6585 matches found
MySQL -- Multiple vulnerabilities
Oracle reports: The quarterly Critical Patch Update contains 22 new security fixes for Oracle MySQL 5.5.49, 5.6.30, 5.7.13 and earlier...
moodle -- multiple vulnerabilities
Marina Glancy reports: MSA-16-0019: Glossary search displays entries without checking user permissions to view them MSA-16-0020: Text injection in email headers MSA-16-0021: Unenrolled user still receives event monitor notifications even though they can no longer access course...
smarty3 -- shell injection in math
The smarty project reports: bugfix math shell injection vulnerability...
Multiple ports -- Proxy HTTP header vulnerability (httpoxy)
httpoxy.org reports: httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. It comes down to a simple namespace conflict:. RFC 3875 CGI puts the HTTP Proxy header from a request into the environment variables as HTTPPROXY HTTPPROXY is a popular...
bind -- denial of service vulnerability
ISC reports: A query name which is too long can cause a segmentation fault in lwresd...
Apache OpenOffice 4.1.2 -- Memory Corruption Vulnerability (Impress Presentations)
The Apache OpenOffice Project reports: An OpenDocument Presentation .ODP or Presentation Template .OTP file can contain invalid presentation elements that lead to memory corruption when the document is loaded in Apache OpenOffice Impress. The defect may cause the document to appear as corrupted a...
p7zip -- Null pointer dereference
MITRE reports: A null pointer dereference bug affects the 16.02 and many old versions of p7zip. A lack of null pointer check for the variable folders.PackPositions in function CInArchive::ReadAndDecodePackedStreams, as used in the 7z.so library and in 7z applications, will cause a crash and a...
flash -- multiple vulnerabilities
Adobe reports: These updates resolve a race condition vulnerability that could lead to information disclosure CVE-2016-4247. These updates resolve type confusion vulnerabilities that could lead to code execution CVE-2016-4223, CVE-2016-4224, CVE-2016-4225. These updates resolve use-after-free...
dropbear -- multiple vulnerabilities
Matt Johnston reports: If specific usernames including "%" symbols can be created on a system validated by getpwnam then an attacker could run arbitrary code as root when connecting to Dropbear server. A dbclient user who can control username or host arguments could potentially run arbitrary code...
xtrlock -- xtrlock does not block multitouch events
Debian reports: xtrlock did not block multitouch events so an attacker could still input and thus control various programs such as Chromium, etc. via so-called "multitouch" events including pan scrolling, "pinch and zoom" or even being able to provide regular mouse clicks by depressing the touchp...
samba -- client side SMB2/3 required signing can be downgraded
Samba team reports: A man in the middle attack can disable client signing over SMB2/3, even if enforced by configuration parameters...
BIND,Knot,NSD,PowerDNS -- denial over service via oversized zone transfers
ISC reports: DNS protocols were designed with the assumption that a certain amount of trust could be presumed between the operators of primary and secondary servers for a given zone. However, in current practice some organizations have scenarios which require them to accept zone data from sources...
SQLite3 -- Tempdir Selection Vulnerability
KoreLogic security reports: Affected versions of SQLite reject potential tempdir locations if they are not readable, falling back to '.'. Thus, SQLite will favor e.g. using cwd for tempfiles on such a system, even if cwd is an unsafe location. Notably, SQLite also checks the permissions of '.', b...
apache24 -- X509 Client certificate based authentication can be bypassed when HTTP/2 is used
Apache Software Foundation reports: The Apache HTTPD web server from 2.4.18-2.4.20 did not validate a X509 client certificate correctly when experimental module for the HTTP/2 protocol is used to access a resource. The net result is that a resource that should require a valid client certificate i...
atutor -- multiple vulnerabilities
ATutor reports: Security Fixes: Added a new layer of security over all php superglobals, fixed several XSS, CSRF, and SQL injection vulnerabilities...
p5-XSLoader -- local arbitrary code execution
Jakub Wilk reports: XSLoader tries to load code from a subdirectory in the cwd when called inside a string eval...
tiff -- buffer overflow
Mathias Svensson reports: potential buffer write overrun in PixarLogDecode on corrupted/unexpected images...
libreoffice -- use-after-free vulnerability
Talos reports: An exploitable Use After Free vulnerability exists in the RTF parser LibreOffice. A specially crafted file can cause a use after free resulting in a possible arbitrary code execution. To exploit the vulnerability a malicious file needs to be opened by the user via vulnerable...
ruby-saml -- XML signature wrapping attack
RubySec reports: ruby-saml prior to version 1.3.0 is vulnerable to an XML signature wrapping attack in the specific scenario where there was a signature that referenced at the same time 2 elements but past the scheme validator process since 1 of the element was inside the encrypted assertion...
icingaweb2 -- remote code execution
Eric Lippmann reports: Possibility of remote code execution via the remote command transport...
libarchive -- multiple vulnerabilities
Hanno Bock and Cisco Talos report: Out of bounds heap read in RAR parser Signed integer overflow in ISO parser TALOS-2016-0152 CVE-2016-4300: 7-Zip readSubStreamsInfo Integer Overflow TALOS-2016-0153 CVE-2016-4301: mtree parsedevice Stack Based Buffer Overflow TALOS-2016-0154 CVE-2016-4302:...
php -- multiple vulnerabilities
The PHP Group reports: Please reference CVE/URL list for details...
phpMyAdmin -- multiple vulnerabilities
Please reference CVE/URL list for details...
Apache Commons FileUpload -- denial of service
Jochen Wiedmann reports: A malicious client can send file upload requests that cause the HTTP server using the Apache Commons Fileupload library to become unresponsive, preventing the server from servicing other requests...
Apache Commons FileUpload -- denial of service (DoS) vulnerability
Mark Thomas reports: CVE-2016-3092 is a denial of service vulnerability that has been corrected in the Apache Commons FileUpload component. It occurred when the length of the multipart boundary was just below the size of the buffer 4096 bytes used to read the uploaded file. This caused the file...
The GIMP -- Use after Free vulnerability
The GIMP team reports: A Use-after-free vulnerability was found in the xcfloadimage function...
wordpress -- multiple vulnerabilities
Adam Silverstein reports: WordPress 4.5.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.5.2 and earlier are affected by several security issues: redirect bypass in the customizer, reporte...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 3 security fixes in this release, including: 620742 CVE-2016-1704: Various fixes from internal audits, fuzzing and other initiatives...
flash -- multiple vulnerabilities
Adobe reports: These updates resolve type confusion vulnerabilities that could lead to code execution CVE-2016-4144, CVE-2016-4149. These updates resolve use-after-free vulnerabilities that could lead to code execution CVE-2016-4142, CVE-2016-4143, CVE-2016-4145, CVE-2016-4146, CVE-2016-4147,...
payara -- Multiple vulnerabilities
Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution. Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware subcomponent: Administration. Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability...
drupal -- multiple vulnerabilities
Drupal Security Team reports: Saving user accounts can sometimes grant the user all roles User module - Drupal 7 - Moderately Critical Views can allow unauthorized users to see Statistics information Views module - Drupal 8 - Less Critical...
Python -- smtplib StartTLS stripping vulnerability
Red Hat reports: A vulnerability in smtplib allowing MITM attacker to perform a startTLS stripping attack. smtplib does not seem to raise an exception when the remote end smtp server is capable of negotiating starttls but fails to respond with 220 ok to an explicit call of SMTP.starttls. This may...
OCaml -- Multiple Security Vulnerabilities
MITRE reports: OCaml before 4.03.0 does not properly handle sign extensions, which allows remote attackers to conduct buffer overflow attacks or obtain sensitive information as demonstrated by a long string to the String.copy function...
wget -- HTTP to FTP redirection file name confusion vulnerability
Giuseppe Scrivano reports: On a server redirect from HTTP to a FTP resource, wget would trust the HTTP server and uses the name in the redirected URL as the destination filename...
expat2 -- denial of service
Adam Maris reports: It was found that original patch for issues CVE-2015-1283 and CVE-2015-2716 used overflow checks that could be optimized out by some compilers applying certain optimization settings, which can cause the vulnerability to remain even after applying the patch...
OpenSSL -- vulnerability in DSA signing
The OpenSSL team reports: Operations in the DSA signing algorithm should run in constant time in order to avoid side channel attacks. A flaw in the OpenSSL DSA implementation means that a non-constant time codepath is followed for certain operations. This has been demonstrated through a...
h2o -- fix DoS attack vector
Frederik Deweerdt reported a denial-of-service attack vector due to an unhandled error condition during socket connection...
haproxy -- denial of service
HAproxy reports: HAproxy 1.6.x before 1.6.6, when a deny comes from a reqdeny rule, allows remote attackers to cause a denial of service uninitialized memory access and crash or possibly have unspecified other impact via unknown vectors...
iperf3 -- buffer overflow
ESnet reports: A malicious process can connect to an iperf3 server and, by sending a malformed message on the control channel, corrupt the server process's heap area. This can lead to a crash and a denial of service, or theoretically a remote code execution as the user running the iperf3 server. ...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: MFSA 2016-49 Miscellaneous memory safety hazards rv:47.0 / rv:45.2 MFSA 2016-50 Buffer overflow parsing HTML5 fragments MFSA 2016-51 Use-after-free deleting tables from a contenteditable document MFSA 2016-52 Addressbar spoofing though the SELECT element MFSA 2016-54...
wireshark -- multiple vulnerabilities
Wireshark development team reports: The following vulnerabilities have been fixed: wnpa-sec-2016-29 The SPOOLS dissector could go into an infinite loop. Discovered by the CESG. wnpa-sec-2016-30 The IEEE 802.11 dissector could crash. Bug 11585 wnpa-sec-2016-31 The IEEE 802.11 dissector could crash...
NSS -- multiple vulnerabilities
Mozilla Foundation reports: Mozilla has updated the version of Network Security Services NSS library used in Firefox to NSS 3.23. This addresses four moderate rated networking security issues reported by Mozilla engineers Tyson Smith and Jed Davis...
gnutls -- file overwrite by setuid programs
gnutls.org reports: Setuid programs using GnuTLS 3.4.12 could potentially allow an attacker to overwrite and corrupt arbitrary files in the filesystem...
FreeBSD -- Multiple ntp vulnerabilities
Problem Description: Multiple vulnerabilities have been discovered in the NTP suite: The fix for Sec 3007 in ntp-4.2.8p7 contained a bug that could cause ntpd to crash. CVE-2016-4957, Reported by Nicolas Edet of Cisco An attacker who knows the origin timestamp and can send a spoofed packet...
libtorrent-rasterbar -- denial of service
Brandon Perry reports: The parsechunkheader function in libtorrent before 1.1.1 allows remote attackers to cause a denial of service crash via a crafted 1 HTTP response or possibly a 2 UPnP broadcast...
xen-tools -- Unsanitised driver domain input in libxl device handling
The Xen Project reports: libxl's device-handling code freely uses and trusts information from the backend directories in xenstore. A malicious driver domain can deny service to management tools...
xen-tools -- Unsanitised guest input in libxl device handling code
The Xen Project reports: Various parts of libxl device-handling code inappropriately use information from partially guest controlled areas of xenstore. A malicious guest administrator can cause denial of service by resource exhaustion. A malicious guest administrator can confuse and/or deny servi...
openssl -- denial of service
Mitre reports: OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service integer overflow and application crash or possibly have unspecified other impact by leveraging unexpected malloc behavior,...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 15 security fixes in this release, including: 601073 High CVE-2016-1696: Cross-origin bypass in Extension bindings. Credit to anonymous. 613266 High CVE-2016-1697: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. 603725 Medium CVE-2016-1698: Information lea...
FreeBSD -- Kernel stack disclosure in 4.3BSD compatibility layer
Problem Description: The implementation of historic stat2 system call does not clear the output struct before copying it out to userland. Impact: An unprivileged user can read a portion of uninitialised kernel stack data, which may contain sensitive information, such as the stack guard, portions ...