otrs -- information disclosure

The OTRS Project reports: An attacker with a valid agent login could manipulate URLs in the ticket split mechanism to see contents of tickets and they are not permitted to see...

PHP5 -- Integer overflow in Calendar module

The PHP development team reports: Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service application hang via a large argument to the jdtojewish function...

RT -- multiple vulnerabilities

Thomas Sibley reports: We discovered a number of security vulnerabilities which affect both RT 3.8.x and RT 4.0.x. We are releasing RT versions 3.8.17 and 4.0.13 to resolve these vulnerabilities, as well as patches which apply atop all released versions of 3.8 and 4.0. The vulnerabilities address...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 235638 High CVE-2013-2837: Use-after-free in SVG. Credit to Slawomir Blazek. 235311 Medium CVE-2013-2838: Out-of-bounds read in v8. Credit to Christian Holler. 230176 High CVE-2013-2839: Bad cast in clipboard handling. Credit to Jon of MWR InfoSecurity. 230117 High...

suPHP -- Privilege escalation

suPHP developer Sebastian Marsching reports: When the suPHPPHPPath was set, modsuphp would use the specified PHP executable to pretty-print PHP source files MIME type x-httpd-php-source or application/x-httpd-php-source. However, it would not sanitize the environment. Thus a user that was allowed...

ruby -- Object taint bypassing in DL and Fiddle in Ruby

Ruby Developers report: There is a vulnerability in DL and Fiddle in Ruby where tainted strings can be used by system calls regardless of the $SAFE level set in Ruby. Native functions exposed to Ruby with DL or Fiddle do not check the taint values set on the objects passed in. This can result in...

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2013-41 Miscellaneous memory safety hazards rv:21.0 / rv:17.0.6 MFSA 2013-42 Privileged access for content level constructor MFSA 2013-43 File input control has access to full path MFSA 2013-44 Local privilege escalation through Mozilla Maintenance Service MFSA...

owncloud -- Multiple security vulnerabilities

The ownCloud development team reports: oC-SA-2013-019 / CVE-2013-2045: Multiple SQL Injections. Credit to Mateusz Goik aliantsoft.pl. oC-SA-2013-020 / CVE-2013-2039,2085: Multiple directory traversals. Credit to Mateusz Goik aliantsoft.pl. oC-SQ-2013-021 / CVE-2013-2040-2042: Multiple XSS...

linux-flashplugin -- multiple vulnerabilities

Adobe reports: These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system...

krb5 -- UDP ping-pong vulnerability in the kpasswd (password changing) service. [CVE-2002-2443]

No advisory has been released yet. schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 aka krb5 before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service CPU and bandwidth consumption via a forged packet that...

dropbear -- exposure of sensitive information, DoS

The Dropbear project reports: A weakness and a vulnerability have been reported in Dropbear SSH Server, which can be exploited by malicious people to disclose certain sensitive information and cause a DoS...

nginx -- multiple vulnerabilities

The nginx project reports: A stack-based buffer overflow might occur in a worker process process while handling a specially crafted request, potentially resulting in arbitrary code execution. CVE-2013-2028 A security problem related to CVE-2013-2028 was identified, affecting some previous nginx...

jenkins -- multiple vulnerabilities

Jenkins Security Advisory reports: This advisory announces multiple security vulnerabilities that were found in Jenkins core. SECURITY-63 / CVE-2013-2034 This creates a cross-site request forgery CSRF vulnerability on Jenkins master, where an anonymous attacker can trick an administrator to execu...

strongSwan -- ECDSA signature verification issue

strongSwan security team reports: If the openssl plugin is used for ECDSA signature verification an empty, zeroed or otherwise invalid signature is handled as a legitimate one. Both IKEv1 and IKEv2 are affected. Affected are only installations that have enabled and loaded the OpenSSL crypto backe...

Joomla! -- XXS and DDoS vulnerabilities

The JSST and the Joomla! Security Center report: 20130405 - Core - XSS Vulnerability Inadequate filtering leads to XSS vulnerability in Voting plugin. 20130403 - Core - XSS Vulnerability Inadequate filtering allows possibility of XSS exploit in some circumstances. 20130402 - Core - Information...

phpMyAdmin -- Multiple security vulnerabilities

The phpMyAdmin development team reports: In some PHP versions, the pregreplace function can be tricked into executing arbitrary PHP code on the server. This is done by passing a crafted argument as the regular expression, containing a null byte. phpMyAdmin does not correctly sanitize an argument...

FreeBSD -- NFS remote denial of service

Insufficient input validation in the NFS server allows an attacker to cause the underlying file system to treat a regular file as a directory...

phpMyAdmin -- XSS due to unescaped HTML output in GIS visualisation page

The phpMyAdmin development team reports: When modifying a URL parameter with a crafted value it is possible to trigger an XSS. These XSS can only be triggered when a valid database is known and when a valid cookie token is used...

sieve-connect -- TLS hostname verification was not occurring

sieve-connect developer Phil Pennock reports: sieve-connect was not actually verifying TLS certificate identities matched the expected hostname...

libxml2 -- lack of end-of-document check DoS

CVE MITRE reports: parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service out-of-bounds read via a document that ends abruptly, related to the lack of certain checks for the XMLPARSEREOF state...

linux-flashplugin -- multiple vulnerabilities

Adobe reports: These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system...

Subversion -- multiple vulnerabilities

Subversion team reports: Subversion's moddavsvn Apache HTTPD server module will use excessive amounts of memory when a large number of properties are set or deleted on a node. Subversion's moddavsvn Apache HTTPD server module will crash when a LOCK request is made against activity URLs...

opera -- moderately severe issue

Opera reports: Fixed a moderately severe issue, as reported by Attila Suszte...

PostgreSQL -- anonymous remote access data corruption vulnerability

PostgreSQL project reports: The PostgreSQL Global Development Group has released a security update to all current versions of the PostgreSQL database system, including versions 9.2.4, 9.1.9, 9.0.13, and 8.4.17. This update fixes a high-exposure security vulnerability in versions 9.0 and later. Al...

FreeBSD -- BIND remote denial of service

A flaw in a library used by BIND allows an attacker to deliberately cause excessive memory consumption by the named8 process. This affects both recursive and authoritative servers...

ModSecurity -- XML External Entity Processing Vulnerability

Positive Technologies has reported a vulnerability in ModSecurity, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS Denial Of Serice. The vulnerability is caused due to an error when parsing external XML entities and can be exploited to e.g...

FreeBSD -- OpenSSL multiple vulnerabilities

A flaw in the OpenSSL handling of OCSP response verification could be exploited to cause a denial of service attack. OpenSSL has a weakness in the handling of CBC ciphersuites in SSL, TLS and DTLS. The weakness could reveal plaintext in a timing attack...

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2013-30 Miscellaneous memory safety hazards rv:20.0 / rv:17.0.5 MFSA 2013-31 Out-of-bounds write in Cairo library MFSA 2013-32 Privilege escalation through Mozilla Maintenance Service MFSA 2013-33 World read and write access to apptmp directory on Android MFSA...

otrs -- XSS vulnerability

The OTRS Project reports: An attacker with permission to write changes, workorder items or FAQ articles could inject JavaScript code into the articles which would be executed by the browser of other users reading the article...

otrs -- Information disclosure and Data manipulation

The OTRS Project reports: An attacker with a valid agent login could manipulate URLs in the object linking mechanism to see titles of tickets and other objects that are not obliged to be seen. Furthermore, links to objects without permission can be placed and removed...

roundcube -- arbitrary file disclosure vulnerability

RoundCube development team reports: After getting reports about a possible vulnerability of Roundcube which allows an attacker to modify its users preferences in a way that he/she can then read files from the server, we now published updated packages as well as patches that fix this security issu...

asterisk -- multiple vulnerabilities

Asterisk project reports: Buffer Overflow Exploit Through SIP SDP Header Username disclosure in SIP channel driver Denial of Service in HTTP server...

NVIDIA UNIX driver -- ARGB cursor buffer overflow in "NoScanout" mode

NVIDIA Unix security team reports: When the NVIDIA driver for the X Window System is operated in "NoScanout" mode, and an X client installs an ARGB cursor that is larger than the expected size 64x64 or 256x256, depending on the driver version, the driver will overflow a buffer. This can cause a...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 172342 High CVE-2013-0916: Use-after-free in Web Audio. Credit to Atte Kettunen of OUSPG. 180909 Low CVE-2013-0917: Out-of-bounds read in URL loader. Credit to Google Chrome Security Team Cris Neckar. 180555 Low CVE-2013-0918: Do not navigate dev tools upon drag an...

OpenVPN -- potential side-channel/timing attack when comparing HMACs

The OpenVPN project reports: OpenVPN 2.3.0 and earlier running in UDP mode are subject to chosen ciphertext injection due to a non-constant-time HMAC comparison function...

rubygem-rails -- multiple vulnerabilities

Ruby on Rails team reports: Rails versions 3.2.13 has been released. This release contains important security fixes. It is recommended users upgrade as soon as possible. Four vulnerabilities have been discovered and fixed: CVE-2013-1854 Symbol DoS vulnerability in Active Record CVE-2013-1855 XSS...

puppet27 and puppet -- multiple vulnerabilities

Moses Mendoza reports: A vulnerability found in Puppet could allow an authenticated client to cause the master to execute arbitrary code while responding to a catalog request. Specifically, in order to exploit the vulnerability, the puppet master must be made to invoke the 'template' or...

puppet26 -- multiple vulnerabilities

Moses Mendoza reports: A vulnerability found in Puppet could allow an authenticated client to cause the master to execute arbitrary code while responding to a catalog request. Specifically, in order to exploit the vulnerability, the puppet master must be made to invoke the 'template' or...

linux-flashplugin -- multiple vulnerabilities

Adobe reports: These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system...

dns/bind9* -- Malicious Regex Can Cause Memory Exhaustion

ISC reports: A critical defect in BIND 9 allows an attacker to cause excessive memory consumption in named or other programs linked to libdns...

privoxy -- malicious server spoofing as proxy vulnerability

Privoxy Developers reports: Proxy authentication headers are removed unless the new directive enable-proxy-authentication-forwarding is used. Forwarding the headers potentially allows malicious sites to trick the user into providing them with login information. Reported by Chris John Riley...

mozilla -- use-after-free in HTML Editor

The Mozilla Project reports: MFSA 2013-29 Use-after-free in HTML Editor...

chromium -- WebKit vulnerability

Google Chrome Releases reports: 180763 High CVE-2013-0912: Type confusion in WebKit. Credit to Nils and Jon of MWR Labs...

typo3 -- Multiple vulnerabilities in TYPO3 Core

Typo Security Team reports: Extbase Framework - Failing to sanitize user input, the Extbase database abstraction layer is susceptible to SQL Injection. TYPO3 sites which have no Extbase extensions installed are not affected. Extbase extensions are affected if they use the Query Object Model and...

perl -- denial of service via algorithmic complexity attack on hashing routines

Perl developers report: In order to prevent an algorithmic complexity attack against its hashing mechanism, perl will sometimes recalculate keys and redistribute the contents of a hash. This mechanism has made perl robust against attacks that have been demonstrated against other systems. Research...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 176882 High CVE-2013-0902: Use-after-free in frame loader. Credit to Chamal de Silva. 176252 High CVE-2013-0903: Use-after-free in browser navigation handling. Credit to "chromium.khalil". 172926 172331 High CVE-2013-0904: Memory corruption in Web Audio. Credit to...

php5 -- Multiple vulnerabilities

The PHP development team reports: PHP does not validate the relationship between the soap.wsdlcachedir directive and the openbasedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory. The...

stunnel -- Remote Code Execution

Michal Trojnara reports: 64-bit versions of stunnel with the following conditions: NTLM authentication enabled CONNECT protocol negotiation enabled Configured in SSL client mode An attacker that can either control the proxy server specified in the "connect" option or execute MITM attacks on the T...

sudo -- Potential bypass of tty_tickets constraints

Todd Miller reports: A potentially malicious program run by a user with sudo access may be able to bypass the "ttyticket" constraints. In order for this to succeed there must exist on the machine a terminal device that the user has previously authenticated themselves on via sudo within the last...

net/openafs -- buffer overflow

Nickolai Zeldovich reports: An attacker with the ability to manipulate AFS directory ACLs may crash the fileserver hosting that volume. In addition, once a corrupt ACL is placed on a fileserver, its existence may crash client utilities manipulating ACLs on that server...