6585 matches found
The GIMP -- Use after Free vulnerability
The GIMP team reports: A Use-after-free vulnerability was found in the xcfloadimage function...
haproxy -- denial of service
HAproxy reports: HAproxy 1.6.x before 1.6.6, when a deny comes from a reqdeny rule, allows remote attackers to cause a denial of service uninitialized memory access and crash or possibly have unspecified other impact via unknown vectors...
wordpress -- multiple vulnerabilities
Helen Hou-Sandi reports: WordPress 4.5.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.5.1 and earlier are affected by a SOME vulnerability through Plupload, the third-party library...
mercurial -- multiple vulnerabilities
Mercurial reports: CVE-2016-3630: Remote code execution in binary delta decoding CVE-2016-3068: Arbitrary code execution with Git subrepos CVE-2016-3069: Arbitrary code execution when converting Git repos...
openvswitch -- MPLS buffer overflow
Open vSwitch reports: Multiple versions of Open vSwitch are vulnerable to remote buffer overflow attacks, in which crafted MPLS packets could overflow the buffer reserved for MPLS labels in an OVS internal data structure. The MPLS packets that trigger the vulnerability and the potential for...
git -- integer overflow
Debian reports: integer overflow due to a loop which adds more to "len"...
cacti -- multiple vulnerabilities
The Cacti Group, Inc. reports: Changelog bug:0002652: CVE-2015-8604: SQL injection in graphsnew.php bug:0002655: CVE-2015-8377: SQL injection vulnerability in the hostnewgraphssave function in graphsnew.php bug:0002656: Authentication using web authentication as a user not in the cacti database...
phpmyadmin -- Insecure password generation in JavaScript
The phpMyAdmin development team reports: Password suggestion functionality uses Math.random which does not provide cryptographically secure random numbers. We consider this vulnerability to be non-critical...
h2o -- directory traversal vulnerability
Yakuzo OKU reports: When redirect directive is used, this flaw allows a remote attacker to inject response headers into an HTTP redirect response...
nghttp2 -- use after free
nghttp2 reports: This release fixes heap-use-after-free bug in idle stream handling code. We strongly recommend to upgrade the older installation to this latest version as soon as possible...
quassel -- remote denial of service
Pierre Schweitzer reports: Any client sending the command "/op " in a query will cause the Quassel core to crash...
Salt -- multiple vulnerabilities
Salt release notes: CVE-2015-6918 - Git modules leaking HTTPS auth credentials to debug log Updated the Git state and execution modules to no longer display HTTPS basic authentication credentials in loglevel debug output on the Salt master. These credentials are now replaced with REDACTED in the...
mbedTLS/PolarSSL -- DoS and possible remote code execution
ARM Limited reports: When the client creates its ClientHello message, due to insufficient bounds checking it can overflow the heap-based buffer containing the message while writing some extensions. Two extensions in particular could be used by a remote attacker to trigger the overflow: the sessio...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: Two vulnerabilities were fixed in this release: 530301 High CVE-2015-1303: Cross-origin bypass in DOM. Credit to Mariusz Mlynski. 531891 High CVE-2015-1304: Cross-origin bypass in V8. Credit to Mariusz Mlynski...
pitivi -- code execution
Luke Farone reports: Double-clicking a file in the user's media library with a specially-crafted path or filename allows for arbitrary code execution with the permissions of the user running Pitivi...
devel/ipython -- CSRF possible remote execution vulnerability
Kyle Kelley reports: Summary: POST requests exposed via the IPython REST API are vulnerable to cross-site request forgery CSRF. Web pages on different domains can make non-AJAX POST requests to known IPython URLs, and IPython will honor them. The user's browser will automatically send IPython...
wesnoth -- disclosure of .pbl files with lowercase, uppercase, and mixed-case extension
Ignacio R. Morelle reports: As mentioned in the Wesnoth 1.12.4 and Wesnoth 1.13.1 release announcements, a security vulnerability targeting add-on authors was found bug 23504 which allowed a malicious user to obtain add-on server passphrases from the client's .pbl files and transmit them over the...
pcre -- Heap Overflow Vulnerability in find_fixedlength()
Venustech ADLAB reports: PCRE library is prone to a vulnerability which leads to Heap Overflow. During subpattern calculation of a malformed regular expression, an offset that is used as an array index is fully controlled and can be large enough so that unexpected heap memory regions are accessed...
freeradius -- insufficient CRL application vulnerability
oCERT reports: The FreeRADIUS server relies on OpenSSL to perform certificate validation, including Certificate Revocation List CRL checks. The FreeRADIUS usage of OpenSSL, in CRL application, limits the checks to leaf certificates, therefore not detecting revocation of intermediate CA...
logstash-forwarder and logstash -- susceptibility to POODLE vulnerability
Elastic reports: The combination of Logstash Forwarder and Lumberjack input and output was vulnerable to the POODLE attack in SSLv3 protocol. We have disabled SSLv3 for this combination and set the minimum version to be TLSv1.0. We have added this vulnerability to our CVE page and are working on...
strongswan -- Denial-of-service and potential remote code execution vulnerability
StrongSwan Project reports A denial-of-service and potential remote code execution vulnerability triggered by crafted IKE messages was discovered in strongSwan. Versions 5.2.2 and 5.3.0 are affected...
elasticsearch -- directory traversal attack with site plugins
Elastic reports: Vulnerability Summary: All Elasticsearch versions prior to 1.5.2 and 1.4.5 are vulnerable to a directory traversal attack that allows an attacker to retrieve files from the server running Elasticsearch when one or more site plugins are installed, or when Windows is the server OS...
chromium -- multiple vulnerabilities
Chrome Releases reports: 51 security fixes in this release, including: 456516 High CVE-2015-1212: Out-of-bounds write in media. Credit to anonymous. 448423 High CVE-2015-1213: Out-of-bounds write in skia filters. Credit to cloudfuzzer. 445810 High CVE-2015-1214: Out-of-bounds write in skia filter...
PuTTY -- fails to scrub private keys from memory after use
Simon Tatham reports: When PuTTY has sensitive data in memory and has no further need for it, it should wipe the data out of its memory, in case malware later gains access to the PuTTY process or the memory is swapped out to disk or written into a crash dump file. An obvious example of this is th...
samba -- Elevation of privilege to Active Directory Domain Controller
Samba team reports: In Samba's AD DC we neglected to ensure that attempted modifications of the userAccountControl attribute did not allow the UFSERVERTRUSTACCOUNT bit to be set...
mcollective -- cert valication issue
Melissa Stone reports: The MCollective aessecurity public key plugin does not correctly validate certs against the CA. By exploiting this vulnerability within a race/initialization window, an attacker with local access could initiate an unauthorized MCollective client connection with a server, an...
otrs -- XSS Issue
The OTRS Project reports: An attacker could send a specially prepared HTML email to OTRS. If he can then trick an agent into following a special link to display this email, JavaScript code would be executed...
Icinga -- buffer overflow in classic web interface
The Icinga Team reports: Wrong strlen check against MAXINPUTBUFFER without taking '\0' into account...
rt42 -- denial-of-service attack via the email gateway
The RT development team reports: Versions of RT between 4.2.0 and 4.2.2 inclusive are vulnerable to a denial-of-service attack via the email gateway; any installation which accepts mail from untrusted sources is vulnerable, regardless of the permissions configuration inside RT. This vulnerability...
imlib2 -- denial of service vulnerabilities
Enlightenment reports: GIF loader: Fix segv on images without colormap Prevent division-by-zero crashes. Fix segfault when opening input/queue/id:000007,src:000000,op:flip1,pos:51 with feh...
GnuPG and Libgcrypt -- side-channel attack vulnerability
Werner Koch of the GNU project reports: Noteworthy changes in version 1.5.3: Mitigate the Yarom/Falkner flush+reload side-channel attack on RSA secret keys... Note that Libgcrypt is used by GnuPG 2.x and thus this release fixes the above problem. The fix for GnuPG less than 2.0 can be found in th...
dbus -- local dos
Simon McVittie reports: Alexandru Cornea discovered a vulnerability in libdbus caused by an implementation bug in dbusprintfstringupperbound. This vulnerability can be exploited by a local user to crash system services that use libdbus, causing denial of service. It is platform-specific: x86-64...
samba -- ACLs are not checked on opening an alternate data stream on a file or directory
The Samba project reports: Samba versions 3.2.0 and above all versions of 3.2.x, 3.3.x, 3.4.x, 3.5.x, 3.6.x, 4.0.x and 4.1.x do not check the underlying file or directory ACL when opening an alternate data stream. According to the SMB1 and SMB2+ protocols the ACL on an underlying file or director...
linux-flashplugin -- multiple vulnerabilities
Adobe reports: These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2013-41 Miscellaneous memory safety hazards rv:21.0 / rv:17.0.6 MFSA 2013-42 Privileged access for content level constructor MFSA 2013-43 File input control has access to full path MFSA 2013-44 Local privilege escalation through Mozilla Maintenance Service MFSA...
owncloud -- Multiple security vulnerabilities
The ownCloud development team reports: oC-SA-2013-019 / CVE-2013-2045: Multiple SQL Injections. Credit to Mateusz Goik aliantsoft.pl. oC-SA-2013-020 / CVE-2013-2039,2085: Multiple directory traversals. Credit to Mateusz Goik aliantsoft.pl. oC-SQ-2013-021 / CVE-2013-2040-2042: Multiple XSS...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 162494 High CVE-2012-5145: Use-after-free in SVG layout. Credit to Atte Kettunen of OUSPG. 165622 High CVE-2012-5146: Same origin policy bypass with malformed URL. Credit to Erling A Ellingsen and Subodh Iyengar, both of Facebook. 165864 High CVE-2012-5147:...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 157079 Medium CVE-2012-5127: Integer overflow leading to out-of-bounds read in WebP handling. Credit to Phil Turnbull. Linux 64-bit only 150729 Medium CVE-2012-5120: Out-of-bounds array access in v8. Credit to Atte Kettunen of OUSPG. 143761 High CVE-2012-5116:...
mod_pagespeed -- multiple vulnerabilities
Google Reports: modpagespeed 0.10.22.6 is a security update that fixes two critical issues that affect earlier versions: CVE-2012-4001, a problem with validation of own host name. CVE-2012-4360, a cross-site scripting attack, which affects versions starting from 0.10.19.1. The effect of the first...
libutp -- remote denial of service or arbitrary code execution
NVD reports: Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via crafted "micro transport protocol packets."...
Several vulnerabilities found in IcedTea-Web
The IcedTea project team reports: CVE-2012-3422: Use of uninitialized instance pointers An uninitialized pointer use flaw was found in IcedTea-Web web browser plugin. A malicious web page could use this flaw make IcedTea-Web browser plugin pass invalid pointer to a web browser. Depending on the...
asterisk -- multiple vulnerabilities
Asterisk project reports: Remote crash vulnerability in IAX2 channel driver. Skinny Channel Driver Remote Crash Vulnerability...
p5-Config-IniFiles -- unsafe temporary file creation
Unsafe Temporary file creation Config::IniFiles used a predictable name for its temporary file without opening it correctly...
NVIDIA UNIX driver -- access to arbitrary system memory
NVIDIA Unix security team reports: Security vulnerability CVE-2012-0946 in the NVIDIA UNIX driver was disclosed to NVIDIA on March 20th, 2012. The vulnerability makes it possible for an attacker who has read and write access to the GPU device nodes to reconfigure GPUs to gain access to arbitrary...
postfixadmin -- Multiple Vulnerabilities
The Postfix Admin Team reports: Multiple XSS vulnerabilities exist: - XSS with $GETdomain in templates/menu.php and edit-vacation - XSS in some create-domain input fields - XSS in create-alias and edit-alias error message - XSS by values stored in the database in fetchmail list view, list-domain...
bugzilla -- multiple vulnerabilities
A Bugzilla Security Advisory reports: The following security issues have been discovered in Bugzilla: Tabular and graphical reports, as well as new charts have a debug mode which displays raw data as plain text. This text is not correctly escaped and a crafted URL could use this vulnerability to...
phpMyAdmin -- Multiple XSS
The phpMyAdmin development team reports: Using crafted database names, it was possible to produce XSS in the Database Synchronize and Database rename panels. Using an invalid and crafted SQL query, it was possible to produce XSS when editing a query on a table overview panel or when using the vie...
asterisk -- Remote crash vulnerability
The Asterisk Development Team reports: If a remote user initiates a SIP call and the recipient picks up, the remote user can reply with a malformed Contact header that Asterisk will improperly handle and cause a crash due to a segmentation fault...
moinmoin -- cross-site scripting via RST parser
MITRE CVE team reports: Cross-site scripting XSS vulnerability in the reStructuredText rst parser in parser/textrst.py in MoinMoin before 1.9.4, when docutils is installed or when "format rst" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refu...
linux-flashplugin -- multiple vulnerabilities
Adobe Product Security Incident Response Team reports: Critical vulnerabilities have been identified in Adobe Flash Player 10.1.102.64 and earlier versions for Windows, Macintosh, Linux, and Solaris. These vulnerabilities could cause the application to crash and could potentially allow an attacke...