6583 matches found
wordpress -- multiple issues
wordpress developers reports: WordPress versions 5.0 and earlier are affected by the following bugs, which are fixed in version 5.0.1. Updated versions of WordPress 4.9 and older releases are also available, for users who have not yet updated to 5.0. Karim El Ouerghemmi discovered that authors...
typo3 -- multiple vulnerabilities
Typo3 core team reports: CKEditor 4.11 fixes an XSS vulnerability in the HTML parser reported by maxarr. The vulnerability stemmed from the fact that it was possible to execute XSS inside the CKEditor source area after persuading the victim to: i switch CKEditor to source mode, then ii paste a...
py-cryptography -- tag forgery vulnerability
The Python Cryptographic Authority PyCA project reports: finalizewithtag allowed tag truncation by default which can allow tag forgery in some cases. The method now enforces the mintaglength provided to the GCM constructor...
transmission-daemon -- vulnerable to dns rebinding attacks
Google Project Zero reports: The transmission bittorrent client uses a client/server architecture, the user interface is the client which communicates to the worker daemon using JSON RPC requests. As with all HTTP RPC schemes like this, any website can send requests to the daemon listening on...
FreeBSD -- Information leak in kldstat(2)
Problem Description: The kernel does not properly clear the memory of the kldfilestat structure before filling the data. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information from the kernel stack is possible. Impact: Some bytes...
frr -- BGP Mishandled attribute length on Error
FRR reports: BGP Mishandled attribute length on Error A vulnerability exists in the BGP daemon of FRR where a malformed BGP UPDATE packet can leak information from the BGP daemon and cause a denial of service by crashing the daemon...
FreeBSD -- WPA2 protocol vulnerability
Problem Description: A vulnerability was found in how a number of implementations can be triggered to reconfigure WPA/WPA2/RSN keys TK, GTK, or IGTK by replaying a specific frame that is used to manage the keys. Impact: Such reinstallation of the encryption key can result in two different types o...
kanboard -- multiple privilege escalation vulnerabilities
chbi reports: an authenticated standard user could reset the password of another user including admin by altering form data...
osip -- Improper Restriction of Operations within the Bounds of a Memory Buffer
osip developers reports: In libosip2 in GNU oSIP 4.1.0 and 5.0.0, a malformed SIP message can lead to a heap buffer overflow in the msgosipbodyparse function defined in osipparser2/osipmessageparse.c, resulting in a remote DoS...
chicken -- multiple vulnerabilities
CHICKEN reports: CVE-2017-6949: Unchecked malloc call in SRFI-4 constructors when allocating in non-GC memory, resulting in potential 1-word buffer overrun and/or segfault CVE-2017-9334: "length" crashes on improper lists CVE-2017-11343: The randomization factor of the symbol table was set before...
potrace -- multiple memory failure
potrace reports: CVE-2016-8685: invalid memory access in findnext CVE-2016-8686: memory allocation failure...
irssi -- heap corruption and missing boundary checks
Irssi reports: Remote crash and heap corruption. Remote code execution seems difficult since only Nuls are written...
krb5 -- KDC denial of service vulnerability
Major changes in krb5 1.14.3 and krb5 1.13.6: Fix a rare KDC denial of service vulnerability when anonymous client principals are restricted to obtaining TGTs only CVE-2016-3120...
libidn -- multiple vulnerabilities
Simon Josefsson reports: libidn: Fix out-of-bounds stack read in idnatoascii4i. idn: Solve out-of-bounds-read when reading one zero byte as input. Also replaced fgets with getline. libidn: stringpreputf8nfkcnormalize reject invalid UTF-8. It was always documented to only accept UTF-8 data, but no...
xerces-c3 -- Parser Crashes on Malformed Input
The Apache Software Foundation reports: The Xerces-C XML parser mishandles certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. The overflows can manifest as a segmentation fault or as memory corruption during a parse operation. The bugs...
libotr -- integer overflow
X41 D-Sec reports: A remote attacker may crash or execute arbitrary code in libotr by sending large OTR messages...
ricochet -- information disclosure
special reports: By sending a nickname with some HTML tags in a contact request, an attacker could cause Ricochet to make network requests without Tor after the request is accepted, which would reveal the user's IP address...
phpmyadmin -- Unsafe comparison of XSRF/CSRF token
The phpMyAdmin development team reports: The comparison of the XSRF/CSRF token parameter with the value saved in the session is vulnerable to timing attacks. Moreover, the comparison could be bypassed if the XSRF/CSRF token matches a particular pattern. We consider this vulnerability to be seriou...
xen-kernel -- PV superpage functionality missing sanity checks
The Xen Project reports: The PV superpage functionality lacks certain validity checks on data being passed to the hypervisor by guests. This is the case for the page identifier MFN passed to MMUEXTMARKSUPER and MMUEXTUNMARKSUPER sub-ops of the HYPERVISORmmuextop hypercall as well as for various...
cgit -- multiple vulnerabilities
Jason A. Donenfeld reports: Reflected Cross Site Scripting and Header Injection in Mimetype Query String. Stored Cross Site Scripting and Header Injection in Filename Parameter. Integer Overflow resulting in Buffer Overflow...
FreeBSD -- Insecure default snmpd.config permissions
Problem Description: The SNMP protocol supports an authentication model called USM, which relies on a shared secret. The default permission of the snmpd configuration file, /etc/snmpd.config, is weak and does not provide adequate protection against local unprivileged users. Impact: A local user m...
cups-filters -- code execution
Till Kamppeter reports: Cups Filters/Foomatic Filters does not consider semicolon as an illegal escape character...
redmine -- information leak vulnerability
Redmine reports: Data disclosure in atom feed...
py-amf -- input sanitization errors
oCERT reports: A specially crafted AMF payload, containing malicious references to XML external entities, can be used to trigger Denial of Service DoS conditions or arbitrarily return the contents of files that are accessible with the running application privileges...
dpkg -- stack-based buffer overflow
Salvatore Bonaccorso reports: Hanno Boeck discovered a stack-based buffer overflow in the dpkg-deb component of dpkg, the Debian package management system. This flaw could potentially lead to arbitrary code execution if a user or an automated system were tricked into processing a specially crafte...
powerdns -- Denial of Service
PowerDNS reports: A bug was found using afl-fuzz in our packet parsing code. This bug, when exploited, causes an assertion error and consequent termination of the the pdnsserver process, causing a Denial of Service...
xscreensaver - lock bypass
RedHat bugzilla reports: In dual screen configurations, unplugging one screen will cause xscreensaver to crash, leaving the screen unlocked...
Joomla! -- Core - ACL Violation vulnerabilities
The JSST and the Joomla! Security Center report: 20151003 - Core - ACL Violations Inadequate ACL checks in comcontent provide potential read access to data which should be access restricted...
remind -- buffer overflow with malicious reminder file input
Dianne Skoll reports: BUG FIX: Fix a buffer overflow found by Alexander Keller. The bug can be manifested by an extended DUMP command using a system variable that is a special variable whose name begins with '$'...
Joomla! -- Core - CSRF Protection vulnerabilities
The JSST and the Joomla! Security Center report: 20150602 - Core - CSRF Protection Lack of CSRF checks potentially enabled uploading malicious code...
drupal -- multiple vulnerabilities
Drupal development team reports: Impersonation OpenID module - Drupal 6 and 7 - Critical A vulnerability was found in the OpenID module that allows a malicious user to log in as other users on the site, including administrators, and hijack their accounts. This vulnerability is mitigated by the fa...
inspircd -- DoS
Inspircd reports: This release fixes the issues discovered since 2.0.18, containing multiple important stability and correctness related improvements, including a fix for a bug which allowed malformed DNS records to cause netsplits on a network...
freexl -- multiple vulnerabilities
Jodie Cunningham reports: 1: A flaw was found in the way FreeXL reads sectors from the input file. A specially crafted file could possibly result in stack corruption near freexl.c:3752. 2: A flaw was found in the function allocatecells. A specially crafted file with invalid workbook dimensions...
libXfont -- BDF parsing issues
Alan Coopersmith reports: Ilja van Sprundel, a security researcher with IOActive, has discovered an issue in the parsing of BDF font files by libXfont. Additional testing by Alan Coopersmith and William Robinet with the American Fuzzy Lop afl tool uncovered two more issues in the parsing of BDF...
asterisk -- File descriptor leak when incompatible codecs are offered
The Asterisk project reports: Asterisk may be configured to only allow specific audio or video codecs to be used when communicating with a particular endpoint. When an endpoint sends an SDP offer that only lists codecs not allowed by Asterisk, the offer is rejected. However, in this case, RTP por...
trafficserver -- unspecified vulnerability
Bryan Call reports: Below is our announcement for the security issue reported to us from Yahoo! Japan. All versions of Apache Traffic Server are vulnerable. We urge users to upgrade to either 4.2.1.1 or 5.0.1 immediately. This fixes CVE-2014-3525 and limits access to how the health checks are...
qemu -- denial of service vulnerability in VNC
Prasad J Pandit, Red Hat Product Security Team, reports: Qemu emulator built with the VNC display driver is vulnerable to an infinite loop issue. It could occur while processing a CLIENTCUTTEXT message with specially crafted payload message. A privileged guest user could use this flaw to crash th...
pivotx -- cross-site scripting (XSS) vulnerability
pivotx reports: cross-site scripting XSS vulnerability in the nickname and possibly the email field. Mitigated by the fact that an attacker must have a PivotX account...
nginx -- SPDY memory corruption
The nginx project reports: A bug in the experimental SPDY implementation in nginx 1.5.10 was found, which might allow an attacker to corrupt worker process memory by using a specially crafted request, potentially resulting in arbitrary code execution CVE-2014-0088. The problem only affects nginx...
FreeBSD -- bsnmpd remote denial of service vulnerability
Problem Description: The bsnmpd8 daemon is prone to a stack-based buffer-overflow when it has received a specifically crafted GETBULK PDU request. Impact: This issue could be exploited to execute arbitrary code in the context of the service daemon, or crash the service daemon, causing a...
subversion -- mod_dav_svn vulnerability
Subversion Project reports: Subversion's moddavsvn Apache HTTPD server module will crash when it receives an OPTIONS request against the server root and Subversion is configured to handle the server root and SVNListParentPath is on. This can lead to a DoS. There are no known instances of this...
Quassel IRC -- SQL injection vulnerability
Quassel IRC developers report: SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \ backslash in a message...
FreeBSD -- Kernel memory disclosure in sctp(4)
Problem Description: When initializing the SCTP state cookie being sent in INIT-ACK chunks, a buffer allocated from the kernel stack is not completely initialized. Impact: Fragments of kernel memory may be included in SCTP packets and transmitted over the network. For each SCTP session, there are...
mozilla -- use-after-free in HTML Editor
The Mozilla Project reports: MFSA 2013-29 Use-after-free in HTML Editor...
dbus-glib -- privledge escalation
Sebastian Krahmer reports: A privilege escalation flaw was found in the way dbus-glib, the D-Bus add-on library to integrate the standard D-Bus library with the GLib thread abstraction and main loop, performed filtering of the message sender message source subject, when the NameOwnerChanged signa...
tinc -- Buffer overflow
tinc-vpn.org reports: Drop packets forwarded via TCP if they are too big...
DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust
US-CERT reports: DomainKeys Identified Mail DKIM Verifiers may inappropriately convey message trust when messages are signed using test or small bit signing keys...
asterisk -- multiple vulnerabilities
Asterisk project reports: Asterisk Manager User Unauthorized Shell Access ACL rules ignored when placing outbound calls by certain IAX2 users...
automake -- Insecure 'distcheck' recipe granted world-writable distdir
GNU reports: The recipe of the 'distcheck' target granted temporary world-write permissions on the extracted distdir. This introduced a locally exploitable race condition for those who run "make distcheck" with a non-restrictive umask e.g., 022 in a directory that was accessible by others. A...
joomla -- Privilege Escalation
Joomla! reported a Core Privilege Escalation:: Inadequate checking leads to possible user privilege escalation...