libebml -- multiple vulnerabilities

Mortiz Bunkus reports: Multiple invalid memory accesses vulnerabilities...

Salt -- multiple vulnerabilities

Salt release notes: CVE-2015-6918 - Git modules leaking HTTPS auth credentials to debug log Updated the Git state and execution modules to no longer display HTTPS basic authentication credentials in loglevel debug output on the Salt master. These credentials are now replaced with REDACTED in the...

mediawiki -- multiple vulnerabilities

MediaWiki reports: Wikipedia user RobinHood70 reported two issues in the chunked upload API. The API failed to correctly stop adding new chunks to the upload when the reported size was exceeded T91203, allowing a malicious users to upload add an infinite number of chunks for a single file upload...

qemu -- denial of service vulnerabilities in eepro100 NIC support

Prasad J Pandit, Red Hat Product Security Team, reports: Qemu emulator built with the i8255x PRO100 emulation support is vulnerable to an infinite loop issue. It could occur while processing a chain of commands located in the Command Block List CBL. Each Command BlockCB points to the next command...

flash -- remote code execution

Adobe reports: These updates resolve type confusion vulnerabilities that could lead to code execution CVE-2015-7645, CVE-2015-7647, CVE-2015-7648...

firefox -- Cross-origin restriction bypass using Fetch

Firefox Developers report: Security researcher Abdulrahman Alqabandi reported that the fetch API did not correctly implement the Cross-Origin Resource Sharing CORS specification, allowing a malicious page to access private data from other origins. Mozilla developer Ben Kelly independently reporte...

LibreSSL -- Memory leak and buffer overflow

Qualys reports: During the code review of OpenSMTPD a memory leak and buffer overflow an off-by-one, usually stack-based were discovered in LibreSSL's OBJobj2txt function. This function is called automatically during a TLS handshake both client-side, unless an anonymous mode is used, and...

wireshark -- Pcapng file parser crash

Wireshark development team reports: The following vulnerability has been fixed. wnpa-sec-2015-30 Pcapng file parser crash. Bug 11455...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 24 security fixes in this release, including: 519558 High CVE-2015-6755: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. 507316 High CVE-2015-6756: Use-after-free in PDFium. Credit to anonymous. 529520 High CVE-2015-6757: Use-after-free in ServiceWorker...

flash -- multiple vulnerabilities

Adobe reports: These updates resolve a vulnerability that could be exploited to bypass the same-origin-policy and lead to information disclosure CVE-2015-7628. These updates include a defense-in-depth feature in the Flash broker API CVE-2015-5569. These updates resolve use-after-free...

p5-HTML-Scrubber -- XSS vulnerability

MITRE reports: Cross-site scripting XSS vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a crafted comment...

optipng -- multiple vulnerabilities

ifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote attackers to cause a denial of service uninitialized memory read via a crafted GIF file. The bmpreadrows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service invalid memory...

PostgreSQL -- minor security problems.

PostgreSQL project reports: Two security issues have been fixed in this release which affect users of specific PostgreSQL features. CVE-2015-5289 json or jsonb input values constructed from arbitrary user input can crash the PostgreSQL server and cause a denial of service. CVE-2015-5288: The cryp...

codeigniter -- multiple XSS vulnerabilities

The CodeIgniter changelog reports: Fixed a number of XSS attack vectors in Security Library method xssclean thanks to Frans Rosén from Detectify...

mbedTLS/PolarSSL -- DoS and possible remote code execution

ARM Limited reports: When the client creates its ClientHello message, due to insufficient bounds checking it can overflow the heap-based buffer containing the message while writing some extensions. Two extensions in particular could be used by a remote attacker to trigger the overflow: the sessio...

OpenSMTPD -- multiple vulnerabilities

OpenSMTPD developers report: fix an mda buffer truncation bug which allows a user to create forward files that pass session checks but fail delivery later down the chain, within the user mda fix remote buffer overflow in unprivileged pony process reworked offline enqueue to better protect against...

lldpd -- Buffer overflow/Denial of service

The lldpd developer Vincent Bernat reports: A buffer overflow may allow arbitrary code execution only if hardening was disabled. Malformed packets should not make lldpd crash. Ensure we can handle them by not using assert in this part...

OpenSMTPD -- multiple vulnerabilities

OpenSMTPD developers report: an oversight in the portable version of fgetln that allows attackers to read and write out-of-bounds memory multiple denial-of-service vulnerabilities that allow local users to kill or hang OpenSMTPD a stack-based buffer overflow that allows local users to crash...

gdk-pixbuf2 -- head overflow and DoS

reports: We found a heap overflow and a DoS in the gdk-pixbuf implementation triggered by the scaling of tga file. We found a heap overflow in the gdk-pixbuf implementation triggered by the scaling of gif file...

librsvg2 -- denial of service vulnerability

Adam Maris, Red Hat Product Security, reports: CVE-2015-7558: Stack exhaustion due to cyclic dependency causing to crash an application was found in librsvg2 while parsing SVG file. It has been fixed in 2.40.12 by many commits that has rewritten the checks for cyclic references...

php -- multiple vulnerabilities

PHP reports: Phar: Fixed bug 69720 Null pointer dereference in phargetfpoffset. Fixed bug 70433 Uninitialized pointer in pharmakedirstream when zip entry filename is "/"...

VirtualBox -- undisclosed vulnerabilities

Oracle reports reports: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8, when using a Windows guest, allows local users to affect availability via unknown vectors related to Core. Unspecified...

james -- multiple vulnerabilities

The Apache James Project reports: This release has many enhancements and bug fixes over the previous release. See the Release Notes for a detailed list of changes. Some of the earlier defects could turn a James mail server into an Open Relay and allow files to be written on disk. All users of Jam...

FreeBSD -- rpcbind(8) remote denial of service [REVISED]

Problem Description: In rpcbind8, netbuf structures are copied directly, which would result in two netbuf structures that reference to one shared address buffer. When one of the two netbuf structures is freed, access to the other netbuf structure would result in an undefined result that may crash...

pygments -- shell injection vulnerability

NVD reports: The FontManager.getnixfontpath function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name...

unzip -- multiple vulnerabilities

Gustavo Grieco reports: Two issues were found in unzip 6.0: A heap overflow triggered by unzipping a file with password e.g unzip -p -P x sigsegv.zip. A denegation of service with a file that never finishes unzipping e.g. unzip sigxcpu.zip...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: Two vulnerabilities were fixed in this release: 530301 High CVE-2015-1303: Cross-origin bypass in DOM. Credit to Mariusz Mlynski. 531891 High CVE-2015-1304: Cross-origin bypass in V8. Credit to Mariusz Mlynski...

git -- potential code execution

Debian reports: "int" is the wrong data type for ... nlen assignment...

Git -- Execute arbitrary code

Git release notes: Some protocols like git-remote-ext can execute arbitrary code found in the URL. The URLs that submodules use may come from arbitrary sources e.g., .gitmodules files in a remote repository, and can hurt those who blindly enable recursive fetch. Restrict the allowed protocols to...

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2015-96 Miscellaneous memory safety hazards rv:41.0 / rv:38.3 MFSA 2015-97 Memory leak in mozTCPSocket to servers MFSA 2015-98 Out of bounds read in QCMS library with ICC V4 profile attributes MFSA 2015-99 Site attribute spoofing on Android by pasting URL with...

xen-tools -- libxl fails to honour readonly flag on disks with qemu-xen

The Xen Project reports: Callers of libxl can specify that a disk should be read-only to the guest. However, there is no code in libxl to pass this information to qemu-xen the upstream-based qemu; and indeed there is no way in qemu to make a disk read-only. The vulnerability is exploitable only v...

libvpx -- buffer overflow in vp9_init_context_buffers

The Mozilla Project reports: Security researcher Khalil Zhani reported that a maliciously crafted vp9 format video could be used to trigger a buffer overflow while parsing the file. This leads to a potentially exploitable crash due to a flaw in the libvpx library...

owncloudclient -- Improper validation of certificates when using self-signed certificates

owncloud.org reports: The ownCloud Desktop Client was vulnerable against MITM attacks until version 2.0.0 in combination with self-signed certificates...

flash -- multiple vulnerabilities

Adobe reports: These updates resolve a type confusion vulnerability that could lead to code execution CVE-2015-5573. These updates resolve use-after-free vulnerabilities that could lead to code execution CVE-2015-5570, CVE-2015-5574, CVE-2015-5581, CVE-2015-5584, CVE-2015-6682. These updates...

redmine -- open redirect vulnerability

Redmine reports: Open Redirect vulnerability...

mbedTLS/PolarSSL -- multiple vulnerabilities

ARM Limited reports: Florian Weimar from Red Hat published on Lenstra's RSA-CRT attach for PKCS1 v1.5 signatures. These releases include countermeasures against that attack. Fabian Foerg of Gotham Digital Science found a possible client-side NULL pointer dereference, using the AFL Fuzzer. This...

wolfssl -- DDoS amplification in DTLS

Sebastian Ramacher identified an error in wolfSSL's implementation of the server side of the DTLS handshake, which could be abused for DDoS amplification or a DoS on the DTLS server itself...

squid -- TLS/SSL parser denial of service vulnerability

Amos Jeffries, release manager of the Squid-3 series, reports: Vulnerable versions are 3.5.0.1 to 3.5.8 inclusive, which are built with OpenSSL and configured for "SSL-Bump" decryption. Integer overflows can lead to invalid pointer math reading from random memory on some CPU architectures. In the...

qemu -- denial of service vulnerability in virtio-net support

Prasad J Pandit, Red Hat Product Security Team, reports: Qemu emulator built with the Virtual Network Devicevirtio-net support is vulnerable to a DoS issue. It could occur while receiving large packets over the tuntap/macvtap interfaces and when guest's virtio-net driver did not support...

wolfssl -- leakage of private key information

Florian Weimer of Redhat discovered that an optimization in RSA signature validation can result in disclosure of the server's private key under certain fault conditions...

otrs -- Scheduler Process ID File Access

The OTRS project reports: An attacker with valid LOCAL credentials could access and manipulate the process ID file for bin/otrs.schduler.pl from the CLI. The Proc::Daemon module 0.14 for Perl uses world-writable permissions for a file that stores a process ID, which allows local users to have an...

optipng -- use-after-free vulnerability

Gustavo Grieco reports: We found a use-after-free causing an invalid/double free in optipng 0.6.4...

openslp -- denial of service vulnerability

Qinghao Tang reports: The function ParseExtension in openslp 1.2.1 contains vulnerability: an attacker can cause a denial of service infinite loop via a packet with crafted "nextoffset" value and "extid" value...

qemu -- denial of service vulnerabilities in NE2000 NIC support

Prasad J Pandit, Red Hat Product Security Team, reports: Qemu emulator built with the NE2000 NIC emulation support is vulnerable to an infinite loop issue. It could occur when receiving packets over the network. A privileged user inside guest could use this flaw to crash the Qemu instance resulti...

miniupnpc -- buffer overflow

Talos reports: An exploitable buffer overflow vulnerability exists in the XML parser functionality of the MiniUPnP library. A specially crafted XML response can lead to a buffer overflow on the stack resulting in remote code execution. An attacker can set up a server on the local network to trigg...

ZendFramework1 -- SQL injection vulnerability

Zend Framework developers report: The PDO adapters of Zend Framework 1 do not filter null bytes values in SQL statements. A PDO adapter can treat null bytes in a query as a string terminator, allowing an attacker to add arbitrary SQL following a null byte, and thus create a SQL injection...

wordpress -- multiple vulnerabilities

Samuel Sidler reports: WordPress 4.3.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.3 and earlier are vulnerable to a cross-site scripting vulnerability when processing shortcode tags...

moodle -- multiple vulnerabilities

Moodle Release Notes report: MSA-15-0030: Students can re-attempt answering questions in the lesson CVE-2015-5264 MSA-15-0031: Teacher in forum can still post to "all participants" and groups they are not members of CVE-2015-5272 - 2.7.10 only MSA-15-0032: Users can delete files uploaded by other...

h2o -- directory traversal vulnerability

Yakuzo reports: H2O up to version 1.4.4 / 1.5.0-beta1 contains a flaw in its URL normalization logic. When file.dir directive is used, this flaw allows a remote attacker to retrieve arbitrary files that exist outside the directory specified by the directive. H2O version 1.4.5 and version...

pitivi -- code execution

Luke Farone reports: Double-clicking a file in the user's media library with a specially-crafted path or filename allows for arbitrary code execution with the permissions of the user running Pitivi...