p7zip -- Null pointer dereference

MITRE reports: A null pointer dereference bug affects the 16.02 and many old versions of p7zip. A lack of null pointer check for the variable folders.PackPositions in function CInArchive::ReadAndDecodePackedStreams, as used in the 7z.so library and in 7z applications, will cause a crash and a...

Apache OpenOffice 4.1.2 -- Memory Corruption Vulnerability (Impress Presentations)

The Apache OpenOffice Project reports: An OpenDocument Presentation .ODP or Presentation Template .OTP file can contain invalid presentation elements that lead to memory corruption when the document is loaded in Apache OpenOffice Impress. The defect may cause the document to appear as corrupted a...

flash -- multiple vulnerabilities

Adobe reports: These updates resolve a race condition vulnerability that could lead to information disclosure CVE-2016-4247. These updates resolve type confusion vulnerabilities that could lead to code execution CVE-2016-4223, CVE-2016-4224, CVE-2016-4225. These updates resolve use-after-free...

dropbear -- multiple vulnerabilities

Matt Johnston reports: If specific usernames including "%" symbols can be created on a system validated by getpwnam then an attacker could run arbitrary code as root when connecting to Dropbear server. A dbclient user who can control username or host arguments could potentially run arbitrary code...

xtrlock -- xtrlock does not block multitouch events

Debian reports: xtrlock did not block multitouch events so an attacker could still input and thus control various programs such as Chromium, etc. via so-called "multitouch" events including pan scrolling, "pinch and zoom" or even being able to provide regular mouse clicks by depressing the touchp...

samba -- client side SMB2/3 required signing can be downgraded

Samba team reports: A man in the middle attack can disable client signing over SMB2/3, even if enforced by configuration parameters...

BIND,Knot,NSD,PowerDNS -- denial over service via oversized zone transfers

ISC reports: DNS protocols were designed with the assumption that a certain amount of trust could be presumed between the operators of primary and secondary servers for a given zone. However, in current practice some organizations have scenarios which require them to accept zone data from sources...

SQLite3 -- Tempdir Selection Vulnerability

KoreLogic security reports: Affected versions of SQLite reject potential tempdir locations if they are not readable, falling back to '.'. Thus, SQLite will favor e.g. using cwd for tempfiles on such a system, even if cwd is an unsafe location. Notably, SQLite also checks the permissions of '.', b...

apache24 -- X509 Client certificate based authentication can be bypassed when HTTP/2 is used

Apache Software Foundation reports: The Apache HTTPD web server from 2.4.18-2.4.20 did not validate a X509 client certificate correctly when experimental module for the HTTP/2 protocol is used to access a resource. The net result is that a resource that should require a valid client certificate i...

atutor -- multiple vulnerabilities

ATutor reports: Security Fixes: Added a new layer of security over all php superglobals, fixed several XSS, CSRF, and SQL injection vulnerabilities...

p5-XSLoader -- local arbitrary code execution

Jakub Wilk reports: XSLoader tries to load code from a subdirectory in the cwd when called inside a string eval...

tiff -- buffer overflow

Mathias Svensson reports: potential buffer write overrun in PixarLogDecode on corrupted/unexpected images...

libreoffice -- use-after-free vulnerability

Talos reports: An exploitable Use After Free vulnerability exists in the RTF parser LibreOffice. A specially crafted file can cause a use after free resulting in a possible arbitrary code execution. To exploit the vulnerability a malicious file needs to be opened by the user via vulnerable...

ruby-saml -- XML signature wrapping attack

RubySec reports: ruby-saml prior to version 1.3.0 is vulnerable to an XML signature wrapping attack in the specific scenario where there was a signature that referenced at the same time 2 elements but past the scheme validator process since 1 of the element was inside the encrypted assertion...

libarchive -- multiple vulnerabilities

Hanno Bock and Cisco Talos report: Out of bounds heap read in RAR parser Signed integer overflow in ISO parser TALOS-2016-0152 CVE-2016-4300: 7-Zip readSubStreamsInfo Integer Overflow TALOS-2016-0153 CVE-2016-4301: mtree parsedevice Stack Based Buffer Overflow TALOS-2016-0154 CVE-2016-4302:...

php -- multiple vulnerabilities

The PHP Group reports: Please reference CVE/URL list for details...

phpMyAdmin -- multiple vulnerabilities

Please reference CVE/URL list for details...

icingaweb2 -- remote code execution

Eric Lippmann reports: Possibility of remote code execution via the remote command transport...

Apache Commons FileUpload -- denial of service

Jochen Wiedmann reports: A malicious client can send file upload requests that cause the HTTP server using the Apache Commons Fileupload library to become unresponsive, preventing the server from servicing other requests...

Apache Commons FileUpload -- denial of service (DoS) vulnerability

Mark Thomas reports: CVE-2016-3092 is a denial of service vulnerability that has been corrected in the Apache Commons FileUpload component. It occurred when the length of the multipart boundary was just below the size of the buffer 4096 bytes used to read the uploaded file. This caused the file...

The GIMP -- Use after Free vulnerability

The GIMP team reports: A Use-after-free vulnerability was found in the xcfloadimage function...

wordpress -- multiple vulnerabilities

Adam Silverstein reports: WordPress 4.5.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.5.2 and earlier are affected by several security issues: redirect bypass in the customizer, reporte...

payara -- Multiple vulnerabilities

Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution. Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware subcomponent: Administration. Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 3 security fixes in this release, including: 620742 CVE-2016-1704: Various fixes from internal audits, fuzzing and other initiatives...

flash -- multiple vulnerabilities

Adobe reports: These updates resolve type confusion vulnerabilities that could lead to code execution CVE-2016-4144, CVE-2016-4149. These updates resolve use-after-free vulnerabilities that could lead to code execution CVE-2016-4142, CVE-2016-4143, CVE-2016-4145, CVE-2016-4146, CVE-2016-4147,...

drupal -- multiple vulnerabilities

Drupal Security Team reports: Saving user accounts can sometimes grant the user all roles User module - Drupal 7 - Moderately Critical Views can allow unauthorized users to see Statistics information Views module - Drupal 8 - Less Critical...

Python -- smtplib StartTLS stripping vulnerability

Red Hat reports: A vulnerability in smtplib allowing MITM attacker to perform a startTLS stripping attack. smtplib does not seem to raise an exception when the remote end smtp server is capable of negotiating starttls but fails to respond with 220 ok to an explicit call of SMTP.starttls. This may...

OCaml -- Multiple Security Vulnerabilities

MITRE reports: OCaml before 4.03.0 does not properly handle sign extensions, which allows remote attackers to conduct buffer overflow attacks or obtain sensitive information as demonstrated by a long string to the String.copy function...

wget -- HTTP to FTP redirection file name confusion vulnerability

Giuseppe Scrivano reports: On a server redirect from HTTP to a FTP resource, wget would trust the HTTP server and uses the name in the redirected URL as the destination filename...

haproxy -- denial of service

HAproxy reports: HAproxy 1.6.x before 1.6.6, when a deny comes from a reqdeny rule, allows remote attackers to cause a denial of service uninitialized memory access and crash or possibly have unspecified other impact via unknown vectors...

expat2 -- denial of service

Adam Maris reports: It was found that original patch for issues CVE-2015-1283 and CVE-2015-2716 used overflow checks that could be optimized out by some compilers applying certain optimization settings, which can cause the vulnerability to remain even after applying the patch...

h2o -- fix DoS attack vector

Frederik Deweerdt reported a denial-of-service attack vector due to an unhandled error condition during socket connection...

OpenSSL -- vulnerability in DSA signing

The OpenSSL team reports: Operations in the DSA signing algorithm should run in constant time in order to avoid side channel attacks. A flaw in the OpenSSL DSA implementation means that a non-constant time codepath is followed for certain operations. This has been demonstrated through a...

iperf3 -- buffer overflow

ESnet reports: A malicious process can connect to an iperf3 server and, by sending a malformed message on the control channel, corrupt the server process's heap area. This can lead to a crash and a denial of service, or theoretically a remote code execution as the user running the iperf3 server. ...

NSS -- multiple vulnerabilities

Mozilla Foundation reports: Mozilla has updated the version of Network Security Services NSS library used in Firefox to NSS 3.23. This addresses four moderate rated networking security issues reported by Mozilla engineers Tyson Smith and Jed Davis...

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: MFSA 2016-49 Miscellaneous memory safety hazards rv:47.0 / rv:45.2 MFSA 2016-50 Buffer overflow parsing HTML5 fragments MFSA 2016-51 Use-after-free deleting tables from a contenteditable document MFSA 2016-52 Addressbar spoofing though the SELECT element MFSA 2016-54...

wireshark -- multiple vulnerabilities

Wireshark development team reports: The following vulnerabilities have been fixed: wnpa-sec-2016-29 The SPOOLS dissector could go into an infinite loop. Discovered by the CESG. wnpa-sec-2016-30 The IEEE 802.11 dissector could crash. Bug 11585 wnpa-sec-2016-31 The IEEE 802.11 dissector could crash...

gnutls -- file overwrite by setuid programs

gnutls.org reports: Setuid programs using GnuTLS 3.4.12 could potentially allow an attacker to overwrite and corrupt arbitrary files in the filesystem...

FreeBSD -- Multiple ntp vulnerabilities

Problem Description: Multiple vulnerabilities have been discovered in the NTP suite: The fix for Sec 3007 in ntp-4.2.8p7 contained a bug that could cause ntpd to crash. CVE-2016-4957, Reported by Nicolas Edet of Cisco An attacker who knows the origin timestamp and can send a spoofed packet...

libtorrent-rasterbar -- denial of service

Brandon Perry reports: The parsechunkheader function in libtorrent before 1.1.1 allows remote attackers to cause a denial of service crash via a crafted 1 HTTP response or possibly a 2 UPnP broadcast...

xen-tools -- Unsanitised driver domain input in libxl device handling

The Xen Project reports: libxl's device-handling code freely uses and trusts information from the backend directories in xenstore. A malicious driver domain can deny service to management tools...

xen-tools -- Unsanitised guest input in libxl device handling code

The Xen Project reports: Various parts of libxl device-handling code inappropriately use information from partially guest controlled areas of xenstore. A malicious guest administrator can cause denial of service by resource exhaustion. A malicious guest administrator can confuse and/or deny servi...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 15 security fixes in this release, including: 601073 High CVE-2016-1696: Cross-origin bypass in Extension bindings. Credit to anonymous. 613266 High CVE-2016-1697: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. 603725 Medium CVE-2016-1698: Information lea...

openssl -- denial of service

Mitre reports: OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service integer overflow and application crash or possibly have unspecified other impact by leveraging unexpected malloc behavior,...

nginx -- a specially crafted request might result in worker process crash

Maxim Dounin reports: A problem was identified in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while writing client request body to a temporary file...

FreeBSD -- Kernel stack disclosure in 4.3BSD compatibility layer

Problem Description: The implementation of historic stat2 system call does not clear the output struct before copying it out to userland. Impact: An unprivileged user can read a portion of uninitialised kernel stack data, which may contain sensitive information, such as the stack guard, portions ...

FreeBSD -- Kernel stack disclosure in Linux compatibility layer

Problem Description: The implementation of the TIOCGSERIAL ioctl2 does not clear the output struct before copying it out to userland. The implementation of the Linux sysinfo system call does not clear the output struct before copying it out to userland. Impact: An unprivileged user can read a...

tiff -- buffer overflow

Henri Salo reports: buffer overflow in gif2tiff tool...

php -- multiple vulnerabilities

The PHP Group reports: Core: Fixed bug 72114 Integer underflow / arbitrary null write in fread/gzread. CVE-2016-5096 PHP 5.5/5.6 only Fixed bug 72135 Integer Overflow in phphtmlentities. CVE-2016-5094 PHP 5.5/5.6 only GD: Fixed bug 72227 imagescale out-of-bounds read. CVE-2013-7456 Intl: Fixed bu...

phpmyadmin -- XSS and sensitive data leakage

The phpmyadmin development team reports: Description Because user SQL queries are part of the URL, sensitive information made as part of a user query can be exposed by clicking on external links to attackers monitoring user GET query parameters or included in the webserver logs. Severity We...