6528 matches found
shutter -- arbitrary code execution
Luke Farone reports: In the "Shutter" screenshot application, I discovered that using the "Show in folder" menu option while viewing a file with a specially-crafted path allows for arbitrary code execution with the permissions of the user running Shutter...
plone -- multiple vulnerabilities
Plone.org reports: Versions Affected: All current Plone versions. Versions Not Affected: None. Nature of vulnerability: Allows creation of members by anonymous users on sites that have self-registration enabled, allowing bypass of CAPTCHA and similar protections against scripted attacks. The patc...
Bugzilla security issues
Bugzilla Security Advisory Login names usually an email address longer than 127 characters are silently truncated in MySQL which could cause the domain name of the email address to be corrupted. An attacker could use this vulnerability to create an account with an email address different from the...
qemu -- denial of service vulnerability in IDE disk/CD/DVD-ROM emulation
Prasad J Pandit, Red Hat Product Security Team, reports: Qemu emulator built with the IDE disk and CD/DVD-ROM emulation support is vulnerable to a divide by zero issue. It could occur while executing an IDE command WINREADNATIVEMAX to determine the maximum size of a drive. A privileged user insid...
openldap -- denial of service vulnerability
Denis Andzakovic reports: By sending a crafted packet, an attacker may cause the OpenLDAP server to reach an assert9 9 statement, crashing the daemon...
Joomla! -- Core - XSS Vulnerability
The JSST and the Joomla! Security Center report: 20150908 - Core - XSS Vulnerability Inadequate escaping leads to XSS vulnerability in login module...
phpMyAdmin -- reCaptcha bypass
The phpMyAdmin development team reports: This vulnerability allows to complete the reCaptcha test and subsequently perform a brute force attack to guess user credentials without having to complete further reCaptcha tests. We consider this vulnerability to be non critical since reCaptcha is an...
ffmpeg -- multiple vulnerabilities
NVD reports: The decodeihdrchunk function in libavcodec/pngdec.c in FFmpeg before 2.7.2 does not enforce uniqueness of the IHDR aka image header chunk in a PNG image, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact vi...
qemu -- denial of service vulnerability in e1000 NIC support
Prasad J Pandit, Red Hat Product Security Team, reports: Qemu emulator built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing transmit descriptor data when sending a network packet. A privileged user inside guest could use this flaw to...
ganglia-webfrontend -- auth bypass
Ivan Novikov reports: It's easy to bypass auth by using boolean serialization...
pgbouncer -- failed auth_query lookup leads to connection as auth_user
PgBouncer reports: New authuser functionality introduced in 1.6 allows login as authuser when client presents unknown username. It's quite likely authuser is superuser. Affects only setups that have enabled authuser in their config...
php -- multiple vulnerabilities
PHP reports: Core: Fixed bug 70172 Use After Free Vulnerability in unserialize. Fixed bug 70219 Use after free vulnerability in session deserializer. EXIF: Fixed bug 70385 Buffer over-read in exifreaddata with TIFF IFD tag byte value of 32 bytes. hash: Fixed bug 70312 HAVAL gives wrong hashes in...
powerdns -- denial of service
PowerDNS reports: A bug was found in our DNS packet parsing/generation code, which, when exploited, can cause individual threads disabling service or whole processes allowing a supervisor to restart them to crash with just one or a few query packets...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 29 security fixes in this release, including: 516377 High CVE-2015-1291: Cross-origin bypass in DOM. Credit to anonymous. 522791 High CVE-2015-1292: Cross-origin bypass in ServiceWorker. Credit to Mariusz Mlynski. 524074 High CVE-2015-1293: Cross-origin bypass in...
gdk-pixbuf2 -- integer overflows
Matthias Clasen reports: Fix several integer overflows...
devel/ipython -- multiple vulnerabilities
Matthias Bussonnier reports: Summary: Local folder name was used in HTML templates without escaping, allowing XSS in said pages by carefully crafting folder name and URL to access it. URI with issues: GET /tree/ Benjamin RK reports: Vulnerability: A maliciously forged file opened for editing can...
freeimage -- multiple integer overflows
Pcheng pcheng reports: An integer overflow issue in the FreeImage project was reported and fixed recently...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2015-95 Add-on notification bypass through data URLs MFSA 2015-94 Use-after-free when resizing canvas element during restyling...
FreeBSD -- Local privilege escalation in IRET handler
Problem Description: If the kernel-mode IRET instruction generates an SS or NP exception, but the exception handler does not properly ensure that the right GS register base for kernel is reloaded, the userland GS segment may be used in the context of the kernel exception handler. Impact: By causi...
pcre -- heap overflow vulnerability
Guanxing Wen reports: PCRE library is prone to a vulnerability which leads to Heap Overflow. During the compilation of a malformed regular expression, more data is written on the malloced block than the expected size output by compileregex. The Heap Overflow vulnerability is caused by the followi...
tarsnap -- buffer overflow and local DoS
Colin Percival reports: 1. SECURITY FIX: When constructing paths of objects being archived, a buffer could overflow by one byte upon encountering 1024, 2048, 4096, etc. byte paths. Theoretically this could be exploited by an unprivileged user whose files are being archived; I do not believe it is...
OpenSSH -- PermitRootLogin may allow password connections with 'without-password'
OpenSSH 7.0 contained a logic error in PermitRootLogin= prohibit-password/without-password that could, depending on compile-time configuration, permit password authentication to root while preventing other forms of authentication. This problem was reported by Mantas Mikulenas...
vlc -- arbitrary pointer dereference vulnerability
oCERT reports: The stable VLC version suffers from an arbitrary pointer dereference vulnerability. The vulnerability affects the 3GP file format parser, insufficient restrictions on a writable buffer can be exploited to execute arbitrary code via the heap memory. A specific 3GP file can be crafte...
codeigniter -- SQL injection vulnerability
The CodeIgniter changelog reports: Security: Fixed an SQL injection vulnerability in Active Record method offset...
drupal -- multiple vulnerabilities
Drupal development team reports: This security advisory fixes multiple vulnerabilities. See below for a list. Cross-site Scripting - Ajax system - Drupal 7 A vulnerability was found that allows a malicious user to perform a cross-site scripting attack by invoking Drupal.ajax on a whitelisted HTML...
bind -- denial of service vulnerability
ISC reports: An incorrect boundary check in openpgpkey61.c can cause named to terminate due to a REQUIRE assertion failure. This defect can be deliberately exploited by an attacker who can provide a maliciously constructed response in answer to a query...
bind -- denial of service vulnerability
ISC reports: Parsing a malformed DNSSEC key can cause a validating resolver to exit due to a failed assertion in buffer.c. It is possible for a remote attacker to deliberately trigger this condition, for example by using a query which requires a response from a zone containing a deliberately...
django -- multiple vulnerabilities
Tim Graham reports: Denial-of-service possibility in logout view by filling session store Previously, a session could be created when anonymously accessing the django.contrib.auth.views.logout view provided it wasn't decorated with django.contrib.auth.decorators.loginrequired as done in the admin...
FreeBSD -- Multiple integer overflows in expat (libbsdxml) XML parser
Problem Description: Multiple integer overflows have been discovered in the XMLGetBuffer function in the expat library. Impact: The integer overflows may be exploited by using specifically crafted XML data and lead to infinite loop, or a heap buffer overflow, which results in a Denial of Service...
qemu -- buffer overflow vulnerability in VNC
Prasad J Pandit, Red Hat Product Security Team, reports: Qemu emulator built with the VNC display driver support is vulnerable to a buffer overflow flaw leading to a heap memory corruption issue. It could occur while refreshing the server display surface via routine vncrefreshserversurface. A...
jasper -- multiple vulnerabilities
Martin Prpic reports: A double free flaw was found in the way JasPer's jasperimagestopload function parsed certain JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash. Feist Josselin reports: A new use-after-free was found in Jasper JPEG-200. The...
openjpeg -- use-after-free vulnerability
Feist Josselin reports: Use-after-free was found in openjpeg. The vuln is fixed in version 2.1.1 and was located in opjj2kwritemco function...
unreal -- denial of service
Unreal reports: Summary: If SASL support is enabled in UnrealIRCd this is not the default and is also enabled in your services package then a malicious user with a services account can cause UnrealIRCd to crash...
wireshark -- multiple vulnerabilities
Wireshark development team reports: The following vulnerabilities have been fixed. wnpa-sec-2015-21 Protocol tree crash. Bug 11309 wnpa-sec-2015-22 Memory manager crash. Bug 11373 wnpa-sec-2015-23 Dissector table crash. Bug 11381 wnpa-sec-2015-24 ZigBee crash. Bug 11389 wnpa-sec-2015-25 GSM RLC/M...
pear-twig -- remote code execution
Fabien Potencier reports: End users can craft valid Twig code that allows them to execute arbitrary code RCEs via the self variable, which is always available, even in sandboxed templates...
RT -- two XSS vulnerabilities
Best Practical reports: RT 4.0.0 and above are vulnerable to a cross-site scripting XSS attack via the user and group rights management pages. This vulnerability is assigned CVE-2015-5475. It was discovered and reported by Marcin Kopec at Data Reliance Shared Service Center. RT 4.2.0 and above ar...
libvpx -- multiple buffer overflows
The Mozilla Project reports: Security researcher Abhishek Arya Inferno of the Google Chrome Security Team used the Address Sanitizer tool to discover two buffer overflow issues in the Libvpx library used for WebM video when decoding a malformed WebM video file. These buffer overflows result in...
Adobe Flash Player -- critical vulnerabilities
Adobe reports: Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. These updates resolve type confusion vulnerabilities that could lead to code execution...
OpenSSH -- PAM vulnerabilities
OpenSSH 6.8 and 6.9 incorrectly set TTYs to be world-writable. Local attackers may be able to write arbitrary messages to logged-in users, including terminal escape sequences. Reported by Nikolay Edigaryev. Fixed a privilege separation weakness related to PAM support. Attackers who could...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2015-79 Miscellaneous memory safety hazards rv:40.0 / rv:38.2 MFSA 2015-80 Out-of-bounds read with malformed MP3 file MFSA 2015-81 Use-after-free in MediaStream playback MFSA 2015-82 Redefinition of non-configurable JavaScript object properties MFSA 2015-83...
mbedTLS/PolarSSL -- multiple vulnerabilities
ARM Limited reports: In order to strengthen the minimum requirements for connections and to protect against the Logjam attack, the minimum size of Diffie-Hellman parameters accepted by the client has been increased to 1024 bits. In addition the default size for the Diffie-Hellman parameters on th...
mediawiki -- multiple vulnerabilities
MediaWiki reports: Internal review discovered that Special:DeletedContributions did not properly protect the IP of autoblocked users. This fix makes the functionality of Special:DeletedContributions consistent with Special:Contributions and Special:BlockList. Internal review discovered that...
libpgf -- use-after-free
Pengsu Cheng reports: An use-after-free issue in Decoder.cpp was reported to upstream. The problem is due to lack of validation of ColorTableSize...
vorbis-tools, opus-tools -- multiple vulnerabilities
Paris Zoumpouloglou reports: I discovered an integer overflow issue in oggenc, related to the number of channels in the input WAV file. The issue triggers an out-of-bounds memory access which causes oggenc to crash. Paris Zoumpouloglou reports: A crafted WAV file with number of channels set to 0...
screen -- stack overflow
Kuang-che Wu reports: screen will recursively call MScrollV to depth n/256. This is time consuming and will overflow stack if n is huge...
qemu -- buffer overflow vulnerability in virtio-serial message exchanges
Prasad J Pandit, Red Hat Product Security Team, reports: Qemu emulator built with the virtio-serial vmchannel support is vulnerable to a buffer overflow issue. It could occur while exchanging virtio control messages between guest and the host. A malicious guest could use this flaw to corrupt few...
php5 -- multiple vulnerabilities
The PHP project reports: Core: Fixed bug 69793 Remotely triggerable stack exhaustion via recursive method calls. Fixed bug 70121 unserialize could lead to unexpected methods execution / NULL pointer deref. OpenSSL: Fixed bug 70014 opensslrandompseudobytes is not cryptographically secure. Phar:...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2015-78 Same origin violation and local file stealing via PDF reader...
adminer -- XSS vulnerability
Jakub Vrana reports: Fix XSS in alter table...
pcre -- heap overflow vulnerability in '(?|' situations
Venustech ADLAB reports: PCRE library is prone to a vulnerability which leads to Heap Overflow. During the compilation of a malformed regular expression, more data is written on the malloced block than the expected size output by compileregex. Exploits with advanced Heap Fengshui techniques may...