libdwarf -- multiple vulnerabilities

Christian Rebischke reports: libdwarf is vulnerable to multiple issues including arbitrary code execution, information disclosure and denial of service...

ipsec-tools -- remotely exploitable computational-complexity attack

Robert Foggia via NetBSD GNATS reports: The ipsec-tools racoon daemon contains a remotely exploitable computational complexity attack when parsing and storing isakmp fragments. The implementation permits a remote attacker to exhaust computational resources on the remote endpoint by repeatedly...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 36 security fixes in this release Please reference CVE/URL list for details...

dovecot -- Dovecot DoS when passdb dict was used for authentication

Timo Sirainen reports: passdb/userdb dict: Don't double-expand %variables in keys. If dict was used as the authentication passdb, using specially crafted %variables in the username could be used to cause DoS...

Mozilla -- SVG Animation Remote Code Execution

The Mozilla Foundation reports: A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows...

Roundcube -- arbitrary command execution

The Roundcube project reports steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allows remote...

subversion -- Unrestricted XML entity expansion in mod_dontdothat and Subversionclients using http(s)

The Apache Software Foundation reports: The moddontdothat module of subversion and subversion clients using https:// are vulnerable to a denial-of-service attack, caused by exponential XML entity expansion. The attack targets XML parsers causing targeted process to consume excessive amounts of...

mozilla -- data: URL can inherit wrong origin after an HTTP redirect

The Mozilla Foundation reports: Redirection from an HTTP connection to a data: URL assigns the referring site's origin to the data: URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has...

asterisk -- Authentication Bypass

The Asterisk project reports: The chansip channel driver has a liberal definition for whitespace when attempting to strip the content between a SIP header name and a colon character. Rather than following RFC 3261 and stripping only spaces and horizontal tabs, Asterisk treats any non-printable...

phpMyAdmin -- multiple vulnerabilities

Please reference CVE/URL list for details...

wget -- Access List Bypass / Race Condition

Dawid Golunski reports: GNU wget in version 1.17 and earlier, when used in mirroring/recursive mode, is affected by a Race Condition vulnerability that might allow remote attackers to bypass intended wget access list restrictions specified with -A parameter...

libvncserver -- multiple buffer overflows

libvnc server reports: Two unrelated buffer overflows can be used by a malicious server to overwrite parts of the heap and crash the client or possibly execute arbitrary code...

xen-tools -- delimiter injection vulnerabilities in pygrub

The Xen Project reports: pygrub, the boot loader emulator, fails to quote or sanity check its results when reporting them to its caller. A malicious guest administrator can obtain the contents of sensitive host files an information leak. Additionally, a malicious guest administrator can cause fil...

xen-tools -- qemu incautious about shared ring processing

The Xen Project reports: The compiler can emit optimizations in qemu which can lead to double fetch vulnerabilities. Specifically data on the rings shared between qemu and the hypervisor which the guest under control can obtain mappings of can be fetched twice during which time the guest can alte...

xen-kernel -- x86 64-bit bit test instruction emulation broken

The Xen Project reports: The x86 instructions BT, BTC, BTR, and BTS, when used with a destination memory operand and a source register rather than an immediate operand, access a memory location offset from that specified by the memory operand as specified by the high bits of the register source. ...

xen-kernel -- guest 32-bit ELF symbol table load leaking host data

The Xen Project reports: Along with their main kernel binary, unprivileged guests may arrange to have their Xen environment load kernel symbol tables for their use. The ELF image metadata created for this purpose has a few unused bytes when the symbol table binary is in 32-bit ELF format. These...

xen-kernel -- x86 segment base write emulation lacking canonical address checks

The Xen Project reports: Both writes to the FS and GS register base MSRs as well as the WRFSBASE and WRGSBASE instructions require their input values to be canonical, or a GP fault will be raised. When the use of those instructions by the hypervisor was enabled, the previous guard against GP faul...

xen-kernel -- x86 task switch to VM86 mode mis-handled

The Xen Project reports: LDTR, just like TR, is purely a protected mode facility. Hence even when switching to a VM86 mode task, LDTR loading needs to follow protected mode semantics. This was violated by the code. On SVM AMD hardware: a malicious unprivileged guest process can escalate its...

xen-kernel -- x86 null segments not always treated as unusable

The Xen Project reports: The Xen x86 emulator erroneously failed to consider the unusability of segments when performing memory accesses. The intended behaviour is as follows: The user data segment %ds, %es, %fs and %gs selectors may be NULL in 32-bit to prevent access. In 64-bit, NULL has a...

vim -- arbitrary command execution

Mitre reports: vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened...

tomcat -- multiple vulnerabilities

The Apache Software Foundation reports: Important: Remote Code Execution CVE-2016-8735 Important: Information Disclosure CVE-2016-6816...

ntp -- multiple vulnerabilities

Network Time Foundation reports: NTF's NTP Project is releasing ntp-4.2.8p9, which addresses: 1 HIGH severity vulnerability that only affects Windows 2 MEDIUM severity vulnerabilities 2 MEDIUM/LOW severity vulnerabilities 5 LOW severity vulnerabilities 28 other non-security fixes and improvements...

tiff -- multiple vulnerabilities

libtiff project reports: Multiple flaws have been discovered in libtiff library and utilities...

hdf5 -- multiple vulnerabilities

Talos Security reports: CVE-2016-4330 TALOS-2016-0176 - HDF5 Group libhdf5 H5TARRAY Code Execution Vulnerability CVE-2016-4331 TALOS-2016-0177 - HDF5 Group libhdf5 H5ZNBIT Code Execution Vulnerability CVE-2016-4332 TALOS-2016-0178 - HDF5 Group libhdf5 Shareable Message Type Code Execution...

Drupal Code -- Multiple Vulnerabilities

The Drupal development team reports: Inconsistent name for term access query Less critical - Drupal 7 and Drupal 8 Drupal provides a mechanism to alter database SELECT queries before they are executed. Contributed and custom modules may use this mechanism to restrict access to certain entities by...

wireshark -- multiple vulnerabilities

Wireshark project reports: Wireshark project is releasing Wireshark 2.2.2, which addresses: wnpa-sec-2016-58: Profinet I/O long loop - CVE-2016-9372 wnpa-sec-2016-59: AllJoyn crash - CVE-2016-9374 wnpa-sec-2016-60: OpenFlow crash - CVE-2016-9376 wnpa-sec-2016-61: DCERPC crash - CVE-2016-9373...

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: Please reference CVE/URL list for details...

moodle -- multiple vulnerabilities

Marina Glancy reports: MSA-16-0023: Question engine allows access to files that should not be available MSA-16-0024: Non-admin site managers may accidentally edit admins via web services MSA-16-0025: Capability to view course notes is checked in the wrong context MSA-16-0026: When debugging is...

Axis2 -- Security vulnerability on dependency Apache Commons FileUpload

Apache Axis2 reports: The commons-fileupload dependency has been updated to a version that fixes CVE-2016-1000031 AXIS2-5853...

teeworlds -- Remote code execution

Teeworlds project reports: Attacker controlled memory-writes and possibly arbitrary code execution on the client, abusable by any server the client joins...

ImageMagick -- heap overflow vulnerability

Bastien Roucaries reports: Imagemagick before 3cbfb163cff9e5b8cdeace8312e9bfee810ed02b suffer from a heap overflow in WaveletDenoiseImage. This problem is easily trigerrable from a Perl script...

jenkins -- Remote code execution vulnerability in remoting module

Jenkins Security Advisory: An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java object to the Jenkins CLI, making Jenkins connect to an attacker-controlled LDAP server, which in turn can send a serialized payload leading to code execution, bypassi...

asterisk -- Crash on SDP offer or answer from endpoint using Opus

The Asterisk project reports: If an SDP offer or answer is received with the Opus codec and with the format parameters separated using a space the code responsible for parsing will recursively call itself until it crashes. This occurs as the code does not properly handle spaces separating the...

openssl -- multiple vulnerabilities

OpenSSL reports: ChaCha20/Poly1305 heap-buffer-overflow CVE-2016-7054 Severity: High TLS connections using -CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a Do...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 4 security fixes in this release, including: 643948 High CVE-2016-5199: Heap corruption in FFmpeg. Credit to Paul Mehta 658114 High CVE-2016-5200: Out of bounds memory access in V8. Credit to Choongwoo Han 660678 Medium CVE-2016-5201: Info leak in extensions. Credi...

flash -- multiple vulnerabilities

Adobe reports: These updates resolve type confusion vulnerabilities that could lead to code execution CVE-2016-7860, CVE-2016-7861, CVE-2016-7865. These updates resolve use-after-free vulnerabilities that could lead to code execution CVE-2016-7857, CVE-2016-7858, CVE-2016-7859, CVE-2016-7862,...

py-cryptography -- vulnerable HKDF key generation

Alex Gaynor reports: Fixed a bug where HKDF would return an empty byte-string if used with a length less than algorithm.digestsize...

w3m -- multiple vulnerabilities

Multiple remote code execution and denial of service conditions present...

gitlab -- Directory traversal via "import/export" feature

GitLab reports: The import/export feature did not properly check for symbolic links in user-provided archives and therefore it was possible for an authenticated user to retrieve the contents of any file accessible to the GitLab service account. This included sensitive files such as those that...

cURL -- multiple vulnerabilities

The cURL project reports cookie injection for other servers case insensitive password comparison OOB write via unchecked multiplication double-free in curlmaprintf double-free in krb5 code glob parser write/read out of bounds curlgetdate read out of bounds URL unescape heap overflow via integer...

FreeBSD -- OpenSSL Remote DoS vulnerability

Problem Description: Due to improper handling of alert packets, OpenSSL would consume an excessive amount of CPU time processing undefined alert messages. Impact: A remote attacker who can initiate handshakes with an OpenSSL based server can cause the server to consume a lot of computation power...

chromium -- out-of-bounds memory access

Google Chrome Releases reports: 659475 High CVE-2016-5198: Out of bounds memory access in V8. Credit to Tencent Keen Security Lab, working with Trend Micro's Zero Day Initiative...

BIND -- Remote Denial of Service vulnerability

ISC reports: A defect in BIND's handling of responses containing a DNAME answer can cause a resolver to exit after encountering an assertion failure in db.c or resolver.c...

django -- multiple vulnerabilities

The Django project reports: Today the Django team released Django 1.10.3, Django 1.9.11, and 1.8.16. These releases addresses two security issues detailed below. We encourage all users of Django to upgrade as soon as possible. User with hardcoded password created when running tests on Oracle DNS...

moinmoin -- XSS vulnerabilities

Thomas Waldmann reports: fix XSS in AttachFile view multifile related CVE-2016-7148 fix XSS in GUI editor's attachment dialogue CVE-2016-7146 fix XSS in GUI editor's link dialogue CVE-2016-9119...

memcached -- multiple vulnerabilities

Cisco Talos reports: Multiple integer overflow vulnerabilities exist within Memcached that could be exploited to achieve remote code execution on the targeted system. These vulnerabilities manifest in various Memcached functions that are used in inserting, appending, prepending, or modifying...

codeigniter -- multiple vulnerabilities

The CodeIgniter changelog reports: Fixed a number of new vulnerabilities in Security Library method xssclean...

sudo -- Potential bypass of sudo_noexec.so via wordexp()

Todd C. Miller reports: A flaw exists in sudo's noexec functionality that may allow a user with sudo privileges to run additional commands even when the NOEXEC tag has been applied to a command that uses the wordexp function...

tomcat -- multiple vulnerabilities

The Apache Software Foundation reports: Low: Unrestricted Access to Global Resources CVE-2016-6797 Low: Security Manager Bypass CVE-2016-6796 Low: System Property Disclosure CVE-2016-6794 Low: Security Manager Bypass CVE-2016-5018 Low: Timing Attack CVE-2016-0762...

expat -- multiple vulnerabilities

Mitre reports: An integer overflow during the parsing of XML using the Expat library. XML External Entity vulnerability in libexpat 2.2.0 and earlier Expat XML Parser Library allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD...