[Midnightbsd-cvs] mports [22992] trunk/security/vuxml/vuln.xml: update vulnerability list
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Sat Dec 16 12:52:37 EST 2017
Revision: 22992
http://svnweb.midnightbsd.org/mports/?rev=22992
Author: laffer1
Date: 2017-12-16 12:52:37 -0500 (Sat, 16 Dec 2017)
Log Message:
-----------
update vulnerability list
Modified Paths:
--------------
trunk/security/vuxml/vuln.xml
Modified: trunk/security/vuxml/vuln.xml
===================================================================
--- trunk/security/vuxml/vuln.xml 2017-12-16 17:51:39 UTC (rev 22991)
+++ trunk/security/vuxml/vuln.xml 2017-12-16 17:52:37 UTC (rev 22992)
@@ -28,7 +28,7 @@
OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- $FreeBSD: head/security/vuxml/vuln.xml 436409 2017-03-18 13:57:40Z riggs $
+ $FreeBSD: head/security/vuxml/vuln.xml 450904 2017-09-29 15:28:54Z zi $
QUICK GUIDE TO ADDING A NEW ENTRY
@@ -58,6 +58,6831 @@
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="33888815-631e-4bba-b776-a9b46fe177b5">
+ <topic>phpmyfaq -- multiple issues</topic>
+ <affects>
+ <package>
+ <name>phpmyfaq</name>
+ <range><le>2.9.8</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>phpmyfaq developers report:</p>
+ <blockquote cite="https://www.exploit-db.com/exploits/42761/">
+ <p>Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an "Add New FAQ" action.</p>
+ <p>Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the "Title of your FAQ" field in the Configuration Module.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.exploit-db.com/exploits/42761/</url>
+ <url>https://github.com/thorsten/phpMyFAQ/commit/30b0025e19bd95ba28f4eff4d259671e7bb6bb86</url>
+ <cvename>CVE-2017-14618</cvename>
+ <cvename>CVE-2017-14619</cvename>
+ </references>
+ <dates>
+ <discovery>2017-09-20</discovery>
+ <entry>2017-09-29</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="a48d4478-e23f-4085-8ae4-6b3a7b6f016b">
+ <topic>wordpress -- multiple issues</topic>
+ <affects>
+ <package>
+ <name>wordpress</name>
+ <range><lt>4.8.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>wordpress developers report:</p>
+ <blockquote cite="http://www.securityfocus.com/bid/100912">
+ <p>Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL.</p>
+ <p>Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name.</p>
+ <p>Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.</p>
+ <p>Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name.</p>
+ <p>Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename.</p>
+ <p>Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery.</p>
+ <p>Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.securityfocus.com/bid/100912</url>
+ <url>https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/</url>
+ <url>https://core.trac.wordpress.org/changeset/41393</url>
+ <url>https://core.trac.wordpress.org/changeset/41395</url>
+ <url>https://core.trac.wordpress.org/changeset/41397</url>
+ <url>https://core.trac.wordpress.org/changeset/41412</url>
+ <url>https://core.trac.wordpress.org/changeset/41448</url>
+ <url>https://core.trac.wordpress.org/changeset/41457</url>
+ <url>https://wpvulndb.com/vulnerabilities/8911</url>
+ <url>https://wpvulndb.com/vulnerabilities/8912</url>
+ <url>https://wpvulndb.com/vulnerabilities/8913</url>
+ <url>https://wpvulndb.com/vulnerabilities/8914</url>
+ <cvename>CVE-2017-14718</cvename>
+ <cvename>CVE-2017-14719</cvename>
+ <cvename>CVE-2017-14720</cvename>
+ <cvename>CVE-2017-14721</cvename>
+ <cvename>CVE-2017-14722</cvename>
+ <cvename>CVE-2017-14724</cvename>
+ <cvename>CVE-2017-14726</cvename>
+ </references>
+ <dates>
+ <discovery>2017-09-23</discovery>
+ <entry>2017-09-29</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="1098a15b-b0f6-42b7-b5c7-8a8646e8be07">
+ <topic>mozilla -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>56.0,1</lt></range>
+ </package>
+ <package>
+ <name>seamonkey</name>
+ <name>linux-seamonkey</name>
+ <range><lt>2.49.2</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>52.4.0,1</lt></range>
+ </package>
+ <package>
+ <name>linux-firefox</name>
+ <range><lt>52.4.0,2</lt></range>
+ </package>
+ <package>
+ <name>libxul</name>
+ <name>thunderbird</name>
+ <name>linux-thunderbird</name>
+ <range><lt>52.4.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mozilla Foundation reports:</p>
+ <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/">
+ <p>CVE-2017-7793: Use-after-free with Fetch API</p>
+ <p>CVE-2017-7817: Firefox for Android address bar spoofing through fullscreen mode</p>
+ <p>CVE-2017-7818: Use-after-free during ARIA array manipulation</p>
+ <p>CVE-2017-7819: Use-after-free while resizing images in design mode</p>
+ <p>CVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE</p>
+ <p>CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes</p>
+ <p>CVE-2017-7812: Drag and drop of malicious page content to the tab bar can open locally stored files</p>
+ <p>CVE-2017-7814: Blob and data URLs bypass phishing and malware protection warnings</p>
+ <p>CVE-2017-7813: Integer truncation in the JavaScript parser</p>
+ <p>CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters as spaces</p>
+ <p>CVE-2017-7815: Spoofing attack with modal dialogs on non-e10s installations</p>
+ <p>CVE-2017-7816: WebExtensions can load about: URLs in extension UI</p>
+ <p>CVE-2017-7821: WebExtensions can download and open non-executable files without user interaction</p>
+ <p>CVE-2017-7823: CSP sandbox directive did not create a unique origin</p>
+ <p>CVE-2017-7822: WebCrypto allows AES-GCM with 0-length IV</p>
+ <p>CVE-2017-7820: Xray wrapper bypass with new tab and web console</p>
+ <p>CVE-2017-7811: Memory safety bugs fixed in Firefox 56</p>
+ <p>CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-7793</cvename>
+ <cvename>CVE-2017-7805</cvename>
+ <cvename>CVE-2017-7810</cvename>
+ <cvename>CVE-2017-7811</cvename>
+ <cvename>CVE-2017-7812</cvename>
+ <cvename>CVE-2017-7813</cvename>
+ <cvename>CVE-2017-7814</cvename>
+ <cvename>CVE-2017-7815</cvename>
+ <cvename>CVE-2017-7816</cvename>
+ <cvename>CVE-2017-7817</cvename>
+ <cvename>CVE-2017-7818</cvename>
+ <cvename>CVE-2017-7819</cvename>
+ <cvename>CVE-2017-7820</cvename>
+ <cvename>CVE-2017-7821</cvename>
+ <cvename>CVE-2017-7822</cvename>
+ <cvename>CVE-2017-7823</cvename>
+ <cvename>CVE-2017-7824</cvename>
+ <cvename>CVE-2017-7825</cvename>
+ <url>https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/</url>
+ <url>https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/</url>
+ </references>
+ <dates>
+ <discovery>2017-09-28</discovery>
+ <entry>2017-09-29</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="43a1b8f9-3451-4f3c-b4fc-730c0f5876c1">
+ <topic>sam2p -- multiple issues</topic>
+ <affects>
+ <package>
+ <name>sam2p</name>
+ <range><lt>0.49.3,1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>sam2p developers report:</p>
+ <blockquote cite="https://github.com/pts/sam2p/issues/14">
+ <p>In sam2p 0.49.3, a heap-based buffer overflow exists in the pcxLoadImage24 function of the file in_pcx.cpp.</p>
+ <p>In sam2p 0.49.3, the in_xpm_reader function in in_xpm.cpp has an integer signedness error, leading to a crash when writing to an out-of-bounds array element.</p>
+ <p>In sam2p 0.49.3, an integer overflow exists in the pcxLoadImage24 function of the file in_pcx.cpp, leading to an invalid write operation.</p>
+ <p>In sam2p 0.49.3, the pcxLoadRaster function in in_pcx.cpp has an integer signedness error leading to a heap-based buffer overflow.</p>
+ <p>Because of an integer overflow in sam2p 0.49.3, a loop executes 0xffffffff times, ending with an invalid read of size 1 in the Image::Indexed::sortPal function in image.cpp. However, this also causes memory corruption because of an attempted write to the invalid d[0xfffffffe] array element.</p>
+ <p>In sam2p 0.49.3, there is an invalid read of size 2 in the parse_rgb function in in_xpm.cpp. However, this can also cause a write to an illegal address.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://github.com/pts/sam2p/issues/14</url>
+ <cvename>CVE-2017-14628</cvename>
+ <cvename>CVE-2017-14629</cvename>
+ <cvename>CVE-2017-14630</cvename>
+ <cvename>CVE-2017-14631</cvename>
+ <cvename>CVE-2017-14636</cvename>
+ <cvename>CVE-2017-14637</cvename>
+ </references>
+ <dates>
+ <discovery>2017-09-21</discovery>
+ <entry>2017-09-28</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="02bee9ae-c5d1-409b-8a79-983a88861509">
+ <topic>libraw -- Out-of-bounds Read</topic>
+ <affects>
+ <package>
+ <name>libraw</name>
+ <range><le>0.18.4</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>libraw developers report:</p>
+ <blockquote cite="https://github.com/LibRaw/LibRaw/commit/d13e8f6d1e987b7491182040a188c16a395f1d21">
+ <p>In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://github.com/LibRaw/LibRaw/commit/d13e8f6d1e987b7491182040a188c16a395f1d21</url>
+ <url>https://github.com/LibRaw/LibRaw/issues/101</url>
+ <cvename>CVE-2017-14608</cvename>
+ </references>
+ <dates>
+ <discovery>2017-09-20</discovery>
+ <entry>2017-09-28</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="3dd6ccf4-a3c6-11e7-a52e-0800279f2ff8">
+ <topic>OpenVPN -- out-of-bounds write in legacy key-method 1</topic>
+ <affects>
+ <package>
+ <name>openvpn-polarssl</name>
+ <range><lt>2.3.18</lt></range>
+ </package>
+ <package>
+ <name>openvpn-mbedtls</name>
+ <range><ge>2.4.0</ge><lt>2.4.4</lt></range>
+ </package>
+ <package>
+ <name>openvpn</name>
+ <range><ge>2.4.0</ge><lt>2.4.4</lt></range>
+ <range><lt>2.3.18</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Steffan Karger reports:</p>
+ <blockquote cite="https://community.openvpn.net/openvpn/wiki/CVE-2017-12166">
+ <p>The bounds check in read_key() was performed after using the value,
+ instead of before. If 'key-method 1' is used, this allowed an
+ attacker to send a malformed packet to trigger a stack buffer
+ overflow. [...]</p>
+ <p>Note that 'key-method 1' has been replaced by 'key method 2' as the
+ default in OpenVPN 2.0 (released on 2005-04-17), and explicitly
+ deprecated in 2.4 and marked for removal in 2.5. This should limit
+ the amount of users impacted by this issue.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://community.openvpn.net/openvpn/wiki/CVE-2017-12166</url>
+ <url>https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15492.html</url>
+ <cvename>CVE-2017-12166</cvename>
+ </references>
+ <dates>
+ <discovery>2017-09-21</discovery>
+ <entry>2017-09-27</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="16fb4f83-a2ab-11e7-9c14-009c02a2ab30">
+ <topic>ImageMagick -- denial of service via a crafted font file</topic>
+ <affects>
+ <package>
+ <name>ImageMagick7</name>
+ <range><lt>7.0.7.4</lt></range>
+ </package>
+ <package>
+ <name>ImageMagick7-nox11</name>
+ <range><lt>7.0.7.4</lt></range>
+ </package>
+ <package>
+ <name>ImageMagick</name>
+ <range><le>6.9.8.9_1</le></range>
+ </package>
+ <package>
+ <name>ImageMagick-nox11</name>
+ <range><le>6.9.8.9_1</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>MITRE reports:</p>
+ <blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14741">
+ <p>The ReadCAPTIONImage function in coders/caption.c in ImageMagick allows remote attackers to cause a denial of service (infinite loop) via a crafted font file.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14741</url>
+ <url>https://github.com/ImageMagick/ImageMagick/issues/771</url>
+ <url>https://github.com/ImageMagick/ImageMagick/commit/7d8e14899c562157c7760a77fc91625a27cb596f</url>
+ <url>https://github.com/ImageMagick/ImageMagick/commit/bb11d07139efe0f5e4ce0e4afda32abdbe82fa9d</url>
+ <cvename>CVE-2017-14741</cvename>
+ </references>
+ <dates>
+ <discovery>2017-09-21</discovery>
+ <entry>2017-09-26</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="58fafead-cd13-472f-a9bd-d0173ba1b04c">
+ <topic>libofx -- exploitable buffer overflow</topic>
+ <affects>
+ <package>
+ <name>libofx</name>
+ <range><le>0.9.11</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Talos developers report:</p>
+ <blockquote cite="http://www.securityfocus.com/bid/100828">
+ <p>An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.securityfocus.com/bid/100828</url>
+ <url>https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0317</url>
+ <cvename>CVE-2017-2816</cvename>
+ </references>
+ <dates>
+ <discovery>2017-09-13</discovery>
+ <entry>2017-09-27</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="3b776502-f601-44e0-87cd-b63f1b9ae42a">
+ <topic>sugarcrm -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>sugarcrm</name>
+ <range><le>6.5.26</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>sugarcrm developers report:</p>
+ <blockquote cite="https://blog.ripstech.com/2017/sugarcrm-security-diet-multiple-vulnerabilities/">
+ <p>An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). Several areas have been identified in the Documents and Emails module that could allow an authenticated user to perform SQL injection, as demonstrated by a backslash character at the end of a bean_id to modules/Emails/DetailView.php. An attacker could exploit these vulnerabilities by sending a crafted SQL request to the affected areas. An exploit could allow the attacker to modify the SQL database. Proper SQL escaping has been added to prevent such exploits.</p>
+ <p>An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). A remote file inclusion has been identified in the Connectors module allowing authenticated users to include remotely accessible system files via a query string. Proper input validation has been added to mitigate this issue.</p>
+ <p>An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). The WebToLeadCapture functionality is found vulnerable to unauthenticated cross-site scripting (XSS) attacks. This attack vector is mitigated by proper validating the redirect URL values being passed along.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://blog.ripstech.com/2017/sugarcrm-security-diet-multiple-vulnerabilities/</url>
+ <url>https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2017-006/</url>
+ <url>https://blog.ripstech.com/2017/sugarcrm-security-diet-multiple-vulnerabilities/</url>
+ <url>https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2017-007/</url>
+ <url>https://blog.ripstech.com/2017/sugarcrm-security-diet-multiple-vulnerabilities/</url>
+ <url>https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2017-008/</url>
+ <cvename>CVE-2017-14508</cvename>
+ <cvename>CVE-2017-14509</cvename>
+ <cvename>CVE-2017-14510</cvename>
+ </references>
+ <dates>
+ <discovery>2017-09-17</discovery>
+ <entry>2017-09-26</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="b2952517-07e5-4d19-8850-21c5b7e0623f">
+ <topic>libzip -- denial of service</topic>
+ <affects>
+ <package>
+ <name>libzip</name>
+ <range><lt>1.1.13_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>libzip developers report:</p>
+ <blockquote cite="https://blogs.gentoo.org/ago/2017/09/01/libzip-memory-allocation-failure-in-_zip_cdir_grow-zip_dirent-c/">
+ <p>The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 mishandles EOCD records, which allows remote attackers to cause a denial of service (memory allocation failure in _zip_cdir_grow in zip_dirent.c) via a crafted ZIP archive.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://blogs.gentoo.org/ago/2017/09/01/libzip-memory-allocation-failure-in-_zip_cdir_grow-zip_dirent-c/</url>
+ <url>https://github.com/nih-at/libzip/commit/9b46957ec98d85a572e9ef98301247f39338a3b5</url>
+ <cvename>CVE-2017-14107</cvename>
+ </references>
+ <dates>
+ <discovery>2017-09-01</discovery>
+ <entry>2017-09-27</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="10214bda-0902-4e3b-a2f9-9a68ef206a73">
+ <topic>libbson -- Denial of Service</topic>
+ <affects>
+ <package>
+ <name>libbson</name>
+ <range><lt>1.8.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>mongodb developers report:</p>
+ <blockquote cite="http://www.securityfocus.com/bid/100825">
+ <p>In MongoDB libbson 1.7.0, the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the bson_utf8_validate function in bson-utf8.c), as demonstrated by bson-to-json.c.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.securityfocus.com/bid/100825</url>
+ <url>https://bugzilla.redhat.com/show_bug.cgi?id=1489355</url>
+ <url>https://bugzilla.redhat.com/show_bug.cgi?id=1489356</url>
+ <url>https://bugzilla.redhat.com/show_bug.cgi?id=1489362</url>
+ <cvename>CVE-2017-14227</cvename>
+ </references>
+ <dates>
+ <discovery>2017-09-09</discovery>
+ <entry>2017-09-26</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="eb03d642-6724-472d-b038-f2bf074e1fc8">
+ <topic>tcpdump -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>tcpdump</name>
+ <range><lt>4.9.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>tcpdump developers report:</p>
+ <blockquote cite="http://www.tcpdump.org/tcpdump-changes.txt">
+ <p>Too many issues to detail, see CVE references for details.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-11541</cvename>
+ <cvename>CVE-2017-11542</cvename>
+ <cvename>CVE-2017-11543</cvename>
+ <cvename>CVE-2017-12893</cvename>
+ <cvename>CVE-2017-12894</cvename>
+ <cvename>CVE-2017-12895</cvename>
+ <cvename>CVE-2017-12896</cvename>
+ <cvename>CVE-2017-12897</cvename>
+ <cvename>CVE-2017-12898</cvename>
+ <cvename>CVE-2017-12899</cvename>
+ <cvename>CVE-2017-12900</cvename>
+ <cvename>CVE-2017-12901</cvename>
+ <cvename>CVE-2017-12902</cvename>
+ <cvename>CVE-2017-12985</cvename>
+ <cvename>CVE-2017-12986</cvename>
+ <cvename>CVE-2017-12987</cvename>
+ <cvename>CVE-2017-12988</cvename>
+ <cvename>CVE-2017-12989</cvename>
+ <cvename>CVE-2017-12990</cvename>
+ <cvename>CVE-2017-12991</cvename>
+ <cvename>CVE-2017-12992</cvename>
+ <cvename>CVE-2017-12993</cvename>
+ <cvename>CVE-2017-12994</cvename>
+ <cvename>CVE-2017-12995</cvename>
+ <cvename>CVE-2017-12996</cvename>
+ <cvename>CVE-2017-12997</cvename>
+ <cvename>CVE-2017-12998</cvename>
+ <cvename>CVE-2017-12999</cvename>
+ <cvename>CVE-2017-13000</cvename>
+ <cvename>CVE-2017-13001</cvename>
+ <cvename>CVE-2017-13002</cvename>
+ <cvename>CVE-2017-13003</cvename>
+ <cvename>CVE-2017-13004</cvename>
+ <cvename>CVE-2017-13005</cvename>
+ <cvename>CVE-2017-13006</cvename>
+ <cvename>CVE-2017-13007</cvename>
+ <cvename>CVE-2017-13008</cvename>
+ <cvename>CVE-2017-13009</cvename>
+ <cvename>CVE-2017-13010</cvename>
+ <cvename>CVE-2017-13011</cvename>
+ <cvename>CVE-2017-13012</cvename>
+ <cvename>CVE-2017-13013</cvename>
+ <cvename>CVE-2017-13014</cvename>
+ <cvename>CVE-2017-13015</cvename>
+ <cvename>CVE-2017-13016</cvename>
+ <cvename>CVE-2017-13017</cvename>
+ <cvename>CVE-2017-13018</cvename>
+ <cvename>CVE-2017-13019</cvename>
+ <cvename>CVE-2017-13020</cvename>
+ <cvename>CVE-2017-13021</cvename>
+ <cvename>CVE-2017-13022</cvename>
+ <cvename>CVE-2017-13023</cvename>
+ <cvename>CVE-2017-13024</cvename>
+ <cvename>CVE-2017-13025</cvename>
+ <cvename>CVE-2017-13026</cvename>
+ <cvename>CVE-2017-13027</cvename>
+ <cvename>CVE-2017-13028</cvename>
+ <cvename>CVE-2017-13029</cvename>
+ <cvename>CVE-2017-13030</cvename>
+ <cvename>CVE-2017-13031</cvename>
+ <cvename>CVE-2017-13032</cvename>
+ <cvename>CVE-2017-13033</cvename>
+ <cvename>CVE-2017-13034</cvename>
+ <cvename>CVE-2017-13035</cvename>
+ <cvename>CVE-2017-13036</cvename>
+ <cvename>CVE-2017-13037</cvename>
+ <cvename>CVE-2017-13038</cvename>
+ <cvename>CVE-2017-13039</cvename>
+ <cvename>CVE-2017-13040</cvename>
+ <cvename>CVE-2017-13041</cvename>
+ <cvename>CVE-2017-13042</cvename>
+ <cvename>CVE-2017-13043</cvename>
+ <cvename>CVE-2017-13044</cvename>
+ <cvename>CVE-2017-13045</cvename>
+ <cvename>CVE-2017-13046</cvename>
+ <cvename>CVE-2017-13047</cvename>
+ <cvename>CVE-2017-13048</cvename>
+ <cvename>CVE-2017-13049</cvename>
+ <cvename>CVE-2017-13050</cvename>
+ <cvename>CVE-2017-13051</cvename>
+ <cvename>CVE-2017-13052</cvename>
+ <cvename>CVE-2017-13053</cvename>
+ <cvename>CVE-2017-13054</cvename>
+ <cvename>CVE-2017-13055</cvename>
+ <cvename>CVE-2017-13687</cvename>
+ <cvename>CVE-2017-13688</cvename>
+ <cvename>CVE-2017-13689</cvename>
+ <cvename>CVE-2017-13690</cvename>
+ <cvename>CVE-2017-13725</cvename>
+ </references>
+ <dates>
+ <discovery>2017-07-22</discovery>
+ <entry>2017-09-26</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="d9f96741-47bd-4426-9aba-8736c0971b24">
+ <topic>libraw -- buffer overflow</topic>
+ <affects>
+ <package>
+ <name>libraw</name>
+ <range><lt>0.18.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>libraw developers report:</p>
+ <blockquote cite="http://www.securityfocus.com/bid/100866">
+ <p>LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.securityfocus.com/bid/100866</url>
+ <url>https://github.com/LibRaw/LibRaw/issues/100</url>
+ <cvename>CVE-2017-14348</cvename>
+ </references>
+ <dates>
+ <discovery>2017-09-12</discovery>
+ <entry>2017-09-26</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="4cd857d9-26d2-4417-b765-69701938f9e0">
+ <topic>libraw -- denial of service and remote code execution</topic>
+ <affects>
+ <package>
+ <name>libraw</name>
+ <range><lt>0.18.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>libraw developers report:</p>
+ <blockquote cite="https://github.com/LibRaw/LibRaw/issues/99">
+ <p>A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://github.com/LibRaw/LibRaw/issues/99</url>
+ <cvename>CVE-2017-14265</cvename>
+ </references>
+ <dates>
+ <discovery>2017-09-11</discovery>
+ <entry>2017-09-26</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="a60a2e95-acba-4b11-bc32-ffb47364e07d">
+ <topic>libgd -- Denial of servica via double free</topic>
+ <affects>
+ <package>
+ <name>libgd</name>
+ <range><lt>2.2.5</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>libgd developers report:</p>
+ <blockquote cite="http://www.debian.org/security/2017/dsa-3961">
+ <p>Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.debian.org/security/2017/dsa-3961</url>
+ <url>https://github.com/libgd/libgd/issues/381</url>
+ <url>https://github.com/libgd/libgd/releases/tag/gd-2.2.5</url>
+ <url>https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N2BLXX7KNRE7ZVQAKGTHHWS33CUCXVUP/</url>
+ <cvename>CVE-2017-6362</cvename>
+ </references>
+ <dates>
+ <discovery>2017-09-07</discovery>
+ <entry>2017-09-26</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="5033e2fc-98ec-4ef5-8e0b-87cfbbc73081">
+ <topic>php-gd and gd -- Buffer over-read into uninitialized memory</topic>
+ <affects>
+ <package>
+ <name>libgd</name>
+ <range><lt>2.2.5</lt></range>
+ </package>
+ <package>
+ <name>php70-gd</name>
+ <range><lt>7.0.21</lt></range>
+ </package>
+ <package>
+ <name>php71-gd</name>
+ <range><lt>7.1.7</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>PHP developers report:</p>
+ <blockquote cite="https://bugs.php.net/bug.php?id=74435">
+ <p>The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://bugs.php.net/bug.php?id=74435</url>
+ <cvename>CVE-2017-7890</cvename>
+ </references>
+ <dates>
+ <discovery>2017-08-02</discovery>
+ <entry>2017-09-26</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="d843a984-7f22-484f-ba81-483ddbe30dc3">
+ <topic>ledger -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>ledger</name>
+ <range><le>3.1.1</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Talos reports:</p>
+ <blockquote cite="http://www.securityfocus.com/bid/100543">
+ <p>An exploitable buffer overflow vulnerability exists in the tag parsing functionality of Ledger-CLI 3.1.1. A specially crafted journal file can cause an integer underflow resulting in code execution. An attacker can construct a malicious journal file to trigger this vulnerability.</p>
+ <p>An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a use-after-free vulnerability resulting in arbitrary code execution. An attacker can convince a user to load a journal file to trigger this vulnerability.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.securityfocus.com/bid/100543</url>
+ <url>https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0303</url>
+ <url>http://www.securityfocus.com/bid/100546</url>
+ <url>https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0304</url>
+ <cvename>CVE-2017-2808</cvename>
+ <cvename>CVE-2017-2807</cvename>
+ </references>
+ <dates>
+ <discovery>2017-09-05</discovery>
+ <entry>2017-09-26</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="7801b1e1-99b4-42ac-ab22-7646235e7c16">
+ <topic>aacplusenc -- denial of service</topic>
+ <affects>
+ <package>
+ <name>aacplusenc</name>
+ <range><le>0.17.5_2</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Gentoo developers report:</p>
+ <blockquote cite="https://blogs.gentoo.org/ago/2017/09/07/aacplusenc-null-pointer-dereference-in-deletebitbuffer-bitbuffer-c/">
+ <p>DeleteBitBuffer in libbitbuf/bitbuffer.c in mp4tools aacplusenc 0.17.5 allows remote attackers to cause a denial of service (invalid memory write, SEGV on unknown address 0x000000000030, and application crash) or possibly have unspecified other impact via a crafted .wav file, aka a NULL pointer dereference.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://blogs.gentoo.org/ago/2017/09/07/aacplusenc-null-pointer-dereference-in-deletebitbuffer-bitbuffer-c/</url>
+ <url>https://github.com/teknoraver/aacplusenc/issues/1</url>
+ <cvename>CVE-2017-14181</cvename>
+ </references>
+ <dates>
+ <discovery>2017-09-07</discovery>
+ <entry>2017-09-25</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="478d4102-2319-4026-b3b2-a57c48f159ac">
+ <topic>ansible -- information disclosure flaw</topic>
+ <affects>
+ <package>
+ <name>ansible</name>
+ <range><le>2.2.3</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>ansible developers report:</p>
+ <blockquote cite="https://github.com/ansible/ansible/issues/22505">
+ <p>Ansible versions 2.2.3 and earlier are vulnerable to an information disclosure flaw due to the interaction of call back plugins and the no_log directive where the information may not be sanitized properly.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://github.com/ansible/ansible/issues/22505</url>
+ <cvename>CVE-2017-7473</cvename>
+ </references>
+ <dates>
+ <discovery>2017-07-21</discovery>
+ <entry>2017-09-25</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="b63421b6-a1e0-11e7-ac58-b499baebfeaf">
+ <topic>weechat -- crash in logger plugin</topic>
+ <affects>
+ <package>
+ <name>weechat</name>
+ <range><lt>1.9.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>WeeChat reports:</p>
+ <blockquote cite="https://weechat.org/news/98/20170923-Version-1.9.1-security-release/">
+ <p>security problem: a crash can happen in logger plugin when
+ converting date/time specifiers in file mask.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://weechat.org/news/98/20170923-Version-1.9.1-security-release/</url>
+ <cvename>CVE-2017-14727</cvename>
+ </references>
+ <dates>
+ <discovery>2017-09-23</discovery>
+ <entry>2017-09-25</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="d9e82328-a129-11e7-987e-4f174049b30a">
+ <topic>perl -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>perl5</name>
+ <range><ge>5.24.0</ge><lt>5.24.3</lt></range>
+ <range><ge>5.26.0</ge><lt>5.26.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>SO-AND-SO reports:</p>
+ <blockquote cite="https://metacpan.org/changes/release/SHAY/perl-5.26.1#Security">
+ <p>CVE-2017-12814: $ENV{$key} stack buffer overflow on Windows</p>
+ <p>A possible stack buffer overflow in the %ENV code on Windows has been
+ fixed by removing the buffer completely since it was superfluous anyway.</p>
+ <p>CVE-2017-12837: Heap buffer overflow in regular expression compiler</p>
+ <p>Compiling certain regular expression patterns with the case-insensitive
+ modifier could cause a heap buffer overflow and crash perl. This has now
+ been fixed.</p>
+ <p>CVE-2017-12883: Buffer over-read in regular expression parser</p>
+ <p>For certain types of syntax error in a regular expression pattern, the
+ error message could either contain the contents of a random, possibly
+ large, chunk of memory, or could crash perl. This has now been fixed.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://metacpan.org/changes/release/SHAY/perl-5.24.3</url>
+ <url>https://metacpan.org/changes/release/SHAY/perl-5.26.1</url>
+ <cvename>CVE-2017-12814</cvename>
+ <cvename>CVE-2017-12837</cvename>
+ <cvename>CVE-2017-12883</cvename>
+ </references>
+ <dates>
+ <discovery>2017-09-19</discovery>
+ <entry>2017-09-24</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="917e5519-9fdd-11e7-8b58-e8e0b747a45a">
+ <topic>chromium -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <range><lt>61.0.3163.100</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Google Chrome releases reports:</p>
+ <blockquote cite="https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop_21.html">
+ <p>3 security fixes in this release, including:</p>
+ <ul>
+ <li>[765433] High CVE-2017-5121: Out-of-bounds access in V8. Reported by
+ Jordan Rabet, Microsoft Offensive Security Research and Microsoft
+ ChakraCore team on 2017-09-14</li>
+ <li>[752423] High CVE-2017-5122: Out-of-bounds access in V8. Reported by
+ Choongwoo Han of Naver Corporation on 2017-08-04</li>
+ <li>[767508] Various fixes from internal audits, fuzzing and other initiatives</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-5121</cvename>
+ <cvename>CVE-2017-5122</cvename>
+ <url>https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop_21.html</url>
+ </references>
+ <dates>
+ <discovery>2017-09-21</discovery>
+ <entry>2017-09-22</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="c2ea3b31-9d75-11e7-bb13-001999f8d30b">
+ <topic>asterisk -- RTP/RTCP information leak</topic>
+ <affects>
+ <package>
+ <name>asterisk11</name>
+ <range><lt>11.25.3</lt></range>
+ </package>
+ <package>
+ <name>asterisk13</name>
+ <range><lt>13.17.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Asterisk project reports:</p>
+ <blockquote cite="http://www.asterisk.org/downloads/security-advisories">
+ <p>This is a follow up advisory to AST-2017-005.</p>
+ <p>Insufficient RTCP packet validation could allow reading
+ stale buffer contents and when combined with the "nat"
+ and "symmetric_rtp" options allow redirecting where
+ Asterisk sends the next RTCP report.</p>
+ <p>The RTP stream qualification to learn the source address
+ of media always accepted the first RTP packet as the new
+ source and allowed what AST-2017-005 was mitigating. The
+ intent was to qualify a series of packets before accepting
+ the new source address.</p>
+ <p>The RTP/RTCP stack will now validate RTCP packets before processing them.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://downloads.asterisk.org/pub/security/AST-2017-008.html</url>
+ <cvename>CVE-2017-14099</cvename>
+ </references>
+ <dates>
+ <discovery>2017-09-01</discovery>
+ <entry>2017-09-19</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="95b01379-9d52-11e7-a25c-471bafc3262f">
+ <topic>ruby -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>ruby</name>
+ <range><ge>2.2.0</ge><lt>2.2.8</lt></range>
+ <range><ge>2.3.0</ge><lt>2.3.5</lt></range>
+ <range><ge>2.4.0</ge><lt>2.4.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Ruby blog:</p>
+ <blockquote cite="https://www.ruby-lang.org/en/security/">
+ <p>CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf</p>
+ <p>If a malicious format string which contains a precious specifier (*)
+ is passed and a huge minus value is also passed to the specifier,
+ buffer underrun may be caused. In such situation, the result may
+ contains heap, or the Ruby interpreter may crash.</p>
+ <p>CVE-2017-10784: Escape sequence injection vulnerability in the Basic
+ authentication of WEBrick</p>
+ <p>When using the Basic authentication of WEBrick, clients can pass an
+ arbitrary string as the user name. WEBrick outputs the passed user name
+ intact to its log, then an attacker can inject malicious escape
+ sequences to the log and dangerous control characters may be executed
+ on a victim’s terminal emulator.</p>
+ <p>This vulnerability is similar to a vulnerability already fixed, but
+ it had not been fixed in the Basic authentication.</p>
+ <p>CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 decode</p>
+ <p>If a malicious string is passed to the decode method of OpenSSL::ASN1,
+ buffer underrun may be caused and the Ruby interpreter may crash.</p>
+ <p>CVE-2017-14064: Heap exposure vulnerability in generating JSON</p>
+ <p>The generate method of JSON module optionally accepts an instance of
+ JSON::Ext::Generator::State class. If a malicious instance is passed,
+ the result may include contents of heap.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.ruby-lang.org/en/security/</url>
+ <url>https://www.ruby-lang.org/en/news/2017/09/14/sprintf-buffer-underrun-cve-2017-0898/</url>
+ <url>https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/</url>
+ <url>https://www.ruby-lang.org/en/news/2017/09/14/openssl-asn1-buffer-underrun-cve-2017-14033/</url>
+ <url>https://www.ruby-lang.org/en/news/2017/09/14/json-heap-exposure-cve-2017-14064/</url>
+ <cvename>CVE-2017-0898</cvename>
+ <cvename>CVE-2017-10784</cvename>
+ <cvename>CVE-2017-14033</cvename>
+ <cvename>CVE-2017-14064</cvename>
+ </references>
+ <dates>
+ <discovery>2017-09-14</discovery>
+ <entry>2017-09-19</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="2bffdf2f-9d45-11e7-a25c-471bafc3262f">
+ <topic>rubygem-geminabox -- XSS & CSRF vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>rubygem-geminabox</name>
+ <range><lt>0.13.8</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Gem in a box XSS vulenrability - CVE-2017-14506:</p>
+ <blockquote cite="https://baraktawily.blogspot.com/2017/09/gem-in-box-xss-vulenrability-cve-2017.html">
+ <p>Malicious attacker create GEM file with crafted homepage value
+ (gem.homepage in .gemspec file) includes XSS payload.</p>
+ <p>The attacker access geminabox system and uploads the gem file
+ (or uses CSRF/SSRF attack to do so).</p>
+ <p>From now on, any user access Geminabox web server, executes the
+ malicious XSS payload, that will delete any gems on the server,
+ and won't let users use the geminabox anymore. (make victim's
+ browser crash or redirect them to other hosts).</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://baraktawily.blogspot.com/2017/09/gem-in-box-xss-vulenrability-cve-2017.html</url>
+ <cvename>CVE-2017-14506</cvename>
+ <cvename>CVE-2017-14683</cvename>
+ </references>
+ <dates>
+ <discovery>2017-09-18</discovery>
+ <entry>2017-09-19</entry>
+ <modified>2017-09-27</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="76b085e2-9d33-11e7-9260-000c292ee6b8">
+ <topic>Apache -- HTTP OPTIONS method can leak server memory</topic>
+ <affects>
+ <package>
+ <name>apache24</name>
+ <range><lt>2.4.27_1</lt></range>
+ </package>
+ <package>
+ <name>apache22</name>
+ <range><lt>2.2.34_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Fuzzing Project reports:</p>
+ <blockquote cite="https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html">
+ <p>Apache httpd allows remote attackers to read secret data from
+ process memory if the Limit directive can be set in a user's
+ .htaccess file, or if httpd.conf has certain misconfigurations,
+ aka Optionsbleed. This affects the Apache HTTP Server through
+ 2.2.34 and 2.4.x through 2.4.27. The attacker sends an
+ unauthenticated OPTIONS HTTP request when attempting to read
+ secret data. This is a use-after-free issue and thus secret data
+ is not always sent, and the specific data depends on many factors
+ including configuration. Exploitation with .htaccess can be
+ blocked with a patch to the ap_limit_section function in
+ server/core.c.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://nvd.nist.gov/vuln/detail/CVE-2017-9798</url>
+ <cvename>CVE-2017-9798</cvename>
+ </references>
+ <dates>
+ <discovery>2017-09-18</discovery>
+ <entry>2017-09-19</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="6a177c87-9933-11e7-93f7-d43d7e971a1b">
+ <topic>GitLab -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>gitlab</name>
+ <range><ge>1.0.0</ge><le>9.3.10</le></range>
+ <range><ge>9.4.0</ge><le>9.4.5</le></range>
+ <range><ge>9.5.0</ge><le>9.5.3</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>GitLab reports:</p>
+ <blockquote cite="https://about.gitlab.com/2017/09/07/gitlab-9-dot-5-dot-4-security-release/">
+ <h1>Cross-Site Scripting (XSS) vulnerability in profile names</h1>
+ <p>An external security audit performed by Madison Gurkha disclosed a
+ Cross-Site Scripting (XSS) vulnerability in user names that could be
+ exploited in several locations.</p>
+ <h1>Open Redirect in go-get middleware</h1>
+ <p>Tim Goddard via HackerOne reported that GitLab was vulnerable to an open
+ redirect vulnerability caused when a specific flag is passed to the go-get
+ middleware. This vulnerability could also possibly be used to conduct
+ Cross-Site Scripting attacks.</p>
+ <h1>Race condition in project uploads</h1>
+ <p>Jobert Abma from HackerOne reported that GitLab was vulnerable to a race
+ condition in project uploads. While very difficult to exploit this race
+ condition could potentially allow an attacker to overwrite a victim's
+ uploaded project if the attacker can guess the name of the uploaded file
+ before it is extracted.</p>
+ <h1>Cross-Site Request Forgery (CSRF) token leakage</h1>
+ <p>naure via HackerOne reported that GitLab was vulnerable to CSRF token
+ leakage via improper filtering of external URLs in relative URL creation. A
+ specially crafted link configured in a project's environments settings could
+ be used to steal a visiting user's CSRF token.</p>
+ <h1>Potential project disclosure via project deletion bug</h1>
+ <p>An internal code review discovered that removed projects were not always
+ being deleted from the file system. This could allow an attacker who knew
+ the full path to a previously deleted project to steal a copy of the
+ repository. These releases prevent the leftover repository from being
+ accessed when creating a new project. The project deletion bug will be fixed
+ in a later release.</p>
+ <h1>White-listed style attribute for table contents in MD enables UI
+ redressing</h1>
+ <p>An external security audit performed by Recurity-Labs discovered a UI
+ redressing vulnerability in the GitLab markdown sanitization library.</p>
+ <h1>DOM clobbering in sanitized MD causes errors</h1>
+ <p>An external security audit performed by Recurity-Labs discovered a DOM
+ clobbering vulnerability in the GitLab markdown sanitization library that
+ could be used to render project pages unreadable.</p>
+ <h1>Nokogiri vendored libxslt library vulnerable to potential integer
+ overflow (CVE-2017-5029 and CVE-2016-4738)</h1>
+ <p>The bundled Nokogiri library has been updated to patch an integer
+ overflow vulnerability. Details are available in the Nokogiri issue.</p>
+ <h1>Security risk in recommended Geo configuration could give all users
+ access to all repositories</h1>
+ <p>An internal code review discovered that GitLab Geo instances could be
+ vulnerable to an attack that would allow any user on the primary Geo
+ instance to clone any repository on a secondary Geo instance.</p>
+ <h1>GitLab Pages private certificate disclosure via symlinks</h1>
+ <p>An external security review conducted by Recurity-Labs discovered a
+ vulnerability in GitLab Pages that could be used to disclose the contents of
+ private SSL keys.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://about.gitlab.com/2017/09/07/gitlab-9-dot-5-dot-4-security-release/</url>
+ <cvename>CVE-2017-5029</cvename>
+ <cvename>CVE-2016-4738</cvename>
+ </references>
+ <dates>
+ <discovery>2017-09-07</discovery>
+ <entry>2017-09-14</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="531aae08-97f0-11e7-aadd-6451062f0f7a">
+ <topic>Flash Player -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>linux-flashplayer</name>
+ <range><lt>27.0.0.130</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Adobe reports:</p>
+ <blockquote cite="https://helpx.adobe.com/security/products/flash-player/apsb17-28.html">
+ <ul>
+ <li>These updates resolve memory corruption vulnerabilities that
+ could lead to remote code execution (CVE-2017-11281,
+ CVE-2017-11282).</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-11281</cvename>
+ <cvename>CVE-2017-11282</cvename>
+ <url>https://helpx.adobe.com/security/products/flash-player/apsb17-28.html</url>
+ </references>
+ <dates>
+ <discovery>2017-09-12</discovery>
+ <entry>2017-09-12</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="47e2e52c-975c-11e7-942d-5404a68a61a2">
+ <topic>emacs -- enriched text remote code execution vulnerability</topic>
+ <affects>
+ <package>
+ <name>emacs25</name>
+ <name>emacs-nox11</name>
+ <range><lt>25.3,3</lt></range>
+ </package>
+ <package>
+ <name>emacs-devel</name>
+ <range><lt>26.0.50.20170912,2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Paul Eggert reports:</p>
+ <blockquote cite="http://seclists.org/oss-sec/2017/q3/422">
+ <p>Charles A. Roelli has found a security flaw in the enriched mode in GNU Emacs.</p>
+ <p>When Emacs renders MIME text/enriched data (Internet RFC 1896), it
+ is vulnerable to arbitrary code execution. Since Emacs-based mail
+ clients decode "Content-Type: text/enriched", this code is exploitable
+ remotely. This bug affects GNU Emacs versions 19.29 through 25.2.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://seclists.org/oss-sec/2017/q3/422</url>
+ <url>https://bugs.gnu.org/28350</url>
+ </references>
+ <dates>
+ <discovery>2017-09-04</discovery>
+ <entry>2017-09-12</entry>
+ <modified>2017-09-13</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="f9f76a50-9642-11e7-ab09-080027b00c2e">
+ <topic>cyrus-imapd -- broken "other users" behaviour</topic>
+ <affects>
+ <package>
+ <name>cyrus-imapd30</name>
+ <range><ge>3.0.0</ge><lt>3.0.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Cyrus IMAP 3.0.4 Release Notes states:</p>
+ <blockquote cite="https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.4.html">
+ <p>Fixed Issue #2132: Broken "Other Users" behaviour</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-14230</cvename>
+ <url>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14230</url>
+ </references>
+ <dates>
+ <discovery>2017-09-07</discovery>
+ <entry>2017-09-10</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="aaab03be-932d-11e7-92d8-4b26fc968492">
+ <topic>Django -- possible XSS in traceback section of technical 500 debug page</topic>
+ <affects>
+ <package>
+ <name>py27-django110</name>
+ <name>py34-django110</name>
+ <name>py35-django110</name>
+ <name>py36-django110</name>
+ <range><lt>1.10.8</lt></range>
+ </package>
+ <package>
+ <name>py27-django111</name>
+ <name>py34-django111</name>
+ <name>py35-django111</name>
+ <name>py36-django111</name>
+ <range><lt>1.11.5</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Django blog:</p>
+ <blockquote cite="https://www.djangoproject.com/weblog/2017/sep/05/security-releases/">
+ <p>In older versions, HTML autoescaping was disabled in a portion of the template
+ for the technical 500 debug page. Given the right circumstances, this allowed a
+ cross-site scripting attack. This vulnerability shouldn't affect most production
+ sites since you shouldn't run with DEBUG = True (which makes this page accessible)
+ in your production settings.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-12794</cvename>
+ <url>https://www.djangoproject.com/weblog/2017/sep/05/security-releases/</url>
+ </references>
+ <dates>
+ <discovery>2017-09-05</discovery>
+ <entry>2017-09-06</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="e1100e63-92f7-11e7-bd95-e8e0b747a45a">
+ <topic>chromium -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <range><lt>61.0.3163.79</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Google Chrome releases reports:</p>
+ <blockquote cite="https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html">
+ <p>22 security fixes in this release, including:</p>
+ <ul>
+ <li>[737023] High CVE-2017-5111: Use after free in PDFium. Reported by
+ Luat Nguyen on KeenLab, Tencent on 2017-06-27</li>
+ <li>[740603] High CVE-2017-5112: Heap buffer overflow in WebGL. Reported by
+ Tobias Klein on 2017-07-10</li>
+ <li>[747043] High CVE-2017-5113: Heap buffer overflow in Skia. Reported by
+ Anonymous on 2017-07-20</li>
+ <li>[752829] High CVE-2017-5114: Memory lifecycle issue in PDFium. Reported by
+ Ke Liu of Tencent's Xuanwu LAB on 2017-08-07</li>
+ <li>[744584] High CVE-2017-5115: Type confusion in V8. Reported by
+ Marco Giovannini on 2017-07-17</li>
+ <li>[759624] High CVE-2017-5116: Type confusion in V8. Reported by
+ Anonymous on 2017-08-28</li>
+ <li>[739190] Medium CVE-2017-5117: Use of uninitialized value in Skia. Reported by
+ Tobias Klein on 2017-07-04</li>
+ <li>[747847] Medium CVE-2017-5118: Bypass of Content Security Policy in Blink. Reported by
+ WenXu Wu of Tencent's Xuanwu Lab on 2017-07-24</li>
+ <li>[725127] Medium CVE-2017-5119: Use of uninitialized value in Skia. Reported by
+ Anonymous on 2017-05-22</li>
+ <li>[718676] Low CVE-2017-5120: Potential HTTPS downgrade during redirect navigation. Reported by
+ Xiaoyin Liu on 2017-05-05</li>
+ <li>[762099] Various fixes from internal audits, fuzzing and other initiatives</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-5111</cvename>
+ <cvename>CVE-2017-5112</cvename>
+ <cvename>CVE-2017-5113</cvename>
+ <cvename>CVE-2017-5114</cvename>
+ <cvename>CVE-2017-5115</cvename>
+ <cvename>CVE-2017-5116</cvename>
+ <cvename>CVE-2017-5117</cvename>
+ <cvename>CVE-2017-5118</cvename>
+ <cvename>CVE-2017-5119</cvename>
+ <cvename>CVE-2017-5120</cvename>
+ <url>https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html</url>
+ </references>
+ <dates>
+ <discovery>2017-09-05</discovery>
+ <entry>2017-09-06</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="44101b31-8ffd-11e7-b5af-a4badb2f4699">
+ <cancelled/>
+ </vuln>
+
+ <vuln vid="5a1f1a86-8f4c-11e7-b5af-a4badb2f4699">
+ <topic>gdk-pixbuf -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>gtk-pixbuf2</name>
+ <range><lt>2.36.7</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>TALOS reports:</p>
+ <blockquote cite="http://blog.talosintelligence.com/2017/08/vuln-spotlight-multiple-gdk.html">
+ <ul>
+ <li><p>An exploitable integer overflow vulnerability exists in
+ the tiff_image_parse functionality.</p></li>
+ <li><p>An exploitable heap-overflow vulnerability exists in
+ the gdk_pixbuf__jpeg_image_load_increment functionality.</p></li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://blog.talosintelligence.com/2017/08/vuln-spotlight-multiple-gdk.html</url>
+ <cvename>CVE-2017-2862</cvename>
+ <cvename>CVE-2017-2870</cvename>
+ </references>
+ <dates>
+ <discovery>2017-08-30</discovery>
+ <entry>2017-09-01</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="ec1df2a1-8ee6-11e7-8be8-001999f8d30b">
+ <topic>asterisk -- Remote Crash Vulerability in res_pjsip</topic>
+ <affects>
+ <package>
+ <name>asterisk13</name>
+ <range><lt>13.17.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Asterisk project reports:</p>
+ <blockquote cite="http://www.asterisk.org/downloads/security-advisories">
+ <p>A carefully crafted URI in a From, To or Contact header could cause Asterisk to crash.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://downloads.asterisk.org/pub/security/AST-2017-007.html</url>
+ <cvename>CVE-2017-14098</cvename>
+ </references>
+ <dates>
+ <discovery>2017-08-31</discovery>
+ <entry>2017-09-01</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="c599f95c-8ee5-11e7-8be8-001999f8d30b">
+ <topic>asterisk -- Unauthorized data disclosure and shell access command injection in app_minivm</topic>
+ <affects>
+ <package>
+ <name>asterisk11</name>
+ <range><lt>11.25.2</lt></range>
+ </package>
+ <package>
+ <name>asterisk13</name>
+ <range><lt>13.17.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Asterisk project reports:</p>
+ <blockquote cite="http://www.asterisk.org/downloads/security-advisories">
+ <p>AST-2017-005 - A change was made to the strict RTP
+ support in the RTP stack to better tolerate late media
+ when a reinvite occurs. When combined with the symmetric
+ RTP support this introduced an avenue where media could
+ be hijacked. Instead of only learning a new address when
+ expected the new code allowed a new source address to be
+ learned at all times.</p>
+ <p>AST-2017-006 - The app_minivm module has an "externnotify"
+ program configuration option that is executed by the
+ MinivmNotify dialplan application. The application uses
+ the caller-id name and number as part of a built string
+ passed to the OS shell for interpretation and execution.
+ Since the caller-id name and number can come from an
+ untrusted source, a crafted caller-id name or number
+ allows an arbitrary shell command injection.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://downloads.asterisk.org/pub/security/AST-2017-005.html</url>
+ <cvename>CVE-2017-14099</cvename>
+ <url>https://downloads.asterisk.org/pub/security/AST-2017-006.html</url>
+ <cvename>CVE-2017-14100</cvename>
+ </references>
+ <dates>
+ <discovery>2017-08-31</discovery>
+ <entry>2017-09-01</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="22f28bb3-8d98-11e7-8c37-e8e0b747a45a">
+ <topic>libgcrypt -- side-channel attack vulnerability</topic>
+ <affects>
+ <package>
+ <name>libgcrypt</name>
+ <range><lt>1.8.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>GnuPG reports:</p>
+ <blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0379">
+ <p>Mitigate a local side-channel attack on Curve25519 dubbed "May the Fourth Be With You".</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-0379</cvename>
+ <url>https://eprint.iacr.org/2017/806</url>
+ <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0379</url>
+ </references>
+ <dates>
+ <discovery>2017-08-27</discovery>
+ <entry>2017-08-30</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="3f6de636-8cdb-11e7-9c71-f0def1fd7ea2">
+ <topic>rubygems -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>ruby22-gems</name>
+ <name>ruby23-gems</name>
+ <name>ruby24-gems</name>
+ <range><lt>2.6.13</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Official blog of RubyGems reports:</p>
+ <blockquote cite="https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/">
+ <p>The following vulnerabilities have been reported: a DNS request
+ hijacking vulnerability, an ANSI escape sequence vulnerability, a DoS
+ vulnerability in the query command, and a vulnerability in the gem
+ installer that allowed a malicious gem to overwrite arbitrary
+ files.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/</url>
+ </references>
+ <dates>
+ <discovery>2017-08-29</discovery>
+ <entry>2017-08-29</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="7d7e05fb-64da-435a-84fb-4061493b89b9">
+ <topic>kanboard -- multiple privilege escalation vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>kanboard</name>
+ <range><lt>1.0.46</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>chbi reports:</p>
+ <blockquote cite="https://kanboard.net/news/version-1.0.46">
+ <p>an authenticated standard user could reset the password of another
+ user (including admin) by altering form data.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://kanboard.net/news/version-1.0.46</url>
+ <cvename>CVE-2017-12850</cvename>
+ <cvename>CVE-2017-12851</cvename>
+ </references>
+ <dates>
+ <discovery>2017-08-15</discovery>
+ <entry>2017-08-26</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="eca2d861-76f4-42ed-89d2-23a2cb396c87">
+ <topic>poppler -- multiple denial of service issues</topic>
+ <affects>
+ <package>
+ <name>poppler</name>
+ <range><lt>0.56.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Poppler developers report:</p>
+ <blockquote cite="http://www.securityfocus.com/bid/99241/discuss">
+ <p>Poppler is prone to a stack-based buffer-overflow
+ vulnerability.</p>
+ <p>Successful exploits may allow attackers to crash the affected
+ application, resulting in denial-of-service condition. Due to the
+ nature of this issue, arbitrary code execution may be possible but
+ this has not been confirmed.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.securityfocus.com/bid/99241/discuss</url>
+ <cvename>CVE-2017-9865</cvename>
+ <cvename>CVE-2017-9775</cvename>
+ </references>
+ <dates>
+ <discovery>2017-06-21</discovery>
+ <entry>2017-08-24</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="c5d79773-8801-11e7-93f7-d43d7e971a1b">
+ <topic>phpmailer -- XSS in code example and default exeception handler</topic>
+ <affects>
+ <package>
+ <name>phpmailer</name>
+ <range><lt>5.2.24</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>PHPMailer reports:</p>
+ <blockquote cite="https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.24">
+ <p>Fix XSS vulnerability in one of the code examples, CVE-2017-11503. The
+ code_generator.phps example did not filter user input prior to output. This
+ file is distributed with a .phps extension, so it it not normally executable
+ unless it is explicitly renamed, so it is safe by default. There was also an
+ undisclosed potential XSS vulnerability in the default exception handler
+ (unused by default). Patches for both issues kindly provided by Patrick
+ Monnerat of the Fedora Project.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.24</url>
+ <cvename>CVE-2017-11503</cvename>
+ </references>
+ <dates>
+ <discovery>2017-07-27</discovery>
+ <entry>2017-08-23</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="3531141d-a708-477c-954a-2a0549e49ca9">
+ <topic>salt -- Maliciously crafted minion IDs can cause unwanted directory traversals on the Salt-master</topic>
+ <affects>
+ <package>
+ <name>py27-salt</name>
+ <name>py32-salt</name>
+ <name>py33-salt</name>
+ <name>py34-salt</name>
+ <name>py35-salt</name>
+ <name>py36-salt</name>
+ <range><lt>2016.11.7</lt></range>
+ <range><ge>2017.7.0</ge><lt>2017.7.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>SaltStack reports:</p>
+ <blockquote cite="https://docs.saltstack.com/en/latest/topics/releases/2017.7.1.html">
+ <p>Correct a flaw in minion id validation which could allow certain
+ minions to authenticate to a master despite not having the correct
+ credentials. To exploit the vulnerability, an attacker must create a
+ salt-minion with an ID containing characters that will cause a
+ directory traversal.
+ Credit for discovering the security flaw goes to: Vernhk at qq.com</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-12791</cvename>
+ <url>https://docs.saltstack.com/en/latest/topics/releases/2017.7.1.html</url>
+ <url>https://docs.saltstack.com/en/latest/topics/releases/2016.11.7.html</url>
+ </references>
+ <dates>
+ <discovery>2017-08-16</discovery>
+ <entry>2017-08-22</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="198d82f3-8777-11e7-950a-e8e0b747a45a">
+ <topic>dnsdist -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>dnsdist</name>
+ <range><lt>1.2.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>PowerDNS Security Advisory reports:</p>
+ <blockquote cite="https://dnsdist.org/security-advisories/index.html">
+ <p>The first issue can lead to a denial of service on 32-bit if a backend
+ sends crafted answers, and the second to an alteration of dnsdist's ACL
+ if the API is enabled, writable and an authenticated user is tricked
+ into visiting a crafted website.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-7069</cvename>
+ <cvename>CVE-2017-7557</cvename>
+ <url>https://dnsdist.org/security-advisories/index.html</url>
+ </references>
+ <dates>
+ <discovery>2017-08-21</discovery>
+ <entry>2017-08-22</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="01a197ca-67f1-11e7-a266-28924a333806">
+ <topic>evince and atril -- command injection vulnerability in CBT handler</topic>
+ <affects>
+ <package>
+ <name>evince</name>
+ <range><le>3.24.0</le></range>
+ </package>
+ <package>
+ <name>evince-lite</name>
+ <range><le>3.24.0</le></range>
+ </package>
+ <package>
+ <name>atril</name>
+ <range><lt>1.18.1</lt></range>
+ <range><ge>1.19.0</ge><lt>1.19.1</lt></range>
+ </package>
+ <package>
+ <name>atril-lite</name>
+ <range><lt>1.18.1</lt></range>
+ <range><ge>1.19.0</ge><lt>1.19.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>GNOME reports:</p>
+ <blockquote cite="https://bugzilla.gnome.org/show_bug.cgi?id=784630">
+ <p>The comic book backend in evince 3.24.0 (and earlier) is vulnerable to a command injection bug that can be used to execute arbitrary commands when a CBT file is opened.</p>
+ <p>The same vulnerabilty affects atril, the Evince fork.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://bugzilla.gnome.org/show_bug.cgi?id=784630</url>
+ <url>https://github.com/mate-desktop/atril/issues/257</url>
+ <cvename>CVE-2017-1000083</cvename>
+ </references>
+ <dates>
+ <discovery>2017-07-06</discovery>
+ <entry>2017-07-13</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="e1de77e8-c45e-48d7-8866-5a6f943046de">
+ <topic>SquirrelMail -- post-authentication remote code execution</topic>
+ <affects>
+ <package>
+ <name>squirrelmail</name>
+ <range><lt>20170705</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>SquirrelMail developers report:</p>
+ <blockquote cite="http://seclists.org/fulldisclosure/2017/Apr/81">
+ <p>SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN)
+ allows post-authentication remote code execution via a sendmail.cf
+ file that is mishandled in a popen call. It's possible to exploit this
+ vulnerability to execute arbitrary shell commands on the remote
+ server.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7692</url>
+ </references>
+ <dates>
+ <discovery>2017-04-19</discovery>
+ <entry>2017-08-22</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="6876b163-8708-11e7-8568-e8e0b747a45a">
+ <topic>pspp -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>pspp</name>
+ <range><lt>1.0.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>CVE Details reports:</p>
+ <blockquote cite="https://www.cvedetails.com/vulnerability-list/vendor_id-72/product_id-38732/year-2017/GNU-Pspp.html">
+ <ul>
+ <li>There is an Integer overflow in the hash_int function of the libpspp library
+ in GNU PSPP 0.10.5-pre2 (CVE-2017-10791).</li>
+ <li>There is a NULL Pointer Dereference in the function ll_insert() of the libpspp
+ library in GNU PSPP 0.10.5-pre2 (CVE-2017-10792).</li>
+ <li>There is an illegal address access in the function output_hex() in data/data-out.c
+ of the libpspp library in GNU PSPP 0.11.0 that will lead to remote denial of service (CVE-2017-12958).</li>
+ <li>There is a reachable assertion abort in the function dict_add_mrset() in data/dictionary.c
+ of the libpspp library in GNU PSPP 0.11.0 that will lead to a remote denial of service attack (CVE-2017-12959).</li>
+ <li>There is a reachable assertion abort in the function dict_rename_var() in data/dictionary.c
+ of the libpspp library in GNU PSPP 0.11.0 that will lead to remote denial of service (CVE-2017-12960).</li>
+ <li>There is an assertion abort in the function parse_attributes() in data/sys-file-reader.c
+ of the libpspp library in GNU PSPP 0.11.0 that will lead to remote denial of service (CVE-2017-12961).</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-10791</cvename>
+ <cvename>CVE-2017-10792</cvename>
+ <cvename>CVE-2017-12958</cvename>
+ <cvename>CVE-2017-12959</cvename>
+ <cvename>CVE-2017-12960</cvename>
+ <cvename>CVE-2017-12961</cvename>
+ <url>https://www.cvedetails.com/vulnerability-list/vendor_id-72/product_id-38732/year-2017/GNU-Pspp.html</url>
+ </references>
+ <dates>
+ <discovery>2017-08-18</discovery>
+ <entry>2017-08-22</entry>
+ <modified>2017-08-30</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="473b6a9e-8493-11e7-b24b-6cf0497db129">
+ <topic>drupal -- Drupal Core - Multiple Vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>drupal8</name>
+ <range><lt>8.3.7</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Drupal Security Team:</p>
+ <blockquote cite="https://www.drupal.org/SA-CORE-2017-004">
+ <p>CVE-2017-6923: Views - Access Bypass - Moderately Critical</p>
+ <p>CVE-2017-6924: REST API can bypass comment approval - Access Bypass - Moderately Critica</p>
+ <p>CVE-2017-6925: Entity access bypass for entities that do not have UUIDs or have protected revisions - Access Bypass - Critical</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-6923</cvename>
+ <cvename>CVE-2017-6924</cvename>
+ <cvename>CVE-2017-6925</cvename>
+ </references>
+ <dates>
+ <discovery>2017-08-16</discovery>
+ <entry>2017-08-19</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="8e7bbddd-8338-11e7-867f-b499baebfeaf">
+ <topic>libsoup -- stack based buffer overflow</topic>
+ <affects>
+ <package>
+ <name>libsoup</name>
+ <range><lt>2.52.2_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Tobias Mueller reports:</p>
+ <blockquote cite="http://seclists.org/oss-sec/2017/q3/304">
+ <p>libsoup is susceptible to a stack based buffer overflow
+ attack when using chunked encoding. Regardless of libsoup
+ being used as a server or client.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://seclists.org/oss-sec/2017/q3/304</url>
+ <cvename>CVE-2017-2885</cvename>
+ </references>
+ <dates>
+ <discovery>2017-08-17</discovery>
+ <entry>2017-08-17</entry>
+ <modified>2017-08-20</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="5df8bd95-8290-11e7-93af-005056925db4">
+ <topic>Zabbix -- Remote code execution</topic>
+ <affects>
+ <package>
+ <name>zabbix2-server</name>
+ <name>zabbix2-proxy</name>
+ <range><le>2.0.20</le></range>
+ </package>
+ <package>
+ <name>zabbix22-server</name>
+ <name>zabbix22-proxy</name>
+ <range><lt>2.2.19</lt></range>
+ </package>
+ <package>
+ <name>zabbix3-server</name>
+ <name>zabbix3-proxy</name>
+ <range><lt>3.0.10</lt></range>
+ </package>
+ <package>
+ <name>zabbix32-server</name>
+ <name>zabbix32-proxy</name>
+ <range><lt>3.2.7</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>mitre reports:</p>
+ <blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2824">
+ <p>An exploitable code execution vulnerability exists in the trapper command
+ functionality of Zabbix Server 2.4.X. A specially crafted set of packets
+ can cause a command injection resulting in remote code execution. An attacker
+ can make requests from an active Zabbix Proxy to trigger this vulnerability.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-2824</cvename>
+ <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2824</url>
+ <url>https://support.zabbix.com/browse/ZBX-12349</url>
+ </references>
+ <dates>
+ <discovery>2017-07-05</discovery>
+ <entry>2017-08-16</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="c9460380-81e3-11e7-93af-005056925db4">
+ <topic>Supervisord -- An authenticated client can run arbitrary shell commands via malicious XML-RPC requests</topic>
+ <affects>
+ <package>
+ <name>py27-supervisor</name>
+ <range><lt>3.3.3,1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>mnaberez reports:</p>
+ <blockquote cite="https://github.com/Supervisor/supervisor/issues/964#issuecomment-317551606">
+ <p>supervisord can be configured to run an HTTP server on a TCP socket and/or a Unix domain socket.
+ The HTTP server is how supervisorctl communicates with supervisord. If an HTTP server has been
+ enabled, it will always serve both HTML pages and an XML-RPC interface. A vulnerability has been
+ found where an authenticated client can send a malicious XML-RPC request to supervisord that
+ will run arbitrary shell commands on the server. The commands will be run as the same user as
+ supervisord. Depending on how supervisord has been configured, this may be root.</p>
+ <p>This vulnerability can only be exploited by an authenticated client or if supervisord has been
+ configured to run an HTTP server without authentication. If authentication has not been enabled,
+ supervisord will log a message at the critical level every time it starts.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://supervisord.org/changes.html</url>
+ <url>https://github.com/Supervisor/supervisor/issues/964#issuecomment-317551606</url>
+ <cvename>CVE-2017-11610</cvename>
+ </references>
+ <dates>
+ <discovery>2017-07-24</discovery>
+ <entry>2017-08-15</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="79bbec7e-8141-11e7-b5af-a4badb2f4699">
+ <topic>FreeRadius -- Multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>freeradius3</name>
+ <range><lt>3.0.15</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Guido Vranken reports:</p>
+ <blockquote cite="http://freeradius.org/security/fuzzer-2017.html">
+ <p>Multiple vulnerabilities found via fuzzing:
+ FR-GV-201 (v2,v3) Read / write overflow in make_secret()
+ FR-GV-202 (v2) Write overflow in rad_coalesce()
+ FR-GV-203 (v2) DHCP - Memory leak in decode_tlv()
+ FR-GV-204 (v2) DHCP - Memory leak in fr_dhcp_decode()
+ FR-GV-205 (v2) DHCP - Buffer over-read in fr_dhcp_decode_options()
+ FR-GV-206 (v2,v3) DHCP - Read overflow when decoding option 63
+ FR-GV-207 (v2) Zero-length malloc in data2vp()
+ FR-GV-301 (v3) Write overflow in data2vp_wimax()
+ FR-GV-302 (v3) Infinite loop and memory exhaustion with 'concat' attributes
+ FR-GV-303 (v3) DHCP - Infinite read in dhcp_attr2vp()
+ FR-GV-304 (v3) DHCP - Buffer over-read in fr_dhcp_decode_suboptions()
+ FR-GV-305 (v3) Decode 'signed' attributes correctly
+ FR-AD-001 (v2,v3) Use strncmp() instead of memcmp() for string data
+ FR-AD-002 (v3) String lifetime issues in rlm_python
+ FR-AD-003 (v3) Incorrect statement length passed into sqlite3_prepare</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://freeradius.org/security/fuzzer-2017.html</url>
+ </references>
+ <dates>
+ <discovery>2017-06-17</discovery>
+ <entry>2017-08-14</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="1d33cdee-7f6b-11e7-a9b5-3debb10a6871">
+ <topic>Mercurial -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>mercurial</name>
+ <range><lt>4.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mercurial Release Notes:</p>
+ <blockquote cite="https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29">
+ <p>CVE-2017-1000115</p>
+ <p>Mercurial's symlink auditing was incomplete prior to 4.3, and could be
+ abused to write to files outside the repository.</p>
+ <p>CVE-2017-1000116</p>
+ <p>Mercurial was not sanitizing hostnames passed to ssh, allowing shell
+ injection attacks on clients by specifying a hostname starting with
+ -oProxyCommand. This is also present in Git (CVE-2017-1000117) and
+ Subversion (CVE-2017-9800), so please patch those tools as well if you
+ have them installed.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29</url>
+ <cvename>CVE-2017-1000115</cvename>
+ <cvename>CVE-2017-1000116</cvename>
+ </references>
+ <dates>
+ <discovery>2017-08-10</discovery>
+ <entry>2017-08-12</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="6e80bd9b-7e9b-11e7-abfe-90e2baa3bafc">
+ <topic>subversion -- Arbitrary code execution vulnerability</topic>
+ <affects>
+ <package>
+ <name>subversion</name>
+ <range><ge>1.9.0</ge><le>1.9.6</le></range>
+ </package>
+ <package>
+ <name>subversion18</name>
+ <range><ge>1.0.0</ge><le>1.8.18</le></range>
+ </package>
+ <package>
+ <name>subversion-static</name>
+ <range><ge>1.0.0</ge><le>1.8.18</le></range>
+ <range><ge>1.9.0</ge><le>1.9.6</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>subversion team reports:</p>
+ <blockquote cite="http://subversion.apache.org/security/CVE-2017-9800-advisory.txt">
+ <p>A Subversion client sometimes connects to URLs provided by the repository.
+ This happens in two primary cases: during 'checkout', 'export', 'update', and
+ 'switch', when the tree being downloaded contains svn:externals properties;
+ and when using 'svnsync sync' with one URL argument.</p>
+ <p>A maliciously constructed svn+ssh:// URL would cause Subversion clients to
+ run an arbitrary shell command. Such a URL could be generated by a malicious
+ server, by a malicious user committing to a honest server (to attack another
+ user of that server's repositories), or by a proxy server.</p>
+ <p>The vulnerability affects all clients, including those that use file://,
+ http://, and plain (untunneled) svn://.</p>
+ <p>An exploit has been tested.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://subversion.apache.org/security/CVE-2017-9800-advisory.txt</url>
+ </references>
+ <dates>
+ <discovery>2017-08-10</discovery>
+ <entry>2017-08-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="abcc5ad3-7e6a-11e7-93f7-d43d7e971a1b">
+ <topic>GitLab -- two vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>gitlab</name>
+ <range><ge>7.9.0</ge><le>8.17.8</le></range>
+ <range><ge>9.0.0</ge><le>9.0.12</le></range>
+ <range><ge>9.1.0</ge><le>9.1.9</le></range>
+ <range><ge>9.2.0</ge><le>9.2.9</le></range>
+ <range><ge>9.3.0</ge><le>9.3.9</le></range>
+ <range><ge>9.4.0</ge><le>9.4.3</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>GitLab reports:</p>
+ <blockquote cite="https://about.gitlab.com/2017/08/10/gitlab-9-dot-4-dot-4-released/">
+ <h1>Remote Command Execution in git client</h1>
+ <p>An external code review performed by Recurity-Labs identified a remote
+ command execution vulnerability in git that could be exploited via the "Repo
+ by URL" import option in GitLab. The command line git client was not
+ properly escaping command line arguments in URLs using the SSH protocol
+ before invoking the SSH client. A specially crafted URL could be used to
+ execute arbitrary shell commands on the GitLab server.<br/>
+ To fully patch this vulnerability two fixes were needed. The Omnibus
+ versions of GitLab contain a patched git client. For source users who may
+ still be running an older version of git, GitLab now also blocks import URLs
+ containing invalid host and usernames.<br/>
+ This issue has been assigned CVE-2017-12426.</p>
+ <h1>Improper sanitization of GitLab export files on import</h1>
+ <p>GitLab versions 8.13.3, 8.12.8, 8.11.10, 8.10.13, and 8.9.12 contained a
+ patch for a critical directory traversal vulnerability in the GitLab export
+ feature that could be exploited by including symlinks in the export file and
+ then re-importing it to a GitLab instance. This vulnerability was patched by
+ checking for and removing symlinks in these files on import.<br/>
+ Recurity-Labs also determined that this fix did not properly remove symlinks for
+ hidden files. Though not as dangerous as the original vulnerability hidden file
+ symlinks could still be used to steal copies of git repositories belonging to
+ other users if the path to the git repository was known by the attacker. An
+ updated fix has been included in these releases that properly removes all
+ symlinks.<br/>
+ This import option was not made available to non-admin users until GitLab
+ 8.13.0.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://about.gitlab.com/2017/08/10/gitlab-9-dot-4-dot-4-released/</url>
+ <cvename>CVE-2017-12426</cvename>
+ </references>
+ <dates>
+ <discovery>2017-08-10</discovery>
+ <entry>2017-08-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="982872f1-7dd3-11e7-9736-6cc21735f730">
+ <topic>PostgreSQL vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>postgresql92-server</name>
+ <range><ge>9.2.0</ge><lt>9.2.22</lt></range>
+ </package>
+ <package>
+ <name>postgresql93-server</name>
+ <range><ge>9.3.0</ge><lt>9.3.18</lt></range>
+ </package>
+ <package>
+ <name>postgresql94-server</name>
+ <range><ge>9.4.0</ge><lt>9.4.13</lt></range>
+ </package>
+ <package>
+ <name>postgresql95-server</name>
+ <range><ge>9.5.0</ge><lt>9.5.8</lt></range>
+ </package>
+ <package>
+ <name>postgresql96-server</name>
+ <range><ge>9.6.0</ge><lt>9.6.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The PostgreSQL project reports:</p>
+ <blockquote cite="https://www.postgresql.org/about/news/1772/">
+ <ul>
+ <li>CVE-2017-7546: Empty password accepted in some authentication
+ methods</li>
+ <li>CVE-2017-7547: The "pg_user_mappings" catalog view discloses passwords
+ to users lacking server privileges</li>
+ <li>CVE-2017-7548: lo_put() function ignores ACLs</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-7546</cvename>
+ <cvename>CVE-2017-7547</cvename>
+ <cvename>CVE-2017-7548</cvename>
+ </references>
+ <dates>
+ <discovery>2017-08-10</discovery>
+ <entry>2017-08-10</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="7e3d3e9a-7d8f-11e7-a02b-d43d7ef03aa6">
+ <topic>Flash Player -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>linux-flashplayer</name>
+ <range><lt>26.0.0.151</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Adobe reports:</p>
+ <blockquote cite="https://helpx.adobe.com/security/products/flash-player/apsb17-23.html">
+ <ul>
+ <li>These updates resolve security bypass vulnerability that
+ could lead to information disclosure (CVE-2017-3085).</li>
+ <li>These updates resolve type confusion vulnerability that
+ could lead to remote code execution (CVE-2017-3106).</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-3085</cvename>
+ <cvename>CVE-2017-3106</cvename>
+ <url>https://helpx.adobe.com/security/products/flash-player/apsb17-23.html</url>
+ </references>
+ <dates>
+ <discovery>2017-08-08</discovery>
+ <entry>2017-08-10</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="69cfa386-7cd0-11e7-867f-b499baebfeaf">
+ <topic>cURL -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>curl</name>
+ <range><lt>7.55.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The cURL project reports:</p>
+ <blockquote cite="https://curl.haxx.se/docs/security.html">
+ <ul>
+ <li><h2>FILE buffer read out of bounds</h2>
+ <p>When asking to get a file from a file:// URL, libcurl provides
+ a feature that outputs meta-data about the file using HTTP-like
+ headers.</p>
+ <p>The code doing this would send the wrong buffer to the user
+ (stdout or the application's provide callback), which could
+ lead to other private data from the heap to get inadvertently
+ displayed.</p>
+ <p>The wrong buffer was an uninitialized memory area allocated on
+ the heap and if it turned out to not contain any zero byte, it
+ would continue and display the data following that buffer in
+ memory.</p>
+ </li>
+ <li><h2>TFTP sends more than buffer size</h2>
+ <p>When doing a TFTP transfer and curl/libcurl is given a URL that
+ contains a very long file name (longer than about 515 bytes),
+ the file name is truncated to fit within the buffer boundaries,
+ but the buffer size is still wrongly updated to use the
+ untruncated length. This too large value is then used in the
+ sendto() call, making curl attempt to send more data than what
+ is actually put into the buffer. The sendto() function will then
+ read beyond the end of the heap based buffer.</p>
+ <p>A malicious HTTP(S) server could redirect a vulnerable libcurl-
+ using client to a crafted TFTP URL (if the client hasn't
+ restricted which protocols it allows redirects to) and trick it
+ to send private memory contents to a remote server over UDP.
+ Limit curl's redirect protocols with --proto-redir and libcurl's
+ with CURLOPT_REDIR_PROTOCOLS.</p>
+ </li>
+ <li><h2>URL globbing out of bounds read</h2>
+ <p>curl supports "globbing" of URLs, in which a user can pass a
+ numerical range to have the tool iterate over those numbers to
+ do a sequence of transfers.</p>
+ <p>In the globbing function that parses the numerical range, there
+ was an omission that made curl read a byte beyond the end of the
+ URL if given a carefully crafted, or just wrongly written, URL.
+ The URL is stored in a heap based buffer, so it could then be
+ made to wrongly read something else instead of crashing.</p>
+ <p>An example of a URL that triggers the flaw would be
+ http://ur%20[0-60000000000000000000.</p>
+ </li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://curl.haxx.se/docs/security.html</url>
+ <cvename>CVE-2017-1000099</cvename>
+ <cvename>CVE-2017-1000100</cvename>
+ <cvename>CVE-2017-1000101</cvename>
+ </references>
+ <dates>
+ <discovery>2017-08-09</discovery>
+ <entry>2017-08-09</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="c1265e85-7c95-11e7-93af-005056925db4">
+ <topic>Axis2 -- Security vulnerability on dependency Apache Commons FileUpload</topic>
+ <affects>
+ <package>
+ <name>axis2</name>
+ <range><lt>1.7.6</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Apache Axis2 reports:</p>
+ <blockquote cite="http://axis.apache.org/axis2/java/core/release-notes/1.7.6.html">
+ <p>The commons-fileupload dependency has been updated to a version that fixes
+ CVE-2016-1000031 (AXIS2-5853).</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://axis.apache.org/axis2/java/core/release-notes/1.7.6.html</url>
+ <url>https://issues.apache.org/jira/browse/AXIS2-5853</url>
+ <url>https://issues.apache.org/jira/browse/FILEUPLOAD-279</url>
+ <cvename>CVE-2016-1000031</cvename>
+ </references>
+ <dates>
+ <discovery>2016-11-14</discovery>
+ <entry>2017-08-09</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="555b244e-6b20-4546-851f-d8eb7d6c1ffa">
+ <topic>mozilla -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>55.0,1</lt></range>
+ </package>
+ <package>
+ <name>seamonkey</name>
+ <name>linux-seamonkey</name>
+ <range><lt>2.49.1</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>52.3.0,1</lt></range>
+ </package>
+ <package>
+ <name>linux-firefox</name>
+ <range><lt>52.3.0,2</lt></range>
+ </package>
+ <package>
+ <name>libxul</name>
+ <name>thunderbird</name>
+ <name>linux-thunderbird</name>
+ <range><lt>52.3.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mozilla Foundation reports:</p>
+ <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/">
+ <p>CVE-2017-7798: XUL injection in the style editor in devtools</p>
+ <p>CVE-2017-7800: Use-after-free in WebSockets during disconnection</p>
+ <p>CVE-2017-7801: Use-after-free with marquee during window resizing</p>
+ <p>CVE-2017-7784: Use-after-free with image observers</p>
+ <p>CVE-2017-7802: Use-after-free resizing image elements</p>
+ <p>CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM</p>
+ <p>CVE-2017-7786: Buffer overflow while painting non-displayable SVG</p>
+ <p>CVE-2017-7806: Use-after-free in layer manager with SVG</p>
+ <p>CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements</p>
+ <p>CVE-2017-7787: Same-origin policy bypass with iframes through page reloads</p>
+ <p>CVE-2017-7807: Domain hijacking through AppCache fallback</p>
+ <p>CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID</p>
+ <p>CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher</p>
+ <p>CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts</p>
+ <p>CVE-2017-7808: CSP information leak with frame-ancestors containing paths</p>
+ <p>CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP protections</p>
+ <p>CVE-2017-7781: Elliptic curve point addition error when using mixed Jacobian-affine coordinates</p>
+ <p>CVE-2017-7794: Linux file truncation via sandbox broker</p>
+ <p>CVE-2017-7803: CSP containing 'sandbox' improperly applied</p>
+ <p>CVE-2017-7799: Self-XSS XUL injection in about:webrtc</p>
+ <p>CVE-2017-7783: DOS attack through long username in URL</p>
+ <p>CVE-2017-7788: Sandboxed about:srcdoc iframes do not inherit CSP directives</p>
+ <p>CVE-2017-7789: Failure to enable HSTS when two STS headers are sent for a connection</p>
+ <p>CVE-2017-7790: Windows crash reporter reads extra memory for some non-null-terminated registry values</p>
+ <p>CVE-2017-7796: Windows updater can delete any file named update.log</p>
+ <p>CVE-2017-7797: Response header name interning leaks across origins</p>
+ <p>CVE-2017-7780: Memory safety bugs fixed in Firefox 55</p>
+ <p>CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-7753</cvename>
+ <cvename>CVE-2017-7779</cvename>
+ <cvename>CVE-2017-7780</cvename>
+ <cvename>CVE-2017-7781</cvename>
+ <cvename>CVE-2017-7782</cvename>
+ <cvename>CVE-2017-7783</cvename>
+ <cvename>CVE-2017-7784</cvename>
+ <cvename>CVE-2017-7785</cvename>
+ <cvename>CVE-2017-7786</cvename>
+ <cvename>CVE-2017-7787</cvename>
+ <cvename>CVE-2017-7788</cvename>
+ <cvename>CVE-2017-7789</cvename>
+ <cvename>CVE-2017-7790</cvename>
+ <cvename>CVE-2017-7791</cvename>
+ <cvename>CVE-2017-7792</cvename>
+ <cvename>CVE-2017-7794</cvename>
+ <cvename>CVE-2017-7796</cvename>
+ <cvename>CVE-2017-7797</cvename>
+ <cvename>CVE-2017-7798</cvename>
+ <cvename>CVE-2017-7799</cvename>
+ <cvename>CVE-2017-7800</cvename>
+ <cvename>CVE-2017-7801</cvename>
+ <cvename>CVE-2017-7802</cvename>
+ <cvename>CVE-2017-7803</cvename>
+ <cvename>CVE-2017-7804</cvename>
+ <cvename>CVE-2017-7806</cvename>
+ <cvename>CVE-2017-7807</cvename>
+ <cvename>CVE-2017-7808</cvename>
+ <url>https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/</url>
+ </references>
+ <dates>
+ <discovery>2017-08-08</discovery>
+ <entry>2017-08-08</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="9245681c-7c3c-11e7-b5af-a4badb2f4699">
+ <topic>sqlite3 -- heap-buffer overflow</topic>
+ <affects>
+ <package>
+ <name>sqlite3</name>
+ <range><lt>3.20.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Google reports:</p>
+ <blockquote cite="https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937">
+ <p>A heap-buffer overflow (sometimes a crash) can arise when
+ running a SQL request on malformed sqlite3 databases.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937</url>
+ <cvename>CVE-2017-10989</cvename>
+ </references>
+ <dates>
+ <discovery>2017-08-08</discovery>
+ <entry>2017-08-08</entry>
+ <modified>2017-09-19</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="88a77ad8-77b1-11e7-b5af-a4badb2f4699">
+ <topic>Varnish -- Denial of service vulnerability</topic>
+ <affects>
+ <package>
+ <name>varnish4</name>
+ <range><ge>4.0.1</ge><lt>4.0.5</lt></range>
+ <range><ge>4.1.0</ge><lt>4.1.8</lt></range>
+ </package>
+ <package>
+ <name>varnish5</name>
+ <range><lt>5.0.1</lt></range>
+ <range><ge>5.1.0</ge><lt>5.1.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>phk reports:</p>
+ <blockquote cite="https://varnish-cache.org/security/VSV00001.html">
+ <p>A wrong if statement in the varnishd source code means that
+ particular invalid requests from the client can trigger an assert.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://varnish-cache.org/security/VSV00001.html</url>
+ </references>
+ <dates>
+ <discovery>2017-08-02</discovery>
+ <entry>2017-08-02</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="7d138476-7710-11e7-88a1-e8e0b747a45a">
+ <topic>chromium -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <name>chromium-pulse</name>
+ <range><lt>60.0.3112.78</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Google Chrome releases reports:</p>
+ <blockquote cite="https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html">
+ <p>40 security fixes in this release, including:</p>
+ <ul>
+ <li>[728887] High CVE-2017-5091: Use after free in IndexedDB. Reported by
+ Ned Williamson on 2017-06-02</li>
+ <li>[733549] High CVE-2017-5092: Use after free un PPAPI. Reported by
+ Yu Zhou, Yuan Deng of Ant-financial Light-Year Security Lab on 2017-06-15</li>
+ <li>[550017] High CVE-2017-5093: UI spoofing in Blink. Reported by
+ Luan Herrera on 2015-10-31</li>
+ <li>[702946] High CVE-2017-5094: Type confusion in extensions. Reported by
+ Anonymous on 2017-03-19</li>
+ <li>[732661] High CVE-2017-5095: Out-of-bounds write in PDFium. Reported by
+ Anonymous on 2017-06-13</li>
+ <li>[714442] High CVE-2017-5096: User information leak via Android intents. Reported by
+ Takeshi Terada on 2017-04-23</li>
+ <li>[740789] High CVE-2017-5097: Out-of-bounds read in Skia. Reported by
+ Anonymous on 2017-07-11</li>
+ <li>[740803] High CVE-2017-5098: Use after free in V8. Reported by
+ Jihoon Kim on 2017-07-11</li>
+ <li>[733548] High CVE-2017-5099: Out-of-bounds write in PPAPI. Reported by
+ Yuan Deng, Yu Zhou of Ant-financial Light-Year Security Lab on 2017-06-15</li>
+ <li>[718292] Medium CVE-2017-5100: Use after free in Chrome Apps. Reported by
+ Anonymous on 2017-05-04</li>
+ <li>[681740] Medium CVE-2017-5101: URL spoofing in OmniBox. Reported by
+ Luan Herrera on 2017-01-17</li>
+ <li>[727678] Medium CVE-2017-5102: Uninitialized use in Skia. Reported by
+ Anonymous on 2017-05-30</li>
+ <li>[726199] Medium CVE-2017-5103: Uninitialized use in Skia. Reported by
+ Anonymous on 2017-05-25</li>
+ <li>[729105] Medium CVE-2017-5104: UI spoofing in browser. Reported by
+ Khalil Zhani on 2017-06-02</li>
+ <li>[742407] Medium CVE-2017-7000: Pointer disclosure in SQLite. Reported by
+ Chaitin Security Research Lab working with Trend Micro's Zero Day Initiative</li>
+ <li>[729979] Low CVE-2017-5105: URL spoofing in OmniBox. Reported by
+ Rayyan Bijoora on 2017-06-06</li>
+ <li>[714628] Medium CVE-2017-5106: URL spoofing in OmniBox. Reported by
+ Jack Zac on 2017-04-24</li>
+ <li>[686253] Low CVE-2017-5107: User information leak via SVG. Reported by
+ David Kohlbrenner of UC San Diego on 2017-01-27</li>
+ <li>[695830] Low CVE-2017-5108: Type of confusion in PDFium. Reported by
+ Guang Gong of Alpha Team, Qihoo 360 on 2017-02-24</li>
+ <li>[710400] Low CVE-2017-5109: UI spoofing in browser. Reported by
+ Jose Maria Acunia Morgado on 2017-04-11</li>
+ <li>[717476] Low CVE-2017-5110: UI spoofing in payments dialog. Reported by
+ xisigr of Tencent's Xuanwu Lab on 2017-05-02</li>
+ <li>[748565] Various fixes from internal audits, fuzzing and other initiatives</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-5091</cvename>
+ <cvename>CVE-2017-5092</cvename>
+ <cvename>CVE-2017-5093</cvename>
+ <cvename>CVE-2017-5094</cvename>
+ <cvename>CVE-2017-5095</cvename>
+ <cvename>CVE-2017-5096</cvename>
+ <cvename>CVE-2017-5097</cvename>
+ <cvename>CVE-2017-5098</cvename>
+ <cvename>CVE-2017-5099</cvename>
+ <cvename>CVE-2017-5100</cvename>
+ <cvename>CVE-2017-5101</cvename>
+ <cvename>CVE-2017-5102</cvename>
+ <cvename>CVE-2017-5103</cvename>
+ <cvename>CVE-2017-5104</cvename>
+ <cvename>CVE-2017-7000</cvename>
+ <cvename>CVE-2017-5105</cvename>
+ <cvename>CVE-2017-5106</cvename>
+ <cvename>CVE-2017-5107</cvename>
+ <cvename>CVE-2017-5108</cvename>
+ <cvename>CVE-2017-5109</cvename>
+ <cvename>CVE-2017-5110</cvename>
+ <url>https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html</url>
+ </references>
+ <dates>
+ <discovery>2017-07-25</discovery>
+ <entry>2017-08-01</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="f86d0e5d-7467-11e7-93af-005056925db4">
+ <topic>Cacti -- Cross-site scripting (XSS) vulnerability in auth_profile.php</topic>
+ <affects>
+ <package>
+ <name>cacti</name>
+ <range><eq>1.1.13</eq></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>kimiizhang reports:</p>
+ <blockquote cite="https://github.com/Cacti/cacti/issues/867">
+ <p>Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti
+ 1.1.13 allows remote authenticated users to inject arbitrary web script
+ or HTML via specially crafted HTTP Referer headers.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://github.com/Cacti/cacti/issues/867</url>
+ <url>https://www.cacti.net/release_notes.php?version=1.1.14</url>
+ <cvename>CVE-2017-11691</cvename>
+ </references>
+ <dates>
+ <discovery>2017-07-20</discovery>
+ <entry>2017-07-29</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="770d7e91-72af-11e7-998a-08606e47f965">
+ <topic>proftpd -- user chroot escape vulnerability</topic>
+ <affects>
+ <package>
+ <name>proftpd</name>
+ <range><lt>1.3.5e</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>NVD reports:</p>
+ <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7418">
+ <p>ProFTPD ... controls whether the home directory of a user could
+ contain a symbolic link through the AllowChrootSymlinks
+ configuration option, but checks only the last path component when
+ enforcing AllowChrootSymlinks. Attackers with local access could
+ bypass the AllowChrootSymlinks control by replacing a path
+ component (other than the last one) with a symbolic link.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://bugs.proftpd.org/show_bug.cgi?id=4295</url>
+ <cvename>CVE-2017-7418</cvename>
+ </references>
+ <dates>
+ <discovery>2017-03-06</discovery>
+ <entry>2017-07-27</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="76d80b33-7211-11e7-998a-08606e47f965">
+ <topic>jabberd -- authentication bypass vulnerability</topic>
+ <affects>
+ <package>
+ <name>jabberd</name>
+ <range><lt>2.6.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>SecurityFocus reports:</p>
+ <blockquote cite="http://www.securityfocus.com/bid/99511/discuss">
+ <p>JabberD is prone to an authentication-bypass vulnerability.
+ An attacker can exploit this issue to bypass the authentication
+ mechanism and perform unauthorized actions. This may lead to
+ further attacks.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867032</url>
+ <url>http://www.securityfocus.com/bid/99511</url>
+ <cvename>CVE-2017-10807</cvename>
+ </references>
+ <dates>
+ <discovery>2017-07-03</discovery>
+ <entry>2017-07-26</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="0f66b901-715c-11e7-ad1f-bcaec565249c">
+ <topic>webkit2-gtk3 -- multiple vulnabilities</topic>
+ <affects>
+ <package>
+ <name>webkit2-gtk3</name>
+ <range><lt>2.16.6</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Webkit gtk team reports:</p>
+ <blockquote cite="https://webkitgtk.org/security/WSA-2017-0006.html">
+ <p>CVE-2017-7006: Versions affected: WebKitGTK+ before 2.16.2.<br/>
+ Credit to David Kohlbrenner of UC San Diego, an anonymous
+ researcher.<br/>
+ Impact: A malicious website may exfiltrate data cross-origin.
+ Description: Processing maliciously crafted web content may
+ allow cross-origin data to be exfiltrated by using SVG filters
+ to conduct a timing side-channel attack. This issue was addressed by not painting the cross-origin buffer into the frame that gets filtered.</p>
+
+ <p>CVE-2017-7011: Versions affected: WebKitGTK+ before 2.16.3.<br/>
+ Credit to xisigr of Tencent’s Xuanwu Lab (tencent.com).<br/>
+ Impact: Visiting a malicious website may lead to address bar
+ spoofing. Description: A state management issue was addressed
+ with improved frame handling.</p>
+
+ <p>CVE-2017-7012: Versions affected: WebKitGTK+ before 2.16.2.<br/>
+ Credit to Apple.<br/>
+ Impact: Processing maliciously crafted web content may lead to
+ arbitrary code execution. Description: Multiple memory
+ corruption issues were addressed with improved memory
+ handling.</p>
+
+ <p>CVE-2017-7018: Versions affected: WebKitGTK+ before 2.16.6.<br/>
+ Credit to lokihardt of Google Project Zero.<br/>
+ Impact: Processing maliciously crafted web content may lead to
+ arbitrary code execution. Description: Multiple memory
+ corruption issues were addressed with improved memory
+ handling.</p>
+
+ <p>CVE-2017-7019: Versions affected: WebKitGTK+ before 2.16.2.<br/>
+ Credit to Zhiyang Zeng of Tencent Security Platform Department.<br/>
+ Impact: Processing maliciously crafted web content may lead
+ to arbitrary code execution. Description: Multiple memory
+ corruption issues were addressed with improved memory
+ handling.</p>
+
+ <p>CVE-2017-7020: Versions affected: WebKitGTK+ before 2.16.1.<br/>
+ Credit to likemeng of Baidu Security Lab.<br/>
+ Impact: Processing maliciously crafted web content may lead
+ to arbitrary code execution. Description: Multiple memory
+ corruption issues were addressed with improved memory
+ handling.</p>
+
+ <p>CVE-2017-7030: Versions affected: WebKitGTK+ before 2.16.6.<br/>
+ Credit to chenqin of Ant-financial Light-Year Security Lab
+ (蚂蚁金服巴斯光年安全实验室).<br/>
+ Impact: Processing maliciously crafted web content may lead
+ to arbitrary code execution. Description: Multiple memory
+ corruption issues were addressed with improved memory
+ handling.</p>
+
+ <p>CVE-2017-7034: Versions affected: WebKitGTK+ before 2.16.6.<br/>
+ Credit to chenqin of Ant-financial Light-Year Security Lab
+ (蚂蚁金服巴斯光年安全实验室).<br/>
+ Impact: Processing maliciously crafted web content may lead
+ to arbitrary code execution. Description: Multiple memory
+ corruption issues were addressed with improved memory
+ handling.</p>
+
+ <p>CVE-2017-7037: Versions affected: WebKitGTK+ before 2.16.6.<br/>
+ Credit to lokihardt of Google Project Zero.<br/>
+ Impact: Processing maliciously crafted web content may lead
+ to arbitrary code execution. Description: Multiple memory
+ corruption issues were addressed with improved memory
+ handling.</p>
+
+ <p>CVE-2017-7038: Versions affected: WebKitGTK+ before 2.16.2.<br/>
+ Credit to Neil Jenkins of FastMail Pty Ltd, Egor Karbutov
+ (@ShikariSenpai) of Digital Security and Egor Saltykov
+ (@ansjdnakjdnajkd) of Digital Security.<br/>
+ Impact: Processing maliciously crafted web content with
+ DOMParser may lead to cross site scripting. Description:
+ A logic issue existed in the handling of DOMParser. This
+ issue was addressed with improved state management.</p>
+
+ <p>CVE-2017-7039: Versions affected: WebKitGTK+ before 2.16.6.<br/>
+ Credit to Ivan Fratric of Google Project Zero.<br/>
+ Impact: Processing maliciously crafted web content may lead
+ to arbitrary code execution. Description: Multiple memory
+ corruption issues were addressed with improved memory
+ handling.</p>
+
+ <p>CVE-2017-7040: Versions affected: WebKitGTK+ before 2.16.3.<br/>
+ Credit to Ivan Fratric of Google Project Zero.<br/>
+ Impact: Processing maliciously crafted web content may lead
+ to arbitrary code execution. Description: Multiple memory
+ corruption issues were addressed with improved memory
+ handling.</p>
+
+ <p>CVE-2017-7041: Versions affected: WebKitGTK+ before 2.16.2.<br/>
+ Credit to Ivan Fratric of Google Project Zero.<br/>
+ Impact: Processing maliciously crafted web content may lead
+ to arbitrary code execution. Description: Multiple memory
+ corruption issues were addressed with improved memory
+ handling.</p>
+
+ <p>CVE-2017-7042: Versions affected: WebKitGTK+ before 2.16.2.<br/>
+ Credit to Ivan Fratric of Google Project Zero.<br/>
+ Impact: Processing maliciously crafted web content may lead
+ to arbitrary code execution. Description: Multiple memory
+ corruption issues were addressed with improved memory
+ handling.</p>
+
+ <p>CVE-2017-7043: Versions affected: WebKitGTK+ before 2.16.2.<br/>
+ Credit to Ivan Fratric of Google Project Zero.<br/>
+ Impact: Processing maliciously crafted web content may lead
+ to arbitrary code execution. Description: Multiple memory
+ corruption issues were addressed with improved memory
+ handling.</p>
+
+ <p>CVE-2017-7046: Versions affected: WebKitGTK+ before 2.16.6.<br/>
+ Credit to Ivan Fratric of Google Project Zero.<br/>
+ Impact: Processing maliciously crafted web content may lead
+ to arbitrary code execution. Description: Multiple memory
+ corruption issues were addressed with improved memory
+ handling.</p>
+
+ <p>CVE-2017-7048: Versions affected: WebKitGTK+ before 2.16.6.<br/>
+ Credit to Ivan Fratric of Google Project Zero.<br/>
+ Impact: Processing maliciously crafted web content may lead
+ to arbitrary code execution. Description: Multiple memory
+ corruption issues were addressed with improved memory
+ handling.</p>
+
+ <p>CVE-2017-7049: Versions affected: WebKitGTK+ before 2.16.2.<br/>
+ Credit to Ivan Fratric of Google Project Zero.<br/>
+ Impact: Processing maliciously crafted web content may lead
+ to arbitrary code execution. Description: Multiple memory
+ corruption issues were addressed through improved memory
+ handling.</p>
+
+ <p>CVE-2017-7052: Versions affected: WebKitGTK+ before 2.16.4.<br/>
+ Credit to cc working with Trend Micro’s Zero Day Initiative.<br/>
+ Impact: Processing maliciously crafted web content may lead
+ to arbitrary code execution. Description: Multiple memory
+ corruption issues were addressed with improved memory
+ handling.</p>
+
+ <p>CVE-2017-7055: Versions affected: WebKitGTK+ before 2.16.6.<br/>
+ Credit to The UK’s National Cyber Security Centre (NCSC).<br/>
+ Impact: Processing maliciously crafted web content may lead
+ to arbitrary code execution. Description: Multiple memory
+ corruption issues were addressed with improved memory
+ handling.</p>
+
+ <p>CVE-2017-7056: Versions affected: WebKitGTK+ before 2.16.6.<br/>
+ Credit to lokihardt of Google Project Zero.<br/>
+ Impact: Processing maliciously crafted web content may lead
+ to arbitrary code execution. Description: Multiple memory
+ corruption issues were addressed with improved memory
+ handling.</p>
+
+ <p>CVE-2017-7059: Versions affected: WebKitGTK+ before 2.16.3.<br/>
+ Credit to an anonymous researcher.<br/>
+ Impact: Processing maliciously crafted web content with
+ DOMParser may lead to cross site scripting. Description:
+ A logic issue existed in the handling of DOMParser. This
+ issue was addressed with improved state management.</p>
+
+ <p>CVE-2017-7061: Versions affected: WebKitGTK+ before 2.16.6.<br/>
+ Credit to lokihardt of Google Project Zero.<br/>
+ Impact: Processing maliciously crafted web content may lead
+ to arbitrary code execution. Description: Multiple memory
+ corruption issues were addressed with improved memory
+ handling.</p>
+
+ <p>CVE-2017-7064: Versions affected: WebKitGTK+ before 2.16.6.<br/>
+ Credit to lokihardt of Google Project Zero.<br/>
+ Impact: An application may be able to read restricted
+ memory. Description: A memory initialization issue was
+ addressed through improved memory handling.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://webkitgtk.org/security/WSA-2017-0006.html</url>
+ <cvename>CVE-2017-7006</cvename>
+ <cvename>CVE-2017-7011</cvename>
+ <cvename>CVE-2017-7012</cvename>
+ <cvename>CVE-2017-7018</cvename>
+ <cvename>CVE-2017-7019</cvename>
+ <cvename>CVE-2017-7020</cvename>
+ <cvename>CVE-2017-7030</cvename>
+ <cvename>CVE-2017-7034</cvename>
+ <cvename>CVE-2017-7037</cvename>
+ <cvename>CVE-2017-7038</cvename>
+ <cvename>CVE-2017-7039</cvename>
+ <cvename>CVE-2017-7040</cvename>
+ <cvename>CVE-2017-7041</cvename>
+ <cvename>CVE-2017-7042</cvename>
+ <cvename>CVE-2017-7043</cvename>
+ <cvename>CVE-2017-7046</cvename>
+ <cvename>CVE-2017-7048</cvename>
+ <cvename>CVE-2017-7049</cvename>
+ <cvename>CVE-2017-7052</cvename>
+ <cvename>CVE-2017-7055</cvename>
+ <cvename>CVE-2017-7056</cvename>
+ <cvename>CVE-2017-7059</cvename>
+ <cvename>CVE-2017-7061</cvename>
+ <cvename>CVE-2017-7064</cvename>
+ </references>
+ <dates>
+ <discovery>2017-07-24</discovery>
+ <entry>2017-07-25</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="8745c67e-7dd1-4165-96e2-fcf9da2dc5b5">
+ <topic>gsoap -- remote code execution via via overflow</topic>
+ <affects>
+ <package>
+ <name>gsoap</name>
+ <range><lt>2.8.47</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Senrio reports:</p>
+ <blockquote cite="http://www.securityfocus.com/bid/99868/discuss">
+ <p>Genivia gSOAP is prone to a stack-based buffer-overflow
+ vulnerability because it fails to properly bounds check user-supplied
+ data before copying it into an insufficiently sized buffer.</p>
+ <p>A remote attacker may exploit this issue to execute arbitrary code
+ in the context of the affected device. Failed attempts will likely
+ cause a denial-of-service condition.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.securityfocus.com/bid/99868/discuss</url>
+ <url>http://blog.senr.io/blog/devils-ivy-flaw-in-widely-used-third-party-code-impacts-millions</url>
+ <url>http://blog.senr.io/devilsivy.html</url>
+ <url>https://www.genivia.com/advisory.html#Security_advisory:_CVE-2017-9765_bug_in_certain_versions_of_gSOAP_2.7_up_to_2.8.47_%28June_21,_2017%29</url>
+ <url>https://www.genivia.com/changelog.html#Version_2.8.48_upd_%2806/21/2017%29</url>
+ <cvename>CVE-2017-9765</cvename>
+ </references>
+ <dates>
+ <discovery>2017-07-18</discovery>
+ <entry>2017-07-25</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="92f4191a-6d25-11e7-93f7-d43d7e971a1b">
+ <topic>GitLab -- Various security issues</topic>
+ <affects>
+ <package>
+ <name>gitlab</name>
+ <range><ge>8.0.0</ge><le>8.17.6</le></range>
+ <range><ge>9.0.0</ge><le>9.0.10</le></range>
+ <range><ge>9.1.0</ge><le>9.1.7</le></range>
+ <range><ge>9.2.0</ge><le>9.2.7</le></range>
+ <range><ge>9.3.0</ge><le>9.3.7</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>GitLab reports:</p>
+ <blockquote cite="https://about.gitlab.com/2017/07/19/gitlab-9-dot-3-dot-8-released/">
+ <h1>Projects in subgroups authorization bypass with SQL wildcards
+ (CVE-2017-11438)</h1>
+ <p>An internal code review disclosed that by choosing a namespace with
+ underscores an authenticated user could take advantage of a badly written
+ SQL query to add themselves to any project inside a subgroup with
+ permissions of their choice.<br/>
+ This vulnerability was caused by a SQL query that automatically adjusts
+ project permissions but does not escape wildcards. This vulnerability was
+ coincidentally patched when the affected code was rewritten for
+ 9.3. Therefore, versions 9.3 and above are not vulnerable.<br/>
+ <br/>
+ This issue has been assigned CVE-2017-11438.<br/>
+ <br/>
+ Note: GitLab-CE+EE 8.17 is not vulnerable to this issue, however patches
+ have been included to improve the security of the SQL queries in 8.17.7.</p>
+ <h1>Symlink cleanup from a previous security release</h1>
+ <p>The 9.2.5 security release contained a fix for a data corruption
+ vulnerability involving file uploads. This fix utilized symlinks to migrate
+ file uploads to a new directory. Due to a typo in the included migration a
+ symlink was accidentally left behind after the migration finished. This
+ symlink can cause problems with instance backups. A fix is included with
+ these releases to remove the problematic symlink.</p>
+ <h1>Accidental or malicious use of reserved names in group names could cause
+ deletion of all snippet uploads</h1>
+ <p>The 9.2.5 security release contained a fix for a data corruption
+ vulnerability involving file uploads. After the release of 9.2.5 an internal
+ code review determined that the recently introduced snippet file uploads
+ feature was also vulnerable to file deletion. Snippet uploads have now been
+ moved into the protected system namespace.</p>
+ <h1>Project name leak on todos page</h1>
+ <p>An internal code review discovered that forceful browsing could be
+ utilized to disclose the names of private projects.</p>
+ <h1>Denial of Service via regular expressions in CI process</h1>
+ <p>Lukas Svoboda reported that regular expressions (regex) included with CI
+ scripts could be utilized to perform a denial-of-service attack on GitLab
+ instances. GitLab now uses the re2 Regex library to limit regex execution
+ time.</p>
+ <h1>Issue title leakage when external issue tracker is enabled</h1>
+ <p>An internal code review determined that when an external issue tracker is
+ configured it was possible to discover the titles of all issues in a given
+ GitLab instance, including issues in private projects and confidential
+ issues.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://about.gitlab.com/2017/07/19/gitlab-9-dot-3-dot-8-released/</url>
+ <cvename>CVE-2017-11438</cvename>
+ </references>
+ <dates>
+ <discovery>2017-07-20</discovery>
+ <entry>2017-07-20</entry>
+ <modified>2017-08-15</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="cda2f3c2-6c8b-11e7-867f-b499baebfeaf">
+ <topic>MySQL -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>mariadb55-server</name>
+ <range><lt>5.5.57</lt></range>
+ </package>
+ <package>
+ <name>mariadb100-server</name>
+ <range><lt>10.0.32</lt></range>
+ </package>
+ <package>
+ <name>mariadb101-server</name>
+ <range><lt>10.1.26</lt></range>
+ </package>
+ <package>
+ <name>mariadb102-server</name>
+ <range><lt>10.2.6</lt></range>
+ </package>
+ <package>
+ <name>mysql55-server</name>
+ <range><lt>5.5.57</lt></range>
+ </package>
+ <package>
+ <name>mysql56-server</name>
+ <range><lt>5.6.37</lt></range>
+ </package>
+ <package>
+ <name>mysql57-server</name>
+ <range><lt>5.7.19</lt></range>
+ </package>
+ <package>
+ <name>percona55-server</name>
+ <range><lt>5.5.57</lt></range>
+ </package>
+ <package>
+ <name>percona56-server</name>
+ <range><lt>5.6.37</lt></range>
+ </package>
+ <package>
+ <name>percona57-server</name>
+ <range><lt>5.7.19</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Oracle reports:</p>
+ <blockquote cite="http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL">
+ <ul>
+ <li>Reserved [CVE-2017-3629]</li>
+ <li>A remote user can exploit a flaw in the Server: Memcached component to partially
+ modify data and cause denial of service conditions [CVE-2017-3633].</li>
+ <li>A remote authenticated user can exploit a flaw in the Server: DML component to
+ cause denial of service conditions [CVE-2017-3634].</li>
+ <li>A remote authenticated user can exploit a flaw in the Connector/C component to
+ cause denial of service conditions [CVE-2017-3635].</li>
+ <li>A remote authenticated user can exploit a flaw in the C API component to cause
+ denial of service conditions [CVE-2017-3635].</li>
+ <li>A local user can exploit a flaw in the Client programs component to partially
+ access data, partially modify data, and partially deny service
+ [CVE-2017-3636].</li>
+ <li>A remote authenticated user can exploit a flaw in the Server: UDF component to
+ cause denial of service conditions [CVE-2017-3529].</li>
+ <li>A remote authenticated user can exploit a flaw in the X Plugin component to
+ cause denial of service conditions [CVE-2017-3637].</li>
+ <li>A remote authenticated user can exploit a flaw in the Server: DML component to
+ cause denial of service conditions [CVE-2017-3639, CVE-2017-3640, CVE-2017-3641,
+ CVE-2017-3643, CVE-2017-3644].</li>
+ <li>A remote authenticated user can exploit a flaw in the Server: Optimizer
+ component to cause denial of service conditions [CVE-2017-3638, CVE-2017-3642,
+ CVE-2017-3645].</li>
+ <li>A remote authenticated user can exploit a flaw in the X Plugin component to
+ cause denial of service conditions [CVE-2017-3646].</li>
+ <li>A remote authenticated user can exploit a flaw in the Server: Charsets component
+ to cause denial of service conditions [CVE-2017-3648].</li>
+ <li>A remote authenticated user can exploit a flaw in the Server: Replication
+ component to cause denial of service conditions [CVE-2017-3647,
+ CVE-2017-3649].</li>
+ <li>A remote authenticated user can exploit a flaw in the Client mysqldump component
+ to partially modify data [CVE-2017-3651].</li>
+ <li>A remote authenticated user can exploit a flaw in the Server: DDL component to
+ partially access and partially modify data [CVE-2017-3652].</li>
+ <li>A remote user can exploit a flaw in the C API component to partially access data
+ [CVE-2017-3650].</li>
+ <li>A remote authenticated user can exploit a flaw in the Server: DDL component to
+ partially modify data [CVE-2017-3653].</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL</url>
+ <cvename>CVE-2017-3529</cvename>
+ <cvename>CVE-2017-3633</cvename>
+ <cvename>CVE-2017-3634</cvename>
+ <cvename>CVE-2017-3635</cvename>
+ <cvename>CVE-2017-3636</cvename>
+ <cvename>CVE-2017-3637</cvename>
+ <cvename>CVE-2017-3638</cvename>
+ <cvename>CVE-2017-3639</cvename>
+ <cvename>CVE-2017-3640</cvename>
+ <cvename>CVE-2017-3641</cvename>
+ <cvename>CVE-2017-3642</cvename>
+ <cvename>CVE-2017-3643</cvename>
+ <cvename>CVE-2017-3644</cvename>
+ <cvename>CVE-2017-3645</cvename>
+ <cvename>CVE-2017-3646</cvename>
+ <cvename>CVE-2017-3647</cvename>
+ <cvename>CVE-2017-3648</cvename>
+ <cvename>CVE-2017-3649</cvename>
+ <cvename>CVE-2017-3650</cvename>
+ <cvename>CVE-2017-3651</cvename>
+ <cvename>CVE-2017-3652</cvename>
+ <cvename>CVE-2017-3653</cvename>
+ </references>
+ <dates>
+ <discovery>2017-07-19</discovery>
+ <entry>2017-07-19</entry>
+ <modified>2017-08-12</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="08a2df48-6c6a-11e7-9b01-2047478f2f70">
+ <topic>collectd5 -- Denial of service by sending a signed network packet to a server which is not set up to check signatures</topic>
+ <affects>
+ <package>
+ <name>collectd5</name>
+ <range><lt>5.7.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>marcinguy reports:</p>
+ <blockquote cite="https://github.com/collectd/collectd/issues/2174">
+ <p>After sending this payload, collectd seems to be entering endless while()
+ loop in packet_parse consuming high CPU resources, possibly crash/gets killed after a while.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://github.com/collectd/collectd/issues/2174</url>
+ <cvename>CVE-2017-7401</cvename>
+ </references>
+ <dates>
+ <discovery>2017-02-13</discovery>
+ <entry>2017-07-19</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="e6ccaf8a-6c63-11e7-9b01-2047478f2f70">
+ <topic>strongswan -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>strongswan</name>
+ <range><ge>4.4.0</ge><le>5.5.2</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>strongSwan security team reports:</p>
+ <blockquote cite="https://www.strongswan.org/blog/2017/05/30/strongswan-5.5.3-released.html">
+ <ul>
+ <li>RSA public keys passed to the gmp plugin aren't validated sufficiently
+ before attempting signature verification, so that invalid input might
+ lead to a floating point exception. [CVE-2017-9022]</li>
+ <li>ASN.1 CHOICE types are not correctly handled by the ASN.1 parser when
+ parsing X.509 certificates with extensions that use such types. This
+ could lead to infinite looping of the thread parsing a specifically crafted certificate.</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-(cve-2017-9022).html</url>
+ <cvename>CVE-2017-9022</cvename>
+ <url>https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-(cve-2017-9023).html</url>
+ <cvename>CVE-2017-9023</cvename>
+ </references>
+ <dates>
+ <discovery>2017-05-30</discovery>
+ <entry>2017-07-19</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="c7e8e955-6c61-11e7-9b01-2047478f2f70">
+ <cancelled superseded="e6ccaf8a-6c63-11e7-9b01-2047478f2f70"/>
+ </vuln>
+
+ <vuln vid="dc3c66e8-6a18-11e7-93af-005056925db4">
+ <topic>Cacti -- Cross-site scripting (XSS) vulnerability in link.php</topic>
+ <affects>
+ <package>
+ <name>cacti</name>
+ <range><ge>1.0.0</ge><lt>1.1.13</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>kimiizhang reports:</p>
+ <blockquote cite="https://github.com/Cacti/cacti/issues/838">
+ <p>Cross-site scripting (XSS) vulnerability in link.php in Cacti<br/>
+ 1.1.12 allows remote anonymous users to inject arbitrary web<br/>
+ script or HTML via the id parameter.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://github.com/Cacti/cacti/issues/838</url>
+ <url>https://www.cacti.net/release_notes.php?version=1.1.13</url>
+ <cvename>CVE-2017-10970</cvename>
+ </references>
+ <dates>
+ <discovery>2017-07-05</discovery>
+ <entry>2017-07-17</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="457ce015-67fa-11e7-867f-b499baebfeaf">
+ <topic>Apache httpd -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>apache24</name>
+ <range><lt>2.4.27</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Apache httpd project reports:</p>
+ <blockquote cite="https://httpd.apache.org/security/vulnerabilities_24.html">
+ <p>important: Read after free in mod_http2 (CVE-2017-9789)<br/>
+ When under stress, closing many connections, the HTTP/2 handling
+ code would sometimes access memory after it has been freed,
+ resulting in potentially erratic behaviour.</p>
+ <p>important: Uninitialized memory reflection in mod_auth_digest
+ (CVE-2017-9788)<br/>The value placeholder in [Proxy-]Authorization
+ headers of type 'Digest' was not initialized or reset before or
+ between successive key=value assignments. by mod_auth_digest.<br/>
+ Providing an initial key with no '=' assignment could reflect
+ the stale value of uninitialized pool memory used by the prior
+ request, leading to leakage of potentially confidential
+ information, and a segfault.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://httpd.apache.org/security/vulnerabilities_24.html</url>
+ <cvename>CVE-2017-9789</cvename>
+ <cvename>CVE-2017-9788</cvename>
+ </references>
+ <dates>
+ <discovery>2017-07-11</discovery>
+ <entry>2017-07-13</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="a03e043a-67f1-11e7-beff-6451062f0f7a">
+ <topic>Flash Player -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>linux-flashplayer</name>
+ <range><lt>26.0.0.137</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Adobe reports:</p>
+ <blockquote cite="https://helpx.adobe.com/security/products/flash-player/apsb17-21.html">
+ <ul>
+ <li>These updates resolve security bypass vulnerability that
+ could lead to information disclosure (CVE-2017-3080).</li>
+ <li>These updates resolve memory corruption vulnerability that
+ could lead to remote code execution (CVE-2017-3099).</li>
+ <li>These updates resolve memory corruption vulnerability that
+ could lead to memory address disclosure (CVE-2017-3100).</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-3080</cvename>
+ <cvename>CVE-2017-3099</cvename>
+ <cvename>CVE-2017-3100</cvename>
+ <url>https://helpx.adobe.com/security/products/flash-player/apsb17-21.html</url>
+ </references>
+ <dates>
+ <discovery>2017-07-11</discovery>
+ <entry>2017-07-13</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="85851e4f-67d9-11e7-bc37-00505689d4ae">
+ <topic>samba -- Orpheus Lyre mutual authentication validation bypass</topic>
+ <affects>
+ <package>
+ <name>samba42</name>
+ <range><lt>4.2.15</lt></range>
+ </package>
+ <package>
+ <name>samba43</name>
+ <range><lt>4.3.14</lt></range>
+ </package>
+ <package>
+ <name>samba44</name>
+ <range><lt>4.4.15</lt></range>
+ </package>
+ <package>
+ <name>samba45</name>
+ <range><lt>4.5.12</lt></range>
+ </package>
+ <package>
+ <name>samba46</name>
+ <range><lt>4.6.6</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The samba project reports:</p>
+ <blockquote cite="https://www.samba.org/samba/security/CVE-2017-11103.html">
+ <p>A MITM attacker may impersonate a trusted server and thus gain elevated access to the domain by
+ returning malicious replication or authorization data.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.samba.org/samba/security/CVE-2017-11103.html</url>
+ <cvename>CVE-2017-11103</cvename>
+ </references>
+ <dates>
+ <discovery>2017-07-12</discovery>
+ <entry>2017-07-12</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="3eff66c5-66c9-11e7-aa1d-3d2e663cef42">
+ <topic>node.js -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>node</name>
+ <range><lt>8.1.4</lt></range>
+ </package>
+ <package>
+ <name>node4</name>
+ <range><lt>4.8.4</lt></range>
+ </package>
+ <package>
+ <name>node6</name>
+ <range><lt>6.11.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Updates are now available for all active Node.js release lines as
+ well as the 7.x line. These include the fix for the high severity
+ vulnerability identified in the initial announcement, one additional
+ lower priority Node.js vulnerability in the 4.x release line, as well
+ as some lower priority fixes for Node.js dependencies across the
+ current release lines.</p>
+ <blockquote cite="https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/">
+ <h2>Constant Hashtable Seeds (CVE pending)</h2>
+ <p>Node.js was susceptible to hash flooding remote DoS attacks as the
+ HashTable seed was constant across a given released version of
+ Node.js. This was a result of building with V8 snapshots enabled by
+ default which caused the initially randomized seed to be overwritten
+ on startup. Thanks to Jann Horn of Google Project Zero for reporting
+ this vulnerability.</p>
+ <p>This is a high severity vulnerability and applies to all active
+ release lines (4.x, 6.x, 8.x) as well as the 7.x line.</p>
+ <h2>http.get with numeric authorization options creates uninitialized
+ buffers</h2>
+ <p>Application code that allows the auth field of the options object
+ used with http.get() to be set to a number can result in an
+ uninitialized buffer being created/used as the authentication
+ string.</p>
+ <p>This is a low severity defect and only applies to the 4.x release
+ line.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/</url>
+ </references>
+ <dates>
+ <discovery>2017-06-27</discovery>
+ <entry>2017-07-12</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="b28adc5b-6693-11e7-ad43-f0def16c5c1b">
+ <topic>nginx -- a specially crafted request might result in an integer overflow</topic>
+ <affects>
+ <package>
+ <name>nginx</name>
+ <range><ge>0.5.6</ge><lt>1.12.1,2</lt></range>
+ </package>
+ <package>
+ <name>nginx-devel</name>
+ <range><ge>0.5.6</ge><lt>1.13.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Maxim Dounin reports:</p>
+ <blockquote cite="http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html">
+ <p>A security issue was identified in nginx range filter. A specially
+ crafted request might result in an integer overflow and incorrect
+ processing of ranges, potentially resulting in sensitive information
+ leak (CVE-2017-7529).</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html</url>
+ <cvename>CVE-2017-7529</cvename>
+ </references>
+ <dates>
+ <discovery>2017-07-11</discovery>
+ <entry>2017-07-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="aaedf196-6436-11e7-8b49-002590263bf5">
+ <topic>codeigniter -- input validation bypass</topic>
+ <affects>
+ <package>
+ <name>codeigniter</name>
+ <range><lt>3.1.5</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The CodeIgniter changelog reports:</p>
+ <blockquote cite="https://www.codeigniter.com/user_guide/changelog.html">
+ <p>Form Validation Library rule valid_email could be bypassed if
+ idn_to_ascii() is available.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.codeigniter.com/user_guide/changelog.html</url>
+ </references>
+ <dates>
+ <discovery>2017-06-19</discovery>
+ <entry>2017-07-08</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="31001c6b-63e7-11e7-85aa-a4badb2f4699">
+ <topic>irssi -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>irssi</name>
+ <range><lt>1.0.4,1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>irssi reports:</p>
+ <blockquote cite="https://irssi.org/security/irssi_sa_2017_07.txt">
+ <p>When receiving messages with invalid time stamps, Irssi
+ would try to dereference a NULL pointer.</p>
+ <p>While updating the internal nick list, Irssi may
+ incorrectly use the GHashTable interface and free the nick while
+ updating it. This will then result in use-after-free conditions on each
+ access of the hash table.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://irssi.org/security/irssi_sa_2017_07.txt</url>
+ <cvename>CVE-2017-10965</cvename>
+ <cvename>CVE-2017-10966</cvename>
+ <freebsdpr>ports/220544</freebsdpr>
+ </references>
+ <dates>
+ <discovery>2017-07-05</discovery>
+ <entry>2017-07-08</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="b396cf6c-62e6-11e7-9def-b499baebfeaf">
+ <topic>oniguruma -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>oniguruma4</name>
+ <range><lt>4.7.2</lt></range>
+ </package>
+ <package>
+ <name>oniguruma5</name>
+ <range><lt>5.9.7</lt></range>
+ </package>
+ <package>
+ <name>oniguruma6</name>
+ <range><lt>6.4.0</lt></range>
+ </package>
+ <package>
+ <name>php56-mbstring</name>
+ <range><lt>5.6.31</lt></range>
+ </package>
+ <package>
+ <name>php70-mbstring</name>
+ <range><lt>7.0.21</lt></range>
+ </package>
+ <package>
+ <name>php71-mbstring</name>
+ <range><lt>7.1.7</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>the PHP project reports:</p>
+ <blockquote cite="http://php.net/ChangeLog-7.php">
+ <ul>
+ <li>A stack out-of-bounds read occurs in match_at() during regular
+ expression searching. A logical error involving order of validation
+ and access in match_at() could result in an out-of-bounds read from
+ a stack buffer (CVE-2017-9224).</li>
+ <li>A heap out-of-bounds write or read occurs in next_state_val()
+ during regular expression compilation. Octal numbers larger than 0xff
+ are not handled correctly in fetch_token() and fetch_token_in_cc().
+ A malformed regular expression containing an octal number in the form
+ of '\700' would produce an invalid code point value larger than 0xff
+ in next_state_val(), resulting in an out-of-bounds write memory
+ corruption (CVE-2017-9226).</li>
+ <li>A stack out-of-bounds read occurs in mbc_enc_len() during regular
+ expression searching. Invalid handling of reg->dmin in
+ forward_search_range() could result in an invalid pointer dereference,
+ as an out-of-bounds read from a stack buffer (CVE-2017-9227).</li>
+ <li>A heap out-of-bounds write occurs in bitset_set_range() during
+ regular expression compilation due to an uninitialized variable from
+ an incorrect state transition. An incorrect state transition in
+ parse_char_class() could create an execution path that leaves a
+ critical local variable uninitialized until it's used as an index,
+ resulting in an out-of-bounds write memory corruption (CVE-2017-9228).</li>
+ <li>A SIGSEGV occurs in left_adjust_char_head() during regular expression
+ compilation. Invalid handling of reg->dmax in forward_search_range() could
+ result in an invalid pointer dereference, normally as an immediate
+ denial-of-service condition (CVE-2017-9228).</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://php.net/ChangeLog-7.php</url>
+ <cvename>CVE-2017-9224</cvename>
+ <cvename>CVE-2017-9226</cvename>
+ <cvename>CVE-2017-9227</cvename>
+ <cvename>CVE-2017-9228</cvename>
+ <cvename>CVE-2017-9228</cvename>
+ </references>
+ <dates>
+ <discovery>2017-07-06</discovery>
+ <entry>2017-07-07</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="4fc2df49-6279-11e7-be0f-6cf0497db129">
+ <topic>drupal -- Drupal Core - Multiple Vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>drupal7</name>
+ <range><lt>7.56</lt></range>
+ </package>
+ <package>
+ <name>drupal8</name>
+ <range><lt>8.3.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Drupal Security Team Reports:</p>
+ <blockquote cite="https://www.drupal.org/SA-CORE-2017-003">
+ <p>CVE-2017-6920: PECL YAML parser unsafe object handling.</p>
+ <p>CVE-2017-6921: File REST resource does not properly validate</p>
+ <p>CVE-2017-6922: Files uploaded by anonymous users into a private
+ file system can be accessed by other anonymous users.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-6920</cvename>
+ <cvename>CVE-2017-6921</cvename>
+ <cvename>CVE-2017-6922</cvename>
+ </references>
+ <dates>
+ <discovery>2017-06-21</discovery>
+ <entry>2017-07-06</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="60931f98-55a7-11e7-8514-589cfc0654e1">
+ <topic>Dropbear -- two vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>dropbear</name>
+ <range><lt>2017.75</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Matt Johnston reports:</p>
+ <blockquote cite="https://matt.ucc.asn.au/dropbear/CHANGES">
+ <p>Fix double-free in server TCP listener cleanup A double-free in
+ the server could be triggered by an authenticated user if dropbear
+ is running with -a (Allow connections to forwarded ports from any
+ host) This could potentially allow arbitrary code execution as root
+ by an authenticated user.</p>
+ <p>Fix information disclosure with ~/.ssh/authorized_keys symlink.
+ Dropbear parsed authorized_keys as root, even if it were a symlink.
+ The fix is to switch to user permissions when opening authorized_keys.
+ </p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://matt.ucc.asn.au/dropbear/CHANGES</url>
+ <cvename>CVE-2017-9078</cvename>
+ <cvename>CVE-2017-9079</cvename>
+ </references>
+ <dates>
+ <discovery>2017-05-18</discovery>
+ <entry>2017-07-03</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="6e4e35c3-5fd1-11e7-9def-b499baebfeaf">
+ <topic>smarty3 -- shell injection in math</topic>
+ <affects>
+ <package>
+ <name>smarty3</name>
+ <range><lt>3.1.30</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The smarty project reports:</p>
+ <blockquote cite="https://github.com/smarty-php/smarty/blob/v3.1.30/change_log.txt">
+ <p>bugfix {math} shell injection vulnerability</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://github.com/smarty-php/smarty/blob/v3.1.30/change_log.txt</url>
+ </references>
+ <dates>
+ <discovery>2016-07-19</discovery>
+ <entry>2017-07-03</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="ed3bf433-5d92-11e7-aa14-e8e0b747a45a">
+ <topic>libgcrypt -- side-channel attack on RSA secret keys</topic>
+ <affects>
+ <package>
+ <name>libgcrypt</name>
+ <range><lt>1.7.8</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>GnuPG reports:</p>
+ <blockquote cite="https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html">
+ <p>Mitigate a flush+reload side-channel attack on RSA secret keys dubbed "Sliding right into disaster".</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-7526</cvename>
+ <url>https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html</url>
+ </references>
+ <dates>
+ <discovery>2017-06-29</discovery>
+ <entry>2017-06-30</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="85ebfa0c-5d8d-11e7-93f7-d43d7e971a1b">
+ <topic>GitLab -- Various security issues</topic>
+ <affects>
+ <package>
+ <name>gitlab</name>
+ <range><ge>4.0.0</ge><le>9.0.9</le></range>
+ <range><ge>9.1.0</ge><le>9.1.6</le></range>
+ <range><ge>9.2.0</ge><le>9.2.4</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>GitLab reports:</p>
+ <blockquote cite="https://about.gitlab.com/2017/06/07/gitlab-9-dot-2-dot-5-security-release/">
+ <h1>Cross-Site Scripting (XSS) vulnerability when editing comments</h1>
+ <p>A GitLab.com user reported that recent changes to Markdown rendering
+ designed to improve performance by allowing comments to be rendered
+ client-side opened a persistent Cross-Site Scripting (XSS) vulnerability
+ when comments are edited and then re-saved. This vulnerability is difficult
+ to exploit because a victim must be tricked into editing and then saving
+ another user's comment.</p>
+ <h1>API vulnerable to embedding in iFrames using Session Auth</h1>
+ <p>A tip from a Twitter user led to an internal code audit that discovered a
+ malicious website could embed a GitLab API URL inside an iFrame, possibly
+ tricking a user into thinking that the website had access to the user's
+ GitLab user information. This attack would not disclose the user's data to
+ the malicious website, but it could cause confusion and the API has added an
+ X-Frame-Options header to prevent content from the API being included in
+ iFrames.</p>
+ <h1>Accidental or malicious use of reserved names in group names could cause
+ deletion of all project avatars</h1>
+ <p>A GitLab.com user reported that creating a group named project and then
+ renaming the group would cause all project avatars to be deleted. This was
+ due to an improperly constructed path variable when renaming files. To help
+ prevent this from happening again all avatar uploads have been moved from
+ /public/uploads/(user|group|project) to
+ /public/uploads/system/(user|group|project) and system has been made a
+ reserved namespace. A migration included with this release will rename any
+ existing top-level system namespace to be system0 (or system1, system2,
+ etc.)</p>
+ <h1>Unauthenticated disclosure of usernames in autocomplete controller</h1>
+ <p>HackerOne reporter Evelyn Lee reported that usernames could be enumerated
+ using the autocomplete/users.json endpoint without authenticating. This
+ could allow an unauthenticated attacker to gather a list of all valid
+ usernames from a GitLab instance.</p>
+ <h1>Information leakage with references to private project snippets</h1>
+ <p>GitLab.com user Patrick Fiedler reported that titles of private project
+ snippets could leak when they were referenced in other issues, merge
+ requests, or comments.</p>
+ <h1>Elasticsearch does not implement external user checks correctly</h1>
+ <p>An internal code review discovered that on instances with Elasticsearch
+ enabled GitLab allowed external users to view internal project data. This
+ could unintentionally expose sensitive information to external users. This
+ vulnerability only affects EE installations with Elasticsearch enabled.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://about.gitlab.com/2017/06/07/gitlab-9-dot-2-dot-5-security-release/</url>
+ </references>
+ <dates>
+ <discovery>2017-06-07</discovery>
+ <entry>2017-06-30</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="0b9f4b5e-5d82-11e7-85df-14dae9d5a9d2">
+ <topic>tor -- security regression</topic>
+ <affects>
+ <package>
+ <name>tor</name>
+ <range><lt>0.3.0.9</lt></range>
+ </package>
+ <package>
+ <name>tor-devel</name>
+ <range><lt>0.3.1.4.a</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Tor Project reports:</p>
+ <blockquote cite="https://lists.torproject.org/pipermail/tor-announce/2017-June/000133.html">
+ <p>Tor 0.3.0.9 fixes a path selection bug that would allow a client
+ to use a guard that was in the same network family as a chosen exit
+ relay. This is a security regression; all clients running earlier
+ versions of 0.3.0.x or 0.3.1.x should upgrade to 0.3.0.9 or
+ 0.3.1.4-alpha.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://blog.torproject.org/blog/tor-0309-released-security-update-clients</url>
+ <url>https://blog.torproject.org/blog/tor-0314-alpha-released-security-update-clients</url>
+ <url>https://lists.torproject.org/pipermail/tor-announce/2017-June/000133.html</url>
+ <cvename>CVE-2017-0377</cvename>
+ </references>
+ <dates>
+ <discovery>2017-06-29</discovery>
+ <entry>2017-06-30</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="8c1a271d-56cf-11e7-b9fe-c13eb7bcbf4f">
+ <topic>exim -- Privilege escalation via multiple memory leaks</topic>
+ <affects>
+ <package>
+ <name>exim</name>
+ <range><lt>4.89_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Qualsys reports:</p>
+ <blockquote cite="https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt">
+ <p>
+ Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a new point release is available that addresses this issue at this time.
+ </p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000369</url>
+ </references>
+ <dates>
+ <discovery>2017-06-19</discovery>
+ <entry>2017-06-21</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="00e4050b-56c1-11e7-8e66-08606e46faad">
+ <topic>pear-Horde_Image -- DoS vulnerability</topic>
+ <affects>
+ <package>
+ <name>pear-Horde_Image</name>
+ <range><gt>2.3.0</gt><lt>2.5.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Michael J Rubinsky reports:</p>
+ <blockquote cite="https://lists.horde.org/archives/announce/2017/001234.html">
+ <p>The second vulnerability (CVE-2017-9773) is a DOS vulnerability.
+This only affects Horde installations that do not have a configured image
+handling backend, and thus use the "Null" image driver. It is exploitable by
+a logged in user clicking on a maliciously crafted URL.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://lists.horde.org/archives/announce/2017/001234.html</url>
+ <cvename>CVE-2017-9773</cvename>
+ </references>
+ <dates>
+ <discovery>2017-06-21</discovery>
+ <entry>2017-06-21</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="a7003121-56bf-11e7-8e66-08606e46faad">
+ <topic>pear-Horde_Image -- remote code execution vulnerability</topic>
+ <affects>
+ <package>
+ <name>pear-Horde_Image</name>
+ <range><ge>2.0.0</ge><lt>2.5.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Michael J Rubinsky reports:</p>
+ <blockquote cite="https://lists.horde.org/archives/announce/2017/001234.html">
+ <p>The fist vulnerability (CVE-2017-9774) is a Remote Code Execution
+vulnerability and is exploitable by a logged in user sending a
+maliciously crafted GET request to the Horde server.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://lists.horde.org/archives/announce/2017/001234.html</url>
+ <cvename>CVE-2017-9774</cvename>
+ </references>
+ <dates>
+ <discovery>2017-06-21</discovery>
+ <entry>2017-06-21</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="9f65d382-56a4-11e7-83e3-080027ef73ec">
+ <topic>OpenVPN -- several vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>openvpn</name>
+ <range><lt>2.3.17</lt></range>
+ <range><ge>2.4.0</ge><lt>2.4.3</lt></range>
+ </package>
+ <package>
+ <name>openvpn-mbedtls</name>
+ <range><lt>2.4.3</lt></range>
+ </package>
+ <package>
+ <name>openvpn-polarssl</name>
+ <range><lt>2.3.17</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Samuli Seppänen reports:</p>
+ <blockquote cite="https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243">
+ <p>In May/June 2017 Guido Vranken threw a fuzzer at OpenVPN 2.4.2. In
+ the process he found several vulnerabilities and reported them to
+ the OpenVPN project. [...] The first releases to have these fixes are OpenVPN 2.4.3 and 2.3.17.</p>
+ <p>This is a list of fixed important vulnerabilities:</p>
+ <ul>
+ <li>Remotely-triggerable ASSERT() on malformed IPv6 packet</li>
+ <li>Pre-authentication remote crash/information disclosure for clients</li>
+ <li>Potential double-free in --x509-alt-username</li>
+ <li>Remote-triggerable memory leaks</li>
+ <li>Post-authentication remote DoS when using the --x509-track option</li>
+ <li>Null-pointer dereference in establish_http_proxy_passthru()</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243</url>
+ <cvename>CVE-2017-7508</cvename>
+ <cvename>CVE-2017-7512</cvename>
+ <cvename>CVE-2017-7520</cvename>
+ <cvename>CVE-2017-7521</cvename>
+ <cvename>CVE-2017-7522</cvename>
+ </references>
+ <dates>
+ <discovery>2017-05-19</discovery>
+ <entry>2017-06-21</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="0c2db2aa-5584-11e7-9a7d-b499baebfeaf">
+ <topic>Apache httpd -- several vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>apache22</name>
+ <range><lt>2.2.33</lt></range>
+ </package>
+ <package>
+ <name>apache24</name>
+ <range><lt>2.4.26</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Apache httpd project reports:</p>
+ <blockquote cite="http://httpd.apache.org/security/vulnerabilities_24.html">
+ <ul>
+ <li>ap_get_basic_auth_pw() Authentication Bypass (CVE-2017-3167):<br/>
+ Use of the ap_get_basic_auth_pw() by third-party modules outside
+ of the authentication phase may lead to authentication requirements
+ being bypassed.</li>
+ <li>mod_ssl Null Pointer Dereference (CVE-2017-3169):<br/>mod_ssl may
+ dereference a NULL pointer when third-party modules
+ call ap_hook_process_connection() during an HTTP request to an HTTPS
+ port.</li>
+ <li>mod_http2 Null Pointer Dereference (CVE-2017-7659):<br/> A maliciously
+ constructed HTTP/2 request could cause mod_http2 to dereference a NULL
+ pointer and crash the server process.</li>
+ <li>ap_find_token() Buffer Overread (CVE-2017-7668):<br/>The HTTP strict
+ parsing changes added in 2.2.32 and 2.4.24 introduced a bug in token
+ list parsing, which allows ap_find_token() to search past the end of its
+ input string. By maliciously crafting a sequence of request headers, an
+ attacker may be able to cause a segmentation fault, or to force
+ ap_find_token() to return an incorrect value.</li>
+ <li>mod_mime Buffer Overread (CVE-2017-7679):<br/>mod_mime can read one
+ byte past the end of a buffer when sending a malicious Content-Type
+ response header.</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://httpd.apache.org/security/vulnerabilities_24.html</url>
+ <url>https://httpd.apache.org/security/vulnerabilities_22.html</url>
+ <cvename>CVE-2017-3167</cvename>
+ <cvename>CVE-2017-3169</cvename>
+ <cvename>CVE-2017-7659</cvename>
+ <cvename>CVE-2017-7668</cvename>
+ <cvename>CVE-2017-7679</cvename>
+ </references>
+ <dates>
+ <discovery>2017-06-20</discovery>
+ <entry>2017-06-20</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="f53dd5cc-527f-11e7-a772-e8e0b747a45a">
+ <topic>chromium -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <name>chromium-pulse</name>
+ <range><lt>59.0.3071.104</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Google Chrome releases reports:</p>
+ <blockquote cite="https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_15.html">
+ <p>5 security fixes in this release, including:</p>
+ <ul>
+ <li>[725032] High CVE-2017-5087: Sandbox Escape in IndexedDB. Reported by
+ Ned Williamson on 2017-05-22</li>
+ <li>[729991] High CVE-2017-5088: Out of bounds read in V8. Reported by
+ Xiling Gong of Tencent Security Platform Department on 2017-06-06</li>
+ <li>[714196] Medium CVE-2017-5089: Domain spoofing in Omnibox. Reported by
+ Michal Bentkowski on 2017-04-21</li>
+ <li>[732498] Various fixes from internal audits, fuzzing and other initiatives</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-5087</cvename>
+ <cvename>CVE-2017-5088</cvename>
+ <cvename>CVE-2017-5089</cvename>
+ <url>https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_15.html</url>
+ </references>
+ <dates>
+ <discovery>2017-06-15</discovery>
+ <entry>2017-06-16</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="9314058e-5204-11e7-b712-b1a44a034d72">
+ <topic>cURL -- URL file scheme drive letter buffer overflow</topic>
+ <affects>
+ <package>
+ <name>curl</name>
+ <range><ge>7.53.0</ge><lt>7.54.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>cURL security advisory:</p>
+ <blockquote cite="https://curl.haxx.se/docs/adv_20170614.html">
+ <p>When libcurl is given either</p>
+ <p>1. a file: URL that doesn't use two slashes following the colon, or</p>
+ <p>2. is told that file is the default scheme to use for URLs without scheme</p>
+ <p>... and the given path starts with a drive letter and libcurl is built for
+ Windows or DOS, then libcurl would copy the path with a wrong offset, so that
+ the end of the given path would write beyond the malloc buffer. Up to seven
+ bytes too much.</p>
+ <p>We are not aware of any exploit of this flaw.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-9502</cvename>
+ <url>https://curl.haxx.se/docs/adv_20170614.html</url>
+ </references>
+ <dates>
+ <discovery>2017-06-14</discovery>
+ <entry>2017-06-15</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="7a92e958-5207-11e7-8d7c-6805ca0b3d42">
+ <topic>rt and dependent modules -- multiple security vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>rt42</name>
+ <range><ge>4.2.0</ge><lt>4.2.13_1</lt></range>
+ </package>
+ <package>
+ <name>rt44</name>
+ <range><ge>4.4.0</ge><lt>4.4.1_1</lt></range>
+ </package>
+ <package>
+ <name>p5-RT-Authen-ExternalAuth</name>
+ <range><ge>0.9</ge><lt>0.27</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>BestPractical reports:</p>
+ <blockquote cite="http://lists.bestpractical.com/pipermail/rt-announce/2017-June/000297.html">
+ <p>RT 4.0.0 and above are vulnerable to an information
+ leak of cross-site request forgery (CSRF) verification
+ tokens if a user visits a specific URL crafted by an
+ attacker. This vulnerability is assigned CVE-2017-5943. It
+ was discovered by a third-party security researcher.</p>
+
+ <p>RT 4.0.0 and above are vulnerable to a cross-site
+ scripting (XSS) attack if an attacker uploads a malicious
+ file with a certain content type. Installations which use
+ the AlwaysDownloadAttachments config setting are
+ unaffected. This fix addresses all existant and future
+ uploaded attachments. This vulnerability is assigned
+ CVE-2016-6127. This was responsibly disclosed to us first
+ by Scott Russo and the GE Application Security Assessment
+ Team.</p>
+
+ <p>One of RT's dependencies, a Perl module named
+ Email::Address, has a denial of service vulnerability
+ which could induce a denial of service of RT itself. We
+ recommend administrators install Email::Address version
+ 1.908 or above, though we additionally provide a new
+ workaround within RT. Tss vulnerability was assigned
+ CVE-2015-7686. This vulnerability's application to RT was
+ brought to our attention by Pali Rohár.</p>
+
+ <p>RT 4.0.0 and above are vulnerable to timing
+ side-channel attacks for user passwords. By carefully
+ measuring millions or billions of login attempts, an
+ attacker could crack a user's password even over the
+ internet. RT now uses a constant-time comparison algorithm
+ for secrets to thwart such attacks. This vulnerability is
+ assigned CVE-2017-5361. This was responsibly disclosed to
+ us by Aaron Kondziela.</p>
+
+ <p>RT's ExternalAuth feature is vulnerable to a similar
+ timing side-channel attack. Both RT 4.0/4.2 with the
+ widely-deployed RT::Authen::ExternalAuth extension, as
+ well as the core ExternalAuth feature in RT 4.4 are
+ vulnerable. Installations which don't use ExternalAuth, or
+ which use ExternalAuth for LDAP/ActiveDirectory
+ authentication, or which use ExternalAuth for cookie-based
+ authentication, are unaffected. Only ExternalAuth in DBI
+ (database) mode is vulnerable.</p>
+
+ <p>RT 4.0.0 and above are potentially vulnerable to a
+ remote code execution attack in the dashboard subscription
+ interface. A privileged attacker can cause unexpected code
+ to be executed through carefully-crafted saved search
+ names. Though we have not been able to demonstrate an
+ actual attack owing to other defenses in place, it could
+ be possible. This fix addresses all existant and future
+ saved searches. This vulnerability is assigned
+ CVE-2017-5944. It was discovered by an internal security
+ audit.</p>
+
+ <p>RT 4.0.0 and above have misleading documentation which
+ could reduce system security. The RestrictLoginReferrer
+ config setting (which has security implications) was
+ inconsistent with its implementation, which checked for a
+ slightly different variable name. RT will now check for
+ the incorrect name and produce an error message. This was
+ responsibly disclosed to us by Alex Vandiver.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://lists.bestpractical.com/pipermail/rt-announce/2017-June/000297.html</url>
+ <cvename>CVE-2015-7686</cvename>
+ <cvename>CVE-2016-6127</cvename>
+ <cvename>CVE-2017-5361</cvename>
+ <cvename>CVE-2017-5943</cvename>
+ <cvename>CVE-2017-5944</cvename>
+ </references>
+ <dates>
+ <discovery>2017-06-15</discovery>
+ <entry>2017-06-15</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="cd944b3f-51f6-11e7-b7b2-001c25e46b1d">
+ <topic>Flash Player -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>linux-flashplayer</name>
+ <range><lt>26.0.0.126</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Adobe reports:</p>
+ <blockquote cite="https://helpx.adobe.com/security/products/flash-player/apsb17-17.html">
+ <ul>
+ <li>These updates resolve use-after-free vulnerabilities that
+ could lead to code execution (CVE-2017-3075, CVE-2017-3081,
+ CVE-2017-3083, CVE-2017-3084).</li>
+ <li>These updates resolve memory corruption vulnerabilities that
+ could lead to code execution (CVE-2017-3076, CVE-2017-3077,
+ CVE-2017-3078, CVE-2017-3079, CVE-2017-3082).</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-3075</cvename>
+ <cvename>CVE-2017-3076</cvename>
+ <cvename>CVE-2017-3077</cvename>
+ <cvename>CVE-2017-3078</cvename>
+ <cvename>CVE-2017-3079</cvename>
+ <cvename>CVE-2017-3081</cvename>
+ <cvename>CVE-2017-3082</cvename>
+ <cvename>CVE-2017-3083</cvename>
+ <cvename>CVE-2017-3084</cvename>
+ <url>https://helpx.adobe.com/security/products/flash-player/apsb17-17.html</url>
+ </references>
+ <dates>
+ <discovery>2017-06-13</discovery>
+ <entry>2017-06-15</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="6cec1b0a-da15-467d-8691-1dea392d4c8d">
+ <topic>mozilla -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>54.0,1</lt></range>
+ </package>
+ <package>
+ <name>seamonkey</name>
+ <name>linux-seamonkey</name>
+ <range><lt>2.49.1</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>52.2.0,1</lt></range>
+ </package>
+ <package>
+ <name>linux-firefox</name>
+ <range><lt>52.2.0,2</lt></range>
+ </package>
+ <package>
+ <name>libxul</name>
+ <name>thunderbird</name>
+ <name>linux-thunderbird</name>
+ <range><lt>52.2.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mozilla Foundation reports:</p>
+ <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/">
+ <p>CVE-2017-5472: Use-after-free using destroyed node when regenerating trees</p>
+ <p>CVE-2017-7749: Use-after-free during docshell reloading</p>
+ <p>CVE-2017-7750: Use-after-free with track elements</p>
+ <p>CVE-2017-7751: Use-after-free with content viewer listeners</p>
+ <p>CVE-2017-7752: Use-after-free with IME input</p>
+ <p>CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object</p>
+ <p>CVE-2017-7755: Privilege escalation through Firefox Installer with same directory DLL files</p>
+ <p>CVE-2017-7756: Use-after-free and use-after-scope logging XHR header errors</p>
+ <p>CVE-2017-7757: Use-after-free in IndexedDB</p>
+ <p>CVE-2017-7778: Vulnerabilities in the Graphite 2 library</p>
+ <p>CVE-2017-7758: Out-of-bounds read in Opus encoder</p>
+ <p>CVE-2017-7759: Android intent URLs can cause navigation to local file system</p>
+ <p>CVE-2017-7760: File manipulation and privilege escalation via callback parameter in Mozilla Windows Updater and Maintenance Service</p>
+ <p>CVE-2017-7761: File deletion and privilege escalation through Mozilla Maintenance Service helper.exe application</p>
+ <p>CVE-2017-7762: Addressbar spoofing in Reader mode</p>
+ <p>CVE-2017-7763: Mac fonts render some unicode characters as spaces</p>
+ <p>CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics and other unicode blocks</p>
+ <p>CVE-2017-7765: Mark of the Web bypass when saving executable files</p>
+ <p>CVE-2017-7766: File execution and privilege escalation through updater.ini, Mozilla Windows Updater, and Mozilla Maintenance Service</p>
+ <p>CVE-2017-7767: Privilege escalation and arbitrary file overwrites through Mozilla Windows Updater and Mozilla Maintenance Service</p>
+ <p>CVE-2017-7768: 32 byte arbitrary file read through Mozilla Maintenance Service</p>
+ <p>CVE-2017-5471: Memory safety bugs fixed in Firefox 54</p>
+ <p>CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-5470</cvename>
+ <cvename>CVE-2017-5471</cvename>
+ <cvename>CVE-2017-5472</cvename>
+ <cvename>CVE-2017-7749</cvename>
+ <cvename>CVE-2017-7750</cvename>
+ <cvename>CVE-2017-7751</cvename>
+ <cvename>CVE-2017-7752</cvename>
+ <cvename>CVE-2017-7754</cvename>
+ <cvename>CVE-2017-7755</cvename>
+ <cvename>CVE-2017-7756</cvename>
+ <cvename>CVE-2017-7757</cvename>
+ <cvename>CVE-2017-7758</cvename>
+ <cvename>CVE-2017-7759</cvename>
+ <cvename>CVE-2017-7760</cvename>
+ <cvename>CVE-2017-7761</cvename>
+ <cvename>CVE-2017-7762</cvename>
+ <cvename>CVE-2017-7763</cvename>
+ <cvename>CVE-2017-7764</cvename>
+ <cvename>CVE-2017-7765</cvename>
+ <cvename>CVE-2017-7766</cvename>
+ <cvename>CVE-2017-7767</cvename>
+ <cvename>CVE-2017-7768</cvename>
+ <cvename>CVE-2017-7778</cvename>
+ <url>https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/</url>
+ <url>https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/</url>
+ </references>
+ <dates>
+ <discovery>2017-06-13</discovery>
+ <entry>2017-06-13</entry>
+ <modified>2017-09-19</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="bce47c89-4d3f-11e7-8080-a4badb2f4699">
+ <topic>roundcube -- arbitrary password resets</topic>
+ <affects>
+ <package>
+ <name>roundcube</name>
+ <range><lt>1.2.5,1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Roundcube reports:</p>
+ <blockquote cite="https://roundcube.net/news/2017/04/28/security-updates-1.2.5-1.1.9-and-1.0.11">
+ <p>Roundcube Webmail allows arbitrary password resets by
+ authenticated users. The problem is caused by an improperly restricted
+ exec call in the virtualmin and sasl drivers of the password plugin.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://roundcube.net/news/2017/04/28/security-updates-1.2.5-1.1.9-and-1.0.11</url>
+ <cvename>CVE-2017-8114</cvename>
+ </references>
+ <dates>
+ <discovery>2017-04-28</discovery>
+ <entry>2017-06-09</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="b33fb1e0-4c37-11e7-afeb-0011d823eebd">
+ <topic>GnuTLS -- Denial of service vulnerability</topic>
+ <affects>
+ <package>
+ <name>gnutls</name>
+ <range><lt>3.5.13</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The GnuTLS project reports:</p>
+ <blockquote cite="https://gnutls.org/security.html#GNUTLS-SA-2017-4">
+ <p>It was found using the TLS fuzzer tools that decoding a status
+ response TLS extension with valid contents could lead to a crash
+ due to a null pointer dereference. The issue affects GnuTLS server
+ applications.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://gnutls.org/security.html#GNUTLS-SA-2017-4</url>
+ </references>
+ <dates>
+ <discovery>2017-06-07</discovery>
+ <entry>2017-06-08</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="165e8951-4be0-11e7-a539-0050569f7e80">
+ <topic>irssi -- remote DoS</topic>
+ <affects>
+ <package>
+ <name>irssi</name>
+ <range><lt>1.0.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Joseph Bisch reports:</p>
+ <blockquote cite="https://irssi.org/security/irssi_sa_2017_06.txt">
+ <p>When receiving a DCC message without source nick/host, Irssi would
+ attempt to dereference a NULL pointer.</p>
+ <p>When receiving certain incorrectly quoted DCC files, Irssi would
+ try to find the terminating quote one byte before the allocated
+ memory.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-9468</cvename>
+ <cvename>CVE-2017-9469</cvename>
+ <url>https://irssi.org/security/irssi_sa_2017_06.txt</url>
+ </references>
+ <dates>
+ <discovery>2017-06-06</discovery>
+ <entry>2017-06-08</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="52f4b48b-4ac3-11e7-99aa-e8e0b747a45a">
+ <topic>chromium -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <name>chromium-pulse</name>
+ <range><lt>59.0.3071.86</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Google Chrome releases reports:</p>
+ <blockquote cite="https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html">
+ <p>30 security fixes in this release, including:</p>
+ <ul>
+ <li>[722756] High CVE-2017-5070: Type confusion in V8. Reported by
+ Zhao Qixun of Qihoo 360 Vulcan Team on 2017-05-16</li>
+ <li>[715582] High CVE-2017-5071: Out of bounds read in V8. Reported by
+ Choongwood Han on 2017-04-26</li>
+ <li>[709417] High CVE-2017-5072: Address spoofing in Omnibox. Reported by
+ Rayyan Bijoora on 2017-04-07</li>
+ <li>[716474] High CVE-2017-5073: Use after free in print preview. Reported by
+ Khalil Zhani on 2017-04-28</li>
+ <li>[700040] High CVE-2017-5074: Use after free in Apps Bluetooth. Reported by
+ anonymous on 2017-03-09</li>
+ <li>[678776] Medium CVE-2017-5075: Information leak in CSP reporting. Reported by
+ Emmanuel Gil Peyrot on 2017-01-05</li>
+ <li>[722639] Medium CVE-2017-5086: Address spoofing in Omnibox. Reported by
+ Rayyan Bijoora on 2017-05-16</li>
+ <li>[719199] Medium CVE-2017-5076: Address spoofing in Omnibox. Reported by
+ Samuel Erb on 2017-05-06</li>
+ <li>[716311] Medium CVE-2017-5077: Heap buffer overflow in Skia. Reported by
+ Sweetchip on 2017-04-28</li>
+ <li>[711020] Medium CVE-2017-5078: Possible command injection in mailto handling.
+ Reported by Jose Carlos Exposito Bueno on 2017-04-12</li>
+ <li>[713686] Medium CVE-2017-5079: UI spoofing in Blink. Reported by
+ Khalil Zhani on 2017-04-20</li>
+ <li>[708819] Medium CVE-2017-5080: Use after free in credit card autofill.
+ Reported by Khalil Zhani on 2017-04-05</li>
+ <li>[672008] Medium CVE-2017-5081: Extension verification bypass. Reported by
+ Andrey Kovalev of Yandex Security Team on 2016-12-07</li>
+ <li>[721579] Low CVE-2017-5082: Insufficient hardening in credit card editor.
+ Reported by Nightwatch Cybersecurity Research on 2017-05-11</li>
+ <li>[714849] Low CVE-2017-5083: UI spoofing in Blink. Reported by
+ Khalil Zhani on 2017-04-24</li>
+ <li>[692378] Low CVE-2017-5085: Inappropriate javascript execution on WebUI pages.
+ Reported by Zhiyang Zeng of Tencent security platform department on 2017-02-15</li>
+ <li>[729639] Various fixes from internal audits, fuzzing and other initiatives</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-5070</cvename>
+ <cvename>CVE-2017-5071</cvename>
+ <cvename>CVE-2017-5072</cvename>
+ <cvename>CVE-2017-5073</cvename>
+ <cvename>CVE-2017-5074</cvename>
+ <cvename>CVE-2017-5075</cvename>
+ <cvename>CVE-2017-5086</cvename>
+ <cvename>CVE-2017-5076</cvename>
+ <cvename>CVE-2017-5077</cvename>
+ <cvename>CVE-2017-5078</cvename>
+ <cvename>CVE-2017-5079</cvename>
+ <cvename>CVE-2017-5080</cvename>
+ <cvename>CVE-2017-5081</cvename>
+ <cvename>CVE-2017-5082</cvename>
+ <cvename>CVE-2017-5083</cvename>
+ <cvename>CVE-2017-5085</cvename>
+ <url>https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html</url>
+ </references>
+ <dates>
+ <discovery>2017-06-05</discovery>
+ <entry>2017-06-06</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="15a04b9f-47cb-11e7-a853-001fbc0f280f">
+ <topic>ansible -- Input validation flaw in jinja2 templating system</topic>
+ <affects>
+ <package>
+ <name>ansible</name>
+ <range><lt>2.3.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>RedHat security team reports:</p>
+ <blockquote cite="https://access.redhat.com/security/cve/cve-2017-7481">
+ <p>An input validation flaw was found in Ansible, where it fails to
+ properly mark lookup-plugin results as unsafe. If an attacker could
+ control the results of lookup() calls, they could inject Unicode
+ strings to be parsed by the jinja2 templating system, result in
+ code execution.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://access.redhat.com/security/cve/cve-2017-7481</url>
+ <url>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7481</url>
+ </references>
+ <dates>
+ <discovery>2017-05-09</discovery>
+ <entry>2017-06-02</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="738e8ae1-46dd-11e7-a539-0050569f7e80">
+ <topic>duo -- Two-factor authentication bypass</topic>
+ <affects>
+ <package>
+ <name>duo</name>
+ <range><lt>1.9.21</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The duo security team reports:</p>
+ <blockquote cite="https://duo.com/labs/psa/duo-psa-2017-002">
+ <p>An untrusted user may be able to set the http_proxy variable to
+ an invalid address. If this happens, this will trigger the
+ configured 'failmode' behavior, which defaults to safe. Safe
+ mode causes the authentication to report a success.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://duo.com/labs/psa/duo-psa-2017-002</url>
+ </references>
+ <dates>
+ <discovery>2017-05-19</discovery>
+ <entry>2017-06-01</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="673dce46-46d0-11e7-a539-0050569f7e80">
+ <topic>FreeRADIUS -- TLS resumption authentication bypass</topic>
+ <affects>
+ <package>
+ <name>freeradius</name>
+ <name>freeradius2</name>
+ <name>freeradius3</name>
+ <range><lt>3.0.14</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Stefan Winter reports:</p>
+ <blockquote cite="http://seclists.org/oss-sec/2017/q2/342">
+ <p>The TLS session cache in FreeRADIUS before 3.0.14 fails to
+ reliably prevent resumption of an unauthenticated session, which
+ allows remote attackers (such as malicious 802.1X supplicants) to
+ bypass authentication via PEAP or TTLS.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-9148</cvename>
+ <url>http://freeradius.org/security.html</url>
+ <url>http://seclists.org/oss-sec/2017/q2/342</url>
+ <url>http://www.securityfocus.com/bid/98734</url>
+ </references>
+ <dates>
+ <discovery>2017-02-03</discovery>
+ <entry>2017-06-01</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="40a8d798-4615-11e7-8080-a4badb2f4699">
+ <topic>heimdal -- bypass of capath policy</topic>
+ <affects>
+ <package>
+ <name>heimdal</name>
+ <range><lt>7.1.0_3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Viktor Dukhovni reports:</p>
+ <blockquote cite="https://www.h5l.org/advisories.html?show=2017-04-13">
+ <p>Commit f469fc6 (2010-10-02) inadvertently caused the
+ previous hop realm to not be added to the transit path of issued
+ tickets. This may, in some cases, enable bypass of capath policy in
+ Heimdal versions 1.5 through 7.2. Note, this may break sites that rely
+ on the bug. With the bug some incomplete [capaths] worked, that should
+ not have. These may now break authentication in some cross-realm
+ configurations. (CVE-2017-6594)</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>CVE-2017-6594</url>
+ <freebsdpr>ports/219657</freebsdpr>
+ </references>
+ <dates>
+ <discovery>2017-04-13</discovery>
+ <entry>2017-05-31</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="51d1282d-420e-11e7-82c5-14dae9d210b8">
+ <topic>FreeBSD -- ipfilter(4) fragment handling panic</topic>
+ <affects>
+ <package>
+ <name>FreeBSD-kernel</name>
+ <range><ge>11.0</ge><lt>11.0_10</lt></range>
+ <range><ge>10.3</ge><lt>10.3_19</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>ipfilter(4), capable of stateful packet inspection, using
+ the "keep state" or "keep frags" rule options, will not
+ only maintain the state of connections, such as TCP streams
+ or UDP communication, it also maintains the state of
+ fragmented packets. When a packet fragments are received
+ they are cached in a hash table (and linked list). When a
+ fragment is received it is compared with fragments already
+ cached in the hash table for a match. If it does not match
+ the new entry is used to create a new entry in the hash
+ table. If on the other hand it does match, unfortunately
+ the wrong entry is freed, the entry in the hash table. This
+ results in use after free panic (and for a brief moment
+ prior to the panic a memory leak due to the wrong entry
+ being freed).</p>
+ <h1>Impact:</h1>
+ <p>Carefully feeding fragments that are allowed to pass by
+ an ipfilter(4) firewall can be used to cause a panic followed
+ by reboot loop denial of service attack.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-1081</cvename>
+ <freebsdsa>SA-17:04.ipfilter</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2017-04-27</discovery>
+ <entry>2017-05-26</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="3c0237f5-420e-11e7-82c5-14dae9d210b8">
+ <topic>FreeBSD -- Multiple vulnerabilities of ntp</topic>
+ <affects>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>11.0</ge><lt>11.0_9</lt></range>
+ <range><ge>10.3</ge><lt>10.3_18</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>A vulnerability was discovered in the NTP server's parsing
+ of configuration directives. [CVE-2017-6464]</p>
+ <p>A vulnerability was found in NTP, in the parsing of
+ packets from the DPTS Clock. [CVE-2017-6462]</p>
+ <p>A vulnerability was discovered in the NTP server's parsing
+ of configuration directives. [CVE-2017-6463]</p>
+ <p>A vulnerability was found in NTP, affecting the origin
+ timestamp check function. [CVE-2016-9042]</p>
+ <h1>Impact:</h1>
+ <p>A remote, authenticated attacker could cause ntpd to
+ crash by sending a crafted message. [CVE-2017-6463,
+ CVE-2017-6464]</p>
+ <p>A malicious device could send crafted messages, causing
+ ntpd to crash. [CVE-2017-6462]</p>
+ <p>An attacker able to spoof messages from all of the
+ configured peers could send crafted packets to ntpd, causing
+ later replies from those peers to be discarded, resulting
+ in denial of service. [CVE-2016-9042]</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-9042</cvename>
+ <cvename>CVE-2017-6462</cvename>
+ <cvename>CVE-2017-6463</cvename>
+ <cvename>CVE-2017-6464</cvename>
+ <freebsdsa>SA-17:03.ntp</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2017-04-12</discovery>
+ <entry>2017-05-26</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="ec6aeb8e-41e4-11e7-aa00-5404a68ad561">
+ <topic>vlc -- remote code execution via crafted subtitles</topic>
+ <affects>
+ <package>
+ <name>vlc</name>
+ <range><lt>2.2.6,4</lt></range>
+ </package>
+ <package>
+ <name>vlc-qt4</name>
+ <range><lt>2.2.6,4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Check Point research team reports:</p>
+ <blockquote cite="http://blog.checkpoint.com/2017/05/23/hacked-in-translation/">
+ <p>Remote code execution via crafted subtitles</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://blog.checkpoint.com/2017/05/23/hacked-in-translation/</url>
+ </references>
+ <dates>
+ <discovery>2017-05-23</discovery>
+ <entry>2017-05-26</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="803879e9-4195-11e7-9b08-080027ef73ec">
+ <topic>OpenEXR -- multiple remote code execution and denial of service vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>OpenEXR</name>
+ <range><lt>2.2.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Brandon Perry reports:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2017/05/12/5">
+ <p>[There] is a zip file of EXR images that cause segmentation faults in the OpenEXR library (tested against 2.2.0).</p>
+ <ul>
+ <li>CVE-2017-9110
+ In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash.</li>
+ <li>CVE-2017-9111
+ In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code.</li>
+ <li>CVE-2017-9112
+ In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ImfHuf.cpp could cause the application to crash.</li>
+ <li>CVE-2017-9113
+ In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code.</li>
+ <li>CVE-2017-9114
+ In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash.</li>
+ <li>CVE-2017-9115
+ In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code.</li>
+ <li>CVE-2017-9116
+ In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function in ImfZip.cpp could cause the application to crash.</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.openwall.com/lists/oss-security/2017/05/12/5</url>
+ <cvename>CVE-2017-9110</cvename>
+ <cvename>CVE-2017-9111</cvename>
+ <cvename>CVE-2017-9112</cvename>
+ <cvename>CVE-2017-9113</cvename>
+ <cvename>CVE-2017-9114</cvename>
+ <cvename>CVE-2017-9115</cvename>
+ <cvename>CVE-2017-9116</cvename>
+ <url>https://github.com/openexr/openexr/issues/232</url>
+ </references>
+ <dates>
+ <discovery>2017-01-12</discovery>
+ <entry>2017-05-25</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="50776801-4183-11e7-b291-b499baebfeaf">
+ <topic>ImageMagick -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>ImageMagick</name>
+ <name>ImageMagick-nox11</name>
+ <range><lt>6.9.6.4_2,1</lt></range>
+ <range><ge>6.9.7.0,1</ge><lt>6.9.8.8,1</lt></range>
+ </package>
+ <package>
+ <name>ImageMagick7</name>
+ <name>ImageMagick7-nox11</name>
+ <range><lt>7.0.5.9</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <blockquote cite="https://nvd.nist.gov/vuln/search/results?query=ImageMagick">
+ <ul>
+ <li>CVE-2017-5506: Double free vulnerability in magick/profile.c in
+ ImageMagick allows remote attackers to have unspecified impact via
+ a crafted file.</li>
+ <li>CVE-2017-5507: Memory leak in coders/mpc.c in ImageMagick before
+ 6.9.7-4 and 7.x before 7.0.4-4 allows remote attackers to cause a
+ denial of service (memory consumption) via vectors involving a
+ pixel cache.</li>
+ <li>CVE-2017-5508: Heap-based buffer overflow in the
+ PushQuantumPixel function in ImageMagick before 6.9.7-3 and 7.x
+ before 7.0.4-3 allows remote attackers to cause a denial of
+ service (application crash) via a crafted TIFF file.</li>
+ <li>CVE-2017-5509: coders/psd.c in ImageMagick allows remote
+ attackers to have unspecified impact via a crafted PSD file, which
+ triggers an out-of-bounds write.</li>
+ <li>CVE-2017-5510: coders/psd.c in ImageMagick allows remote
+ attackers to have unspecified impact via a crafted PSD file, which
+ triggers an out-of-bounds write.</li>
+ <li>CVE-2017-5511: coders/psd.c in ImageMagick allows remote
+ attackers to have unspecified impact by leveraging an improper
+ cast, which triggers a heap-based buffer overflow.</li>
+ <li>CVE-2017-6497: An issue was discovered in ImageMagick 6.9.7.
+ A specially crafted psd file could lead to a NULL pointer
+ dereference (thus, a DoS).</li>
+ <li>CVE-2017-6498: An issue was discovered in ImageMagick 6.9.7.
+ Incorrect TGA files could trigger assertion failures, thus leading
+ to DoS.</li>
+ <li>CVE-2017-6499: An issue was discovered in Magick++ in
+ ImageMagick 6.9.7. A specially crafted file creating a nested
+ exception could lead to a memory leak (thus, a DoS).</li>
+ <li>CVE-2017-6500: An issue was discovered in ImageMagick 6.9.7.
+ A specially crafted sun file triggers a heap-based
+ buffer over-read.</li>
+ <li>CVE-2017-6501: An issue was discovered in ImageMagick 6.9.7.
+ A specially crafted xcf file could lead to a NULL pointer
+ dereference.</li>
+ <li>CVE-2017-6502: An issue was discovered in ImageMagick 6.9.7.
+ A specially crafted webp file could lead to a file-descriptor
+ leak in libmagickcore (thus, a DoS).</li>
+ <li>CVE-2017-7275: The ReadPCXImage function in coders/pcx.c in
+ ImageMagick 7.0.4.9 allows remote attackers to cause a denial of
+ service (attempted large memory allocation and application crash)
+ via a crafted file. NOTE: this vulnerability exists because of an
+ incomplete fix for CVE-2016-8862 and CVE-2016-8866.</li>
+ <li>CVE-2017-7606: coders/rle.c in ImageMagick 7.0.5-4 has an
+ "outside the range of representable values of type unsigned char"
+ undefined behavior issue, which might allow remote attackers to
+ cause a denial of service (application crash) or possibly have
+ unspecified other impact via a crafted image.</li>
+ <li>CVE-2017-7619: In ImageMagick 7.0.4-9, an infinite loop can
+ occur because of a floating-point rounding error in some of the
+ color algorithms. This affects ModulateHSL, ModulateHCL,
+ ModulateHCLp, ModulateHSB, ModulateHSI, ModulateHSV, ModulateHWB,
+ ModulateLCHab, and ModulateLCHuv.</li>
+ <li>CVE-2017-7941: The ReadSGIImage function in sgi.c allows remote
+ attackers to consume an amount of available memory via a crafted
+ file.</li>
+ <li>CVE-2017-7942: The ReadAVSImage function in avs.c allows remote
+ attackers to consume an amount of available memory via a crafted
+ file.</li>
+ <li>CVE-2017-7943: The ReadSVGImage function in svg.c allows remote
+ attackers to consume an amount of available memory via a crafted
+ file.</li>
+ <li>CVE-2017-8343: ReadAAIImage function in aai.c allows attackers
+ to cause a denial of service (memory leak) via a crafted file.</li>
+ <li>CVE-2017-8344: ReadPCXImage function in pcx.c allows attackers
+ to cause a denial of service (memory leak) via a crafted file. The
+ ReadMNGImage function in png.c allows attackers to cause a denial
+ of service (memory leak) via a crafted file.</li>
+ <li>CVE-2017-8345: ReadMNGImage function in png.c allows attackers
+ to cause a denial of service (memory leak) via a crafted file.</li>
+ <li>CVE-2017-8346: ReadMATImage function in mat.c allows attackers
+ to cause a denial of service (memory leak) via a crafted file.</li>
+ <li>CVE-2017-8347: ReadMATImage function in mat.c allows attackers
+ to cause a denial of service (memory leak) via a crafted file. </li>
+ <li>CVE-2017-8348: ReadMATImage function in mat.c allows attackers
+ to cause a denial of service (memory leak) via a crafted file.</li>
+ <li>CVE-2017-8349: ReadSFWImage function in sfw.c allows attackers
+ to cause a denial of service (memory leak) via a crafted file.</li>
+ <li>CVE-2017-8350: ReadJNGImage function in png.c allows attackers
+ to cause a denial of service (memory leak) via a crafted file.</li>
+ <li>CVE-2017-8351: ReadPCDImage function in pcd.c allows attackers
+ to cause a denial of service (memory leak) via a crafted file.</li>
+ <li>CVE-2017-8352: ReadXWDImage function in xwd.c allows attackers
+ to cause a denial of service (memory leak) via a crafted file.</li>
+ <li>CVE-2017-8353: ReadPICTImage function in pict.c allows attackers
+ to cause a denial of service (memory leak) via a crafted file.</li>
+ <li>CVE-2017-8354: ReadBMPImage function in bmp.c allows attackers
+ to cause a denial of service (memory leak) via a crafted file.</li>
+ <li>CVE-2017-8355: ReadMTVImage function in mtv.c allows attackers
+ to cause a denial of service (memory leak) via a crafted file.</li>
+ <li>CVE-2017-8356: ReadSUNImage function in sun.c allows attackers
+ to cause a denial of service (memory leak) via a crafted file.</li>
+ <li>CVE-2017-8357: ReadEPTImage function in ept.c allows attackers
+ to cause a denial of service (memory leak) via a crafted file.</li>
+ <li>CVE-2017-8765: The function named ReadICONImage in coders\icon.c
+ has a memory leak vulnerability which can cause memory exhaustion
+ via a crafted ICON file.</li>
+ <li>CVE-2017-8830: ReadBMPImage function in bmp.c:1379 allows
+ attackers to cause a denial of service (memory leak) via a crafted
+ file.</li>
+ <li>CVE-2017-9141: A crafted file could trigger an assertion failure
+ in the ResetImageProfileIterator function in MagickCore/profile.c
+ because of missing checks in the ReadDDSImage function in
+ coders/dds.c.</li>
+ <li>CVE-2017-9142: A crafted file could trigger an assertion failure
+ in the WriteBlob function in MagickCore/blob.c because of missing
+ checks in the ReadOneJNGImage function in coders/png.c.</li>
+ <li>CVE-2017-9143: ReadARTImage function in coders/art.c allows
+ attackers to cause a denial of service (memory leak) via a crafted
+ .art file.</li>
+ <li>CVE-2017-9144: A crafted RLE image can trigger a crash because
+ of incorrect EOF handling in coders/rle.c.</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://nvd.nist.gov/vuln/search/results?query=ImageMagick</url>
+ <cvename>CVE-2017-5506</cvename>
+ <cvename>CVE-2017-5507</cvename>
+ <cvename>CVE-2017-5508</cvename>
+ <cvename>CVE-2017-5509</cvename>
+ <cvename>CVE-2017-5510</cvename>
+ <cvename>CVE-2017-5511</cvename>
+ <cvename>CVE-2017-6497</cvename>
+ <cvename>CVE-2017-6498</cvename>
+ <cvename>CVE-2017-6499</cvename>
+ <cvename>CVE-2017-6500</cvename>
+ <cvename>CVE-2017-6501</cvename>
+ <cvename>CVE-2017-6502</cvename>
+ <cvename>CVE-2017-7275</cvename>
+ <cvename>CVE-2017-7606</cvename>
+ <cvename>CVE-2017-7619</cvename>
+ <cvename>CVE-2017-7941</cvename>
+ <cvename>CVE-2017-7942</cvename>
+ <cvename>CVE-2017-7943</cvename>
+ <cvename>CVE-2017-8343</cvename>
+ <cvename>CVE-2017-8344</cvename>
+ <cvename>CVE-2017-8345</cvename>
+ <cvename>CVE-2017-8346</cvename>
+ <cvename>CVE-2017-8347</cvename>
+ <cvename>CVE-2017-8348</cvename>
+ <cvename>CVE-2017-8349</cvename>
+ <cvename>CVE-2017-8350</cvename>
+ <cvename>CVE-2017-8351</cvename>
+ <cvename>CVE-2017-8352</cvename>
+ <cvename>CVE-2017-8353</cvename>
+ <cvename>CVE-2017-8354</cvename>
+ <cvename>CVE-2017-8355</cvename>
+ <cvename>CVE-2017-8356</cvename>
+ <cvename>CVE-2017-8357</cvename>
+ <cvename>CVE-2017-8765</cvename>
+ <cvename>CVE-2017-8830</cvename>
+ <cvename>CVE-2017-9141</cvename>
+ <cvename>CVE-2017-9142</cvename>
+ <cvename>CVE-2017-9143</cvename>
+ <cvename>CVE-2017-9144</cvename>
+ </references>
+ <dates>
+ <discovery>2017-03-05</discovery>
+ <entry>2017-05-25</entry>
+ <modified>2017-05-29</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="6f4d96c0-4062-11e7-b291-b499baebfeaf">
+ <topic>samba -- remote code execution vulnerability</topic>
+ <affects>
+ <package>
+ <name>samba42</name>
+ <range><lt>4.2.15</lt></range>
+ </package>
+ <package>
+ <name>samba43</name>
+ <range><lt>4.3.14</lt></range>
+ </package>
+ <package>
+ <name>samba44</name>
+ <range><lt>4.4.14</lt></range>
+ </package>
+ <package>
+ <name>samba45</name>
+ <range><lt>4.5.10</lt></range>
+ </package>
+ <package>
+ <name>samba46</name>
+ <range><lt>4.6.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The samba project reports:</p>
+ <blockquote cite="https://www.samba.org/samba/security/CVE-2017-7494.html">
+ <p>Remote code execution from a writable share.</p>
+ <p>All versions of Samba from 3.5.0 onwards are vulnerable to a remote
+ code execution vulnerability, allowing a malicious client to upload
+ a shared library to a writable share, and then cause the server to
+ load and execute it.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.samba.org/samba/security/CVE-2017-7494.html</url>
+ <cvename>CVE-2017-7494</cvename>
+ </references>
+ <dates>
+ <discovery>2017-05-24</discovery>
+ <entry>2017-05-24</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="f52e3a8d-3f7e-11e7-97a9-a0d3c19bfa21">
+ <topic>NVIDIA UNIX driver -- multiple vulnerabilities in the kernel mode layer handler</topic>
+ <affects>
+ <package>
+ <name>nvidia-driver</name>
+ <range><lt>375.66</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>NVIDIA Unix security team reports:</p>
+ <blockquote cite="http://nvidia.custhelp.com/app/answers/detail/a_id/4462">
+ <p>NVIDIA GPU Display Driver contains vulnerabilities in the
+ kernel mode layer handler where not correctly validated user
+ input, NULL pointer dereference, and incorrect access control
+ may lead to denial of service or potential escalation of
+ privileges.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-0350</cvename>
+ <cvename>CVE-2017-0351</cvename>
+ <cvename>CVE-2017-0352</cvename>
+ <url>http://nvidia.custhelp.com/app/answers/detail/a_id/4462</url>
+ </references>
+ <dates>
+ <discovery>2017-05-15</discovery>
+ <entry>2017-05-23</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="da1d5d2e-3eca-11e7-8861-0018fe623f2b">
+ <topic>miniupnpc -- integer signedness error</topic>
+ <affects>
+ <package>
+ <name>miniupnpc</name>
+ <range><lt>2.0.20170509</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Tintinweb reports:</p>
+ <blockquote cite="https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-8798">
+ <p>An integer signedness error was found in miniupnp's miniwget
+ allowing an unauthenticated remote entity typically located on the
+ local network segment to trigger a heap corruption or an access
+ violation in miniupnp's http response parser when processing a
+ specially crafted chunked-encoded response to a request for the
+ xml root description url.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-8798</cvename>
+ <url>https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-8798</url>
+ </references>
+ <dates>
+ <discovery>2017-05-09</discovery>
+ <entry>2017-05-22</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="a5bb7ea0-3e58-11e7-94a2-00e04c1ea73d">
+ <topic>Wordpress -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>wordpress</name>
+ <range><lt>4.7.5,1</lt></range>
+ </package>
+ <package>
+ <name>de-wordpress</name>
+ <name>fr-wordpress</name>
+ <name>ja-wordpress</name>
+ <name>ru-wordpress</name>
+ <name>zh-wordpress-zh_CN</name>
+ <name>zh-wordpress-zh_TW</name>
+ <range><lt>4.7.5,1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <blockquote cite="https://wordpress.org/news/2017/05/wordpress-4-7-5/">
+ <p>WordPress versions 4.7.4 and earlier are affected by six security issues</p>
+ <ul>
+ <li>Insufficient redirect validation in the HTTP class.</li>
+ <li>Improper handling of post meta data values in the XML-RPC API.</li>
+ <li>Lack of capability checks for post meta data in the XML-RPC API.</li>
+ <li>A Cross Site Request Forgery (CRSF) vulnerability was discovered in the filesystem credentials dialog.</li>
+ <li>A cross-site scripting (XSS) vulnerability was discovered related to the Customizer.</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://wordpress.org/news/2017/05/wordpress-4-7-5/</url>
+ </references>
+ <dates>
+ <discovery>2017-05-16</discovery>
+ <entry>2017-05-21</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="fab87bff-3ce5-11e7-bf9d-001999f8d30b">
+ <topic>asterisk -- Memory exhaustion on short SCCP packets</topic>
+ <affects>
+ <package>
+ <name>asterisk13</name>
+ <range><lt>13.15.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Asterisk project reports:</p>
+ <blockquote cite="http://www.asterisk.org/downloads/security-advisories">
+ <p>A remote memory exhaustion can be triggered by sending
+ an SCCP packet to Asterisk system with "chan_skinny"
+ enabled that is larger than the length of the SCCP header
+ but smaller than the packet length specified in the header.
+ The loop that reads the rest of the packet doesn't detect
+ that the call to read() returned end-of-file before the
+ expected number of bytes and continues infinitely. The
+ "partial data" message logging in that tight loop causes
+ Asterisk to exhaust all available memory.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://downloads.asterisk.org/pub/security/AST-2017-004.html</url>
+ </references>
+ <dates>
+ <discovery>2017-04-13</discovery>
+ <entry>2017-05-19</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="0537afa3-3ce0-11e7-bf9d-001999f8d30b">
+ <topic>asterisk -- Buffer Overrun in PJSIP transaction layer</topic>
+ <affects>
+ <package>
+ <name>asterisk13</name>
+ <range><lt>13.15.1</lt></range>
+ </package>
+ <package>
+ <name>pjsip</name>
+ <range><lt>2.6_1</lt></range>
+ </package>
+ <package>
+ <name>pjsip-extsrtp</name>
+ <range><lt>2.6_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Asterisk project reports:</p>
+ <blockquote cite="http://www.asterisk.org/downloads/security-advisories">
+ <p>A remote crash can be triggered by sending a SIP packet
+ to Asterisk with a specially crafted CSeq header and a
+ Via header with no branch parameter. The issue is that
+ the PJSIP RFC 2543 transaction key generation algorithm
+ does not allocate a large enough buffer. By overrunning
+ the buffer, the memory allocation table becomes corrupted,
+ leading to an eventual crash.</p>
+ <p>The multi-part body parser in PJSIP contains a logical
+ error that can make certain multi-part body parts attempt
+ to read memory from outside the allowed boundaries. A
+ specially-crafted packet can trigger these invalid reads
+ and potentially induce a crash.</p>
+ <p>This issues is in PJSIP, and so the issue can be fixed
+ without performing an upgrade of Asterisk at all. However,
+ we are releasing a new version of Asterisk with the bundled
+ PJProject updated to include the fix.</p>
+ <p>If you are running Asterisk with chan_sip, this issue
+ does not affect you.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://downloads.asterisk.org/pub/security/AST-2017-002.html</url>
+ <url>http://downloads.asterisk.org/pub/security/AST-2017-003.html</url>
+ </references>
+ <dates>
+ <discovery>2017-04-12</discovery>
+ <entry>2017-05-19</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="3c2549b3-3bed-11e7-a9f0-a4badb296695">
+ <topic>Joomla3 -- SQL Injection</topic>
+ <affects>
+ <package>
+ <name>joomla3</name>
+ <range><eq>3.7.0</eq></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>JSST reports:</p>
+ <blockquote cite="https://developer.joomla.org/security-centre/692-20170501-core-sql-injection.html">
+ <p>Inadequate filtering of request data leads to a SQL Injection vulnerability.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-8917</cvename>
+ <url>https://developer.joomla.org/security-centre/692-20170501-core-sql-injection.html</url>
+ </references>
+ <dates>
+ <discovery>2017-05-11</discovery>
+ <entry>2017-05-18</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="9704930c-3bb7-11e7-93f7-d43d7e971a1b">
+ <topic>gitlab -- Various security issues</topic>
+ <affects>
+ <package>
+ <name>gitlab</name>
+ <range><ge>6.6.0</ge><le>8.17.5</le></range>
+ <range><ge>9.0.0</ge><le>9.0.6</le></range>
+ <range><ge>9.1.0</ge><le>9.1.2</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>GitLab reports:</p>
+ <blockquote cite="https://about.gitlab.com/2017/05/08/gitlab-9-dot-1-dot-3-security-release/">
+ <h1>Cross-Site Scripting (XSS) vulnerability in project import file names
+ for gitlab_project import types</h1>
+ <p>Timo Schmid from ERNW reported a persistent Cross-Site Scripting
+ vulnerability in the new project import view for gitlab_project import
+ types. This XSS vulnerability was caused by the use of Hamlit filters inside
+ HAML views without manually escaping HTML. Unlike content outside of a
+ filter, content inside Hamlit filters (:css, :javascript, :preserve, :plain)
+ is not automatically escaped.</p>
+ <h1>Cross-Site Scripting (XSS) vulnerability in git submodule support</h1>
+ <p>Jobert Abma from HackerOne reported a persistent XSS vulnerability in the
+ GitLab repository files view that could be exploited by injecting malicious
+ script into a git submodule.</p>
+ <h1>Cross-Site Scripting (XSS) vulnerability in repository "new branch"
+ view</h1>
+ <p>A GitLab user reported a persistent XSS vulnerability in the repository
+ new branch view that allowed malicious branch names or git references to
+ execute arbitrary Javascript.</p>
+ <h1>Cross-Site Scripting (XSS) vulnerability in mirror errors display</h1>
+ <p>While investigating Timo Schmid's previously reported XSS vulnerability
+ in import filenames another persistent XSS vulnerability was discovered in
+ the GitLab Enterprise Edition's (EE) mirror view. This vulnerability was
+ also caused by the misuse of Hamlit filters.</p>
+ <h1>Potential XSS vulnerability in DropLab</h1>
+ <p>An internal code audit disclosed a vulnerability in DropLab's templating
+ that, while not currently exploitable, could become exploitable depending on
+ how the templates were used in the future.</p>
+ <h1>Tab Nabbing vulnerabilities in mardown link filter, Asciidoc files, and
+ other markup files</h1>
+ <p>edio via HackerOne reported two tab nabbing vulnerabilities. The first
+ tab nabbing vulnerability was caused by improper hostname filtering when
+ identifying user-supplied external links. GitLab did not properly filter
+ usernames from the URL. An attacker could construct a specially crafted link
+ including a username to bypass GitLab's external link filter. This allowed
+ an attacker to post links in Markdown that did not include the appropriate
+ "noreferrer noopener" options, allowing tab nabbing attacks.</p>
+ <p>The second vulnerability was in the AsciiDoctor markup
+ library. AsciiDoctor was not properly including the "noreferrer noopener"
+ options with external links. An internal investigation discovered other
+ markup libraries that were also vulnerable.</p>
+ <h1>Unauthorized disclosure of wiki pages in search</h1>
+ <p>M. Hasbini reported a flaw in the project search feature that allowed
+ authenticated users to disclose the contents of private wiki pages inside
+ public projects.</p>
+ <h1>External users can view internal snippets</h1>
+ <p>Christian Kühn discovered a vulnerability in GitLab snippets that allowed
+ an external user to view the contents of internal snippets.</p>
+ <h1>Subgroup visibility for private subgroups under a public parent
+ group</h1>
+ <p>Matt Harrison discovered a vulnerability with subgroups that allowed
+ private subgroup names to be disclosed when they belong to a parent group
+ that is public.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://about.gitlab.com/2017/05/08/gitlab-9-dot-1-dot-3-security-release/</url>
+ </references>
+ <dates>
+ <discovery>2017-05-08</discovery>
+ <entry>2017-05-18</entry>
+ <modified>2017-05-30</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="5d62950f-3bb5-11e7-93f7-d43d7e971a1b">
+ <topic>gitlab -- Various security issues</topic>
+ <affects>
+ <package>
+ <name>gitlab</name>
+ <range><ge>8.7.0</ge><le>8.15.7</le></range>
+ <range><ge>8.16.0</ge><le>8.16.7</le></range>
+ <range><ge>8.17.0</ge><le>8.17.3</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>GitLab reports:</p>
+ <blockquote cite="https://about.gitlab.com/2017/03/20/gitlab-8-dot-17-dot-4-security-release/">
+ <h1>Information Disclosure in Issue and Merge Request Trackers</h1>
+ <p>During an internal code review a critical vulnerability in the GitLab
+ Issue and Merge Request trackers was discovered. This vulnerability could
+ allow a user with access to assign ownership of an issue or merge request to
+ another user to disclose that user's private token, email token, email
+ address, and encrypted OTP secret. Reporter-level access to a GitLab project
+ is required to exploit this flaw.</p>
+ <h1>SSRF when importing a project from a Repo by URL</h1>
+ <p>GitLab instances that have enabled project imports using "Repo by URL"
+ were vulnerable to Server-Side Request Forgery attacks. By specifying a
+ project import URL of localhost an attacker could target services that are
+ bound to the local interface of the server. These services often do not
+ require authentication. Depending on the service an attacker might be able
+ craft an attack using the project import request URL.</p>
+ <h1>Links in Environments tab vulnerable to tabnabbing</h1>
+ <p>edio via HackerOne reported that user-configured Environment links
+ include target=_blank but do not also include rel: noopener
+ noreferrer. Anyone clicking on these links may therefore be subjected to
+ tabnabbing attacks where a link back to the requesting page is maintained
+ and can be manipulated by the target server.</p>
+ <h1>Accounts with email set to "Do not show on profile" have addresses
+ exposed in public atom feed</h1>
+ <p>Several GitLab users reported that even with "Do not show on profile"
+ configured for their email addresses those addresses were still being leaked
+ in Atom feeds if they commented on a public project.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-0882</cvename>
+ <url>https://about.gitlab.com/2017/03/20/gitlab-8-dot-17-dot-4-security-release/</url>
+ </references>
+ <dates>
+ <discovery>2017-03-20</discovery>
+ <entry>2017-05-18</entry>
+ <modified>2017-05-30</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="4a088d67-3af2-11e7-9d75-c86000169601">
+ <topic>freetype2 -- buffer overflows</topic>
+ <affects>
+ <package>
+ <name>freetype2</name>
+ <range><lt>2.8</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Werner Lemberg reports:</p>
+ <blockquote cite="http://lists.nongnu.org/archive/html/freetype-announce/2017-05/msg00000.html">
+ <p>CVE-2017-8105, CVE-2017-8287: Older FreeType versions have
+ out-of-bounds writes caused by heap-based buffer overflows
+ related to Type 1 fonts.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://lists.nongnu.org/archive/html/freetype-announce/2017-05/msg00000.html</url>
+ <cvename>CVE-2017-8105</cvename>
+ <cvename>CVE-2017-8287</cvename>
+ </references>
+ <dates>
+ <discovery>2017-05-17</discovery>
+ <entry>2017-05-17</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="04cc7bd2-3686-11e7-aa64-080027ef73ec">
+ <topic>OpenVPN -- two remote denial-of-service vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>openvpn</name>
+ <range><lt>2.3.15</lt></range>
+ <range><ge>2.4.0</ge><lt>2.4.2</lt></range>
+ </package>
+ <package>
+ <name>openvpn23</name>
+ <range><lt>2.3.15</lt></range>
+ </package>
+ <package>
+ <name>openvpn-mbedtls</name>
+ <range><ge>2.4.0</ge><lt>2.4.2</lt></range>
+ </package>
+ <package>
+ <name>openvpn-polarssl</name>
+ <range><lt>2.3.15</lt></range>
+ </package>
+ <package>
+ <name>openvpn23-polarssl</name>
+ <range><lt>2.3.15</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Samuli Seppänen reports:</p>
+ <blockquote cite="https://openvpn.net/index.php/open-source/downloads.html">
+ <p>OpenVPN v2.4.0 was audited for security vulnerabilities independently by
+ Quarkslabs (funded by OSTIF) and Cryptography Engineering (funded by
+ Private Internet Access) between December 2016 and April 2017. The
+ primary findings were two remote denial-of-service vulnerabilities.
+ Fixes to them have been backported to v2.3.15.</p>
+ <p>An authenticated client can do the 'three way handshake'
+ (P_HARD_RESET, P_HARD_RESET, P_CONTROL), where the P_CONTROL packet
+ is the first that is allowed to carry payload. If that payload is
+ too big, the OpenVPN server process will stop running due to an
+ ASSERT() exception. That is also the reason why servers using
+ tls-auth/tls-crypt are protected against this attack - the P_CONTROL
+ packet is only accepted if it contains the session ID we specified,
+ with a valid HMAC (challenge-response). (CVE-2017-7478)</p>
+ <p>An authenticated client can cause the server's the packet-id
+ counter to roll over, which would lead the server process to hit an
+ ASSERT() and stop running. To make the server hit the ASSERT(), the
+ client must first cause the server to send it 2^32 packets (at least
+ 196 GB).</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://openvpn.net/index.php/open-source/downloads.html</url>
+ <cvename>CVE-2017-7478</cvename>
+ <cvename>CVE-2017-7479</cvename>
+ <url>https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits</url>
+ <url>https://ostif.org/?p=870&preview=true</url>
+ <url>https://www.privateinternetaccess.com/blog/2017/05/openvpn-2-4-2-fixes-critical-issues-discovered-openvpn-audit-reports/</url>
+ </references>
+ <dates>
+ <discovery>2017-05-10</discovery>
+ <entry>2017-05-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="414c18bf-3653-11e7-9550-6cc21735f730">
+ <topic>PostgreSQL vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>postgresql92-client</name>
+ <range><ge>9.2.0</ge><lt>9.2.20</lt></range>
+ </package>
+ <package>
+ <name>postgresql93-client</name>
+ <range><ge>9.3.0</ge><lt>9.3.16</lt></range>
+ </package>
+ <package>
+ <name>postgresql94-client</name>
+ <range><ge>9.4.0</ge><lt>9.4.11</lt></range>
+ </package>
+ <package>
+ <name>postgresql95-client</name>
+ <range><ge>9.5.0</ge><lt>9.5.6</lt></range>
+ </package>
+ <package>
+ <name>postgresql96-client</name>
+ <range><ge>9.6.0</ge><lt>9.6.2</lt></range>
+ </package>
+ <package>
+ <name>postgresql92-server</name>
+ <range><ge>9.2.0</ge><lt>9.2.20</lt></range>
+ </package>
+ <package>
+ <name>postgresql93-server</name>
+ <range><ge>9.3.0</ge><lt>9.3.16</lt></range>
+ </package>
+ <package>
+ <name>postgresql94-server</name>
+ <range><ge>9.4.0</ge><lt>9.4.11</lt></range>
+ </package>
+ <package>
+ <name>postgresql95-server</name>
+ <range><ge>9.5.0</ge><lt>9.5.6</lt></range>
+ </package>
+ <package>
+ <name>postgresql96-server</name>
+ <range><ge>9.6.0</ge><lt>9.6.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The PostgreSQL project reports:</p>
+ <blockquote cite="http://www.postgresql.org/about/news/1746/">
+ <p>
+ Security Fixes nested CASE expressions +
+ database and role names with embedded special characters
+ </p>
+ <ul>
+ <li>CVE-2017-7484: selectivity estimators bypass SELECT privilege
+ checks.
+ </li>
+ <li>CVE-2017-7485: libpq ignores PGREQUIRESSL environment variable
+ </li>
+ <li>CVE-2017-7486: pg_user_mappings view discloses foreign server
+ passwords. This applies to new databases, see the release notes for
+ the procedure to apply the fix to an existing database.
+ </li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-5423</cvename>
+ <cvename>CVE-2016-5424</cvename>
+ </references>
+ <dates>
+ <discovery>2017-05-11</discovery>
+ <entry>2017-05-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="0baee383-356c-11e7-b9a9-50e549ebab6c">
+ <topic>kauth: Local privilege escalation</topic>
+ <affects>
+ <package>
+ <name>kdelibs</name>
+ <range><lt>4.14.30_4</lt></range>
+ </package>
+ <package>
+ <name>kf5-kauth</name>
+ <range><lt>5.33.0_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Albert Astals Cid reports:</p>
+ <blockquote cite="https://www.kde.org/info/security/advisory-20170510-1.txt">
+ <p>KAuth contains a logic flaw in which the service invoking dbus
+ is not properly checked.
+ This allows spoofing the identity of the caller and with some
+ carefully crafted calls can lead to gaining root from an
+ unprivileged account.
+ </p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-8422</cvename>
+ <mlist>http://www.openwall.com/lists/oss-security/2017/05/10/3</mlist>
+ <url>https://www.kde.org/info/security/advisory-20170510-1.txt</url>
+ </references>
+ <dates>
+ <discovery>2017-05-10</discovery>
+ <entry>2017-05-10</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="57600032-34fe-11e7-8965-bcaec524bf84">
+ <topic>libetpan -- null dereference vulnerability in MIME parsing component</topic>
+ <affects>
+ <package>
+ <name>libetpan</name>
+ <range><lt>1.8</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>rwhitworth reports:</p>
+ <blockquote cite="https://github.com/dinhviethoa/libetpan/issues/274">
+ <p>I was using American Fuzzy Lop (afl-fuzz) to fuzz input to the
+ mime-parse test program. Is fixing these crashes something you're
+ interested in? The input files can be found here:
+ https://github.com/rwhitworth/libetpan-fuzz/.
+
+ The files can be executed as ./mime-parse id_filename to cause
+ seg faults.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-8825</cvename>
+ <url>http://cve.circl.lu/cve/CVE-2017-8825</url>
+ </references>
+ <dates>
+ <discovery>2017-04-29</discovery>
+ <entry>2017-05-09</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="92e345d0-304d-11e7-8359-e8e0b747a45a">
+ <topic>chromium -- race condition vulnerability</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <range><lt>58.0.3029.96</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Google Chrome Releases reports:</p>
+ <blockquote cite="https://chromereleases.googleblog.com/2017/05/stable-channel-update-for-desktop.html">
+ <p>1 security fix in this release:</p>
+ </blockquote>
+ <ul>
+ <li>[679306] High CVE-2017-5068: Race condition in WebRTC. Credit to
+ Philipp Hancke</li>
+ </ul>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-5068</cvename>
+ <url>https://chromereleases.googleblog.com/2017/05/stable-channel-update-for-desktop.html</url>
+ </references>
+ <dates>
+ <discovery>2017-05-02</discovery>
+ <entry>2017-05-03</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="a8c8001b-216c-11e7-80aa-005056925db4">
+ <topic>dovecot -- Dovecot DoS when passdb dict was used for authentication</topic>
+ <affects>
+ <package>
+ <name>dovecot</name>
+ <name>dovecot2</name>
+ <range><gt>2.2.25_6</gt><lt>2.2.29</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Timo Sirainen reports:</p>
+ <blockquote cite="https://dovecot.org/list/dovecot-news/2017-April/000341.html">
+ <p>passdb/userdb dict: Don't double-expand %variables in keys. If dict
+ was used as the authentication passdb, using specially crafted
+ %variables in the username could be used to cause DoS.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-2669</cvename>
+ <mlist>https://dovecot.org/list/dovecot-news/2017-April/000341.html</mlist>
+ <mlist>https://dovecot.org/list/dovecot-news/2017-April/000342.html</mlist>
+ </references>
+ <dates>
+ <discovery>2016-12-01</discovery>
+ <entry>2017-04-30</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="24673ed7-2bf3-11e7-b291-b499baebfeaf">
+ <topic>LibreSSL -- TLS verification vulnerability</topic>
+ <affects>
+ <package>
+ <name>libressl</name>
+ <range><ge>2.5.1</ge><lt>2.5.3_1</lt></range>
+ </package>
+ <package>
+ <name>libressl-devel</name>
+ <range><ge>2.5.1</ge><lt>2.5.3_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p> Jakub Jirutka reports:</p>
+ <blockquote cite="http://seclists.org/oss-sec/2017/q2/145">
+ <p>LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if
+ SSL_get_verify_result is relied upon for a later check of a
+ verification result, in a use case where a user-provided verification
+ callback returns 1, as demonstrated by acceptance of invalid
+ certificates by nginx.
+ </p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://seclists.org/oss-sec/2017/q2/145</url>
+ <url>https://github.com/libressl-portable/portable/issues/307</url>
+ <cvename>CVE-2017-8301</cvename>
+ </references>
+ <dates>
+ <discovery>2017-04-27</discovery>
+ <entry>2017-04-28</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="631c4710-9be5-4a80-9310-eb2847fe24dd">
+ <topic>jenkins -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>jenkins</name>
+ <range><lt>2.57</lt></range>
+ </package>
+ <package>
+ <name>jenkins-lts</name>
+ <range><lt>2.46.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Jenkins Security Advisory:</p>
+ <blockquote cite="https://jenkins.io/security/advisory/2017-04-26/">
+ <h1>Description</h1>
+ <h5>SECURITY-412 through SECURITY-420 / CVE-2017-1000356</h5>
+ <p>CSRF: Multiple vulnerabilities</p>
+ <h5>SECURITY-429 / CVE-2017-1000353</h5>
+ <p>CLI: Unauthenticated remote code execution</p>
+ <h5>SECURITY-466 / CVE-2017-1000354</h5>
+ <p>CLI: Login command allowed impersonating any Jenkins user</p>
+ <h5>SECURITY-503 / CVE-2017-1000355</h5>
+ <p>XStream: Java crash when trying to instantiate void/Void</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-1000356</cvename>
+ <cvename>CVE-2017-1000353</cvename>
+ <cvename>CVE-2017-1000354</cvename>
+ <cvename>CVE-2017-1000355</cvename>
+ <url>https://jenkins.io/security/advisory/2017-04-26/</url>
+ </references>
+ <dates>
+ <discovery>2017-04-26</discovery>
+ <entry>2017-04-27</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="df0144fb-295e-11e7-970f-002590263bf5">
+ <topic>codeigniter -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>codeigniter</name>
+ <range><lt>3.1.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The CodeIgniter changelog reports:</p>
+ <blockquote cite="https://www.codeigniter.com/user_guide/changelog.html">
+ <p>Fixed a header injection vulnerability in common function
+ set_status_header() under Apache (thanks to Guillermo Caminer from
+ Flowgate).</p>
+ <p>Fixed byte-safety issues in Encrypt Library (DEPRECATED) when
+ mbstring.func_overload is enabled.</p>
+ <p>Fixed byte-safety issues in Encryption Library when
+ mbstring.func_overload is enabled.</p>
+ <p>Fixed byte-safety issues in compatibility functions
+ password_hash(), hash_pbkdf2() when mbstring.func_overload is
+ enabled.</p>
+ <p>Updated Encrypt Library (DEPRECATED) to call mcrypt_create_iv()
+ with MCRYPT_DEV_URANDOM.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.codeigniter.com/user_guide/changelog.html</url>
+ </references>
+ <dates>
+ <discovery>2017-03-23</discovery>
+ <entry>2017-04-25</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="81433129-2916-11e7-ad3e-00e04c1ea73d">
+ <topic>weechat -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>weechat</name>
+ <range><lt>1.7.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Common Vulnerabilities and Exposures:</p>
+ <blockquote cite="https://weechat.org/download/security/">
+ <p>WeeChat before 1.7.1 allows a remote crash by sending a filename via DCC to
+ the IRC plugin. This occurs in the irc_ctcp_dcc_filename_without_quotes
+ function during quote removal, with a buffer overflow.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://weechat.org/download/security/</url>
+ <cvename>CVE-2017-8073</cvename>
+ </references>
+ <dates>
+ <discovery>2017-04-23</discovery>
+ <entry>2017-04-24</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="1455c86c-26c2-11e7-9daa-6cf0497db129">
+ <topic>drupal8 -- Drupal Core - Critical - Access Bypass</topic>
+ <affects>
+ <package>
+ <name>drupal8</name>
+ <range><lt>8.3.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Drupal Security Team Reports:</p>
+ <blockquote cite="https://www.drupal.org/SA-CORE-2017-002">
+ <p>CVE-2017-6919: Access bypass</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-6919</cvename>
+ </references>
+ <dates>
+ <discovery>2017-04-19</discovery>
+ <entry>2017-04-21</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="95a74a48-2691-11e7-9e2d-e8e0b747a45a">
+ <topic>chromium -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <name>chromium-pulse</name>
+ <range><lt>58.0.3029.81</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Google Chrome Releases reports:</p>
+ <blockquote cite="https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html">
+ <p>29 security fixes in this release, including:</p>
+ <ul>
+ <li>[695826] High CVE-2017-5057: Type confusion in PDFium. Credit to
+ Guang Gong of Alpha Team, Qihoo 360</li>
+ <li>[694382] High CVE-2017-5058: Heap use after free in Print Preview.
+ Credit to Khalil Zhani</li>
+ <li>[684684] High CVE-2017-5059: Type confusion in Blink. Credit to
+ SkyLined working with Trend Micro's Zero Day Initiative</li>
+ <li>[683314] Medium CVE-2017-5060: URL spoofing in Omnibox. Credit to
+ Xudong Zheng</li>
+ <li>[672847] Medium CVE-2017-5061: URL spoofing in Omnibox. Credit to
+ Haosheng Wang (@gnehsoah)</li>
+ <li>[702896] Medium CVE-2017-5062: Use after free in Chrome Apps.
+ Credit to anonymous</li>
+ <li>[700836] Medium CVE-2017-5063: Heap overflow in Skia. Credit to
+ Sweetchip</li>
+ <li>[693974] Medium CVE-2017-5064: Use after free in Blink. Credit to
+ Wadih Matar</li>
+ <li>[704560] Medium CVE-2017-5065: Incorrect UI in Blink. Credit to
+ Khalil Zhani</li>
+ <li>[690821] Medium CVE-2017-5066: Incorrect signature handing in Networking.
+ Credit to Prof. Zhenhua Duan, Prof. Cong Tian, and Ph.D candidate Chu Chen
+ (ICTT, Xidian University)</li>
+ <li>[648117] Medium CVE-2017-5067: URL spoofing in Omnibox. Credit to
+ Khalil Zhani</li>
+ <li>[691726] Low CVE-2017-5069: Cross-origin bypass in Blink. Credit to
+ Michael Reizelman</li>
+ <li>[713205] Various fixes from internal audits, fuzzing and other initiatives</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-5057</cvename>
+ <cvename>CVE-2017-5058</cvename>
+ <cvename>CVE-2017-5059</cvename>
+ <cvename>CVE-2017-5060</cvename>
+ <cvename>CVE-2017-5061</cvename>
+ <cvename>CVE-2017-5062</cvename>
+ <cvename>CVE-2017-5063</cvename>
+ <cvename>CVE-2017-5064</cvename>
+ <cvename>CVE-2017-5065</cvename>
+ <cvename>CVE-2017-5066</cvename>
+ <cvename>CVE-2017-5067</cvename>
+ <cvename>CVE-2017-5069</cvename>
+ <url>https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html</url>
+ </references>
+ <dates>
+ <discovery>2017-04-19</discovery>
+ <entry>2017-04-21</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="607f8b57-7454-42c6-a88a-8706f327076d">
+ <topic>icu -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>icu</name>
+ <range><lt>58.2_2,1</lt></range>
+ </package>
+ <package>
+ <name>linux-c6-icu</name>
+ <name>linux-c7-icu</name>
+ <range><lt>59.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>NVD reports:</p>
+ <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7867">
+ <p>International Components for Unicode (ICU) for C/C++
+ before 2017-02-13 has an out-of-bounds write caused by a
+ heap-based buffer overflow related to the utf8TextAccess
+ function in common/utext.cpp and the utext_setNativeIndex*
+ function.</p>
+ </blockquote>
+ <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7868">
+ <p>International Components for Unicode (ICU) for C/C++
+ before 2017-02-13 has an out-of-bounds write caused by a
+ heap-based buffer overflow related to the utf8TextAccess
+ function in common/utext.cpp and the utext_moveIndex32*
+ function.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-7867</cvename>
+ <cvename>CVE-2017-7868</cvename>
+ <url>http://bugs.icu-project.org/trac/changeset/39671</url>
+ <url>https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=437</url>
+ </references>
+ <dates>
+ <discovery>2017-01-21</discovery>
+ <entry>2017-04-20</entry>
+ <modified>2017-05-04</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="2a96e498-3234-4950-a9ad-419bc84a839d">
+ <topic>tiff -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>tiff</name>
+ <name>linux-f8-tiff</name>
+ <name>linux-f10-tiff</name>
+ <name>linux-c6-tiff</name>
+ <name>linux-c7-tiff</name>
+ <range><lt>4.0.8</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>NVD reports:</p>
+ <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-5225">
+ <p>LibTIFF version 4.0.7 is vulnerable to a heap buffer
+ overflow in the tools/tiffcp resulting in DoS or code
+ execution via a crafted BitsPerSample value.</p>
+ </blockquote>
+ <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7592">
+ <p>The putagreytile function in tif_getimage.c in LibTIFF
+ 4.0.7 has a left-shift undefined behavior issue, which
+ might allow remote attackers to cause a denial of service
+ (application crash) or possibly have unspecified other
+ impact via a crafted image.</p>
+ </blockquote>
+ <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7593">
+ <p>tif_read.c in LibTIFF 4.0.7 does not ensure that
+ tif_rawdata is properly initialized, which might allow
+ remote attackers to obtain sensitive information from
+ process memory via a crafted image.</p>
+ </blockquote>
+ <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7594">
+ <p>The OJPEGReadHeaderInfoSecTablesDcTable function in
+ tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to
+ cause a denial of service (memory leak) via a crafted
+ image.</p>
+ </blockquote>
+ <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7595">
+ <p>The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF
+ 4.0.7 allows remote attackers to cause a denial of service
+ (divide-by-zero error and application crash) via a crafted
+ image.</p>
+ </blockquote>
+ <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7596">
+ <p>LibTIFF 4.0.7 has an "outside the range of
+ representable values of type float" undefined behavior
+ issue, which might allow remote attackers to cause a
+ denial of service (application crash) or possibly have
+ unspecified other impact via a crafted image.</p>
+ </blockquote>
+ <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7597">
+ <p>tif_dirread.c in LibTIFF 4.0.7 has an "outside the
+ range of representable values of type float" undefined
+ behavior issue, which might allow remote attackers to
+ cause a denial of service (application crash) or possibly
+ have unspecified other impact via a crafted image.</p>
+ </blockquote>
+ <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7598">
+ <p>tif_dirread.c in LibTIFF 4.0.7 might allow remote
+ attackers to cause a denial of service (divide-by-zero
+ error and application crash) via a crafted image.</p>
+ </blockquote>
+ <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7599">
+ <p>LibTIFF 4.0.7 has an "outside the range of
+ representable values of type short" undefined behavior
+ issue, which might allow remote attackers to cause a
+ denial of service (application crash) or possibly have
+ unspecified other impact via a crafted image.</p>
+ </blockquote>
+ <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7600">
+ <p>LibTIFF 4.0.7 has an "outside the range of
+ representable values of type unsigned char" undefined
+ behavior issue, which might allow remote attackers to
+ cause a denial of service (application crash) or possibly
+ have unspecified other impact via a crafted image.</p>
+ </blockquote>
+ <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7601">
+ <p>LibTIFF 4.0.7 has a "shift exponent too large for
+ 64-bit type long" undefined behavior issue, which might
+ allow remote attackers to cause a denial of service
+ (application crash) or possibly have unspecified other
+ impact via a crafted image.</p>
+ </blockquote>
+ <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7602">
+ <p>LibTIFF 4.0.7 has a signed integer overflow, which
+ might allow remote attackers to cause a denial of service
+ (application crash) or possibly have unspecified other
+ impact via a crafted image.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-5225</cvename>
+ <cvename>CVE-2017-7592</cvename>
+ <cvename>CVE-2017-7593</cvename>
+ <cvename>CVE-2017-7594</cvename>
+ <cvename>CVE-2017-7595</cvename>
+ <cvename>CVE-2017-7596</cvename>
+ <cvename>CVE-2017-7597</cvename>
+ <cvename>CVE-2017-7598</cvename>
+ <cvename>CVE-2017-7599</cvename>
+ <cvename>CVE-2017-7600</cvename>
+ <cvename>CVE-2017-7601</cvename>
+ <cvename>CVE-2017-7602</cvename>
+ <url>https://github.com/vadz/libtiff/commit/5c080298d59e</url>
+ <url>https://github.com/vadz/libtiff/commit/48780b4fcc42</url>
+ <url>https://github.com/vadz/libtiff/commit/d60332057b95</url>
+ <url>https://github.com/vadz/libtiff/commit/2ea32f7372b6</url>
+ <url>https://github.com/vadz/libtiff/commit/8283e4d1b7e5</url>
+ <url>https://github.com/vadz/libtiff/commit/47f2fb61a3a6</url>
+ <url>https://github.com/vadz/libtiff/commit/3cfd62d77c2a</url>
+ <url>https://github.com/vadz/libtiff/commit/3144e57770c1</url>
+ <url>https://github.com/vadz/libtiff/commit/0a76a8c765c7</url>
+ <url>https://github.com/vadz/libtiff/commit/66e7bd595209</url>
+ </references>
+ <dates>
+ <discovery>2017-04-01</discovery>
+ <entry>2017-04-20</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="d44129d6-b22e-4e9c-b200-6a46e8bd3e60">
+ <topic>libsamplerate -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>libsamplerate</name>
+ <name>linux-c6-libsamplerate</name>
+ <name>linux-c7-libsamplerate</name>
+ <range><lt>0.1.9</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>NVD reports:</p>
+ <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7697">
+ <p>In libsamplerate before 0.1.9, a buffer over-read
+ occurs in the calc_output_single function in src_sinc.c
+ via a crafted audio file.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-7697</cvename>
+ <url>https://github.com/erikd/libsamplerate/commit/c3b66186656d</url>
+ </references>
+ <dates>
+ <discovery>2017-04-11</discovery>
+ <entry>2017-04-20</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="5a97805e-93ef-4dcb-8d5e-dbcac263bfc2">
+ <topic>libsndfile -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>libsndfile</name>
+ <name>linux-c6-libsndfile</name>
+ <name>linux-c7-libsndfile</name>
+ <range><lt>1.0.28</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>NVD reports:</p>
+ <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7585">
+ <p>In libsndfile before 1.0.28, an error in the
+ "flac_buffer_copy()" function (flac.c) can be exploited to
+ cause a stack-based buffer overflow via a specially crafted
+ FLAC file.</p>
+ </blockquote>
+ <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7586">
+ <p>In libsndfile before 1.0.28, an error in the
+ "header_read()" function (common.c) when handling ID3 tags
+ can be exploited to cause a stack-based buffer overflow
+ via a specially crafted FLAC file.</p>
+ </blockquote>
+ <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7741">
+ <p>In libsndfile before 1.0.28, an error in the
+ "flac_buffer_copy()" function (flac.c) can be exploited to
+ cause a segmentation violation (with write memory access)
+ via a specially crafted FLAC file during a resample
+ attempt, a similar issue to CVE-2017-7585.</p>
+ </blockquote>
+ <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7742">
+ <p>In libsndfile before 1.0.28, an error in the
+ "flac_buffer_copy()" function (flac.c) can be exploited to
+ cause a segmentation violation (with read memory access)
+ via a specially crafted FLAC file during a resample
+ attempt, a similar issue to CVE-2017-7585.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-7585</cvename>
+ <cvename>CVE-2017-7586</cvename>
+ <cvename>CVE-2017-7741</cvename>
+ <cvename>CVE-2017-7742</cvename>
+ <url>https://github.com/erikd/libsndfile/commit/60b234301adf</url>
+ <url>https://github.com/erikd/libsndfile/commit/708e996c87c5</url>
+ <url>https://github.com/erikd/libsndfile/commit/f457b7b5ecfe</url>
+ <url>https://github.com/erikd/libsndfile/commit/60b234301adf</url>
+ </references>
+ <dates>
+ <discovery>2017-04-07</discovery>
+ <entry>2017-04-20</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="3e2e9b44-25ce-11e7-a175-939b30e0836d">
+ <topic>cURL -- TLS session resumption client cert bypass (again)</topic>
+ <affects>
+ <package>
+ <name>curl</name>
+ <range><ge>7.52.0</ge><lt>7.54.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>cURL security advisory:</p>
+ <blockquote cite="https://curl.haxx.se/docs/adv_20170419.html">
+ <p>libcurl would attempt to resume a TLS session even if the client
+ certificate had changed. That is unacceptable since a server by
+ specification is allowed to skip the client certificate check on
+ resume, and may instead use the old identity which was established
+ by the previous certificate (or no certificate).</p>
+ <p>libcurl supports by default the use of TLS session id/ticket to
+ resume previous TLS sessions to speed up subsequent TLS handshakes.
+ They are used when for any reason an existing TLS connection
+ couldn't be kept alive to make the next handshake faster.</p>
+ <p>This flaw is a regression and identical to CVE-2016-5419 reported
+ on August 3rd 2016, but affecting a different version range.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-7468</cvename>
+ <url>https://curl.haxx.se/docs/adv_20170419.html</url>
+ </references>
+ <dates>
+ <discovery>2017-04-19</discovery>
+ <entry>2017-04-20</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="cf133acc-82e7-4755-a66a-5ddf90dacbe6">
+ <topic>graphite2 -- out-of-bounds write with malicious font</topic>
+ <affects>
+ <package>
+ <name>graphite2</name>
+ <range><lt>1.3.9_1</lt></range>
+ </package>
+ <package>
+ <name>linux-c7-graphite2</name>
+ <range><lt>1.3.10</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mozilla Foundation reports:</p>
+ <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/">
+ <p>An out-of-bounds write in the Graphite 2 library
+ triggered with a maliciously crafted Graphite font. This
+ results in a potentially exploitable crash. This issue was
+ fixed in the Graphite 2 library as well as Mozilla
+ products.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-5436</cvename>
+ <url>https://github.com/silnrsi/graphite/commit/1ce331d5548b</url>
+ </references>
+ <dates>
+ <discovery>2017-04-19</discovery>
+ <entry>2017-04-19</entry>
+ <modified>2017-04-20</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="b8ee7a81-a879-4358-9b30-7dd1bd4c14b1">
+ <topic>libevent -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>libevent</name>
+ <name>libevent2</name>
+ <name>linux-c6-libevent2</name>
+ <name>linux-c7-libevent</name>
+ <range><lt>2.1.6</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Debian Security reports:</p>
+ <blockquote cite="https://security-tracker.debian.org/tracker/DSA-3789-1">
+ <p>CVE-2016-10195: The name_parse function in evdns.c in
+ libevent before 2.1.6-beta allows remote attackers to have
+ unspecified impact via vectors involving the label_len
+ variable, which triggers an out-of-bounds stack read.</p>
+ <p>CVE-2016-10196: Stack-based buffer overflow in the
+ evutil_parse_sockaddr_port function in evutil.c in libevent
+ before 2.1.6-beta allows attackers to cause a denial of
+ service (segmentation fault) via vectors involving a long
+ string in brackets in the ip_as_string argument.</p>
+ <p>CVE-2016-10197: The search_make_new function in evdns.c
+ in libevent before 2.1.6-beta allows attackers to cause a
+ denial of service (out-of-bounds read) via an empty
+ hostname.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-10195</cvename>
+ <cvename>CVE-2016-10196</cvename>
+ <cvename>CVE-2016-10197</cvename>
+ <url>http://www.openwall.com/lists/oss-security/2017/01/31/17</url>
+ <url>https://github.com/libevent/libevent/issues/317</url>
+ <url>https://github.com/libevent/libevent/issues/318</url>
+ <url>https://github.com/libevent/libevent/issues/332</url>
+ <url>https://github.com/libevent/libevent/issues/335</url>
+ </references>
+ <dates>
+ <discovery>2017-01-31</discovery>
+ <entry>2017-04-19</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="4cb165f0-6e48-423e-8147-92255d35c0f7">
+ <topic>NSS -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>nss</name>
+ <name>linux-f10-nss</name>
+ <name>linux-c6-nss</name>
+ <name>linux-c7-nss</name>
+ <range><ge>3.30</ge><lt>3.30.1</lt></range>
+ <range><ge>3.29</ge><lt>3.29.5</lt></range>
+ <range><ge>3.22</ge><lt>3.28.4</lt></range>
+ <range><lt>3.21.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mozilla Foundation reports:</p>
+ <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/">
+ <p>An out-of-bounds write during Base64 decoding operation
+ in the Network Security Services (NSS) library due to
+ insufficient memory being allocated to the buffer. This
+ results in a potentially exploitable crash. The NSS library
+ has been updated to fix this issue to address this issue and
+ Firefox 53 has been updated with NSS version 3.29.5.</p>
+ </blockquote>
+ <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/">
+ <p>A flaw in DRBG number generation within the Network
+ Security Services (NSS) library where the internal state V
+ does not correctly carry bits over. The NSS library has been
+ updated to fix this issue to address this issue and Firefox
+ 53 has been updated with NSS version 3.29.5.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-5461</cvename>
+ <cvename>CVE-2017-5462</cvename>
+ <url>https://hg.mozilla.org/projects/nss/rev/99a86619eac9</url>
+ <url>https://hg.mozilla.org/projects/nss/rev/e126381a3c29</url>
+ </references>
+ <dates>
+ <discovery>2017-03-17</discovery>
+ <entry>2017-04-19</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="5e0a038a-ca30-416d-a2f5-38cbf5e7df33">
+ <topic>mozilla -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>53.0_2,1</lt></range>
+ </package>
+ <package>
+ <name>seamonkey</name>
+ <name>linux-seamonkey</name>
+ <range><lt>2.49.1</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><ge>46.0,1</ge><lt>52.1.0_2,1</lt></range>
+ <range><lt>45.9.0,1</lt></range>
+ </package>
+ <package>
+ <name>linux-firefox</name>
+ <range><ge>46.0,2</ge><lt>52.1.0,2</lt></range>
+ <range><lt>45.9.0,2</lt></range>
+ </package>
+ <package>
+ <name>libxul</name>
+ <range><ge>46.0</ge><lt>52.1.0</lt></range>
+ <range><lt>45.9.0</lt></range>
+ </package>
+ <package>
+ <name>thunderbird</name>
+ <name>linux-thunderbird</name>
+ <range><ge>46.0</ge><lt>52.1.0</lt></range>
+ <range><lt>45.9.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mozilla Foundation reports:</p>
+ <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/">
+ <p>CVE-2017-5433: Use-after-free in SMIL animation functions</p>
+ <p>CVE-2017-5435: Use-after-free during transaction processing in the editor</p>
+ <p>CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2</p>
+ <p>CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS</p>
+ <p>CVE-2017-5459: Buffer overflow in WebGL</p>
+ <p>CVE-2017-5466: Origin confusion when reloading isolated data:text/html URL</p>
+ <p>CVE-2017-5434: Use-after-free during focus handling</p>
+ <p>CVE-2017-5432: Use-after-free in text input selection</p>
+ <p>CVE-2017-5460: Use-after-free in frame selection</p>
+ <p>CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing</p>
+ <p>CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing</p>
+ <p>CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing</p>
+ <p>CVE-2017-5441: Use-after-free with selection during scroll events</p>
+ <p>CVE-2017-5442: Use-after-free during style changes</p>
+ <p>CVE-2017-5464: Memory corruption with accessibility and DOM manipulation</p>
+ <p>CVE-2017-5443: Out-of-bounds write during BinHex decoding</p>
+ <p>CVE-2017-5444: Buffer overflow while parsing application/http-index-format content</p>
+ <p>CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data</p>
+ <p>CVE-2017-5447: Out-of-bounds read during glyph processing</p>
+ <p>CVE-2017-5465: Out-of-bounds read in ConvolvePixel</p>
+ <p>CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor</p>
+ <p>CVE-2017-5437: Vulnerabilities in Libevent library</p>
+ <p>CVE-2017-5454: Sandbox escape allowing file system read access through file picker</p>
+ <p>CVE-2017-5455: Sandbox escape through internal feed reader APIs</p>
+ <p>CVE-2017-5456: Sandbox escape allowing local file system access</p>
+ <p>CVE-2017-5469: Potential Buffer overflow in flex-generated code</p>
+ <p>CVE-2017-5445: Uninitialized values used while parsing application/http-index-format content</p>
+ <p>CVE-2017-5449: Crash during bidirectional unicode manipulation with animation</p>
+ <p>CVE-2017-5450: Addressbar spoofing using javascript: URI on Firefox for Android</p>
+ <p>CVE-2017-5451: Addressbar spoofing with onblur event</p>
+ <p>CVE-2017-5462: DRBG flaw in NSS</p>
+ <p>CVE-2017-5463: Addressbar spoofing through reader view on Firefox for Android</p>
+ <p>CVE-2017-5467: Memory corruption when drawing Skia content</p>
+ <p>CVE-2017-5452: Addressbar spoofing during scrolling with editable content on Firefox for Android</p>
+ <p>CVE-2017-5453: HTML injection into RSS Reader feed preview page through TITLE element</p>
+ <p>CVE-2017-5458: Drag and drop of javascript: URLs can allow for self-XSS</p>
+ <p>CVE-2017-5468: Incorrect ownership model for Private Browsing information</p>
+ <p>CVE-2017-5430: Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1</p>
+ <p>CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-5433</cvename>
+ <cvename>CVE-2017-5435</cvename>
+ <cvename>CVE-2017-5436</cvename>
+ <cvename>CVE-2017-5461</cvename>
+ <cvename>CVE-2017-5459</cvename>
+ <cvename>CVE-2017-5466</cvename>
+ <cvename>CVE-2017-5434</cvename>
+ <cvename>CVE-2017-5432</cvename>
+ <cvename>CVE-2017-5460</cvename>
+ <cvename>CVE-2017-5438</cvename>
+ <cvename>CVE-2017-5439</cvename>
+ <cvename>CVE-2017-5440</cvename>
+ <cvename>CVE-2017-5441</cvename>
+ <cvename>CVE-2017-5442</cvename>
+ <cvename>CVE-2017-5464</cvename>
+ <cvename>CVE-2017-5443</cvename>
+ <cvename>CVE-2017-5444</cvename>
+ <cvename>CVE-2017-5446</cvename>
+ <cvename>CVE-2017-5447</cvename>
+ <cvename>CVE-2017-5465</cvename>
+ <cvename>CVE-2017-5448</cvename>
+ <cvename>CVE-2017-5437</cvename>
+ <cvename>CVE-2017-5454</cvename>
+ <cvename>CVE-2017-5455</cvename>
+ <cvename>CVE-2017-5456</cvename>
+ <cvename>CVE-2017-5469</cvename>
+ <cvename>CVE-2017-5445</cvename>
+ <cvename>CVE-2017-5449</cvename>
+ <cvename>CVE-2017-5450</cvename>
+ <cvename>CVE-2017-5451</cvename>
+ <cvename>CVE-2017-5462</cvename>
+ <cvename>CVE-2017-5463</cvename>
+ <cvename>CVE-2017-5467</cvename>
+ <cvename>CVE-2017-5452</cvename>
+ <cvename>CVE-2017-5453</cvename>
+ <cvename>CVE-2017-5458</cvename>
+ <cvename>CVE-2017-5468</cvename>
+ <cvename>CVE-2017-5430</cvename>
+ <cvename>CVE-2017-5429</cvename>
+ <url>https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/</url>
+ <url>https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/</url>
+ <url>https://www.mozilla.org/en-US/security/advisories/mfsa2017-12/</url>
+ </references>
+ <dates>
+ <discovery>2017-04-19</discovery>
+ <entry>2017-04-19</entry>
+ <modified>2017-09-19</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="d9e01c35-2531-11e7-b291-b499baebfeaf">
+ <topic>MySQL -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>mariadb55-server</name>
+ <range><lt>5.5.55</lt></range>
+ </package>
+ <package>
+ <name>mariadb100-server</name>
+ <range><lt>10.0.31</lt></range>
+ </package>
+ <package>
+ <name>mariadb101-server</name>
+ <range><lt>10.1.23</lt></range>
+ </package>
+ <package>
+ <name>mysql55-server</name>
+ <range><lt>5.5.55</lt></range>
+ </package>
+ <package>
+ <name>mysql56-server</name>
+ <range><lt>5.6.36</lt></range>
+ </package>
+ <package>
+ <name>mysql57-server</name>
+ <range><lt>5.7.18</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Oracle reports:</p>
+ <blockquote cite="http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html">
+ <p>This Critical Patch Update contains 39 new security fixes for
+ Oracle MySQL. 11 of these vulnerabilities may be remotely
+ exploitable without authentication, i.e., may be exploited over a
+ network without requiring user credentials.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html</url>
+ <cvename>CVE-2017-3308</cvename>
+ <cvename>CVE-2017-3309</cvename>
+ <cvename>CVE-2017-3450</cvename>
+ <cvename>CVE-2017-3599</cvename>
+ <cvename>CVE-2017-3329</cvename>
+ <cvename>CVE-2017-3600</cvename>
+ <cvename>CVE-2017-3331</cvename>
+ <cvename>CVE-2017-3453</cvename>
+ <cvename>CVE-2017-3452</cvename>
+ <cvename>CVE-2017-3454</cvename>
+ <cvename>CVE-2017-3455</cvename>
+ <cvename>CVE-2017-3305</cvename>
+ <cvename>CVE-2017-3460</cvename>
+ <cvename>CVE-2017-3456</cvename>
+ <cvename>CVE-2017-3458</cvename>
+ <cvename>CVE-2017-3457</cvename>
+ <cvename>CVE-2017-3459</cvename>
+ <cvename>CVE-2017-3463</cvename>
+ <cvename>CVE-2017-3462</cvename>
+ <cvename>CVE-2017-3461</cvename>
+ <cvename>CVE-2017-3464</cvename>
+ <cvename>CVE-2017-3465</cvename>
+ <cvename>CVE-2017-3467</cvename>
+ <cvename>CVE-2017-3468</cvename>
+ </references>
+ <dates>
+ <discovery>2017-04-19</discovery>
+ <entry>2017-04-19</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="c6861494-1ffb-11e7-934d-d05099c0ae8c">
+ <topic>BIND -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>bind99</name>
+ <range><lt>9.9.9P8</lt></range>
+ </package>
+ <package>
+ <name>bind910</name>
+ <range><lt>9.10.4P8</lt></range>
+ </package>
+ <package>
+ <name>bind911</name>
+ <range><lt>9.11.0P5</lt></range>
+ </package>
+ <package>
+ <name>bind9-devel</name>
+ <range><le>9.12.0.a.2017.03.25</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>ISC reports:</p>
+ <blockquote cite="https://kb.isc.org/article/AA-01465/0">
+ <p>A query with a specific set of characteristics could
+ cause a server using DNS64 to encounter an assertion
+ failure and terminate.</p>
+ <p>An attacker could deliberately construct a query,
+ enabling denial-of-service against a server if it
+ was configured to use the DNS64 feature and other
+ preconditions were met.</p>
+ </blockquote>
+ <blockquote cite="https://kb.isc.org/article/AA-01466/0">
+ <p>Mistaken assumptions about the ordering of records in
+ the answer section of a response containing CNAME or
+ DNAME resource records could lead to a situation in
+ which named would exit with an assertion failure when
+ processing a response in which records occurred in an
+ unusual order.</p>
+ </blockquote>
+ <blockquote cite="https://kb.isc.org/article/AA-01471/0">
+ <p>named contains a feature which allows operators to
+ issue commands to a running server by communicating
+ with the server process over a control channel,
+ using a utility program such as rndc.</p>
+ <p>A regression introduced in a recent feature change
+ has created a situation under which some versions of
+ named can be caused to exit with a REQUIRE assertion
+ failure if they are sent a null command string.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-3136</cvename>
+ <cvename>CVE-2017-3137</cvename>
+ <cvename>CVE-2017-3138</cvename>
+ <url>https://kb.isc.org/article/AA-01465/0</url>
+ <url>https://kb.isc.org/article/AA-01466/0</url>
+ <url>https://kb.isc.org/article/AA-01471/0</url>
+ </references>
+ <dates>
+ <discovery>2017-04-12</discovery>
+ <entry>2017-04-13</entry>
+ <modified>2017-04-13</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="e48355d7-1548-11e7-8611-0090f5f2f347">
+ <topic>id Tech 3 -- remote code execution vulnerability</topic>
+ <affects>
+ <package>
+ <name>ioquake3</name>
+ <range><lt>1.36_16</lt></range>
+ </package>
+ <package>
+ <name>ioquake3-devel</name>
+ <range><lt>g2930</lt></range>
+ </package>
+ <package>
+ <name>iourbanterror</name>
+ <range><lt>4.3.2,1</lt></range>
+ </package>
+ <package>
+ <name>openarena</name>
+ <range><lt>0.8.8.s1910_3,1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The content auto-download of id Tech 3 can be used to deliver
+ maliciously crafted content, that triggers downloading of
+ further content and loading and executing it as native code
+ with user credentials. This affects ioquake3, ioUrbanTerror,
+ OpenArena, the original Quake 3 Arena and other forks.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-6903</cvename>
+ <url>https://ioquake3.org/2017/03/13/important-security-update-please-update-ioquake3-immediately/</url>
+ </references>
+ <dates>
+ <discovery>2017-03-14</discovery>
+ <entry>2017-04-07</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="90becf7c-1acf-11e7-970f-002590263bf5">
+ <topic>xen-kernel -- broken check in memory_exchange() permits PV guest breakout</topic>
+ <affects>
+ <package>
+ <name>xen-kernel</name>
+ <range><lt>4.7.2_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Xen Project reports:</p>
+ <blockquote cite="http://xenbits.xen.org/xsa/advisory-206.html">
+ <p>The XSA-29 fix introduced an insufficient check on XENMEM_exchange
+ input, allowing the caller to drive hypervisor memory accesses
+ outside of the guest provided input/output arrays.</p>
+ <p>A malicious or buggy 64-bit PV guest may be able to access all of
+ system memory, allowing for all of privilege escalation, host
+ crashes, and information leaks.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-7228</cvename>
+ <url>https://xenbits.xen.org/xsa/advisory-212.html</url>
+ </references>
+ <dates>
+ <discovery>2017-04-04</discovery>
+ <entry>2017-04-06</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="04f29189-1a05-11e7-bc6e-b499baebfeaf">
+ <topic>cURL -- potential memory disclosure</topic>
+ <affects>
+ <package>
+ <name>curl</name>
+ <range><ge>6.5</ge><lt>7.53.1_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The cURL project reports:</p>
+ <blockquote cite="https://curl.haxx.se/docs/adv_20170403.html">
+ <p>There were two bugs in curl's parser for the command line option
+ --write-out (or -w for short) that would skip the end of string
+ zero byte if the string ended in a % (percent) or \ (backslash),
+ and it would read beyond that buffer in the heap memory and it
+ could then potentially output pieces of that memory to the
+ terminal or the target file etc..</p>
+ <p>This flaw only exists in the command line tool.</p>
+ <p>We are not aware of any exploit of this flaw.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://curl.haxx.se/docs/adv_20170403.html</url>
+ <cvename>CVE-2017-7407</cvename>
+ </references>
+ <dates>
+ <discovery>2017-04-03</discovery>
+ <entry>2017-04-05</entry>
+ <modified>2017-04-06</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="dc880d6c-195d-11e7-8c63-0800277dcc69">
+ <topic>django -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>py27-django</name>
+ <name>py33-django</name>
+ <name>py34-django</name>
+ <name>py35-django</name>
+ <name>py36-django</name>
+ <range><lt>1.8.18</lt></range>
+ </package>
+ <package>
+ <name>py27-django18</name>
+ <name>py33-django18</name>
+ <name>py34-django18</name>
+ <name>py35-django18</name>
+ <name>py36-django18</name>
+ <range><lt>1.8.18</lt></range>
+ </package>
+ <package>
+ <name>py27-django19</name>
+ <name>py33-django19</name>
+ <name>py34-django19</name>
+ <name>py35-django19</name>
+ <name>py36-django19</name>
+ <range><lt>1.9.13</lt></range>
+ </package>
+ <package>
+ <name>py27-django110</name>
+ <name>py33-django110</name>
+ <name>py34-django110</name>
+ <name>py35-django110</name>
+ <name>py36-django110</name>
+ <range><lt>1.10.7</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Django team reports:</p>
+ <blockquote cite="https://www.djangoproject.com/weblog/2017/apr/04/security-releases/">
+ <p>These release addresses two security issues detailed below. We
+ encourage all users of Django to upgrade as soon as possible.</p>
+ <ul>
+ <li>Open redirect and possible XSS attack via user-supplied numeric
+ redirect URLs</li>
+ <li>Open redirect vulnerability in django.views.static.serve()</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.djangoproject.com/weblog/2017/apr/04/security-releases/</url>
+ <cvename>CVE-2017-7233</cvename>
+ <cvename>CVE-2017-7234</cvename>
+ </references>
+ <dates>
+ <discovery>2017-04-04</discovery>
+ <entry>2017-04-04</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="356b02e9-1954-11e7-9608-001999f8d30b">
+ <topic>asterisk -- Buffer overflow in CDR's set user</topic>
+ <affects>
+ <package>
+ <name>asterisk13</name>
+ <range><lt>13.14.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Asterisk project reports:</p>
+ <blockquote cite="http://www.asterisk.org/downloads/security-advisories">
+ <p>No size checking is done when setting the user field
+ on a CDR. Thus, it is possible for someone to use an
+ arbitrarily large string and write past the end of the
+ user field storage buffer. This allows the possibility
+ of remote code injection.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://downloads.asterisk.org/pub/security/AST-2017-001.html</url>
+ <url>https://issues.asterisk.org/jira/browse/ASTERISK-26897</url>
+ </references>
+ <dates>
+ <discovery>2017-03-27</discovery>
+ <entry>2017-04-04</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="057e6616-1885-11e7-bb4d-a0d3c19bfa21">
+ <topic>NVIDIA UNIX driver -- multiple vulnerabilities in the kernel mode layer handler</topic>
+ <affects>
+ <package>
+ <name>nvidia-driver</name>
+ <range><lt>375.39</lt></range>
+ </package>
+ <package>
+ <name>nvidia-driver-340</name>
+ <range><lt>340.102</lt></range>
+ </package>
+ <package>
+ <name>nvidia-driver-304</name>
+ <range><lt>304.135</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>NVIDIA Unix security team reports:</p>
+ <blockquote cite="http://nvidia.custhelp.com/app/answers/detail/a_id/4398">
+ <p>NVIDIA GPU Display Driver contains vulnerabilities in the
+ kernel mode layer handler where multiple integer overflows,
+ improper access control, and improper validation of a user
+ input may cause a denial of service or potential escalation
+ of privileges.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-0309</cvename>
+ <cvename>CVE-2017-0310</cvename>
+ <cvename>CVE-2017-0311</cvename>
+ <cvename>CVE-2017-0318</cvename>
+ <cvename>CVE-2017-0321</cvename>
+ <url>http://nvidia.custhelp.com/app/answers/detail/a_id/4398</url>
+ </references>
+ <dates>
+ <discovery>2017-02-14</discovery>
+ <entry>2017-04-04</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="7cf058d8-158d-11e7-ba2c-e8e0b747a45a">
+ <topic>chromium -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <name>chromium-npapi</name>
+ <name>chromium-pulse</name>
+ <range><lt>57.0.2987.133</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Google Chrome Releases reports:</p>
+ <blockquote cite="https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop_29.html">
+ <p>5 security fixes in this release, including:</p>
+ <ul>
+ <li>[698622] Critical CVE-2017-5055: Use after free in printing. Credit to
+ Wadih Matar</li>
+ <li>[699166] High CVE-2017-5054: Heap buffer overflow in V8. Credit to
+ Nicolas Trippar of Zimperium zLabs</li>
+ <li>[662767] High CVE-2017-5052: Bad cast in Blink. Credit to
+ JeongHoon Shin</li>
+ <li>[705445] High CVE-2017-5056: Use after free in Blink. Credit to
+ anonymous</li>
+ <li>[702058] High CVE-2017-5053: Out of bounds memory access in V8. Credit to
+ Team Sniper (Keen Lab and PC Mgr) reported through ZDI (ZDI-CAN-4587)</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-5055</cvename>
+ <cvename>CVE-2017-5054</cvename>
+ <cvename>CVE-2017-5052</cvename>
+ <cvename>CVE-2017-5056</cvename>
+ <cvename>CVE-2017-5053</cvename>
+ <url>https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop_29.html</url>
+ </references>
+ <dates>
+ <discovery>2017-03-29</discovery>
+ <entry>2017-03-30</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="47873d72-14eb-11e7-970f-002590263bf5">
+ <topic>xen-tools -- xenstore denial of service via repeated update</topic>
+ <affects>
+ <package>
+ <name>xen-tools</name>
+ <range><lt>4.7.2_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Xen Project reports:</p>
+ <blockquote cite="http://xenbits.xen.org/xsa/advisory-206.html">
+ <p>Unprivileged guests may be able to stall progress of the control
+ domain or driver domain, possibly leading to a Denial of Service
+ (DoS) of the entire host.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://xenbits.xen.org/xsa/advisory-206.html</url>
+ </references>
+ <dates>
+ <discovery>2017-03-28</discovery>
+ <entry>2017-03-30</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="68611303-149e-11e7-b9bb-6805ca0b3d42">
+ <topic>phpMyAdmin -- bypass 'no password' restriction</topic>
+ <affects>
+ <package>
+ <name>phpMyAdmin</name>
+ <range><lt>4.7.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The phpMyAdmin team reports:</p>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2017-8/">
+ <h3>Summary</h3>
+ <p>Bypass $cfg['Servers'][$i]['AllowNoPassword']</p>
+ <h3>Description</h3>
+ <p>A vulnerability was discovered where the restrictions
+ caused by $cfg['Servers'][$i]['AllowNoPassword'] = false are
+ bypassed under certain PHP versions. This can allow the
+ login of users who have no password set even if the
+ administrator has set $cfg['Servers'][$i]['AllowNoPassword']
+ to false (which is also the default).</p>
+ <p>This behavior depends on the PHP version used (it seems
+ PHP 5 is affected, while PHP 7.0 is not).</p>
+ <h3>Severity</h3>
+ <p>We consider this vulnerability to be of moderate severity.</p>
+ <h3>Mitigation factor</h3>
+ <p>Set a password for all users.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.phpmyadmin.net/security/PMASA-2017-8/</url>
+ </references>
+ <dates>
+ <discovery>2017-03-28</discovery>
+ <entry>2017-03-29</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="04bc4e23-9a70-42cb-9fec-3613632d34bc">
+ <cancelled superseded="967b852b-1e28-11e6-8dd3-002590263bf5"/>
+ </vuln>
+
+ <vuln vid="2826317b-10ec-11e7-944e-000c292e4fd8">
+ <topic>samba -- symlink race allows access outside share definition</topic>
+ <affects>
+ <package>
+ <name>samba36</name>
+ <range><ge>3.6.0</ge><le>3.6.25_4</le></range>
+ </package>
+ <package>
+ <name>samba4</name>
+ <range><ge>4.0.0</ge><le>4.0.26</le></range>
+ </package>
+ <package>
+ <name>samba41</name>
+ <range><ge>4.1.0</ge><le>4.1.23</le></range>
+ </package>
+ <package>
+ <name>samba42</name>
+ <range><ge>4.2.0</ge><le>4.2.14</le></range>
+ </package>
+ <package>
+ <name>samba43</name>
+ <range><ge>4.3.0</ge><le>4.3.13</le></range>
+ </package>
+ <package>
+ <name>samba44</name>
+ <range><ge>4.4.0</ge><lt>4.4.12</lt></range>
+ </package>
+ <package>
+ <name>samba45</name>
+ <range><ge>4.5.0</ge><lt>4.5.7</lt></range>
+ </package>
+ <package>
+ <name>samba46</name>
+ <range><ge>4.6.0</ge><lt>4.6.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Samba team reports:</p>
+ <blockquote cite="https://www.samba.org/samba/security/CVE-2017-2619.html">
+ <p>A time-of-check, time-of-use race condition
+ can allow clients to access non-exported parts
+ of the file system via symlinks.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.samba.org/samba/security/CVE-2017-2619.html</url>
+ <cvename>CVE-2017-2619</cvename>
+ </references>
+ <dates>
+ <discovery>2017-03-23</discovery>
+ <entry>2017-03-24</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="af19ecd0-0f6a-11e7-970f-002590263bf5">
+ <topic>xen-tools -- Cirrus VGA Heap overflow via display refresh</topic>
+ <affects>
+ <package>
+ <name>xen-tools</name>
+ <range><lt>4.7.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Xen Project reports:</p>
+ <blockquote cite="http://xenbits.xen.org/xsa/advisory-211.html">
+ <p>A privileged user within the guest VM can cause a heap overflow in
+ the device model process, potentially escalating their privileges to
+ that of the device model process.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-9603</cvename>
+ <url>http://xenbits.xen.org/xsa/advisory-211.html</url>
+ </references>
+ <dates>
+ <discovery>2017-03-14</discovery>
+ <entry>2017-03-23</entry>
+ </dates>
+ </vuln>
+
<vuln vid="06f931c0-0be0-11e7-b4bf-5404a68ad561">
<topic>irssi -- use-after-free potential code execution</topic>
<affects>
@@ -79,6 +6904,7 @@
</description>
<references>
<url>https://irssi.org/security/irssi_sa_2017_03.txt</url>
+ <cvename>CVE-2017-7191</cvename>
</references>
<dates>
<discovery>2017-03-11</discovery>
@@ -408,7 +7234,7 @@
application. Methods and means of acquiring the CRLs is not part
of the TLS handshake and in the strict TLS setting this
vulnerability cannot be triggered remotely. The vulnerability
- cannot be triggered unless the application explicitely calls
+ cannot be triggered unless the application explicitly calls
mbedtls_x509_crl_parse() or mbedtls_x509_crl_parse_file()on a PEM
formatted CRL of untrusted origin. In which case the
vulnerability can be exploited to launch a denial of service
@@ -998,7 +7824,7 @@
<p>The Xen Project reports:</p>
<blockquote cite="http://xenbits.xen.org/xsa/advisory-209.html">
<p>In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine
- cirrus_bitblt_cputovideo fails to check wethehr the specified
+ cirrus_bitblt_cputovideo fails to check whether the specified
memory region is safe. A malicious guest administrator can cause
an out of bounds memory write, very likely exploitable as a
privilege escalation.</p>
@@ -1205,7 +8031,7 @@
</vuln>
<vuln vid="79bbb8f8-f049-11e6-8a6a-bcaec565249c">
- <topic>gtk-vnc -- bounds checking vulnabilities</topic>
+ <topic>gtk-vnc -- bounds checking vulnerabilities</topic>
<affects>
<package>
<name>gtk-vnc</name>
@@ -1480,7 +8306,7 @@
<p>Jens Georg reports:</p>
<blockquote cite="https://mail.gnome.org/archives/shotwell-list/2017-January/msg00048.html">
<p>I have just released Shotwell 0.24.5 and 0.25.4 which turn
- on HTTPS encyption all over the publishing plugins.</p>
+ on HTTPS encryption all over the publishing plugins.</p>
<p>Users using Tumblr and Yandex.Fotki publishing are strongly
advised to change their passwords and reauthenticate Shotwell
to those services after upgrade.</p>
@@ -1770,6 +8596,11 @@
<name>linux-c7-openssl-libs</name>
<range><lt>1.0.1e_3</lt></range>
</package>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>11.0</ge><lt>11.0_8</lt></range>
+ <range><ge>10.3</ge><lt>10.3_17</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -1818,11 +8649,12 @@
<cvename>CVE-2017-3730</cvename>
<cvename>CVE-2017-3731</cvename>
<cvename>CVE-2017-3732</cvename>
+ <freebsdsa>SA-17:02.openssl</freebsdsa>
</references>
<dates>
<discovery>2017-01-26</discovery>
<entry>2017-01-26</entry>
- <modified>2017-02-22</modified>
+ <modified>2017-05-26</modified>
</dates>
</vuln>
@@ -1950,10 +8782,10 @@
</blockquote>
<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2017-3/">
<h3>Summary</h3>
- <p>DOS vulnerabiltiy in table editing</p>
+ <p>DOS vulnerability in table editing</p>
<h3>Description</h3>
<p>It was possible to trigger recursive include operation by
- crafter parameters when editing table data.</p>
+ crafted parameters when editing table data.</p>
<h3>Severity</h3>
<p>We consider this to be non critical.</p>
</blockquote>
@@ -2022,7 +8854,7 @@
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>Intel Corporaion reports:</p>
+ <p>Intel Corporation reports:</p>
<blockquote cite="https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00063&languageid=en-fr">
<p>A security vulnerability in the Intel(R) Ethernet Controller X710
and Intel(R) Ethernet Controller XL710 family of products
@@ -3478,7 +10310,7 @@
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Samba team reports:</p>
<blockquote cite="https://www.samba.org/samba/latest_news.html#4.5.3">
- <p>[CVE-2016-2123] Authenicated users can supply malicious dnsRecord attributes
+ <p>[CVE-2016-2123] Authenticated users can supply malicious dnsRecord attributes
on DNS objects and trigger a controlled memory corruption.</p>
<p>[CVE-2016-2125] Samba client code always requests a forwardable ticket
when using Kerberos authentication. This means the target server, which must be in the current or trusted
@@ -3669,7 +10501,7 @@
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Squid security advisory 2016:10 reports:</p>
<blockquote cite="http://www.squid-cache.org/Advisories/SQUID-2016_10.txt">
- <p>Due to incorrect comparsion of request headers Squid can deliver
+ <p>Due to incorrect comparison of request headers Squid can deliver
responses containing private data to clients it should not have
reached.</p>
<p>This problem allows a remote attacker to discover private and
@@ -3886,7 +10718,7 @@
<h2>printf floating point buffer overflow</h2>
<p>libcurl's implementation of the printf() functions triggers a
buffer overflow when doing a large floating point output. The bug
- occurs whenthe conversion outputs more than 255 bytes.</p>
+ occurs when the conversion outputs more than 255 bytes.</p>
</blockquote>
</body>
</description>
@@ -4128,7 +10960,7 @@
':' delimiter of any request header lines.<br/><br/>
RFC7230 Section 3.5 calls out some of these whitespace exceptions,
and section 3.2.3 eliminated and clarified the role of implied
- whitespace in the grammer of this specification. Section 3.1.1
+ whitespace in the grammar of this specification. Section 3.1.1
requires exactly one single SP between the method and
request-target, and between the request-target and HTTP-version,
followed immediately by a CRLF sequence. None of these
@@ -4142,7 +10974,7 @@
application servers, either through mod_proxy or using conventional
CGI mechanisms. In each case where one agent accepts such CTL
characters and does not treat them as whitespace, there is the
- possiblity in a proxy chain of generating two responses from a
+ possibility in a proxy chain of generating two responses from a
server behind the uncautious proxy agent. In a sequence of two
requests, this results in request A to the first proxy being
interpreted as requests A + A' by the backend server, and if
@@ -4936,7 +11768,7 @@
<blockquote cite="http://seclists.org/oss-sec/2016/q4/413">
<p>Imagemagick before 3cbfb163cff9e5b8cdeace8312e9bfee810ed02b
suffer from a heap overflow in WaveletDenoiseImage(). This problem is
- easelly trigerrable from a perl script.</p>
+ easily trigerrable from a Perl script.</p>
</blockquote>
</body>
</description>
@@ -5038,7 +11870,7 @@
sensitive host files (an information leak). Additionally, a
malicious guest administrator can cause files on the host to be
removed, causing a denial of service. In some unusual host
- configurations, ability to remove certain files may be useable for
+ configurations, ability to remove certain files may be usable for
privilege escalation.</p>
</blockquote>
</body>
@@ -5857,7 +12689,7 @@
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>The phpMYAdmin development team reports:</p>
+ <p>The phpMyAdmin development team reports:</p>
<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-57/">
<h3>Summary</h3>
<p>Open redirection</p>
@@ -6103,8 +12935,8 @@
<p>LegalHackers' reports:</p>
<blockquote cite="http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html">
<p>RCE Bugs discovered in MySQL and its variants like MariaDB.
- It works by manupulating my.cnf files and using --malloc-lib.
- The bug seems fixed in MySQL5.7.15 by Oracle</p>
+ It works by manipulating my.cnf files and using --malloc-lib.
+ The bug seems fixed in MySQL 5.7.15 by Oracle</p>
</blockquote>
</body>
</description>
@@ -6521,7 +13353,7 @@
<url>https://googlechromereleases.blogspot.nl/2016/11/stable-channel-update-for-desktop_9.html</url>
</references>
<dates>
- <discovery>2016-11-9</discovery>
+ <discovery>2016-11-09</discovery>
<entry>2016-11-10</entry>
</dates>
</vuln>
@@ -6573,7 +13405,7 @@
<topic>gitlab -- Directory traversal via "import/export" feature</topic>
<affects>
<package>
- <name>rubygem-gitlab</name>
+ <name>gitlab</name>
<range><ge>8.10.0</ge><le>8.10.12</le></range>
<range><ge>8.11.0</ge><le>8.11.9</le></range>
<range><ge>8.12.0</ge><le>8.12.7</le></range>
@@ -6601,6 +13433,7 @@
<dates>
<discovery>2016-11-02</discovery>
<entry>2016-11-09</entry>
+ <modified>2017-05-18</modified>
</dates>
</vuln>
@@ -7147,7 +13980,7 @@
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>Node.js has released new verions containing the following security fix:</p>
+ <p>Node.js has released new versions containing the following security fix:</p>
<blockquote cite="https://nodejs.org/en/blog/vulnerability/october-2016-security-releases/">
<p>The following releases all contain fixes for CVE-2016-5180 "ares_create_query single
byte out of buffer write": Node.js v0.10.48 (Maintenance), Node.js v0.12.17 (Maintenance),
@@ -7681,7 +14514,7 @@
<p>Debian reports:</p>
<blockquote cite="https://www.debian.org/security/2016/dsa-3675">
<p>Various memory handling problems and cases of missing or
- incomplete input sanitising may result in denial of service or the
+ incomplete input sanitizing may result in denial of service or the
execution of arbitrary code if malformed SIXEL, PDB, MAP, SGI, TIFF and
CALS files are processed.</p>
</blockquote>
@@ -7935,7 +14768,7 @@
directory.</p>
<h1>Impact:</h1>
<p>An attacker who can control freebsd-update's or portsnap's
- input to tar can change file content or permisssions on
+ input to tar(1) can change file content or permissions on
files outside of the update tool's working sandbox.</p>
</body>
</description>
@@ -8492,8 +15325,8 @@
<p>LegalHackers' reports:</p>
<blockquote cite="http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html">
<p>RCE Bugs discovered in MySQL and its variants like MariaDB.
- It works by manupulating my.cnf files and using --malloc-lib.
- The bug seems fixed in MySQL5.7.15 by Oracle</p>
+ It works by manipulating my.cnf files and using --malloc-lib.
+ The bug seems fixed in MySQL 5.7.15 by Oracle</p>
</blockquote>
</body>
</description>
@@ -9249,7 +16082,7 @@
</vuln>
<vuln vid="e195679d-045b-4953-bb33-be0073ba2ac6">
- <topic>libxml2 -- multiple vulnabilities</topic>
+ <topic>libxml2 -- multiple vulnerabilities</topic>
<affects>
<package>
<name>libxml2</name>
@@ -10516,7 +17349,7 @@
<h1>Problem Description:</h1>
<p>The SNMP protocol supports an authentication model called
USM, which relies on a shared secret. The default permission
- of the snmpd.configiguration file, /etc/snmpd.config, is
+ of the snmpd configuration file, /etc/snmpd.config, is
weak and does not provide adequate protection against local
unprivileged users.</p>
<h1>Impact:</h1>
@@ -10820,7 +17653,7 @@
would run commands.</p>
<h1>Impact:</h1>
<p>This issue could be exploited to execute arbitrary
- commands as the user invoking patch(1) against a specically
+ commands as the user invoking patch(1) against a specially
crafted patch file, which could be leveraged to obtain
elevated privileges.</p>
</body>
@@ -10896,7 +17729,7 @@
commands.</p>
<h1>Impact:</h1>
<p>This issue could be exploited to execute arbitrary
- commands as the user invoking patch(1) against a specically
+ commands as the user invoking patch(1) against a specially
crafted patch file, which could be leveraged to obtain
elevated privileges.</p>
</body>
@@ -11099,7 +17932,7 @@
can read or write 16-bits of kernel memory.</p>
<h1>Impact:</h1>
<p>An unprivileged process can read or modify 16-bits of
- memory which belongs to the kernel. This smay lead to
+ memory which belongs to the kernel. This may lead to
exposure of sensitive information or allow privilege
escalation.</p>
</body>
@@ -11912,7 +18745,7 @@
</package>
<package>
<name>bind9-devel</name>
- <range><ge>0</ge></range>
+ <range><le>9.12.0.a.2016.11.02</le></range>
</package>
<package>
<name>knot</name>
@@ -11959,6 +18792,7 @@
<dates>
<discovery>2016-07-06</discovery>
<entry>2016-08-10</entry>
+ <modified>2017-04-24</modified>
</dates>
</vuln>
@@ -12504,7 +19338,7 @@
pre-existing pagetable entries, to skip expensive re-validation
in safe cases (e.g. clearing only Access/Dirty bits). The bits
considered safe were too broad, and not actually safe.</p>
- <p>A malicous PV guest administrator can escalate their privilege to
+ <p>A malicious PV guest administrator can escalate their privilege to
that of the host.</p>
</blockquote>
</body>
@@ -12521,7 +19355,7 @@
</vuln>
<vuln vid="cb5189eb-572f-11e6-b334-002590263bf5">
- <topic>libidn -- mulitiple vulnerabilities</topic>
+ <topic>libidn -- multiple vulnerabilities</topic>
<affects>
<package>
<name>libidn</name>
@@ -13043,7 +19877,7 @@
</vuln>
<vuln vid="00cb1469-4afc-11e6-97ea-002590263bf5">
- <topic>atutor -- multiple vulnerabilites</topic>
+ <topic>atutor -- multiple vulnerabilities</topic>
<affects>
<package>
<name>atutor</name>
@@ -13070,7 +19904,7 @@
</vuln>
<vuln vid="ffa8ca79-4afb-11e6-97ea-002590263bf5">
- <topic>atutor -- multiple vulnerabilites</topic>
+ <topic>atutor -- multiple vulnerabilities</topic>
<affects>
<package>
<name>atutor</name>
@@ -13201,45 +20035,7 @@
</vuln>
<vuln vid="61b8c359-4aab-11e6-a7bd-14dae9d210b8">
- <topic>Apache Commons FileUpload -- denial of service</topic>
- <affects>
- <package>
- <name>tomcat</name>
- <range><ge>0</ge></range>
- </package>
- <package>
- <name>tomcat7</name>
- <range><lt>7.0.70</lt></range>
- </package>
- <package>
- <name>tomcat8</name>
- <range><lt>8.0.36</lt></range>
- </package>
- <package>
- <name>apache-struts</name>
- <range><le>2.5.2</le></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Jochen Wiedmann reports:</p>
- <blockquote cite="http://jvn.jp/en/jp/JVN89379547/index.html">
- <p>A malicious client can send file upload requests that cause
- the HTTP server using the Apache Commons Fileupload library to become
- unresponsive, preventing the server from servicing other requests.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <url>http://jvn.jp/en/jp/JVN89379547/index.html</url>
- <url>http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3E</url>
- <cvename>CVE-2016-3092</cvename>
- </references>
- <dates>
- <discovery>2016-06-21</discovery>
- <entry>2016-07-15</entry>
- <modified>2017-03-18</modified>
- </dates>
+ <cancelled superseded="cbceeb49-3bc7-11e6-8e82-002590263bf5"/>
</vuln>
<vuln vid="3159cd70-4aaa-11e6-a7bd-14dae9d210b8">
@@ -13536,7 +20332,7 @@
rate-limited in any way. The guest can easily cause qemu to print
messages to stderr, causing this file to become arbitrarily large.
</p>
- <p>The disk containing the logfile can be exausted, possibly causing a
+ <p>The disk containing the logfile can be exhausted, possibly causing a
denial-of-service (DoS).</p>
</blockquote>
</body>
@@ -13986,7 +20782,7 @@
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>The phpMYAdmin development team reports:</p>
+ <p>The phpMyAdmin development team reports:</p>
<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-17/">
<h3>Summary</h3>
<p>BBCode injection vulnerability</p>
@@ -14410,7 +21206,7 @@
</vuln>
<vuln vid="cbceeb49-3bc7-11e6-8e82-002590263bf5">
- <topic>tomcat -- remote DoS in the Apache Commons FileUpload component</topic>
+ <topic>Apache Commons FileUpload -- denial of service (DoS) vulnerability</topic>
<affects>
<package>
<name>tomcat7</name>
@@ -14420,6 +21216,10 @@
<name>tomcat8</name>
<range><lt>8.0.36</lt></range>
</package>
+ <package>
+ <name>apache-struts</name>
+ <range><lt>2.5.2</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -14440,10 +21240,12 @@
<url>http://tomcat.apache.org/security-7.html</url>
<url>http://tomcat.apache.org/security-8.html</url>
<url>http://mail-archives.apache.org/mod_mbox/tomcat-announce/201606.mbox/%3C6223ece6-2b41-ef4f-22f9-d3481e492832%40apache.org%3E</url>
+ <url>http://jvn.jp/en/jp/JVN89379547/index.html</url>
</references>
<dates>
<discovery>2016-06-20</discovery>
<entry>2016-06-26</entry>
+ <modified>2017-08-10</modified>
</dates>
</vuln>
@@ -14672,7 +21474,7 @@
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Piwik reports:</p>
<blockquote cite="http://piwik.org/changelog/piwik-2-16-1/">
- <p>iThe Piwik Security team is grateful for the responsible
+ <p>The Piwik Security team is grateful for the responsible
disclosures by our security researchers: Egidio Romano (granted a
critical security bounty), James Kettle and Paweł Bartunek (XSS) and
Emanuel Bronshtein (limited XSS).</p>
@@ -16103,12 +22905,16 @@
</vuln>
<vuln vid="967b852b-1e28-11e6-8dd3-002590263bf5">
- <topic>wpa_supplicant -- psk configuration parameter update allowing arbitrary data to be written</topic>
+ <topic>hostapd and wpa_supplicant -- psk configuration parameter update allowing arbitrary data to be written</topic>
<affects>
<package>
<name>wpa_supplicant</name>
<range><lt>2.5_2</lt></range>
</package>
+ <package>
+ <name>hostapd</name>
+ <range><lt>2.6</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -16128,7 +22934,7 @@
<dates>
<discovery>2016-05-02</discovery>
<entry>2016-05-20</entry>
- <modified>2016-05-20</modified>
+ <modified>2017-03-22</modified>
</dates>
</vuln>
@@ -17496,12 +24302,16 @@
</vuln>
<vuln vid="976567f6-05c5-11e6-94fa-002590263bf5">
- <topic>wpa_supplicant -- multiple vulnerabilities</topic>
+ <topic>hostapd and wpa_supplicant -- multiple vulnerabilities</topic>
<affects>
<package>
<name>wpa_supplicant</name>
<range><lt>2.5_1</lt></range>
</package>
+ <package>
+ <name>hostapd</name>
+ <range><lt>2.6</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -17532,6 +24342,7 @@
<dates>
<discovery>2015-11-10</discovery>
<entry>2016-04-19</entry>
+ <modified>2017-03-22</modified>
</dates>
</vuln>
@@ -18470,10 +25281,10 @@
<p>JMS Object messages depends on Java Serialization for
marshaling/unmashaling of the message payload. There are a couple of places
inside the broker where deserialization can occur, like web console or stomp
- object message transformation. As deserialization of untrusted data can leaed to
+ object message transformation. As deserialization of untrusted data can lead to
security flaws as demonstrated in various reports, this leaves the broker
- vunerable to this attack vector. Additionally, applications that consume
- ObjectMessage type of messages can be vunerable as they deserlize objects on
+ vulnerable to this attack vector. Additionally, applications that consume
+ ObjectMessage type of messages can be vulnerable as they deserialize objects on
ObjectMessage.getObject() calls.</p>
</blockquote>
</body>
@@ -19734,7 +26545,7 @@
<p>Andreas Schneider reports:</p>
<blockquote cite="https://www.libssh.org/2016/02/23/libssh-0-7-3-security-and-bugfix-release/">
<p>libssh versions 0.1 and above have a bits/bytes confusion bug and
- generate the an anormaly short ephemeral secret for the
+ generate an abnormally short ephemeral secret for the
diffie-hellman-group1 and diffie-hellman-group14 key exchange
methods. The resulting secret is 128 bits long, instead of the
recommended sizes of 1024 and 2048 bits respectively. There are
@@ -19760,7 +26571,7 @@
</vuln>
<vuln vid="7d09b9ee-e0ba-11e5-abc4-6fb07af136d2">
- <topic>exim -- local privilleges escalation</topic>
+ <topic>exim -- local privillege escalation</topic>
<affects>
<package>
<name>exim</name>
@@ -20158,7 +26969,7 @@
<p>The Apache Software Foundation reports:</p>
<blockquote cite="http://xerces.apache.org/xerces-c/secadv/CVE-2016-0729.txt">
<p>The Xerces-C XML parser mishandles certain kinds of malformed input
- documents, resulting in buffer overlows during processing and error
+ documents, resulting in buffer overflows during processing and error
reporting. The overflows can manifest as a segmentation fault or as
memory corruption during a parse operation. The bugs allow for a
denial of service attack in many applications by an unauthenticated
@@ -23092,7 +29903,7 @@
<body xmlns="http://www.w3.org/1999/xhtml">
<p>DrWhax reports:</p>
<blockquote cite="http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3557">
- <p>So in codeconv.c there is a function for japanese character set
+ <p>So in codeconv.c there is a function for Japanese character set
conversion called conv_jistoeuc(). There is no bounds checking on
the output buffer, which is created on the stack with alloca()
Bug can be triggered by sending an email to TAILS_luser at riseup.net
@@ -23099,7 +29910,7 @@
or whatever.
Since my C is completely rusty, you might be able to make a better
- judgement on the severity of this issue. Marking critical for now.</p>
+ judgment on the severity of this issue. Marking critical for now.</p>
</blockquote>
</body>
</description>
@@ -25033,7 +31844,7 @@
</vuln>
<vuln vid="84c7ea88-bf04-4bdc-973b-36744bf540ab">
- <topic>flash -- multiple vulnabilities</topic>
+ <topic>flash -- multiple vulnerabilities</topic>
<affects>
<package>
<name>linux-c6-flashplugin</name>
@@ -25639,7 +32450,7 @@
a potential volume name of something like '../../../etc/passwd' to
attempt to access a file not belonging to the storage pool. When
fine-grained Access Control Lists (ACL) are in effect, a user with
- storage_vol:create ACL permission but lacking domain:write permssion
+ storage_vol:create ACL permission but lacking domain:write permission
could thus abuse virStorageVolCreateXML and similar APIs to gain
access to files not normally permitted to that user. Fortunately, it
appears that the only APIs that could leak information or corrupt
@@ -25879,7 +32690,7 @@
</blockquote>
<blockquote cite="https://developer.joomla.org/security-centre/634-20151214-core-directory-traversal.html">
<h2>[20151203] - Core - Directory Traversal</h2>
- <p>Failure to properly sanitise input data from the XML install file
+ <p>Failure to properly sanitize input data from the XML install file
located within an extension's package archive allows for directory
traversal.</p>
</blockquote>
@@ -25932,7 +32743,7 @@
<body xmlns="http://www.w3.org/1999/xhtml">
<p>ISC reports:</p>
<blockquote cite="https://kb.isc.org/article/AA-01328/0/BIND-9.10.3-P2-Release-Notes.html">
- <p>Named is potentially vulnerable to the OpenSSL vulnerabilty described in CVE-2015-3193.</p>
+ <p>Named is potentially vulnerable to the OpenSSL vulnerability described in CVE-2015-3193.</p>
<p>Incorrect reference counting could result in an INSIST
failure if a socket error occurred while performing a lookup. This flaw
is disclosed in CVE-2015-8461. [RT#40945]</p>
@@ -26462,7 +33273,7 @@
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Redmine reports:</p>
<blockquote cite="http://www.redmine.org/projects/redmine/wiki/Security_Advisories">
- <p>Mass-assignemnt vulnerability that would allow an attacker to
+ <p>Mass-assignment vulnerability that would allow an attacker to
bypass part of the security checks.</p>
<p>Persistent XSS vulnerability</p>
</blockquote>
@@ -26554,7 +33365,7 @@
</vuln>
<vuln vid="c8842a84-9ddd-11e5-8c2f-c485083ca99c">
- <topic>flash -- multiple vulnabilities</topic>
+ <topic>flash -- multiple vulnerabilities</topic>
<affects>
<package>
<name>linux-c6-flashplugin</name>
@@ -27187,7 +33998,7 @@
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Google Chrome Releases reports:</p>
<blockquote cite="http://googlechromereleases.blogspot.nl/2015/12/stable-channel-update.html">
- <p>41 security fixes in this release, inclduding:</p>
+ <p>41 security fixes in this release, including:</p>
<ul>
<li>[558589] Critical CVE-2015-6765: Use-after-free in AppCache.
Credit to anonymous.</li>
@@ -27462,7 +34273,7 @@
</vuln>
<vuln vid="ecc268f2-8fc2-11e5-918c-bcaec565249c">
- <topic>libxslt -- DoS vulnability due to type confusing error</topic>
+ <topic>libxslt -- DoS vulnerability due to type confusing error</topic>
<affects>
<package>
<name>libsxlt</name>
@@ -27491,7 +34302,7 @@
</vuln>
<vuln vid="e5423caf-8fb8-11e5-918c-bcaec565249c">
- <topic>libxml2 -- multiple vulnabilities</topic>
+ <topic>libxml2 -- multiple vulnerabilities</topic>
<affects>
<package>
<name>libxml2</name>
@@ -27862,7 +34673,7 @@
</vuln>
<vuln vid="547fbd98-8b1f-11e5-b48b-bcaec565249c">
- <topic>flash -- multiple vulnabilities</topic>
+ <topic>flash -- multiple vulnerabilities</topic>
<affects>
<package>
<name>linux-c6-flashplugin</name>
@@ -28280,7 +35091,7 @@
<blockquote cite="http://xenbits.xen.org/xsa/advisory-148.html">
<p>The code to validate level 2 page table entries is bypassed when
certain conditions are satisfied. This means that a PV guest can
- create writeable mappings using super page mappings. Such writeable
+ create writable mappings using super page mappings. Such writable
mappings can violate Xen intended invariants for pages which Xen is
supposed to keep read-only. This is possible even if the
"allowsuperpage" command line option is not used.</p>
@@ -28893,7 +35704,7 @@
</vuln>
<vuln vid="beb3d5fc-7ac5-11e5-b35a-002590263bf5">
- <topic>Joomla! -- Core - Unauthorised Login vulnerability</topic>
+ <topic>Joomla! -- Core - Unauthorized Login vulnerability</topic>
<affects>
<package>
<name>joomla3</name>
@@ -28909,8 +35720,8 @@
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The JSST and the Joomla! Security Center report:</p>
<blockquote cite="http://developer.joomla.org/security-centre/594-20140902-core-unauthorised-logins.html">
- <h2>[20140902] - Core - Unauthorised Logins</h2>
- <p>Inadequate checking allowed unauthorised logins via LDAP
+ <h2>[20140902] - Core - Unauthorized Logins</h2>
+ <p>Inadequate checking allowed unauthorized logins via LDAP
authentication.</p>
</blockquote>
</body>
@@ -29667,7 +36478,7 @@
some improper escaping in their shell commands, causing special
characters present in menu item titles to be interpreted by the
shell. This includes the backtick evaluation operator, so this
- constitutues a security issue, allowing execution of arbitrary
+ constitutes a security issue, allowing execution of arbitrary
commands if an attacker has control over the text displayed in
a menu.</p>
</blockquote>
@@ -30160,7 +36971,7 @@
</vuln>
<vuln vid="4e3e8a50-65c1-11e5-948e-bcaec565249c">
- <topic>flash -- multiple vulnabilities</topic>
+ <topic>flash -- multiple vulnerabilities</topic>
<affects>
<package>
<name>linux-c6-flashplugin</name>
@@ -30854,7 +37665,7 @@
built with OpenSSL and configured for "SSL-Bump" decryption.</p>
<p>Integer overflows can lead to invalid pointer math reading from
random memory on some CPU architectures. In the best case this leads
- to wrong TLS extensiosn being used for the client, worst-case a
+ to wrong TLS extensions being used for the client, worst-case a
crash of the proxy terminating all active transactions.</p>
<p>Incorrect message size checks and assumptions about the existence
of TLS extensions in the SSL/TLS handshake message can lead to very
@@ -31009,9 +37820,9 @@
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Qinghao Tang reports:</p>
<blockquote cite="http://seclists.org/oss-sec/2015/q3/559">
- <p>The function ParseExtension() in openslp 1.2.1 exists a
- vulnerability , an attacher can cause a denial of service
- (infinite loop) via a packet with crafted "nextoffset"
+ <p>The function ParseExtension() in openslp 1.2.1 contains
+ vulnerability: an attacker can cause a denial of service
+ (infinite loop) via a packet with crafted "nextoffset"
value and "extid" value.</p>
</blockquote>
</body>
@@ -32733,7 +39544,7 @@
<blockquote cite="http://xenbits.xen.org/xsa/advisory-140.html">
<p>The QEMU model of the RTL8139 network card did not sufficiently
validate inputs in the C+ mode offload emulation. This results in
- uninitialised memory from the QEMU process's heap being leaked to
+ uninitialized memory from the QEMU process's heap being leaked to
the domain as well as to the network.</p>
<p>A guest may be able to read sensitive host-level data relating to
itself which resides in the QEMU process.</p>
@@ -34470,7 +41281,7 @@
<blockquote cite="http://seclists.org/oss-sec/2015/q3/121">
<p>Description</p>
<p>When an application has Groovy on the classpath and that
- it uses standard Java serialization mechanim to communicate
+ it uses standard Java serialization mechanism to communicate
between servers, or to store local data, it is possible for
an attacker to bake a special serialized object that will
execute code directly when deserialized. All applications
@@ -35046,7 +41857,7 @@
</vuln>
<vuln vid="379788f3-2900-11e5-a4a5-002590263bf5">
- <topic>freeradius -- insufficent CRL application vulnerability</topic>
+ <topic>freeradius -- insufficient CRL application vulnerability</topic>
<affects>
<package>
<name>freeradius2</name>
@@ -35241,7 +42052,7 @@
through PCI devices not explicitly dealt with for (partial)
emulation purposes.</p>
<p>Since the effect depends on the specific purpose of the the config
- space field, it's not possbile to give a general statement about the
+ space field, it's not possible to give a general statement about the
exact impact on the host or other guests. Privilege escalation,
host crash (Denial of Service), and leaked information all cannot be
excluded.</p>
@@ -35645,7 +42456,7 @@
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Xen Project reports:</p>
<blockquote cite="http://xenbits.xen.org/xsa/advisory-118.html">
- <p>On ARM systems the code which deals with virtualising the GIC
+ <p>On ARM systems the code which deals with virtualizing the GIC
distributor would, under various circumstances, log messages on a
guest accessible code path without appropriate rate limiting.</p>
<p>A malicious guest could cause repeated logging to the hypervisor
@@ -36469,7 +43280,7 @@
<p>The Page allocation is moved into textcommon.c, where it does all the
necessary checking: lower-bounds for CVE-2015-3258 and upper-bounds
for CVE-2015-3259 due to integer overflows for the calloc() call
- initialising Page[0] and the memset() call in texttopdf.c's
+ initializing Page[0] and the memset() call in texttopdf.c's
WritePage() function zeroing the entire array.</p>
</blockquote>
</body>
@@ -36605,7 +43416,7 @@
</vuln>
<vuln vid="0d0f3050-1f69-11e5-9ba9-d050996490d0">
- <topic>ntp -- control message remote Deinal of Service vulnerability</topic>
+ <topic>ntp -- control message remote Denial of Service vulnerability</topic>
<affects>
<package>
<name>ntp</name>
@@ -37180,7 +43991,7 @@
</vuln>
<vuln vid="d46ed7b8-1912-11e5-9fdf-00262d5ed8ee">
- <topic>www/chromium -- mulitple vulnerabilities</topic>
+ <topic>www/chromium -- multiple vulnerabilities</topic>
<affects>
<package>
<name>chromium</name>
@@ -37229,7 +44040,7 @@
</vuln>
<vuln vid="0f154810-16e4-11e5-a1cf-002590263bf5">
- <topic>rubygem-paperclip -- validation bypass vulnerabilitiy</topic>
+ <topic>rubygem-paperclip -- validation bypass vulnerability</topic>
<affects>
<package>
<name>rubygem-paperclip</name>
@@ -37333,7 +44144,7 @@
</vuln>
<vuln vid="a3929112-181b-11e5-a1cf-002590263bf5">
- <topic>cacti -- Multiple XSS and SQL injection vulerabilities</topic>
+ <topic>cacti -- Multiple XSS and SQL injection vulnerabilities</topic>
<affects>
<package>
<name>cacti</name>
@@ -37346,7 +44157,7 @@
<blockquote cite="http://www.cacti.net/release_notes_0_8_8d.php">
<p>Important Security Fixes</p>
<ul>
- <li>Multiple XSS and SQL injection vulerabilities</li>
+ <li>Multiple XSS and SQL injection vulnerabilities</li>
</ul>
<p>Changelog</p>
<ul>
@@ -37556,7 +44367,7 @@
connection is already kept alive.</p>
<p>With this flaw present, using the handle even
after a reset would make libcurl accidentally use
- those credentials in a subseqent request if done
+ those credentials in a subsequent request if done
to the same host name and connection as was
previously accessed.</p>
<p>An example case would be first requesting a password
@@ -37576,7 +44387,7 @@
to figure out what data range to send back.</p>
<p>The values are used and trusted without boundary
checks and are just assumed to be valid. This allows
- carefully handicrafted packages to trick libcurl
+ carefully handcrafted packages to trick libcurl
into responding and sending off data that was not
intended. Or just crash if the values cause libcurl
to access invalid memory.</p>
@@ -37828,7 +44639,7 @@
<li>Malformed ECParameters causes infinite loop (CVE-2015-1788)</li>
<li>Exploitable out-of-bounds read in X509_cmp_time
(CVE-2015-1789)</li>
- <li>iPKCS7 crash with missing EnvelopedContent (CVE-2015-1790)</li>
+ <li>PKCS#7 crash with missing EnvelopedContent (CVE-2015-1790)</li>
<li>CMS verify infinite loop with unknown hash function
(CVE-2015-1792)</li>
<li>Race condition handling NewSessionTicket (CVE-2015-1791)</li>
@@ -38159,7 +44970,7 @@
<blockquote cite="http://seclists.org/oss-sec/2015/q2/633">
<p>tidy is affected by a write out of bounds when processing malformed html files.</p>
<p>This issue could be abused on server side applications that use php-tidy extension with user input.</p>
- <p>The issue was confirmed, analysed and fixed by the tidy5 maintainer.</p>
+ <p>The issue was confirmed, analyzed, and fixed by the tidy5 maintainer.</p>
</blockquote>
</body>
</description>
@@ -38797,10 +45608,10 @@
<p>cURL reports:</p>
<blockquote cite="http://curl.haxx.se/docs/adv_20150422A.html">
<p>libcurl keeps a pool of its last few connections around
- after use to fascilitate easy, conventient and completely
+ after use to facilitate easy, convenient, and completely
transparent connection re-use for applications.</p>
<p>When doing HTTP requests NTLM authenticated, the entire
- connnection becomes authenticated and not just the
+ connection becomes authenticated and not just the
specific HTTP request which is otherwise how HTTP works.
This makes NTLM special and a subject for special
treatment in the code. With NTLM, once the connection is
@@ -38809,7 +45620,7 @@
</blockquote>
<blockquote cite="http://curl.haxx.se/docs/adv_20150422B.html">
<p>When doing HTTP requests Negotiate authenticated, the
- entire connnection may become authenticated and not just
+ entire connection may become authenticated and not just
the specific HTTP request which is otherwise how HTTP
works, as Negotiate can basically use NTLM under the hood.
curl was not adhering to this fact but would assume that
@@ -39390,7 +46201,7 @@
<blockquote cite="http://blog.rubygems.org/2015/05/14/CVE-2015-3900.html">
<p>RubyGems provides the ability of a domain to direct clients to a
separate host that is used to fetch gems and make API calls against.
- This mechanism is implemented via DNS, specificly a SRV record
+ This mechanism is implemented via DNS, specifically a SRV record
_rubygems._tcp under the original requested domain.</p>
<p>RubyGems did not validate the hostname returned in the SRV record
before sending requests to it. This left clients open to a DNS
@@ -39930,7 +46741,7 @@
</vuln>
<vuln vid="b13af778-f4fc-11e4-a95d-ac9e174be3af">
- <topic>Vulnerablitiy in HWP document filter</topic>
+ <topic>Vulnerability in HWP document filter</topic>
<affects>
<package>
<name>libreoffice</name>
@@ -40324,12 +47135,12 @@
upgrade to this version.</p>
<p>The PHP development team announces the immediate
availability of PHP 5.5.24. Several bugs have been
- fixed some of them beeing security related, like
+ fixed, some of them being security related, like
CVE-2015-1351 and CVE-2015-1352. All PHP 5.5 users
are encouraged to upgrade to this version.</p>
<p>The PHP development team announces the immediate
availability of PHP 5.6.8. Several bugs have been
- fixed some of them beeing security related, like
+ fixed, some of them being security related, like
CVE-2015-1351 and CVE-2015-1352. All PHP 5.6 users
are encouraged to upgrade to this version.</p>
</blockquote>
@@ -40352,7 +47163,7 @@
</vuln>
<vuln vid="505904d3-ea95-11e4-beaf-bcaec565249c">
- <topic>wordpress -- multiple vulnabilities</topic>
+ <topic>wordpress -- multiple vulnerabilities</topic>
<affects>
<package>
<name>wordpress</name>
@@ -41592,7 +48403,7 @@
[Client] (CVE-2015-0204). OpenSSL only.</li>
<li>Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)</li>
<li>ASN.1 structure reuse memory corruption (CVE-2015-0287)</li>
- <li>PKCS7 NULL pointer dereferences (CVE-2015-0289)</li>
+ <li>PKCS#7 NULL pointer dereferences (CVE-2015-0289)</li>
<li>Base64 decode (CVE-2015-0292). OpenSSL only.</li>
<li>DoS via reachable assert in SSLv2 servers
(CVE-2015-0293). OpenSSL only.</li>
@@ -42009,7 +48820,7 @@
<p>Richard J. Moore reports:</p>
<blockquote cite="http://lists.qt-project.org/pipermail/announce/2015-February/000059.html">
<p>The builtin BMP decoder in QtGui prior to Qt 5.5 contained a bug
- that would lead to a divsion by zero when loading certain corrupt
+ that would lead to a division by zero when loading certain corrupt
BMP files. This in turn would cause the application loading these
hand crafted BMPs to crash.</p>
</blockquote>
@@ -42307,7 +49118,7 @@
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>Samba developement team reports:</p>
+ <p>Samba development team reports:</p>
<blockquote cite="https://www.samba.org/samba/security/CVE-2015-0240">
<p>All versions of Samba from 3.5.0 to 4.2.0rc4 are
vulnerable to an unexpected code execution vulnerability
@@ -42859,7 +49670,7 @@
user who is viewing connected clients.</li>
</ul>
<p>In all cases, the attacker needs a valid user account on the
- targetted RabbitMQ cluster.</p>
+ targeted RabbitMQ cluster.</p>
<p>Furthermore, some admin-controllable content was not properly
escaped:</p>
<ul>
@@ -44047,7 +50858,7 @@
<p>The Network Time Protocol (NTP) provides networked
systems with a way to synchronize time for various
services and applications. ntpd version 4.2.7 and
- pervious versions allow attackers to overflow several
+ previous versions allow attackers to overflow several
buffers in a way that may allow malicious code to
be executed. ntp-keygen prior to version 4.2.7p230
also uses a non-cryptographic random number generator
@@ -45574,77 +52385,6 @@
</dates>
</vuln>
- <vuln vid="d2bbcc01-4ec3-11e4-ab3f-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <name>chromium-pulse</name> <!-- pcbsd only -->
- <range><lt>38.0.2125.101</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/2014/10/stable-channel-update.html">
- <p>159 security fixes in this release, including 113 found using
- MemorySanitizer:</p>
- <ul>
- <li>[416449] Critical CVE-2014-3188: A special thanks to Jüri Aedla
- for a combination of V8 and IPC bugs that can lead to remote code
- execution outside of the sandbox.</li>
- <li>[398384] High CVE-2014-3189: Out-of-bounds read in PDFium.
- Credit to cloudfuzzer.</li>
- <li>[400476] High CVE-2014-3190: Use-after-free in Events. Credit
- to cloudfuzzer.</li>
- <li>[402407] High CVE-2014-3191: Use-after-free in Rendering.
- Credit to cloudfuzzer.</li>
- <li>[403276] High CVE-2014-3192: Use-after-free in DOM. Credit to
- cloudfuzzer.</li>
- <li>[399655] High CVE-2014-3193: Type confusion in Session Management.
- Credit to miaubiz.</li>
- <li>[401115] High CVE-2014-3194: Use-after-free in Web Workers.
- Credit to Collin Payne.</li>
- <li>[403409] Medium CVE-2014-3195: Information Leak in V8. Credit
- to Jüri Aedla.</li>
- <li>[338538] Medium CVE-2014-3196: Permissions bypass in Windows
- Sandbox. Credit to James Forshaw.</li>
- <li>[396544] Medium CVE-2014-3197: Information Leak in XSS Auditor.
- Credit to Takeshi Terada.</li>
- <li>[415307] Medium CVE-2014-3198: Out-of-bounds read in PDFium.
- Credit to Atte Kettunen of OUSPG.</li>
- <li>[395411] Low CVE-2014-3199: Release Assert in V8 bindings.
- Credit to Collin Payne.</li>
- <li>[420899] CVE-2014-3200: Various fixes from internal audits,
- fuzzing and other initiatives (Chrome 38).</li>
- <li>Multiple vulnerabilities in V8 fixed at the tip of the 3.28
- branch (currently 3.28.71.15).</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2014-3188</cvename>
- <cvename>CVE-2014-3189</cvename>
- <cvename>CVE-2014-3190</cvename>
- <cvename>CVE-2014-3191</cvename>
- <cvename>CVE-2014-3192</cvename>
- <cvename>CVE-2014-3193</cvename>
- <cvename>CVE-2014-3194</cvename>
- <cvename>CVE-2014-3195</cvename>
- <cvename>CVE-2014-3196</cvename>
- <cvename>CVE-2014-3197</cvename>
- <cvename>CVE-2014-3198</cvename>
- <cvename>CVE-2014-3199</cvename>
- <cvename>CVE-2014-3200</cvename>
- <url>http://googlechromereleases.blogspot.nl/2014/10/stable-channel-update.html</url>
- </references>
- <dates>
- <discovery>2014-10-07</discovery>
- <entry>2014-10-08</entry>
- </dates>
- </vuln>
-
<vuln vid="b6587341-4d88-11e4-aef9-20cf30e32f6d">
<topic>Bugzilla multiple security issues</topic>
<affects>
@@ -45818,8 +52558,8 @@
limited amount of information exposure.</p>
<p>SECURITY-127 and SECURITY-128 are rated <strong>high</strong>. The
- formed can be used to further escalate privileges, and the latter
- results inloss of data.</p>
+ former can be used to further escalate privileges, and the latter
+ results in loss of data.</p>
<p>SECURITY-131 and SECURITY-138 is rated <strong>critical</strong>.
This vulnerabilities results in exposure of sensitie information
@@ -46124,34 +52864,6 @@
</dates>
</vuln>
- <vuln vid="bd2ef267-4485-11e4-b0b7-00262d5ed8ee">
- <topic>chromium -- RSA signature malleability in NSS</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>37.0.2062.124</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>[414124] RSA signature malleability in NSS (CVE-2014-1568).
- Thanks to Antoine Delignat-Lavaud of Prosecco/INRIA, Brian Smith
- and Advanced Threat Research team at Intel Security</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2014-1568</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2014-09-24</discovery>
- <entry>2014-09-25</entry>
- </dates>
- </vuln>
-
<vuln vid="fb25333d-442f-11e4-98f3-5453ed2e2b49">
<topic>krfb -- Multiple security issues in bundled libvncserver</topic>
<affects>
@@ -46447,39 +53159,6 @@
</dates>
</vuln>
- <vuln vid="36a415c8-3867-11e4-b522-00262d5ed8ee">
- <topic>www/chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>37.0.2062.120</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>4 security fixes in this release, including:</p>
- <ul>
- <li>[401362] High CVE-2014-3178: Use-after-free in rendering.
- Credit to miaubiz.</li>
- <li>[411014] CVE-2014-3179: Various fixes from internal audits,
- fuzzing and other initiatives.</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2014-3178</cvename>
- <cvename>CVE-2014-3179</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2014-09-09</discovery>
- <entry>2014-09-09</entry>
- </dates>
- </vuln>
-
<vuln vid="6318b303-3507-11e4-b76c-0011d823eebd">
<topic>trafficserver -- unspecified vulnerability</topic>
<affects>
@@ -46511,64 +53190,6 @@
</dates>
</vuln>
- <vuln vid="fd5f305d-2d3d-11e4-aa3d-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>37.0.2062.94</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>50 security fixes in this release, including:</p>
- <ul>
- <li>[386988] Critical CVE-2014-3176, CVE-2014-3177: A special reward
- to lokihardt at asrt for a combination of bugs in V8, IPC, sync, and
- extensions that can lead to remote code execution outside of the
- sandbox.</li>
- <li>[369860] High CVE-2014-3168: Use-after-free in SVG. Credit to
- cloudfuzzer.</li>
- <li>[387389] High CVE-2014-3169: Use-after-free in DOM. Credit to
- Andrzej Dyjak.</li>
- <li>[390624] High CVE-2014-3170: Extension permission dialog spoofing.
- Credit to Rob Wu.</li>
- <li>[390928] High CVE-2014-3171: Use-after-free in bindings. Credit to
- cloudfuzzer.</li>
- <li>[367567] Medium CVE-2014-3172: Issue related to extension debugging.
- Credit to Eli Grey.</li>
- <li>[376951] Medium CVE-2014-3173: Uninitialized memory read in WebGL.
- Credit to jmuizelaar.</li>
- <li>[389219] Medium CVE-2014-3174: Uninitialized memory read in Web
- Audio. Credit to Atte Kettunen from OUSPG.</li>
- <li>[406143] CVE-2014-3175: Various fixes from internal audits, fuzzing
- and other initiatives (Chrome 37).</li>
-
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2014-3168</cvename>
- <cvename>CVE-2014-3169</cvename>
- <cvename>CVE-2014-3170</cvename>
- <cvename>CVE-2014-3171</cvename>
- <cvename>CVE-2014-3172</cvename>
- <cvename>CVE-2014-3173</cvename>
- <cvename>CVE-2014-3174</cvename>
- <cvename>CVE-2014-3175</cvename>
- <cvename>CVE-2014-3176</cvename>
- <cvename>CVE-2014-3177</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2014-08-26</discovery>
- <entry>2014-08-26</entry>
- </dates>
- </vuln>
-
<vuln vid="84203724-296b-11e4-bebd-000c2980a9f3">
<topic>file -- buffer overruns and missing buffer size tests</topic>
<affects>
@@ -46760,42 +53381,6 @@
</dates>
</vuln>
- <vuln vid="df7754c0-2294-11e4-b505-000c6e25e3e9">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>36.0.1985.143</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl">
- <p>12 security fixes in this release, including</p>
- <ul>
- <li>[390174] High CVE-2014-3165: Use-after-free in web sockets.
- Credit to Collin Payne.</li>
- <li>[398925] High CVE-2014-3166: Information disclosure in SPDY.
- Credit to Antoine Delignat-Lavaud.</li>
- <li>[400950] CVE-2014-3167: Various fixes from internal audits,
- fuzzing and other initiatives.</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2014-3165</cvename>
- <cvename>CVE-2014-3166</cvename>
- <cvename>CVE-2014-3167</cvename>
- <url>http://googlechromereleases.blogspot.nl</url>
- </references>
- <dates>
- <discovery>2014-08-12</discovery>
- <entry>2014-08-13</entry>
- </dates>
- </vuln>
-
<vuln vid="69048656-2187-11e4-802c-20cf30e32f6d">
<topic>serf -- SSL Certificate Null Byte Poisoning</topic>
<affects>
@@ -47590,39 +54175,6 @@
</dates>
</vuln>
- <vuln vid="3718833e-0d27-11e4-89db-000c6e25e3e9">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>36.0.1985.125</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl">
- <p>26 security fixes in this release, including</p>
- <ul>
- <li>[380885] Medium CVE-2014-3160: Same-Origin-Policy bypass in SVG. Credit
- to Christian Schneider.</li>
- <li>[393765] CVE-2014-3162: Various fixes from internal audits, fuzzing and
- other initiatives.</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2014-3160</cvename>
- <cvename>CVE-2014-3162</cvename>
- <url>http://googlechromereleases.blogspot.nl</url>
- </references>
- <dates>
- <discovery>2014-07-16</discovery>
- <entry>2014-07-16</entry>
- </dates>
- </vuln>
-
<vuln vid="4a114331-0d24-11e4-8dd2-5453ed2e2b49">
<topic>kdelibs4 -- KMail/KIO POP3 SSL Man-in-the-middle Flaw</topic>
<affects>
@@ -48051,44 +54603,6 @@
</dates>
</vuln>
- <vuln vid="0b0fb9b0-f0fb-11e3-9bcd-000c6e25e3e9">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>35.0.1916.153</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl">
- <p>4 security fixes in this release, including:</p>
- <ul>
- <li>[369525] High CVE-2014-3154: Use-after-free in filesystem api. Credit
- to Collin Payne.</li>
- <li>[369539] High CVE-2014-3155: Out-if-bounds read in SPDY. Credit
- to James March, Daniel Sommermann and Alan Frindell of Facebook.</li>
- <li>[369621] Medium CVE-2014-3156: Buffer overflow in clipboard. Credit
- to Atte Kettunen of OUSPG.</li>
- <li>[368980] CVE-2014-3157: Heap overflow in media.</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2014-3154</cvename>
- <cvename>CVE-2014-3155</cvename>
- <cvename>CVE-2014-3156</cvename>
- <cvename>CVE-2014-3157</cvename>
- <url>http://googlechromereleases.blogspot.nl</url>
- </references>
- <dates>
- <discovery>2014-06-10</discovery>
- <entry>2014-06-10</entry>
- </dates>
- </vuln>
-
<vuln vid="888a0262-f0d9-11e3-ba0c-b4b52fce4ce8">
<topic>mozilla -- multiple vulnerabilities</topic>
<affects>
@@ -48415,93 +54929,6 @@
</dates>
</vuln>
- <vuln vid="64f3872b-e05d-11e3-9dd4-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>35.0.1916.114</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>23 security fixes in this release, including:</p>
- <ul>
- <li>[356653] High CVE-2014-1743: Use-after-free in styles. Credit
- to cloudfuzzer.</li>
- <li>[359454] High CVE-2014-1744: Integer overflow in audio. Credit
- to Aaron Staple.</li>
- <li>[346192] High CVE-2014-1745: Use-after-free in SVG. Credit to
- Atte Kettunen of OUSPG.</li>
- <li>[364065] Medium CVE-2014-1746: Out-of-bounds read in media
- filters. Credit to Holger Fuhrmannek.</li>
- <li>[330663] Medium CVE-2014-1747: UXSS with local MHTML file.
- Credit to packagesu.</li>
- <li>[331168] Medium CVE-2014-1748: UI spoofing with scrollbar.
- Credit to Jordan Milne.</li>
- <li>[374649] CVE-2014-1749: Various fixes from internal audits,
- fuzzing and other initiatives.</li>
- <li>[358057] CVE-2014-3152: Integer underflow in V8 fixed in
- version 3.25.28.16.</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2014-1743</cvename>
- <cvename>CVE-2014-1744</cvename>
- <cvename>CVE-2014-1745</cvename>
- <cvename>CVE-2014-1746</cvename>
- <cvename>CVE-2014-1747</cvename>
- <cvename>CVE-2014-1748</cvename>
- <cvename>CVE-2014-1749</cvename>
- <cvename>CVE-2014-3152</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2014-05-20</discovery>
- <entry>2014-05-20</entry>
- </dates>
- </vuln>
-
- <vuln vid="cdf450fc-db52-11e3-a9fc-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>34.0.1847.137</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>3 security fixes in this release:</p>
- <ul>
- <li>[358038] High CVE-2014-1740: Use-after-free in WebSockets.
- Credit to Collin Payne.</li>
- <li>[349898] High CVE-2014-1741: Integer overflow in DOM ranges.
- Credit to John Butler.</li>
- <li>[356690] High CVE-2014-1742: Use-after-free in editing. Credit
- to cloudfuzzer.</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2014-1740</cvename>
- <cvename>CVE-2014-1741</cvename>
- <cvename>CVE-2014-1742</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2014-05-13</discovery>
- <entry>2014-05-14</entry>
- </dates>
- </vuln>
-
<vuln vid="b060ee50-daba-11e3-99f2-bcaec565249c">
<topic>libXfont -- X Font Service Protocol and Font metadata file handling issues</topic>
<affects>
@@ -48766,54 +55193,6 @@
</dates>
</vuln>
- <vuln vid="7cf25a0c-d031-11e3-947b-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>34.0.1847.132</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports (belatedly):</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>9 security fixes in this release, including:</p>
- <ul>
- <li>[354967] High CVE-2014-1730: Type confusion in V8. Credit to
- Anonymous.</li>
- <li>[349903] High CVE-2014-1731: Type confusion in DOM. Credit to
- John Butler.</li>
- <li>[359802] High CVE-2014-1736: Integer overflow in V8. Credit to
- SkyLined working with HP's Zero Day Initiative.</li>
- <li>[352851] Medium CVE-2014-1732: Use-after-free in Speech
- Recognition. Credit to Khalil Zhani.</li>
- <li>[351103] Medium CVE-2014-1733: Compiler bug in Seccomp-BPF.
- Credit to Jed Davis.</li>
- <li>[367314] CVE-2014-1734: Various fixes from internal audits,
- fuzzing and other initiatives.</li>
- <li>[359130, 359525, 360429] CVE-2014-1735: Multiple
- vulnerabilities in V8 fixed in version 3.24.35.33.</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2014-1730</cvename>
- <cvename>CVE-2014-1731</cvename>
- <cvename>CVE-2014-1732</cvename>
- <cvename>CVE-2014-1733</cvename>
- <cvename>CVE-2014-1734</cvename>
- <cvename>CVE-2014-1735</cvename>
- <cvename>CVE-2014-1736</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2014-04-24</discovery>
- <entry>2014-04-30</entry>
- </dates>
- </vuln>
-
<vuln vid="985d4d6c-cfbd-11e3-a003-b4b52fce4ce8">
<topic>mozilla -- multiple vulnerabilities</topic>
<affects>
@@ -49419,76 +55798,6 @@
</dates>
</vuln>
- <vuln vid="963413a5-bf50-11e3-a2d6-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>34.0.1847.116</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>31 vulnerabilities fixed in this release, including:</p>
- <ul>
- <li>[354123] High CVE-2014-1716: UXSS in V8. Credit to
- Anonymous.</li>
- <li>[353004] High CVE-2014-1717: OOB access in V8. Credit to
- Anonymous.</li>
- <li>[348332] High CVE-2014-1718: Integer overflow in compositor.
- Credit to Aaron Staple.</li>
- <li>[343661] High CVE-2014-1719: Use-after-free in web workers.
- Credit to Collin Payne.</li>
- <li>[356095] High CVE-2014-1720: Use-after-free in DOM. Credit to
- cloudfuzzer.</li>
- <li>[350434] High CVE-2014-1721: Memory corruption in V8. Credit to
- Christian Holler.</li>
- <li>[330626] High CVE-2014-1722: Use-after-free in rendering.
- Credit to miaubiz.</li>
- <li>[337746] High CVE-2014-1723: Url confusion with RTL characters.
- Credit to George McBay.</li>
- <li>[327295] High CVE-2014-1724: Use-after-free in speech. Credit
- to Atte Kettunen of OUSPG.</li>
- <li>[357332] Medium CVE-2014-1725: OOB read with window property.
- Credit to Anonymous</li>
- <li>[346135] Medium CVE-2014-1726: Local cross-origin bypass.
- Credit to Jann Horn.</li>
- <li>[342735] Medium CVE-2014-1727: Use-after-free in forms. Credit
- to Khalil Zhani.</li>
- <li>[360298] CVE-2014-1728: Various fixes from internal audits,
- fuzzing and other initiatives.</li>
- <li>[345820, 347262, 348319, 350863, 352982, 355586, 358059]
- CVE-2014-1729: Multiple vulnerabilities in V8 fixed in version
- 3.24.35.22.</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2014-1716</cvename>
- <cvename>CVE-2014-1717</cvename>
- <cvename>CVE-2014-1718</cvename>
- <cvename>CVE-2014-1719</cvename>
- <cvename>CVE-2014-1720</cvename>
- <cvename>CVE-2014-1721</cvename>
- <cvename>CVE-2014-1722</cvename>
- <cvename>CVE-2014-1723</cvename>
- <cvename>CVE-2014-1724</cvename>
- <cvename>CVE-2014-1725</cvename>
- <cvename>CVE-2014-1726</cvename>
- <cvename>CVE-2014-1727</cvename>
- <cvename>CVE-2014-1728</cvename>
- <cvename>CVE-2014-1729</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2014-04-08</discovery>
- <entry>2014-04-08</entry>
- </dates>
- </vuln>
-
<vuln vid="5631ae98-be9e-11e3-b5e3-c80aa9043978">
<topic>OpenSSL -- Remote Information Disclosure</topic>
<affects>
@@ -49982,51 +56291,6 @@
</dates>
</vuln>
- <vuln vid="a70966a1-ac22-11e3-8d04-00262d5ed8ee">
- <topic>www/chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>33.0.1750.152</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>New vulnerabilities after the Pwn2Own competition:</p>
- <ul>
- <li>[352369] Code execution outside sandbox. Credit to VUPEN.
- <ul>
- <li>[352374] High CVE-2014-1713: Use-after-free in Blink
- bindings</li>
- <li>[352395] High CVE-2014-1714: Windows clipboard
- vulnerability</li>
- </ul>
- </li>
- <li> [352420] Code execution outside sandbox. Credit to Anonymous.
- <ul>
- <li>[351787] High CVE-2014-1705: Memory corruption in V8</li>
- <li>[352429] High CVE-2014-1715: Directory traversal issue</li>
- </ul>
- </li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2014-1705</cvename>
- <cvename>CVE-2014-1713</cvename>
- <cvename>CVE-2014-1714</cvename>
- <cvename>CVE-2014-1715</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2014-03-14</discovery>
- <entry>2014-03-15</entry>
- </dates>
- </vuln>
-
<vuln vid="eb426e82-ab68-11e3-9d09-000c2980a9f3">
<topic>mutt -- denial of service, potential remote code execution</topic>
<affects>
@@ -50187,48 +56451,6 @@
</dates>
</vuln>
- <vuln vid="24cefa4b-a940-11e3-91f2-00262d5ed8ee">
- <topic>www/chromium --multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>33.0.1750.149</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>7 vulnerabilities fixed in this release, including:</p>
- <ul>
- <li>[344881] High CVE-2014-1700: Use-after-free in speech. Credit
- to Chamal de Silva.</li>
- <li>[342618] High CVE-2014-1701: UXSS in events. Credit to
- aidanhs.</li>
- <li>[333058] High CVE-2014-1702: Use-after-free in web database.
- Credit to Collin Payne.</li>
- <li>[338354] High CVE-2014-1703: Potential sandbox escape due to a
- use-after-free in web sockets.</li>
- <li>[328202, 349079, 345715] CVE-2014-1704: Multiple
- vulnerabilities in V8 fixed in version 3.23.17.18.</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2014-1700</cvename>
- <cvename>CVE-2014-1701</cvename>
- <cvename>CVE-2014-1702</cvename>
- <cvename>CVE-2014-1703</cvename>
- <cvename>CVE-2014-1704</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2014-03-11</discovery>
- <entry>2014-03-11</entry>
- </dates>
- </vuln>
-
<vuln vid="1a0de610-a761-11e3-95fe-bcaec565249c">
<topic>freetype2 -- Out of bounds read/write</topic>
<affects>
@@ -50333,51 +56555,6 @@
</dates>
</vuln>
- <vuln vid="b4023753-a4ba-11e3-bec2-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>33.0.1750.146</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>19 vulnerabilities fixed in this release, including:</p>
- <ul>
- <li>[344492] High CVE-2013-6663: Use-after-free in svg images.
- Credit to Atte Kettunen of OUSPG.</li>
- <li>[326854] High CVE-2013-6664: Use-after-free in speech
- recognition. Credit to Khalil Zhani.</li>
- <li>[337882] High CVE-2013-6665: Heap buffer overflow in software
- rendering. Credit to cloudfuzzer.</li>
- <li>[332023] Medium CVE-2013-6666: Chrome allows requests in flash
- header request. Credit to netfuzzerr.</li>
- <li>[348175] CVE-2013-6667: Various fixes from internal audits,
- fuzzing and other initiatives.</li>
- <li>[343964, 344186, 347909] CVE-2013-6668: Multiple
- vulnerabilities in V8 fixed in version 3.24.35.10.</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2013-6663</cvename>
- <cvename>CVE-2013-6664</cvename>
- <cvename>CVE-2013-6665</cvename>
- <cvename>CVE-2013-6666</cvename>
- <cvename>CVE-2013-6667</cvename>
- <cvename>CVE-2013-6668</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2014-03-03</discovery>
- <entry>2014-03-05</entry>
- </dates>
- </vuln>
-
<vuln vid="f645aa90-a3e8-11e3-a422-3c970e169bc2">
<topic>gnutls -- multiple certificate verification issues</topic>
<affects>
@@ -50582,66 +56759,6 @@
</dates>
</vuln>
- <vuln vid="9dd47fa3-9d53-11e3-b20f-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>33.0.1750.117</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>28 security fixes in this release, including:</p>
- <ul>
- <li>[334897] High CVE-2013-6652: Issue with relative paths in
- Windows sandbox named pipe policy. Credit to tyranid.</li>
- <li>[331790] High CVE-2013-6653: Use-after-free related to web
- contents. Credit to Khalil Zhani.</li>
- <li>[333176] High CVE-2013-6654: Bad cast in SVG. Credit to
- TheShow3511.</li>
- <li>[293534] High CVE-2013-6655: Use-after-free in layout. Credit
- to cloudfuzzer.</li>
- <li>[331725] High CVE-2013-6656: Information leak in XSS auditor.
- Credit to NeexEmil.</li>
- <li>[331060] Medium CVE-2013-6657: Information leak in XSS auditor.
- Credit to NeexEmil.</li>
- <li>[322891] Medium CVE-2013-6658: Use-after-free in layout. Credit
- to cloudfuzzer.</li>
- <li>[306959] Medium CVE-2013-6659: Issue with certificates
- validation in TLS handshake. Credit to Antoine Delignat-Lavaud
- and Karthikeyan Bhargavan from Prosecco, Inria Paris.</li>
- <li>[332579] Low CVE-2013-6660: Information leak in drag and drop.
- Credit to bishopjeffreys.</li>
- <li>[344876] Low-High CVE-2013-6661: Various fixes from internal
- audits, fuzzing and other initiatives. Of these, seven are fixes
- for issues that could have allowed for sandbox escapes from
- compromised renderers.</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2013-6652</cvename>
- <cvename>CVE-2013-6653</cvename>
- <cvename>CVE-2013-6654</cvename>
- <cvename>CVE-2013-6655</cvename>
- <cvename>CVE-2013-6656</cvename>
- <cvename>CVE-2013-6657</cvename>
- <cvename>CVE-2013-6658</cvename>
- <cvename>CVE-2013-6659</cvename>
- <cvename>CVE-2013-6660</cvename>
- <cvename>CVE-2013-6661</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2014-02-20</discovery>
- <entry>2014-02-24</entry>
- </dates>
- </vuln>
-
<vuln vid="42d42090-9a4d-11e3-b029-08002798f6ff">
<topic>PostgreSQL -- multiple privilege issues</topic>
<affects>
@@ -51164,40 +57281,6 @@
<cancelled superseded="c7b5d72b-886a-11e3-9533-60a44c524f57"/>
</vuln>
- <vuln vid="f9810c43-87a5-11e3-9214-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>32.0.1700.102</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>14 security fixes in this release, including:</p>
- <ul>
- <li>[330420] High CVE-2013-6649: Use-after-free in SVG images.
- Credit to Atte Kettunen of OUSPG.</li>
- <li>[331444] High CVE-2013-6650: Memory corruption in V8. This
- issue was fixed in v8 version 3.22.24.16. Credit to Christian
- Holler.</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2013-6649</cvename>
- <cvename>CVE-2013-6650</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2014-01-27</discovery>
- <entry>2014-01-27</entry>
- </dates>
- </vuln>
-
<vuln vid="d1dfc4c7-8791-11e3-a371-6805ca0b3d42">
<topic>rt42 -- denial-of-service attack via the email gateway</topic>
<affects>
@@ -51422,51 +57505,6 @@
</dates>
</vuln>
- <vuln vid="5acf4638-7e2c-11e3-9fba-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>32.0.1700.77</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>11 security fixes in this release, including:</p>
- <ul>
- <li>[249502] High CVE-2013-6646: Use-after-free in web workers.
- Credit to Collin Payne.</li>
- <li>[326854] High CVE-2013-6641: Use-after-free related to forms.
- Credit to Atte Kettunen of OUSPG.</li>
- <li>[324969] High CVE-2013-6642: Address bar spoofing in Chrome for
- Android. Credit to lpilorz.</li>
- <li>[321940] High CVE-2013-6643: Unprompted sync with an attacker’s
- Google account. Credit to Joao Lucas Melo Brasio.</li>
- <li>[318791] Medium CVE-2013-6645 Use-after-free related to speech
- input elements. Credit to Khalil Zhani.</li>
- <li>[333036] CVE-2013-6644: Various fixes from internal audits,
- fuzzing and other initiatives.</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2013-6641</cvename>
- <cvename>CVE-2013-6642</cvename>
- <cvename>CVE-2013-6643</cvename>
- <cvename>CVE-2013-6644</cvename>
- <cvename>CVE-2013-6645</cvename>
- <cvename>CVE-2013-6646</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2014-01-14</discovery>
- <entry>2014-01-15</entry>
- </dates>
- </vuln>
-
<vuln vid="3d95c9a7-7d5c-11e3-a8c1-206a8a720317">
<topic>ntpd DRDoS / Amplification Attack using ntpdc monlist command</topic>
<affects>
@@ -52222,57 +58260,6 @@
</dates>
</vuln>
- <vuln vid="79356040-5da4-11e3-829e-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>31.0.1650.63</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>15 security fixes in this release, including:</p>
- <ul>
- <li>[307159] Medium CVE-2013-6634: Session fixation in sync related
- to 302 redirects. Credit to Andrey Labunets.</li>
- <li>[314469] High CVE-2013-6635: Use-after-free in editing. Credit
- to cloudfuzzer.</li>
- <li>[322959] Medium CVE-2013-6636: Address bar spoofing related to
- modal dialogs. Credit to Bas Venis.</li>
- <li>[325501] CVE-2013-6637: Various fixes from internal audits,
- fuzzing and other initiatives.</li>
- <li>[319722] Medium CVE-2013-6638: Buffer overflow in v8. This
- issue was fixed in v8 version 3.22.24.7. Credit to Jakob Kummerow
- of the Chromium project.</li>
- <li>[319835] High CVE-2013-6639: Out of bounds write in v8. This
- issue was fixed in v8 version 3.22.24.7. Credit to Jakob Kummerow
- of the Chromium project.</li>
- <li>[319860] Medium CVE-2013-6640: Out of bounds read in v8. This
- issue was fixed in v8 version 3.22.24.7. Credit to Jakob Kummerow
- of the Chromium project.</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2013-6634</cvename>
- <cvename>CVE-2013-6635</cvename>
- <cvename>CVE-2013-6636</cvename>
- <cvename>CVE-2013-6637</cvename>
- <cvename>CVE-2013-6638</cvename>
- <cvename>CVE-2013-6639</cvename>
- <cvename>CVE-2013-6640</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2013-12-04</discovery>
- <entry>2013-12-05</entry>
- </dates>
- </vuln>
-
<vuln vid="4158c57e-5d39-11e3-bc1e-6cf0490a8c18">
<topic>Joomla! -- Core XSS Vulnerabilities</topic>
<affects>
@@ -52637,33 +58624,6 @@
</dates>
</vuln>
- <vuln vid="e62ab2af-4df4-11e3-b0cf-00262d5ed8ee">
- <topic>chromium -- multiple memory corruption issues</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>31.0.1650.57</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>[319117] [319125] Critical CVE-2013-6632: Multiple memory
- corruption issues. Credit to Pinkie Pie.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2013-6632</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2013-11-14</discovery>
- <entry>2013-11-15</entry>
- </dates>
- </vuln>
-
<vuln vid="adcbdba2-4c27-11e3-9848-98fc11cdc4f5">
<topic>linux-flashplugin -- multiple vulnerabilities</topic>
<affects>
@@ -52692,69 +58652,6 @@
</dates>
</vuln>
- <vuln vid="3bfc7016-4bcc-11e3-b0cf-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>31.0.1650.48</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>25 security fixes in this release, including:</p>
- <ul>
- <li>[268565] Medium CVE-2013-6621: Use after free related to speech input elements.
- Credit to Khalil Zhani.</li>
- <li>[272786] High CVE-2013-6622: Use after free related to media elements. Credit
- to cloudfuzzer.</li>
- <li>[282925] High CVE-2013-6623: Out of bounds read in SVG. Credit to miaubiz.</li>
- <li>[290566] High CVE-2013-6624: Use after free related to “id” attribute strings.
- Credit to Jon Butler.</li>
- <li>[295010] High CVE-2013-6625: Use after free in DOM ranges. Credit to
- cloudfuzzer.</li>
- <li>[295695] Low CVE-2013-6626: Address bar spoofing related to interstitial
- warnings. Credit to Chamal de Silva.</li>
- <li>[299892] High CVE-2013-6627: Out of bounds read in HTTP parsing. Credit to
- skylined.</li>
- <li>[306959] Medium CVE-2013-6628: Issue with certificates not being checked
- during TLS renegotiation. Credit to Antoine Delignat-Lavaud and Karthikeyan
- Bhargavan from Prosecco of INRIA Paris.</li>
- <li>[315823] Medium-Critical CVE-2013-2931: Various fixes from internal audits,
- fuzzing and other initiatives.</li>
- <li>[258723] Medium CVE-2013-6629: Read of uninitialized memory in libjpeg and
- libjpeg-turbo. Credit to Michal Zalewski of Google.</li>
- <li>[299835] Medium CVE-2013-6630: Read of uninitialized memory in libjpeg-turbo.
- Credit to Michal Zalewski of Google.</li>
- <li>[296804] High CVE-2013-6631: Use after free in libjingle. Credit to Patrik
- Höglund of the Chromium project.</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2013-2931</cvename>
- <cvename>CVE-2013-6621</cvename>
- <cvename>CVE-2013-6622</cvename>
- <cvename>CVE-2013-6623</cvename>
- <cvename>CVE-2013-6624</cvename>
- <cvename>CVE-2013-6625</cvename>
- <cvename>CVE-2013-6626</cvename>
- <cvename>CVE-2013-6627</cvename>
- <cvename>CVE-2013-6628</cvename>
- <cvename>CVE-2013-6629</cvename>
- <cvename>CVE-2013-6630</cvename>
- <cvename>CVE-2013-6631</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2013-11-12</discovery>
- <entry>2013-11-12</entry>
- </dates>
- </vuln>
-
<vuln vid="5709d244-4873-11e3-8a46-000d601460a4">
<topic>OpenSSH -- Memory corruption in sshd</topic>
<affects>
@@ -53240,45 +59137,6 @@
</dates>
</vuln>
- <vuln vid="710cd5d5-35cb-11e3-85f9-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>30.0.1599.101</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>5 security fixes in this release, including:</p>
- <ul>
- <li>[292422] High CVE-2013-2925: Use after free in XHR. Credit to
- Atte Kettunen of OUSPG.</li>
- <li>[294456] High CVE-2013-2926: Use after free in editing. Credit
- to cloudfuzzer.</li>
- <li>[297478] High CVE-2013-2927: Use after free in forms. Credit
- to cloudfuzzer.</li>
- <li>[305790] High CVE-2013-2928: Various fixes from internal
- audits, fuzzing and other initiatives.</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2013-2925</cvename>
- <cvename>CVE-2013-2926</cvename>
- <cvename>CVE-2013-2927</cvename>
- <cvename>CVE-2013-2928</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2013-10-15</discovery>
- <entry>2013-10-15</entry>
- </dates>
- </vuln>
-
<vuln vid="9003b500-31e3-11e3-b0d0-20cf30e32f6d">
<topic>mod_fcgid -- possible heap buffer overwrite</topic>
<affects>
@@ -53403,94 +59261,6 @@
</dates>
</vuln>
- <vuln vid="e5414d0c-2ade-11e3-821d-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>30.0.1599.66</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>50 security fixes in this release, including:</p>
- <ul>
- <li>[223962][270758][271161][284785][284786] Medium CVE-2013-2906:
- Races in Web Audio. Credit to Atte Kettunen of OUSPG.</li>
- <li>[260667] Medium CVE-2013-2907: Out of bounds read in
- Window.prototype object. Credit to Boris Zbarsky.</li>
- <li>[265221] Medium CVE-2013-2908: Address bar spoofing related to
- the “204 No Content” status code. Credit to Chamal de Silva.</li>
- <li>[265838][279277] High CVE-2013-2909: Use after free in
- inline-block rendering. Credit to Atte Kettunen of OUSPG.</li>
- <li>[269753] Medium CVE-2013-2910: Use-after-free in Web Audio.
- Credit to Byoungyoung Lee of Georgia Tech Information Security
- Center (GTISC).</li>
- <li>[271939] High CVE-2013-2911: Use-after-free in XSLT. Credit to
- Atte Kettunen of OUSPG.</li>
- <li>[276368] High CVE-2013-2912: Use-after-free in PPAPI. Credit to
- Chamal de Silva and 41.w4r10r(at)garage4hackers.com.</li>
- <li>[278908] High CVE-2013-2913: Use-after-free in XML document
- parsing. Credit to cloudfuzzer.</li>
- <li>[279263] High CVE-2013-2914: Use after free in the Windows
- color chooser dialog. Credit to Khalil Zhani.</li>
- <li>[280512] Low CVE-2013-2915: Address bar spoofing via a
- malformed scheme. Credit to Wander Groeneveld. </li>
- <li>[281256] High CVE-2013-2916: Address bar spoofing related to
- the “204 No Content” status code. Credit to Masato Kinugawa.</li>
- <li>[281480] Medium CVE-2013-2917: Out of bounds read in Web Audio.
- Credit to Byoungyoung Lee and Tielei Wang of Georgia Tech
- Information Security Center (GTISC).</li>
- <li>[282088] High CVE-2013-2918: Use-after-free in DOM. Credit to
- Byoungyoung Lee of Georgia Tech Information Security Center
- (GTISC).</li>
- <li>[282736] High CVE-2013-2919: Memory corruption in V8. Credit to
- Adam Haile of Concrete Data.</li>
- <li>[285742] Medium CVE-2013-2920: Out of bounds read in URL
- parsing. Credit to Atte Kettunen of OUSPG.</li>
- <li>[286414] High CVE-2013-2921: Use-after-free in resource loader.
- Credit to Byoungyoung Lee and Tielei Wang of Georgia Tech
- Information Security Center (GTISC).</li>
- <li>[286975] High CVE-2013-2922: Use-after-free in template
- element. Credit to Jon Butler.</li>
- <li>[299016] CVE-2013-2923: Various fixes from internal audits,
- fuzzing and other initiatives (Chrome 30).</li>
- <li>[275803] Medium CVE-2013-2924: Use-after-free in ICU. Upstream
- bug here.</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2013-2906</cvename>
- <cvename>CVE-2013-2907</cvename>
- <cvename>CVE-2013-2908</cvename>
- <cvename>CVE-2013-2909</cvename>
- <cvename>CVE-2013-2910</cvename>
- <cvename>CVE-2013-2911</cvename>
- <cvename>CVE-2013-2912</cvename>
- <cvename>CVE-2013-2913</cvename>
- <cvename>CVE-2013-2914</cvename>
- <cvename>CVE-2013-2915</cvename>
- <cvename>CVE-2013-2916</cvename>
- <cvename>CVE-2013-2917</cvename>
- <cvename>CVE-2013-2918</cvename>
- <cvename>CVE-2013-2919</cvename>
- <cvename>CVE-2013-2920</cvename>
- <cvename>CVE-2013-2921</cvename>
- <cvename>CVE-2013-2922</cvename>
- <cvename>CVE-2013-2923</cvename>
- <cvename>CVE-2013-2924</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2013-10-01</discovery>
- <entry>2013-10-01</entry>
- </dates>
- </vuln>
-
<vuln vid="e1f99d59-81aa-4662-bf62-c1076f5016c8">
<topic>py-graphite-web -- Multiple vulnerabilities</topic>
<affects>
@@ -53953,55 +59723,6 @@
</dates>
</vuln>
- <vuln vid="ae651a4b-0a42-11e3-ba52-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>29.0.1547.57</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>25 security fixes in this release, including:</p>
- <ul>
- <li>[181617] High CVE-2013-2900: Incomplete path sanitization in
- file handling. Credit to Krystian Bigaj.</li>
- <li> [254159] Low CVE-2013-2905: Information leak via overly broad
- permissions on shared memory files. Credit to Christian
- Jaeger.</li>
- <li>[257363] High CVE-2013-2901: Integer overflow in ANGLE. Credit
- to Alex Chapman.</li>
- <li>[260105] High CVE-2013-2902: Use after free in XSLT. Credit to
- cloudfuzzer.</li>
- <li>[260156] High CVE-2013-2903: Use after free in media element.
- Credit to cloudfuzzer.</li>
- <li>[260428] High CVE-2013-2904: Use after free in document
- parsing. Credit to cloudfuzzer.</li>
- <li>[274602] CVE-2013-2887: Various fixes from internal audits,
- fuzzing and other initiatives (Chrome 29).</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2013-2887</cvename>
- <cvename>CVE-2013-2900</cvename>
- <cvename>CVE-2013-2901</cvename>
- <cvename>CVE-2013-2902</cvename>
- <cvename>CVE-2013-2903</cvename>
- <cvename>CVE-2013-2904</cvename>
- <cvename>CVE-2013-2905</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2013-08-20</discovery>
- <entry>2013-08-21</entry>
- </dates>
- </vuln>
-
<vuln vid="4d087b35-0990-11e3-a9f4-bcaec565249c">
<topic>gstreamer-ffmpeg -- Multiple vulnerabilities in bundled libav</topic>
<affects>
@@ -54465,49 +60186,6 @@
</dates>
</vuln>
- <vuln vid="69098c5c-fc4b-11e2-8ad0-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>28.0.1500.95</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>Eleven vulnerabilities, including:</p>
- <p>[257748] Medium CVE-2013-2881: Origin bypass in frame handling.
- Credit to Karthik Bhargavan.</p>
- <p>[260106] High CVE-2013-2882: Type confusion in V8. Credit to
- Cloudfuzzer.</p>
- <p>[260165] High CVE-2013-2883: Use-after-free in MutationObserver.
- Credit to Cloudfuzzer.</p>
- <p>[248950] High CVE-2013-2884: Use-after-free in DOM. Credit to Ivan
- Fratric of Google Security Team.</p>
- <p>[249640] [257353] High CVE-2013-2885: Use-after-free in input
- handling. Credit to Ivan Fratric of Google Security Team.</p>
- <p>[261701] High CVE-2013-2886: Various fixes from internal audits,
- fuzzing and other initiatives.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2013-2881</cvename>
- <cvename>CVE-2013-2882</cvename>
- <cvename>CVE-2013-2883</cvename>
- <cvename>CVE-2013-2884</cvename>
- <cvename>CVE-2013-2885</cvename>
- <cvename>CVE-2013-2886</cvename>
- <url>http://www.googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2013-07-30</discovery>
- <entry>2013-08-03</entry>
- </dates>
- </vuln>
-
<vuln vid="f4a0212f-f797-11e2-9bb9-6805ca0b3d42">
<topic>phpMyAdmin -- multiple vulnerabilities</topic>
<affects>
@@ -55182,75 +60860,6 @@
</dates>
</vuln>
- <vuln vid="3b80104f-e96c-11e2-8bac-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>28.0.1500.71</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>A special reward for Andrey Labunets for his combination of
- CVE-2013-2879 and CVE-2013-2868 along with some (since fixed)
- server-side bugs.</p>
- <p>[252216] Low CVE-2013-2867: Block pop-unders in various
- scenarios.</p>
- <p>[252062] High CVE-2013-2879: Confusion setting up sign-in and sync.
- Credit to Andrey Labunets.</p>
- <p>[252034] Medium CVE-2013-2868: Incorrect sync of NPAPI extension
- component. Credit to Andrey Labunets.</p>
- <p>[245153] Medium CVE-2013-2869: Out-of-bounds read in JPEG2000
- handling. Credit to Felix Groebert of Google Security Team.</p>
- <p>[244746] [242762] Critical CVE-2013-2870: Use-after-free with
- network sockets. Credit to Collin Payne.</p>
- <p>[244260] Medium CVE-2013-2853: Man-in-the-middle attack against
- HTTP in SSL. Credit to Antoine Delignat-Lavaud and Karthikeyan
- Bhargavan from Prosecco at INRIA Paris.</p>
- <p>[243991] [243818] High CVE-2013-2871: Use-after-free in input
- handling. Credit to miaubiz.</p>
- <p>[Mac only] [242702] Low CVE-2013-2872: Possible lack of entropy in
- renderers. Credit to Eric Rescorla.</p>
- <p>[241139] High CVE-2013-2873: Use-after-free in resource loading.
- Credit to miaubiz.</p>
- <p>[233848] Medium CVE-2013-2875: Out-of-bounds-read in SVG. Credit
- to miaubiz.</p>
- <p>[229504] Medium CVE-2013-2876: Extensions permissions confusion
- with interstitials. Credit to Dev Akhawe.</p>
- <p>[229019] Low CVE-2013-2877: Out-of-bounds read in XML parsing.
- Credit to Aki Helin of OUSPG.</p>
- <p>[196636] None: Remove the "viewsource" attribute on iframes.
- Credit to Collin Jackson.</p>
- <p>[177197] Medium CVE-2013-2878: Out-of-bounds read in text
- handling. Credit to Atte Kettunen of OUSPG.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2013-2853</cvename>
- <cvename>CVE-2013-2867</cvename>
- <cvename>CVE-2013-2868</cvename>
- <cvename>CVE-2013-2869</cvename>
- <cvename>CVE-2013-2870</cvename>
- <cvename>CVE-2013-2871</cvename>
- <cvename>CVE-2013-2872</cvename>
- <cvename>CVE-2013-2873</cvename>
- <cvename>CVE-2013-2875</cvename>
- <cvename>CVE-2013-2876</cvename>
- <cvename>CVE-2013-2877</cvename>
- <cvename>CVE-2013-2878</cvename>
- <cvename>CVE-2013-2879</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2013-07-09</discovery>
- <entry>2013-07-10</entry>
- </dates>
- </vuln>
-
<vuln vid="f3d24aee-e5ad-11e2-b183-20cf30e32f6d">
<topic>apache22 -- several vulnerabilities</topic>
<affects>
@@ -55923,65 +61532,6 @@
</dates>
</vuln>
- <vuln vid="4865d189-cd62-11e2-ae11-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>27.0.1453.110</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>[242322] Medium CVE-2013-2855: Memory corruption in dev tools API.
- Credit to "daniel.zulla".</p>
- <p>[242224] High CVE-2013-2856: Use-after-free in input handling.
- Credit to miaubiz.</p>
- <p>[240124] High CVE-2013-2857: Use-after-free in image handling.
- Credit to miaubiz.</p>
- <p>[239897] High CVE-2013-2858: Use-after-free in HTML5 Audio. Credit
- to "cdel921".</p>
- <p>[237022] High CVE-2013-2859: Cross-origin namespace pollution.
- to "bobbyholley".</p>
- <p>[225546] High CVE-2013-2860: Use-after-free with workers accessing
- database APIs. Credit to Collin Payne.</p>
- <p>[209604] High CVE-2013-2861: Use-after-free with SVG. Credit to
- miaubiz.</p>
- <p>[161077] High CVE-2013-2862: Memory corruption in Skia GPU
- handling. Credit to Atte Kettunen of OUSPG.</p>
- <p>[232633] Critical CVE-2013-2863: Memory corruption in SSL socket
- handling. Credit to Sebastian Marchand of the Chromium development
- community.</p>
- <p>[239134] High CVE-2013-2864: Bad free in PDF viewer. Credit to
- Mateusz Jurczyk, with contributions by Gynvael Coldwind, both from
- Google Security Team.</p>
- <p>[246389] High CVE-2013-2865: Various fixes from internal audits,
- fuzzing and other initiatives.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2013-2855</cvename>
- <cvename>CVE-2013-2856</cvename>
- <cvename>CVE-2013-2857</cvename>
- <cvename>CVE-2013-2858</cvename>
- <cvename>CVE-2013-2859</cvename>
- <cvename>CVE-2013-2860</cvename>
- <cvename>CVE-2013-2861</cvename>
- <cvename>CVE-2013-2862</cvename>
- <cvename>CVE-2013-2863</cvename>
- <cvename>CVE-2013-2864</cvename>
- <cvename>CVE-2013-2865</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2013-06-04</discovery>
- <entry>2013-06-04</entry>
- </dates>
- </vuln>
-
<vuln vid="2eebebff-cd3b-11e2-8f09-001b38c3836c">
<topic>xorg -- protocol handling issues in X Window System client libraries</topic>
<affects>
@@ -56664,72 +62214,6 @@
</dates>
</vuln>
- <vuln vid="358133b5-c2b9-11e2-a738-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>27.0.1453.93</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/search/Stable%20Updates">
- <p>[235638] High CVE-2013-2837: Use-after-free in SVG. Credit to
- Slawomir Blazek.</p>
- <p>[235311] Medium CVE-2013-2838: Out-of-bounds read in v8. Credit to
- Christian Holler.</p>
- <p>[230176] High CVE-2013-2839: Bad cast in clipboard handling.
- Credit to Jon of MWR InfoSecurity.</p>
- <p>[230117] High CVE-2013-2840: Use-after-free in media loader.
- Credit to Nils of MWR InfoSecurity.</p>
- <p>[227350] High CVE-2013-2841: Use-after-free in Pepper resource
- handling. Credit to Chamal de Silva.</p>
- <p>[226696] High CVE-2013-2842: Use-after-free in widget handling.
- Credit to Cyril Cattiaux.</p>
- <p>[222000] High CVE-2013-2843: Use-after-free in speech handling.
- Credit to Khalil Zhani.</p>
- <p>[196393] High CVE-2013-2844: Use-after-free in style resolution.
- Credit to Sachin Shinde (@cons0ul).</p>
- <p>[188092] [179522] [222136] [188092] High CVE-2013-2845: Memory
- safety issues in Web Audio. Credit to Atte Kettunen of OUSPG.</p>
- <p>[177620] High CVE-2013-2846: Use-after-free in media loader.
- Credit to Chamal de Silva.</p>
- <p>[176692] High CVE-2013-2847: Use-after-free race condition with
- workers. Credit to Collin Payne.</p>
- <p>[176137] Medium CVE-2013-2848: Possible data extraction with XSS
- Auditor. Credit to Egor Homakov.</p>
- <p>[171392] Low CVE-2013-2849: Possible XSS with drag+drop or
- copy+paste. Credit to Mario Heiderich.</p>
- <p>[241595] High CVE-2013-2836: Various fixes from internal audits,
- fuzzing and other initiatives.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2013-2836</cvename>
- <cvename>CVE-2013-2837</cvename>
- <cvename>CVE-2013-2838</cvename>
- <cvename>CVE-2013-2839</cvename>
- <cvename>CVE-2013-2840</cvename>
- <cvename>CVE-2013-2841</cvename>
- <cvename>CVE-2013-2842</cvename>
- <cvename>CVE-2013-2843</cvename>
- <cvename>CVE-2013-2844</cvename>
- <cvename>CVE-2013-2845</cvename>
- <cvename>CVE-2013-2846</cvename>
- <cvename>CVE-2013-2847</cvename>
- <cvename>CVE-2013-2848</cvename>
- <cvename>CVE-2013-2849</cvename>
- <url>http://googlechromereleases.blogspot.nl/search/Stable%20Updates</url>
- </references>
- <dates>
- <discovery>2013-05-21</discovery>
- <entry>2013-05-22</entry>
- </dates>
- </vuln>
-
<vuln vid="c72a2494-c08b-11e2-bb21-083e8ed0f47b">
<topic>plib -- stack-based buffer overflow</topic>
<affects>
@@ -57959,70 +63443,6 @@
</dates>
</vuln>
- <vuln vid="bdd48858-9656-11e2-a9a8-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>26.0.1410.43</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/search/Stable%20Updates">
- <p>[172342] High CVE-2013-0916: Use-after-free in Web Audio. Credit
- to Atte Kettunen of OUSPG.</p>
- <p>[180909] Low CVE-2013-0917: Out-of-bounds read in URL loader.
- Credit to Google Chrome Security Team (Cris Neckar).</p>
- <p>[180555] Low CVE-2013-0918: Do not navigate dev tools upon drag
- and drop. Credit to Vsevolod Vlasov of the Chromium development
- community.</p>
- <p>[Linux only] [178760] Medium CVE-2013-0919: Use-after-free with
- pop-up windows in extensions. Credit to Google Chrome Security Team
- (Mustafa Emre Acer).</p>
- <p>[177410] Medium CVE-2013-0920: Use-after-free in extension
- bookmarks API. Credit to Google Chrome Security Team (Mustafa Emre
- Acer).</p>
- <p>[174943] High CVE-2013-0921: Ensure isolated web sites run in
- their own processes.</p>
- <p>[174129] Low CVE-2013-0922: Avoid HTTP basic auth brute force
- attempts. Credit to "t3553r".</p>
- <p>[169981] [169972] [169765] Medium CVE-2013-0923: Memory safety
- issues in the USB Apps API. Credit to Google Chrome Security Team
- (Mustafa Emre Acer).</p>
- <p>[169632] Low CVE-2013-0924: Check an extension's permissions API
- usage again file permissions. Credit to Benjamin Kalman of the
- Chromium development community.</p>
- <p>[168442] Low CVE-2013-0925: Avoid leaking URLs to extensions
- without the tabs permissions. Credit to Michael Vrable of
- Google.</p>
- <p>[112325] Medium CVE-2013-0926: Avoid pasting active tags in
- certain situations. Credit to Subho Halder, Aditya Gupta, and Dev
- Kar of xys3c (xysec.com).</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2013-0916</cvename>
- <cvename>CVE-2013-0917</cvename>
- <cvename>CVE-2013-0918</cvename>
- <cvename>CVE-2013-0919</cvename>
- <cvename>CVE-2013-0920</cvename>
- <cvename>CVE-2013-0921</cvename>
- <cvename>CVE-2013-0922</cvename>
- <cvename>CVE-2013-0923</cvename>
- <cvename>CVE-2013-0924</cvename>
- <cvename>CVE-2013-0925</cvename>
- <cvename>CVE-2013-0926</cvename>
- <url>http://googlechromereleases.blogspot.nl/search/Stable%20Updates</url>
- </references>
- <dates>
- <discovery>2013-03-26</discovery>
- <entry>2013-03-26</entry>
- </dates>
- </vuln>
-
<vuln vid="6adca5e9-95d2-11e2-8549-68b599b52a02">
<topic>firebird -- Remote Stack Buffer Overflow</topic>
<affects>
@@ -58515,33 +63935,6 @@
</dates>
</vuln>
- <vuln vid="54bed676-87ce-11e2-b528-00262d5ed8ee">
- <topic>chromium -- WebKit vulnerability</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>25.0.1364.160</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/search/Stable%20Updates">
- <p>[180763] High CVE-2013-0912: Type confusion in WebKit. Credit to
- Nils and Jon of MWR Labs.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2013-0912</cvename>
- <url>http://googlechromereleases.blogspot.nl/search/Stable%20Updates</url>
- </references>
- <dates>
- <discovery>2013-03-07</discovery>
- <entry>2013-03-08</entry>
- </dates>
- </vuln>
-
<vuln vid="b9a347ac-8671-11e2-b73c-0019d18c446a">
<topic>typo3 -- Multiple vulnerabilities in TYPO3 Core</topic>
<affects>
@@ -58584,62 +63977,6 @@
</dates>
</vuln>
- <vuln vid="40d5ab37-85f2-11e2-b528-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>25.0.1364.152</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/search/Stable%20Updates">
- <p>[176882] High CVE-2013-0902: Use-after-free in frame loader.
- Credit to Chamal de Silva.</p>
- <p>[176252] High CVE-2013-0903: Use-after-free in browser navigation
- handling. Credit to "chromium.khalil".</p>
- <p>[172926] [172331] High CVE-2013-0904: Memory corruption in Web
- Audio. Credit to Atte Kettunen of OUSPG.</p>
- <p>[168982] High CVE-2013-0905: Use-after-free with SVG animations.
- Credit to Atte Kettunen of OUSPG.</p>
- <p>[174895] High CVE-2013-0906: Memory corruption in Indexed DB.
- Credit to Google Chrome Security Team (Juri Aedla).</p>
- <p>[174150] Medium CVE-2013-0907: Race condition in media thread
- handling. Credit to Andrew Scherkus of the Chromium development
- community.</p>
- <p>[174059] Medium CVE-2013-0908: Incorrect handling of bindings for
- extension processes.</p>
- <p>[173906] Low CVE-2013-0909: Referer leakage with XSS Auditor.
- Credit to Egor Homakov.</p>
- <p>[172573] Medium CVE-2013-0910: Mediate renderer -> browser
- plug-in loads more strictly. Credit to Google Chrome Security Team
- (Chris Evans).</p>
- <p>[172264] High CVE-2013-0911: Possible path traversal in database
- handling. Credit to Google Chrome Security Team (Juri Aedla).</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2013-0902</cvename>
- <cvename>CVE-2013-0903</cvename>
- <cvename>CVE-2013-0904</cvename>
- <cvename>CVE-2013-0905</cvename>
- <cvename>CVE-2013-0906</cvename>
- <cvename>CVE-2013-0907</cvename>
- <cvename>CVE-2013-0908</cvename>
- <cvename>CVE-2013-0909</cvename>
- <cvename>CVE-2013-0910</cvename>
- <cvename>CVE-2013-0911</cvename>
- <url>http://googlechromereleases.blogspot.nl/search/Stable%20Updates</url>
- </references>
- <dates>
- <discovery>2013-03-04</discovery>
- <entry>2013-03-06</entry>
- </dates>
- </vuln>
-
<vuln vid="c97219b6-843d-11e2-b131-000c299b62e1">
<topic>stunnel -- Remote Code Execution</topic>
<affects>
@@ -59073,100 +64410,6 @@
</dates>
</vuln>
- <vuln vid="dfd92cb2-7d48-11e2-ad48-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>25.0.1364.97</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/search/label/Stable%20updates">
- <p>[172243] High CVE-2013-0879: Memory corruption with web audio
- node. Credit to Atte Kettunen of OUSPG.</p>
- <p>[171951] High CVE-2013-0880: Use-after-free in database handling.
- Credit to Chamal de Silva.</p>
- <p>[167069] Medium CVE-2013-0881: Bad read in Matroska handling.
- Credit to Atte Kettunen of OUSPG.</p>
- <p>[165432] High CVE-2013-0882: Bad memory access with excessive SVG
- parameters. Credit to Renata Hodovan.</p>
- <p>[142169] Medium CVE-2013-0883: Bad read in Skia. Credit to Atte
- Kettunen of OUSPG.</p>
- <p>[172984] Low CVE-2013-0884: Inappropriate load of NaCl. Credit to
- Google Chrome Security Team (Chris Evans).</p>
- <p>[172369] Medium CVE-2013-0885: Too many API permissions granted to
- web store.</p>
- <p>[171065] [170836] Low CVE-2013-0887: Developer tools process has
- too many permissions and places too much trust in the connected
- server.</p>
- <p>[170666] Medium CVE-2013-0888: Out-of-bounds read in Skia. Credit
- to Google Chrome Security Team (Inferno).</p>
- <p>[170569] Low CVE-2013-0889: Tighten user gesture check for
- dangerous file downloads.</p>
- <p>[169973] [169966] High CVE-2013-0890: Memory safety issues across
- the IPC layer. Credit to Google Chrome Security Team (Chris
- Evans).</p>
- <p>[169685] High CVE-2013-0891: Integer overflow in blob handling.
- Credit to Google Chrome Security Team (Jüri Aedla).</p>
- <p>[169295] [168710] [166493] [165836] [165747] [164958] [164946]
- Medium CVE-2013-0892: Lower severity issues across the IPC layer.
- Credit to Google Chrome Security Team (Chris Evans).</p>
- <p>[168570] Medium CVE-2013-0893: Race condition in media handling.
- Credit to Andrew Scherkus of the Chromium development community.</p>
- <p>[168473] High CVE-2013-0894: Buffer overflow in vorbis decoding.
- Credit to Google Chrome Security Team (Inferno).</p>
- <p>[Linux / Mac] [167840] High CVE-2013-0895: Incorrect path handling
- in file copying. Credit to Google Chrome Security Team (Jüri
- Aedla).</p>
- <p>[166708] High CVE-2013-0896: Memory management issues in plug-in
- message handling. Credit to Google Chrome Security Team (Cris
- Neckar).</p>
- <p>[165537] Low CVE-2013-0897: Off-by-one read in PDF. Credit to
- Mateusz Jurczyk, with contributions by Gynvael Coldwind, both from
- Google Security Team.</p>
- <p>[164643] High CVE-2013-0898: Use-after-free in URL handling.
- Credit to Alexander Potapenko of the Chromium development
- community.</p>
- <p>[160480] Low CVE-2013-0899: Integer overflow in Opus handling.
- Credit to Google Chrome Security Team (Jüri Aedla).</p>
- <p>[152442] Medium CVE-2013-0900: Race condition in ICU. Credit to
- Google Chrome Security Team (Inferno).</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2013-0879</cvename>
- <cvename>CVE-2013-0880</cvename>
- <cvename>CVE-2013-0881</cvename>
- <cvename>CVE-2013-0882</cvename>
- <cvename>CVE-2013-0883</cvename>
- <cvename>CVE-2013-0884</cvename>
- <cvename>CVE-2013-0885</cvename>
- <cvename>CVE-2013-0887</cvename>
- <cvename>CVE-2013-0888</cvename>
- <cvename>CVE-2013-0889</cvename>
- <cvename>CVE-2013-0890</cvename>
- <cvename>CVE-2013-0891</cvename>
- <cvename>CVE-2013-0892</cvename>
- <cvename>CVE-2013-0893</cvename>
- <cvename>CVE-2013-0894</cvename>
- <cvename>CVE-2013-0895</cvename>
- <cvename>CVE-2013-0896</cvename>
- <cvename>CVE-2013-0897</cvename>
- <cvename>CVE-2013-0898</cvename>
- <cvename>CVE-2013-0899</cvename>
- <cvename>CVE-2013-0900</cvename>
- <url>http://googlechromereleases.blogspot.nl/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2013-02-21</discovery>
- <entry>2013-02-22</entry>
- </dates>
- </vuln>
-
<vuln vid="f54584bc-7d2b-11e2-9bd1-206a8a720317">
<topic>krb5 -- null pointer dereference in the KDC PKINIT code [CVE-2013-1415]</topic>
<affects>
@@ -59938,43 +65181,6 @@
</dates>
</vuln>
- <vuln vid="8d03202c-6559-11e2-a389-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>24.0.1312.56</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/search/label/Stable%20updates">
- <p>[151008] High CVE-2013-0839: Use-after-free in canvas font
- handling. Credit to Atte Kettunen of OUSPG.</p>
- <p>[170532] Medium CVE-2013-0840: Missing URL validation when opening
- new windows.</p>
- <p>[169770] High CVE-2013-0841: Unchecked array index in content
- blocking. Credit to Google Chrome Security Team (Chris Evans).</p>
- <p>[166867] Medium CVE-2013-0842: Problems with NULL characters
- embedded in paths. Credit to Google Chrome Security Team (Jüri
- Aedla).</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2013-0839</cvename>
- <cvename>CVE-2013-0840</cvename>
- <cvename>CVE-2013-0841</cvename>
- <cvename>CVE-2013-0842</cvename>
- <url>http://googlechromereleases.blogspot.nl/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2013-01-22</discovery>
- <entry>2013-01-23</entry>
- </dates>
- </vuln>
-
<vuln vid="1827f213-633e-11e2-8d93-c8600054b392">
<topic>drupal -- multiple vulnerabilities</topic>
<affects>
@@ -60157,106 +65363,6 @@
</dates>
</vuln>
- <vuln vid="46bd747b-5b84-11e2-b06d-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>24.0.1312.52</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/search/label/Stable%20updates">
- <p>[162494] High CVE-2012-5145: Use-after-free in SVG layout. Credit
- to Atte Kettunen of OUSPG.</p>
- <p>[165622] High CVE-2012-5146: Same origin policy bypass with
- malformed URL. Credit to Erling A Ellingsen and Subodh Iyengar,
- both of Facebook.</p>
- <p>[165864] High CVE-2012-5147: Use-after-free in DOM handling.
- Credit to José A. Vázquez.</p>
- <p>[167122] Medium CVE-2012-5148: Missing filename sanitization in
- hyphenation support. Credit to Google Chrome Security Team (Justin
- Schuh).</p>
- <p>[166795] High CVE-2012-5149: Integer overflow in audio IPC
- handling. Credit to Google Chrome Security Team (Chris Evans).</p>
- <p>[165601] High CVE-2012-5150: Use-after-free when seeking video.
- Credit to Google Chrome Security Team (Inferno).</p>
- <p>[165538] High CVE-2012-5151: Integer overflow in PDF JavaScript.
- Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind,
- both of Google Security Team.</p>
- <p>[165430] Medium CVE-2012-5152: Out-of-bounds read when seeking
- video. Credit to Google Chrome Security Team (Inferno).</p>
- <p>[164565] High CVE-2012-5153: Out-of-bounds stack access in v8.
- Credit to Andreas Rossberg of the Chromium development
- community.</p>
- <p>[Mac only] [163208] Medium CVE-2012-5155: Missing Mac sandbox for
- worker processes. Credit to Google Chrome Security Team (Julien
- Tinnes).</p>
- <p>[162778] High CVE-2012-5156: Use-after-free in PDF fields. Credit
- to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both
- of Google Security Team.</p>
- <p>[162776] [162156] Medium CVE-2012-5157: Out-of-bounds reads in PDF
- image handling. Credit to Mateusz Jurczyk, with contribution from
- Gynvael Coldwind, both of Google Security Team.</p>
- <p>[162153] High CVE-2013-0828: Bad cast in PDF root handling. Credit
- to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both
- of Google Security Team.</p>
- <p>[162114] High CVE-2013-0829: Corruption of database metadata
- leading to incorrect file access. Credit to Google Chrome Security
- Team (Jüri Aedla).</p>
- <p>[161836] Low CVE-2013-0831: Possible path traversal from extension
- process. Credit to Google Chrome Security Team (Tom Sepez).</p>
- <p>[160380] Medium CVE-2013-0832: Use-after-free with printing.
- Credit to Google Chrome Security Team (Cris Neckar).</p>
- <p>[154485] Medium CVE-2013-0833: Out-of-bounds read with printing.
- Credit to Google Chrome Security Team (Cris Neckar).</p>
- <p>[154283] Medium CVE-2013-0834: Out-of-bounds read with glyph
- handling. Credit to Google Chrome Security Team (Cris Neckar).</p>
- <p>[152921] Low CVE-2013-0835: Browser crash with geolocation. Credit
- to Arthur Gerkis.</p>
- <p>[150545] High CVE-2013-0836: Crash in v8 garbage collection.
- Credit to Google Chrome Security Team (Cris Neckar).</p>
- <p>[145363] Medium CVE-2013-0837: Crash in extension tab handling.
- Credit to Tom Nielsen.</p>
- <p>[Linux only] [143859] Low CVE-2013-0838: Tighten permissions on
- shared memory segments. Credit to Google Chrome Security Team
- (Chris Palmer).</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2012-5145</cvename>
- <cvename>CVE-2012-5146</cvename>
- <cvename>CVE-2012-5147</cvename>
- <cvename>CVE-2012-5148</cvename>
- <cvename>CVE-2012-5149</cvename>
- <cvename>CVE-2012-5150</cvename>
- <cvename>CVE-2012-5151</cvename>
- <cvename>CVE-2012-5152</cvename>
- <cvename>CVE-2012-5153</cvename>
- <cvename>CVE-2012-5155</cvename>
- <cvename>CVE-2012-5156</cvename>
- <cvename>CVE-2012-5157</cvename>
- <cvename>CVE-2013-0828</cvename>
- <cvename>CVE-2013-0829</cvename>
- <cvename>CVE-2013-0831</cvename>
- <cvename>CVE-2013-0832</cvename>
- <cvename>CVE-2013-0833</cvename>
- <cvename>CVE-2013-0834</cvename>
- <cvename>CVE-2013-0835</cvename>
- <cvename>CVE-2013-0836</cvename>
- <cvename>CVE-2013-0837</cvename>
- <cvename>CVE-2013-0838</cvename>
- <url>http://googlechromereleases.blogspot.nl/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2013-01-10</discovery>
- <entry>2013-01-11</entry>
- </dates>
- </vuln>
-
<vuln vid="a4ed6632-5aa9-11e2-8fcb-c8600054b392">
<topic>mozilla -- multiple vulnerabilities</topic>
<affects>
@@ -60982,49 +66088,6 @@
</dates>
</vuln>
- <vuln vid="51f84e28-444e-11e2-8306-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>23.0.1271.97</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/search/label/Stable%20updates">
- <p>[158204] High CVE-2012-5139: Use-after-free with visibility
- events. Credit to Chamal de Silva.</p>
- <p>[159429] High CVE-2012-5140: Use-after-free in URL loader. Credit
- to Chamal de Silva.</p>
- <p>[160456] Medium CVE-2012-5141: Limit Chromoting client plug-in
- instantiation. Credit to Google Chrome Security Team (Jüri
- Aedla).</p>
- <p>[160803] Critical CVE-2012-5142: Crash in history navigation.
- Credit to Michal Zalewski of Google Security Team.</p>
- <p>[160926] Medium CVE-2012-5143: Integer overflow in PPAPI image
- buffers. Credit to Google Chrome Security Team (Cris Neckar).</p>
- <p>[161639] High CVE-2012-5144: Stack corruption in AAC decoding.
- Credit to pawlkt.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2012-5139</cvename>
- <cvename>CVE-2012-5140</cvename>
- <cvename>CVE-2012-5141</cvename>
- <cvename>CVE-2012-5142</cvename>
- <cvename>CVE-2012-5143</cvename>
- <cvename>CVE-2012-5144</cvename>
- <url>http://googlechromereleases.blogspot.nl/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2012-12-11</discovery>
- <entry>2012-12-12</entry>
- </dates>
- </vuln>
-
<vuln vid="953911fe-51ef-11e2-8e34-0022156e8794">
<topic>tomcat -- bypass of CSRF prevention filter</topic>
<affects>
@@ -61196,36 +66259,6 @@
</dates>
</vuln>
- <vuln vid="5af51ae9-3acd-11e2-a4eb-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>23.0.1271.95</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/search/label/Stable%20updates">
- <p>[161564] High CVE-2012-5138: Incorrect file path handling. Credit
- to Google Chrome Security Team (Jüri Aedla).</p>
- <p>[162835] High CVE-2012-5137: Use-after-free in media source
- handling. Credit to Pinkie Pie.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2012-5137</cvename>
- <cvename>CVE-2012-5138</cvename>
- <url>http://googlechromereleases.blogspot.nl/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2012-11-29</discovery>
- <entry>2012-11-30</entry>
- </dates>
- </vuln>
-
<vuln vid="aa4f86af-3172-11e2-ad21-20cf30e32f6d">
<topic>YUI JavaScript library -- JavaScript injection exploits in Flash components</topic>
<affects>
@@ -61261,48 +66294,6 @@
</dates>
</vuln>
- <vuln vid="4d64fc61-3878-11e2-a4eb-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>23.0.1271.91</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/search/label/Stable%20updates">
- <p>[156567] High CVE-2012-5133: Use-after-free in SVG filters. Credit
- to miaubiz.</p>
- <p>[148638] Medium CVE-2012-5130: Out-of-bounds read in Skia. Credit
- to Atte Kettunen of OUSPG.</p>
- <p>[155711] Low CVE-2012-5132: Browser crash with chunked encoding.
- Credit to Attila Szász.</p>
- <p>[158249] High CVE-2012-5134: Buffer underflow in libxml. Credit to
- Google Chrome Security Team (Jüri Aedla).</p>
- <p>[159165] Medium CVE-2012-5135: Use-after-free with printing.
- Credit to Fermin Serna of Google Security Team.</p>
- <p>[159829] Medium CVE-2012-5136: Bad cast in input element handling.
- Credit to Google Chrome Security Team (Inferno).</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2012-5130</cvename>
- <cvename>CVE-2012-5132</cvename>
- <cvename>CVE-2012-5133</cvename>
- <cvename>CVE-2012-5134</cvename>
- <cvename>CVE-2012-5135</cvename>
- <cvename>CVE-2012-5136</cvename>
- <url>http://googlechromereleases.blogspot.nl/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2012-11-26</discovery>
- <entry>2012-11-27</entry>
- </dates>
- </vuln>
-
<vuln vid="5536c8e4-36b3-11e2-a633-902b343deec9">
<topic>FreeBSD -- Linux compatibility layer input validation error</topic>
<affects>
@@ -61929,72 +66920,6 @@
</dates>
</vuln>
- <vuln vid="209c068d-28be-11e2-9160-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>23.0.1271.64</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/search/label/Stable%20updates">
- <p>[157079] Medium CVE-2012-5127: Integer overflow leading to
- out-of-bounds read in WebP handling. Credit to Phil Turnbull.</p>
- <p>[Linux 64-bit only] [150729] Medium CVE-2012-5120: Out-of-bounds
- array access in v8. Credit to Atte Kettunen of OUSPG.</p>
- <p>[143761] High CVE-2012-5116: Use-after-free in SVG filter
- handling. Credit to miaubiz.</p>
- <p>[Mac OS only] [149717] High CVE-2012-5118: Integer bounds check
- issue in GPU command buffers. Credit to miaubiz.</p>
- <p>[154055] High CVE-2012-5121: Use-after-free in video layout.
- Credit to Atte Kettunen of OUSPG.</p>
- <p>[145915] Low CVE-2012-5117: Inappropriate load of SVG subresource
- in img context. Credit to Felix Gröbert of the Google Security
- Team.</p>
- <p>[149759] Medium CVE-2012-5119: Race condition in Pepper buffer
- handling. Credit to Fermin Serna of the Google Security Team.</p>
- <p>[154465] Medium CVE-2012-5122: Bad cast in input handling. Credit
- to Google Chrome Security Team (Inferno).</p>
- <p>[154590] [156826] Medium CVE-2012-5123: Out-of-bounds reads in
- Skia. Credit to Google Chrome Security Team (Inferno).</p>
- <p>[155323] High CVE-2012-5124: Memory corruption in texture handling.
- Credit to Al Patrick of the Chromium development community.</p>
- <p>[156051] Medium CVE-2012-5125: Use-after-free in extension tab
- handling. Credit to Alexander Potapenko of the Chromium development
- community.</p>
- <p>[156366] Medium CVE-2012-5126: Use-after-free in plug-in
- placeholder handling. Credit to Google Chrome Security Team
- (Inferno).</p>
- <p>[157124] High CVE-2012-5128: Bad write in v8. Credit to Google
- Chrome Security Team (Cris Neckar).</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2012-5127</cvename>
- <cvename>CVE-2012-5120</cvename>
- <cvename>CVE-2012-5116</cvename>
- <cvename>CVE-2012-5118</cvename>
- <cvename>CVE-2012-5121</cvename>
- <cvename>CVE-2012-5117</cvename>
- <cvename>CVE-2012-5119</cvename>
- <cvename>CVE-2012-5122</cvename>
- <cvename>CVE-2012-5123</cvename>
- <cvename>CVE-2012-5124</cvename>
- <cvename>CVE-2012-5125</cvename>
- <cvename>CVE-2012-5126</cvename>
- <cvename>CVE-2012-5128</cvename>
- <url>http://googlechromereleases.blogspot.nl/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2012-11-06</discovery>
- <entry>2012-11-07</entry>
- </dates>
- </vuln>
-
<vuln vid="38daea4f-2851-11e2-9483-14dae938ec40">
<topic>opera -- multiple vulnerabilities</topic>
<affects>
@@ -62754,33 +67679,6 @@
</dates>
</vuln>
- <vuln vid="09e83f7f-1326-11e2-afe3-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>22.0.1229.94</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/search/label/Stable%20updates">
- <p>[154983][154987] Critical CVE-2012-5112: SVG use-after-free and
- IPC arbitrary file write. Credit to Pinkie Pie.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2012-5112</cvename>
- <url>http://googlechromereleases.blogspot.nl/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2012-10-10</discovery>
- <entry>2012-10-10</entry>
- </dates>
- </vuln>
-
<vuln vid="6e5a9afd-12d3-11e2-b47d-c8600054b392">
<topic>mozilla -- multiple vulnerabilities</topic>
<affects>
@@ -62952,46 +67850,6 @@
</dates>
</vuln>
- <vuln vid="e6161b65-1187-11e2-afe3-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>22.0.1229.92</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/search/label/Stable%20updates">
- <p>[138208] High CVE-2012-2900: Crash in Skia text rendering. Credit
- to Atte Kettunen of OUSPG.</p>
- <p>[147499] Critical CVE-2012-5108: Race condition in audio device
- handling. Credit to Atte Kettunen of OUSPG.</p>
- <p>[148692] Medium CVE-2012-5109: OOB read in ICU regex. Credit to
- Arthur Gerkis.</p>
- <p>[151449] Medium CVE-2012-5110: Out-of-bounds read in compositor.
- Credit to Google Chrome Security Team (Inferno).</p>
- <p>[151895] Low CVE-2012-5111: Plug-in crash monitoring was missing
- for Pepper plug-ins. Credit to Google Chrome Security Team (Chris
- Evans).</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2012-2900</cvename>
- <cvename>CVE-2012-5108</cvename>
- <cvename>CVE-2012-5109</cvename>
- <cvename>CVE-2012-5110</cvename>
- <cvename>CVE-2012-5111</cvename>
- <url>http://googlechromereleases.blogspot.nl/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2012-10-08</discovery>
- <entry>2012-10-08</entry>
- </dates>
- </vuln>
-
<vuln vid="dee44ba9-08ab-11e2-a044-d0df9acfd7e5">
<topic>OpenX -- SQL injection vulnerability</topic>
<affects>
@@ -63028,102 +67886,6 @@
</dates>
</vuln>
- <vuln vid="5bae2ab4-0820-11e2-be5f-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>22.0.1229.79</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/search/label/Stable%20updates">
- <p>[143439] High CVE-2012-2889: UXSS in frame handling. Credit to
- Sergey Glazunov.</p>
- <p>[143437] High CVE-2012-2886: UXSS in v8 bindings. Credit to Sergey
- Glazunov.</p>
- <p>[139814] High CVE-2012-2881: DOM tree corruption with plug-ins.
- Credit to Chamal de Silva.</p>
- <p>[135432] High CVE-2012-2876: Buffer overflow in SSE2 optimizations.
- Credit to Atte Kettunen of OUSPG.</p>
- <p>[140803] High CVE-2012-2883: Out-of-bounds write in Skia. Credit to
- Atte Kettunen of OUSPG.</p>
- <p>[143609] High CVE-2012-2887: Use-after-free in onclick handling.
- Credit to Atte Kettunen of OUSPG.</p>
- <p>[143656] High CVE-2012-2888: Use-after-free in SVG text references.
- Credit to miaubiz.</p>
- <p>[144899] High CVE-2012-2894: Crash in graphics context handling.
- Credit to Slawomir Blazek.</p>
- <p>[137707] Medium CVE-2012-2877: Browser crash with extensions and
- modal dialogs. Credit to Nir Moshe.</p>
- <p>[139168] Low CVE-2012-2879: DOM topology corruption. Credit to
- pawlkt.</p>
- <p>[141651] Medium CVE-2012-2884: Out-of-bounds read in Skia. Credit
- to Atte Kettunen of OUSPG.</p>
- <p>[132398] High CVE-2012-2874: Out-of-bounds write in Skia. Credit to
- Google Chrome Security Team (Inferno).</p>
- <p>[134955] [135488] [137106] [137288] [137302] [137547] [137556]
- [137606] [137635] [137880] [137928] [144579] [145079] [145121]
- [145163] [146462] Medium CVE-2012-2875: Various lower severity
- issues in the PDF viewer. Credit to Mateusz Jurczyk of Google
- Security Team, with contributions by Gynvael Coldwind of Google
- Security Team.</p>
- <p>[137852] High CVE-2012-2878: Use-after-free in plug-in handling.
- Credit to Fermin Serna of Google Security Team.</p>
- <p>[139462] Medium CVE-2012-2880: Race condition in plug-in paint
- buffer. Credit to Google Chrome Security Team (Cris Neckar).</p>
- <p>[140647] High CVE-2012-2882: Wild pointer in OGG container
- handling. Credit to Google Chrome Security Team (Inferno).</p>
- <p>[142310] Medium CVE-2012-2885: Possible double free on exit. Credit
- to the Chromium development community.</p>
- <p>[143798] [144072] [147402] High CVE-2012-2890: Use-after-free in
- PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with
- contributions by Gynvael Coldwind of Google Security Team.</p>
- <p>[144051] Low CVE-2012-2891: Address leak over IPC. Credit to Lei
- Zhang of the Chromium development community.</p>
- <p>[144704] Low CVE-2012-2892: Pop-up block bypass. Credit to Google
- Chrome Security Team (Cris Neckar).</p>
- <p>[144799] High CVE-2012-2893: Double free in XSL transforms. Credit
- to Google Chrome Security Team (Cris Neckar).</p>
- <p>[145029] [145157] [146460] High CVE-2012-2895: Out-of-bounds writes
- in PDF viewer. Credit to Mateusz Jurczyk of Google Security Team,
- with contributions by Gynvael Coldwind of Google Security Team.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2012-2889</cvename>
- <cvename>CVE-2012-2886</cvename>
- <cvename>CVE-2012-2881</cvename>
- <cvename>CVE-2012-2876</cvename>
- <cvename>CVE-2012-2883</cvename>
- <cvename>CVE-2012-2887</cvename>
- <cvename>CVE-2012-2888</cvename>
- <cvename>CVE-2012-2894</cvename>
- <cvename>CVE-2012-2877</cvename>
- <cvename>CVE-2012-2879</cvename>
- <cvename>CVE-2012-2884</cvename>
- <cvename>CVE-2012-2874</cvename>
- <cvename>CVE-2012-2875</cvename>
- <cvename>CVE-2012-2878</cvename>
- <cvename>CVE-2012-2880</cvename>
- <cvename>CVE-2012-2882</cvename>
- <cvename>CVE-2012-2885</cvename>
- <cvename>CVE-2012-2890</cvename>
- <cvename>CVE-2012-2891</cvename>
- <cvename>CVE-2012-2892</cvename>
- <cvename>CVE-2012-2893</cvename>
- <cvename>CVE-2012-2895</cvename>
- <url>http://googlechromereleases.blogspot.nl/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2012-09-25</discovery>
- <entry>2012-09-26</entry>
- </dates>
- </vuln>
-
<vuln vid="73efb1b7-07ec-11e2-a391-000c29033c32">
<topic>eperl -- Remote code execution</topic>
<affects>
@@ -63944,53 +68706,6 @@
</dates>
</vuln>
- <vuln vid="ee68923d-f2f5-11e1-8014-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>21.0.1180.89</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/search/label/Stable%20updates">
- <p>[121347] Medium CVE-2012-2865: Out-of-bounds read in line breaking.
- Credit to miaubiz.</p>
- <p>[134897] High CVE-2012-2866: Bad cast with run-ins. Credit to
- miaubiz.</p>
- <p>[135485] Low CVE-2012-2867: Browser crash with SPDY.</p>
- <p>[136881] Medium CVE-2012-2868: Race condition with workers and XHR.
- Credit to miaubiz.</p>
- <p>[137778] High CVE-2012-2869: Avoid stale buffer in URL loading.
- Credit to Fermin Serna of the Google Security Team.</p>
- <p>[138672] [140368] Low CVE-2012-2870: Lower severity memory
- management issues in XPath. Credit to Nicolas Gregoire.</p>
- <p>[138673] High CVE-2012-2871: Bad cast in XSL transforms. Credit to
- Nicolas Gregoire.</p>
- <p>[142956] Medium CVE-2012-2872: XSS in SSL interstitial. Credit to
- Emmanuel Bronshtein.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2012-2865</cvename>
- <cvename>CVE-2012-2866</cvename>
- <cvename>CVE-2012-2867</cvename>
- <cvename>CVE-2012-2868</cvename>
- <cvename>CVE-2012-2869</cvename>
- <cvename>CVE-2012-2870</cvename>
- <cvename>CVE-2012-2871</cvename>
- <cvename>CVE-2012-2872</cvename>
- <url>http://googlechromereleases.blogspot.nl/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2012-08-30</discovery>
- <entry>2012-08-30</entry>
- </dates>
- </vuln>
-
<vuln vid="4c53f007-f2ed-11e1-a215-14dae9ebcf89">
<topic>asterisk -- multiple vulnerabilities</topic>
<affects>
@@ -64961,148 +69676,6 @@
</dates>
</vuln>
- <vuln vid="60bbe12c-e2c1-11e1-a8ca-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>21.0.1180.75</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/search/label/Stable%20updates">
- <p>[136643] [137721] [137957] High CVE-2012-2862: Use-after-free in
- PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with
- contributions by Gynvael Coldwind of Google Security Team.</p>
- <p>[136968] [137361] High CVE-2012-2863: Out-of-bounds writes in PDF
- viewer. Credit to Mateusz Jurczyk of Google Security Team, with
- contributions by Gynvael Coldwind of Google Security Team.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2012-2862</cvename>
- <cvename>CVE-2012-2863</cvename>
- <url>http://googlechromereleases.blogspot.com/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2012-08-08</discovery>
- <entry>2012-08-10</entry>
- </dates>
- </vuln>
-
- <vuln vid="ce84e136-e2f6-11e1-a8ca-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>21.0.1180.60</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/search/label/Stable%20updates">
- <p>[Linux only] [125225] Medium CVE-2012-2846: Cross-process
- interference in renderers. Credit to Google Chrome Security Team
- (Julien Tinnes).</p>
- <p>[127522] Low CVE-2012-2847: Missing re-prompt to user upon
- excessive downloads. Credit to Matt Austin of Aspect Security.</p>
- <p>[127525] Medium CVE-2012-2848: Overly broad file access granted
- after drag+drop. Credit to Matt Austin of Aspect Security.</p>
- <p>[128163] Low CVE-2012-2849: Off-by-one read in GIF decoder. Credit
- to Atte Kettunen of OUSPG.</p>
- <p>[130251] [130592] [130611] [131068] [131237] [131252] [131621]
- [131690] [132860] Medium CVE-2012-2850: Various lower severity
- issues in the PDF viewer. Credit to Mateusz Jurczyk of Google
- Security Team, with contributions by Gynvael Coldwind of Google
- Security Team.</p>
- <p>[132585] [132694] [132861] High CVE-2012-2851: Integer overflows in
- PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with
- contributions by Gynvael Coldwind of Google Security Team.</p>
- <p>[134028] High CVE-2012-2852: Use-after-free with bad object linkage
- in PDF. Credit to Alexey Samsonov of Google.</p>
- <p>[134101] Medium CVE-2012-2853: webRequest can interfere with the
- Chrome Web Store. Credit to Trev of Adblock.</p>
- <p>[134519] Low CVE-2012-2854: Leak of pointer values to WebUI
- renderers. Credit to Nasko Oskov of the Chromium development
- community.</p>
- <p>[134888] High CVE-2012-2855: Use-after-free in PDF viewer. Credit
- to Mateusz Jurczyk of Google Security Team, with contributions by
- Gynvael Coldwind of Google Security Team.</p>
- <p>[134954] [135264] High CVE-2012-2856: Out-of-bounds writes in PDF
- viewer. Credit to Mateusz Jurczyk of Google Security Team, with
- contributions by Gynvael Coldwind of Google Security Team.</p>
- <p>[136235] High CVE-2012-2857: Use-after-free in CSS DOM. Credit to
- Arthur Gerkis.</p>
- <p>[136894] High CVE-2012-2858: Buffer overflow in WebP decoder.
- Credit to Juri Aedla.</p>
- <p>[Linux only] [137541] Critical CVE-2012-2859: Crash in tab
- handling. Credit to Jeff Roberts of Google Security Team.</p>
- <p>[137671] Medium CVE-2012-2860: Out-of-bounds access when clicking
- in date picker. Credit to Chamal de Silva.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2012-2846</cvename>
- <cvename>CVE-2012-2847</cvename>
- <cvename>CVE-2012-2848</cvename>
- <cvename>CVE-2012-2849</cvename>
- <cvename>CVE-2012-2850</cvename>
- <cvename>CVE-2012-2851</cvename>
- <cvename>CVE-2012-2852</cvename>
- <cvename>CVE-2012-2853</cvename>
- <cvename>CVE-2012-2854</cvename>
- <cvename>CVE-2012-2855</cvename>
- <cvename>CVE-2012-2856</cvename>
- <cvename>CVE-2012-2857</cvename>
- <cvename>CVE-2012-2858</cvename>
- <cvename>CVE-2012-2859</cvename>
- <cvename>CVE-2012-2860</cvename>
- <url>http://googlechromereleases.blogspot.com/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2012-07-31</discovery>
- <entry>2012-08-10</entry>
- </dates>
- </vuln>
-
- <vuln vid="2092a45b-e2f6-11e1-a8ca-00262d5ed8ee">
- <topic>www/chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>20.0.1132.57</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/search/label/Stable%20updates">
- <p>[129898] High CVE-2012-2842: Use-after-free in counter handling.
- Credit to miaubiz.</p>
- <p>[130595] High CVE-2012-2843: Use-after-free in layout height
- tracking. Credit to miaubiz.</p>
- <p>[133450] High CVE-2012-2844: Bad object access with JavaScript in
- PDF. Credit to Alexey Samsonov of Google.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2012-2842</cvename>
- <cvename>CVE-2012-2843</cvename>
- <cvename>CVE-2012-2844</cvename>
- <url>http://googlechromereleases.blogspot.com/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2012-07-11</discovery>
- <entry>2012-08-10</entry>
- </dates>
- </vuln>
-
<vuln vid="31db9a18-e289-11e1-a57d-080027a27dbf">
<topic>rubygem-rails -- multiple vulnerabilities</topic>
<affects>
@@ -66064,86 +70637,6 @@
</dates>
</vuln>
- <vuln vid="ff922811-c096-11e1-b0f4-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>20.0.1132.43</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/search/label/Stable%20updates">
- <p>[118633] Low CVE-2012-2815: Leak of iframe fragment id. Credit to
- Elie Bursztein of Google.</p>
- <p>[120222] High CVE-2012-2817: Use-after-free in table section
- handling. Credit to miaubiz.</p>
- <p>[120944] High CVE-2012-2818: Use-after-free in counter layout.
- Credit to miaubiz.</p>
- <p>[120977] High CVE-2012-2819: Crash in texture handling. Credit to
- Ken "gets" Russell of the Chromium development community.</p>
- <p>[121926] Medium CVE-2012-2820: Out-of-bounds read in SVG filter
- handling. Credit to Atte Kettunen of OUSPG.</p>
- <p>[122925] Medium CVE-2012-2821: Autofill display problem. Credit to
- "simonbrown60".</p>
- <p>[various] Medium CVE-2012-2822: Misc. lower severity OOB read
- issues in PDF. Credit to awesome ASAN and various Googlers (Kostya
- Serebryany, Evgeniy Stepanov, Mateusz Jurczyk, Gynvael Coldwind).</p>
- <p>[124356] High CVE-2012-2823: Use-after-free in SVG resource
- handling. Credit to miaubiz.</p>
- <p>[125374] High CVE-2012-2824: Use-after-free in SVG painting.
- Credit to miaubiz.</p>
- <p>[128688] Medium CVE-2012-2826: Out-of-bounds read in texture
- conversion. Credit to Google Chrome Security Team (Inferno).</p>
- <p>[Mac only] [129826] Low CVE-2012-2827: Use-after-free in Mac UI.
- Credit to the Chromium development community (Dharani Govindan).</p>
- <p>[129857] High CVE-2012-2828: Integer overflows in PDF. Credit to
- Mateusz Jurczyk of Google Security Team and Google Chrome Security
- Team (Chris Evans).</p>
- <p>[129947] High CVE-2012-2829: Use-after-free in first-letter
- handling. Credit to miaubiz.</p>
- <p>[129951] High CVE-2012-2830: Wild pointer in array value setting.
- Credit to miaubiz.</p>
- <p>[130356] High CVE-2012-2831: Use-after-free in SVG reference
- handling. Credit to miaubiz.</p>
- <p>[131553] High CVE-2012-2832: Uninitialized pointer in PDF image
- codec. Credit to Mateusz Jurczyk of Google Security Team.</p>
- <p>[132156] High CVE-2012-2833: Buffer overflow in PDF JS API. Credit
- to Mateusz Jurczyk of Google Security Team.</p>
- <p>[132779] High CVE-2012-2834: Integer overflow in Matroska
- container. Credit to Juri Aedla.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2012-2815</cvename>
- <cvename>CVE-2012-2817</cvename>
- <cvename>CVE-2012-2818</cvename>
- <cvename>CVE-2012-2819</cvename>
- <cvename>CVE-2012-2820</cvename>
- <cvename>CVE-2012-2821</cvename>
- <cvename>CVE-2012-2822</cvename>
- <cvename>CVE-2012-2823</cvename>
- <cvename>CVE-2012-2824</cvename>
- <cvename>CVE-2012-2826</cvename>
- <cvename>CVE-2012-2827</cvename>
- <cvename>CVE-2012-2828</cvename>
- <cvename>CVE-2012-2829</cvename>
- <cvename>CVE-2012-2830</cvename>
- <cvename>CVE-2012-2831</cvename>
- <cvename>CVE-2012-2832</cvename>
- <cvename>CVE-2012-2833</cvename>
- <cvename>CVE-2012-2834</cvename>
- <url>http://googlechromereleases.blogspot.com/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2012-06-26</discovery>
- <entry>2012-06-27</entry>
- </dates>
- </vuln>
-
<vuln vid="aed44c4e-c067-11e1-b5e0-000c299b62e1">
<topic>FreeBSD -- Privilege escalation when returning from kernel</topic>
<affects>
@@ -66862,74 +71355,6 @@
</dates>
</vuln>
- <vuln vid="219d0bfd-a915-11e1-b519-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>19.0.1084.52</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.com/search/label/Stable%20updates">
- <p>[117409] High CVE-2011-3103: Crashes in v8 garbage collection.
- Credit to the Chromium development community (Brett Wilson).</p>
- <p>[118018] Medium CVE-2011-3104: Out-of-bounds read in Skia. Credit
- to Google Chrome Security Team (Inferno).</p>
- <p>[120912] High CVE-2011-3105: Use-after-free in first-letter
- handling. Credit to miaubiz.</p>
- <p>[122654] Critical CVE-2011-3106: Browser memory corruption with
- websockets over SSL. Credit to the Chromium development community
- (Dharani Govindan).</p>
- <p>[124625] High CVE-2011-3107: Crashes in the plug-in JavaScript
- bindings. Credit to the Chromium development community (Dharani
- Govindan).</p>
- <p>[125159] Critical CVE-2011-3108: Use-after-free in browser cache.
- Credit to "efbiaiinzinz".</p>
- <p>[Linux only] [126296] High CVE-2011-3109: Bad cast in GTK UI.
- Credit to Micha Bartholome.</p>
- <p>[126337] [126343] [126378] [127349] [127819] [127868] High
- CVE-2011-3110: Out of bounds writes in PDF. Credit to Mateusz
- Jurczyk of the Google Security Team, with contributions by Gynvael
- Coldwind of the Google Security Team.</p>
- <p>[126414] Medium CVE-2011-3111: Invalid read in v8. Credit to
- Christian Holler.</p>
- <p>[127331] High CVE-2011-3112: Use-after-free with invalid encrypted
- PDF. Credit to Mateusz Jurczyk of the Google Security Team, with
- contributions by Gynvael Coldwind of the Google Security Team.</p>
- <p>[127883] High CVE-2011-3113: Invalid cast with colorspace handling
- in PDF. Credit to Mateusz Jurczyk of the Google Security Team, with
- contributions by Gynvael Coldwind of the Google Security Team.</p>
- <p>[128014] High CVE-2011-3114: Buffer overflows with PDF functions.
- Credit to Google Chrome Security Team (scarybeasts).</p>
- <p>[128018] High CVE-2011-3115: Type corruption in v8. Credit to
- Christian Holler.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2011-3103</cvename>
- <cvename>CVE-2011-3104</cvename>
- <cvename>CVE-2011-3105</cvename>
- <cvename>CVE-2011-3106</cvename>
- <cvename>CVE-2011-3107</cvename>
- <cvename>CVE-2011-3108</cvename>
- <cvename>CVE-2011-3110</cvename>
- <cvename>CVE-2011-3111</cvename>
- <cvename>CVE-2011-3112</cvename>
- <cvename>CVE-2011-3113</cvename>
- <cvename>CVE-2011-3114</cvename>
- <cvename>CVE-2011-3115</cvename>
- <url>http://googlechromereleases.blogspot.com/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2012-05-23</discovery>
- <entry>2012-05-28</entry>
- </dates>
- </vuln>
-
<vuln vid="617959ce-a5f6-11e1-a284-0023ae8e59f0">
<topic>haproxy -- buffer overflow</topic>
<affects>
@@ -67291,84 +71716,6 @@
</dates>
</vuln>
- <vuln vid="1449af37-9eba-11e1-b9c1-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>19.0.1084.46</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.com/search/label/Stable%20updates">
- <p>[112983] Low CVE-2011-3083: Browser crash with video + FTP. Credit
- to Aki Helin of OUSPG.</p>
- <p>[113496] Low CVE-2011-3084: Load links from internal pages in their
- own process. Credit to Brett Wilson of the Chromium development
- community.</p>
- <p>[118374] Medium CVE-2011-3085: UI corruption with long autofilled
- values. Credit to "psaldorn".</p>
- <p>[118642] High CVE-2011-3086: Use-after-free with style element.
- Credit to Arthur Gerkis.</p>
- <p>[118664] Low CVE-2011-3087: Incorrect window navigation. Credit to
- Charlie Reis of the Chromium development community.</p>
- <p>[120648] Medium CVE-2011-3088: Out-of-bounds read in hairline
- drawing. Credit to Aki Helin of OUSPG.</p>
- <p>[120711] High CVE-2011-3089: Use-after-free in table handling.
- Credit to miaubiz.</p>
- <p>[121223] Medium CVE-2011-3090: Race condition with workers. Credit
- to Arthur Gerkis.</p>
- <p>[121734] High CVE-2011-3091: Use-after-free with indexed DB. Credit
- to Google Chrome Security Team (Inferno).</p>
- <p>[122337] High CVE-2011-3092: Invalid write in v8 regex. Credit to
- Christian Holler.</p>
- <p>[122585] Medium CVE-2011-3093: Out-of-bounds read in glyph
- handling. Credit to miaubiz.</p>
- <p>[122586] Medium CVE-2011-3094: Out-of-bounds read in Tibetan
- handling. Credit to miaubiz.</p>
- <p>[123481] High CVE-2011-3095: Out-of-bounds write in OGG container.
- Credit to Hannu Heikkinen.</p>
- <p>[Linux only] [123530] Low CVE-2011-3096: Use-after-free in GTK
- omnibox handling. Credit to Arthur Gerkis.</p>
- <p>[123733] [124182] High CVE-2011-3097: Out-of-bounds write in
- sampled functions with PDF. Credit to Kostya Serebryany of Google
- and Evgeniy Stepanov of Google.</p>
- <p>[124479] High CVE-2011-3099: Use-after-free in PDF with corrupt
- font encoding name. Credit to Mateusz Jurczyk of Google Security
- Team and Gynvael Coldwind of Google Security Team.</p>
- <p>[124652] Medium CVE-2011-3100: Out-of-bounds read drawing dash
- paths. Credit to Google Chrome Security Team (Inferno).</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2011-3083</cvename>
- <cvename>CVE-2011-3084</cvename>
- <cvename>CVE-2011-3085</cvename>
- <cvename>CVE-2011-3086</cvename>
- <cvename>CVE-2011-3087</cvename>
- <cvename>CVE-2011-3088</cvename>
- <cvename>CVE-2011-3089</cvename>
- <cvename>CVE-2011-3090</cvename>
- <cvename>CVE-2011-3091</cvename>
- <cvename>CVE-2011-3092</cvename>
- <cvename>CVE-2011-3093</cvename>
- <cvename>CVE-2011-3094</cvename>
- <cvename>CVE-2011-3095</cvename>
- <cvename>CVE-2011-3096</cvename>
- <cvename>CVE-2011-3097</cvename>
- <cvename>CVE-2011-3099</cvename>
- <cvename>CVE-2011-3100</cvename>
- <url>http://googlechromereleases.blogspot.com/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2012-05-15</discovery>
- <entry>2012-05-15</entry>
- </dates>
- </vuln>
-
<vuln vid="6601127c-9e09-11e1-b5e0-000c299b62e1">
<topic>socat -- Heap-based buffer overflow</topic>
<affects>
@@ -67702,48 +72049,6 @@
</dates>
</vuln>
- <vuln vid="94c0ac4f-9388-11e1-b242-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>18.0.1025.168</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.com/search/label/Stable%20updates">
- <p>[106413] High CVE-2011-3078: Use after free in floats handling.
- Credit to Google Chrome Security Team (Marty Barbella) and
- independent later discovery by miaubiz.</p>
- <p>[117627] Medium CVE-2011-3079: IPC validation failure. Credit to
- PinkiePie.</p>
- <p>[121726] Medium CVE-2011-3080: Race condition in sandbox IPC.
- Credit to Willem Pinckaers of Matasano.</p>
- <p>[121899] High CVE-2011-3081: Use after free in floats handling.
- Credit to miaubiz.</p>
- <p>[117110] High CVE-2012-1521: Use after free in xml parser. Credit
- to Google Chrome Security Team (SkyLined) and independent later
- discovery by wushi of team509 reported through iDefense VCP
- (V-874rcfpq7z).</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2011-3078</cvename>
- <cvename>CVE-2011-3079</cvename>
- <cvename>CVE-2011-3080</cvename>
- <cvename>CVE-2011-3081</cvename>
- <cvename>CVE-2012-1521</cvename>
- <url>http://googlechromereleases.blogspot.com/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2012-04-30</discovery>
- <entry>2012-05-01</entry>
- </dates>
- </vuln>
-
<vuln vid="2cde1892-913e-11e1-b44c-001fd0af1a4c">
<topic>php -- multiple vulnerabilities</topic>
<affects>
@@ -68531,66 +72836,6 @@
</dates>
</vuln>
- <vuln vid="057130e6-7f61-11e1-8a43-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>18.0.1025.151</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.com/search/label/Stable%20updates">
- <p>[106577] Medium CVE-2011-3066: Out-of-bounds read in Skia clipping. Credit to miaubiz.</p>
- <p>[117583] Medium CVE-2011-3067: Cross-origin iframe replacement.
- Credit to Sergey Glazunov.</p>
- <p>[117698] High CVE-2011-3068: Use-after-free in run-in handling.
- Credit to miaubiz.</p>
- <p>[117728] High CVE-2011-3069: Use-after-free in line box handling.
- Credit to miaubiz.</p>
- <p>[118185] High CVE-2011-3070: Use-after-free in v8 bindings. Credit
- to Google Chrome Security Team (SkyLined).</p>
- <p>[118273] High CVE-2011-3071: Use-after-free in HTMLMediaElement.
- Credit to pa_kt, reporting through HP TippingPoint ZDI
- (ZDI-CAN-1528).</p>
- <p>[118467] Low CVE-2011-3072: Cross-origin violation parenting pop-up
- window. Credit to Sergey Glazunov.</p>
- <p>[118593] High CVE-2011-3073: Use-after-free in SVG resource
- handling. Credit to Arthur Gerkis.</p>
- <p>[119281] Medium CVE-2011-3074: Use-after-free in media handling.
- Credit to Slawomir Blazek.</p>
- <p>[119525] High CVE-2011-3075: Use-after-free applying style command.
- Credit to miaubiz.</p>
- <p>[120037] High CVE-2011-3076: Use-after-free in focus handling.
- Credit to miaubiz.</p>
- <p>[120189] Medium CVE-2011-3077: Read-after-free in script bindings.
- Credit to Google Chrome Security Team (Inferno).</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2011-3066</cvename>
- <cvename>CVE-2011-3067</cvename>
- <cvename>CVE-2011-3068</cvename>
- <cvename>CVE-2011-3069</cvename>
- <cvename>CVE-2011-3070</cvename>
- <cvename>CVE-2011-3071</cvename>
- <cvename>CVE-2011-3072</cvename>
- <cvename>CVE-2011-3073</cvename>
- <cvename>CVE-2011-3074</cvename>
- <cvename>CVE-2011-3075</cvename>
- <cvename>CVE-2011-3076</cvename>
- <cvename>CVE-2011-3077</cvename>
- <url>http://googlechromereleases.blogspot.com/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2012-04-05</discovery>
- <entry>2012-04-05</entry>
- </dates>
- </vuln>
-
<vuln vid="7289214f-7c55-11e1-ab3b-000bcdf0a03b">
<topic>libpurple -- Remote DoS via an MSN OIM message that lacks UTF-8 encoding</topic>
<affects>
@@ -68629,7 +72874,7 @@
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>The phpMYAdmin development team reports:</p>
+ <p>The phpMyAdmin development team reports:</p>
<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2012-2.php">
<p>The show_config_errors.php scripts did not validate the presence
of the configuration file, so an error message shows the full path
@@ -68650,57 +72895,6 @@
</dates>
</vuln>
- <vuln vid="b8f0a391-7910-11e1-8a43-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>18.0.1025.142</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.com/search/label/Stable%20updates">
- <p>[109574] Medium CVE-2011-3058: Bad interaction possibly leading to
- XSS in EUC-JP. Credit to Masato Kinugawa.</p>
- <p>[112317] Medium CVE-2011-3059: Out-of-bounds read in SVG text
- handling. Credit to Arthur Gerkis.</p>
- <p>[114056] Medium CVE-2011-3060: Out-of-bounds read in text fragment
- handling. Credit to miaubiz.</p>
- <p>[116398] Medium CVE-2011-3061: SPDY proxy certificate checking
- error. Credit to Leonidas Kontothanassis of Google.</p>
- <p>[116524] High CVE-2011-3062: Off-by-one in OpenType Sanitizer.
- Credit to Mateusz Jurczyk of the Google Security Team.</p>
- <p>[117417] Low CVE-2011-3063: Validate navigation requests from the
- renderer more carefully. Credit to kuzzcc, Sergey Glazunov,
- PinkiePie and scarybeasts (Google Chrome Security Team).</p>
- <p>[117471] High CVE-2011-3064: Use-after-free in SVG clipping. Credit to Atte Kettunen of OUSPG.</p>
- <p>[117588] High CVE-2011-3065: Memory corruption in Skia. Credit to
- Omair.</p>
- <p>[117794] Medium CVE-2011-3057: Invalid read in v8. Credit to
- Christian Holler.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2011-3057</cvename>
- <cvename>CVE-2011-3058</cvename>
- <cvename>CVE-2011-3059</cvename>
- <cvename>CVE-2011-3060</cvename>
- <cvename>CVE-2011-3061</cvename>
- <cvename>CVE-2011-3062</cvename>
- <cvename>CVE-2011-3063</cvename>
- <cvename>CVE-2011-3064</cvename>
- <cvename>CVE-2011-3065</cvename>
- <url>http://googlechromereleases.blogspot.com/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2012-03-28</discovery>
- <entry>2012-03-28</entry>
- </dates>
- </vuln>
-
<vuln vid="60f81af3-7690-11e1-9423-00235a5f2c9a">
<topic>raptor/raptor2 -- XXE in RDF/XML File Interpretation</topic>
<affects>
@@ -68818,61 +73012,6 @@
</dates>
</vuln>
- <vuln vid="330106da-7406-11e1-a1d7-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>17.0.963.83</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.com/search/label/Stable%20updates">
- <p>[113902] High CVE-2011-3050: Use-after-free with first-letter
- handling. Credit to miaubiz.</p>
- <p>[116162] High CVE-2011-3045: libpng integer issue from upstream.
- Credit to Glenn Randers-Pehrson of the libpng project.</p>
- <p>[116461] High CVE-2011-3051: Use-after-free in CSS cross-fade
- handling. Credit to Arthur Gerkis.</p>
- <p>[116637] High CVE-2011-3052: Memory corruption in WebGL canvas
- handling. Credit to Ben Vanik of Google.</p>
- <p>[116746] High CVE-2011-3053: Use-after-free in block splitting.
- Credit to miaubiz.</p>
- <p>[117418] Low CVE-2011-3054: Apply additional isolations to webui
- privileges. Credit to Sergey Glazunov.</p>
- <p>[117736] Low CVE-2011-3055: Prompt in the browser native UI for
- unpacked extension installation. Credit to PinkiePie.</p>
- <p>[117550] High CVE-2011-3056: Cross-origin violation with "magic
- iframe". Credit to Sergey Glazunov.</p>
- <p>[117794] Medium CVE-2011-3057: Invalid read in v8. Credit to
- Christian Holler.</p>
- <p>[108648] Low CVE-2011-3049: Extension web request API can
- interfere with system requests. Credit to Michael Gundlach.
- Fixed in an earlier release.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2011-3045</cvename>
- <cvename>CVE-2011-3049</cvename>
- <cvename>CVE-2011-3050</cvename>
- <cvename>CVE-2011-3051</cvename>
- <cvename>CVE-2011-3052</cvename>
- <cvename>CVE-2011-3053</cvename>
- <cvename>CVE-2011-3054</cvename>
- <cvename>CVE-2011-3055</cvename>
- <cvename>CVE-2011-3056</cvename>
- <cvename>CVE-2011-3057</cvename>
- <url>http://googlechromereleases.blogspot.com/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2012-03-21</discovery>
- <entry>2012-03-22</entry>
- </dates>
- </vuln>
-
<vuln vid="2e7e9072-73a0-11e1-a883-001cc0a36e12">
<topic>libtasn1 -- ASN.1 length decoding vulnerability</topic>
<affects>
@@ -69168,33 +73307,6 @@
</dates>
</vuln>
- <vuln vid="ab1f515d-6b69-11e1-8288-00262d5ed8ee">
- <topic>chromium -- Errant plug-in load and GPU process memory corruption</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>17.0.963.79</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.com/search/label/Stable%20updates">
- <p>[117620] [117656] Critical CVE-2011-3047: Errant plug-in load and
- GPU process memory corruption. Credit to PinkiePie.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2011-3047</cvename>
- <url>http://googlechromereleases.blogspot.com/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2012-03-10</discovery>
- <entry>2012-03-11</entry>
- </dates>
- </vuln>
-
<vuln vid="9da3834b-6a50-11e1-91af-003067b2972c">
<topic>linux-flashplugin -- multiple vulnerabilities</topic>
<affects>
@@ -69222,33 +73334,6 @@
</dates>
</vuln>
- <vuln vid="1015e1fe-69ce-11e1-8288-00262d5ed8ee">
- <topic>chromium -- cross-site scripting vulnerability</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>17.0.963.78</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.com/search/label/Stable%20updates">
- <p>[117226] [117230] Critical CVE-2011-3046: UXSS and bad history
- navigation. Credit to Sergey Glazunov.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2011-3046</cvename>
- <url>http://googlechromereleases.blogspot.com/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2012-03-08</discovery>
- <entry>2012-03-09</entry>
- </dates>
- </vuln>
-
<vuln vid="9448a82f-6878-11e1-865f-00e0814cab4e">
<topic>jenkins -- XSS vulnerability</topic>
<affects>
@@ -69278,72 +73363,6 @@
</dates>
</vuln>
- <vuln vid="99aef698-66ed-11e1-8288-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>17.0.963.65</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.com/search/label/Stable%20updates">
- <p>[105867] High CVE-2011-3031: Use-after-free in v8 element wrapper.
- Credit to Chamal de Silva.</p>
- <p>[108037] High CVE-2011-3032: Use-after-free in SVG value handling.
- Credit to Arthur Gerkis.</p>
- <p>[108406] [115471] High CVE-2011-3033: Buffer overflow in the Skia
- drawing library. Credit to Aki Helin of OUSPG.</p>
- <p>[111748] High CVE-2011-3034: Use-after-free in SVG document
- handling. Credit to Arthur Gerkis.</p>
- <p>[112212] High CVE-2011-3035: Use-after-free in SVG use handling.
- Credit to Arthur Gerkis.</p>
- <p>[113258] High CVE-2011-3036: Bad cast in line box handling. Credit
- to miaubiz.</p>
- <p>[113439] [114924] [115028] High CVE-2011-3037: Bad casts in
- anonymous block splitting. Credit to miaubiz.</p>
- <p>[113497] High CVE-2011-3038: Use-after-free in multi-column
- handling. Credit to miaubiz.</p>
- <p>[113707] High CVE-2011-3039: Use-after-free in quote handling.
- Credit to miaubiz.</p>
- <p>[114054] High CVE-2011-3040: Out-of-bounds read in text handling.
- Credit to miaubiz.</p>
- <p>[114068] High CVE-2011-3041: Use-after-free in class attribute
- handling. Credit to miaubiz.</p>
- <p>[114219] High CVE-2011-3042: Use-after-free in table section
- handling. Credit to miaubiz.</p>
- <p>[115681] High CVE-2011-3043: Use-after-free in flexbox with floats.
- Credit to miaubiz.</p>
- <p>[116093] High CVE-2011-3044: Use-after-free with SVG animation
- elements. Credit to Arthur Gerkis.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2011-3031</cvename>
- <cvename>CVE-2011-3032</cvename>
- <cvename>CVE-2011-3033</cvename>
- <cvename>CVE-2011-3034</cvename>
- <cvename>CVE-2011-3035</cvename>
- <cvename>CVE-2011-3036</cvename>
- <cvename>CVE-2011-3037</cvename>
- <cvename>CVE-2011-3038</cvename>
- <cvename>CVE-2011-3039</cvename>
- <cvename>CVE-2011-3040</cvename>
- <cvename>CVE-2011-3041</cvename>
- <cvename>CVE-2011-3042</cvename>
- <cvename>CVE-2011-3043</cvename>
- <cvename>CVE-2011-3044</cvename>
- <url>http://googlechromereleases.blogspot.com/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2012-03-04</discovery>
- <entry>2012-03-05</entry>
- </dates>
- </vuln>
-
<vuln vid="eba70db4-6640-11e1-98af-00262d8b701d">
<topic>dropbear -- arbitrary code execution</topic>
<affects>
@@ -69641,71 +73660,6 @@
</dates>
</vuln>
- <vuln vid="2f5ff968-5829-11e1-8288-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>17.0.963.56</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.com/search/label/Stable%20updates">
- <p>[105803] High CVE-2011-3015: Integer overflows in PDF codecs.
- Credit to Google Chrome Security Team (scarybeasts).</p>
- <p>[106336] Medium CVE-2011-3016: Read-after-free with counter nodes.
- Credit to miaubiz.</p>
- <p>[108695] High CVE-2011-3017: Possible use-after-free in database
- handling. Credit to miaubiz.</p>
- <p>[110172] High CVE-2011-3018: Heap overflow in path rendering.
- Credit to Aki Helin of OUSPG.</p>
- <p>[110849] High CVE-2011-3019: Heap buffer overflow in MKV handling.
- Credit to Google Chrome Security Team (scarybeasts) and Mateusz
- Jurczyk of the Google Security Team.</p>
- <p>[111575] Medium CVE-2011-3020: Native client validator error.
- Credit to Nick Bray of the Chromium development community.</p>
- <p>[111779] High CVE-2011-3021: Use-after-free in subframe loading.
- Credit to Arthur Gerkis.</p>
- <p>[112236] Medium CVE-2011-3022: Inappropriate use of http for
- translation script. Credit to Google Chrome Security Team (Jorge
- Obes).</p>
- <p>[112259] Medium CVE-2011-3023: Use-after-free with drag and drop.
- Credit to pa_kt.</p>
- <p>[112451] Low CVE-2011-3024: Browser crash with empty x509
- certificate. Credit to chrometot.</p>
- <p>[112670] Medium CVE-2011-3025: Out-of-bounds read in h.264
- parsing. Credit to Slawomir Blazek.</p>
- <p>[112822] High CVE-2011-3026: Integer overflow / truncation in
- libpng. Credit to Juri Aedla.</p>
- <p>[112847] Medium CVE-2011-3027: Bad cast in column handling.
- Credit to miaubiz.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2011-3015</cvename>
- <cvename>CVE-2011-3016</cvename>
- <cvename>CVE-2011-3017</cvename>
- <cvename>CVE-2011-3018</cvename>
- <cvename>CVE-2011-3019</cvename>
- <cvename>CVE-2011-3020</cvename>
- <cvename>CVE-2011-3021</cvename>
- <cvename>CVE-2011-3022</cvename>
- <cvename>CVE-2011-3023</cvename>
- <cvename>CVE-2011-3024</cvename>
- <cvename>CVE-2011-3025</cvename>
- <cvename>CVE-2011-3026</cvename>
- <cvename>CVE-2011-3027</cvename>
- <url>http://googlechromereleases.blogspot.com/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2012-02-15</discovery>
- <entry>2012-02-15</entry>
- </dates>
- </vuln>
-
<vuln vid="b4f8be9e-56b2-11e1-9fb7-003067b2972c">
<topic>Python -- DoS via malformed XML-RPC / HTTP POST request</topic>
<affects>
@@ -69926,91 +73880,6 @@
</dates>
</vuln>
- <vuln vid="fe1976c2-5317-11e1-9e99-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>17.0.963.46</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.com/search/label/Stable%20updates">
- <p>[73478] Low CVE-2011-3953: Avoid clipboard monitoring after paste
- event. Credit to Daniel Cheng of the Chromium development
- community.</p>
- <p>[92550] Low CVE-2011-3954: Crash with excessive database usage.
- Credit to Collin Payne.</p>
- <p>[93106] High CVE-2011-3955: Crash aborting an IndexDB transaction.
- Credit to David Grogan of the Chromium development community.</p>
- <p>[103630] Low CVE-2011-3956: Incorrect handling of sandboxed origins
- inside extensions. Credit to Devdatta Akhawe, UC Berkeley.</p>
- <p>[104056] High CVE-2011-3957: Use-after-free in PDF garbage
- collection. Credit to Aki Helin of OUSPG.</p>
- <p>[105459] High CVE-2011-3958: Bad casts with column spans. Credit
- to miaubiz.</p>
- <p>[106441] High CVE-2011-3959: Buffer overflow in locale handling.
- Credit to Aki Helin of OUSPG.</p>
- <p>[108416] Medium CVE-2011-3960: Out-of-bounds read in audio
- decoding. Credit to Aki Helin of OUSPG.</p>
- <p>[108871] Critical CVE-2011-3961: Race condition after crash of
- utility process. Credit to Shawn Goertzen.</p>
- <p>[108901] Medium CVE-2011-3962: Out-of-bounds read in path clipping.
- Credit to Aki Helin of OUSPG.</p>
- <p>[109094] Medium CVE-2011-3963: Out-of-bounds read in PDF fax image
- handling. Credit to Atte Kettunen of OUSPG.</p>
- <p>[109245] Low CVE-2011-3964: URL bar confusion after drag + drop.
- Credit to Code Audit Labs of VulnHunt.com.</p>
- <p>[109664] Low CVE-2011-3965: Crash in signature check. Credit to
- Slawomir Blazek.</p>
- <p>[109716] High CVE-2011-3966: Use-after-free in stylesheet error
- handling. Credit to Aki Helin of OUSPG.</p>
- <p>[109717] Low CVE-2011-3967: Crash with unusual certificate. Credit
- to Ben Carrillo.</p>
- <p>[109743] High CVE-2011-3968: Use-after-free in CSS handling.
- Credit to Arthur Gerkis.</p>
- <p>[110112] High CVE-2011-3969: Use-after-free in SVG layout. Credit
- to Arthur Gerkis.</p>
- <p>[110277] Medium CVE-2011-3970: Out-of-bounds read in libxslt.
- Credit to Aki Helin of OUSPG.</p>
- <p>[110374] High CVE-2011-3971: Use-after-free with mousemove events.
- Credit to Arthur Gerkis.</p>
- <p>[110559] Medium CVE-2011-3972: Out-of-bounds read in shader
- translator. Credit to Google Chrome Security Team (Inferno).</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2011-3953</cvename>
- <cvename>CVE-2011-3954</cvename>
- <cvename>CVE-2011-3955</cvename>
- <cvename>CVE-2011-3956</cvename>
- <cvename>CVE-2011-3957</cvename>
- <cvename>CVE-2011-3958</cvename>
- <cvename>CVE-2011-3959</cvename>
- <cvename>CVE-2011-3960</cvename>
- <cvename>CVE-2011-3961</cvename>
- <cvename>CVE-2011-3962</cvename>
- <cvename>CVE-2011-3963</cvename>
- <cvename>CVE-2011-3964</cvename>
- <cvename>CVE-2011-3965</cvename>
- <cvename>CVE-2011-3966</cvename>
- <cvename>CVE-2011-3967</cvename>
- <cvename>CVE-2011-3968</cvename>
- <cvename>CVE-2011-3969</cvename>
- <cvename>CVE-2011-3970</cvename>
- <cvename>CVE-2011-3971</cvename>
- <cvename>CVE-2011-3972</cvename>
- <url>http://googlechromereleases.blogspot.com/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2012-02-08</discovery>
- <entry>2012-02-09</entry>
- </dates>
- </vuln>
-
<vuln vid="10720fe8-51e0-11e1-91c1-00215c6a37bb">
<topic>drupal -- multiple vulnerabilities</topic>
<affects>
@@ -70635,42 +74504,6 @@
</dates>
</vuln>
- <vuln vid="33d73d59-4677-11e1-88cd-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>16.0.912.77</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.com/search/label/Stable%20updates">
- <p>[106484] High CVE-2011-3924: Use-after-free in DOM selections.
- Credit to Arthur Gerkis.</p>
- <p>[108461] High CVE-2011-3928: Use-after-free in DOM handling.
- Credit to wushi of team509 reported through ZDI (ZDI-CAN-1415).</p>
- <p>[108605] High CVE-2011-3927: Uninitialized value in Skia. Credit
- to miaubiz.</p>
- <p>[109556] High CVE-2011-3926: Heap-buffer-overflow in tree builder.
- Credit to Arthur Gerkis.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2011-3924</cvename>
- <cvename>CVE-2011-3926</cvename>
- <cvename>CVE-2011-3927</cvename>
- <cvename>CVE-2011-3928</cvename>
- <url>http://googlechromereleases.blogspot.com/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2012-01-23</discovery>
- <entry>2012-01-24</entry>
- </dates>
- </vuln>
-
<vuln vid="3ebb2dc8-4609-11e1-9f47-00e0815b8da8">
<topic>Wireshark -- Multiple vulnerabilities</topic>
<affects>
@@ -71250,43 +75083,6 @@
</dates>
</vuln>
- <vuln vid="1a1aef8e-3894-11e1-8b5c-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>16.0.912.75</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.com/search/label/Stable%20updates">
- <p>[106672] High CVE-2011-3921: Use-after-free in animation frames.
- Credit to Boris Zbarsky of Mozilla.<br/>
- [107128] High CVE-2011-3919: Heap-buffer-overflow in libxml.
- Credit to Juri Aedla.<br/>
- [108006] High CVE-2011-3922: Stack-buffer-overflow in glyph
- handling. Credit to Google Chrome Security Team (Cris
- Neckar).</p>
- <p>[107182] Critical CVE-2011-3925: Use-after-free in Safe Browsing
- navigation. Credit to Chamal de Silva.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2011-3919</cvename>
- <cvename>CVE-2011-3921</cvename>
- <cvename>CVE-2011-3922</cvename>
- <cvename>CVE-2011-3925</cvename>
- </references>
- <dates>
- <discovery>2012-01-05</discovery>
- <entry>2012-01-06</entry>
- <modified>2012-01-23</modified>
- </dates>
- </vuln>
-
<vuln vid="0c7a3ee2-3654-11e1-b404-20cf30e32f6d">
<topic>bugzilla -- multiple vulnerabilities</topic>
<affects>
@@ -71756,79 +75552,6 @@
</dates>
</vuln>
- <vuln vid="68ac6266-25c3-11e1-b63a-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>16.0.912.63</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.com/search/label/Stable%20updates">
- <p>[81753] Medium CVE-2011-3903: Out-of-bounds read in regex
- matching. Credit to David Holloway of the Chromium development
- community.<br/>
- [95465] Low CVE-2011-3905: Out-of-bounds reads in libxml. Credit to
- Google Chrome Security Team (Inferno).<br/>
- [98809] Medium CVE-2011-3906: Out-of-bounds read in PDF parser.
- Credit to Aki Helin of OUSPG.<br/>
- [99016] High CVE-2011-3907: URL bar spoofing with view-source.
- Credit to Mitja Kolsek of ACROS Security.<br/>
- [100863] Low CVE-2011-3908: Out-of-bounds read in SVG parsing.
- Credit to Aki Helin of OUSPG.<br/>
- [101010] Medium CVE-2011-3909: [64-bit only] Memory corruption in
- CSS property array. Credit to Google Chrome Security Team
- (scarybeasts) and Chu.<br/>
- [101494] Medium CVE-2011-3910: Out-of-bounds read in YUV video
- frame handling. Credit to Google Chrome Security Team (Cris
- Neckar).<br/>
- [101779] Medium CVE-2011-3911: Out-of-bounds read in PDF. Credit to
- Google Chrome Security Team (scarybeasts) and Robert Swiecki of
- the Google Security Team.<br/>
- [102359] High CVE-2011-3912: Use-after-free in SVG filters. Credit
- to Arthur Gerkis.<br/>
- [103921] High CVE-2011-3913: Use-after-free in Range handling.
- Credit to Arthur Gerkis.<br/>
- [104011] High CVE-2011-3914: Out-of-bounds write in v8 i18n
- handling. Credit to Slawomir Blazek.<br/>
- [104529] High CVE-2011-3915: Buffer overflow in PDF font handling.
- Credit to Atte Kettunen of OUSPG.<br/>
- [104959] Medium CVE-2011-3916: Out-of-bounds reads in PDF cross
- references. Credit to Atte Kettunen of OUSPG.<br/>
- [105162] Medium CVE-2011-3917: Stack-buffer-overflow in FileWatcher.
- Credit to Google Chrome Security Team (Marty Barbella).<br/>
- [107258] High CVE-2011-3904: Use-after-free in bidi handling.
- Credit to Google Chrome Security Team (Inferno) and miaubiz.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2011-3903</cvename>
- <cvename>CVE-2011-3904</cvename>
- <cvename>CVE-2011-3905</cvename>
- <cvename>CVE-2011-3906</cvename>
- <cvename>CVE-2011-3907</cvename>
- <cvename>CVE-2011-3908</cvename>
- <cvename>CVE-2011-3909</cvename>
- <cvename>CVE-2011-3910</cvename>
- <cvename>CVE-2011-3911</cvename>
- <cvename>CVE-2011-3912</cvename>
- <cvename>CVE-2011-3913</cvename>
- <cvename>CVE-2011-3914</cvename>
- <cvename>CVE-2011-3915</cvename>
- <cvename>CVE-2011-3916</cvename>
- <cvename>CVE-2011-3917</cvename>
- <url>http://googlechromereleases.blogspot.com/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2011-12-13</discovery>
- <entry>2011-12-13</entry>
- </dates>
- </vuln>
-
<vuln vid="bbd5f486-24f1-11e1-95bc-080027ef73ec">
<topic>PuTTY -- Password vulnerability</topic>
<affects>
@@ -78327,830 +82050,6 @@
</dates>
</vuln>
- <vuln vid="6887828f-0229-11e0-b84d-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>15.0.874.121</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.com/search/label/Stable%20updates">
- <p>Fixed in 15.0.874.121:<br/>
- [103259] High CVE-2011-3900: Out-of-bounds write in v8. Credit to
- Christian Holler.</p>
-
- <p>Fixed in 15.0.874.120:<br/>
- [100465] High CVE-2011-3892: Double free in Theora decoder. Credit
- to Aki Helin of OUSPG.<br/>
- [100492] [100543] Medium CVE-2011-3893: Out of bounds reads in MKV
- and Vorbis media handlers. Credit to Aki Helin of OUSPG.<br/>
- [101172] High CVE-2011-3894: Memory corruption regression in VP8
- decoding. Credit to Andrew Scherkus of the Chromium development
- community.<br/>
- [101458] High CVE-2011-3895: Heap overflow in Vorbis decoder.
- Credit to Aki Helin of OUSPG.<br/>
- [101624] High CVE-2011-3896: Buffer overflow in shader variable
- mapping. Credit to Ken "strcpy" Russell of the Chromium
- development community.<br/>
- [102242] High CVE-2011-3897: Use-after-free in editing. Credit to
- pa_kt reported through ZDI (ZDI-CAN-1416).<br/>
- [102461] Low CVE-2011-3898: Failure to ask for permission to run
- applets in JRE7. Credit to Google Chrome Security Team (Chris
- Evans).</p>
-
- <p>Fixed in 15.0.874.102:<br/>
- [86758] High CVE-2011-2845: URL bar spoof in history handling.
- Credit to Jordi Chancel.<br/>
- [88949] Medium CVE-2011-3875: URL bar spoof with drag+drop of URLs.
- Credit to Jordi Chancel.<br/>
- [90217] Low CVE-2011-3876: Avoid stripping whitespace at the end of
- download filenames. Credit to Marc Novak.<br/>
- [91218] Low CVE-2011-3877: XSS in appcache internals page. Credit
- to Google Chrome Security Team (Tom Sepez) plus independent
- discovery by Juho Nurminen.<br/>
- [94487] Medium CVE-2011-3878: Race condition in worker process
- initialization. Credit to miaubiz.<br/>
- [95374] Low CVE-2011-3879: Avoid redirect to chrome scheme URIs.
- Credit to Masato Kinugawa.<br/>
- [95992] Low CVE-2011-3880: Don't permit as a HTTP header delimiter.
- Credit to Vladimir Vorontsov, ONsec company.<br/>
- [96047] [96885] [98053] [99512] [99750] High CVE-2011-3881:
- Cross-origin policy violations. Credit to Sergey Glazunov.<br/>
- [96292] High CVE-2011-3882: Use-after-free in media buffer handling.
- Credit to Google Chrome Security Team (Inferno).<br/>
- [96902] High CVE-2011-3883: Use-after-free in counter handling.
- Credit to miaubiz.<br/>
- [97148] High CVE-2011-3884: Timing issues in DOM traversal. Credit
- to Brian Ryner of the Chromium development community.<br/>
- [97599] [98064] [98556] [99294] [99880] [100059] High CVE-2011-3885:
- Stale style bugs leading to use-after-free. Credit to
- miaubiz.<br/>
- [98773] [99167] High CVE-2011-3886: Out of bounds writes in v8.
- Credit to Christian Holler.<br/>
- [98407] Medium CVE-2011-3887: Cookie theft with javascript URIs.
- Credit to Sergey Glazunov.<br/>
- [99138] High CVE-2011-3888: Use-after-free with plug-in and editing.
- Credit to miaubiz.<br/>
- [99211] High CVE-2011-3889: Heap overflow in Web Audio. Credit to
- miaubiz.<br/>
- [99553] High CVE-2011-3890: Use-after-free in video source handling.
- Credit to Ami Fischman of the Chromium development community.<br/>
- [100332] High CVE-2011-3891: Exposure of internal v8 functions.
- Credit to Steven Keuchel of the Chromium development community
- plus independent discovery by Daniel Divricean.</p>
-
- <p>Fixed in 14.0.835.202:<br/>
- [93788] High CVE-2011-2876: Use-after-free in text line box
- handling. Credit to miaubiz.<br/>
- [95072] High CVE-2011-2877: Stale font in SVG text handling. Credit
- to miaubiz.<br/>
- [95671] High CVE-2011-2878: Inappropriate cross-origin access to the
- window prototype. Credit to Sergey Glazunov.<br/>
- [96150] High CVE-2011-2879: Lifetime and threading issues in audio
- node handling. Credit to Google Chrome Security Team
- (Inferno).<br/>
- [97451] [97520] [97615] High CVE-2011-2880: Use-after-free in the v8
- bindings. Credit to Sergey Glazunov.<br/>
- [97784] High CVE-2011-2881: Memory corruption with v8 hidden
- objects. Credit to Sergey Glazunov.<br/>
- [98089] Critical CVE-2011-3873: Memory corruption in shader
- translator. Credit to Zhenyao Mo of the Chromium development
- community.</p>
-
- <p>Fixed in 14.0.835.163:<br/>
- [49377] High CVE-2011-2835: Race condition in the certificate cache. Credit to Ryan Sleevi of the Chromium development community.<br/>
- [51464] Low CVE-2011-2836: Infobar the Windows Media Player plug-in
- to avoid click-free access to the system Flash. Credit to
- electronixtar.<br/>
- [Linux only] [57908] Low CVE-2011-2837: Use PIC / pie compiler
- flags. Credit to wbrana.<br/>
- [75070] Low CVE-2011-2838: Treat MIME type more authoritatively when
- loading plug-ins. Credit to Michal Zalewski of the Google Security
- Team.<br/>
- [76771] High CVE-2011-2839: Crash in v8 script object wrappers.
- Credit to Kostya Serebryany of the Chromium development
- community.<br/>
- [78427] [83031] Low CVE-2011-2840: Possible URL bar spoofs with
- unusual user interaction. Credit to kuzzcc.<br/>
- [78639] High CVE-2011-2841: Garbage collection error in PDF. Credit
- to Mario Gomes.<br/>
- [82438] Medium CVE-2011-2843: Out-of-bounds read with media buffers.
- Credit to Kostya Serebryany of the Chromium development
- community.<br/>
- [85041] Medium CVE-2011-2844: Out-of-bounds read with mp3 files.
- Credit to Mario Gomes.<br/>
- [89219] High CVE-2011-2846: Use-after-free in unload event handling.
- Credit to Arthur Gerkis.<br/>
- [89330] High CVE-2011-2847: Use-after-free in document loader.
- Credit to miaubiz.<br/>
- [89564] Medium CVE-2011-2848: URL bar spoof with forward button.
- Credit to Jordi Chancel.<br/>
- [89795] Low CVE-2011-2849: Browser NULL pointer crash with
- WebSockets. Credit to Arthur Gerkis.<br/>
- [89991] Medium CVE-2011-3234: Out-of-bounds read in box handling.
- Credit to miaubiz.<br/>
- [90134] Medium CVE-2011-2850: Out-of-bounds read with Khmer
- characters. Credit to miaubiz.<br/>
- [90173] Medium CVE-2011-2851: Out-of-bounds read in video handling.
- Credit to Google Chrome Security Team (Inferno).<br/>
- [91120] High CVE-2011-2852: Off-by-one in v8. Credit to Christian
- Holler.<br/>
- [91197] High CVE-2011-2853: Use-after-free in plug-in handling.
- Credit to Google Chrome Security Team (SkyLined).<br/>
- [92651] [94800] High CVE-2011-2854: Use-after-free in ruby / table
- style handing. Credit to Slawomir Blazek, and independent later
- discoveries by miaubiz and Google Chrome Security Team
- (Inferno).<br/>
- [92959] High CVE-2011-2855: Stale node in stylesheet handling.
- Credit to Arthur Gerkis.<br/>
- [93416] High CVE-2011-2856: Cross-origin bypass in v8. Credit to
- Daniel Divricean.<br/>
- [93420] High CVE-2011-2857: Use-after-free in focus controller.
- Credit to miaubiz.<br/>
- [93472] High CVE-2011-2834: Double free in libxml XPath handling.
- Credit to Yang Dingning from NCNIPC, Graduate University of
- Chinese Academy of Sciences.<br/>
- [93497] Medium CVE-2011-2859: Incorrect permissions assigned to
- non-gallery pages. Credit to Bernhard "Bruhns" Brehm of Recurity
- Labs.<br/>
- [93587] High CVE-2011-2860: Use-after-free in table style handling.
- Credit to miaubiz.<br/>
- [93596] Medium CVE-2011-2861: Bad string read in PDF. Credit to Aki
- Helin of OUSPG.<br/>
- [93906] High CVE-2011-2862: Unintended access to v8 built-in
- objects. Credit to Sergey Glazunov.<br/>
- [95563] Medium CVE-2011-2864: Out-of-bounds read with Tibetan
- characters. Credit to Google Chrome Security Team (Inferno).<br/>
- [95625] Medium CVE-2011-2858: Out-of-bounds read with triangle
- arrays. Credit to Google Chrome Security Team (Inferno).<br/>
- [95917] Low CVE-2011-2874: Failure to pin a self-signed cert for a
- session. Credit to Nishant Yadant of VMware and Craig Chamberlain
- (@randomuserid).<br/>
- High CVE-2011-2875: Type confusion in v8 object sealing. Credit to
- Christian Holler.</p>
-
- <p>Fixed in 13.0.782.215:<br/>
- [89402] High CVE-2011-2821: Double free in libxml XPath handling.
- Credit to Yang Dingning from NCNIPC, Graduate University of
- Chinese Academy of Sciences.<br/>
- [82552] High CVE-2011-2823: Use-after-free in line box handling.
- Credit to Google Chrome Security Team (SkyLined) and independent
- later discovery by miaubiz.<br/>
- [88216] High CVE-2011-2824: Use-after-free with counter nodes.
- Credit to miaubiz.<br/>
- [88670] High CVE-2011-2825: Use-after-free with custom fonts. Credit
- to wushi of team509 reported through ZDI (ZDI-CAN-1283), plus
- indepdendent later discovery by miaubiz.<br/>
- [87453] High CVE-2011-2826: Cross-origin violation with empty
- origins. Credit to Sergey Glazunov.<br/>
- [90668] High CVE-2011-2827: Use-after-free in text searching. Credit
- to miaubiz.<br/>
- [91517] High CVE-2011-2828: Out-of-bounds write in v8. Credit to
- Google Chrome Security Team (SkyLined).<br/>
- [32-bit only] [91598] High CVE-2011-2829: Integer overflow in
- uniform arrays. Credit to Sergey Glazunov.<br/>
- [Linux only] [91665] High CVE-2011-2839: Buggy memset() in PDF.
- Credit to Aki Helin of OUSPG.</p>
-
- <p>Fixed in 13.0.782.107:<br/>
- [75821] Medium CVE-2011-2358: Always confirm an extension install
- via a browser dialog. Credit to Sergey Glazunov.<br/>
- [78841] High CVE-2011-2359: Stale pointer due to bad line box
- tracking in rendering. Credit to miaubiz and Martin Barbella.<br/>
- [79266] Low CVE-2011-2360: Potential bypass of dangerous file
- prompt. Credit to kuzzcc.<br/>
- [79426] Low CVE-2011-2361: Improve designation of strings in the
- basic auth dialog. Credit to kuzzcc.<br/>
- [Linux only] [81307] Medium CVE-2011-2782: File permissions error
- with drag and drop. Credit to Evan Martin of the Chromium
- development community.<br/>
- [83273] Medium CVE-2011-2783: Always confirm a developer mode NPAPI
- extension install via a browser dialog. Credit to Sergey
- Glazunov.<br/>
- [83841] Low CVE-2011-2784: Local file path disclosure via GL
- program log. Credit to kuzzcc.<br/>
- [84402] Low CVE-2011-2785: Sanitize the homepage URL in extensions.
- Credit to kuzzcc.<br/>
- [84600] Low CVE-2011-2786: Make sure the speech input bubble is
- always on-screen. Credit to Olli Pettay of Mozilla.<br/>
- [84805] Medium CVE-2011-2787: Browser crash due to GPU lock
- re-entrancy issue. Credit to kuzzcc.<br/>
- [85559] Low CVE-2011-2788: Buffer overflow in inspector
- serialization. Credit to Mikolaj Malecki.<br/>
- [85808] Medium CVE-2011-2789: Use after free in Pepper plug-in
- instantiation. Credit to Mario Gomes and kuzzcc.<br/>
- [86502] High CVE-2011-2790: Use-after-free with floating styles.
- Credit to miaubiz.<br/>
- [86900] High CVE-2011-2791: Out-of-bounds write in ICU. Credit to
- Yang Dingning from NCNIPC, Graduate University of Chinese Academy
- of Sciences.<br/>
- [87148] High CVE-2011-2792: Use-after-free with float removal.
- Credit to miaubiz.<br/>
- [87227] High CVE-2011-2793: Use-after-free in media selectors.
- Credit to miaubiz.<br/>
- [87298] Medium CVE-2011-2794: Out-of-bounds read in text iteration.
- Credit to miaubiz.<br/>
- [87339] Medium CVE-2011-2795: Cross-frame function leak. Credit to
- Shih Wei-Long.<br/>
- [87548] High CVE-2011-2796: Use-after-free in Skia. Credit to Google
- Chrome Security Team (Inferno) and Kostya Serebryany of the
- Chromium development community.<br/>
- [87729] High CVE-2011-2797: Use-after-free in resource caching.
- Credit to miaubiz.<br/>
- [87815] Low CVE-2011-2798: Prevent a couple of internal schemes from
- being web accessible. Credit to sirdarckcat of the Google Security
- Team.<br/>
- [87925] High CVE-2011-2799: Use-after-free in HTML range handling.
- Credit to miaubiz.<br/>
- [88337] Medium CVE-2011-2800: Leak of client-side redirect target.
- Credit to Juho Nurminen.<br/>
- [88591] High CVE-2011-2802: v8 crash with const lookups. Credit to
- Christian Holler.<br/>
- [88827] Medium CVE-2011-2803: Out-of-bounds read in Skia paths.
- Credit to Google Chrome Security Team (Inferno).<br/>
- [88846] High CVE-2011-2801: Use-after-free in frame loader. Credit
- to miaubiz.<br/>
- [88889] High CVE-2011-2818: Use-after-free in display box rendering.
- Credit to Martin Barbella.<br/>
- [89142] High CVE-2011-2804: PDF crash with nested functions. Credit
- to Aki Helin of OUSPG.<br/>
- [89520] High CVE-2011-2805: Cross-origin script injection. Credit to
- Sergey Glazunov.<br/>
- [90222] High CVE-2011-2819: Cross-origin violation in base URI
- handling. Credit to Sergey Glazunov.</p>
-
- <p>Fixed in 12.0.742.112:<br/>
- [77493] Medium CVE-2011-2345: Out-of-bounds read in NPAPI string
- handling. Credit to Philippe Arteau.<br/>
- [84355] High CVE-2011-2346: Use-after-free in SVG font handling.
- Credit to miaubiz.<br/>
- [85003] High CVE-2011-2347: Memory corruption in CSS parsing. Credit
- to miaubiz.<br/>
- [85102] High CVE-2011-2350: Lifetime and re-entrancy issues in the
- HTML parser. Credit to miaubiz.<br/>
- [85177] High CVE-2011-2348: Bad bounds check in v8. Credit to Aki
- Helin of OUSPG.<br/>
- [85211] High CVE-2011-2351: Use-after-free with SVG use element.
- Credit to miaubiz.<br/>
- [85418] High CVE-2011-2349: Use-after-free in text selection. Credit
- to miaubiz.</p>
-
- <p>Fixed in 12.0.742.91:<br/>
- [73962] [79746] High CVE-2011-1808: Use-after-free due to integer
- issues in float handling. Credit to miaubiz.<br/>
- [75496] Medium CVE-2011-1809: Use-after-free in accessibility
- support. Credit to Google Chrome Security Team (SkyLined).<br/>
- [75643] Low CVE-2011-1810: Visit history information leak in CSS.
- Credit to Jesse Mohrland of Microsoft and Microsoft Vulnerability
- Research (MSVR).<br/>
- [76034] Low CVE-2011-1811: Browser crash with lots of form
- submissions. Credit to "DimitrisV22".<br/>
- [77026] Medium CVE-2011-1812: Extensions permission bypass. Credit
- to kuzzcc.<br/>
- [78516] High CVE-2011-1813: Stale pointer in extension framework.
- Credit to Google Chrome Security Team (Inferno).<br/>
- [79362] Medium CVE-2011-1814: Read from uninitialized pointer.
- Credit to Eric Roman of the Chromium development community.<br/>
- [79862] Low CVE-2011-1815: Extension script injection into new tab
- page. Credit to kuzzcc.<br/>
- [80358] Medium CVE-2011-1816: Use-after-free in developer tools.
- Credit to kuzzcc.<br/>
- [81916] Medium CVE-2011-1817: Browser memory corruption in history
- deletion. Credit to Collin Payne.<br/>
- [81949] High CVE-2011-1818: Use-after-free in image loader. Credit
- to miaubiz.<br/>
- [83010] Medium CVE-2011-1819: Extension injection into chrome://
- pages. Credit to Vladislavas Jarmalis, plus subsequent
- independent discovery by Sergey Glazunov.<br/>
- [83275] High CVE-2011-2332: Same origin bypass in v8. Credit to
- Sergey Glazunov.<br/>
- [83743] High CVE-2011-2342: Same origin bypass in DOM. Credit to
- Sergey Glazunov.</p>
-
- <p>Fixed in 11.0.696.71:<br/>
- [72189] Low CVE-2011-1801: Pop-up blocker bypass. Credit to Chamal
- De Silva.<br/>
- [82546] High CVE-2011-1804: Stale pointer in floats rendering.
- Credit to Martin Barbella.<br/>
- [82873] Critical CVE-2011-1806: Memory corruption in GPU command
- buffer. Credit to Google Chrome Security Team (Cris Neckar).<br/>
- [82903] Critical CVE-2011-1807: Out-of-bounds write in blob
- handling. Credit to Google Chrome Security Team (Inferno) and
- Kostya Serebryany of the Chromium development community.</p>
-
- <p>Fixed in 11.0.696.68:<br/>
- [64046] High CVE-2011-1799: Bad casts in Chromium WebKit glue.
- Credit to Google Chrome Security Team (SkyLined).<br/>
- [80608] High CVE-2011-1800: Integer overflows in SVG filters.
- Credit to Google Chrome Security Team (Cris Neckar).</p>
-
- <p>Fixed in 11.0.696.57:<br/>
- [61502] High CVE-2011-1303: Stale pointer in floating object
- handling. Credit to Scott Hess of the Chromium development
- community and Martin Barbella.<br/>
- [70538] Low CVE-2011-1304: Pop-up block bypass via plug-ins. Credit
- to Chamal De Silva.<br/>
- [Linux / Mac only] [70589] Medium CVE-2011-1305: Linked-list race
- in database handling. Credit to Kostya Serebryany of the
- Chromium development community.<br/>
- [71586] Medium CVE-2011-1434: Lack of thread safety in MIME
- handling. Credit to Aki Helin.<br/>
- [72523] Medium CVE-2011-1435: Bad extension with "tabs" permission
- can capture local files. Credit to Cole Snodgrass.<br/>
- [Linux only] [72910] Low CVE-2011-1436: Possible browser crash due
- to bad interaction with X. Credit to miaubiz.<br/>
- [73526] High CVE-2011-1437: Integer overflows in float rendering.
- Credit to miaubiz.<br/>
- [74653] High CVE-2011-1438: Same origin policy violation with
- blobs. Credit to kuzzcc.<br/>
- [Linux only] [74763] High CVE-2011-1439: Prevent interference
- between renderer processes. Credit to Julien Tinnes of the
- Google Security Team.<br/>
- [75186] High CVE-2011-1440: Use-after-free with <ruby> tag
- and CSS. Credit to Jose A. Vazquez.<br/>
- [75347] High CVE-2011-1441: Bad cast with floating select lists.
- Credit to Michael Griffiths.<br/>
- [75801] High CVE-2011-1442: Corrupt node trees with mutation events.
- Credit to Sergey Glazunov and wushi of team 509.<br/>
- [76001] High CVE-2011-1443: Stale pointers in layering code. Credit
- to Martin Barbella.<br/>
- [Linux only] [76542] High CVE-2011-1444: Race condition in sandbox
- launcher. Credit to Dan Rosenberg.<br/>
- Medium CVE-2011-1445: Out-of-bounds read in SVG. Credit to wushi of
- team509.<br/>
- [76666] [77507] [78031] High CVE-2011-1446: Possible URL bar spoofs
- with navigation errors and interrupted loads. Credit to
- kuzzcc.<br/>
- [76966] High CVE-2011-1447: Stale pointer in drop-down list
- handling. Credit to miaubiz.<br/>
- [77130] High CVE-2011-1448: Stale pointer in height calculations.
- Credit to wushi of team509.<br/>
- [77346] High CVE-2011-1449: Use-after-free in WebSockets. Credit to
- Marek Majkowski.<br/>
- Low CVE-2011-1450: Dangling pointers in file dialogs. Credit to
- kuzzcc.<br/>
- [77463] High CVE-2011-1451: Dangling pointers in DOM id map. Credit
- to Sergey Glazunov.<br/>
- [77786] Medium CVE-2011-1452: URL bar spoof with redirect and manual
- reload. Credit to Jordi Chancel.<br/>
- [79199] High CVE-2011-1454: Use-after-free in DOM id handling.
- Credit to Sergey Glazunov.<br/>
- [79361] Medium CVE-2011-1455: Out-of-bounds read with
- multipart-encoded PDF. Credit to Eric Roman of the Chromium
- development community.<br/>
- [79364] High CVE-2011-1456: Stale pointers with PDF forms. Credit to
- Eric Roman of the Chromium development community.</p>
-
- <p>Fixed in 10.0.648.205:<br/>
- [75629] Critical CVE-2011-1301: Use-after-free in the GPU process.
- Credit to Google Chrome Security Team (Inferno).<br/>
- [78524] Critical CVE-2011-1302: Heap overflow in the GPU process.
- Credit to Christoph Diehl.</p>
-
- <p>Fixed in 10.0.648.204:<br/>
- [72517] High CVE-2011-1291: Buffer error in base string handling.
- Credit to Alex Turpin.<br/>
- [73216] High CVE-2011-1292: Use-after-free in the frame loader.
- Credit to Slawomir Blazek.<br/>
- [73595] High CVE-2011-1293: Use-after-free in HTMLCollection.
- Credit to Sergey Glazunov.<br/>
- [74562] High CVE-2011-1294: Stale pointer in CSS handling.
- Credit to Sergey Glazunov.<br/>
- [74991] High CVE-2011-1295: DOM tree corruption with broken node
- parentage. Credit to Sergey Glazunov.<br/>
- [75170] High CVE-2011-1296: Stale pointer in SVG text handling.
- Credit to Sergey Glazunov.</p>
-
- <p>Fixed in 10.0.648.133:<br/>
- [75712] High Memory corruption in style handling.
- Credit to Vincenzo Iozzo, Ralf Philipp Weinmann and Willem
- Pinckaers reported through ZDI.</p>
-
- <p>Fixed in 10.0.648.127:<br/>
- [42765] Low Possible to navigate or close the top location in a
- sandboxed frame. Credit to sirdarckcat of the Google Security
- Team.<br/>
- [Linux only] [49747] Low Work around an X server bug and crash with
- long messages. Credit to Louis Lang.<br/>
- [Linux only] [66962] Low Possible browser crash with parallel
- print()s. Credit to Aki Helin of OUSPG.<br/>
- [69187] Medium Cross-origin error message leak. Credit to Daniel
- Divricean.<br/>
- [69628] High Memory corruption with counter nodes. Credit to Martin
- Barbella.<br/>
- [70027] High Stale node in box layout. Credit to Martin
- Barbella.<br/>
- [70336] Medium Cross-origin error message leak with workers. Credit
- to Daniel Divricean.<br/>
- [70442] High Use after free with DOM URL handling. Credit to Sergey
- Glazunov.<br/>
- [Linux only] [70779] Medium Out of bounds read handling unicode
- ranges. Credit to miaubiz.<br/>
- [70877] High Same origin policy bypass in v8. Credit to Daniel
- Divricean.<br/>
- [70885] [71167] Low Pop-up blocker bypasses. Credit to Chamal de
- Silva.<br/>
- [71763] High Use-after-free in document script lifetime handling.
- Credit to miaubiz.<br/>
- [71788] High Out-of-bounds write in the OGG container. Credit to
- Google Chrome Security Team (SkyLined); plus subsequent
- independent discovery by David Weston of Microsoft and MSVR.<br/>
- [72028] High Stale pointer in table painting. Credit to Martin
- Barbella.<br/>
- [73026] High Use of corrupt out-of-bounds structure in video code.
- Credit to Tavis Ormandy of the Google Security Team.<br/>
- [73066] High Crash with the DataView object. Credit to Sergey
- Glazunov.<br/>
- [73134] High Bad cast in text rendering. Credit to miaubiz.<br/>
- [73196] High Stale pointer in WebKit context code. Credit to Sergey
- Glazunov.<br/>
- [73716] Low Leak of heap address in XSLT. Credit to Google Chrome
- Security Team (Chris Evans).<br/>
- [73746] High Stale pointer with SVG cursors. Credit to Sergey
- Glazunov.<br/>
- [74030] High DOM tree corruption with attribute handling. Credit to
- Sergey Glazunov.<br/>
- [74662] High Corruption via re-entrancy of RegExp code. Credit to
- Christian Holler.<br/>
- [74675] High Invalid memory access in v8. Credit to Christian
- Holler.</p>
-
- <p>Fixed in 9.0.597.107:<br/>
- [54262] High URL bar spoof. Credit to Jordi Chancel.<br/>
- [63732] High Crash with javascript dialogs. Credit to Sergey
- Radchenko.<br/>
- [68263] High Stylesheet node stale pointer. Credit to Sergey
- Glazunov.<br/>
- [68741] High Stale pointer with key frame rule. Credit to Sergey
- Glazunov.<br/>
- [70078] High Crash with forms controls. Credit to Stefan van
- Zanden.<br/>
- [70244] High Crash in SVG rendering. Credit to Slawomir Blazek.<br/>
- [64-bit Linux only] [70376] Medium Out-of-bounds read in pickle
- deserialization. Credit to Evgeniy Stepanov of the Chromium
- development community.<br/>
- [71114] High Stale node in table handling. Credit to Martin
- Barbella.<br/>
- [71115] High Stale pointer in table rendering. Credit to Martin
- Barbella.<br/>
- [71296] High Stale pointer in SVG animations. Credit to
- miaubiz.<br/>
- [71386] High Stale nodes in XHTML. Credit to wushi of team509.<br/>
- [71388] High Crash in textarea handling. Credit to wushi of
- team509.<br/>
- [71595] High Stale pointer in device orientation. Credit to Sergey
- Glazunov.<br/>
- [71717] Medium Out-of-bounds read in WebGL. Credit to miaubiz.<br/>
- [71855] High Integer overflow in textarea handling. Credit to
- miaubiz.<br/>
- [71960] Medium Out-of-bounds read in WebGL. Credit to Google Chrome
- Security Team (Inferno).<br/>
- [72214] High Accidental exposure of internal extension functions.
- Credit to Tavis Ormandy of the Google Security Team.<br/>
- [72437] High Use-after-free with blocked plug-ins. Credit to Chamal
- de Silva.<br/>
- [73235] High Stale pointer in layout. Credit to Martin Barbella.</p>
-
- <p>Fixed in 9.0.597.94:<br/>
- [67234] High Stale pointer in animation event handling. Credit to
- Rik Cabanier.<br/>
- [68120] High Use-after-free in SVG font faces. Credit to
- miaubiz.<br/>
- [69556] High Stale pointer with anonymous block handling. Credit to
- Martin Barbella.<br/>
- [69970] Medium Out-of-bounds read in plug-in handling. Credit to
- Bill Budge of Google.<br/>
- [70456] Medium Possible failure to terminate process on
- out-of-memory condition. Credit to David Warren of CERT/CC.</p>
-
- <p>Fixed in 9.0.597.84:<br/>
- [Mac only] [42989] Low Minor sandbox leak via stat(). Credit to
- Daniel Cheng of the Chromium development community.<br/>
- [55831] High Use-after-free in image loading. Credit to Aki
- Helin of OUSPG.<br/>
- [59081] Low Apply some restrictions to cross-origin drag + drop.
- Credit to Google Chrome Security Team (SkyLined) and the Google
- Security Team (Michal Zalewski, David Bloom).<br/>
- [62791] Low Browser crash with extension with missing key. Credit
- to Brian Kirchoff.<br/>
- [64051] High Crashing when printing in PDF event handler. Credit to
- Aki Helin of OUSPG.<br/>
- [65669] Low Handle merging of autofill profiles more gracefully.
- Credit to Google Chrome Security Team (Inferno).<br/>
- [Mac only] [66931] Low Work around a crash in the Mac OS 10.5 SSL
- libraries. Credit to Dan Morrison.<br/>
- [68244] Low Browser crash with bad volume setting. Credit to
- Matthew Heidermann.<br/>
- [69195] Critical Race condition in audio handling. Credit to the
- gamers of Reddit!</p>
-
- <p>Fixed in 8.0.552.237:<br/>
- [58053] Medium Browser crash in extensions notification handling.
- Credit to Eric Roman of the Chromium development community.<br/>
- [65764] High Bad pointer handling in node iteration. Credit to
- Sergey Glazunov.<br/>
- [66334] High Crashes when printing multi-page PDFs. Credit to
- Google Chrome Security Team (Chris Evans).<br/>
- [66560] High Stale pointer with CSS + canvas. Credit to Sergey
- Glazunov.<br/>
- [66748] High Stale pointer with CSS + cursors. Credit to Jan
- Tosovsk.<br/>
- [67100] High Use after free in PDF page handling. Credit to Google
- Chrome Security Team (Chris Evans).<br/>
- [67208] High Stack corruption after PDF out-of-memory condition.
- Credit to Jared Allar of CERT.<br/>
- [67303] High Bad memory access with mismatched video frame sizes.
- Credit to Aki Helin of OUSPG; plus independent discovery by
- Google Chrome Security Team (SkyLined) and David Warren of
- CERT.<br/>
- [67363] High Stale pointer with SVG use element. Credited
- anonymously; plus indepdent discovery by miaubiz.<br/>
- [67393] Medium Uninitialized pointer in the browser triggered by
- rogue extension. Credit to kuzzcc.<br/>
- [68115] High Vorbis decoder buffer overflows. Credit to David
- Warren of CERT.<br/>
- [68170] High Buffer overflow in PDF shading. Credit to Aki Helin of
- OUSPG.<br/>
- [68178] High Bad cast in anchor handling. Credit to Sergey
- Glazunov.<br/>
- [68181] High Bad cast in video handling. Credit to Sergey
- Glazunov.<br/>
- [68439] High Stale rendering node after DOM node removal. Credit to
- Martin Barbella; plus independent discovery by Google Chrome
- Security Team (SkyLined).<br/>
- [68666] Critical Stale pointer in speech handling. Credit to Sergey
- Glazunov.</p>
-
- <p>Fixed in 8.0.552.224:<br/>
- [64-bit Linux only] [56449] High Bad validation for message
- deserialization on 64-bit builds. Credit to Lei Zhang of the
- Chromium development community.<br/>
- [60761] Medium Bad extension can cause browser crash in tab
- handling. Credit to kuzzcc.<br/>
- [63529] Low Browser crash with NULL pointer in web worker handling.
- Credit to Nathan Weizenbaum of Google.<br/>
- [63866] Medium Out-of-bounds read in CSS parsing. Credit to Chris
- Rohlf.<br/>
- [64959] High Stale pointers in cursor handling. Credit to Slawomir
- Blazek and Sergey Glazunov.</p>
-
- <p>Fixed in 8.0.552.215:<br/>
- [17655] Low Possible pop-up blocker bypass. Credit to Google Chrome
- Security Team (SkyLined).<br/>
- [55745] Medium Cross-origin video theft with canvas. Credit to
- Nirankush Panchbhai and Microsoft Vulnerability Research
- (MSVR).<br/>
- [56237] Low Browser crash with HTML5 databases. Credit to Google
- Chrome Security Team (Inferno).<br/>
- [58319] Low Prevent excessive file dialogs, possibly leading to
- browser crash. Credit to Cezary Tomczak (gosu.pl).<br/>
- [59554] High Use after free in history handling. Credit to Stefan
- Troger.<br/>
- [Linux / Mac] [59817] Medium Make sure the "dangerous file types"
- list is uptodate with the Windows platforms. Credit to Billy Rios
- of the Google Security Team.<br/>
- [61701] Low Browser crash with HTTP proxy authentication. Credit to
- Mohammed Bouhlel.<br/>
- [61653] Medium Out-of-bounds read regression in WebM video support.
- Credit to Google Chrome Security Team (Chris Evans), based on
- earlier testcases from Mozilla and Microsoft (MSVR).<br/>
- [62127] High Crash due to bad indexing with malformed video. Credit
- to miaubiz.<br/>
- [62168] Medium Possible browser memory corruption via malicious
- privileged extension. Credit to kuzzcc.<br/>
- [62401] High Use after free with SVG animations. Credit to Slawomir
- Blazek.<br/>
- [63051] Medium Use after free in mouse dragging event handling.
- Credit to kuzzcc.<br/>
- [63444] High Double free in XPath handling. Credit to Yang Dingning
- from NCNIPC, Graduate University of Chinese Academy of Sciences.</p>
-
- <p>Fixed in 7.0.517.44:<br/>
- [51602] High Use-after-free in text editing. Credit to David Bloom
- of the Google Security Team, Google Chrome Security Team (Inferno)
- and Google Chrome Security Team (Cris Neckar).<br/>
- [55257] High Memory corruption with enormous text area. Credit to
- wushi of team509.<br/>
- [58657] High Bad cast with the SVG use element. Credit to the
- kuzzcc.<br/>
- [58731] High Invalid memory read in XPath handling. Credit to Bui
- Quang Minh from Bkis (www.bkis.com).<br/>
- [58741] High Use-after-free in text control selections. Credit to
- "vkouchna".<br/>
- [Linux only] [59320] High Integer overflows in font handling. Credit
- to Aki Helin of OUSPG.<br/>
- [60055] High Memory corruption in libvpx. Credit to Christoph
- Diehl.<br/>
- [60238] High Bad use of destroyed frame object. Credit to various
- developers, including "gundlach".<br/>
- [60327] [60769] [61255] High Type confusions with event objects.
- Credit to "fam.lam" and Google Chrome Security Team
- (Inferno).<br/>
- [60688] High Out-of-bounds array access in SVG handling. Credit to
- wushi of team509.</p>
-
- <p>Fixed in 7.0.517.43:<br/>
- [48225] [51727] Medium Possible autofill / autocomplete profile
- spamming. Credit to Google Chrome Security Team (Inferno).<br/>
- [48857] High Crash with forms. Credit to the Chromium development
- community.<br/>
- [50428] Critical Browser crash with form autofill. Credit to the
- Chromium development community.<br/>
- [51680] High Possible URL spoofing on page unload. Credit to kuzzcc;
- plus independent discovery by Jordi Chancel.<br/>
- [53002] Low Pop-up block bypass. Credit to kuzzcc.<br/>
- [53985] Medium Crash on shutdown with Web Sockets. Credit to the
- Chromium development community.<br/>
- [Linux only] [54132] Low Bad construction of PATH variable. Credit
- to Dan Rosenberg, Virtual Security Research.<br/>
- [54500] High Possible memory corruption with animated GIF. Credit to
- Simon Schaak.<br/>
- [Linux only] [54794] High Failure to sandbox worker processes on
- Linux. Credit to Google Chrome Security Team (Chris Evans).<br/>
- [56451] High Stale elements in an element map. Credit to Michal
- Zalewski of the Google Security Team.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <url>http://googlechromereleases.blogspot.com/search/label/Stable%20updates</url>
- <cvename>CVE-2011-1290</cvename>
- <cvename>CVE-2011-1291</cvename>
- <cvename>CVE-2011-1292</cvename>
- <cvename>CVE-2011-1293</cvename>
- <cvename>CVE-2011-1294</cvename>
- <cvename>CVE-2011-1295</cvename>
- <cvename>CVE-2011-1296</cvename>
- <cvename>CVE-2011-1301</cvename>
- <cvename>CVE-2011-1302</cvename>
- <cvename>CVE-2011-1303</cvename>
- <cvename>CVE-2011-1304</cvename>
- <cvename>CVE-2011-1305</cvename>
- <cvename>CVE-2011-1434</cvename>
- <cvename>CVE-2011-1435</cvename>
- <cvename>CVE-2011-1436</cvename>
- <cvename>CVE-2011-1437</cvename>
- <cvename>CVE-2011-1438</cvename>
- <cvename>CVE-2011-1439</cvename>
- <cvename>CVE-2011-1440</cvename>
- <cvename>CVE-2011-1441</cvename>
- <cvename>CVE-2011-1442</cvename>
- <cvename>CVE-2011-1443</cvename>
- <cvename>CVE-2011-1444</cvename>
- <cvename>CVE-2011-1445</cvename>
- <cvename>CVE-2011-1446</cvename>
- <cvename>CVE-2011-1447</cvename>
- <cvename>CVE-2011-1448</cvename>
- <cvename>CVE-2011-1449</cvename>
- <cvename>CVE-2011-1450</cvename>
- <cvename>CVE-2011-1451</cvename>
- <cvename>CVE-2011-1452</cvename>
- <cvename>CVE-2011-1454</cvename>
- <cvename>CVE-2011-1455</cvename>
- <cvename>CVE-2011-1456</cvename>
- <cvename>CVE-2011-1799</cvename>
- <cvename>CVE-2011-1800</cvename>
- <cvename>CVE-2011-1801</cvename>
- <cvename>CVE-2011-1804</cvename>
- <cvename>CVE-2011-1806</cvename>
- <cvename>CVE-2011-1807</cvename>
- <cvename>CVE-2011-1808</cvename>
- <cvename>CVE-2011-1809</cvename>
- <cvename>CVE-2011-1810</cvename>
- <cvename>CVE-2011-1811</cvename>
- <cvename>CVE-2011-1812</cvename>
- <cvename>CVE-2011-1813</cvename>
- <cvename>CVE-2011-1814</cvename>
- <cvename>CVE-2011-1815</cvename>
- <cvename>CVE-2011-1816</cvename>
- <cvename>CVE-2011-1817</cvename>
- <cvename>CVE-2011-1818</cvename>
- <cvename>CVE-2011-1819</cvename>
- <cvename>CVE-2011-2332</cvename>
- <cvename>CVE-2011-2342</cvename>
- <cvename>CVE-2011-2345</cvename>
- <cvename>CVE-2011-2346</cvename>
- <cvename>CVE-2011-2347</cvename>
- <cvename>CVE-2011-2348</cvename>
- <cvename>CVE-2011-2349</cvename>
- <cvename>CVE-2011-2350</cvename>
- <cvename>CVE-2011-2351</cvename>
- <cvename>CVE-2011-2358</cvename>
- <cvename>CVE-2011-2359</cvename>
- <cvename>CVE-2011-2360</cvename>
- <cvename>CVE-2011-2361</cvename>
- <cvename>CVE-2011-2782</cvename>
- <cvename>CVE-2011-2783</cvename>
- <cvename>CVE-2011-2784</cvename>
- <cvename>CVE-2011-2785</cvename>
- <cvename>CVE-2011-2786</cvename>
- <cvename>CVE-2011-2787</cvename>
- <cvename>CVE-2011-2788</cvename>
- <cvename>CVE-2011-2789</cvename>
- <cvename>CVE-2011-2790</cvename>
- <cvename>CVE-2011-2791</cvename>
- <cvename>CVE-2011-2792</cvename>
- <cvename>CVE-2011-2793</cvename>
- <cvename>CVE-2011-2794</cvename>
- <cvename>CVE-2011-2795</cvename>
- <cvename>CVE-2011-2796</cvename>
- <cvename>CVE-2011-2797</cvename>
- <cvename>CVE-2011-2798</cvename>
- <cvename>CVE-2011-2799</cvename>
- <cvename>CVE-2011-2800</cvename>
- <cvename>CVE-2011-2801</cvename>
- <cvename>CVE-2011-2802</cvename>
- <cvename>CVE-2011-2803</cvename>
- <cvename>CVE-2011-2804</cvename>
- <cvename>CVE-2011-2805</cvename>
- <cvename>CVE-2011-2818</cvename>
- <cvename>CVE-2011-2819</cvename>
- <cvename>CVE-2011-2821</cvename>
- <cvename>CVE-2011-2823</cvename>
- <cvename>CVE-2011-2824</cvename>
- <cvename>CVE-2011-2825</cvename>
- <cvename>CVE-2011-2826</cvename>
- <cvename>CVE-2011-2827</cvename>
- <cvename>CVE-2011-2828</cvename>
- <cvename>CVE-2011-2829</cvename>
- <cvename>CVE-2011-2834</cvename>
- <cvename>CVE-2011-2835</cvename>
- <cvename>CVE-2011-2836</cvename>
- <cvename>CVE-2011-2837</cvename>
- <cvename>CVE-2011-2838</cvename>
- <cvename>CVE-2011-2839</cvename>
- <cvename>CVE-2011-2840</cvename>
- <cvename>CVE-2011-2841</cvename>
- <cvename>CVE-2011-2842</cvename>
- <cvename>CVE-2011-2843</cvename>
- <cvename>CVE-2011-2844</cvename>
- <cvename>CVE-2011-2845</cvename>
- <cvename>CVE-2011-2846</cvename>
- <cvename>CVE-2011-2847</cvename>
- <cvename>CVE-2011-2848</cvename>
- <cvename>CVE-2011-2849</cvename>
- <cvename>CVE-2011-2850</cvename>
- <cvename>CVE-2011-2851</cvename>
- <cvename>CVE-2011-2852</cvename>
- <cvename>CVE-2011-2853</cvename>
- <cvename>CVE-2011-2854</cvename>
- <cvename>CVE-2011-2855</cvename>
- <cvename>CVE-2011-2856</cvename>
- <cvename>CVE-2011-2857</cvename>
- <cvename>CVE-2011-2858</cvename>
- <cvename>CVE-2011-2859</cvename>
- <cvename>CVE-2011-2860</cvename>
- <cvename>CVE-2011-2861</cvename>
- <cvename>CVE-2011-2862</cvename>
- <cvename>CVE-2011-2864</cvename>
- <cvename>CVE-2011-2874</cvename>
- <cvename>CVE-2011-2875</cvename>
- <cvename>CVE-2011-2876</cvename>
- <cvename>CVE-2011-2877</cvename>
- <cvename>CVE-2011-2878</cvename>
- <cvename>CVE-2011-2879</cvename>
- <cvename>CVE-2011-2880</cvename>
- <cvename>CVE-2011-2881</cvename>
- <cvename>CVE-2011-3234</cvename>
- <cvename>CVE-2011-3873</cvename>
- <cvename>CVE-2011-3873</cvename>
- <cvename>CVE-2011-3875</cvename>
- <cvename>CVE-2011-3876</cvename>
- <cvename>CVE-2011-3877</cvename>
- <cvename>CVE-2011-3878</cvename>
- <cvename>CVE-2011-3879</cvename>
- <cvename>CVE-2011-3880</cvename>
- <cvename>CVE-2011-3881</cvename>
- <cvename>CVE-2011-3882</cvename>
- <cvename>CVE-2011-3883</cvename>
- <cvename>CVE-2011-3884</cvename>
- <cvename>CVE-2011-3885</cvename>
- <cvename>CVE-2011-3886</cvename>
- <cvename>CVE-2011-3887</cvename>
- <cvename>CVE-2011-3888</cvename>
- <cvename>CVE-2011-3889</cvename>
- <cvename>CVE-2011-3890</cvename>
- <cvename>CVE-2011-3891</cvename>
- <cvename>CVE-2011-3892</cvename>
- <cvename>CVE-2011-3893</cvename>
- <cvename>CVE-2011-3894</cvename>
- <cvename>CVE-2011-3895</cvename>
- <cvename>CVE-2011-3896</cvename>
- <cvename>CVE-2011-3897</cvename>
- <cvename>CVE-2011-3898</cvename>
- <cvename>CVE-2011-3900</cvename>
- </references>
- <dates>
- <discovery>2010-10-19</discovery>
- <entry>2010-12-07</entry>
- <modified>2011-11-17</modified>
- </dates>
- </vuln>
-
<vuln vid="ed7fa1b4-ff59-11df-9759-080027284eaa">
<topic>proftpd -- Compromised source packages backdoor</topic>
<affects>
@@ -80523,7 +83422,7 @@
<url>http://gitorious.org/webkitgtk/stable/commit/9d07fda89aab7105962d933eef32ca15dda610d8</url>
</references>
<dates>
- <discovery>2010-09-7</discovery>
+ <discovery>2010-09-07</discovery>
<entry>2010-09-10</entry>
</dates>
</vuln>
@@ -94594,7 +97493,7 @@
<url>http://secunia.com/advisories/31028/</url>
</references>
<dates>
- <discovery>2008-07-9</discovery>
+ <discovery>2008-07-09</discovery>
<entry>2008-07-13</entry>
<modified>2010-05-12</modified>
</dates>
@@ -99165,7 +102064,7 @@
</blockquote>
<blockquote cite="http://drupal.org/node/184348">
<p>The Drupal Forms API protects against cross site request
- forgeries (CSRF), where a malicous site can cause a user
+ forgeries (CSRF), where a malicious site can cause a user
to unintentionally submit a form to a site where he is
authenticated. The user deletion form does not follow the
standard Forms API submission model and is therefore not
@@ -102505,7 +105404,7 @@
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The freeradius development team reports:</p>
<blockquote cite="http://www.freeradius.org/security.html">
- <p>A malicous 802.1x supplicant could send malformed Diameter format
+ <p>A malicious 802.1x supplicant could send malformed Diameter format
attributes inside of an EAP-TTLS tunnel. The server would reject
the authentication request, but would leak one VALUE_PAIR data
structure, of approximately 300 bytes. If an attacker performed
@@ -104329,7 +107228,7 @@
<url>http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051009.html</url>
</references>
<dates>
- <discovery>2006-12-1</discovery>
+ <discovery>2006-12-01</discovery>
<entry>2006-12-11</entry>
<modified>2010-05-12</modified>
</dates>
@@ -105298,7 +108197,7 @@
</vuln>
<vuln vid="a6d9da4a-5d5e-11db-8faf-000c6ec775d9">
- <topic>nvidia-driver -- arbitrary root code execution vulnerability</topic>
+ <topic>NVIDIA UNIX driver -- arbitrary root code execution vulnerability</topic>
<affects>
<package>
<name>nvidia-driver</name>
@@ -116701,7 +119600,7 @@
<p>In fetchmail 6.2.5.1, the remote code injection via
POP3 UIDL was fixed, but a denial of service attack was
introduced:</p>
- <p>Two possible NULL-pointer dereferences allow a malicous
+ <p>Two possible NULL-pointer dereferences allow a malicious
POP3 server to crash fetchmail by respondig with UID lines
containing only the article number but no UID (in violation
of RFC-1939), or a message without Message-ID when no UIDL
@@ -125657,7 +128556,7 @@
<p><code>acl something src "/path/to/empty_file.txt"<br/>
http_access allow something somewhere</code></p>
<p>gets parsed (with warnings) as</p>
- <p><code>http_access allow somwhere</code></p>
+ <p><code>http_access allow somewhere</code></p>
<p>And similarily if you are using proxy_auth acls without
having any auth schemes defined.</p>
</blockquote>
@@ -127939,7 +130838,7 @@
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>Sean <q>infamous42md</q> reports that a malicous GroupWise
+ <p>Sean <q>infamous42md</q> reports that a malicious GroupWise
messaging server may be able to exploit a heap buffer
overflow in gaim, leading to arbitrary code execution.</p>
</body>
More information about the Midnightbsd-cvs
mailing list