urllib3 -- certificate verification failure

urllib3 reports: CVE-2016-9015: Certification verification failure...

lynx -- multiple vulnerabilities

Oracle reports: Lynx is vulnerable to POODLE by still supporting vulnerable version of SSL. Lynx is also vulnerable to URL attacks by incorrectly parsing hostnames ending with an '?'...

flash -- remote code execution

Adobe reports: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address a critical vulnerability that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for...

Joomla! -- multiple vulnerabilities

The JSST and the Joomla! Security Center report: 20161001 - Core - Account Creation Inadequate checks allows for users to register on a site when registration has been disabled. 20161002 - Core - Elevated Privilege Incorrect use of unfiltered data allows for users to register on a site with...

FreeBSD -- bhyve - privilege escalation vulnerability

Problem Description: An unchecked array reference in the VGA device emulation code could potentially allow guests access to the heap of the bhyve process. Since the bhyve process is running as root, this may allow guests to obtain full control of the hosts they are running on. Impact: For bhyve...

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2016-5287: Crash in nsTArraybase::SwapArrayElements CVE-2016-5288: Web content can read cache entries...

FreeBSD -- OpenSSH Remote Denial of Service vulnerability

Problem Description: When processing the SSHMSGKEXINIT message, the server could allocate up to a few hundreds of megabytes of memory per each connection, before any authentication take place. Impact: A remote attacker may be able to cause a SSH server to allocate an excessive amount of memory...

mysql -- multiple vulnerabilities

Oracle reports: Local security vulnerability in 'Server: Packaging' sub component...

node.js -- ares_create_query single byte out of buffer write

Node.js has released new versions containing the following security fix: The following releases all contain fixes for CVE-2016-5180 "arescreatequery single byte out of buffer write": Node.js v0.10.48 Maintenance, Node.js v0.12.17 Maintenance, Node.js v4.6.1 LTS "Argon" While this is not a critica...

node.js -- multiple vulnerabilities

Node.js v6.9.0 LTS contains the following security fixes, specific to v6.x: Disable auto-loading of openssl.cnf: Don't automatically attempt to load an OpenSSL configuration file, from the OPENSSLCONF environment variable or from the default location for the current platform. Always triggering a...

Tor -- remote denial of service

The Tor Blog reports: Prevent a class of security bugs caused by treating the contents of a buffer chunk as if they were a NUL-terminated string. At least one such bug seems to be present in all currently used versions of Tor, and would allow an attacker to remotely crash most Tor instances,...

MySQL -- multiple vulnerabilities

The MariaDB project reports: Fixes for the following security vulnerabilities: CVE-2016-7440 CVE-2016-5584...

potrace -- multiple memory failure

potrace reports: CVE-2016-8685: invalid memory access in findnext CVE-2016-8686: memory allocation failure...

guile2 -- multiple vulnerabilities

Ludovic Courtès reports: The REPL server is vulnerable to the HTTP inter-protocol attack The ‘mkdir’ procedure of GNU Guile, an implementation of the Scheme programming language, temporarily changed the process’ umask to zero. During that time window, in a multithreaded application, other threads...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 21 security fixes in this release, including: 645211 High CVE-2016-5181: Universal XSS in Blink. Credit to Anonymous 638615 High CVE-2016-5182: Heap overflow in Blink. Credit to Giwan Go of STEALIEN 645122 High CVE-2016-5183: Use after free in PDFium. Credit to...

flash -- multiple vulnerabilities

Adobe reports: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. These updates resolve a type confusion vulnerabilit...

FreeBSD -- Multiple portsnap vulnerabilities

Problem Description: Flaws in portsnap's verification of downloaded tar files allows additional files to be included without causing the verification to fail. Portsnap may then use or execute these files. Impact: An attacker who can conduct man in the middle attack on the network at the time when...

FreeBSD -- Heap overflow vulnerability in bspatch

Problem Description: The implementation of bspatch is susceptible to integer overflows with carefully crafted input, potentially allowing an attacker who can control the patch file to write at arbitrary locations in the heap. This issue was partially addressed in FreeBSD-SA-16:25.bspatch, but som...

FreeBSD -- Multiple libarchive vulnerabilities

Problem Description: Flaws in libarchive's handling of symlinks and hard links allow overwriting files outside the extraction directory, or permission changes to a directory outside the extraction directory. Impact: An attacker who can control freebsd-update's or portsnap's input to tar1 can chan...

xen-kernel -- CR0.TS and CR0.EM not always honored for x86 HVM guests

The Xen Project reports: Instructions touching FPU, MMX, or XMM registers are required to raise a Device Not Available Exception NM when either CR0.EM or CR0.TS are set. Their AVX or AVX-512 extensions would consider only CR0.TS. While during normal operation this is ensured by the hardware, if a...

X.org libraries -- multiple vulnerabilities

Matthieu Herrb reports: Tobias Stoeckmann from the OpenBSD project has discovered a number of issues in the way various X client libraries handle the responses they receive from servers, and has worked with X.Org's security team to analyze, confirm, and fix these issues. These issue come in...

freeimage -- code execution vulnerability

TALOS reports: An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the FreeImage library...

kde-runtime -- kdesu: displayed command truncated by unicode string terminator

Albert Aastals Cid reports: A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 3 security fixes in this release, including: 642496 High CVE-2016-5177: Use after free in V8. Credit to Anonymous 651092 CVE-2016-5178: Various fixes from internal audits, fuzzing and other initiatives...

BIND -- Remote Denial of Service vulnerability

ISC reports: Testing by ISC has uncovered a critical error condition which can occur when a nameserver is constructing a response. A defect in the rendering of messages into packets can cause named to exit with an assertion failure in buffer.c while constructing a response to a query that meets...

OpenSSL -- multiple vulnerabilities

OpenSSL reports: Critical vulnerability in OpenSSL 1.1.0a Fix Use After Free for large message sizes CVE-2016-6309 Moderate vulnerability in OpenSSL 1.0.2i Missing CRL sanity check CVE-2016-7052...

django -- CSRF protection bypass on a site with Google Analytics

Django Software Foundation reports: An interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection...

ImageMagick -- multiple vulnerabilities

Debian reports: Various memory handling problems and cases of missing or incomplete input sanitizing may result in denial of service or the execution of arbitrary code if malformed SIXEL, PDB, MAP, SGI, TIFF and CALS files are processed...

OpenSSL -- multiple vulnerabilities

OpenSSL reports: High: OCSP Status Request extension unbounded memory growth SSLpeek hang on empty record SWEET32 Mitigation OOB write in MDC2Update Malformed SHA512 ticket DoS OOB write in BNbn2dec OOB read in TSOBJprintbio Pointer arithmetic undefined behaviour Constant time flag not preserved ...

irssi -- heap corruption and missing boundary checks

Irssi reports: Remote crash and heap corruption. Remote code execution seems difficult since only Nuls are written...

groovy -- remote execution of untrusted code/DoS vulnerability

The Apache Groovy project reports: When an application with Groovy on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it is possible for an attacker to bake a special serialized object that will execute code directly when...

PHP -- multiple vulnerabilities

PHP reports: Fixed bug 73007 add locale length check Fixed bug 72293 Heap overflow in mysqlnd related to BIT fields Fixed bug 72928 Out of bound when verify signature of zip phar in pharparsezipfile Fixed bug 73029 Missing type check when unserializing SplArray Fixed bug 73052 Memory Corruption i...

PHP -- multiple vulnerabilities

PHP reports: Fixed bug 73007 add locale length check Fixed bug 72293 Heap overflow in mysqlnd related to BIT fields Fixed bug 72928 Out of bound when verify signature of zip phar in pharparsezipfile Fixed bug 73029 Missing type check when unserializing SplArray Fixed bug 73052 Memory Corruption i...

ImageMagick7 -- multiple vulnerabilities

Multiple sources report: CVE-2016-9298: heap overflow in WaveletDenoiseImage, fixed in ImageMagick7-7.0.3.6, discovered 2016-10-31 CVE-2016-8866: memory allocation failure in AcquireMagickMemory incomplete previous fix for CVE-2016-8862, not fixed yet with the release of this announcement,...

cURL -- Escape and unescape integer overflows

The cURL project reports The four libcurl functions curlescape, curleasyescape, curlunescape and curleasyunescape perform string URL percent escaping and unescaping. They accept custom string length inputs in signed integer arguments. The provided string length arguments were not properly checked...

MySQL -- multiple vulnerabilities

The MySQL project reports: CVE-2016-3492: Remote security vulnerability in 'Server: Optimizer' sub component. CVE-2016-5616, CVE-2016-6663: Race condition allows local users with certain permissions to gain privileges by leveraging use of mycopystat by REPAIR TABLE to repair a MyISAM table...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: Several security fixes in this release, including: 641101 High CVE-2016-5170: Use after free in Blink.Credit to Anonymous 643357 High CVE-2016-5171: Use after free in Blink. Credit to Anonymous 616386 Medium CVE-2016-5172: Arbitrary Memory Read in v8. Credit to...

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2016-2827 - Out-of-bounds read in mozilla::net::IsValidReferrerPolicy low CVE-2016-5256 - Memory safety bugs fixed in Firefox 49 critical CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 critical CVE-2016-5270 - Heap-buffer-overflow in...

Remote-Code-Execution vulnerability in mysql and its variants CVE 2016-6662

LegalHackers' reports: RCE Bugs discovered in MySQL and its variants like MariaDB. It works by manipulating my.cnf files and using --malloc-lib. The bug seems fixed in MySQL 5.7.15 by Oracle...

mysql -- Remote Root Code Execution

Dawid Golunski reports: An independent research has revealed multiple severe MySQL vulnerabilities. This advisory focuses on a critical vulnerability with a CVEID of CVE-2016-6662 which can allow attackers to remotely inject malicious settings into MySQL configuration files my.cnf leading to...

Remote-Code-Execution vulnerability in mysql and its variants CVE 2016-6662

LegalHackers' reports: RCE Bugs discovered in MySQL and its variants like MariaDB. It works by manipulating my.cnf files and using --malloc-lib. The bug seems fixed in MySQL 5.7.15 by Oracle...

moodle -- multiple vulnerabilities

Marina Glancy reports: MSA-16-0022: Web service tokens should be invalidated when the user password is changed or forced to be changed...

Apache OpenOffice -- multiple vulnerabilities

The Apache Openofffice project reports: CVE-2017-3157: Arbitrary file disclosure in Calc and Writer By exploiting the way OpenOffice renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacke...

h2o -- Use-after-free vulnerability

Kazuho Oku reports: A use-after-free vulnerability exists in H2O up to and including version 2.0.4 / 2.1.0-beta3 that can be used by a remote attacker to mount DoS attacks and / or information theft...

xen-kernel -- use after free in FIFO event channel code

The Xen Project reports: When the EVTCHNOPinitcontrol operation is called with a bad guest frame number, it takes an error path which frees a control structure without also clearing the corresponding pointer. Certain subsequent operations EVTCHNOPexpandarray or another EVTCHNOPinitcontrol, upon...

xen-kernel -- x86 HVM: Overflow of sh_ctxt->seg_reg[]

The Xen Project reports: x86 HVM guests running with shadow paging use a subset of the x86 emulator to handle the guest writing to its own pagetables. There are situations a guest can provoke which result in exceeding the space allocated for internal state. A malicious HVM guest administrator can...

xen-kernel -- x86: Mishandling of instruction pointer truncation during emulation

The Xen Project reports: When emulating HVM instructions, Xen uses a small i-cache for fetches from guest memory. The code that handles cache misses does not check if the address from which it fetched lies within the cache before blindly writing to it. As such it is possible for the guest to...

xen-kernel -- x86: Disallow L3 recursive pagetable for 32-bit PV guests

The Xen Project reports: On real hardware, a 32-bit PAE guest must leave the USER and RW bit clear in L3 pagetable entries, but the pagetable walk behaves as if they were set. The L3 entries are cached in processor registers, and don't actually form part of the pagewalk. When running a 32-bit PV...

gnutls -- OCSP validation issue

gnutls.org reports: Stefan Bühler discovered an issue that affects validation of certificates using OCSP responses, which can falsely report a certificate as valid under certain circumstances...

openjpeg -- multiple vulnerabilities

Tencent's Xuanwu LAB reports: A Heap Buffer Overflow Out-of-Bounds Write issue was found in function opjdwtinterleavev of dwt.c. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OpenJPEG. An integer overflow issue exists in function...