6585 matches found
py-matrix-synapse -- undisclosed vulnerability
Matrix developers report: The matrix team announces the availablility of synapse security releases 0.34.0.1 and 0.34.1.1, fixing CVE-2019-5885...
libzmq4 -- Remote Code Execution Vulnerability
A vulnerability has been found that would allow attackers to direct a peer to jump to and execute from an address indicated by the attacker. This issue has been present since v4.2.0. Older releases are not affected. NOTE: The attacker needs to know in advance valid addresses in the peer's memory ...
Gitlab -- Arbitrary File read in Gitlab project import
Gitlab reports: Arbitrary File read in Gitlab project import...
Gitlab -- Arbitrary File read in GitLab project import with Git LFS
Gitlab reports: Arbitrary File read in GitLab project import with Git LFS...
phpMyAdmin -- multiple vulnerabilities
The phpMyAdmin development team reports: Summary Local file inclusion through transformation feature Description A flaw has been found where an attacker can exploit phpMyAdmin to leak the contents of a local file. The attacker must have access to the phpMyAdmin Configuration Storage tables,...
uriparser -- Multiple vulnerabilities
The upstream project reports: Fixed: Out-of-bounds write in uriComposeQuery and uriComposeQueryEx Commit 864f5d4c127def386dd5cc926ad96934b297f04e Thanks to Google Autofuzz team for the report! Fixed: Detect integer overflow in uriComposeQuery and uriComposeQueryEx Commit...
FreeBSD -- Resource exhaustion in IP fragment reassembly
Problem Description: A researcher has notified us of a DoS attack applicable to another operating system. While FreeBSD may not be vulnerable to that exact attack, we have identified several places where inadequate DoS protection could allow an attacker to consume system resources. It is not...
node.js -- multiple vulnerabilities
Node.js reports: Denial of Service Vulnerability in HTTP/2 CVE-2018-7161 All versions of 8.x and later are vulnerable and the severity is HIGH. An attacker can cause a denial of service DoS by causing a node server providing an http2 server to crash. This can be accomplished by interacting with t...
mpv -- arbitrary code execution via crafted website
mpv developers report: mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdlhook.lua. For example, an...
chromium -- vulnerability
Google Chrome Releases reports: 1 security fix in this release: 806388 High CVE-2018-6056: Incorrect derived class instantiation in V8. Reported by lokihardt of Google Project Zero on 2018-01-26...
clamav -- multiple vulnerabilities
ClamAV project reports: Join us as we welcome ClamAV 0.99.3 to the family!. This release is a security release and is recommended for all ClamAV users. CVE-2017-12374 ClamAV UAF use-after-free Vulnerabilities CVE-2017-12375 ClamAV Buffer Overflow Vulnerability CVE-2017-12376 ClamAV Buffer Overflo...
p7zip -- heap-based buffer overflow
MITRE reports: Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a denial of service out-of-bounds write or potentially execute arbitrary code via a crafted ZIP archive...
GIMP - Heap Buffer Overflow Vulnerability
GNOME reports: CVE-2017-17786 Out of bounds read / heap overflow in tga importer / function bgr2rgb.part.1...
bchunk -- access violation near NULL on destination operand and crash
Mitre reports: bchunk 1.2.0 and 1.2.1 is vulnerable to an "Access violation near NULL on destination operand" and crash when processing a malformed CUE .cue file...
libgcrypt -- side-channel attack vulnerability
GnuPG reports: Mitigate a local side-channel attack on Curve25519 dubbed "May the Fourth Be With You"...
chromium -- race condition vulnerability
Google Chrome Releases reports: 1 security fix in this release: 679306 High CVE-2017-5068: Race condition in WebRTC. Credit to Philipp Hancke...
LibreSSL -- TLS verification vulnerability
Jakub Jirutka reports: LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSLgetverifyresult is relied upon for a later check of a verification result, in a use case where a user-provided verification callback returns 1, as demonstrated by acceptance of invalid certificates by nginx...
Intel(R) NVMUpdate -- Intel(R) Ethernet Controller X710/XL710 NVM Security Vulnerability
Intel Corporation reports: A security vulnerability in the IntelR Ethernet Controller X710 and IntelR Ethernet Controller XL710 family of products Fortville has been found in the Non-Volatile Flash Memory NVM image...
w3m -- multiple vulnerabilities
Multiple remote code execution and denial of service conditions present...
eog -- out-of-bounds write
Felix Riemann reports: CVE-2016-6855 out-of-bounds write in eog 3.10.2...
Rails 4 -- Possible XSS Vulnerability in Action View
Ruby Security team reports: There is a possible XSS vulnerability in Action View. Text declared as "HTML safe" will not have quotes escaped when used as attribute values in tag helpers. This vulnerability has been assigned the CVE identifier CVE-2016-6316...
moodle -- multiple vulnerabilities
Marina Glancy reports: MSA-16-0019: Glossary search displays entries without checking user permissions to view them MSA-16-0020: Text injection in email headers MSA-16-0021: Unenrolled user still receives event monitor notifications even though they can no longer access course...
xtrlock -- xtrlock does not block multitouch events
Debian reports: xtrlock did not block multitouch events so an attacker could still input and thus control various programs such as Chromium, etc. via so-called "multitouch" events including pan scrolling, "pinch and zoom" or even being able to provide regular mouse clicks by depressing the touchp...
libtasn1 -- denial of service parsing malicious DER certificates
GNU Libtasn1 NEWS reports: Fixes to avoid an infinite recursion when decoding without the ASN1DECODEFLAGSTRICTDER flag. Reported by Pascal Cuoq...
activemq -- Web Console Cross-Site Scripting
Vladimir Ivanov Positive Technologies reports: Several instances of cross-site scripting vulnerabilities were identified to be present in the web based administration console as well as the ability to trigger a Java memory dump into an arbitrary folder. The root cause of these issues are improper...
bind -- denial of service vulnerability
ISC reports: A response containing multiple DNS cookies causes servers with cookie support enabled to exit with an assertion failure...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 589838 High CVE-2016-1643: Type confusion in Blink. 590620 High CVE-2016-1644: Use-after-free in Blink. 587227 High CVE-2016-1645: Out-of-bounds write in PDFium...
PostgreSQL -- minor security problems.
PostgreSQL project reports: Security Fixes for RLS, BRIN This release closes security hole CVE-2016-2193 https://access.redhat.com/security/cve/CVE-2016-2193, where a query plan might get reused for more than one ROLE in the same session. This could cause the wrong set of Row Level Security RLS...
phpmyadmin -- Multiple full path disclosure vulnerabilities
The phpMyAdmin development team reports: By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. We consider these vulnerabilities to ...
salt -- code execution
SaltStack reports: Improper handling of clear messages on the minion, which could result in executing commands not sent by the master...
flash -- multiple vulnerabilities
Adobe reports: These updates resolve a vulnerability that could be exploited to bypass the same-origin-policy and lead to information disclosure CVE-2015-7628. These updates include a defense-in-depth feature in the Flash broker API CVE-2015-5569. These updates resolve use-after-free...
OpenSMTPD -- multiple vulnerabilities
OpenSMTPD developers report: an oversight in the portable version of fgetln that allows attackers to read and write out-of-bounds memory multiple denial-of-service vulnerabilities that allow local users to kill or hang OpenSMTPD a stack-based buffer overflow that allows local users to crash...
optipng -- use-after-free vulnerability
Gustavo Grieco reports: We found a use-after-free causing an invalid/double free in optipng 0.6.4...
Adobe Flash Player -- critical vulnerabilities
Adobe reports: Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. These updates resolve type confusion vulnerabilities that could lead to code execution...
Adobe Flash Player -- critical vulnerabilities
Adobe reports: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address a critical vulnerability CVE-2015-3113 that could potentially allow an attacker to take control of the affected system. Adobe is aware of reports that CVE-2015-3113 is...
chicken -- Potential buffer overrun in string-translate*
chicken developer Peter Bex reports: Using gcc's Address Sanitizer, it was discovered that the string-translate procedure from the data-structures unit can scan beyond the input string's length up to the length of the source strings in the map that's passed to string-translate. This issue was fix...
Pligg CMS -- XSS Vulnerability
Netsparker reports: Proof of Concept URL for XSS in Pligg CMS: Page: groups.php Parameter Name: keyword Parameter Type: GET Attack Pattern: http://example.com/pligg-cms-2.0.2/groups.php?view=search&keyword='+alert0x000D82+' For more information on cross-site scripting vulnerabilities read the...
qemu, xen and VirtualBox OSE -- possible VM escape and code execution ("VENOM")
Jason Geffner, CrowdStrike Senior Security Researcher reports: VENOM, CVE-2015-3456, is a security vulnerability in the virtual floppy drive code used by many computer virtualization platforms. This vulnerability may allow an attacker to escape from the confines of an affected virtual machine VM...
powerdns -- Label decompression bug can cause crashes or CPU spikes
The PowerDNS project reports: A bug was discovered in our label decompression code, making it possible for names to refer to themselves, thus causing a loop during decompression. On some platforms, this bug can be abused to cause crashes. On all platforms, this bug can be abused to cause...
pidgin-otr -- use after free
Hanno Bock reports: The pidgin-otr plugin version 4.0.2 fixes a heap use after free error. The bug is triggered when a user tries to authenticate a buddy and happens in the function createsmpdialog...
cryptopp -- multiple vulnerabilities
Multiple sources report: CVE-2015-2141: The InvertibleRWFunction::CalculateInverse function in rw.cpp in libcrypt++ 5.6.2 does not properly blind private key operations for the Rabin-Williams digital signature algorithm, which allows remote attackers to obtain private keys via a timing attack...
xorg-server -- Information leak in the XkbSetGeometry request of X servers.
Peter Hutterer reports: Olivier Fourdan from Red Hat has discovered a protocol handling issue in the way the X server code base handles the XkbSetGeometry request. The issue stems from the server trusting the client to send valid string lengths in the request data. A malicious client with string...
librsvg2 -- denial of service vulnerability
Adam Maris, Red Hat Product Security, reports: CVE-2015-7557: Out-of-bounds heap read in librsvg2 was found when parsing SVG file...
OpenVPN -- denial of service security vulnerability
The OpenVPN project reports: In late November 2014 Dragana Damjanovic notified OpenVPN developers of a critical denial of service security vulnerability CVE-2014-8104. The vulnerability allows an tls-authenticated client to crash the server by sending a too-short control channel packet to the...
Flash player -- Multiple security vulnerabilities in www/linux-*-flashplugin11
Adobe reports: These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 12 security fixes in this release, including 390174 High CVE-2014-3165: Use-after-free in web sockets. Credit to Collin Payne. 398925 High CVE-2014-3166: Information disclosure in SPDY. Credit to Antoine Delignat-Lavaud. 400950 CVE-2014-3167: Various fixes from...
mplayer -- potential buffer overrun when processing malicious lzo compressed input
Michael Niedermayer and Luca Barbato report in upstream ffmpeg: avutil/lzo: Fix integer overflow...
FreeBSD -- devfs rules not applied by default for jails
Problem Description: The default devfs rulesets are not loaded on boot, even when jails are used. Device nodes will be created in the jail with their normal default access permissions, while most of them should be hidden and inaccessible. Impact: Jailed processes can get access to restricted...
apache-xml-security-c -- heap overflow during XPointer evaluation
The Apache Software Foundation reports: The attempted fix to address CVE-2013-2154 introduced the possibility of a heap overflow, possibly leading to arbitrary code execution, in the processing of malformed XPointer expressions in the XML Signature Reference processing code...
apache-xml-security-c -- heap overflow
The Apache Software Foundation reports: A heap overflow exists in the processing of the PrefixList attribute optionally used in conjunction with Exclusive Canonicalization, potentially allowing arbitary code execution. If verification of the signature occurs prior to actual evaluation of a signin...