6526 matches found
gnutls -- multiple certificate verification issues
GnuTLS project reports: A vulnerability was discovered that affects the certificate verification functions of all gnutls versions. A specially crafted certificate could bypass certificate validation checks. The vulnerability was discovered during an audit of GnuTLS for Red Hat. Suman Jana reporte...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 19 vulnerabilities fixed in this release, including: 344492 High CVE-2013-6663: Use-after-free in svg images. Credit to Atte Kettunen of OUSPG. 326854 High CVE-2013-6664: Use-after-free in speech recognition. Credit to Khalil Zhani. 337882 High CVE-2013-6665: Heap...
Joomla! -- Core - Multiple Vulnerabilities
The JSST and the Joomla! Security Center report: 20140301 - Core - SQL Injection Inadequate escaping leads to SQL injection vulnerability. 20140302 - Core - XSS Vulnerability Inadequate escaping leads to XSS vulnerability in comcontact. 20140303 - Core - XSS Vulnerability Inadequate escaping lead...
apache -- several vulnerabilities
Apache HTTP SERVER PROJECT reports: Clean up cookie logging with fewer redundant string parsing passes. Log only cookies with a value assignment. Prevents segfaults when logging truncated cookies. moddav: Keep track of length of cdata properly when removing leading spaces. Eliminates a potential...
otrs -- XSS Issue
The OTRS Project reports: An attacker could send a specially prepared HTML email to OTRS. If he can then trick an agent into following a special link to display this email, JavaScript code would be executed...
freetype2 -- Out of bounds read/write
Mateusz Jurczyk reports: Out of bounds stack-based read/write in cf2hintmapbuild. This is a critical vulnerability in the CFF Rasterizer code recently contributed by Adobe, leading to potential arbitrary code execution in the context of the FreeType2 library client...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 28 security fixes in this release, including: 334897 High CVE-2013-6652: Issue with relative paths in Windows sandbox named pipe policy. Credit to tyranid. 331790 High CVE-2013-6653: Use-after-free related to web contents. Credit to Khalil Zhani. 333176 High...
PostgreSQL -- multiple privilege issues
PostgreSQL Project reports: This update fixes CVE-2014-0060, in which PostgreSQL did not properly enforce the WITH ADMIN OPTION permission for ROLE management. Before this fix, any member of a ROLE was able to grant others access to the same ROLE regardless if the member was given the WITH ADMIN...
Icinga -- buffer overflow in classic web interface
The Icinga Team reports: Wrong strlen check against MAXINPUTBUFFER without taking '\0' into account...
file -- denial of service
The Fine Free file project reports: file before 5.17 allows context-dependent attackers to cause a denial of service infinite recursion, CPU consumption, and crash via a crafted indirect offset value in the magic of a file...
phpMyAdmin -- Self-XSS due to unescaped HTML output in import.
The phpMyAdmin development team reports: When importing a file with crafted filename, it is possible to trigger an XSS. We consider this vulnerability to be non critical...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory reports: This advisory announces multiple security vulnerabilities that were found in Jenkins core. Please reference CVE/URL list for details...
phpmyfaq -- multiple vulnerabilities
The phpMyFAQ team reports: An arbitrary script may be executed on the user's Internet Explorer when using an older version of the browser. If a user views a malicious page while logged in, settings may be changed unintentionally...
linux-flashplugin -- multiple vulnerabilities
Adobe reports: These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2014-01 Miscellaneous memory safety hazards rv:27.0 / rv:24.3 MFSA 2014-02 Clone protected content with XBL scopes MFSA 2014-03 UI selection timeout missing on download prompts MFSA 2014-04 Incorrect use of discarded images by RasterImage MFSA 2014-05 Information...
otrs -- multiple vulnerabilities
The OTRS Project reports: SQL injection issue An attacker that managed to take over the session of a logged in customer could create tickets and/or send follow-ups to existing tickets due to missing challenge token checks...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 14 security fixes in this release, including: 330420 High CVE-2013-6649: Use-after-free in SVG images. Credit to Atte Kettunen of OUSPG. 331444 High CVE-2013-6650: Memory corruption in V8. This issue was fixed in v8 version 3.22.24.16. Credit to Christian Holler...
rt42 -- denial-of-service attack via the email gateway
The RT development team reports: Versions of RT between 4.2.0 and 4.2.2 inclusive are vulnerable to a denial-of-service attack via the email gateway; any installation which accepts mail from untrusted sources is vulnerable, regardless of the permissions configuration inside RT. This vulnerability...
mumble -- NULL pointer dereference and heap-based buffer overflow
Mumble reports: A malformed Opus voice packet sent to a Mumble client could trigger a NULL pointer dereference or an out-of-bounds array access. A malformed Opus voice packet sent to a Mumble client could trigger a heap-based buffer overflow...
socat -- buffer overflow with data from command line
Florian Weimer of the Red Hat Product Security Team reports: Due to a missing check during assembly of the HTTP request line a long target server name in the PROXY-CONNECT address can cause a stack buffer overrun. Exploitation requires that the attacker is able to provide the target server name t...
virtualbox-ose -- local vulnerability
Oracle reports: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.22, and 4.3.6 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core...
FreeBSD -- bsnmpd remote denial of service vulnerability
Problem Description: The bsnmpd8 daemon is prone to a stack-based buffer-overflow when it has received a specifically crafted GETBULK PDU request. Impact: This issue could be exploited to execute arbitrary code in the context of the service daemon, or crash the service daemon, causing a...
Python -- buffer overflow in socket.recvfrom_into()
Vincent Danen via Red Hat Issue Tracker reports: A vulnerability was reported in Python's socket module, due to a boundary error within the sockrecvfrominto function, which could be exploited to cause a buffer overflow. This could be used to crash a Python application that uses the...
linux-flashplugin -- multiple vulnerabilities
Adobe reports: These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 11 security fixes in this release, including: 249502 High CVE-2013-6646: Use-after-free in web workers. Credit to Collin Payne. 326854 High CVE-2013-6641: Use-after-free related to forms. Credit to Atte Kettunen of OUSPG. 324969 High CVE-2013-6642: Address bar...
subversion -- mod_dav_svn vulnerability
Subversion Project reports: Subversion's moddavsvn Apache HTTPD server module will crash when it receives an OPTIONS request against the server root and Subversion is configured to handle the server root and SVNListParentPath is on. This can lead to a DoS. There are no known instances of this...
bind -- denial of service vulnerability
ISC reports: Because of a defect in handling queries for NSEC3-signed zones, BIND can crash with an "INSIST" failure in name.c when processing queries possessing certain properties. By exploiting this defect an attacker deliberately constructing a query with the right properties could achieve...
openssl -- multiple vulnerabilities
OpenSSL development team reports: Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f 6 Jan 2014: Fix for TLS record tampering bug CVE-2013-4353 Fix for TLS version checking bug CVE-2013-6449 Fix for DTLS retransmission bug CVE-2013-6450...
HTMLDOC -- buffer overflow issues when reading AFM files and parsing page sizes
Michael Sweet reports: HTMLDOC 1.8.28 fixes some known security issues and formatting bugs. Changes include: SECURITY: Fixed three buffer overflow issues when reading AFM files and parsing page sizes...
ntpd DRDoS / Amplification Attack using ntpdc monlist command
ntp.org reports: Unrestricted access to the monlist feature in ntprequest.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service traffic amplification via forged 1 REQMONGETLIST or 2 REQMONGETLIST1 requests, as exploited in the wild in December 2013 Use noquery to...
libXfont -- Stack buffer overflow in parsing of BDF font files in libXfont
freedesktop.org reports: A BDF font file containing a longer than expected string can cause a buffer overflow on the stack. Testing in X servers built with Stack Protector restulted in an immediate crash when reading a user-proveded specially crafted font. As libXfont is used to read user-specifi...
wemux -- read-only can be bypassed
JonApps reports: The read-only mode can be bypassed and any command sent to bash session...
imlib2 -- denial of service vulnerabilities
Enlightenment reports: GIF loader: Fix segv on images without colormap Prevent division-by-zero crashes. Fix segfault when opening input/queue/id:000007,src:000000,op:flip1,pos:51 with feh...
file -- out-of-bounds access in search rules with offsets from input file
Aaron Reffett reports: softmagic.c in file ... and libmagic allows context-dependent attackers to cause a denial of service out-of-bounds memory access and crash via crafted offsets in the softmagic of a PE executable...
nagios -- denial of service vulnerability
Eric Stanley reports: Most CGIs previously incremented the input variable counter twice when it encountered a long key value. This could cause the CGI to read past the end of the list of CGI variables...
OpenX -- SQL injection vulnerability
Revive reports: An SQL-injection vulnerability was recently discovered and reported to the Revive Adserver team by Florian Sander. The vulnerability is known to be already exploited to gain unauthorised access to the application using brute force mechanisms, however other kind of attacks might be...
gnupg -- RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis attack
Werner Koch reports: CVE-2013-4576 has been assigned to this security bug. The paper describes two attacks. The first attack allows to distinguish keys: An attacker is able to notice which key is currently used for decryption. This is in general not a problem but may be used to reveal the...
cURL library -- cert name check ignore with GnuTLS
cURL project reports: libcurl is vulnerable to a case of missing out the checking of the certificate CN or SAN name field when the digital signature verification is turned off. libcurl offers two separate and independent options for verifying a server's TLS certificate. CURLOPTSSLVERIFYPEER and...
asterisk -- multiple vulnerabilities
The Asterisk project reports: A 16 bit SMS message that contains an odd message length value will cause the message decoding loop to run forever. The message buffer is not on the stack but will be overflowed resulting in corrupted memory and an immediate crash. External control protocols, such as...
PHP5 -- memory corruption in openssl_x509_parse()
Stefan Esser reports: The PHP function opensslx509parse uses a helper function called asn1timetotimet to convert timestamps from ASN1 string format into integer timestamp values. The parser within this helper function is not binary safe and can therefore be tricked to write up to five NUL bytes...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2013-116 JPEG information leak MFSA 2013-105 Application Installation doorhanger persists on navigation MFSA 2013-106 Character encoding cross-origin XSS attack MFSA 2013-107 Sandbox restrictions not applied to nested object elements MFSA 2013-108 Use-after-free ...
qt4-xml -- XML Entity Expansion Denial of Service
Richard J. Moore reports: QXmlSimpleReader in Qt versions prior to 5.2 supports expansion of internal entities in XML documents without placing restrictions to ensure the document does not cause excessive memory usage. If an application using this API processes untrusted data then the application...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 15 security fixes in this release, including: 307159 Medium CVE-2013-6634: Session fixation in sync related to 302 redirects. Credit to Andrey Labunets. 314469 High CVE-2013-6635: Use-after-free in editing. Credit to cloudfuzzer. 322959 Medium CVE-2013-6636: Addres...
rails -- multiple vulnerabilities
Rails weblog: Rails 3.2.16 and 4.0.2 have been released! These two releases contain important security fixes, so please upgrade as soon as possible! In order to make upgrading as smooth as possible, we've only included commits directly related to each security issue. The security fixes in 3.2.16...
zabbix -- shell command injection vulnerability
Recurity Labs Team project reports: Zabbix agent is vulnerable to remote command execution from the Zabbix server in some cases...
libxml2 -- entity substitution DoS
Stefan Cornelius reports: It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substitution in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a...
redis -- sensitive information leak through command history file
Redis team reports: The redis-cli history file in linenoise is created with the default OS umask value which makes it world readable in most systems and could potentially expose authentication credentials to other users...
lighttpd -- multiple vulnerabilities
lighttpd security advisories report: It is possible to inadvertantly enable vulnerable ciphers when using ssl.cipher-list. In certain cases setuid and similar can fail, potentially triggering lighttpd to restart running as root. If FAMMonitorDirectory fails, the memory intended to store the conte...
OpenTTD -- Denial of service using forcefully crashed aircrafts
The OpenTTD Team reports: The problem is caused by incorrectly handling the fact that the aircraft circling the corner airport will be outside of the bounds of the map. In the 'out of fuel' crash code the height of the tile under the aircraft is determined. In this case that means a tile outside ...
phpmyfaq -- arbitrary PHP code execution vulnerability
The phpMyFAQ team reports: Secunia noticed while analysing the advisory that authenticated users with "Right to add attachments" are able to exploit an already publicly known issue in the bundled Ajax File Manager of phpMyFAQ version 2.8.3, which leads to arbitrary PHP code execution for...