6585 matches found
proftpd -- arbitrary code execution vulnerability with chroot
ProFTPd development team reports: Vadim Melihow reported a critical issue with proftpd installations that use the modcopy module's SITE CPFR/SITE CPTO commands; modcopy allows these commands to be used by unauthenticated clients...
sqlite -- multiple vulnerabilities
NVD reports: SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service uninitialized memory access and application crash or possibly have unspecified other impact via a crafted COLLATE clause, a...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 45 new security fixes, including: 456518 High CVE-2015-1235: Cross-origin-bypass in HTML parser. Credit to anonymous. 313939 Medium CVE-2015-1236: Cross-origin-bypass in Blink. Credit to Amitay Dobo. 461191 High CVE-2015-1237: Use-after-free in IPC. Credit to Khali...
libxml2 -- Enforce the reader to run in constant memory
Daniel Veilland reports: Enforce the reader to run in constant memory. One of the operation on the reader could resolve entities leading to the classic expansion issue. Make sure the buffer used for xmlreader operation is bounded. Introduce a new allocation type for the buffers for this effect...
Adobe Flash Player -- critical vulnerabilities
Adobe reports: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2015-3043 exists in...
Ruby -- OpenSSL Hostname Verification Vulnerability
Ruby Developers report: After reviewing RFC 6125 and RFC 5280, we found multiple violations of matching hostnames and particularly wildcard certificates. Ruby’s OpenSSL extension will now provide a string-based matching algorithm which follows more strict behavior, as recommended by these RFCs. I...
qt4-imageformats, qt4-gui, qt5-gui -- Multiple Vulnerabilities in Qt Image Format Handling
Richard J. Moore reports: Due to two recent vulnerabilities identified in the built-in image format handling code, it was decided that this area required further testing to determine if further issues remained. Fuzzing using afl-fuzz located a number of issues in the handling of BMP, ICO and GIF...
ffmpeg -- out-of-bounds array access
NVD reports: The msrledecodepal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel...
libtasn1 -- stack-based buffer overflow in asn1_der_decoding
Debian reports: Hanno Boeck discovered a stack-based buffer overflow in the asn1derdecoding function in Libtasn1, a library to manage ASN.1 structures. A remote attacker could take advantage of this flaw to cause an application using the Libtasn1 library to crash, or potentially to execute...
net-snmp -- snmp_pdu_parse() function incomplete initialization
Qinghao Tang reports: Incompletely initialized vulnerability exists in the function ‘snmppduparse’ of ‘snmpapi.c', and remote attackers can cause memory leak, DOS and possible command executions by sending malicious packets...
Wesnoth -- Remote information disclosure
US-CERT/NIST reports: The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x before 1.12.2 allows remote attackers to read arbitrary files via a crafted 1 campaign or 2 map file...
PostgreSQL -- minor security problems.
PostgreSQL project reports: This update fixes three security vulnerabilities reported in PostgreSQL over the past few months. Nether of these issues is seen as particularly urgent. However, users should examine them in case their installations are vulnerable:. CVE-2015-3165 Double "free" after...
qemu -- Heap overflow in QEMU PCNET controller, allowing guest to host escape (CVE-2015-3209)
The QEMU security team reports: A guest which has access to an emulated PCNET network device e.g. with "model=pcnet" in their VIF configuration can exploit this vulnerability to take over the qemu process elevating its privilege to that of the qemu process...
pgbouncer -- remote denial of service
PgBouncer reports: Fix remote crash - invalid packet order causes lookup of NULL pointer. Not exploitable, just DoS...
libksba -- local denial of service vulnerabilities
Martin Prpic, Red Hat Product Security Team, reports: Denial of Service due to stack overflow in src/ber-decoder.c. Integer overflow in the BER decoder src/ber-decoder.c. Integer overflow in the DN decoder src/dn.c...
arj -- multiple vulnerabilities
Several vulnerabilities: symlink directory traversal, absolute path directory traversal and buffer overflow were discovered in the arj archiver...
FreeBSD -- Denial of Service with IPv6 Router Advertisements
Problem Description: The Neighbor Discover Protocol allows a local router to advertise a suggested Current Hop Limit value of a link, which will replace Current Hop Limit on an interface connected to the link on the FreeBSD system. Impact: When the Current Hop Limit similar to IPv4's TTL is small...
dnsmasq -- data exposure and denial of service
Nick Sampanis reported a potential memory exposure and denial of service vulnerability against dnsmasq 2.72. The CVE entry summarizes this as: The tcprequest function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setupreply function, which allows remote attackers to...
FreeBSD -- Insecure default GELI keyfile permissions
Problem Description: The default permission set by bsdinstall8 installer when configuring full disk encrypted ZFS is too open. Impact: A local attacker may be able to get a copy of the geli8 provider's keyfile which is located at a fixed location...
rubygem-redcarpet -- XSS vulnerability
Daniel LeCheminant reports: When markdown is being presented as HTML, there seems to be a strange interaction between and @ that lets an attacker insert malicious tags...
ntp -- multiple vulnerabilities
ntp.org reports: Sec 2779 ntpd accepts unauthenticated packets with symmetric key crypto. Sec 2781 Authentication doesn't protect symmetric associations against DoS attacks...
pidgin-otr -- use after free
Hanno Bock reports: The pidgin-otr plugin version 4.0.2 fixes a heap use after free error. The bug is triggered when a user tries to authenticate a buddy and happens in the function createsmpdialog...
freeradius3 -- insufficient validation on packets
Jouni Malinen reports: The EAP-PWD module performed insufficient validation on packets received from an EAP peer. This module is not enabled in the default configuration. Administrators must manually enable it for their server to be vulnerable. Only versions 3.0 up to 3.0.8 are affected...
asterisk -- TLS Certificate Common name NULL byte exploit
The Asterisk project reports: When Asterisk registers to a SIP TLS device and and verifies the server, Asterisk will accept signed certificates that match a common name other than the one Asterisk is expecting if the signed certificate has a common name containing a null byte after the portion of...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2015-44 Certificate verification bypass through the HTTP/2 Alt-Svc header MFSA 2015-43 Loading privileged content through Reader mode...
cassandra -- remote execution of arbitrary code
Jake Luciani reports: Under its default configuration, Cassandra binds an unauthenticated JMX/RMI interface to all network interfaces. As RMI is an API for the transport and remote execution of serialized Java, anyone with access to this interface can execute arbitrary code as the running user...
xen-kernel -- Certain domctl operations may be abused to lock up the host
The Xen Project reports: XSA-77 put the majority of the domctl operations on a list excepting them from having security advisories issued for them if any effects their use might have could hamper security. Subsequently some of them got declared disaggregation safe, but for a small subset this was...
xen-kernel and xen-tools -- Long latency MMIO mapping operations are not preemptible
The Xen Project reports: The XENDOMCTLmemorymapping hypercall allows long running operations without implementing preemption. This hypercall is used by the device model as part of the emulation associated with configuration of PCI devices passed through to HVM guests and is therefore indirectly...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA-2015-30 Miscellaneous memory safety hazards rv:37.0 / rv:31.6 MFSA-2015-31 Use-after-free when using the Fluendo MP3 GStreamer plugin MFSA-2015-32 Add-on lightweight theme installation approval bypassed through MITM attack MFSA-2015-33 resource:// documents can...
xen-tools -- Unmediated PCI command register access in qemu
The Xen Project reports: HVM guests are currently permitted to modify the memory and I/O decode bits in the PCI command register of devices passed through to them. Unless the device is an SR-IOV virtual function, after disabling one or both of these bits subsequent accesses to the MMIO or I/O por...
subversion -- DoS vulnerabilities
Subversion Project reports: Subversion HTTP servers with FSFS repositories are vulnerable to a remotely triggerable excessive memory use with certain REPORT requests. Subversion moddavsvn and svnserve are vulnerable to a remotely triggerable assertion DoS vulnerability for certain requests with...
mailman -- path traversal vulnerability
Mark Sapiro reports: A path traversal vulnerability has been discovered and fixed. This vulnerability is only exploitable by a local user on a Mailman server where the suggested Exim transport, the Postfix postfixtomailman.py transport or some other programmatic MTA delivery not using aliases is...
cpio -- multiple vulnerabilities
From the Debian Security Team: Heap-based buffer overflow in the processcopyin function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive. cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitra...
freexl -- multiple vulnerabilities
Jodie Cunningham reports: 1: A flaw was found in the way FreeXL reads sectors from the input file. A specially crafted file could possibly result in stack corruption near freexl.c:3752. 2: A flaw was found in the function allocatecells. A specially crafted file with invalid workbook dimensions...
rest-client -- session fixation vulnerability
Andy Brody reports: When Ruby rest-client processes an HTTP redirection response, it blindly passes along the values from any Set-Cookie headers to the redirection target, regardless of domain, path, or expiration...
Several vulnerabilities in libav
The libav project reports: utvideodec: Handle sliceheight being zero CVE-2014-9604 tiff: Check that there is no aliasing in pixel format selection CVE-2014-8544...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory: Description SECURITY-171, SECURITY-177 Reflective XSS vulnerability An attacker without any access to Jenkins can navigate the user to a carefully crafted URL and have the user execute unintended actions. This vulnerability can be used to attack Jenkins inside firewalls...
qemu -- denial of service vulnerability
Daniel P. Berrange reports: The VNC server websockets decoder will read and buffer data from websockets clients until it sees the end of the HTTP headers, as indicated by \r\n\r\n. In theory this allows a malicious to trick QEMU into consuming an arbitrary amount of RAM...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA-2015-28 Privilege escalation through SVG navigation MFSA-2015-29 Code execution through incorrect JavaScript bounds checking elimination...
mysql -- SSL Downgrade
Duo Security reports: Researchers have identified a serious vulnerability in some versions of Oracle’s MySQL database product that allows an attacker to strip SSL/TLS connections of their security wrapping transparently...
Several vulnerabilities found in PHP
The PHP project reports: The PHP development team announces the immediate availability of PHP 5.6.7. Several bugs have been fixed as well as CVE-2015-0231, CVE-2015-2305 and CVE-2015-2331. All PHP 5.6 users are encouraged to upgrade to this version. The PHP development team announces the immediat...
OpenSSL -- multiple vulnerabilities
OpenSSL project reports: Reclassified: RSA silently downgrades to EXPORTRSA Client CVE-2015-0204. OpenSSL only. Segmentation fault in ASN1TYPEcmp CVE-2015-0286 ASN.1 structure reuse memory corruption CVE-2015-0287 PKCS7 NULL pointer dereferences CVE-2015-0289 Base64 decode CVE-2015-0292. OpenSSL...
django -- multiple vulnerabilities
The Django project reports: In accordance with our security release policy, the Django team is issuing multiple releases -- Django 1.4.20, 1.6.11, 1.7.7 and 1.8c1. These releases are now available on PyPI and our download page. These releases address several security issues detailed below. We...
libzip -- integer overflow
libzip developers report: Avoid integer overflow. Fixed similarly to patch used in PHP copy of libzip...
libXfont -- BDF parsing issues
Alan Coopersmith reports: Ilja van Sprundel, a security researcher with IOActive, has discovered an issue in the parsing of BDF font files by libXfont. Additional testing by Alan Coopersmith and William Robinet with the American Fuzzy Lop afl tool uncovered two more issues in the parsing of BDF...
osc -- shell command injection via crafted _service files
SUSE Security Update reports: osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a service file...
libuv -- incorrect revocation order while relinquishing privileges
Nodejs releases reports: CVE-2015-0278 This may potentially allow an attacker to gain elevated privileges...
xen-tools -- HVM qemu unexpectedly enabling emulated VGA graphics backends
The Xen Project reports: When instantiating an emulated VGA device for an x86 HVM guest qemu will by default enable a backend to expose that device, either SDL or VNC depending on the version of qemu and the build time configuration. The libxl toolstack library does not explicitly disable these...
ffmpeg -- multiple vulnerabilities
Please reference CVE/URL list for details...
Adobe Flash Player -- critical vulnerabilities
Adobe reports: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. These updates resolve memory corruption vulnerabilities that could lea...