ruby -- multiple vulnerabilities

Ruby blog: CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf If a malicious format string which contains a precious specifier is passed and a huge minus value is also passed to the specifier, buffer underrun may be caused. In such situation, the result may contains heap, or the Ruby...

libofx -- exploitable buffer overflow

Talos developers report: An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this...

Flash Player -- multiple vulnerabilities

Adobe reports: These updates resolve memory corruption vulnerabilities that could lead to remote code execution CVE-2017-11281, CVE-2017-11282...

libraw -- buffer overflow

libraw developers report: LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file...

FFmpeg -- multiple vulnerabilities

FFmpeg security reports: Multiple vulnerabilities have been fixed in FFmpeg 3.3.4. Please refer to the CVE list for details...

Multiple exploitable heap-based buffer overflow vulnerabilities exists in FreeXL 1.0.3

Cisco TALOS reports: An exploitable heap based buffer overflow vulnerability exists in the readbiffnextrecord function of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this...

libraw -- denial of service and remote code execution

libraw developers report: A Stack-based Buffer Overflow was discovered in xtransinterpolate in internal/dcrawcommon.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack...

libsndfile -- out-of-bounds reads

Xin-Jiang on Github reports: CVE-2017-14245 Medium: An out of bounds read in the function d2alawarray in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. CVE-2017-14246 Medium: An out of...

libbson -- Denial of Service

mongodb developers report: In MongoDB libbson 1.7.0, the bsonitercodewscope function in bson-iter.c miscalculates a bsonutf8validate length argument, which allows remote attackers to cause a denial of service heap-based buffer over-read in the bsonutf8validate function in bson-utf8.c, as...

libgd -- Denial of servica via double free

libgd developers report: Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors...

GitLab -- multiple vulnerabilities

GitLab reports: Please reference CVE/URL list for details...

cyrus-imapd -- broken "other users" behaviour

Cyrus IMAP 3.0.4 Release Notes states: Fixed Issue 2132: Broken "Other Users" behaviour...

aacplusenc -- denial of service

Gentoo developers report: DeleteBitBuffer in libbitbuf/bitbuffer.c in mp4tools aacplusenc 0.17.5 allows remote attackers to cause a denial of service invalid memory write, SEGV on unknown address 0x000000000030, and application crash or possibly have unspecified other impact via a crafted .wav...

py-Scrapy -- DoS vulnerability

kmike and nramirezuy report: Scrapy 1.4 allows remote attackers to cause a denial of service memory consumption via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually written in a separate thread to a slow storage...

ledger -- multiple vulnerabilities

Talos reports: An exploitable buffer overflow vulnerability exists in the tag parsing functionality of Ledger-CLI 3.1.1. A specially crafted journal file can cause an integer underflow resulting in code execution. An attacker can construct a malicious journal file to trigger this vulnerability. A...

Django -- possible XSS in traceback section of technical 500 debug page

Django blog: In older versions, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with DEBUG =...

chromium -- multiple vulnerabilities

Google Chrome releases reports: 22 security fixes in this release, including: 737023 High CVE-2017-5111: Use after free in PDFium. Reported by Luat Nguyen on KeenLab, Tencent on 2017-06-27 740603 High CVE-2017-5112: Heap buffer overflow in WebGL. Reported by Tobias Klein on 2017-07-10 747043 High...

emacs -- enriched text remote code execution vulnerability

Paul Eggert reports: Charles A. Roelli has found a security flaw in the enriched mode in GNU Emacs. When Emacs renders MIME text/enriched data Internet RFC 1896, it is vulnerable to arbitrary code execution. Since Emacs-based mail clients decode "Content-Type: text/enriched", this code is...

asterisk -- RTP/RTCP information leak

The Asterisk project reports: This is a follow up advisory to AST-2017-005. Insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the "nat" and "symmetricrtp" options allow redirecting where Asterisk sends the next RTCP report. The RTP stream...

libzip -- denial of service

libzip developers report: The zipreadeocd64 function in zipopen.c in libzip before 1.3.0 mishandles EOCD records, which allows remote attackers to cause a denial of service memory allocation failure in zipcdirgrow in zipdirent.c via a crafted ZIP archive...

asterisk -- Remote Crash Vulerability in res_pjsip

The Asterisk project reports: A carefully crafted URI in a From, To or Contact header could cause Asterisk to crash...

asterisk -- Unauthorized data disclosure and shell access command injection in app_minivm

The Asterisk project reports: AST-2017-005 - A change was made to the strict RTP support in the RTP stack to better tolerate late media when a reinvite occurs. When combined with the symmetric RTP support this introduced an avenue where media could be hijacked. Instead of only learning a new...

gdk-pixbuf -- multiple vulnerabilities

TALOS reports: An exploitable integer overflow vulnerability exists in the tiffimageparse functionality. An exploitable heap-overflow vulnerability exists in the gdkpixbufjpegimageloadincrement functionality...

libtiff -- Improper Input Validation

libtiff developers report: There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd in LibTIFF 4.0.8, related to tifdirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack. There is a reachable assertion abort in the function...

ncurses -- multiple issues

ncurses developers reports: There are multiple illegal address access issues and an infinite loop issue. Please refer to the CVE list for details...

rubygems -- multiple vulnerabilities

Official blog of RubyGems reports: The following vulnerabilities have been reported: a DNS request hijacking vulnerability, an ANSI escape sequence vulnerability, a DoS vulnerability in the query command, and a vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary...

libgcrypt -- side-channel attack vulnerability

GnuPG reports: Mitigate a local side-channel attack on Curve25519 dubbed "May the Fourth Be With You"...

Python 2.7 -- multiple vulnerabilities

Python reports: Multiple vulnerabilities have been fixed in Python 2.7.14. Please refer to the CVE list for details...

py-kerberos -- DoS and MitM vulnerabilities

macosforgebot reports: The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service bad response, or have other unspecified impact by performing a man-in-the-middle attack...

dnsdist -- multiple vulnerabilities

PowerDNS Security Advisory reports: The first issue can lead to a denial of service on 32-bit if a backend sends crafted answers, and the second to an alteration of dnsdist's ACL if the API is enabled, writable and an authenticated user is tricked into visiting a crafted website...

pspp -- multiple vulnerabilities

CVE Details reports: There is an Integer overflow in the hashint function of the libpspp library in GNU PSPP 0.10.5-pre2 CVE-2017-10791. There is a NULL Pointer Dereference in the function llinsert of the libpspp library in GNU PSPP 0.10.5-pre2 CVE-2017-10792. There is an illegal address access i...

libsoup -- stack based buffer overflow

Tobias Mueller reports: libsoup is susceptible to a stack based buffer overflow attack when using chunked encoding. Regardless of libsoup being used as a server or client...

salt -- Maliciously crafted minion IDs can cause unwanted directory traversals on the Salt-master

SaltStack reports: Correct a flaw in minion id validation which could allow certain minions to authenticate to a master despite not having the correct credentials. To exploit the vulnerability, an attacker must create a salt-minion with an ID containing characters that will cause a directory...

drupal -- Drupal Core - Multiple Vulnerabilities

Drupal Security Team: CVE-2017-6923: Views - Access Bypass - Moderately Critical CVE-2017-6924: REST API can bypass comment approval - Access Bypass - Moderately Critica CVE-2017-6925: Entity access bypass for entities that do not have UUIDs or have protected revisions - Access Bypass - Critical...

kanboard -- multiple privilege escalation vulnerabilities

chbi reports: an authenticated standard user could reset the password of another user including admin by altering form data...

Mercurial -- multiple vulnerabilities

Mercurial Release Notes: CVE-2017-1000115 Mercurial's symlink auditing was incomplete prior to 4.3, and could be abused to write to files outside the repository. CVE-2017-1000116 Mercurial was not sanitizing hostnames passed to ssh, allowing shell injection attacks on clients by specifying a...

PostgreSQL vulnerabilities

The PostgreSQL project reports: CVE-2017-7546: Empty password accepted in some authentication methods CVE-2017-7547: The "pgusermappings" catalog view discloses passwords to users lacking server privileges CVE-2017-7548: loput function ignores ACLs...

FreeBSD -- OpenSSH Denial of Service vulnerability

Problem Description: There is no limit on the password length. Impact: A remote attacker may be able to cause an affected SSH server to use excessive amount of CPU by sending very long passwords, when PasswordAuthentication is enabled by the system administrator...

subversion -- Arbitrary code execution vulnerability

subversion team reports: A Subversion client sometimes connects to URLs provided by the repository. This happens in two primary cases: during 'checkout', 'export', 'update', and 'switch', when the tree being downloaded contains svn:externals properties; and when using 'svnsync sync' with one URL...

GitLab -- two vulnerabilities

GitLab reports: Remote Command Execution in git client An external code review performed by Recurity-Labs identified a remote command execution vulnerability in git that could be exploited via the "Repo by URL" import option in GitLab. The command line git client was not properly escaping command...

cvs -- Remote code execution via ssh command injection

Hank Leininger reports: Bugs in Git, Subversion, and Mercurial were just announced and patched which allowed arbitrary local command execution if a malicious name was used for the remote server, such as starting with - to pass options to the ssh client: git clone...

cURL -- multiple vulnerabilities

The cURL project reports: FILE buffer read out of bounds TFTP sends more than buffer size URL globbing out of bounds read...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: Several security fixes in this release, including: 780450 High CVE-2018-6031: Use after free in PDFium. Reported by Anonymous on 2017-11-01 787103 High CVE-2018-6032: Same origin bypass in Shared Worker. Reported by Jun Kokatsu @shhnjk on 2017-11-20 793620 High...

Flash Player -- multiple vulnerabilities

Adobe reports: These updates resolve security bypass vulnerability that could lead to information disclosure CVE-2017-3085. These updates resolve type confusion vulnerability that could lead to remote code execution CVE-2017-3106...

sqlite3 -- heap-buffer overflow

Google reports: A heap-buffer overflow sometimes a crash can arise when running a SQL request on malformed sqlite3 databases...

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: Please reference CVE/URL list for details...

payara -- Code execution via crafted PUT requests to JSPs

When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled e.g. via setting the readonly initialisation parameter of the Default to false it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it containe...

nss -- Use-after-free in TLS 1.2 generating handshake hashes

Mozilla reports: During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leav...

Varnish -- Denial of service vulnerability

phk reports: A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert...

php-gd and gd -- Buffer over-read into uninitialized memory

PHP developers report: The GIF decoding function gdImageCreateFromGifCtx in gdgifin.c in the GD Graphics Library aka libgd, as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read 700 byt...