6583 matches found
ntp -- Multiple vulnerabilities
nwtime.org reports: Three ntp vulnerabilities, Depending on configuration, may have little impact up to termination of the ntpd process. NTP Bug 3610: Processcontrol should exit earlier on short packets. On systems that override the default and enable ntpdc mode 7 fuzz testing detected that a sho...
tcpreplay -- Multiple vulnerabilities
fklassen on Github reports: This release fixes the following security issues: memory access in dochecksum NULL pointer dereference getlayer4v6 NULL pointer dereference getipv6l4proto...
gitea -- insufficient privilege check
The Gitea project reports: Security Prevent DeleteFilePost doing arbitrary deletion...
uriparser -- Out-of-bounds read
Upstream project reports: Out-of-bounds read in uriParseEx for incomplete URIs with IPv6 addresses with embedded IPv4 address, e.g. "//::44.1"; mitigated if passed parameter afterLast points to readable memory containing a '\0' byte...
Fix a buffer overflow in the tiff reader
libvips reports: A buffer overflow was found and fixed in the libvips code...
AccountsService -- Insufficient path check in user_change_icon_file_authorized_cb()
NVD reports: Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in userchangeiconfileauthorizedcb in user.c...
Bugzilla security issues
Bugzilla Security Advisory A CSRF vulnerability in report.cgi would allow a third-party site to extract confidential information from a bug the victim had access to...
bchunk -- heap-based buffer overflow (with invalid free) and crash
Mitre reports: bchunk 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow with a resultant invalid free and crash when processing a malformed CUE .cue file...
Multiple exploitable heap-based buffer overflow vulnerabilities exists in FreeXL 1.0.3
Cisco TALOS reports: An exploitable heap based buffer overflow vulnerability exists in the readbiffnextrecord function of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this...
drupal8 -- multiple vulnerabilities
Drupal Security Team reports: CVE-2017-6377: Editor module incorrectly checks access to inline private files CVE-2017-6379: Some admin paths were not protected with a CSRF token CVE-2017-6381: Remote code execution...
teeworlds -- Remote code execution
Teeworlds project reports: Attacker controlled memory-writes and possibly arbitrary code execution on the client, abusable by any server the client joins...
Multiple ports -- Proxy HTTP header vulnerability (httpoxy)
httpoxy.org reports: httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. It comes down to a simple namespace conflict:. RFC 3875 CGI puts the HTTP Proxy header from a request into the environment variables as HTTPPROXY HTTPPROXY is a popular...
gnutls -- file overwrite by setuid programs
gnutls.org reports: Setuid programs using GnuTLS 3.4.12 could potentially allow an attacker to overwrite and corrupt arbitrary files in the filesystem...
OpenSSL -- multiple vulnerabilities
OpenSSL reports: Padding oracle in AES-NI CBC MAC check EVPEncodeUpdate overflow EVPEncryptUpdate overflow ASN.1 BIO excessive memory allocation EBCDIC overread...
openafs -- multiple vulnerabilities
The OpenAFS development team reports: Foreign users can bypass access controls to create groups as system:administrators, including in the user namespace and the system: namespace. The contents of uninitialized memory are sent on the wire when clients perform certain RPCs. Depending on the RPC, t...
django -- regression in permissions model
Tim Graham reports: User with "change" but not "add" permission can create objects for ModelAdmin’s with saveas=True...
xen-kernel -- ioreq handling possibly susceptible to multiple read issue
The Xen Project reports: Single memory accesses in source code can be translated to multiple ones in machine code by the compiler, requiring special caution when accessing shared memory. Such precaution was missing from the hypervisor code inspecting the state of I/O requests sent to the device...
kibana4 -- CSRF vulnerability
Elastic reports: Vulnerability Summary: Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a CSRF attack. Remediation Summary: Users should upgrade to 4.1.3 or 4.2.1...
a2ps -- format string vulnerability
Jong-Gwon Kim reports: When user runs a2ps with malicious crafted proa2ps prologue file, an attacker can execute arbitrary code...
PuTTY -- memory corruption in terminal emulator's erase character handling
Ben Harris reports: Versions of PuTTY and pterm between 0.54 and 0.65 inclusive have a potentially memory-corrupting integer overflow in the handling of the ECH erase characters control sequence in the terminal emulator. To exploit a vulnerability in the terminal emulator, an attacker must be abl...
codeigniter -- multiple vulnerabilities
The CodeIgniter changelog reports: Fixed an XSS attack vector in Security Library method xssclean. Changed Config Library method baseurl to fallback to $SERVER'SERVERADDR' in order to avoid Host header injections. Changed CAPTCHA Helper to try to use the operating system's PRNG first...
OpenSSH -- PermitRootLogin may allow password connections with 'without-password'
OpenSSH 7.0 contained a logic error in PermitRootLogin= prohibit-password/without-password that could, depending on compile-time configuration, permit password authentication to root while preventing other forms of authentication. This problem was reported by Mantas Mikulenas...
KeePassX -- information disclosure
Yves-Alexis Perez reports: Starting an export using File / Export to / KeepassX XML file and cancelling it leads to KeepassX saving a cleartext XML file in /.xml without any warning...
bitcoin -- denial of service
Gregory Maxwell reports: On July 7th I will be making public details of several serious denial of service vulnerabilities which have fixed in recent versions of Bitcoin Core, including including CVE-2015-3641. I strongly recommend anyone running production nodes exposed to inbound connections fro...
PolarSSL -- Security Fix Backports
Paul Bakker reports: PolarSSL 1.2.14 fixes one remotely-triggerable issues that was found by the Codenomicon Defensics tool, one potential remote crash and countermeasures against the "Lucky 13 strikes back" cache-based attack...
turnserver -- SQL injection vulnerability
Oleg Moskalenko reports: SQL injection security hole fixed...
openldap -- two remote denial of service vulnerabilities
Ryan Tandy reports: With the deref overlay enabled, ldapsearch with '-E deref=member:' causes slapd to crash. Bill MacAllister discovered that certain queries cause slapd to crash while freeing operation controls. This is a 2.4.40 regression. Earlier releases are not affected...
FreeBSD -- ktrace kernel memory disclosure
Problem Description: Due to an overlooked merge to -STABLE branches, the size for page fault kernel trace entries was set incorrectly. Impact: A user who can enable kernel process tracing could end up reading the contents of kernel memory. Such memory might contain sensitive information, such as...
redmine -- open redirect vulnerability
Redmine reports: Open Redirect vulnerability...
OpenTTD -- Denial of service using forcefully crashed aircrafts
The OpenTTD Team reports: The problem is caused by incorrectly handling the fact that the aircraft circling the corner airport will be outside of the bounds of the map. In the 'out of fuel' crash code the height of the tile under the aircraft is determined. In this case that means a tile outside ...
rubygem-ruby_parser -- insecure tmp file usage
Michael Scherer reports: This is a relatively minor tmp file usage issue...
pyrad -- multiple vulnerabilities
Nathaniel McCallum reports: packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack. The CreateID function in packet.py in pyrad before 2.1 uses...
FreeBSD -- Insufficient message length validation for EAP-TLS messages
Problem description: The internal authentication server of hostapd does not sufficiently validate the message length field of EAP-TLS messages...
Calligra, KOffice -- input validation failure
KDE Security Advisory reports: A flaw has been found which can allow malicious code to take advantage of an input validation failure in the Microsoft import filter in Calligra and KOffice. Exploitation can allow the attacker to gain control of the running process and execute code on its behalf...
squidclamav -- Denial of Service
SquidClamav developers report: Add a workaround for a squidGuard bug that unescape the URL and send it back unescaped. This result in garbage staying into pipe of the system command call and could crash squidclamav on next read or return false information. This is specially true with URL containi...
asterisk -- multiple vulnerabilities
Asterisk project reports: Possible resource leak on uncompleted re-invite transactions. Remote crash vulnerability in voice mail application...
asterisk -- multiple vulnerabilities
Asterisk project reports: Stack Buffer Overflow in HTTP Manager Remote Crash Vulnerability in Milliwatt Application...
mutt-devel -- failure to check SMTP TLS server certificate
Dave B reports on Full Disclosure: It seems that mutt fails to check the validity of a SMTP servers certificate during a TLS connection. ... This means that an attacker could potentially MITM a mutt user connecting to their SMTP server even when the user has forced a TLS connection...
FreeBSD -- pam_ssh improperly grants access when user account has unencrypted SSH private keys
Problem Description: The OpenSSL library call used to decrypt private keys ignores the passphrase argument if the key is not encrypted. Because the pamssh module only checks whether the passphrase provided by the user is null, users with unencrypted SSH private keys may successfully authenticate...
OpenTTD -- Buffer overflows in savegame loading
The OpenTTD Team reports: Multiple buffer overflows in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via vectors related to 1 NAME, 2 PLYR, 3 CHTS, or 4 AIPL aka AI config chunk loading from a savegame...
ikiwiki -- tty hijacking via ikiwiki-mass-rebuild
The IkiWiki development team reports: Ludwig Nussel discovered a way for users to hijack root's tty when ikiwiki-mass-rebuild was run. Additionally, there was some potential for information disclosure via symlinks...
xrdb -- root hole via rogue hostname
Matthias Hopf reports: By crafting hostnames with shell escape characters, arbitrary commands can be executed in a root environment when a display manager reads in the resource database via xrdb. These specially crafted hostnames can occur in two environments: Systems are affected are: systems se...
mozilla -- update to HTTPS certificate blacklist
The Mozilla Project reports: MFSA 2011-11 Update to HTTPS certificate blacklist...
mupdf -- Remote System Access
Secunia reports: The vulnerability is caused due to an error within the "closedctd" function in fitz/filtdctd.c when processing PDF files containing certain malformed JPEG images. This can be exploited to cause a stack corruption by e.g. tricking a user into opening a specially crafted PDF file...
linux-flashplugin -- remote code execution vulnerability
Adobe Product Security Incident Response Team reports: A critical vulnerability exists in Adobe Flash Player 10.2.152.33 and earlier versions Adobe Flash Player 10.2.154.18 and earlier for Chrome users for Windows, Macintosh, Linux and Solaris operating systems, Adobe Flash Player 10.1.106.16 and...
proftpd -- Compromised source packages backdoor
The ProFTPD Project team reports: The security issue is caused due to the distribution of compromised ProFTPD 1.3.3c source code packages via the project's main FTP server and all of the mirror servers, which contain a backdoor allowing remote root access...
OTRS -- Multiple XSS and denial of service vulnerabilities
OTRS Security Advisory reports: Multiple Cross Site Scripting issues: Missing HTML quoting allows authenticated agents or customers to inject HTML tags. This vulnerability allows an attacker to inject script code into the OTRS web-interface which will be loaded and executed in the browsers of...
lftp -- multiple HTTP client download filename vulnerability
The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Content-Disposition header that suggests a crafted...
FreeBSD -- Insufficient environment sanitization in jail(8)
Problem Description: The jail8 utility does not change the current working directory while imprisoning. The current working directory can be accessed by its descendants...
powerdns-recursor -- multiple vulnerabilities
PowerDNS Security Advisory reports: PowerDNS Recursor up to and including 3.1.7.1 can be brought down and probably exploited. PowerDNS Recursor up to and including 3.1.7.1 can be spoofed into accepting bogus data...