rest-client -- plaintext password disclosure

The open sourced vulnerability database reports: REST Client for Ruby contains a flaw that is due to the application logging password information in plaintext. This may allow a local attacker to gain access to password information...

chicken -- buffer overrun in substring-index[-ci]

chicken developer Moritz Heidkamp reports: The substring-index-ci procedures of the data-structures unit are vulnerable to a buffer overrun attack when passed an integer greater than zero as the optional START argument. As a work-around you can switch to SRFI 13's string-contains procedure which...

asterisk -- Mitigation for libcURL HTTP request injection vulnerability

The Asterisk project reports: CVE-2014-8150 reported an HTTP request injection vulnerability in libcURL. Asterisk uses libcURL in its funccurl.so module the CURL dialplan function, as well as its resconfigcurl.so cURL realtime backend modules. Since Asterisk may be configured to allow for...

privoxy -- multiple vulnerabilities

Privoxy Developers reports: Fixed a memory leak when rejecting client connections due to the socket limit being reached CID 66382. This affected Privoxy 3.0.21 when compiled with IPv6 support on most platforms this is the default. Fixed an immediate-use-after-free bug CID 66394 and two additional...

kde-runtime -- incorrect CBC encryption handling

Valentin Rusu reports: Until KDE Applications 14.12.0, kwalletd incorrectly handled CBC encryption blocks when encrypting secrets in kwl files. The secrets were still encrypted, but the result binary data corresponded to an ECB encrypted block instead of CBC. The ECB encryption algorithm, even if...

rabbitmq -- Security issues in management plugin

The RabbitMQ project reports: Some user-controllable content was not properly HTML-escaped before being presented to a user in the management web UI: When a user unqueued a message from the management UI, message details header names, arguments, etc. were displayed unescaped. An attacker could...

LibreSSL -- DTLS vulnerability

OpenSSL Security Advisory: A memory leak can occur in the dtls1bufferrecord function under certain conditions. In particular this could occur if an attacker sent repeated DTLS records with the same sequence number but for the next epoch. The memory leak could be exploited by an attacker in a Deni...

OpenSSL -- multiple vulnerabilities

OpenSSL project reports: DTLS segmentation fault in dtls1getrecord CVE-2014-3571 DTLS memory leak in dtls1bufferrecord CVE-2015-0206 no-ssl3 configuration sets method to NULL CVE-2014-3569 ECDHE silently downgrades to ECDH Client CVE-2014-3572 RSA silently downgrades to EXPORTRSA Client...

WebKit-gtk -- Multiple vulnerabilities

Webkit release team reports: This release fixes the following security issues: CVE-2014-1344, CVE-2014-1384, CVE-2014-1385, CVE-2014-1386, CVE-2014-1387, CVE-2014-1388, CVE-2014-1389, CVE-2014-1390...

Dulwich -- Remote code execution

MITRE reports: Buffer overflow in the C implementation of the applydelta function in pack.c in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a crafted pack file...

asterisk -- File descriptor leak when incompatible codecs are offered

The Asterisk project reports: Asterisk may be configured to only allow specific audio or video codecs to be used when communicating with a particular endpoint. When an endpoint sends an SDP offer that only lists codecs not allowed by Asterisk, the offer is rejected. However, in this case, RTP por...

p7zip -- directory traversal vulnerability

Alexander Cherepanov reports: 7z and 7zr is susceptible to a directory traversal vulnerability. While extracting an archive, it will extract symlinks and then follow them if they are referenced in further entries. This can be exploited by a rogue archive to write files outside the current directo...

libevent -- integer overflow in evbuffers

Debian Security Team reports: Andrew Bartlett of Catalyst reported a defect affecting certain applications using the Libevent evbuffer API. This defect leaves applications which pass insanely large inputs to evbuffers open to a possible heap overflow or infinite loop. In order to exploit this fla...

cURL -- URL request injection vulnerability

cURL reports: When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. If the given URL contains line feeds and carriage returns those will be sent along to the proxy too, which allows the program to for example send a separate HTTP...

png -- heap overflow for 32-bit builds

32-bit builds of PNG library are vulnerable to an unsigned integer overflow that is triggered by a crafted wide interlaced images. Overflow results in a heap corruption that will crash the application and may lead to the controlled overwrite of a selected portions of process address space...

ffmpeg -- use-after-free

NVD reports: Use-after-free vulnerability in the ffh264freetables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element tha...

git -- Arbitrary command execution on case-insensitive filesystems

The Git Project reports: When using a case-insensitive filesystem an attacker can craft a malicious Git tree that will cause Git to overwrite its own .git/config file when cloning or checking out a repository, leading to arbitrary command execution in the client machine. If you are a hosting...

ntp -- multiple vulnerabilities

CERT reports: The Network Time Protocol NTP provides networked systems with a way to synchronize time for various services and applications. ntpd version 4.2.7 and previous versions allow attackers to overflow several buffers in a way that may allow malicious code to be executed. ntp-keygen prior...

otrs -- Incomplete Access Control

The OTRS project reports: An attacker with valid OTRS credentials could access and manipulate ticket data of other users via the GenericInterface, if a ticket webservice is configured and not additionally secured...

file -- multiple vulnerabilities

RedHat reports: Thomas Jarosch of Intra2net AG reported a number of denial of service issues resource consumption in the ELF parser used by file1. These issues were fixed in the 5.21 release of file1, but by mistake are missing from the changelog...

subversion -- DoS vulnerabilities

Subversion Project reports: Subversion's moddavsvn Apache HTTPD server module will crash when it receives a REPORT request for some invalid formatted special URIs. Subversion's moddavsvn Apache HTTPD server module will crash when it receives a request for some invalid formatted special URIs. We...

libmspack -- frame_end overflow which could cause infinite loop

There is a denial of service vulnerability in libmspack. The libmspack code is built into cabextract, so it is also vulnerable. MITRE reports: Integer overflow in the qtmddecompress function in libmspack 0.4 allows remote attackers to cause a denial of service hang via a crafted CAB file, which...

FreeBSD -- Buffer overflow in stdio

Problem Description: A programming error in the standard I/O library's sflush function could erroneously adjust the buffered stream's internal state even when no write actually occurred in the case when write2 system call returns an error. Impact: The accounting mismatch would accumulate, if the...

jasper -- multiple vulnerabilities

oCERT reports: The library is affected by a double-free vulnerability in function jasiccattrvaldestroy as well as a heap-based buffer overflow in function jp2decode. A specially crafted jp2 file can be used to trigger the vulnerabilities. oCERT reports: The library is affected by an off-by-one...

xserver -- multiple issue with X client request handling

Alan Coopersmith reports: Ilja van Sprundel, a security researcher with IOActive, has discovered a large number of issues in the way the X server code base handles requests from X clients, and has worked with X.Org's security team to analyze, confirm, and fix these issues. The vulnerabilities cou...

GNU binutils -- multiple vulnerabilities

US-CERT/NIST reports: The bfdXXiswapaouthdrin function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service out-of-bounds write and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE...

unbound -- can be tricked into following an endless series of delegations, this consumes a lot of resources

Unbound developer reports: The resolver can be tricked into following an endless series of delegations, this consumes a lot of resources...

bind -- denial of service vulnerability

ISC reports: We have today posted updated versions of 9.9.6 and 9.10.1 to address a significant security vulnerability in DNS resolution. The flaw was discovered by Florian Maury of ANSSI, and applies to any recursive resolver that does not support a limit on the number of recursions...

freetype -- Out of bounds stack-based read/write

Werner LEMBERG reports: The fix for CVE-2014-2240 was not 100% complete to fix the issue from the CVE completly...

libzmq4 -- V3 protocol handler vulnerable to downgrade attacks

Pieter Hintjens reports: It is easy to bypass the security mechanism in 4.1.0 and 4.0.5 by sending a ZMTP v2 or earlier header. The library accepts such connections without applying its security mechanism...

NVIDIA UNIX driver -- remote denial of service or arbitrary code execution

NVIDIA Unix security team reports: The GLX indirect rendering support supplied on NVIDIA products is subject to the recently disclosed X.Org vulnerabilities CVE-2014-8093, CVE-2014-8098 as well as internally identified vulnerabilities CVE-2014-8298. Depending on how it is configured, the X server...

phpMyAdmin -- XSS and DoS vulnerabilities

The phpMyAdmin development team reports: DoS vulnerability with long passwords. With very long passwords it was possible to initiate a denial of service attack on phpMyAdmin. We consider this vulnerability to be serious. This vulnerability can be mitigated by configuring throttling in the...

unzip -- input sanitization errors

oCERT reports: The UnZip tool is an open source extraction utility for archives compressed in the zip format. The unzip command line tool is affected by heap-based buffer overflows within the CRC32 verification, the testcompreb and the getZip64Data functions. The input errors may result in...

OpenVPN -- denial of service security vulnerability

The OpenVPN project reports: In late November 2014 Dragana Damjanovic notified OpenVPN developers of a critical denial of service security vulnerability CVE-2014-8104. The vulnerability allows an tls-authenticated client to crash the server by sending a too-short control channel packet to the...

mozilla -- multiple vulnerabilities

The Mozilla Project reports: ASN.1 DER decoding of lengths is too permissive, allowing undetected smuggling of arbitrary data MFSA-2014-90 Apple CoreGraphics framework on OS X 10.10 logging input data to /tmp directory MFSA-2014-89 Bad casting from the BasicThebesLayer to BasicContainerLayer...

mutt -- denial of service via crafted mail message

NVD reports: The writeoneheader function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service crash via a header with an empty body, which triggers a heap-based buffer overflow in the muttsubstrdup...

flac -- Multiple vulnerabilities

Erik de Castro Lopo reports: Google Security Team member, Michele Spagnuolo, recently found two potential problems in the FLAC code base. They are: CVE-2014-9028: Heap buffer write overflow. CVE-2014-8962: Heap buffer read overflow...

wordpress -- multiple vulnerabilities

MITRE reports: wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message. wp-includes/http.php in WordPress before 3.7.5, 3.8...

graphviz -- format string vulnerability

Joshua Rogers reports: A format string vulnerability has been found in graphviz'...

Python -- HTTP Header Injection in Python urllib

Guido Vranken reports: HTTP header injection in urrlib2/urllib/httplib/http.client with newlines in header values, where newlines have a semantic consequence of denoting the start of an additional header line...

cacti -- multiple security vulnerabilities

The Cacti Group, Inc. reports: Important Security Fixes CVE-2013-5588 - XSS issue via installer or device editing CVE-2013-5589 - SQL injection vulnerability in device editing CVE-2014-2326 - XSS issue via CDEF editing CVE-2014-2327 - Cross-site request forgery CSRF vulnerability CVE-2014-2328 -...

asterisk -- Multiple vulnerabilities

The Asterisk project reports: AST-2014-014 - High call load may result in hung channels in ConfBridge. AST-2014-017 - Permission escalation through ConfBridge actions/dialplan functions...

asterisk -- Multiple vulnerabilities

The Asterisk project reports: AST-2014-012 - Mixed IP address families in access control lists may permit unwanted traffic. AST-2014-018 - AMI permission escalation through DB dialplan function...

sox -- input sanitization errors

oCERT reports: The sox command line tool is affected by two heap-based buffer overflows, respectively located in functions startread and AdpcmReadBlock. A specially crafted wav file can be used to trigger the vulnerabilities...

phpMyAdmin -- XSS and information disclosure vulnerabilities

The phpMyAdmin development team reports: With a crafted database, table or column name it is possible to trigger an XSS attack in the table browse page. With a crafted ENUM value it is possible to trigger XSS attacks in the table print view and zoom search pages. With a crafted value for font siz...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 42 security fixes in this release, including: 389734 High CVE-2014-7899: Address bar spoofing. Credit to Eli Grey. 406868 High CVE-2014-7900: Use-after-free in pdfium. Credit to Atte Kettunen from OUSPG. 413375 High CVE-2014-7901: Integer overflow in pdfium. Credit...

kwebkitpart, kde-runtime -- insufficient input validation

Albert Aastals Cid reports: kwebkitpart and the bookmarks:// io slave were not sanitizing input correctly allowing to some javascript being executed on the context of the referenced hostname. Whilst in most cases, the JavaScript will be executed in an untrusted context, with the bookmarks IO slav...

dbus -- incomplete fix for CVE-2014-3636 part A

Simon McVittie reports: The patch issued by the D-Bus maintainers for CVE-2014-3636 was based on incorrect reasoning, and does not fully prevent the attack described as "CVE-2014-3636 part A", which is repeated below. Preventing that attack requires raising the system dbus-daemon's RLIMITNOFILE...

kde-workspace -- privilege escalation

David Edmundson reports: KDE workspace configuration module for setting the date and time has a helper program which runs as root for performing actions. This is secured with polkit. This helper takes the name of the ntp utility to run as an argument. This allows a hacker to run any arbitrary...

Konversation -- out-of-bounds read on a heap-allocated array

Konversation developers report: Konversation's Blowfish ECB encryption support assumes incoming blocks to be the expected 12 bytes. The lack of a sanity-check for the actual size can cause a denial of service and an information leak to the local user...