6585 matches found
Joomla! -- Core - SQL Injection/ACL Violation vulnerabilities
The JSST and the Joomla! Security Center report: 20151001 - Core - SQL Injection Inadequate filtering of request data leads to a SQL Injection vulnerability. 20151002 - Core - ACL Violations Inadequate ACL checks in comcontenthistory provide potential read access to data which should be access...
ntp -- 13 low- and medium-severity vulnerabilities
ntp.org reports: NTF's NTP Project has been notified of the following 13 low- and medium-severity vulnerabilities that are fixed in ntp-4.2.8p4, released on Wednesday, 21 October 2015: Bug 2941 CVE-2015-7871 NAK to the Future: Symmetric association authentication bypass via crypto-NAK Cisco ASIG...
ntp -- denial of service vulnerability
Network Time Foundation reports: NTF's NTP Project has been notified of the following 1 medium-severity vulnerability that is fixed in ntp-4.2.8p5, released on Thursday, 7 January 2016: NtpBug2956: Small-step/Big-step CVE-2015-5300...
drupal -- open redirect vulnerability
Drupal development team reports: The Overlay module in Drupal core displays administrative pages as a layer over the current page using JavaScript, rather than replacing the page in the browser window. The Overlay module does not sufficiently validate URLs prior to displaying their contents,...
java -- multiple vulnerabilities
Oracle reports: This Critical Patch Update contains 25 new security fixes for Oracle Java SE. 24 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password...
libebml -- multiple vulnerabilities
Mortiz Bunkus reports: Multiple invalid memory accesses vulnerabilities...
mediawiki -- multiple vulnerabilities
MediaWiki reports: Wikipedia user RobinHood70 reported two issues in the chunked upload API. The API failed to correctly stop adding new chunks to the upload when the reported size was exceeded T91203, allowing a malicious users to upload add an infinite number of chunks for a single file upload...
qemu -- denial of service vulnerabilities in eepro100 NIC support
Prasad J Pandit, Red Hat Product Security Team, reports: Qemu emulator built with the i8255x PRO100 emulation support is vulnerable to an infinite loop issue. It could occur while processing a chain of commands located in the Command Block List CBL. Each Command BlockCB points to the next command...
Salt -- multiple vulnerabilities
Salt release notes: CVE-2015-6918 - Git modules leaking HTTPS auth credentials to debug log Updated the Git state and execution modules to no longer display HTTPS basic authentication credentials in loglevel debug output on the Salt master. These credentials are now replaced with REDACTED in the...
flash -- remote code execution
Adobe reports: These updates resolve type confusion vulnerabilities that could lead to code execution CVE-2015-7645, CVE-2015-7647, CVE-2015-7648...
LibreSSL -- Memory leak and buffer overflow
Qualys reports: During the code review of OpenSMTPD a memory leak and buffer overflow an off-by-one, usually stack-based were discovered in LibreSSL's OBJobj2txt function. This function is called automatically during a TLS handshake both client-side, unless an anonymous mode is used, and...
firefox -- Cross-origin restriction bypass using Fetch
Firefox Developers report: Security researcher Abdulrahman Alqabandi reported that the fetch API did not correctly implement the Cross-Origin Resource Sharing CORS specification, allowing a malicious page to access private data from other origins. Mozilla developer Ben Kelly independently reporte...
wireshark -- Pcapng file parser crash
Wireshark development team reports: The following vulnerability has been fixed. wnpa-sec-2015-30 Pcapng file parser crash. Bug 11455...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 24 security fixes in this release, including: 519558 High CVE-2015-6755: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. 507316 High CVE-2015-6756: Use-after-free in PDFium. Credit to anonymous. 529520 High CVE-2015-6757: Use-after-free in ServiceWorker...
flash -- multiple vulnerabilities
Adobe reports: These updates resolve a vulnerability that could be exploited to bypass the same-origin-policy and lead to information disclosure CVE-2015-7628. These updates include a defense-in-depth feature in the Flash broker API CVE-2015-5569. These updates resolve use-after-free...
p5-HTML-Scrubber -- XSS vulnerability
MITRE reports: Cross-site scripting XSS vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a crafted comment...
optipng -- multiple vulnerabilities
ifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote attackers to cause a denial of service uninitialized memory read via a crafted GIF file. The bmpreadrows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service invalid memory...
codeigniter -- multiple XSS vulnerabilities
The CodeIgniter changelog reports: Fixed a number of XSS attack vectors in Security Library method xssclean thanks to Frans Rosén from Detectify...
PostgreSQL -- minor security problems.
PostgreSQL project reports: Two security issues have been fixed in this release which affect users of specific PostgreSQL features. CVE-2015-5289 json or jsonb input values constructed from arbitrary user input can crash the PostgreSQL server and cause a denial of service. CVE-2015-5288: The cryp...
mbedTLS/PolarSSL -- DoS and possible remote code execution
ARM Limited reports: When the client creates its ClientHello message, due to insufficient bounds checking it can overflow the heap-based buffer containing the message while writing some extensions. Two extensions in particular could be used by a remote attacker to trigger the overflow: the sessio...
lldpd -- Buffer overflow/Denial of service
The lldpd developer Vincent Bernat reports: A buffer overflow may allow arbitrary code execution only if hardening was disabled. Malformed packets should not make lldpd crash. Ensure we can handle them by not using assert in this part...
OpenSMTPD -- multiple vulnerabilities
OpenSMTPD developers report: fix an mda buffer truncation bug which allows a user to create forward files that pass session checks but fail delivery later down the chain, within the user mda fix remote buffer overflow in unprivileged pony process reworked offline enqueue to better protect against...
librsvg2 -- denial of service vulnerability
Adam Maris, Red Hat Product Security, reports: CVE-2015-7558: Stack exhaustion due to cyclic dependency causing to crash an application was found in librsvg2 while parsing SVG file. It has been fixed in 2.40.12 by many commits that has rewritten the checks for cyclic references...
gdk-pixbuf2 -- head overflow and DoS
reports: We found a heap overflow and a DoS in the gdk-pixbuf implementation triggered by the scaling of tga file. We found a heap overflow in the gdk-pixbuf implementation triggered by the scaling of gif file...
OpenSMTPD -- multiple vulnerabilities
OpenSMTPD developers report: an oversight in the portable version of fgetln that allows attackers to read and write out-of-bounds memory multiple denial-of-service vulnerabilities that allow local users to kill or hang OpenSMTPD a stack-based buffer overflow that allows local users to crash...
php -- multiple vulnerabilities
PHP reports: Phar: Fixed bug 69720 Null pointer dereference in phargetfpoffset. Fixed bug 70433 Uninitialized pointer in pharmakedirstream when zip entry filename is "/"...
VirtualBox -- undisclosed vulnerabilities
Oracle reports reports: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8, when using a Windows guest, allows local users to affect availability via unknown vectors related to Core. Unspecified...
james -- multiple vulnerabilities
The Apache James Project reports: This release has many enhancements and bug fixes over the previous release. See the Release Notes for a detailed list of changes. Some of the earlier defects could turn a James mail server into an Open Relay and allow files to be written on disk. All users of Jam...
FreeBSD -- rpcbind(8) remote denial of service [REVISED]
Problem Description: In rpcbind8, netbuf structures are copied directly, which would result in two netbuf structures that reference to one shared address buffer. When one of the two netbuf structures is freed, access to the other netbuf structure would result in an undefined result that may crash...
pygments -- shell injection vulnerability
NVD reports: The FontManager.getnixfontpath function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name...
unzip -- multiple vulnerabilities
Gustavo Grieco reports: Two issues were found in unzip 6.0: A heap overflow triggered by unzipping a file with password e.g unzip -p -P x sigsegv.zip. A denegation of service with a file that never finishes unzipping e.g. unzip sigxcpu.zip...
git -- potential code execution
Debian reports: "int" is the wrong data type for ... nlen assignment...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: Two vulnerabilities were fixed in this release: 530301 High CVE-2015-1303: Cross-origin bypass in DOM. Credit to Mariusz Mlynski. 531891 High CVE-2015-1304: Cross-origin bypass in V8. Credit to Mariusz Mlynski...
Git -- Execute arbitrary code
Git release notes: Some protocols like git-remote-ext can execute arbitrary code found in the URL. The URLs that submodules use may come from arbitrary sources e.g., .gitmodules files in a remote repository, and can hurt those who blindly enable recursive fetch. Restrict the allowed protocols to...
libvpx -- buffer overflow in vp9_init_context_buffers
The Mozilla Project reports: Security researcher Khalil Zhani reported that a maliciously crafted vp9 format video could be used to trigger a buffer overflow while parsing the file. This leads to a potentially exploitable crash due to a flaw in the libvpx library...
xen-tools -- libxl fails to honour readonly flag on disks with qemu-xen
The Xen Project reports: Callers of libxl can specify that a disk should be read-only to the guest. However, there is no code in libxl to pass this information to qemu-xen the upstream-based qemu; and indeed there is no way in qemu to make a disk read-only. The vulnerability is exploitable only v...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2015-96 Miscellaneous memory safety hazards rv:41.0 / rv:38.3 MFSA 2015-97 Memory leak in mozTCPSocket to servers MFSA 2015-98 Out of bounds read in QCMS library with ICC V4 profile attributes MFSA 2015-99 Site attribute spoofing on Android by pasting URL with...
owncloudclient -- Improper validation of certificates when using self-signed certificates
owncloud.org reports: The ownCloud Desktop Client was vulnerable against MITM attacks until version 2.0.0 in combination with self-signed certificates...
flash -- multiple vulnerabilities
Adobe reports: These updates resolve a type confusion vulnerability that could lead to code execution CVE-2015-5573. These updates resolve use-after-free vulnerabilities that could lead to code execution CVE-2015-5570, CVE-2015-5574, CVE-2015-5581, CVE-2015-5584, CVE-2015-6682. These updates...
redmine -- open redirect vulnerability
Redmine reports: Open Redirect vulnerability...
qemu -- denial of service vulnerability in virtio-net support
Prasad J Pandit, Red Hat Product Security Team, reports: Qemu emulator built with the Virtual Network Devicevirtio-net support is vulnerable to a DoS issue. It could occur while receiving large packets over the tuntap/macvtap interfaces and when guest's virtio-net driver did not support...
wolfssl -- DDoS amplification in DTLS
Sebastian Ramacher identified an error in wolfSSL's implementation of the server side of the DTLS handshake, which could be abused for DDoS amplification or a DoS on the DTLS server itself...
mbedTLS/PolarSSL -- multiple vulnerabilities
ARM Limited reports: Florian Weimar from Red Hat published on Lenstra's RSA-CRT attach for PKCS1 v1.5 signatures. These releases include countermeasures against that attack. Fabian Foerg of Gotham Digital Science found a possible client-side NULL pointer dereference, using the AFL Fuzzer. This...
squid -- TLS/SSL parser denial of service vulnerability
Amos Jeffries, release manager of the Squid-3 series, reports: Vulnerable versions are 3.5.0.1 to 3.5.8 inclusive, which are built with OpenSSL and configured for "SSL-Bump" decryption. Integer overflows can lead to invalid pointer math reading from random memory on some CPU architectures. In the...
otrs -- Scheduler Process ID File Access
The OTRS project reports: An attacker with valid LOCAL credentials could access and manipulate the process ID file for bin/otrs.schduler.pl from the CLI. The Proc::Daemon module 0.14 for Perl uses world-writable permissions for a file that stores a process ID, which allows local users to have an...
wolfssl -- leakage of private key information
Florian Weimer of Redhat discovered that an optimization in RSA signature validation can result in disclosure of the server's private key under certain fault conditions...
optipng -- use-after-free vulnerability
Gustavo Grieco reports: We found a use-after-free causing an invalid/double free in optipng 0.6.4...
openslp -- denial of service vulnerability
Qinghao Tang reports: The function ParseExtension in openslp 1.2.1 contains vulnerability: an attacker can cause a denial of service infinite loop via a packet with crafted "nextoffset" value and "extid" value...
qemu -- denial of service vulnerabilities in NE2000 NIC support
Prasad J Pandit, Red Hat Product Security Team, reports: Qemu emulator built with the NE2000 NIC emulation support is vulnerable to an infinite loop issue. It could occur when receiving packets over the network. A privileged user inside guest could use this flaw to crash the Qemu instance resulti...
miniupnpc -- buffer overflow
Talos reports: An exploitable buffer overflow vulnerability exists in the XML parser functionality of the MiniUPnP library. A specially crafted XML response can lead to a buffer overflow on the stack resulting in remote code execution. An attacker can set up a server on the local network to trigg...