6583 matches found
linux-flashplugin -- multiple vulnerabilities
Adobe Product Security Incident Response Team reports: Critical vulnerabilities have been identified in Adobe Flash Player 10.3.183.7 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.186.6 and earlier versions for Android. These vulnerabilities could cau...
asterisk -- Remote crash vulnerability
The Asterisk Development Team reports: If a remote user initiates a SIP call and the recipient picks up, the remote user can reply with a malformed Contact header that Asterisk will improperly handle and cause a crash due to a segmentation fault...
Subversion -- multiple vulnerabilities
Subversion team reports: Subversion's moddavsvn Apache HTTPD server module will dereference a NULL pointer if asked to deliver baselined WebDAV resources. This can lead to a DoS. An exploit has been tested, and tools or users have been observed triggering this problem in the wild. Subversion's...
BIND -- Large RRSIG RRsets and Negative Caching DoS
ISC reports: A BIND 9 DNS server set up to be a caching resolver is vulnerable to a user querying a domain with very large resource record sets RRSets when trying to negatively cache a response. This can cause the BIND 9 DNS server named process to crash...
drupal6 -- multiple vulnerabilities
Drupal Team reports: A reflected cross site scripting vulnerability was discovered in Drupal's error handler. Drupal displays PHP errors in the messages area, and a specially crafted URL can cause malicious scripts to be injected into the message. The issue can be mitigated by disabling on-screen...
Unbound -- an empty error packet handling assertion failure
Unbound developer reports: NLnet Labs was notified of an error in Unbound's code-path for error replies which is triggered under special conditions. The error causes the program to abort...
dovecot -- denial of service vulnerability
Timo Sirainen reports: Fixed potential crashes and other problems when parsing header names that contained NUL characters...
Erlang -- ssh library uses a weak random number generator
US-CERT reports: The Erlang/OTP ssh library implements a number of cryptographic operations that depend on cryptographically strong random numbers. Unfortunately the RNG used by the library is not cryptographically strong, and is further weakened by the use of predictable seed material. The RNG...
libvncserver -- memory corruption
Petr Pisar reports: libvncserver/tight.c:rfbTightCleanup frees a buffer without zeroing freed pointer...
Apache APR -- DoS vulnerabilities
The Apache Portable Runtime Project reports: Reimplement aprfnmatch from scratch using a non-recursive algorithm; now has improved compliance with the fnmatch spec...
Apache APR -- DoS vulnerabilities
The Apache Portable Runtime Project reports: A flaw was discovered in the aprfnmatch function in the Apache Portable Runtime APR library 1.4.4 or any backported versions that contained the upstream fix for CVE-2011-0419. This could cause httpd workers to enter a hung state 100% CPU utilization...
Opera -- code injection vulnerability through broken frameset handling
Opera Software ASA reports: Fixed an issue with framesets that could allow execution of arbitrary code, as reported by an anonymous contributor working with the SecuriTeam Secure Disclosure program...
ViewVC -- user-reachable override of cvsdb row limit
ViewVC.org reports: Security fix: remove user-reachable override of cvsdb row limit...
linux-flashplugin -- remote code execution vulnerability
Adobe Product Security Incident Response Team reports: A critical vulnerability has been identified in Adobe Flash Player 10.3.181.23 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.185.23 and earlier versions for Android. This memory corruption...
linux-flashplugin -- multiple vulnerabilities
Adobe Product Security Incident Response Team reports: Critical vulnerabilities have been identified in Adobe Flash Player 10.3.181.36 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.185.25 and earlier versions for Android. These vulnerabilities could...
linux-flashplugin -- cross-site scripting vulnerability
Adobe Product Security Incident Response Team reports: An important vulnerability has been identified in Adobe Flash Player 10.3.181.16 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.185.22 and earlier versions for Android. This universal cross-site...
Exim -- remote code execution and information disclosure
Release notes for Exim 4.76 says: Bugzilla 1106: CVE-2011-1764 - DKIM log line was subject to a format-string attack -- SECURITY: remote arbitrary code execution. DKIM signature header parsing was double-expanded, second time unintentionally subject to list matching rules, letting the header caus...
Apache APR -- DoS vulnerabilities
The Apache Portable Runtime Project reports: Note especially a security fix to APR 1.4.4, excessive CPU consumption was possible due to an unconstrained, recursive invocation of aprfnmatch, as aprfnmatch processed '' wildcards. Reimplement aprfnmatch from scratch using a non-recursive algorithm n...
Postfix -- memory corruption vulnerability
The Postfix SMTP server has a memory corruption error, when the Cyrus SASL library is used with authentication mechanisms other than PLAIN and LOGIN ANONYMOUS is not affected, but should not be used for other reasons. This memory corruption is known to result in a program crash SIGSEV...
Zend Framework -- potential SQL injection when using PDO_MySql
The Zend Framework team reports: Developers using non-ASCII-compatible encodings in conjunction with the MySQL PDO driver of PHP may be vulnerable to SQL injection attacks. Developers using ASCII-compatible encodings like UTF8 or latin1 are not affected by this PHP issue...
mailman -- CSRF hardening in parts of the web interface
The late Tokio Kikuchi reported: We may have to set lifetime for input forms because of recent activities on cross-site request forgery CSRF. The form lifetime is successfully deployed in frameworks like web.py or plone etc. Proposed branch lp:tkikuchi/mailman/form-lifetime implement lifetime in...
fetchmail -- STARTTLS denial of service
Matthias Andree reports: Fetchmail version 5.9.9 introduced STLS support for POP3, version 6.0.0 added STARTTLS for IMAP. However, the actual STARTTLS-initiated in-band SSL/TLS negotiation was not guarded by a timeout. Depending on the operating system defaults as to TCP stream keepalive mode,...
Mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2011-12 Miscellaneous memory safety hazards MFSA 2011-13 Multiple dangling pointer vulnerabilities MFSA 2011-14 Information stealing via form history MFSA 2011-15 Escalation of privilege through Java Embedding Plugin MFSA 2011-16 Directory traversal in resource:...
ejabberd -- remote denial of service vulnerability
It's reported in CVE advisory that: expaterl.c in ejabberd before 2.1.7 and 3.x before 3.0.0-alpha-3, and exmpp before 0.9.7, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted XML documen...
Asterisk -- multiple vulnerabilities
The Asterisk Development Team reports: It is possible for a user of the Asterisk Manager Interface to bypass a security check and execute shell commands when they should not have that ability. Sending the "Async" header with the "Application" header during an Originate action, allows authenticate...
FreeBSD -- Network ACL mishandling in mountd(8)
Problem Description: While parsing the exports5 table, a network mask in the form of "-network=netname/prefixlength" results in an incorrect network mask being computed if the prefix length is not a multiple of 8. For example, specifying the ACL for an export as "-network 192.0.2.0/23" would resu...
rt -- multiple vulnerabilities
Best Practical reports: In the process of preparing the release of RT 4.0.0, we performed an extensive security audit of RT's source code. During this audit, several vulnerabilities were found which affect earlier releases of RT...
mediawiki -- multiple vulnerabilities
Mediawiki reports: Bug 28534 XSS vulnerability for IE 6 clients. This is the third attempt at fixing bug 28235. Bug 28639 Potential privilege escalation when $wgBlockDisablesLogin is enabled...
krb5 -- MITKRB5-SA-2011-004, kadmind invalid pointer free() [CVE-2011-0285]
An advisory published by the MIT Kerberos team says: The password-changing capability of the MIT krb5 administration daemon kadmind has a bug that can cause it to attempt to free an invalid pointer under certain error conditions. This can cause the daemon to crash or induce the execution of...
rsync -- incremental recursion memory corruption vulnerability
rsync development team reports: Fixed a data-corruption issue when preserving hard-links without preserving file ownership, and doing deletions either before or during the transfer CVE-2011-1097. This fixes some assert errors in the hard-linking code, and some potential failed checksums via -c th...
VLC -- Heap corruption in MP4 demultiplexer
VideoLAN project reports: When parsing some MP4 MPEG-4 Part 14 files, insufficient buffer size might lead to corruption of the heap...
xrdb -- root hole via rogue hostname
Matthias Hopf reports: By crafting hostnames with shell escape characters, arbitrary commands can be executed in a root environment when a display manager reads in the resource database via xrdb. These specially crafted hostnames can occur in two environments: Systems are affected are: systems se...
isc-dhcp-client -- dhclient does not strip or escape shell meta-characters
ISC reports: ISC dhclient did not strip or escape certain shell meta-characters in responses from the dhcp server like hostname before passing the responses on to dhclient-script. Depending on the script and OS, this can result in execution of exploit code on the client...
pureftpd -- multiple vulnerabilities
Pure-FTPd development team reports: Support for braces expansion in directory listings has been disabled -- Cf. CVE-2011-0418. Fix a STARTTLS flaw similar to Postfix's CVE-2011-0411. If you're using TLS, upgrading is recommended...
gdm -- privilege escalation vulnerability
Sebastian Krahmer reports: It was discovered that the GNOME Display Manager gdm cleared the cache directory, which is owned by an unprivileged user, with the privileges of the root user. A race condition exists in gdm where a local user could take advantage of this by writing to the cache directo...
mozilla -- update to HTTPS certificate blacklist
The Mozilla Project reports: MFSA 2011-11 Update to HTTPS certificate blacklist...
php -- ZipArchive segfault with FL_UNCHANGED on empty archive
US-CERT/NIST reports: The zipnamelocate function in zipnamelocate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FLUNCHANGED argument, which might allow context-dependent attackers to cause a denial of service application crash via an empty ZIP archive that is...
php -- crash on crafted tag in exif
US-CERT/NIST reports: exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service application crash via an image with a crafted Image File Directory IFD that triggers a buffer over-read...
krb5 -- MITKRB5-SA-2011-003, KDC vulnerable to double-free when PKINIT enabled
An advisory published by the MIT Kerberos team says: The MIT Kerberos 5 Key Distribution Center KDC daemon is vulnerable to a double-free condition if the Public Key Cryptography for Initial Authentication PKINIT capability is enabled, resulting in daemon crash or arbitrary code execution which i...
OTRS -- Several XSS attacks possible
OTRS Security Advisory reports: Several XSS attacks possible: An attacker could trick a logged in user to following a prepared URL inside of the OTRS system which causes a page to be shown that possibly includes malicious !JavaScript code because of incorrect escaping during the generation of the...
redmine -- XSS vulnerability
Jean-Philippe Lang reports: This maintenance release for 1.1.x users includes 13 bug fixes since 1.1.1 and a security fix XSS vulnerability affecting all Redmine versions from 1.0.1 to 1.1.1...
postfix -- plaintext command injection with SMTP over TLS
Wietse Venema has discovered a software flaw that allows an attacker to inject client commands into an SMTP session during the unprotected plaintext SMTP protocol phase, such that the server will execute those commands during the SMTP- over-TLS protocol phase when all communication is supposed to...
dtc -- multiple vulnerabilities
Ansgar Burchardt reports: Ansgar Burchardt discovered several vulnerabilities in DTC, a web control panel for admin and accounting hosting services: The bwpermoth.php graph contains an SQL injection vulnerability; insufficient checks in bwpermonth.php can lead to bandwidth usage information...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2011-01 Miscellaneous memory safety hazards rv:1.9.2.14/ 1.9.1.17 MFSA 2011-02 Recursive eval call causes confirm dialogs to evaluate to true MFSA 2011-03 Use-after-free error in JSON.stringify MFSA 2011-04 Buffer overflow in JavaScript upvarMap MFSA 2011-05 Buff...
asterisk -- Multiple Vulnerabilities
The Asterisk Development Team reports: The releases of Asterisk 1.6.1.23, 1.6.2.17.1, and 1.8.3.1 resolve two issues: Resource exhaustion in Asterisk Manager Interface AST-2011-003 Remote crash vulnerability in TCP/TLS server AST-2011-004 The issues and resolutions are described in the AST-2011-0...
Samba -- Denial of service - memory corruption
The Samba team reports: Samba is vulnerable to a denial of service, caused by a memory corruption error related to missing range checks on file descriptors being used in the "FDSET" macro. By performing a select on a bad file descriptor set, a remote attacker could exploit this vulnerability to...
subversion -- remote HTTP DoS vulnerability
Subversion project reports: Subversion HTTP servers up to 1.5.9 inclusive or 1.6.15 inclusive are vulnerable to a remotely triggerable NULL-pointer dereference...
hiawatha -- integer overflow in Content-Length header parsing
Hugo Leisink reports: A bug has been found in version 7.4 of the Hiawatha webserver, which could lead to a server crash. This is caused by an integer overflow in the routine that reads the HTTP request. A too large value of the Content-Length HTTP header results in an overflow...
avahi -- denial of service
Avahi developers reports: A vulnerability has been reported in Avahi, which can be exploited by malicious people to cause a DoS Denial of Service. The vulnerability is caused due to an error when processing certain UDP packets, which can be exploited to trigger an infinite loop by e.g. sending an...
moinmoin -- cross-site scripting via RST parser
MITRE CVE team reports: Cross-site scripting XSS vulnerability in the reStructuredText rst parser in parser/textrst.py in MoinMoin before 1.9.4, when docutils is installed or when "format rst" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refu...