6528 matches found
nfsen -- remote command execution
Peter Haag reports: A remote attacker with access to the web interface to execute arbitrary commands on the host operating system...
wavpack -- multiple invalid memory reads
David Bryant reports: global buffer overread in readcode / readwords.c heap out of bounds read in WriteCaffHeader / caff.c heap out of bounds read in unreorderchannels / wvunpack.c heap oob read in readnewconfiginfo / openutils.c...
icu -- multiple vulnerabilities
NVD reports: International Components for Unicode ICU for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utextsetNativeIndex function. International Components for Unicode ICU for C/C++...
PHP -- undisclosed vulnerabilities
The PHP project reports: The PHP development team announces the immediate availability of PHP 7.0.15. This is a security release. Several security bugs were fixed in this release. The PHP development team announces the immediate availability of PHP 5.6.30. This is a security release. Several...
MySQL -- multiple vulnerabilities
Oracle reports: Not all vulnerabilities are relevant for all flavors/versions of the servers and clients Vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability ...
mysql -- multiple vulnerabilities
Oracle reports: No further details have been provided in the Critical Patch Update...
moodle -- multiple vulnerabilities
Marina Glancy reports: MSA-17-0001: System file inclusion when adding own preset file in Boost theme MSA-17-0002: Incorrect sanitation of attributes in forums MSA-17-0003: PHPMailer vulnerability in no-reply address MSA-17-0004: XSS in assignment submission page...
OpenEXR -- multiple remote code execution and denial of service vulnerabilities
Brandon Perry reports: There is a zip file of EXR images that cause segmentation faults in the OpenEXR library tested against 2.2.0. CVE-2017-9110 In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash. CVE-2017-9111 In OpenEXR...
FreeBSD -- OpenSSH multiple vulnerabilities
Problem Description: The ssh-agent1 agent supports loading a PKCS11 module from outside a trusted whitelist. An attacker can request loading of a PKCS11 module across forwarded agent-socket. CVE-2016-10009 When privilege separation is disabled, forwarded Unix domain sockets would be created by...
BIND -- multiple vulnerabilities
ISC reports: A malformed query response received by a recursive server in response to a query of RTYPE ANY could trigger an assertion failure while named is attempting to add the RRs in the query response to the cache. Depending on the type of query and the EDNS options in the query they receive,...
wordpress -- multiple vulnerabilities
Aaron D. Campbell reports: WordPress versions 4.7 and earlier are affected by eight security issues...
ikiwiki -- authentication bypass vulnerability
ikiwiki reports: The ikiwiki maintainers discovered further flaws similar to CVE-2016-9646 in the passwordauth plugin's use of CGI::FormBuilder, with a more serious impact: An attacker who can log in to a site with a password can log in as a different and potentially more privileged user. An...
flash -- multiple vulnerabilities
Adobe reports: These updates resolve a security bypass vulnerability that could lead to information disclosure CVE-2017-2938. These updates resolve use-after-free vulnerabilities that could lead to code execution CVE-2017-2932, CVE-2017-2936, CVE-2017-2937. These updates resolve heap buffer...
openssl -- timing attack vulnerability
Cesar Pereida Garcia reports: The signing function in crypto/ecdsa/ecdsaossl.c in certain OpenSSL versions and forks is vulnerable to timing attacks when signing with the standardized elliptic curve P-256 despite featuring constant-time curve operations and modular inversion. A software defect...
phpmailer -- Remote Code Execution
SecurityFocus reports: PHPMailer is prone to an local information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks...
GnuTLS -- Memory corruption vulnerabilities
The GnuTLS project reports: It was found using the OSS-FUZZ fuzzer infrastructure that decoding a specially crafted OpenPGP certificate could lead to heap and stack overflows. GNUTLS-SA-2017-2 It was found using the OSS-FUZZ fuzzer infrastructure that decoding a specially crafted X.509 certificat...
Ansible -- Command execution on Ansible controller from host
Computest reports: Computest found and exploited several issues that allow a compromised host to execute commands on the Ansible controller and thus gain access to other hosts controlled by that controller...
Intel(R) NVMUpdate -- Intel(R) Ethernet Controller X710/XL710 NVM Security Vulnerability
Intel Corporation reports: A security vulnerability in the IntelR Ethernet Controller X710 and IntelR Ethernet Controller XL710 family of products Fortville has been found in the Non-Volatile Flash Memory NVM image...
codeigniter -- multiple vulnerabilities
The CodeIgniter changelog reports: Fixed an XSS vulnerability in Security Library method xssclean. Fixed a possible file inclusion vulnerability in Loader Library method vars. Fixed a possible remote code execution vulnerability in the Email Library when ‘mail’ or ‘sendmail’ are used thanks to Pa...
End of Life Ports
These packages have reached End of Life status and/or have been removed from the Ports Tree. They may contain undocumented security issues. Please take caution and find alternative software as soon as possible...
tomcat -- information disclosure vulnerability
The Apache Software Foundation reports: Important: Information Disclosure CVE-2016-8745...
Irssi -- multiple vulnerabilities
Irssi reports: Five vulnerabilities have been located in Irssi A NULL pointer dereference in the nickcmp function found by Joseph Bisch. CWE-690 Use after free when receiving invalid nick message Issue 466, CWE-146 Out of bounds read in certain incomplete control codes found by Joseph Bisch...
Use-After-Free Vulnerability in pcsc-lite
Peter Wu on Openwall mailing-list reports: The issue allows a local attacker to cause a Denial of Service, but can potentially result in Privilege Escalation since the daemon is running as root. while any local user can connect to the Unix socket. Fixed by patch which is released with hpcsc-lite...
icoutils -- check_offset overflow on 64-bit systems
Choongwoo Han reports: An exploitable crash exists in the wrestool utility on 64-bit systems where the result of subtracting two pointers exceeds the size of int...
phpmailer -- Remote Code Execution
Legal Hackers reports: An independent research uncovered a critical vulnerability in PHPMailer that could potentially be used by unauthenticated remote attackers to achieve remote arbitrary code execution in the context of the web server user and remotely compromise the target web application. To...
PHP -- multiple vulnerabilities
Check Point reports: ... discovered 3 fresh and previously unknown vulnerabilities CVE-2016-7479, CVE-2016-7480, CVE-2016-7478 in the PHP 7 unserialize mechanism. The first two vulnerabilities allow attackers to take full control over servers, allowing them to do anything they want with the...
phpmailer -- Remote Code Execution
Legal Hackers reports: An independent research uncovered a critical vulnerability in PHPMailer that could potentially be used by unauthenticated remote attackers to achieve remote arbitrary code execution in the context of the web server user and remotely compromise the target web application. To...
openssh -- multiple vulnerabilities
The OpenSSH project reports: ssh-agent1: Will now refuse to load PKCS11 modules from paths outside a trusted whitelist run-time configurable. Requests to load modules could be passed via agent forwarding and an attacker could attempt to load a hostile PKCS11 module across the forwarded agent...
cURL -- uninitialized random vulnerability
Project curl Security Advisory: libcurl's new internal function that returns a good 32bit random value was implemented poorly and overwrote the pointer instead of writing the value into the buffer the pointer pointed to. This random value is used to generate nonces for Digest and NTLM...
Several Security Defects in the Bouncy Castle Crypto APIs
The Legion of the Bouncy Castle reports: Release: 1.56 2.1.4 Security Related Changes and CVE's Addressed by this Release: multiple...
FreeBSD -- Multiple vulnerabilities of ntp
Problem Description: Multiple vulnerabilities have been discovered in the NTP suite: CVE-2016-9311: Trap crash, Reported by Matthew Van Gundy of Cisco ASIG. CVE-2016-9310: Mode 6 unauthenticated trap information disclosure and DDoS vector. Reported by Matthew Van Gundy of Cisco ASIG. CVE-2016-742...
xen-kernel -- x86 PV guests may be able to mask interrupts
The Xen Project reports: Certain PV guest kernel operations page table writes in particular need emulation, and use Xen's general x86 instruction emulator. This allows a malicious guest kernel which asynchronously modifies its instruction stream to effect the clearing of EFLAGS.IF from the state...
cURL -- buffer overflow
The cURL project reports: printf floating point buffer overflow libcurl's implementation of the printf functions triggers a buffer overflow when doing a large floating point output. The bug occurs when the conversion outputs more than 255 bytes...
Apache httpd -- several vulnerabilities
Apache Software Foundation reports: Please reference CVE/URL list for details...
xen-kernel -- x86: Mishandling of SYSCALL singlestep during emulation
The Xen Project reports: The typical behaviour of singlestepping exceptions is determined at the start of the instruction, with a DB trap being raised at the end of the instruction. SYSCALL and SYSRET, although we don't implement it behave differently because the typical behaviour allows userspac...
samba -- multiple vulnerabilities
Samba team reports: CVE-2016-2123 Authenticated users can supply malicious dnsRecord attributes on DNS objects and trigger a controlled memory corruption. CVE-2016-2125 Samba client code always requests a forwardable ticket when using Kerberos authentication. This means the target server, which...
ikiwiki -- multiple vulnerabilities
Mitre reports: ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page...
squid -- multiple vulnerabilities
Squid security advisory 2016:10 reports: Due to incorrect comparison of request headers Squid can deliver responses containing private data to clients it should not have reached. This problem allows a remote attacker to discover private and sensitive information about another clients browsing...
exim -- DKIM private key leak
The Exim project reports: Exim leaks the private DKIM signing key to the log files. Additionally, if the build option EXPERIMENTALDSNINFO=yes is used, the key material is included in the bounce message...
powerdns -- multiple vulnerabilities
PowerDNS reports: 2016-02: Crafted queries can cause abnormal CPU usage 2016-03: Denial of service via the web server 2016-04: Insufficient validation of TSIG signatures 2016-05: Crafted zone record can cause a denial of service...
xen-kernel -- x86 CMPXCHG8B emulation fails to ignore operand size override
The Xen Project reports: The x86 instruction CMPXCHG8B is supposed to ignore legacy operand size overrides; it only honors the REX.W override making it CMPXCHG16B. So, the operand size is always 8 or 16. When support for CMPXCHG16B emulation was added to the instruction emulator, this restriction...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: CVE-2016-9894: Buffer overflow in SkiaGL CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements CVE-2016-9895: CSP bypass using marquee tag CVE-2016-9896: Use-after-free with WebVR CVE-2016-9897: Memory corruption in libGLES CVE-2016-9898:...
PHP -- Multiple vulnerabilities
The PHP project reports: This is a security release. Several security bugs were fixed in this release...
PHP -- multiple vulnerabilities
The PHP project reports: Use After Free Vulnerability in unserialize CVE-2016-9936 Invalid read when wddx decodes empty boolean element CVE-2016-9935...
Apache httpd -- denial of service in HTTP/2
modhttp2 reports: The Apache HTTPD web server from 2.4.17-2.4.23 did not apply limitations on request headers correctly when experimental module for the HTTP/2 protocol is used to access a resource. The net result is that a the server allocates too much memory instead of denying the request. This...
FreeBSD -- bhyve(8) virtual machine escape
Problem Description: The bounds checking of accesses to guest memory greater than 4GB by device emulations is subject to integer overflow. Impact: For a bhyve virtual machine with more than 3GB of guest memory configured, a malicious guest could craft device descriptors that could give it access ...
FreeBSD -- link_ntoa(3) buffer overflow
Problem Description: A specially crafted argument can trigger a static buffer overflow in the library, with possibility to rewrite following static buffers that belong to other library functions. Impact: Due to very limited use of the function in the existing applications, and limited length of t...
Joomla! -- multiple vulnerabilities
The JSST and the Joomla! Security Center report: 20161201 - Core - Elevated Privileges Incorrect use of unfiltered data stored to the session on a form validation failure allows for existing user accounts to be modified; to include resetting their username, password, and user group assignments...
RabbitMQ -- Authentication vulnerability
Pivotal.io reports: MQTT MQ Telemetry Transport connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected...
FreeBSD -- Possible login(1) argument injection in telnetd(8)
Problem Description: An unexpected sequence of memory allocation failures combined with insufficient error checking could result in the construction and execution of an argument sequence that was not intended. Impact: An attacker who controls the sequence of memory allocation failures and success...