phpmyfaq -- cross-site request forgery vulnerability

The phpMyFAQ team reports: The vulnerability exists due to application does not properly verify origin of HTTP requests in "Interface Translation" functionality.: A remote unauthenticated attacker can create a specially crafted malicious web page with CSRF exploit, trick a logged-in administrator...

piwik -- XSS vulnerability

Piwik reports: The Piwik Security team is grateful for the responsible disclosures by our security researchers: Egidio Romano granted a critical security bounty, James Kettle and Paweł Bartunek XSS and Emanuel Bronshtein limited XSS...

perl5 -- taint mechanism bypass vulnerability

MITRE reports: Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp...

flash -- multiple vulnerabilities

Adobe reports: These updates harden a mitigation against JIT spraying attacks that could be used to bypass memory layout randomization mitigations CVE-2016-1006. These updates resolve type confusion vulnerabilities that could lead to code execution CVE-2016-1015, CVE-2016-1019. These updates...

go -- remote denial of service

Jason Buberel reports: Go has an infinite loop in several big integer routines that makes Go programs vulnerable to remote denial of service attacks. Programs using HTTPS client authentication or the Go ssh server libraries are both exposed to this vulnerability...

cacti -- multiple vulnerabilities

The Cacti Group, Inc. reports: Changelog bug:0002667: Cacti SQL Injection Vulnerability bug:0002673: CVE-2016-3659 - Cacti graphview.php SQL Injection Vulnerability bug:0002656: Authentication using web authentication as a user not in the cacti database allows complete access regression...

ansible -- use of predictable paths in lxc_container

Ansible developers report: CVE-2016-3096: do not use predictable paths in lxccontainer do not use a predictable filename for the LXC attach script don't use predictable filenames for LXC attach script logging don't set a predictable archivepath this should prevent symlink attacks which could resu...

logstash -- password disclosure vulnerability

Logstash developers report: Passwords Printed in Log Files under Some Conditions It was discovered that, in Logstash 2.1.0+, log messages generated by a stalled pipeline during shutdown will print plaintext contents of password fields. While investigating this issue we also discovered that debug...

php -- multiple vulnerabilities

The PHP Group reports: Fileinfo: Fixed bug 71527 Buffer over-write in finfoopen with malformed magic file. mbstring: Fixed bug 71906 AddressSanitizer: negative-size-param -1 in mbflstrcut. Phar: Fixed bug 71860 Invalid memory write in phar on filename with \0 in name. SNMP: Fixed bug 71704...

mercurial -- multiple vulnerabilities

Mercurial reports: CVE-2016-3630: Remote code execution in binary delta decoding CVE-2016-3068: Arbitrary code execution with Git subrepos CVE-2016-3069: Arbitrary code execution when converting Git repos...

squid -- multiple vulnerabilities

Squid security advisory 2016:3 reports: Due to a buffer overrun Squid pinger binary is vulnerable to denial of service or information leak attack when processing ICMPv6 packets. This bug also permits the server response to manipulate other ICMP and ICMPv6 queries processing to cause information...

openvswitch -- MPLS buffer overflow

Open vSwitch reports: Multiple versions of Open vSwitch are vulnerable to remote buffer overflow attacks, in which crafted MPLS packets could overflow the buffer reserved for MPLS labels in an OVS internal data structure. The MPLS packets that trigger the vulnerability and the potential for...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 594574 High CVE-2016-1646: Out-of-bounds read in V8. 590284 High CVE-2016-1647: Use-after-free in Navigation. 590455 High CVE-2016-1648: Use-after-free in Extensions. 597518 CVE-2016-1650: Various fixes from internal audits, fuzzing and other initiatives. Multiple...

moodle -- multiple vulnerabilities

Marina Glancy reports: MSA-16-0003: Incorrect capability check when displaying users emails in Participants list MSA-16-0004: XSS from profile fields from external db MSA-16-0005: Reflected XSS in moddata advanced search MSA-16-0006: Hidden courses are shown to students in Event Monitor...

tiff -- denial of service

Aladdin Mubaied reports: Buffer-overflow in gif2tiff utility...

expat -- multiple vulnerabilities

Sebastian Pipping reports: CVE-2012-6702 -- Resolve troublesome internal call to srand that was introduced with Expat 2.1.0 when addressing CVE-2012-0876 issue 496 CVE-2016-5300 -- Use more entropy for hash initialization than the original fix to CVE-2012-0876...

salt -- Insecure configuration of PAM external authentication service

SaltStack reports: This issue affects all Salt versions prior to 2015.8.8/2015.5.10 when PAM external authentication is enabled. This issue involves passing an alternative PAM authentication service with a command that is sent to LocalClient, enabling the attacker to bypass the configured...

openafs -- multiple vulnerabilities

The OpenAFS development team reports: Foreign users can bypass access controls to create groups as system:administrators, including in the user namespace and the system: namespace. The contents of uninitialized memory are sent on the wire when clients perform certain RPCs. Depending on the RPC, t...

openafs -- local DoS vulnerability

The OpenAFS development team reports: Avoid a potential denial of service issue, by fixing a bug in pioctl logic that allowed a local user to overrun a kernel buffer with a single NUL byte...

FreeBSD -- Incorrect argument validation in sysarch(2)

Problem Description: A special combination of sysarch2 arguments, specify a request to uninstall a set of descriptors from the LDT. The start descriptor is cleared and the number of descriptors are provided. Due to lack of sufficient bounds checking during argument validity verification, unbound...

openssh -- command injection when X11Forwarding is enabled

The OpenSSH project reports: Missing sanitisation of untrusted input allows an authenticated user who is able to request X11 forwarding to inject commands to xauth1. Injection of xauth commands grants the ability to read arbitrary files under the authenticated user's privilege, Other xauth comman...

dropbear -- authorized_keys command= bypass

Matt Johnson reports: Validate X11 forwarding input. Could allow bypass of authorizedkeys command= restrictions...

activemq -- Web Console Clickjacking

Michael Furman reports: The web based administration console does not set the X-Frame-Options header in HTTP responses. This allows the console to be embedded in a frame or iframe which could then be used to cause a user to perform an unintended action in the console...

activemq -- Web Console Cross-Site Scripting

Vladimir Ivanov Positive Technologies reports: Several instances of cross-site scripting vulnerabilities were identified to be present in the web based administration console as well as the ability to trigger a Java memory dump into an arbitrary folder. The root cause of these issues are improper...

flash -- multiple vulnerabilities

Adobe reports: These updates resolve integer overflow vulnerabilities that could lead to code execution CVE-2016-0963, CVE-2016-0993, CVE-2016-1010. These updates resolve use-after-free vulnerabilities that could lead to code execution CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991,...

FreeBSD -- Multiple OpenSSL vulnerabilities

Problem Description: A cross-protocol attack was discovered that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. Note that traffic between clients and non-vulnerable servers can be decrypted provided...

bind -- denial of service vulnerability

ISC reports: A response containing multiple DNS cookies causes servers with cookie support enabled to exit with an assertion failure...

bind -- denial of service vulnerability

ISC reports: A problem parsing resource record signatures for DNAME resource records can lead to an assertion failure in resolver.c or db.c...

bind -- denial of service vulnerability

ISC reports: An error parsing input received by the rndc control channel can cause an assertion failure in sexpr.c or alist.c...

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: MFSA 2016-16 Miscellaneous memory safety hazards rv:45.0 / rv:38.7 MFSA 2016-17 Local file overwriting and potential privilege escalation through CSP reports MFSA 2016-18 CSP reports fail to strip location information for embedded iframe pages MFSA 2016-19 Linux video...

graphite2 -- multiple vulnerabilities

Mozilla Foundation reports: Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a...

NSS -- multiple vulnerabilities

Mozilla Foundation reports: Security researcher Francis Gabriel reported a heap-based buffer overflow in the way the Network Security Services NSS libraries parsed certain ASN.1 structures. An attacker could create a specially-crafted certificate which, when parsed by NSS, would cause it to crash...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 589838 High CVE-2016-1643: Type confusion in Blink. 590620 High CVE-2016-1644: Use-after-free in Blink. 587227 High CVE-2016-1645: Out-of-bounds write in PDFium...

proftpd -- vulnerability in mod_tls

MITRE reports: The modtls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman DH key to be used and consequently allow attackers to have unspecified impact via unknown vectors...

php7 -- multiple vulnerabilities

The PHP Group reports: Core: Fixed bug 71637 Multiple Heap Overflow due to integer overflows in xml/filterurl/addcslashes. SOAP: Fixed bug 71610 Type Confusion Vulnerability - SOAP / makehttpsoaprequest...

php5 -- multiple vulnerabilities

The PHP Group reports: Phar: Fixed bug 71498 Out-of-Bound Read in pharparsezipfile. WDDX: Fixed bug 71587 Use-After-Free / Double-Free in WDDX Deserialize...

OpenVPN -- Buffer overflow in PAM authentication and DoS through port sharing

Samuli Seppänen reports: OpenVPN 2.3.11 ... fixes two vulnerabilities: a port-share bug with DoS potential and a buffer overflow by user supplied data when using pam authentication...

Bugzilla security issues

Bugzilla Security Advisory A specially crafted bug summary could trigger XSS in dependency graphs. Due to an incorrect parsing of the image map generated by the dot script, a specially crafted bug summary could trigger XSS in dependency graphs...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 560011 High CVE-2016-1630: Same-origin bypass in Blink. 569496 High CVE-2016-1631: Same-origin bypass in Pepper Plugin. 549986 High CVE-2016-1632: Bad cast in Extensions. 572537 High CVE-2016-1633: Use-after-free in Blink. 559292 High CVE-2016-1634: Use-after-free ...

node -- multiple vulnerabilities

Jeremiah Senkpiel reports: Fix a double-free defect in parsing malformed DSA keys that may potentially be used for DoS or memory corruption attacks. Fix a defect that can cause memory corruption in certain very rare cases Fix a defect that makes the CacheBleed Attack possible...

django -- multiple vulnerabilities

Tim Graham reports: Malicious redirect and possible XSS attack via user-supplied redirect URLs containing basic auth User enumeration through timing difference on password hasher work factor upgrade...

PostgreSQL -- minor security problems.

PostgreSQL project reports: Security Fixes for RLS, BRIN This release closes security hole CVE-2016-2193 https://access.redhat.com/security/cve/CVE-2016-2193, where a query plan might get reused for more than one ROLE in the same session. This could cause the wrong set of Row Level Security RLS...

py-djblets -- Self-XSS vulnerability

Djblets Release Notes reports: A recently-discovered vulnerability in the datagrid templates allows an attacker to generate a URL to any datagrid page containing malicious code in a column sorting value. If the user visits that URL and then clicks that column, the code will execute. The cause of...

phpmyadmin -- multiple XSS and a man-in-the-middle vulnerability

The phpMyAdmin development team reports: XSS vulnerability in SQL parser. Using a crafted SQL query, it is possible to trigger an XSS attack through the SQL query page. We consider this vulnerability to be non-critical. Multiple XSS vulnerabilities. By sending a specially crafted URL as part of t...

rails -- multiple vulnerabilities

Ruby on Rails blog: Rails 4.2.5.2, 4.1.14.2, and 3.2.22.2 have been released! These contain the following important security fixes, and it is recommended that users upgrade as soon as possible...

pcre -- heap overflow vulnerability

Mitre reports: The pcrecompile2 function in pcrecompile.c in PCRE 8.38 mishandles the /?:F?+?:^?Ra+"99-?J?'R'?'R'?'RR'?'R'\97?J?J?'R'?'R'\99|:?|?'R'\k'R'|?'R'H'R'RH'R/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service heap-based buffer...

wireshark -- multiple vulnerabilities

Wireshark development team reports: The following vulnerabilities have been fixed: wnpa-sec-2016-02 ASN.1 BER dissector crash. Bug 11828 CVE-2016-2522 wnpa-sec-2016-03 DNP dissector infinite loop. Bug 11938 CVE-2016-2523 wnpa-sec-2016-04 X.509AF dissector crash. Bug 12002 CVE-2016-2524...

exim -- local privillege escalation

The Exim development team reports: All installations having Exim set-uid root and using 'perlstartup' are vulnerable to a local privilege escalation. Any user who can start an instance of Exim and this is normally any user can gain root privileges. If you do not use 'perlstartup' you should be sa...

PuTTY - old-style scp downloads may allow remote code execution

Simon G. Tatham reports: Many versions of PSCP prior to 0.67 have a stack corruption vulnerability in their treatment of the 'sink' direction i.e. downloading from server to client of the old-style SCP protocol. In order for this vulnerability to be exploited, the user must connect to a malicious...

xerces-c3 -- Parser Crashes on Malformed Input

The Apache Software Foundation reports: The Xerces-C XML parser mishandles certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. The overflows can manifest as a segmentation fault or as memory corruption during a parse operation. The bugs...