tiff -- multiple vulnerabilities

NVD reports: Please reference CVE/URL list for details...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 5 security fixes in this release, including: 698622 Critical CVE-2017-5055: Use after free in printing. Credit to Wadih Matar 699166 High CVE-2017-5054: Heap buffer overflow in V8. Credit to Nicolas Trippar of Zimperium zLabs 662767 High CVE-2017-5052: Bad cast in...

phpMyAdmin -- bypass 'no password' restriction

The phpMyAdmin team reports: Summary Bypass $cfg'Servers'$i'AllowNoPassword' Description A vulnerability was discovered where the restrictions caused by $cfg'Servers'$i'AllowNoPassword' = false are bypassed under certain PHP versions. This can allow the login of users who have no password set eve...

xen-tools -- xenstore denial of service via repeated update

The Xen Project reports: Unprivileged guests may be able to stall progress of the control domain or driver domain, possibly leading to a Denial of Service DoS of the entire host...

asterisk -- Buffer overflow in CDR's set user

The Asterisk project reports: No size checking is done when setting the user field on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. This allows the possibility of remote code injection...

samba -- symlink race allows access outside share definition

Samba team reports: A time-of-check, time-of-use race condition can allow clients to access non-exported parts of the file system via symlinks...

codeigniter -- multiple vulnerabilities

The CodeIgniter changelog reports: Fixed a header injection vulnerability in common function setstatusheader under Apache thanks to Guillermo Caminer from Flowgate. Fixed byte-safety issues in Encrypt Library DEPRECATED when mbstring.funcoverload is enabled. Fixed byte-safety issues in Encryption...

gitlab -- Various security issues

GitLab reports: Information Disclosure in Issue and Merge Request Trackers During an internal code review a critical vulnerability in the GitLab Issue and Merge Request trackers was discovered. This vulnerability could allow a user with access to assign ownership of an issue or merge request to...

squashfs-tools -- Integer overflow

Phillip Lougher reports: Integer overflow in the readfragmenttable4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service application crash via a crafted input, which triggers a stack-based buffer overflow...

firefox -- integer overflow in createImageBitmap()

The Mozilla Foundation reports: An integer overflow in createImageBitmap was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the createImageBitmap API. This function runs in the content sandbox, requiring a second vulnerability to...

NSS -- multiple vulnerabilities

Mozilla Foundation reports: An out-of-bounds write during Base64 decoding operation in the Network Security Services NSS library due to insufficient memory being allocated to the buffer. This results in a potentially exploitable crash. The NSS library has been updated to fix this issue to address...

chicken -- multiple vulnerabilities

CHICKEN reports: CVE-2017-6949: Unchecked malloc call in SRFI-4 constructors when allocating in non-GC memory, resulting in potential 1-word buffer overrun and/or segfault CVE-2017-9334: "length" crashes on improper lists CVE-2017-11343: The randomization factor of the symbol table was set before...

drupal8 -- multiple vulnerabilities

Drupal Security Team reports: CVE-2017-6377: Editor module incorrectly checks access to inline private files CVE-2017-6379: Some admin paths were not protected with a CSRF token CVE-2017-6381: Remote code execution...

Flash Player -- multiple vulnerabilities

Adobe reports: These updates resolve a buffer overflow vulnerability that could lead to code execution CVE-2017-2997. These updates resolve memory corruption vulnerabilities that could lead to code execution CVE-2017-2998, CVE-2017-2999. These updates resolve a random number generator vulnerabili...

xen-tools -- Cirrus VGA Heap overflow via display refresh

The Xen Project reports: A privileged user within the guest VM can cause a heap overflow in the device model process, potentially escalating their privileges to that of the device model process...

id Tech 3 -- remote code execution vulnerability

The content auto-download of id Tech 3 can be used to deliver maliciously crafted content, that triggers downloading of further content and loading and executing it as native code with user credentials. This affects ioquake3, ioUrbanTerror, OpenArena, the original Quake 3 Arena and other forks...

moodle -- multiple vulnerabilities

Marina Glancy reports: In addition to a number of bug fixes and small improvements, security vulnerabilities have been discovered and fixed. We highly recommend that you upgrade your sites as soon as possible. Upgrading should be very straightforward. As per our usual policy, admins of all...

mbed TLS (PolarSSL) -- multiple vulnerabilities

Janos Follath reports: If a malicious peer supplies a certificate with a specially crafted secp224k1 public key, then an attacker can cause the server or client to attempt to free block of memory held on stack. Depending on the platform, this could result in a Denial of Service client crash or...

irssi -- use-after-free potential code execution

The irssi project reports: Use after free while producing list of netjoins CWE-416. This issue was found and reported to us by APic. This issue usually leads to segmentation faults. Targeted code execution should be difficult...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 36 security fixes in this release Please reference CVE/URL list for details...

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: Please reference CVE/URL list for details...

wordpress -- multiple vulnerabilities

WordPress versions 4.7.2 and earlier are affected by six security issues. Cross-site scripting XSS via media file metadata. Control characters can trick redirect URL validation. Unintended files can be deleted by administrators using the plugin deletion functionality. Cross-site scripting XSS via...

proftpd -- user chroot escape vulnerability

NVD reports: ProFTPD ... controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks...

ImageMagick -- multiple vulnerabilities

Please reference CVE/URL list for details...

zziplib - multiple vulnerabilities

NIST reports by search in the range 2017/01/01 - 2018/07/06: 17 security fixes in this release: Heap-based buffer overflow in the zzipget32 function in fetch.c. Heap-based buffer overflow in the zzipget64 function in fetch.c. Heap-based buffer overflow in the zzipmementryextrablock function in...

kio: Information Leak when accessing https when using a malicious PAC file

Albert Astals Cid reports: Using a malicious PAC file, and then using exfiltration methods in the PAC function FindProxyForURL enables the attacker to expose full https URLs. This is a security issue since https URLs may contain sensitive information in the URL authentication part...

kdepimlibs -- directory traversal on KTNEF

Albert Aastals Cid reports: A directory traversal issue was found in KTNEF which can be exploited by tricking a user into opening a malicious winmail.dat file. The issue allows to write files with the permission of the user opening the winmail.dat file during extraction...

tnef -- Invalid read and write operations, controlled by an attacker

[email protected] reports: CVE-2017-6307: An issue was discovered in tnef before 1.4.13. Two OOB Writes have been identified in src/mapiattr.c:mapiattrread. These might lead to invalid read and write operations, controlled by an attacker. CVE-2017-6308: An issue was discovered in tnef before 1.4.13...

cURL -- ocsp status validation error

The cURL project reports: SSLVERIFYSTATUS ignored curl and libcurl support "OCSP stapling", also known as the TLS Certificate Status Request extension using the CURLOPTSSLVERIFYSTATUS option. When telling curl to use this feature, it uses that TLS extension to ask for a fresh proof of the server'...

xen-tools -- cirrus_bitblt_cputovideo does not check if memory region is safe

The Xen Project reports: In CIRRUSBLTMODEMEMSYSSRC mode the bitblit copy routine cirrusbitbltcputovideo fails to check whether the specified memory region is safe. A malicious guest administrator can cause an out of bounds memory write, very likely exploitable as a privilege escalation...

MPD -- buffer overflows in http output

The MPD project reports: httpd: fix two buffer overflows in IcyMetaData length calculation...

openssl -- crash on handshake

The OpenSSL project reports: Severity: High During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake or vice-versa then this can cause OpenSSL to crash dependent on ciphersuite. Both clients and servers are affected. This issue do...

fbsdmon -- information disclosure vulnerability

Alan Somers reports: The web site used by this port, http://fbsdmon.org, has been taken over by cybersquatters. That means that users are sending their system info to an unknown party...

NVIDIA UNIX driver -- multiple vulnerabilities in the kernel mode layer handler

NVIDIA Unix security team reports: NVIDIA GPU Display Driver contains vulnerabilities in the kernel mode layer handler where multiple integer overflows, improper access control, and improper validation of a user input may cause a denial of service or potential escalation of privileges...

collectd5 -- Denial of service by sending a signed network packet to a server which is not set up to check signatures

marcinguy reports: After sending this payload, collectd seems to be entering endless while loop in packetparse consuming high CPU resources, possibly crash/gets killed after a while...

xen-tools -- oob access in cirrus bitblt copy

The Xen Project reports: When doing bitblt copy backwards, qemu should negate the blit width. This avoids an oob access before the start of video memory. A malicious guest administrator can cause an out of bounds memory access, possibly leading to information disclosure or privilege escalation...

gtk-vnc -- bounds checking vulnerabilities

Daniel P. Berrange reports: CVE-2017-5884 - fix bounds checking for RRE, hextile and copyrect encodings CVE-2017-5885 - fix color map index bounds checking...

diffoscope -- arbitrary file write

Ximin Luo reports: v67 introduced a security hole where diffoscope may write to arbitrary locations on disk depending on the contents of an untrusted archive...

FreeRADIUS -- TLS resumption authentication bypass

Stefan Winter reports: The TLS session cache in FreeRADIUS before 3.0.14 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers such as malicious 802.1X supplicants to bypass authentication via PEAP or TTLS...

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Please reference CVE/URL list for details...

shotwell -- failure to encrypt authentication

Jens Georg reports: I have just released Shotwell 0.24.5 and 0.25.4 which turn on HTTPS encryption all over the publishing plugins. Users using Tumblr and Yandex.Fotki publishing are strongly advised to change their passwords and reauthenticate Shotwell to those services after upgrade. Users of...

libevent -- multiple vulnerabilities

Debian Security reports: CVE-2016-10195: The nameparse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the labellen variable, which triggers an out-of-bounds stack read. CVE-2016-10196: Stack-based buffer overflow in the...

PuTTY -- integer overflow permits memory overwrite by forwarded ssh-agent connections

Simon G. Tatham reports: Many versions of PuTTY prior to 0.68 have a heap-corrupting integer overflow bug in the sshagentchanneldata function which processes messages sent by remote SSH clients to a forwarded agent connection. ... This bug is only exploitable at all if you have enabled SSH agent...

mysql -- denial of service vulnerability

Openwall reports: C client library for MySQL libmysqlclient.so has use-after-free defect which can cause crash of applications using that MySQL client...

OpenSSL -- multiple vulnerabilities

The OpenSSL project reports: Truncated packet could crash via OOB read CVE-2017-3731 Bad ECDHE parameters cause a client crash CVE-2017-3730 BNmodexp may produce incorrect results on x8664 CVE-2017-3732 Montgomery multiplication may produce incorrect results CVE-2016-7055...

wordpress -- multiple vulnerabilities

Aaron D. Campbell reports: WordPress versions 4.7.1 and earlier are affected by three security issues: The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it. WPQuery is vulnerable to a SQL injection SQLi when passing unsafe data...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 51 security fixes in this release Please reference CVE/URL list for details...

ffmpeg -- heap overflow in lavf/mov.c

FFmpeg security reports: FFmpeg 3.2.4 fixes the following vulnerabilities: CVE-2017-5024, CVE-2017-5025...

phpMyAdmin -- Multiple vulnerabilities

The phpMyAdmin development team reports: Open redirect php-gettext code execution DOS vulnerability in table editing CSS injection in themes Cookie attribute injection attack SSRF in replication DOS in replication status...

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: Please reference CVE/URL list for details...