links -- denial of service

NIST reports: The putchars function in htmlr.c in Twibright Links 2.14 allows remote attackers to cause a denial of service buffer over-read via a crafted HTML file...

TiMidity++ -- Multiple vulnerabilities

qflb.wu of DBAPPSecurity reports: Ihe insertnotesteps function in readmidi.c in TiMidity++ 2.14.0 can cause a denial of servicedivide-by-zero error and application crash via a crafted mid file. The resamplegauss function in resample.c in TiMidity++ 2.14.0 can cause a denial of...

phpmailer -- XSS in code example and default exeception handler

PHPMailer reports: Fix XSS vulnerability in one of the code examples, CVE-2017-11503. The codegenerator.phps example did not filter user input prior to output. This file is distributed with a .phps extension, so it it not normally executable unless it is explicitly renamed, so it is safe by...

chromium -- multiple vulnerabilities

Google Chrome releases reports: 40 security fixes in this release Please reference CVE/URL list for details...

Supervisord -- An authenticated client can run arbitrary shell commands via malicious XML-RPC requests

mnaberez reports: supervisord can be configured to run an HTTP server on a TCP socket and/or a Unix domain socket. The HTTP server is how supervisorctl communicates with supervisord. If an HTTP server has been enabled, it will always serve both HTML pages and an XML-RPC interface. A vulnerability...

webkit2-gtk3 -- multiple vulnerabilities

The Webkit gtk team reports: Please reference CVE/URL list for details...

tcpdump -- multiple vulnerabilities

tcpdump developers report: Too many issues to detail, see CVE references for details...

ansible -- information disclosure flaw

ansible developers report: Ansible versions 2.2.3 and earlier are vulnerable to an information disclosure flaw due to the interaction of call back plugins and the nolog directive where the information may not be sanitized properly...

Cacti -- Cross-site scripting (XSS) vulnerability in auth_profile.php

kimiizhang reports: Cross-site scripting XSS vulnerability in authprofile.php in Cacti 1.1.13 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers...

GitLab -- Various security issues

GitLab reports: Please reference CVE/URL list for details...

h2o -- DoS in workers

Frederik Deweerdt reports: Multiple Denial-of-Service vulnerabilities exist in h2o workers - see references for full details. CVE-2017-10868: Worker processes may crash when receiving a request with invalid framing. CVE-2017-10869: The stack may overflow when proxying huge requests...

MySQL -- multiple vulnerabilities

Oracle reports: Please reference CVE/URL list for details...

gsoap -- remote code execution via via overflow

Senrio reports: Genivia gSOAP is prone to a stack-based buffer-overflow vulnerability because it fails to properly bounds check user-supplied data before copying it into an insufficiently sized buffer. A remote attacker may exploit this issue to execute arbitrary code in the context of the affect...

krb5 -- Multiple vulnerabilities

MIT reports: CVE-2017-11368: In MIT krb5 1.7 and later, an authenticated attacker can cause an assertion failure in krb5kdc by sending an invalid S4U2Self or S4U2Proxy request. CVE-2017-11462: RFC 2744 permits a GSS-API implementation to delete an existing security context on a second or subseque...

FreeBSD -- heimdal KDC-REP service name validation vulnerability

Problem Description: There is a programming error in the Heimdal implementation that used an unauthenticated, plain-text version of the KDC-REP service name found in a ticket. Impact: An attacker who has control of the network between a client and the service it talks to will be able to impersona...

samba -- Orpheus Lyre mutual authentication validation bypass

The samba project reports: A MITM attacker may impersonate a trusted server and thus gain elevated access to the domain by returning malicious replication or authorization data...

Apache httpd -- multiple vulnerabilities

The Apache httpd project reports: important: Read after free in modhttp2 CVE-2017-9789 When under stress, closing many connections, the HTTP/2 handling code would sometimes access memory after it has been freed, resulting in potentially erratic behaviour. important: Uninitialized memory reflectio...

Flash Player -- multiple vulnerabilities

Adobe reports: These updates resolve security bypass vulnerability that could lead to information disclosure CVE-2017-3080. These updates resolve memory corruption vulnerability that could lead to remote code execution CVE-2017-3099. These updates resolve memory corruption vulnerability that coul...

nginx -- a specially crafted request might result in an integer overflow

Maxim Dounin reports: A security issue was identified in nginx range filter. A specially crafted request might result in an integer overflow and incorrect processing of ranges, potentially resulting in sensitive information leak CVE-2017-7529...

xorg-server -- Multiple Issues

xorg-server developers reports: In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events. Uninitialized data in endianness conversion in the XEve...

oniguruma -- multiple vulnerabilities

the PHP project reports: A stack out-of-bounds read occurs in matchat during regular expression searching. A logical error involving order of validation and access in matchat could result in an out-of-bounds read from a stack buffer CVE-2017-9224. A heap out-of-bounds write or read occurs in...

evince and atril -- command injection vulnerability in CBT handler

GNOME reports: The comic book backend in evince 3.24.0 and earlier is vulnerable to a command injection bug that can be used to execute arbitrary commands when a CBT file is opened. The same vulnerability affects atril, the Evince fork...

Cacti -- Cross-site scripting (XSS) vulnerability in link.php

kimiizhang reports: Cross-site scripting XSS vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML via the id parameter...

irssi -- multiple vulnerabilities

irssi reports: When receiving messages with invalid time stamps, Irssi would try to dereference a NULL pointer. While updating the internal nick list, Irssi may incorrectly use the GHashTable interface and free the nick while updating it. This will then result in use-after-free conditions on each...

Zabbix -- Remote code execution

mitre reports: An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X. A specially crafted set of packets can cause a command injection resulting in remote code execution. An attacker can make requests from an active Zabbix Proxy to trigger...

GraphicsMagick -- multiple vulnerabilities

GraphicsMagick reports: Multiple vulnerabilities have been found in GraphicsMagick 1.3.26 or earlier. Please refer to the CVE list for details...

jabberd -- authentication bypass vulnerability

SecurityFocus reports: JabberD is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks...

tor -- security regression

The Tor Project reports: Tor 0.3.0.9 fixes a path selection bug that would allow a client to use a guard that was in the same network family as a chosen exit relay. This is a security regression; all clients running earlier versions of 0.3.0.x or 0.3.1.x should upgrade to 0.3.0.9 or 0.3.1.4-alpha...

libgcrypt -- side-channel attack on RSA secret keys

GnuPG reports: Mitigate a flush+reload side-channel attack on RSA secret keys dubbed "Sliding right into disaster"...

node.js -- multiple vulnerabilities

Updates are now available for all active Node.js release lines as well as the 7.x line. These include the fix for the high severity vulnerability identified in the initial announcement, one additional lower priority Node.js vulnerability in the 4.x release line, as well as some lower priority fix...

tiff -- multiple vulnerabilities

Debian Security Advisory reports: Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code...

drupal -- Drupal Core - Multiple Vulnerabilities

Drupal Security Team Reports: CVE-2017-6920: PECL YAML parser unsafe object handling. CVE-2017-6921: File REST resource does not properly validate CVE-2017-6922: Files uploaded by anonymous users into a private file system can be accessed by other anonymous users...

poppler -- multiple denial of service issues

Poppler developers report: Poppler is prone to a stack-based buffer-overflow vulnerability. Successful exploits may allow attackers to crash the affected application, resulting in denial-of-service condition. Due to the nature of this issue, arbitrary code execution may be possible but this has n...

pear-Horde_Image -- DoS vulnerability

Michael J Rubinsky reports: The second vulnerability CVE-2017-9773 is a DOS vulnerability. This only affects Horde installations that do not have a configured image handling backend, and thus use the "Null" image driver. It is exploitable by a logged in user clicking on a maliciously crafted URL...

pear-Horde_Image -- remote code execution vulnerability

Michael J Rubinsky reports: The fist vulnerability CVE-2017-9774 is a Remote Code Execution vulnerability and is exploitable by a logged in user sending a maliciously crafted GET request to the Horde server...

Apache httpd -- several vulnerabilities

The Apache httpd project reports: apgetbasicauthpw Authentication Bypass CVE-2017-3167: Use of the apgetbasicauthpw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. modssl Null Pointer Dereference CVE-2017-3169:modssl may dereferen...

exim -- Privilege escalation via multiple memory leaks

Qualsys reports: Exim supports the use of multiple "-p" command line arguments which are malloc'ed and never free'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has...

codeigniter -- input validation bypass

The CodeIgniter changelog reports: Form Validation Library rule validemail could be bypassed if idntoascii is available...

FreeRadius -- Multiple vulnerabilities

Guido Vranken reports: Multiple vulnerabilities found via fuzzing: FR-GV-201 v2,v3 Read / write overflow in makesecret FR-GV-202 v2 Write overflow in radcoalesce FR-GV-203 v2 DHCP - Memory leak in decodetlv FR-GV-204 v2 DHCP - Memory leak in frdhcpdecode FR-GV-205 v2 DHCP - Buffer over-read in...

chromium -- multiple vulnerabilities

Google Chrome releases reports: 5 security fixes in this release, including: 725032 High CVE-2017-5087: Sandbox Escape in IndexedDB. Reported by Ned Williamson on 2017-05-22 729991 High CVE-2017-5088: Out of bounds read in V8. Reported by Xiling Gong of Tencent Security Platform Department on...

rt and dependent modules -- multiple security vulnerabilities

BestPractical reports: Please reference CVE/URL list for details...

cURL -- URL file scheme drive letter buffer overflow

cURL security advisory: When libcurl is given either 1. a file: URL that doesn't use two slashes following the colon, or 2. is told that file is the default scheme to use for URLs without scheme ... and the given path starts with a drive letter and libcurl is built for Windows or DOS, then libcur...

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: Please reference CVE/URL list for details...

Flash Player -- multiple vulnerabilities

Adobe reports: These updates resolve use-after-free vulnerabilities that could lead to code execution CVE-2017-3075, CVE-2017-3081, CVE-2017-3083, CVE-2017-3084. These updates resolve memory corruption vulnerabilities that could lead to code execution CVE-2017-3076, CVE-2017-3077, CVE-2017-3078,...

GitLab -- Various security issues

GitLab reports: Please reference CVE/URL list for details...

GnuTLS -- Denial of service vulnerability

The GnuTLS project reports: It was found using the TLS fuzzer tools that decoding a status response TLS extension with valid contents could lead to a crash due to a null pointer dereference. The issue affects GnuTLS server applications...

irssi -- remote DoS

Joseph Bisch reports: When receiving a DCC message without source nick/host, Irssi would attempt to dereference a NULL pointer. When receiving certain incorrectly quoted DCC files, Irssi would try to find the terminating quote one byte before the allocated memory...

chromium -- multiple vulnerabilities

Google Chrome releases reports: 30 security fixes in this release Please reference CVE/URL list for details...

python -- possible integer overflow vulnerability

Python issue: There is a possible integer overflow in PyStringDecodeEscape function of the file stringobject.c, which can be abused to gain a heap overflow, possibly leading to arbitrary code execution...

strongswan -- Denial-of-service vulnerability in the x509 plugin

strongSwan security team reports: ASN.1 CHOICE types are not correctly handled by the ASN.1 parser when parsing X.509 certificates with extensions that use such types. This could lead to infinite looping of the thread parsing a specifically crafted certificate...