6585 matches found
memcached -- multiple vulnerabilities
Cisco Talos reports: Multiple integer overflow vulnerabilities exist within Memcached that could be exploited to achieve remote code execution on the targeted system. These vulnerabilities manifest in various Memcached functions that are used in inserting, appending, prepending, or modifying...
sudo -- Potential bypass of sudo_noexec.so via wordexp()
Todd C. Miller reports: A flaw exists in sudo's noexec functionality that may allow a user with sudo privileges to run additional commands even when the NOEXEC tag has been applied to a command that uses the wordexp function...
codeigniter -- multiple vulnerabilities
The CodeIgniter changelog reports: Fixed a number of new vulnerabilities in Security Library method xssclean...
urllib3 -- certificate verification failure
urllib3 reports: CVE-2016-9015: Certification verification failure...
tomcat -- multiple vulnerabilities
The Apache Software Foundation reports: Low: Unrestricted Access to Global Resources CVE-2016-6797 Low: Security Manager Bypass CVE-2016-6796 Low: System Property Disclosure CVE-2016-6794 Low: Security Manager Bypass CVE-2016-5018 Low: Timing Attack CVE-2016-0762...
expat -- multiple vulnerabilities
Mitre reports: An integer overflow during the parsing of XML using the Expat library. XML External Entity vulnerability in libexpat 2.2.0 and earlier Expat XML Parser Library allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD...
lynx -- multiple vulnerabilities
Oracle reports: Lynx is vulnerable to POODLE by still supporting vulnerable version of SSL. Lynx is also vulnerable to URL attacks by incorrectly parsing hostnames ending with an '?'...
flash -- remote code execution
Adobe reports: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address a critical vulnerability that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for...
FreeBSD -- bhyve - privilege escalation vulnerability
Problem Description: An unchecked array reference in the VGA device emulation code could potentially allow guests access to the heap of the bhyve process. Since the bhyve process is running as root, this may allow guests to obtain full control of the hosts they are running on. Impact: For bhyve...
Joomla! -- multiple vulnerabilities
The JSST and the Joomla! Security Center report: 20161001 - Core - Account Creation Inadequate checks allows for users to register on a site when registration has been disabled. 20161002 - Core - Elevated Privilege Incorrect use of unfiltered data allows for users to register on a site with...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: CVE-2016-5287: Crash in nsTArraybase::SwapArrayElements CVE-2016-5288: Web content can read cache entries...
FreeBSD -- OpenSSH Remote Denial of Service vulnerability
Problem Description: When processing the SSHMSGKEXINIT message, the server could allocate up to a few hundreds of megabytes of memory per each connection, before any authentication take place. Impact: A remote attacker may be able to cause a SSH server to allocate an excessive amount of memory...
mysql -- multiple vulnerabilities
Oracle reports: Local security vulnerability in 'Server: Packaging' sub component...
node.js -- multiple vulnerabilities
Node.js v6.9.0 LTS contains the following security fixes, specific to v6.x: Disable auto-loading of openssl.cnf: Don't automatically attempt to load an OpenSSL configuration file, from the OPENSSLCONF environment variable or from the default location for the current platform. Always triggering a...
node.js -- ares_create_query single byte out of buffer write
Node.js has released new versions containing the following security fix: The following releases all contain fixes for CVE-2016-5180 "arescreatequery single byte out of buffer write": Node.js v0.10.48 Maintenance, Node.js v0.12.17 Maintenance, Node.js v4.6.1 LTS "Argon" While this is not a critica...
MySQL -- multiple vulnerabilities
The MariaDB project reports: Fixes for the following security vulnerabilities: CVE-2016-7440 CVE-2016-5584...
Tor -- remote denial of service
The Tor Blog reports: Prevent a class of security bugs caused by treating the contents of a buffer chunk as if they were a NUL-terminated string. At least one such bug seems to be present in all currently used versions of Tor, and would allow an attacker to remotely crash most Tor instances,...
potrace -- multiple memory failure
potrace reports: CVE-2016-8685: invalid memory access in findnext CVE-2016-8686: memory allocation failure...
guile2 -- multiple vulnerabilities
Ludovic Courtès reports: The REPL server is vulnerable to the HTTP inter-protocol attack The ‘mkdir’ procedure of GNU Guile, an implementation of the Scheme programming language, temporarily changed the process’ umask to zero. During that time window, in a multithreaded application, other threads...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 21 security fixes in this release, including: 645211 High CVE-2016-5181: Universal XSS in Blink. Credit to Anonymous 638615 High CVE-2016-5182: Heap overflow in Blink. Credit to Giwan Go of STEALIEN 645122 High CVE-2016-5183: Use after free in PDFium. Credit to...
flash -- multiple vulnerabilities
Adobe reports: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. These updates resolve a type confusion vulnerabilit...
FreeBSD -- Heap overflow vulnerability in bspatch
Problem Description: The implementation of bspatch is susceptible to integer overflows with carefully crafted input, potentially allowing an attacker who can control the patch file to write at arbitrary locations in the heap. This issue was partially addressed in FreeBSD-SA-16:25.bspatch, but som...
FreeBSD -- Multiple portsnap vulnerabilities
Problem Description: Flaws in portsnap's verification of downloaded tar files allows additional files to be included without causing the verification to fail. Portsnap may then use or execute these files. Impact: An attacker who can conduct man in the middle attack on the network at the time when...
FreeBSD -- Multiple libarchive vulnerabilities
Problem Description: Flaws in libarchive's handling of symlinks and hard links allow overwriting files outside the extraction directory, or permission changes to a directory outside the extraction directory. Impact: An attacker who can control freebsd-update's or portsnap's input to tar1 can chan...
X.org libraries -- multiple vulnerabilities
Matthieu Herrb reports: Tobias Stoeckmann from the OpenBSD project has discovered a number of issues in the way various X client libraries handle the responses they receive from servers, and has worked with X.Org's security team to analyze, confirm, and fix these issues. These issue come in...
xen-kernel -- CR0.TS and CR0.EM not always honored for x86 HVM guests
The Xen Project reports: Instructions touching FPU, MMX, or XMM registers are required to raise a Device Not Available Exception NM when either CR0.EM or CR0.TS are set. Their AVX or AVX-512 extensions would consider only CR0.TS. While during normal operation this is ensured by the hardware, if a...
freeimage -- code execution vulnerability
TALOS reports: An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the FreeImage library...
kde-runtime -- kdesu: displayed command truncated by unicode string terminator
Albert Aastals Cid reports: A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 3 security fixes in this release, including: 642496 High CVE-2016-5177: Use after free in V8. Credit to Anonymous 651092 CVE-2016-5178: Various fixes from internal audits, fuzzing and other initiatives...
BIND -- Remote Denial of Service vulnerability
ISC reports: Testing by ISC has uncovered a critical error condition which can occur when a nameserver is constructing a response. A defect in the rendering of messages into packets can cause named to exit with an assertion failure in buffer.c while constructing a response to a query that meets...
django -- CSRF protection bypass on a site with Google Analytics
Django Software Foundation reports: An interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection...
OpenSSL -- multiple vulnerabilities
OpenSSL reports: Critical vulnerability in OpenSSL 1.1.0a Fix Use After Free for large message sizes CVE-2016-6309 Moderate vulnerability in OpenSSL 1.0.2i Missing CRL sanity check CVE-2016-7052...
ImageMagick -- multiple vulnerabilities
Debian reports: Various memory handling problems and cases of missing or incomplete input sanitizing may result in denial of service or the execution of arbitrary code if malformed SIXEL, PDB, MAP, SGI, TIFF and CALS files are processed...
OpenSSL -- multiple vulnerabilities
OpenSSL reports: High: OCSP Status Request extension unbounded memory growth SSLpeek hang on empty record SWEET32 Mitigation OOB write in MDC2Update Malformed SHA512 ticket DoS OOB write in BNbn2dec OOB read in TSOBJprintbio Pointer arithmetic undefined behaviour Constant time flag not preserved ...
irssi -- heap corruption and missing boundary checks
Irssi reports: Remote crash and heap corruption. Remote code execution seems difficult since only Nuls are written...
groovy -- remote execution of untrusted code/DoS vulnerability
The Apache Groovy project reports: When an application with Groovy on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it is possible for an attacker to bake a special serialized object that will execute code directly when...
PHP -- multiple vulnerabilities
PHP reports: Fixed bug 73007 add locale length check Fixed bug 72293 Heap overflow in mysqlnd related to BIT fields Fixed bug 72928 Out of bound when verify signature of zip phar in pharparsezipfile Fixed bug 73029 Missing type check when unserializing SplArray Fixed bug 73052 Memory Corruption i...
PHP -- multiple vulnerabilities
PHP reports: Fixed bug 73007 add locale length check Fixed bug 72293 Heap overflow in mysqlnd related to BIT fields Fixed bug 72928 Out of bound when verify signature of zip phar in pharparsezipfile Fixed bug 73029 Missing type check when unserializing SplArray Fixed bug 73052 Memory Corruption i...
cURL -- Escape and unescape integer overflows
The cURL project reports The four libcurl functions curlescape, curleasyescape, curlunescape and curleasyunescape perform string URL percent escaping and unescaping. They accept custom string length inputs in signed integer arguments. The provided string length arguments were not properly checked...
ImageMagick7 -- multiple vulnerabilities
Multiple sources report: CVE-2016-9298: heap overflow in WaveletDenoiseImage, fixed in ImageMagick7-7.0.3.6, discovered 2016-10-31 CVE-2016-8866: memory allocation failure in AcquireMagickMemory incomplete previous fix for CVE-2016-8862, not fixed yet with the release of this announcement,...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: Several security fixes in this release, including: 641101 High CVE-2016-5170: Use after free in Blink.Credit to Anonymous 643357 High CVE-2016-5171: Use after free in Blink. Credit to Anonymous 616386 Medium CVE-2016-5172: Arbitrary Memory Read in v8. Credit to...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: CVE-2016-2827 - Out-of-bounds read in mozilla::net::IsValidReferrerPolicy low CVE-2016-5256 - Memory safety bugs fixed in Firefox 49 critical CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 critical CVE-2016-5270 - Heap-buffer-overflow in...
MySQL -- multiple vulnerabilities
The MySQL project reports: CVE-2016-3492: Remote security vulnerability in 'Server: Optimizer' sub component. CVE-2016-5616, CVE-2016-6663: Race condition allows local users with certain permissions to gain privileges by leveraging use of mycopystat by REPAIR TABLE to repair a MyISAM table...
Remote-Code-Execution vulnerability in mysql and its variants CVE 2016-6662
LegalHackers' reports: RCE Bugs discovered in MySQL and its variants like MariaDB. It works by manipulating my.cnf files and using --malloc-lib. The bug seems fixed in MySQL 5.7.15 by Oracle...
mysql -- Remote Root Code Execution
Dawid Golunski reports: An independent research has revealed multiple severe MySQL vulnerabilities. This advisory focuses on a critical vulnerability with a CVEID of CVE-2016-6662 which can allow attackers to remotely inject malicious settings into MySQL configuration files my.cnf leading to...
Remote-Code-Execution vulnerability in mysql and its variants CVE 2016-6662
LegalHackers' reports: RCE Bugs discovered in MySQL and its variants like MariaDB. It works by manipulating my.cnf files and using --malloc-lib. The bug seems fixed in MySQL 5.7.15 by Oracle...
moodle -- multiple vulnerabilities
Marina Glancy reports: MSA-16-0022: Web service tokens should be invalidated when the user password is changed or forced to be changed...
Apache OpenOffice -- multiple vulnerabilities
The Apache Openofffice project reports: CVE-2017-3157: Arbitrary file disclosure in Calc and Writer By exploiting the way OpenOffice renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacke...
h2o -- Use-after-free vulnerability
Kazuho Oku reports: A use-after-free vulnerability exists in H2O up to and including version 2.0.4 / 2.1.0-beta3 that can be used by a remote attacker to mount DoS attacks and / or information theft...
openjpeg -- multiple vulnerabilities
Tencent's Xuanwu LAB reports: A Heap Buffer Overflow Out-of-Bounds Write issue was found in function opjdwtinterleavev of dwt.c. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OpenJPEG. An integer overflow issue exists in function...