6585 matches found
FreeBSD -- Kernel stack disclosure in Linux compatibility layer
Problem Description: The implementation of the TIOCGSERIAL ioctl2 does not clear the output struct before copying it out to userland. The implementation of the Linux sysinfo system call does not clear the output struct before copying it out to userland. Impact: An unprivileged user can read a...
nginx -- a specially crafted request might result in worker process crash
Maxim Dounin reports: A problem was identified in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while writing client request body to a temporary file...
tiff -- buffer overflow
Henri Salo reports: buffer overflow in gif2tiff tool...
php -- multiple vulnerabilities
The PHP Group reports: Core: Fixed bug 72114 Integer underflow / arbitrary null write in fread/gzread. CVE-2016-5096 PHP 5.5/5.6 only Fixed bug 72135 Integer Overflow in phphtmlentities. CVE-2016-5094 PHP 5.5/5.6 only GD: Fixed bug 72227 imagescale out-of-bounds read. CVE-2013-7456 Intl: Fixed bu...
VLC -- Possibly remote code execution via crafted file
The VLC project reports: Fix out-of-bound write in adpcm QT IMA codec CVE-2016-5108...
libxslt -- Denial of Service
Google reports: 583156 Medium CVE-2016-1683: Out-of-bounds access in libxslt. Credit to Nicolas Gregoire. 583171 Medium CVE-2016-1684: Integer overflow in libxslt. Credit to Nicolas Gregoire...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 42 security fixes in this release Please reference CVE/URL list for details...
phpmyadmin -- XSS and sensitive data leakage
The phpmyadmin development team reports: Description Because user SQL queries are part of the URL, sensitive information made as part of a user query can be exposed by clicking on external links to attackers monitoring user GET query parameters or included in the webserver logs. Severity We...
typo3 -- Missing access check in Extbase
TYPO3 reports: Extbase request handling fails to implement a proper access check for requested controller/ action combinations, which makes it possible for an attacker to execute arbitrary Extbase actions by crafting a special request. To successfully exploit this vulnerability, an attacker must...
libxml2 -- multiple vulnerabilities
Daniel Veillard reports: More format string warnings with possible format string vulnerability David Kilzer Avoid building recursive entities Daniel Veillard Heap-based buffer overread in htmlCurrentChar Pranjal Jumde Heap-based buffer-underreads due to xmlParseName David Kilzer Heap use-after-fr...
xen-tools -- Unrestricted qemu logging
The Xen Project reports: When the libxl toolstack launches qemu for HVM guests, it pipes the output of stderr to a file in /var/log/xen. This output is not rate-limited in any way. The guest can easily cause qemu to print messages to stderr, causing this file to become arbitrarily large. The disk...
mediawiki -- multiple vulnerabilities
Mediawiki reports: Security fixes: T122056: Old tokens are remaining valid within a new session T127114: Login throttle can be tricked using non-canonicalized usernames T123653: Cross-domain policy regexp is too narrow T123071: Incorrectly identifying http link in a's href attributes, due to m...
moodle -- multiple vulnerabilities
Marina Glancy reports: MSA-16-0013: Users are able to change profile fields that were locked by the administrator. MSA-16-0015: Information disclosure of hidden forum names and sub-names. MSA-16-0016: User can view badges of other users without proper permissions. MSA-16-0017: Course idnumber not...
h2o -- use after free on premature connection close
Tim Newsha reports: When H2O tries to disconnect a premature HTTP/2 connection, it calls free3 to release memory allocated for the connection and immediately after then touches the memory. No malloc-related operation is performed by the same thread between the time it calls free and the time the...
FreeBSD -- Incorrect argument handling in sendmsg(2)
Problem Description: Incorrect argument handling in the socket code allows malicious local user to overwrite large portion of the kernel memory. Impact: Malicious local user may crash kernel or execute arbitrary code in the kernel, potentially gaining superuser privileges...
FreeBSD -- Buffer overflow in keyboard driver
Problem Description: Incorrect signedness comparison in the ioctl2 handler allows a malicious local user to overwrite a portion of the kernel memory. Impact: A local user may crash the kernel, read a portion of kernel memory and execute arbitrary code in kernel context. The result of executing an...
xen-kernel -- x86 software guest page walk PS bit handling flaw
The Xen Project reports: The Page Size PS page table entry bit exists at all page table levels other than L1. Its meaning is reserved in L4, and conditionally reserved in L3 and L2 depending on hardware capabilities. The software page table walker in the hypervisor, however, so far ignored that b...
expat -- denial of service vulnerability on malformed input
Gustavo Grieco reports: The Expat XML parser mishandles certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. The overflows can manifest as a segmentation fault or as memory corruption during a parse operation. The bugs allow for a denial...
flash -- multiple vulnerabilities
Adobe reports: These updates resolve type confusion vulnerabilities that could lead to code execution CVE-2016-1105, CVE-2016-4117. These updates resolve use-after-free vulnerabilities that could lead to code execution CVE-2016-1097, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109,...
p7zip -- out-of-bounds read vulnerability
Cisco Talos reports: An out-of-bounds read vulnerability exists in the way 7-Zip handles Universal Disk Format UDF files. Central to 7-Zip’s processing of UDF files is the CInArchive::ReadFileItem method. Because volumes can have more than one partition map, their objects are kept in an object...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory: Description SECURITY-170 / CVE-2016-3721 Arbitrary build parameters are passed to build scripts as environment variables SECURITY-243 / CVE-2016-3722 Malicious users with multiple user accounts can prevent other users from logging in SECURITY-250 / CVE-2016-3723...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 5 security fixes in this release, including: 605766 High CVE-2016-1667: Same origin bypass in DOM. Credit to Mariusz Mlynski. 605910 High CVE-2016-1668: Same origin bypass in Blink V8 bindings. Credit to Mariusz Mlynski. 606115 High CVE-2016-1669: Buffer overflow i...
p7zip -- heap overflow vulnerability
Cisco Talos reports: An exploitable heap overflow vulnerability exists in the NArchive::NHfs::CHandler::ExtractZlibFile method functionality of 7zip that can lead to arbitrary code execution...
xen-tools -- QEMU: Banked access to VGA memory (VBE) uses inconsistent bounds checks
The Xen Project reports: Qemu VGA module allows banked access to video memory using the window at 0xa00000 and it supports different access modes with different address calculations. Qemu VGA module allows guest to edit certain registers in 'vbe' and 'vga' modes. A privileged guest user could use...
imagemagick -- buffer overflow
ImageMagick reports: Fix a buffer overflow in magick/drag.c/DrawStrokePolygon...
xercesi-c3 -- multiple vulnerabilities
Apache reports: The Xerces-C XML parser fails to successfully parse a DTD that is deeply nested, and this causes a stack overflow, which makes a denial of service attack against many applications possible by an unauthenticated attacker. Also, CVE-2016-2099: Use-after-free vulnerability in...
roundcube -- XSS vulnerability
Roundcube reports: Fix XSS issue in href attribute on area tag 5240...
wordpress -- multiple vulnerabilities
Helen Hou-Sandi reports: WordPress 4.5.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.5.1 and earlier are affected by a SOME vulnerability through Plupload, the third-party library...
squid -- multiple vulnerabilities
The squid development team reports: Please reference CVE/URL list for details...
ikiwiki -- XSS vulnerability
Mitre reports: Cross-site scripting XSS vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message...
hostapd -- multiple vulnerabilities
Jouni Malinen reports: EAP-pwd missing last fragment length validation. 2015-7 - CVE-2015-5315 psk configuration parameter update allowing arbitrary data to be written. 2016-1 - CVE-2016-4476...
OpenSSL -- multiple vulnerabilities
OpenSSL reports: Padding oracle in AES-NI CBC MAC check EVPEncodeUpdate overflow EVPEncryptUpdate overflow ASN.1 BIO excessive memory allocation EBCDIC overread...
ImageMagick -- multiple vulnerabilities
Openwall reports: Insufficient filtering for filename passed to delegate's command allows remote code execution during conversion of several file formats. Any service which uses ImageMagick to process user supplied images and uses default delegates.xml / policy.xml, may be vulnerable to this issu...
OpenSSL -- multiple vulnerabilities
OpenSSL reports: Memory corruption in the ASN.1 encoder Padding oracle in AES-NI CBC MAC check EVPEncodeUpdate overflow EVPEncryptUpdate overflow ASN.1 BIO excessive memory allocation EBCDIC overread OpenSSL only...
chromium -- vulnerability
Google Chrome Releases reports: 45 security fixes in this release: 758848 High CVE-2017-11215: Use after free in Flash. Reported by JieZeng of Tencent Zhanlu Lab on 2017-08-25 758863 High CVE-2017-11225: Use after free in Flash. Reported by JieZeng of Tencent Zhanlu Lab on 2017-08-25 780919 High...
hostapd and wpa_supplicant -- psk configuration parameter update allowing arbitrary data to be written
Jouni Malinen reports: psk configuration parameter update allowing arbitrary data to be written 2016-1 - CVE-2016-4476/CVE-2016-4477...
gitlab -- privilege escalation via "impersonate" feature
GitLab reports: During an internal code review, we discovered a critical security flaw in the "impersonate" feature of GitLab. Added in GitLab 8.2, this feature was intended to allow an administrator to simulate being logged in as any other user. A part of this feature was not properly secured an...
libarchive -- RCE vulnerability
The libarchive project reports: Heap-based buffer overflow in the zipreadmacmetadata function in archivereadsupportformatzip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive...
jansson -- local denial of service vulnerabilities
QuickFuzz reports: A crash caused by stack exhaustion parsing a JSON was found...
mercurial -- arbitrary code execution vulnerability
Mercurial reports: CVE-2016-3105: Arbitrary code execution when converting Git repos...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 9 security fixes in this release, including: 574802 High CVE-2016-1660: Out-of-bounds write in Blink. Credit to Atte Kettunen of OUSPG. 601629 High CVE-2016-1661: Memory corruption in cross-process frames. Credit to Wadih Matar. 603732 High CVE-2016-1662:...
php -- multiple vulnerabilities
The PHP Group reports: BCMath: Fixed bug 72093 bcpowmod accepts negative scale and corrupts one definition. Exif: Fixed bug 72094 Out of bounds heap read access in exif header processing. GD: Fixed bug 71912 libgd: signedness vulnerability. CVE-2016-3074 Intl: Fixed bug 72061 Out-of-bounds reads ...
botan -- multiple vulnerabilities
Jack Lloyd reports: Botan 1.10.13 has been released backporting some side channel protections for ECDSA signatures CVE-2016-2849 and PKCS 1 RSA decryption CVE-2015-7827...
ntp -- multiple vulnerabilities
Network Time Foundation reports: NTF's NTP Project has been notified of the following low- and medium-severity vulnerabilities that are fixed in ntp-4.2.8p7, released on Tuesday, 26 April 2016: Bug 3020 / CVE-2016-1551: Refclock impersonation vulnerability, AKA: refclock-peering. Reported by Matt...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: MFSA 2016-39 Miscellaneous memory safety hazards rv:46.0 / rv:45.1 / rv:38.8 MFSA 2016-42 Use-after-free and buffer overflow in Service Workers MFSA 2016-44 Buffer overflow in libstagefright with CENC offsets MFSA 2016-45 CSP not applied to pages sent with...
quassel -- remote denial of service
Mitre reports: The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service NULL pointer dereference and crash via invalid handshake data...
wireshark -- multiple vulnerabilities
Wireshark development team reports: The following vulnerabilities have been fixed: wnpa-sec-2016-19 The NCP dissector could crash. Bug 11591 wnpa-sec-2016-20 TShark could crash due to a packet reassembly bug. Bug 11799 wnpa-sec-2016-21 The IEEE 802.11 dissector could crash. Bug 11824, Bug 12187...
subversion -- multiple vulnerabilities
Subversion project reports: svnserve, the svn:// protocol server, can optionally use the Cyrus SASL library for authentication, integrity protection, and encryption. Due to a programming oversight, authentication against Cyrus SASL would permit the remote user to specify a realm string which is a...
squid -- multiple vulnerabilities
Squid security advisory 2016:5 reports: Due to incorrect buffer management Squid cachemgr.cgi tool is vulnerable to a buffer overflow when processing remotely supplied inputs relayed to it from Squid. This problem allows any client to seed the Squid manager reports with data that will cause a...
MySQL -- multiple vulnerabilities
Oracle reports reports: Critical Patch Update contains 31 new security fixes for Oracle MySQL 5.5.48, 5.6.29, 5.7.11 and earlier...