xen Project reports: Instructions touching FPU, MMX, or XMM registers are required to raise a Device Not Available Exception NM when either CR0.EM or CR0.TS are set. Their AVX or AVX-512 extensions would consider only CR0.TS. While during normal operation this is ensured by the hardware, if a...
xen-kernel -- x86: Mishandling of instruction pointer truncation during emulation
The Xen Project reports: When emulating HVM instructions, Xen uses a small i-cache for fetches from guest memory. The code that handles cache misses does not check if the address from which it fetched lies within the cache before blindly writing to it. As such it is possible for the guest to...
flash -- multiple vulnerabilities
Adobe reports: These updates resolve a race condition vulnerability that could lead to information disclosure CVE-2016-4247. These updates resolve type confusion vulnerabilities that could lead to code execution CVE-2016-4223, CVE-2016-4224, CVE-2016-4225. These updates resolve use-after-free...
FreeBSD -- Multiple ntp vulnerabilities
Problem Description: Multiple vulnerabilities have been discovered in the NTP suite: The fix for Sec 3007 in ntp-4.2.8p7 contained a bug that could cause ntpd to crash. CVE-2016-4957, Reported by Nicolas Edet of Cisco An attacker who knows the origin timestamp and can send a spoofed packet...
xen-tools -- Unsanitised driver domain input in libxl device handling
The Xen Project reports: libxl's device-handling code freely uses and trusts information from the backend directories in xenstore. A malicious driver domain can deny service to management tools...
mercurial -- arbitrary code execution vulnerability
Mercurial reports: CVE-2016-3105: Arbitrary code execution when converting Git repos...
phpmyadmin -- multiple XSS and a man-in-the-middle vulnerability
The phpMyAdmin development team reports: XSS vulnerability in SQL parser. Using a crafted SQL query, it is possible to trigger an XSS attack through the SQL query page. We consider this vulnerability to be non-critical. Multiple XSS vulnerabilities. By sending a specially crafted URL as part of t...
firefox -- Same-origin-policy violation using Service Workers with plugins
The Mozilla Foundation reports: MFSA 2016-13 Jason Pang of OneSignal reported that service workers intercept responses to plugin network requests made through the browser. Plugins which make security decisions based on the content of network requests can have these decisions subverted if a servic...
horde -- XSS vulnerabilities
The Horde Team reports: Fixed XSS vulnerabilities in menu bar and form renderer...
Multiple vulnerabilities in Botan
The botan developers reports: Infinite loop in modular square root algorithm - The ressol function implements the Tonelli-Shanks algorithm for finding square roots could be sent into a nearly infinite loop due to a misplaced conditional check. This could occur if a composite modulus is provided, ...
phpmyadmin -- Unsafe generation of XSRF/CSRF token
The phpMyAdmin development team reports: The XSRF/CSRF token is generated with a weak algorithm using functions that do not return cryptographically secure values. We consider this vulnerability to be non-critical...
FreeBSD -- Linux compatibility layer issetugid(2) system call
Problem Description: A programming error in the Linux compatibility layer could cause the issetugid2 system call to return incorrect information. Impact: If an application relies on output of the issetugid2 system call and that information is incorrect, this could lead to a privilege escalation...
prosody -- user impersonation vulnerability
The Prosody team reports: Adopt key generation algorithm from XEP-0185, to prevent impersonation attacks CVE-2016-0756...
NSS -- multiple vulnerabilities
Mozilla Foundation reports: Security researcher Hanno Böck reported that calculations with mpdiv and mpexptmod in Network Security Services NSS can produce wrong results in some circumstances. These functions are used within NSS for a variety of cryptographic division functions, leading to...
privoxy -- multiple vulnerabilities
Privoxy Developers reports: Prevent invalid reads in case of corrupt chunk-encoded content. CVE-2016-1982. Bug discovered with afl-fuzz and AddressSanitizer. Remove empty Host headers in client requests. Previously they would result in invalid reads. CVE-2016-1983. Bug discovered with afl-fuzz an...
p5-PathTools -- File::Spec::canonpath loses taint
Ricardo Signes reports: Beginning in PathTools 3.47 and/or perl 5.20.0, the File::Spec::canonpath routine returned untained strings even if passed tainted input. This defect undermines the guarantee of taint propagation, which is sometimes used to ensure that unvalidated user input does not reach...
wordpress -- XSS vulnerability
Aaron Jorbin reports: WordPress 4.4.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.4 and earlier are affected by a cross-site scripting vulnerability that could allow a site to be...
qemu -- denial of service vulnerability in Rocker switch emulation
Prasad J Pandit, Red Hat Product Security Team, reports: Qemu emulator built with the Rocker switch emulation support is vulnerable to an off-by-one error. It happens while processing transmittx descriptors in 'txconsume' routine, if a descriptor was to have more than allowed ROCKERTXFRAGSMAX=16...
giflib -- heap overflow
Hans Jerry Illikainen reports: A heap overflow may occur in the giffix utility included in giflib-5.1.1 when processing records of the type IMAGEDESCRECORDTYPE' due to the allocated size of LineBuffer' equaling the value of the logical screen width, GifFileIn-SWidth', while subsequently having...
xen-tools -- libxl leak of pv kernel and initrd on error
The Xen Project reports: When constructing a guest which is configured to use a PV bootloader which runs as a userspace process in the toolstack domain e.g. pygrub libxl creates a mapping of the files to be used as kernel and initial ramdisk when building the guest domain. However if building the...
bind -- multiple vulnerabilities
ISC reports: Named is potentially vulnerable to the OpenSSL vulnerability described in CVE-2015-3193. Incorrect reference counting could result in an INSIST failure if a socket error occurred while performing a lookup. This flaw is disclosed in CVE-2015-8461. RT40945 Insufficient testing when...
piwik -- multiple vulnerabilities
Piwik changelog reports: This release is rated critical. We are grateful for Security researchers who disclosed security issues privately to the Piwik Security Response team: Elamaran Venkatraman, Egidio Romano and Dmitriy Shcherbatov. The following vulnerabilities were fixed: XSS, CSRF, possible...
xen-tools -- populate-on-demand balloon size inaccuracy can crash guests
The Xen Project reports: Guests configured with PoD might be unstable, especially under load. In an affected guest, an unprivileged guest user might be able to cause a guest crash, perhaps simply by applying load so as to cause heavy memory pressure within the guest...
xen-kernel -- leak of per-domain profiling-related vcpu pointer array
The Xen Project reports: A domain's xenoprofile state contains an array of per-vcpu information... This array is leaked on domain teardown. This memory leak could -- over time -- exhaust the host's memory. The following parties can mount a denial of service attack affecting the whole system: A...
openafs -- information disclosure
The OpenAFS development team reports: When constructing an Rx acknowledgment ACK packet, Andrew-derived Rx implementations do not initialize three octets of data that are padding in the C language structure and were inadvertently included in the wire protocol CVE-2015-7762. Additionally, OpenAFS ...
git -- potential code execution
Debian reports: "int" is the wrong data type for ... nlen assignment...
Bugzilla security issues
Bugzilla Security Advisory Login names usually an email address longer than 127 characters are silently truncated in MySQL which could cause the domain name of the email address to be corrupted. An attacker could use this vulnerability to create an account with an email address different from the...
devel/ipython -- multiple vulnerabilities
Matthias Bussonnier reports: Summary: Local folder name was used in HTML templates without escaping, allowing XSS in said pages by carefully crafting folder name and URL to access it. URI with issues: GET /tree/ Benjamin RK reports: Vulnerability: A maliciously forged file opened for editing can...
jasper -- multiple vulnerabilities
Martin Prpic reports: A double free flaw was found in the way JasPer's jasperimagestopload function parsed certain JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash. Feist Josselin reports: A new use-after-free was found in Jasper JPEG-200. The...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2015-78 Same origin violation and local file stealing via PDF reader...
node, iojs, and v8 -- denial of service
node reports: This release of Node.js fixes a bug that triggers an out-of-band write in V8's utf-8 decoder. This bug impacts all Buffer to String conversions. This is an important security update as this bug can be used to cause a denial of service attack...
elasticsearch -- security fix for shared file-system repositories
Elastic reports: Vulnerability Summary: All Elasticsearch versions from 1.0.0 to 1.5.2 are vulnerable to an attack that uses Elasticsearch to modify files read and executed by certain other applications. Remediation Summary: Users should upgrade to 1.6.0. Alternately, ensure that other applicatio...
rubygem-bson -- DoS and possible injection
Phill MV reports: By submitting a specially crafted string to a service relying on the bson rubygem, an attacker may trigger denials of service or even inject data into victim's MongoDB instances...
roundcube -- multiple vulnerabilities
Roundcube reports: We just published updates to both stable versions 1.0 and 1.1 after fixing many minor bugs and adding some security improvements to the 1.1 release branch. Version 1.0.6 comes with cherry-picked fixes from the more recent version to ensure proper long term support especially in...
libksba -- local denial of service vulnerabilities
Martin Prpic, Red Hat Product Security Team, reports: Denial of Service due to stack overflow in src/ber-decoder.c. Integer overflow in the BER decoder src/ber-decoder.c. Integer overflow in the DN decoder src/dn.c...
cassandra -- remote execution of arbitrary code
Jake Luciani reports: Under its default configuration, Cassandra binds an unauthenticated JMX/RMI interface to all network interfaces. As RMI is an API for the transport and remote execution of serialized Java, anyone with access to this interface can execute arbitrary code as the running user...
xen-kernel and xen-tools -- Long latency MMIO mapping operations are not preemptible
The Xen Project reports: The XENDOMCTLmemorymapping hypercall allows long running operations without implementing preemption. This hypercall is used by the device model as part of the emulation associated with configuration of PCI devices passed through to HVM guests and is therefore indirectly...
libevent -- integer overflow in evbuffers
Debian Security Team reports: Andrew Bartlett of Catalyst reported a defect affecting certain applications using the Libevent evbuffer API. This defect leaves applications which pass insanely large inputs to evbuffers open to a possible heap overflow or infinite loop. In order to exploit this fla...
otrs -- Incomplete Access Control
The OTRS project reports: An attacker with valid OTRS credentials could access and manipulate ticket data of other users via the GenericInterface, if a ticket webservice is configured and not additionally secured...
unzip -- input sanitization errors
oCERT reports: The UnZip tool is an open source extraction utility for archives compressed in the zip format. The unzip command line tool is affected by heap-based buffer overflows within the CRC32 verification, the testcompreb and the getZip64Data functions. The input errors may result in...
flac -- Multiple vulnerabilities
Erik de Castro Lopo reports: Google Security Team member, Michele Spagnuolo, recently found two potential problems in the FLAC code base. They are: CVE-2014-9028: Heap buffer write overflow. CVE-2014-8962: Heap buffer read overflow...
FreeBSD -- Remote command execution in ftp(1)
Problem Description: A malicious HTTP server could cause ftp1 to execute arbitrary commands. Impact: When operating on HTTP URIs, the ftp1 client follows HTTP redirects, and uses the part of the path after the last '/' from the last resource it accesses as the output filename if '-o' is not...
FreeBSD -- memory leak in sandboxed namei lookup
Problem Description: The namei facility will leak a small amount of kernel memory every time a sandboxed process looks up a nonexistent path name. Impact: A remote attacker that can cause a sandboxed process for instance, a web server to look up a large number of nonexistent path names can cause...
chromium -- RSA signature malleability in NSS
Google Chrome Releases reports: 414124 RSA signature malleability in NSS CVE-2014-1568. Thanks to Antoine Delignat-Lavaud of Prosecco/INRIA, Brian Smith and Advanced Threat Research team at Intel Security...
security/ossec-hids-* -- root escalation via temp files
OSSEC reports: This correction will create the temp file for the hosts deny file in /var/ossec and will use mktemp where available to create NON-predictable temp file name. In cases where mktemp is not available we have written a BAD version of mktemp, but should be a little better then just...
django -- multiple vulnerabilities
The Django project reports: These releases address an issue with reverse generating external URLs; a denial of service involving file uploads; a potential session hijacking issue in the remote-user middleware; and a data leak in the administrative interface. We encourage all users of Django to...