The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values.
Monthly Archives: June 2015
OpenSCAP Libraries 1.2.4
The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.
HP Releases Details, Exploit Code for Unpatched IE Flaws
Researchers at HP’s Zero Day Initiative have disclosed full details and proof-of-concept exploit code for a series of bugs they discovered that allow attackers to bypass a key exploit mitigation in Internet Explorer.
CVE-2015-4590 (arduino_json)
The extractFrom function in Internals/QuotedString.cpp in Arduino JSON before 4.5 allows remote attackers to cause a denial of service (crash) via a JSON string with a (backslash) followed by a terminator, as demonstrated by “\”, which triggers a buffer overflow and over-read.
CVE-2015-4713 (hotel_site)
SQL injection vulnerability in ApPHP Hotel Site 3.x.x allows remote editors to execute arbitrary SQL commands via the pid parameter to index.php.
CVE-2015-4714 (dreambox_dm500-s_firmware)
Cross-site scripting (XSS) vulnerability in the DreamBox DM500-S allows remote attackers to inject arbitrary web script or HTML via the mode parameter to /body.
Gentoo Linux Security Advisory 201506-04
Gentoo Linux Security Advisory 201506-4 – Multiple vulnerabilities have been fixed in Chromium, the worst of which can cause arbitrary remote code execution. Versions less than 43.0.2357.65 are affected.
Ubuntu Security Notice USN-2651-1
Ubuntu Security Notice 2651-1 – Jakub Wilk discovered that GNU patch did not correctly handle file paths in patch files. An attacker could specially craft a patch file that could overwrite arbitrary files with the privileges of the user invoking the program. This issue only affected Ubuntu 12.04 LTS. Laszlo Boszormenyi discovered that GNU patch did not correctly handle some patch files. An attacker could specially craft a patch file that could cause a denial of service. Various other issues were also addressed.
Gentoo Linux Security Advisory 201506-03
Gentoo Linux Security Advisory 201506-3 – Multiple vulnerabilities have been fixed in GnuTLS, the worst of which can cause Denial of Service. Versions less than 3.3.15 are affected.
Google Fixes Handful of Bugs in Chrome
Google has fixed several vulnerabilities in Chrome, including a pair of cross-origin bypasses and a high-risk scheme validation error.