6585 matches found
Salt -- multiple vulnerabilities
Salt release notes: CVE-2015-6918 - Git modules leaking HTTPS auth credentials to debug log Updated the Git state and execution modules to no longer display HTTPS basic authentication credentials in loglevel debug output on the Salt master. These credentials are now replaced with REDACTED in the...
mbedTLS/PolarSSL -- DoS and possible remote code execution
ARM Limited reports: When the client creates its ClientHello message, due to insufficient bounds checking it can overflow the heap-based buffer containing the message while writing some extensions. Two extensions in particular could be used by a remote attacker to trigger the overflow: the sessio...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: Two vulnerabilities were fixed in this release: 530301 High CVE-2015-1303: Cross-origin bypass in DOM. Credit to Mariusz Mlynski. 531891 High CVE-2015-1304: Cross-origin bypass in V8. Credit to Mariusz Mlynski...
pitivi -- code execution
Luke Farone reports: Double-clicking a file in the user's media library with a specially-crafted path or filename allows for arbitrary code execution with the permissions of the user running Pitivi...
devel/ipython -- CSRF possible remote execution vulnerability
Kyle Kelley reports: Summary: POST requests exposed via the IPython REST API are vulnerable to cross-site request forgery CSRF. Web pages on different domains can make non-AJAX POST requests to known IPython URLs, and IPython will honor them. The user's browser will automatically send IPython...
wesnoth -- disclosure of .pbl files with lowercase, uppercase, and mixed-case extension
Ignacio R. Morelle reports: As mentioned in the Wesnoth 1.12.4 and Wesnoth 1.13.1 release announcements, a security vulnerability targeting add-on authors was found bug 23504 which allowed a malicious user to obtain add-on server passphrases from the client's .pbl files and transmit them over the...
pcre -- Heap Overflow Vulnerability in find_fixedlength()
Venustech ADLAB reports: PCRE library is prone to a vulnerability which leads to Heap Overflow. During subpattern calculation of a malformed regular expression, an offset that is used as an array index is fully controlled and can be large enough so that unexpected heap memory regions are accessed...
freeradius -- insufficient CRL application vulnerability
oCERT reports: The FreeRADIUS server relies on OpenSSL to perform certificate validation, including Certificate Revocation List CRL checks. The FreeRADIUS usage of OpenSSL, in CRL application, limits the checks to leaf certificates, therefore not detecting revocation of intermediate CA...
logstash-forwarder and logstash -- susceptibility to POODLE vulnerability
Elastic reports: The combination of Logstash Forwarder and Lumberjack input and output was vulnerable to the POODLE attack in SSLv3 protocol. We have disabled SSLv3 for this combination and set the minimum version to be TLSv1.0. We have added this vulnerability to our CVE page and are working on...
strongswan -- Denial-of-service and potential remote code execution vulnerability
StrongSwan Project reports A denial-of-service and potential remote code execution vulnerability triggered by crafted IKE messages was discovered in strongSwan. Versions 5.2.2 and 5.3.0 are affected...
elasticsearch -- directory traversal attack with site plugins
Elastic reports: Vulnerability Summary: All Elasticsearch versions prior to 1.5.2 and 1.4.5 are vulnerable to a directory traversal attack that allows an attacker to retrieve files from the server running Elasticsearch when one or more site plugins are installed, or when Windows is the server OS...
chromium -- multiple vulnerabilities
Chrome Releases reports: 51 security fixes in this release, including: 456516 High CVE-2015-1212: Out-of-bounds write in media. Credit to anonymous. 448423 High CVE-2015-1213: Out-of-bounds write in skia filters. Credit to cloudfuzzer. 445810 High CVE-2015-1214: Out-of-bounds write in skia filter...
PuTTY -- fails to scrub private keys from memory after use
Simon Tatham reports: When PuTTY has sensitive data in memory and has no further need for it, it should wipe the data out of its memory, in case malware later gains access to the PuTTY process or the memory is swapped out to disk or written into a crash dump file. An obvious example of this is th...
samba -- Elevation of privilege to Active Directory Domain Controller
Samba team reports: In Samba's AD DC we neglected to ensure that attempted modifications of the userAccountControl attribute did not allow the UFSERVERTRUSTACCOUNT bit to be set...
mcollective -- cert valication issue
Melissa Stone reports: The MCollective aessecurity public key plugin does not correctly validate certs against the CA. By exploiting this vulnerability within a race/initialization window, an attacker with local access could initiate an unauthorized MCollective client connection with a server, an...
otrs -- XSS Issue
The OTRS Project reports: An attacker could send a specially prepared HTML email to OTRS. If he can then trick an agent into following a special link to display this email, JavaScript code would be executed...
Icinga -- buffer overflow in classic web interface
The Icinga Team reports: Wrong strlen check against MAXINPUTBUFFER without taking '\0' into account...
rt42 -- denial-of-service attack via the email gateway
The RT development team reports: Versions of RT between 4.2.0 and 4.2.2 inclusive are vulnerable to a denial-of-service attack via the email gateway; any installation which accepts mail from untrusted sources is vulnerable, regardless of the permissions configuration inside RT. This vulnerability...
imlib2 -- denial of service vulnerabilities
Enlightenment reports: GIF loader: Fix segv on images without colormap Prevent division-by-zero crashes. Fix segfault when opening input/queue/id:000007,src:000000,op:flip1,pos:51 with feh...
GnuPG and Libgcrypt -- side-channel attack vulnerability
Werner Koch of the GNU project reports: Noteworthy changes in version 1.5.3: Mitigate the Yarom/Falkner flush+reload side-channel attack on RSA secret keys... Note that Libgcrypt is used by GnuPG 2.x and thus this release fixes the above problem. The fix for GnuPG less than 2.0 can be found in th...
dbus -- local dos
Simon McVittie reports: Alexandru Cornea discovered a vulnerability in libdbus caused by an implementation bug in dbusprintfstringupperbound. This vulnerability can be exploited by a local user to crash system services that use libdbus, causing denial of service. It is platform-specific: x86-64...
samba -- ACLs are not checked on opening an alternate data stream on a file or directory
The Samba project reports: Samba versions 3.2.0 and above all versions of 3.2.x, 3.3.x, 3.4.x, 3.5.x, 3.6.x, 4.0.x and 4.1.x do not check the underlying file or directory ACL when opening an alternate data stream. According to the SMB1 and SMB2+ protocols the ACL on an underlying file or director...
owncloud -- Multiple security vulnerabilities
The ownCloud development team reports: oC-SA-2013-019 / CVE-2013-2045: Multiple SQL Injections. Credit to Mateusz Goik aliantsoft.pl. oC-SA-2013-020 / CVE-2013-2039,2085: Multiple directory traversals. Credit to Mateusz Goik aliantsoft.pl. oC-SQ-2013-021 / CVE-2013-2040-2042: Multiple XSS...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2013-41 Miscellaneous memory safety hazards rv:21.0 / rv:17.0.6 MFSA 2013-42 Privileged access for content level constructor MFSA 2013-43 File input control has access to full path MFSA 2013-44 Local privilege escalation through Mozilla Maintenance Service MFSA...
linux-flashplugin -- multiple vulnerabilities
Adobe reports: These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 162494 High CVE-2012-5145: Use-after-free in SVG layout. Credit to Atte Kettunen of OUSPG. 165622 High CVE-2012-5146: Same origin policy bypass with malformed URL. Credit to Erling A Ellingsen and Subodh Iyengar, both of Facebook. 165864 High CVE-2012-5147:...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 157079 Medium CVE-2012-5127: Integer overflow leading to out-of-bounds read in WebP handling. Credit to Phil Turnbull. Linux 64-bit only 150729 Medium CVE-2012-5120: Out-of-bounds array access in v8. Credit to Atte Kettunen of OUSPG. 143761 High CVE-2012-5116:...
mod_pagespeed -- multiple vulnerabilities
Google Reports: modpagespeed 0.10.22.6 is a security update that fixes two critical issues that affect earlier versions: CVE-2012-4001, a problem with validation of own host name. CVE-2012-4360, a cross-site scripting attack, which affects versions starting from 0.10.19.1. The effect of the first...
jabberd -- domain spoofing in server dialback protocol
XMPP Standards Foundation reports: Some implementations of the XMPP Server Dialback protocol RFC 3920/XEP-0220 have not been checking dialback responses to ensure that validated results are correlated with requests. An attacking server could spoof one or more domains in communicating with a...
libutp -- remote denial of service or arbitrary code execution
NVD reports: Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via crafted "micro transport protocol packets."...
Several vulnerabilities found in IcedTea-Web
The IcedTea project team reports: CVE-2012-3422: Use of uninitialized instance pointers An uninitialized pointer use flaw was found in IcedTea-Web web browser plugin. A malicious web page could use this flaw make IcedTea-Web browser plugin pass invalid pointer to a web browser. Depending on the...
asterisk -- multiple vulnerabilities
Asterisk project reports: Remote crash vulnerability in IAX2 channel driver. Skinny Channel Driver Remote Crash Vulnerability...
p5-Config-IniFiles -- unsafe temporary file creation
Unsafe Temporary file creation Config::IniFiles used a predictable name for its temporary file without opening it correctly...
postfixadmin -- Multiple Vulnerabilities
The Postfix Admin Team reports: Multiple XSS vulnerabilities exist: - XSS with $GETdomain in templates/menu.php and edit-vacation - XSS in some create-domain input fields - XSS in create-alias and edit-alias error message - XSS by values stored in the database in fetchmail list view, list-domain...
bugzilla -- multiple vulnerabilities
A Bugzilla Security Advisory reports: The following security issues have been discovered in Bugzilla: Tabular and graphical reports, as well as new charts have a debug mode which displays raw data as plain text. This text is not correctly escaped and a crafted URL could use this vulnerability to...
asterisk -- Remote crash vulnerability
The Asterisk Development Team reports: If a remote user initiates a SIP call and the recipient picks up, the remote user can reply with a malformed Contact header that Asterisk will improperly handle and cause a crash due to a segmentation fault...
moinmoin -- cross-site scripting via RST parser
MITRE CVE team reports: Cross-site scripting XSS vulnerability in the reStructuredText rst parser in parser/textrst.py in MoinMoin before 1.9.4, when docutils is installed or when "format rst" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refu...
linux-flashplugin -- multiple vulnerabilities
Adobe Product Security Incident Response Team reports: Critical vulnerabilities have been identified in Adobe Flash Player 10.1.102.64 and earlier versions for Windows, Macintosh, Linux, and Solaris. These vulnerabilities could cause the application to crash and could potentially allow an attacke...
tor -- remote crash and potential remote code execution
The Tor Project reports: Remotely exploitable bug that could be used to crash instances of Tor remotely by overflowing on the heap. Remote-code execution hasn't been confirmed, but can't be ruled out. Everyone should upgrade...
krb5 -- unkeyed PAC checksum handling vulnerability
The MIT Kerberos team reports: MIT krb5 incorrectly accepts an unkeyed checksum for PAC signatures. An authenticated remote attacker can forge PACs if using a KDC that does not filter client-provided PAC data. This can result in privilege escalation against a service that relies on PAC contents t...
squid -- Denial of Service vulnerability in DNS handling
Squid security advisory 2010:1 reports: Due to incorrect data validation Squid is vulnerable to a denial of service attack when processing specially crafted DNS packets. This problem allows any trusted client or external server who can determine the squid receiving port to perform a short-term...
cscope -- multiple buffer overflows
Secunia reports: Some vulnerabilities have been reported in Cscope, which potentially can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to various boundary errors, which can be exploited to cause buffer overflows when parsing specially crafted...
FreeBSD -- remotely exploitable crash in OpenSSL
Problem Description The function ASN1STRINGprintex does not properly validate the lengths of BMPString or UniversalString objects before attempting to print them. Impact An application which attempts to print a BMPString or UniversalString which has an invalid length will crash as a result of...
typo3 -- multiple vulnerabilities
Secunia reports: Some vulnerabilities have been reported in Typo3, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and session fixation attacks, and compromise a vulnerable system. The "Install tool" system extension uses...
gnutls -- X.509 certificate chain validation vulnerability
SecurityFocus reports: GnuTLS is prone to a security-bypass vulnerability because the application fails to properly validate chained X.509 certificates. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks by impersonating trusted servers. Unsuspecting users ma...
lighttpd -- multiple vulnerabilities
Lighttpd seurity annoucement: lighttpd 1.4.19, and possibly other versions before 1.5.0, does not decode the url before matching against rewrite and redirect patterns, which allows attackers to bypass rewrites rules. this can be a security problem in certain configurations if these rules are used...
neon -- NULL pointer dereference in Digest domain support
Joe Orton reports: A NULL pointer deference in the Digest authentication support in neon versions 0.28.0 through 0.28.2 inclusive allows a malicious server to crash a client application, resulting in possible denial of service...
apache -- Cross-site scripting vulnerability
CVE Mitre reports: Cross-site scripting XSS vulnerability in proxyftp.c in the modproxyftp module in Apache 2.0.63 and earlier, and modproxyftp.c in the modproxyftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in th...
drupal -- multiple vulnerabilities
The Drupal Project reports: Free tagging taxonomy terms can be used to insert arbitrary script and HTML code cross site scripting or XSS on node preview pages. A successful exploit requires that the victim selects a term containing script code and chooses to preview the node. This issue affects...
bzip2 -- crash with certain malformed archive files
SecurityFocus reports: The 'bzip2' application is prone to a remote file-handling vulnerability because the application fails to properly handle malformed files. Exploit attempts likely result in application crashes...