sudo -- Authentication bypass when clock is reset

Todd Miller reports: The flaw may allow someone with physical access to a machine that is not password-protected to run sudo commands without knowing the logged in user's password. On systems where sudo is the principal way of running commands as root, such as on Ubuntu and Mac OS X, there is a...

linux-flashplugin -- multiple vulnerabilities

Adobe reports: These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system...

rubygem-ruby_parser -- insecure tmp file usage

Michael Scherer reports: This is a relatively minor tmp file usage issue...

ruby -- DoS vulnerability in REXML

Ruby developers report: Unrestricted entity expansion can lead to a DoS vulnerability in REXML. The CVE identifier will be assigned later. We strongly recommend to upgrade ruby. When reading text nodes from an XML document, the REXML parser can be coerced in to allocating extremely large string...

texproc/expat2 -- billion laugh attack

Kurt Seifried reports: So here are the CVE's for the two big ones, libxml2 and expat. Both are affected by the expansion of internal entities which can be used to consume resources and external entities which can cause a denial of service against other services, be used to port scan, etc.. A...

krb5 -- null pointer dereference in the KDC PKINIT code [CVE-2013-1415]

No advisory has been released yet. Fix a null pointer dereference in the KDC PKINIT code CVE-2013-1415...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 172243 High CVE-2013-0879: Memory corruption with web audio node. Credit to Atte Kettunen of OUSPG. 171951 High CVE-2013-0880: Use-after-free in database handling. Credit to Chamal de Silva. 167069 Medium CVE-2013-0881: Bad read in Matroska handling. Credit to Atte...

django -- multiple vulnerabilities

The Django Project reports: These security releases fix four issues: one potential phishing vector, one denial-of-service vector, an information leakage issue, and a range of XML vulnerabilities. Host header poisoning an attacker could cause Django to generate and display URLs that link to...

libxml2 -- cpu consumption Dos

Kurt Seifried reports: libxml2 is affected by the expansion of internal entities which can be used to consume resources and external entities which can cause a denial of service against other services, be used to port scan, etc...

drupal7 -- Denial of service

Drupal Security Team reports: Drupal core's Image module allows for the on-demand generation of image derivatives. This capability can be abused by requesting a large number of new derivatives which can fill up the server disk space, and which can cause a very high CPU load. Either of these effec...

FreeBSD -- BIND remote DoS with deliberately crafted DNS64 query

Problem description: Due to a software defect a crafted query can cause named8 to crash with an assertion failure...

bugzilla -- multiple vulnerabilities

A Bugzilla Security Advisory reports: Cross-Site Scripting When viewing a single bug report, which is the default, the bug ID is validated and rejected if it is invalid. But when viewing several bug reports at once, which is specified by the format=multiple parameter, invalid bug IDs can go throu...

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2013-21 Miscellaneous memory safety hazards rv:19.0 / rv:17.0.3 MFSA 2013-22 Out-of-bounds read in image rendering MFSA 2013-23 Wrapped WebIDL objects can be wrapped again MFSA 2013-24 Web content bypass of COW and SOW security wrappers MFSA 2013-25 Privacy leak ...

rubygem-dragonfly -- arbitrary code execution

Mark Evans reports: Unfortnately there is a security vulnerability in Dragonfly when used with Rails which would potentially allow an attacker to run arbitrary code on a host machine using carefully crafted requests...

FreeBSD -- glob(3) related resource exhaustion

Problem description: GLOBLIMIT is supposed to limit the number of paths to prevent against memory or CPU attacks. The implementation however is insufficient...

nss-pam-ldapd -- file descriptor buffer overflow

Garth Mollett reports: A file descriptor overflow issue in the use of FDSET in nss-pam-ldapd can lead to a stack-based buffer overflow. An attacker could, under some circumstances, use this flaw to cause a process that has the NSS or PAM module loaded to crash or potentially execute arbitrary cod...

jenkins -- multiple vulnerabilities

Jenkins Security Advisory reports: This advisory announces multiple security vulnerabilities that were found in Jenkins core. One of the vulnerabilities allows cross-site request forgery CSRF attacks on Jenkins master, which causes an user to make unwanted actions on Jenkins. Another vulnerabilit...

dbus-glib -- privledge escalation

Sebastian Krahmer reports: A privilege escalation flaw was found in the way dbus-glib, the D-Bus add-on library to integrate the standard D-Bus library with the GLib thread abstraction and main loop, performed filtering of the message sender message source subject, when the NameOwnerChanged signa...

libpurple -- multiple vulnerabilities

Pidgin reports: libpurple Fix a crash when receiving UPnP responses with abnormally long values. MXit Fix two bugs where a remote MXit user could possibly specify a local file path to be written to. Fix a bug where the MXit server or a man-in-the-middle could potentially send specially crafted da...

Ruby Activemodel Gem -- Circumvention of attr_protected

Aaron Patterson reports: The attrprotected method allows developers to specify a blacklist of model attributes which users should not be allowed to assign to. By using a specially crafted request, attackers could circumvent this protection and alter values that were meant to be protected. All use...

Ruby -- Denial of Service and Unsafe Object Creation Vulnerability in JSON

Aaron Patterson reports: When parsing certain JSON documents, the JSON gem can be coerced in to creating Ruby symbols in a target system. Since Ruby symbols are not garbage collected, this can result in a denial of service attack. The same technique can be used to create objects in a target syste...

Ruby Rack Gem -- Multiple Issues

Rack developers report: Today we are proud to announce the release of Rack 1.4.5. Fix CVE-2013-0263, timing attack against Rack::Session::Cookie Fix CVE-2013-0262, symlink path traversal in Rack::File...

linux-flashplugin -- multiple vulnerabilities

Adobe reports: These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system...

Ruby -- XSS exploit of RDoc documentation generated by rdoc

Ruby developers report: RDoc documentation generated by rdoc bundled with ruby are vulnerable to an XSS exploit. All ruby users are recommended to update ruby to newer version which includes security-fixed RDoc. If you are publishing RDoc documentation generated by rdoc, you are recommended to...

piwigo -- CSRF/Path Traversal

High-Tech Bridge Security Research Lab reports: The CSRF vulnerability exists due to insufficient verification of the HTTP request origin in "/admin.php" script. A remote attacker can trick a logged-in administrator to visit a specially crafted webpage and create arbitrary PHP file on the remote...

OpenSSL -- TLS 1.1, 1.2 denial of service

OpenSSL security team reports: A flaw in the OpenSSL handling of CBC mode ciphersuites in TLS 1.1 and TLS 1.2 on AES-NI supporting platforms can be exploited in a DoS attack. A flaw in the OpenSSL handling of OCSP response verification can be exploited in a denial of service attack...

firebird -- Remote Stack Buffer Overflow

Firebird Project reports: The FirebirdSQL server is vulnerable to a stack buffer overflow that can be triggered when an unauthenticated user sends a specially crafted packet. The result can lead to remote code execution as the user which runs the FirebirdSQL server...

opera -- execution of arbitrary code

Opera reports: Particular DOM event manipulations can cause Opera to crash. In some cases, this crash might occur in a way that allows execution of arbitrary code. To inject code, additional techniques would have to be employed...

tinc -- Buffer overflow

tinc-vpn.org reports: Drop packets forwarded via TCP if they are too big...

wordpress -- multiple vulnerabilities

Wordpress reports: WordPress 3.5.1 also addresses the following security issues: A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 151008 High CVE-2013-0839: Use-after-free in canvas font handling. Credit to Atte Kettunen of OUSPG. 170532 Medium CVE-2013-0840: Missing URL validation when opening new windows. 169770 High CVE-2013-0841: Unchecked array index in content blocking. Credit to Google...

drupal -- multiple vulnerabilities

Drupal Security Team reports: Cross-site scripting Various core and contributed modules Access bypass Book module printer friendly version Access bypass Image module...

pyrad -- multiple vulnerabilities

Nathaniel McCallum reports: packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack. The CreateID function in packet.py in pyrad before 2.1 uses...

java 7.x -- security manager bypass

US CERT reports: Java 7 Update 10 and earlier versions of Java 7 contain a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. The Java JRE plug-in provides its own Security Manager. Typically, a web applet runs with a security manager...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 162494 High CVE-2012-5145: Use-after-free in SVG layout. Credit to Atte Kettunen of OUSPG. 165622 High CVE-2012-5146: Same origin policy bypass with malformed URL. Credit to Erling A Ellingsen and Subodh Iyengar, both of Facebook. 165864 High CVE-2012-5147:...

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2013-01 Miscellaneous memory safety hazards rv:18.0/ rv:10.0.12 / rv:17.0.2 MFSA 2013-02 Use-after-free and buffer overflow issues found using Address Sanitizer MFSA 2013-03 Buffer Overflow in Canvas MFSA 2013-04 URL spoofing in addressbar during page loads MFSA...

rubygem-rails -- multiple vulnerabilities

Ruby on Rails team reports: Two high-risk vulnerabilities have been discovered: CVE-2013-0155 There is a vulnerability when Active Record is used in conjunction with JSON parameter parsing. Due to the way Active Record interprets parameters in combination with the way that JSON parameters are...

ettercap -- buffer overflow in target list parsing

Host target list parsing routine in ettercap 0.7.4-series prior to 0.7.4.1 and 0.7.5-series is prone to the stack-based buffer overflow that may lead to the code execution with the privileges of the ettercap process. In order to trigger this vulnerability, user or service that use ettercap should...

jenkins -- HTTP access to the server to retrieve the master cryptographic key

Jenkins Security Advisory reports: This advisory announces a security vulnerability that was found in Jenkins core. An attacker can then use this master cryptographic key to mount remote code execution attack against the Jenkins master, or impersonate arbitrary users in making REST API calls. The...

rubygem-rails -- SQL injection vulnerability

Ruby on Rails team reports: There is a SQL injection vulnerability in Active Record in ALL versions. Due to the way dynamic finders in Active Record extract options from method parameters, a method parameter can mistakenly be used as a scope. Carefully crafted requests can use the scope to inject...

asterisk -- multiple vulnerabilities

Asterisk project reports: Crashes due to large stack allocations when using TCP Denial of Service Through Exploitation of Device State Caching...

ircd-ratbox and charybdis -- remote DoS vulnerability

atheme.org reports: All versions of Charybdis are vulnerable to a remotely-triggered crash bug caused by code originating from ircd-ratbox 2.0. Incidentally, this means all versions since ircd-ratbox 2.0 are also vulnerable...

moinmoin -- Multiple vulnerabilities

MoinMoin developers report the following vulnerabilities as fixed in version 1.9.6: remote code execution vulnerability in twikidraw/anywikidraw action, path traversal vulnerability in AttachFile action, XSS issue, escape page name in rss link. CVE entries at MITRE furher clarify: Multiple...

nagios -- buffer overflow in history.cgi

full disclosure reports: history.cgi is vulnerable to a buffer overflow due to the use of sprintf with user supplied data that has not been restricted in size...

freetype -- Multiple vulnerabilities

The FreeType Project reports: Some vulnerabilities in the BDF implementation have been fixed. Users of this font format should upgrade...

opera -- execution of arbitrary code

Opera reports: When loading GIF images into memory, Opera should allocate the correct amount of memory to store that image. Specially crafted image files can cause Opera to allocate the wrong amount of memory. Subsequent data may then overwrite unrelated memory with attacker-controlled data. This...

squid -- denial of service

Squid developers report: Due to missing input validation Squid cachemgr.cgi tool is vulnerable to a denial of service attack when processing specially crafted requests. This problem allows any client able to reach the cachemgr.cgi to perform a denial of service attack on the service host. The...

linux-flashplugin -- multiple vulnerabilities

Adobe reports: These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 158204 High CVE-2012-5139: Use-after-free with visibility events. Credit to Chamal de Silva. 159429 High CVE-2012-5140: Use-after-free in URL loader. Credit to Chamal de Silva. 160456 Medium CVE-2012-5141: Limit Chromoting client plug-in instantiation. Credit to...

django -- multiple vulnerabilities

The Django Project reports: Host header poisoning Several earlier Django security releases focused on the issue of poisoning the HTTP Host header, causing Django to generate URLs pointing to arbitrary, potentially-malicious domains. In response to further input received and reports of continuing...