6585 matches found
phpMyAdmin -- two XSS vulnerabilities due to unescaped db/table names
The phpMyAdmin development team reports: Self-XSS due to unescaped HTML output in recent/favorite tables navigation. When marking a crafted database or table name as favorite or having it in recent tables, it is possible to trigger an XSS. This vulnerability can be triggered only by someone who...
kdelibs4 -- KMail/KIO POP3 SSL Man-in-the-middle Flaw
Richard J. Moore reports: The POP3 kioslave used by KMail will accept invalid certificates without presenting a dialog to the user due a bug that leads to an inability to display the dialog combined with an error in the way the result is checked. This flaw allows an active attacker to perform MIT...
iodined -- authentication bypass
Erik Ekman of the iodine project reports: The client could bypass the password check by continuing after getting error from the server and guessing the network parameters. The server would still accept the rest of the setup and also network traffic...
asterisk -- multiple vulnerabilities
The Asterisk project reports: Asterisk Manager User Unauthorized Shell Access. Manager users can execute arbitrary shell commands with the MixMonitor manager action. Asterisk does not require system class authorization for a manager user to use the MixMonitor action, so any manager user who is...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 4 security fixes in this release, including: 369525 High CVE-2014-3154: Use-after-free in filesystem api. Credit to Collin Payne. 369539 High CVE-2014-3155: Out-if-bounds read in SPDY. Credit to James March, Daniel Sommermann and Alan Frindell of Facebook. 369621...
dbus -- local DoS
Simon MvVittie reports: Alban Crequy at Collabora Ltd. discovered and fixed a denial-of-service flaw in dbus-daemon, part of the reference implementation of D-Bus. Additionally, in highly unusual environments the same flaw could lead to a side channel between processes that should not be able to...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2014-48 Miscellaneous memory safety hazards rv:30.0 / rv:24.6 MFSA 2014-49 Use-after-free and out of bounds issues found using Address Sanitizer MFSA 2014-51 Use-after-free in Event Listener Manager MFSA 2014-52 Use-after-free with SMIL Animation Controller MFSA...
file -- buffer overruns and missing buffer size tests
Christos Zoulas reports: A specially crafted file can cause a segmentation fault...
OpenSSL -- multiple vulnerabilities
The OpenSSL Project reports: An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle MITM attack where the attacker can decrypt and modify traffic from the attacked client and...
codeigniter -- multiple vulnerabilities
The CodeIgniter changelog reports: Security: The xorencode method in the Encrypt Class has been removed. The Encrypt Class now requires the Mcrypt extension to be installed. Security: The Session Library now uses HMAC authentication instead of a simple MD5 checksum...
FreeBSD -- sendmail improper close-on-exec flag handling
Problem Description: There is a programming error in sendmail8 that prevented open file descriptors have close-on-exec properly set. Consequently a subprocess will be able to access all open files that the parent process have open. Impact: A local user who can execute their own program for mail...
FreeBSD -- Incorrect error handling in PAM policy parser
Problem Description: The OpenPAM library searches for policy definitions in several locations. While doing so, the absence of a policy file is a soft failure handled by searching in the next location while the presence of an invalid file is a hard failure handled by returning an error to the...
FreeBSD -- ktrace kernel memory disclosure
Problem Description: Due to an overlooked merge to -STABLE branches, the size for page fault kernel trace entries was set incorrectly. Impact: A user who can enable kernel process tracing could end up reading the contents of kernel memory. Such memory might contain sensitive information, such as...
tomcat -- multiple vulnerabilities
Tomcat Security Team reports: Tomcat does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference,...
elasticsearch and logstash -- remote OS command execution via dynamic scripting
Elastic reports: Vulnerability Summary: In Elasticsearch versions 1.1.x and prior, dynamic scripting is enabled by default. This could allow an attacker to execute OS commands. Remediation Summary: Disable dynamic scripting. Logstash 1.4.2 was bundled with Elasticsearch 1.1.1, which is vulnerable...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 23 security fixes in this release, including: 356653 High CVE-2014-1743: Use-after-free in styles. Credit to cloudfuzzer. 359454 High CVE-2014-1744: Integer overflow in audio. Credit to Aaron Staple. 346192 High CVE-2014-1745: Use-after-free in SVG. Credit to Atte...
gnutls -- client-side memory corruption
GnuTLS project reports: This vulnerability affects the client side of the gnutls library. A server that sends a specially crafted ServerHello could corrupt the memory of a requesting client...
gnutls -- client-side memory corruption
GnuTLS project reports: This vulnerability affects the client side of the gnutls library. A server that sends a specially crafted ServerHello could corrupt the memory of a requesting client...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 3 security fixes in this release: 358038 High CVE-2014-1740: Use-after-free in WebSockets. Credit to Collin Payne. 349898 High CVE-2014-1741: Integer overflow in DOM ranges. Credit to John Butler. 356690 High CVE-2014-1742: Use-after-free in editing. Credit to...
libXfont -- X Font Service Protocol and Font metadata file handling issues
Alan Coopersmith reports: Ilja van Sprundel, a security researcher with IOActive, has discovered several issues in the way the libXfont library handles the responses it receives from xfs servers, and has worked with X.Org's security team to analyze, confirm, and fix these issues. Most of these...
foreman-proxy SSL verification issue
Foreman Security reports: The smart proxy when running in an SSL-secured mode permits incoming API calls to any endpoint without requiring, or performing any verification of an SSL client certificate. This permits any client with access to the API to make requests and perform actions permitting...
OpenSSL -- NULL pointer dereference / DoS
OpenBSD and David Ramos reports: Applications that use SSLMODERELEASEBUFFERS, such as nginx/apache, are prone to a race condition which may allow a remote attacker to crash the current service...
FreeBSD -- TCP reassembly vulnerability
Problem Description: FreeBSD may add a reassemble queue entry on the stack into the segment list when the reassembly queue reaches its limit. The memory from the stack is undefined after the function returns. Subsequent iterations of the reassembly function will attempt to access this entry...
FreeBSD -- devfs rules not applied by default for jails
Problem Description: The default devfs rulesets are not loaded on boot, even when jails are used. Device nodes will be created in the jail with their normal default access permissions, while most of them should be hidden and inaccessible. Impact: Jailed processes can get access to restricted...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2014-34 Miscellaneous memory safety hazards rv:29.0 / rv:24.5 MFSA 2014-35 Privilege escalation through Mozilla Maintenance Service Installer MFSA 2014-36 Web Audio memory corruption issues MFSA 2014-37 Out of bounds read while decoding JPG images MFSA 2014-38...
chromium -- multiple vulnerabilities
Google Chrome Releases reports belatedly: 9 security fixes in this release, including: 354967 High CVE-2014-1730: Type confusion in V8. Credit to Anonymous. 349903 High CVE-2014-1731: Type confusion in DOM. Credit to John Butler. 359802 High CVE-2014-1736: Integer overflow in V8. Credit to SkyLin...
qt4-imageformats, qt5-gui -- DoS vulnerability in the GIF image handler
Richard J. Moore reports: The builtin GIF decoder in QtGui prior to Qt 5.3 contained a bug that would lead to a null pointer dereference when loading certain hand crafted corrupt GIF files. This in turn would cause the application loading these hand crafted GIFs to crash...
django -- multiple vulnerabilities
The Django project reports: These releases address an unexpected code-execution issue, a caching issue which can expose CSRF tokens and a MySQL typecasting issue. While these issues present limited risk and may not affect all Django users, we encourage all users to evaluate their own risk and...
bugzilla -- Social Engineering
A Bugzilla Security Advisory reports: Dangerous control characters can be inserted into Bugzilla, notably into bug comments. If the text, which may look safe, is copied into a terminal such as xterm or gnome-terminal, then unexpected commands could be executed on the local machine...
bugzilla -- Cross-Site Request Forgery
A Bugzilla Security Advisory reports: The login form had no CSRF protection, meaning that an attacker could force the victim to log in using the attacker's credentials. If the victim then reports a new security sensitive bug, the attacker would get immediate access to this bug. Due to changes...
mumble -- multiple vulnerabilities
Mumble reports: SVG images with local file references could trigger client DoS The Mumble client did not properly HTML-escape some external strings before using them in a rich-text HTML context...
pivotx -- Multiple unrestricted file upload vulnerabilities
Pivotx reports: Multiple unrestricted file upload vulnerabilities in fileupload.php in PivotX before 2.3.9 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a 1 .php or 2 .php extension, and then accessing it via unspecified vectors...
pivotx -- cross-site scripting (XSS) vulnerability
pivotx reports: cross-site scripting XSS vulnerability in the nickname and possibly the email field. Mitigated by the fact that an attacker must have a PivotX account...
botan -- cryptographic vulnerability
MITRE reports: The Miller-Rabin primality check in Botan before 1.10.8 and 1.11.x before 1.11.9 improperly uses a single random base, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a DH group...
mohawk -- multiple vulnerabilities
The mohawk project reports: Segfault when parsing malformed / unescaped url, coredump when setting syslog facility...
openafs -- Denial of Service
The OpenAFS development team reports: An attacker with the ability to connect to an OpenAFS fileserver can trigger a buffer overflow, crashing the server. The buffer overflow can be triggered by sending an unauthenticated request for file server statistical information. Clients are not affected...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 31 vulnerabilities fixed in this release, including: 354123 High CVE-2014-1716: UXSS in V8. Credit to Anonymous. 353004 High CVE-2014-1717: OOB access in V8. Credit to Anonymous. 348332 High CVE-2014-1718: Integer overflow in compositor. Credit to Aaron Staple...
FreeBSD -- Deadlock in the NFS server
Problem Description: The kernel holds a lock over the source directory vnode while trying to convert the target directory file handle to a vnode, which needs to be returned with the lock held, too. This order may be in violation of normal lock order, which in conjunction with other threads that...
OpenSSL -- Remote Information Disclosure
OpenSSL Reports: A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server. Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately upgrade can alternatively recompile OpenSSL with...
OpenSSL -- Local Information Disclosure
OpenSSL reports: A flaw in the implementation of Montgomery Ladder Approach would create a side-channel that leaks sensitive timing information. A local attacker might be able to snoop a signing process and might recover the signing key from it...
otrs -- Clickjacking issue
The OTRS Project reports: An attacker could embed OTRS in a hidden iframe tag of another page, tricking the user into clicking links in OTRS...
redmine -- open redirect vulnerability
Redmine reports: Open Redirect vulnerability...
postfixadmin -- SQL injection vulnerability
Thijs Kinkhorst reports: Postfixadmin has an SQL injection vulnerability. This vulnerability is only exploitable by authenticated users able to create new aliases...
mail/trojita -- may leak mail contents (not user credentials) over unencrypted connection
Jan Kundrát reports: An SSL stripping vulnerability was discovered in Trojitá, a fast Qt IMAP e-mail client. User's credentials are never leaked, but if a user tries to send an e-mail, the automatic saving into the "sent" or "draft" folders could happen over a plaintext connection even if the...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2014-15 Miscellaneous memory safety hazards rv:28.0 / rv:24.4 MFSA 2014-16 Files extracted during updates are not always read only MFSA 2014-17 Out of bounds read during WAV file decoding MFSA 2014-18 crypto.generateCRMFRequest does not validate type of key MFSA...
nginx-devel -- SPDY heap buffer overflow
The nginx project reports: A bug in the experimental SPDY implementation in nginx was found, which might allow an attacker to cause a heap memory buffer overflow in a worker process by using a specially crafted request, potentially resulting in arbitrary code execution CVE-2014-0133. The problem...
nginx -- SPDY heap buffer overflow
The nginx project reports: A bug in the experimental SPDY implementation in nginx was found, which might allow an attacker to cause a heap memory buffer overflow in a worker process by using a specially crafted request, potentially resulting in arbitrary code execution CVE-2014-0133. The problem...
www/chromium -- multiple vulnerabilities
Google Chrome Releases reports: New vulnerabilities after the Pwn2Own competition: 352369 Code execution outside sandbox. Credit to VUPEN. 352374 High CVE-2014-1713: Use-after-free in Blink bindings 352395 High CVE-2014-1714: Windows clipboard vulnerability 352420 Code execution outside sandbox...
linux-flashplugin -- multiple vulnerabilities
Adobe reports: These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system...
mutt -- denial of service, potential remote code execution
Beatrice Torracca and Evgeni Golov report: A buffer overflow has been discovered that could result in denial of service or potential execution of arbitrary code. This condition can be triggered by malformed RFC2047 header lines...