OpenSSL -- DTLS and TLS 1.1, 1.2 denial of service

OpenSSL security team reports: A flaw in the OpenSSL handling of CBC mode ciphersuites in TLS 1.1, 1.2 and DTLS can be exploited in a denial of service attack on both clients and servers...

PivotX -- 'ajaxhelper.php' Cross Site Scripting Vulnerability

High-Tech Bridge reports: Input passed via the "file" GET parameter to /pivotx/ajaxhelper.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in administrator's browser session in context of the affected website...

php -- multiple vulnerabilities

The PHP Development Team reports: The release of PHP 5.4.13 and 5.4.3 complete a fix for the vulnerability in CGI-based setups as originally described in CVE-2012-1823. CVE-2012-2311 Note: modphp and php-fpm are not vulnerable to this attack. PHP 5.4.3 fixes a buffer overflow vulnerability in the...

rssh -- arbitrary command execution

Derek Martin rssh maintainer reports: Henrik Erkkonen has discovered that, through clever manipulation of environment variables on the ssh command line, it is possible to circumvent rssh. As far as I can tell, there is no way to effect a root compromise, except of course if the root account is th...

libpurple -- Invalid memory dereference in the XMPP protocol plug-in by processing serie of specially-crafted file transfer requests

Pidgin reports: A series of specially crafted file transfer requests can cause clients to reference invalid memory. The user must have accepted one of the file transfer requests...

php -- vulnerability in certain CGI-based setups

php development team reports: Security Enhancements and Fixes in PHP 5.3.12: Initial fix for cgi-bin ?-s cmdarg parse issue CVE-2012-1823...

FreeBSD -- OpenSSL multiple vulnerabilities

Problem description: OpenSSL fails to clear the bytes used as block cipher padding in SSL 3.0 records when operating as a client or a server that accept SSL 3.0 handshakes. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could...

p5-Config-IniFiles -- unsafe temporary file creation

Unsafe Temporary file creation Config::IniFiles used a predictable name for its temporary file without opening it correctly...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 106413 High CVE-2011-3078: Use after free in floats handling. Credit to Google Chrome Security Team Marty Barbella and independent later discovery by miaubiz. 117627 Medium CVE-2011-3079: IPC validation failure. Credit to PinkiePie. 121726 Medium CVE-2011-3080: Rac...

samba -- incorrect permission checks vulnerability

The Samba project reports: Samba versions 3.4.x to 3.6.4 inclusive are affected by a vulnerability that allows arbitrary users to modify privileges on a file server. Security checks were incorrectly applied to the Local Security Authority LSA remote proceedure calls RPC CreateAccount, OpenAccount...

portupgrade-devel -- lack of distfile checksums

Ports security team reports: The portupgrade-devel port fetched directly from a git respository without checking against a known good SHA hash. This means that it is possible that packages built using this port may not match the one vetted by the maintainer. Users are advised to rebuild...

joomla -- Privilege Escalation

Joomla! reported a Core Privilege Escalation:: Inadequate checking leads to possible user privilege escalation...

WebCalendar -- multiple vulnerabilities

Hanno Boeck reports: Fixes are now available for various security vulnerabilities including LFI local file inclusion, XSS cross site scripting and others...

net-snmp -- Remote DoS

The Red Hat Security Response Team reports: An array index error, leading to out-of heap-based buffer read flaw was found in the way the net-snmp agent performed lookups in the extension table. When certain MIB subtrees were handled by the extend directive, a remote attacker having read privilege...

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2012-20 Miscellaneous memory safety hazards rv:12.0/ rv:10.0.4 MFSA 2012-21 Multiple security flaws fixed in FreeType v2.4.9 MFSA 2012-22 use-after-free in IDBKeyRange MFSA 2012-23 Invalid frees causes heap corruption in gfxImageSurface MFSA 2012-24 Potential XSS...

asterisk -- multiple vulnerabilities

Asterisk project reports: Remote Crash Vulnerability in SIP Channel Driver Heap Buffer Overflow in Skinny Channel Driver Asterisk Manager User Unauthorized Shell Access...

wordpress -- multiple vulnerabilities

Wordpress reports: External code has been updated to non-vulnerable versions. In addition the following bugs have been fixed: Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances. Cross-site...

OpenSSL -- integer conversions result in memory corruption

OpenSSL security team reports: A potentially exploitable vulnerability has been discovered in the OpenSSL function asn1d2ireadbio. Any application which uses BIO or FILE based functions to read untrusted DER format data is vulnerable. Affected functions are of the form d2ibio or d2ifp, for exampl...

bugzilla -- multiple vulnerabilities

A Bugzilla Security Advisory reports: The following security issues have been discovered in Bugzilla: Unauthorized Access Due to a lack of proper validation of the X-FORWARDED-FOR header of an authentication request, an attacker could bypass the current lockout policy used for protection against...

typo -- Cross-Site Scripting

Typo Security Team reports: Failing to properly encode the output, the default TYPO3 Exception Handler is susceptible to Cross-Site Scripting. We are not aware of a possibility to exploit this vulnerability without third party extensions being installed that put user input in exception messages...

Dokuwiki -- cross site scripting vulnerability

Andy Webber reports: Add User appears to be vulnerable to Cross Site Request Forgery CSRF/XSRF...

node -- private information disclosure

Private information disclosure An attacker can cause private information disclosure...

phpmyfaq -- Remote PHP Code Execution Vulnerability

The phpMyFAQ project reports: The bundled ImageManager library allows injection of arbitrary PHP code to execute arbitrary PHP code and upload malware and trojan horses...

foswiki -- Script Insertion Vulnerability via unchecked user registration fields

Foswiki team reports: When a new user registers, the new user can add arbitrary HTML and script code into the user topic which is generated by the RegistrationAgent via standard registration fields such as "FirstName" or "OrganisationName". By design, Foswiki's normal editing features allow...

nginx -- Buffer overflow in the ngx_http_mp4_module

The nginx project reports: Buffer overflow in the ngxhttpmp4module...

samba -- "root" credential remote code execution

Samba development team reports: Samba versions 3.6.3 and all versions previous to this are affected by a vulnerability that allows remote code execution as the "root" user from an anonymous connection. As this does not require an authenticated connection it is the most serious vulnerability...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 106577 Medium CVE-2011-3066: Out-of-bounds read in Skia clipping. Credit to miaubiz. 117583 Medium CVE-2011-3067: Cross-origin iframe replacement. Credit to Sergey Glazunov. 117698 High CVE-2011-3068: Use-after-free in run-in handling. Credit to miaubiz. 117728 Hig...

linux-flashplugin -- multiple vulnerabilities

Adobe reports: Multiple Priority 2 vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system...

png -- memory corruption/possible remote code execution

The PNG project reports: libpng fails to correctly handle malloc failures for text chunks in pngsettext2, which can lead to memory corruption and the possibility of remote code execution...

coppermine -- Multiple vulnerabilities

The Coppermine Team reports: The release covers several path disclosure vulnerabilities. If unpatched, it's possible to generate an error that will reveal the full path of the script. A remote user can determine the full path to the web root directory and other potentially sensitive information...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 109574 Medium CVE-2011-3058: Bad interaction possibly leading to XSS in EUC-JP. Credit to Masato Kinugawa. 112317 Medium CVE-2011-3059: Out-of-bounds read in SVG text handling. Credit to Arthur Gerkis. 114056 Medium CVE-2011-3060: Out-of-bounds read in text fragmen...

ImageMagick -- multiple vulnerabilities

ImageMagick reports: Three vulnerabilities have been identified in ImageMagick's handling of JPEG and TIFF files. With these vulnerabilities, it is possible to cause a denial of service situation in the target system...

phpMyAdmin -- Path disclosure due to missing verification of file presence

The phpMyAdmin development team reports: The showconfigerrors.php scripts did not validate the presence of the configuration file, so an error message shows the full path of this file, leading to possible further attacks. For the error messages to be displayed, php.ini's errorreporting must be se...

puppet -- Multiple Vulnerabilities

Multiple vulnerabilities exist in puppet that can result in arbitrary code execution, arbitrary file read access, denial of service, and arbitrary file write access. Please review the details in each of the CVEs for additional information...

raptor/raptor2 -- XXE in RDF/XML File Interpretation

Timothy D. Morgan reports: In December 2011, VSR identified a vulnerability in multiple open source office products including OpenOffice, LibreOffice, KOffice, and AbiWord due to unsafe interpretation of XML files with custom entity declarations. Deeper analysis revealed that the vulnerability wa...

quagga -- multiple vulnerabilities

CERT reports: The ospfd implementation of OSPF in Quagga allows a remote attacker on a local network segment with OSPF enabled to cause a denial of service daemon aborts due to an assert with a malformed OSPF LS-Update message. The ospfd implementation of OSPF in Quagga allows a remote attacker o...

Apache Traffic Server -- heap overflow vulnerability

CERT-FI reports: A heap overflow vulnerability has been found in the HTTP Hypertext Transfer Protocol protocol handling of Apache Traffic Server. The vulnerability allows an attacker to cause a denial of service or potentially to execute his own code by sending a specially modified HTTP message t...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 113902 High CVE-2011-3050: Use-after-free with first-letter handling. Credit to miaubiz. 116162 High CVE-2011-3045: libpng integer issue from upstream. Credit to Glenn Randers-Pehrson of the libpng project. 116461 High CVE-2011-3051: Use-after-free in CSS cross-fad...

phpList -- SQL injection and XSS vulnerability

Zero Science Lab reports: Input passed via the parameter 'sortby' is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The param 'num' is vulnerable to a XSS issue where the attacker ca...

libtasn1 -- ASN.1 length decoding vulnerability

Mu Dynamics, Inc. reports: Various functions using the ASN.1 length decoding logic in Libtasn1 were incorrectly assuming that the return value from asn1getlengthder is always less than the length of the enclosing ASN.1 structure, which is only true for valid structures and not for intentionally...

gnutls -- possible overflow/Denial of service vulnerabilities

Mu Dynamics, Inc. reports: The block cipher decryption logic in GnuTLS assumed that a record containing any data which was a multiple of the block size was valid for further decryption processing, leading to a heap corruption vulnerability...

NVIDIA UNIX driver -- access to arbitrary system memory

NVIDIA Unix security team reports: Security vulnerability CVE-2012-0946 in the NVIDIA UNIX driver was disclosed to NVIDIA on March 20th, 2012. The vulnerability makes it possible for an attacker who has read and write access to the GPU device nodes to reconfigure GPUs to gain access to arbitrary...

clamav -- multiple vulnerabilities

MITRE Advisories report: The TAR parser allows remote attackers to bypass malware detection via a POSIX TAR file with an initial aliases character sequence. The TAR parser allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR fi...

inspircd -- buffer overflow

InspIRCd reports: InspIRCd contains a heap corruption vulnerability that exists in the dns.cpp code. The res buffer is allocated on the heap and can be overflowed. The res buffer can be exploited during its deallocation. The number of overflowed bytes can be controlled with DNS compression featur...

libpurple -- Remote DoS via an MSN OIM message that lacks UTF-8 encoding

US-CERT reports: The msnoimreporttouser function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers to cause a denial of service application crash via an OIM message that lacks UTF-8 encoding...

nginx -- potential information leak

nginx development team reports: Matthew Daley recently discovered a security problem which may lead to a disclosure of previously freed memory on specially crafted response from an upstream server, potentially resulting in sensitive information leak...

asterisk -- multiple vulnerabilities

Asterisk project reports: Stack Buffer Overflow in HTTP Manager Remote Crash Vulnerability in Milliwatt Application...

rubygem-mail -- multiple vulnerabilities

rubygem-mail -- multiple vulnerabilities Two issues were fixed. They are a file system traversal in filedelivery method and arbitrary command execution when using exim or sendmail from the command line...

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2012-13 XSS with Drag and Drop and Javascript: URL MFSA 2012-14 SVG issues found with Address Sanitizer MFSA 2012-15 XSS with multiple Content Security Policy headers MFSA 2012-16 Escalation of privilege with Javascript: URL as home page MFSA 2012-17 Crash when...

vlc -- arbitrary code execution in Real RTSP and MMS support

Jean-Baptiste Kempf, on behalf of the VideoLAN project reports: If successful, a malicious third party could crash the VLC media player process. Arbitrary code execution could be possible on some systems...