6583 matches found
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 176882 High CVE-2013-0902: Use-after-free in frame loader. Credit to Chamal de Silva. 176252 High CVE-2013-0903: Use-after-free in browser navigation handling. Credit to "chromium.khalil". 172926 172331 High CVE-2013-0904: Memory corruption in Web Audio. Credit to...
perl -- denial of service via algorithmic complexity attack on hashing routines
Perl developers report: In order to prevent an algorithmic complexity attack against its hashing mechanism, perl will sometimes recalculate keys and redistribute the contents of a hash. This mechanism has made perl robust against attacks that have been demonstrated against other systems. Research...
php5 -- Multiple vulnerabilities
The PHP development team reports: PHP does not validate the relationship between the soap.wsdlcachedir directive and the openbasedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory. The...
stunnel -- Remote Code Execution
Michal Trojnara reports: 64-bit versions of stunnel with the following conditions: NTLM authentication enabled CONNECT protocol negotiation enabled Configured in SSL client mode An attacker that can either control the proxy server specified in the "connect" option or execute MITM attacks on the T...
sudo -- Potential bypass of tty_tickets constraints
Todd Miller reports: A potentially malicious program run by a user with sudo access may be able to bypass the "ttyticket" constraints. In order for this to succeed there must exist on the machine a terminal device that the user has previously authenticated themselves on via sudo within the last...
net/openafs -- buffer overflow
Nickolai Zeldovich reports: An attacker with the ability to manipulate AFS directory ACLs may crash the fileserver hosting that volume. In addition, once a corrupt ACL is placed on a fileserver, its existence may crash client utilities manipulating ACLs on that server...
sudo -- Authentication bypass when clock is reset
Todd Miller reports: The flaw may allow someone with physical access to a machine that is not password-protected to run sudo commands without knowing the logged in user's password. On systems where sudo is the principal way of running commands as root, such as on Ubuntu and Mac OS X, there is a...
linux-flashplugin -- multiple vulnerabilities
Adobe reports: These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system...
rubygem-ruby_parser -- insecure tmp file usage
Michael Scherer reports: This is a relatively minor tmp file usage issue...
ruby -- DoS vulnerability in REXML
Ruby developers report: Unrestricted entity expansion can lead to a DoS vulnerability in REXML. The CVE identifier will be assigned later. We strongly recommend to upgrade ruby. When reading text nodes from an XML document, the REXML parser can be coerced in to allocating extremely large string...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 172243 High CVE-2013-0879: Memory corruption with web audio node. Credit to Atte Kettunen of OUSPG. 171951 High CVE-2013-0880: Use-after-free in database handling. Credit to Chamal de Silva. 167069 Medium CVE-2013-0881: Bad read in Matroska handling. Credit to Atte...
texproc/expat2 -- billion laugh attack
Kurt Seifried reports: So here are the CVE's for the two big ones, libxml2 and expat. Both are affected by the expansion of internal entities which can be used to consume resources and external entities which can cause a denial of service against other services, be used to port scan, etc.. A...
libxml2 -- cpu consumption Dos
Kurt Seifried reports: libxml2 is affected by the expansion of internal entities which can be used to consume resources and external entities which can cause a denial of service against other services, be used to port scan, etc...
krb5 -- null pointer dereference in the KDC PKINIT code [CVE-2013-1415]
No advisory has been released yet. Fix a null pointer dereference in the KDC PKINIT code CVE-2013-1415...
django -- multiple vulnerabilities
The Django Project reports: These security releases fix four issues: one potential phishing vector, one denial-of-service vector, an information leakage issue, and a range of XML vulnerabilities. Host header poisoning an attacker could cause Django to generate and display URLs that link to...
drupal7 -- Denial of service
Drupal Security Team reports: Drupal core's Image module allows for the on-demand generation of image derivatives. This capability can be abused by requesting a large number of new derivatives which can fill up the server disk space, and which can cause a very high CPU load. Either of these effec...
rubygem-dragonfly -- arbitrary code execution
Mark Evans reports: Unfortnately there is a security vulnerability in Dragonfly when used with Rails which would potentially allow an attacker to run arbitrary code on a host machine using carefully crafted requests...
FreeBSD -- BIND remote DoS with deliberately crafted DNS64 query
Problem description: Due to a software defect a crafted query can cause named8 to crash with an assertion failure...
FreeBSD -- glob(3) related resource exhaustion
Problem description: GLOBLIMIT is supposed to limit the number of paths to prevent against memory or CPU attacks. The implementation however is insufficient...
bugzilla -- multiple vulnerabilities
A Bugzilla Security Advisory reports: Cross-Site Scripting When viewing a single bug report, which is the default, the bug ID is validated and rejected if it is invalid. But when viewing several bug reports at once, which is specified by the format=multiple parameter, invalid bug IDs can go throu...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2013-21 Miscellaneous memory safety hazards rv:19.0 / rv:17.0.3 MFSA 2013-22 Out-of-bounds read in image rendering MFSA 2013-23 Wrapped WebIDL objects can be wrapped again MFSA 2013-24 Web content bypass of COW and SOW security wrappers MFSA 2013-25 Privacy leak ...
nss-pam-ldapd -- file descriptor buffer overflow
Garth Mollett reports: A file descriptor overflow issue in the use of FDSET in nss-pam-ldapd can lead to a stack-based buffer overflow. An attacker could, under some circumstances, use this flaw to cause a process that has the NSS or PAM module loaded to crash or potentially execute arbitrary cod...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory reports: This advisory announces multiple security vulnerabilities that were found in Jenkins core. One of the vulnerabilities allows cross-site request forgery CSRF attacks on Jenkins master, which causes an user to make unwanted actions on Jenkins. Another vulnerabilit...
dbus-glib -- privledge escalation
Sebastian Krahmer reports: A privilege escalation flaw was found in the way dbus-glib, the D-Bus add-on library to integrate the standard D-Bus library with the GLib thread abstraction and main loop, performed filtering of the message sender message source subject, when the NameOwnerChanged signa...
libpurple -- multiple vulnerabilities
Pidgin reports: libpurple Fix a crash when receiving UPnP responses with abnormally long values. MXit Fix two bugs where a remote MXit user could possibly specify a local file path to be written to. Fix a bug where the MXit server or a man-in-the-middle could potentially send specially crafted da...
Ruby Activemodel Gem -- Circumvention of attr_protected
Aaron Patterson reports: The attrprotected method allows developers to specify a blacklist of model attributes which users should not be allowed to assign to. By using a specially crafted request, attackers could circumvent this protection and alter values that were meant to be protected. All use...
Ruby -- Denial of Service and Unsafe Object Creation Vulnerability in JSON
Aaron Patterson reports: When parsing certain JSON documents, the JSON gem can be coerced in to creating Ruby symbols in a target system. Since Ruby symbols are not garbage collected, this can result in a denial of service attack. The same technique can be used to create objects in a target syste...
Ruby Rack Gem -- Multiple Issues
Rack developers report: Today we are proud to announce the release of Rack 1.4.5. Fix CVE-2013-0263, timing attack against Rack::Session::Cookie Fix CVE-2013-0262, symlink path traversal in Rack::File...
linux-flashplugin -- multiple vulnerabilities
Adobe reports: These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system...
piwigo -- CSRF/Path Traversal
High-Tech Bridge Security Research Lab reports: The CSRF vulnerability exists due to insufficient verification of the HTTP request origin in "/admin.php" script. A remote attacker can trick a logged-in administrator to visit a specially crafted webpage and create arbitrary PHP file on the remote...
Ruby -- XSS exploit of RDoc documentation generated by rdoc
Ruby developers report: RDoc documentation generated by rdoc bundled with ruby are vulnerable to an XSS exploit. All ruby users are recommended to update ruby to newer version which includes security-fixed RDoc. If you are publishing RDoc documentation generated by rdoc, you are recommended to...
OpenSSL -- TLS 1.1, 1.2 denial of service
OpenSSL security team reports: A flaw in the OpenSSL handling of CBC mode ciphersuites in TLS 1.1 and TLS 1.2 on AES-NI supporting platforms can be exploited in a DoS attack. A flaw in the OpenSSL handling of OCSP response verification can be exploited in a denial of service attack...
firebird -- Remote Stack Buffer Overflow
Firebird Project reports: The FirebirdSQL server is vulnerable to a stack buffer overflow that can be triggered when an unauthenticated user sends a specially crafted packet. The result can lead to remote code execution as the user which runs the FirebirdSQL server...
opera -- execution of arbitrary code
Opera reports: Particular DOM event manipulations can cause Opera to crash. In some cases, this crash might occur in a way that allows execution of arbitrary code. To inject code, additional techniques would have to be employed...
tinc -- Buffer overflow
tinc-vpn.org reports: Drop packets forwarded via TCP if they are too big...
wordpress -- multiple vulnerabilities
Wordpress reports: WordPress 3.5.1 also addresses the following security issues: A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 151008 High CVE-2013-0839: Use-after-free in canvas font handling. Credit to Atte Kettunen of OUSPG. 170532 Medium CVE-2013-0840: Missing URL validation when opening new windows. 169770 High CVE-2013-0841: Unchecked array index in content blocking. Credit to Google...
drupal -- multiple vulnerabilities
Drupal Security Team reports: Cross-site scripting Various core and contributed modules Access bypass Book module printer friendly version Access bypass Image module...
pyrad -- multiple vulnerabilities
Nathaniel McCallum reports: packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack. The CreateID function in packet.py in pyrad before 2.1 uses...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 162494 High CVE-2012-5145: Use-after-free in SVG layout. Credit to Atte Kettunen of OUSPG. 165622 High CVE-2012-5146: Same origin policy bypass with malformed URL. Credit to Erling A Ellingsen and Subodh Iyengar, both of Facebook. 165864 High CVE-2012-5147:...
java 7.x -- security manager bypass
US CERT reports: Java 7 Update 10 and earlier versions of Java 7 contain a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. The Java JRE plug-in provides its own Security Manager. Typically, a web applet runs with a security manager...
rubygem-rails -- multiple vulnerabilities
Ruby on Rails team reports: Two high-risk vulnerabilities have been discovered: CVE-2013-0155 There is a vulnerability when Active Record is used in conjunction with JSON parameter parsing. Due to the way Active Record interprets parameters in combination with the way that JSON parameters are...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2013-01 Miscellaneous memory safety hazards rv:18.0/ rv:10.0.12 / rv:17.0.2 MFSA 2013-02 Use-after-free and buffer overflow issues found using Address Sanitizer MFSA 2013-03 Buffer Overflow in Canvas MFSA 2013-04 URL spoofing in addressbar during page loads MFSA...
ettercap -- buffer overflow in target list parsing
Host target list parsing routine in ettercap 0.7.4-series prior to 0.7.4.1 and 0.7.5-series is prone to the stack-based buffer overflow that may lead to the code execution with the privileges of the ettercap process. In order to trigger this vulnerability, user or service that use ettercap should...
jenkins -- HTTP access to the server to retrieve the master cryptographic key
Jenkins Security Advisory reports: This advisory announces a security vulnerability that was found in Jenkins core. An attacker can then use this master cryptographic key to mount remote code execution attack against the Jenkins master, or impersonate arbitrary users in making REST API calls. The...
rubygem-rails -- SQL injection vulnerability
Ruby on Rails team reports: There is a SQL injection vulnerability in Active Record in ALL versions. Due to the way dynamic finders in Active Record extract options from method parameters, a method parameter can mistakenly be used as a scope. Carefully crafted requests can use the scope to inject...
asterisk -- multiple vulnerabilities
Asterisk project reports: Crashes due to large stack allocations when using TCP Denial of Service Through Exploitation of Device State Caching...
ircd-ratbox and charybdis -- remote DoS vulnerability
atheme.org reports: All versions of Charybdis are vulnerable to a remotely-triggered crash bug caused by code originating from ircd-ratbox 2.0. Incidentally, this means all versions since ircd-ratbox 2.0 are also vulnerable...
moinmoin -- Multiple vulnerabilities
MoinMoin developers report the following vulnerabilities as fixed in version 1.9.6: remote code execution vulnerability in twikidraw/anywikidraw action, path traversal vulnerability in AttachFile action, XSS issue, escape page name in rss link. CVE entries at MITRE furher clarify: Multiple...
nagios -- buffer overflow in history.cgi
full disclosure reports: history.cgi is vulnerable to a buffer overflow due to the use of sprintf with user supplied data that has not been restricted in size...