Integer signedness error in the genkbd_commonioctl function in sys/dev/kbd/kbd.c in FreeBSD 9.3 before p42, 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory overwrite and kernel crash), or gain privileges via a negative value in the flen structure member in the arg argument in a SETFKEY ioctl call, which triggers a “two way heap and stack overflow.”
Monthly Archives: May 2016
CVE-2016-1887
Integer signedness error in the sockargs function in sys/kern/uipc_syscalls.c in FreeBSD 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to cause a denial of service (memory overwrite and kernel panic) or gain privileges via a negative buflen argument, which triggers a heap-based buffer overflow.
CVE-2016-4020 (qemu)
The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priorty Register (TPR).
CVE-2016-4575
Cross-site scripting (XSS) vulnerability in the email APP in Huawei PLK smartphones with software AL10C00 before AL10C00B211 and AL10C92 before AL10C92B211; ATH smartphones with software AL00C00 before AL00C00B361, CL00C92 before CL00C92B361, TL00HC01 before TL00HC01B361, and UL00C00 before UL00C00B361; CherryPlus smartphones with software TL00C00 before TL00C00B553, UL00C00 before UL00C00B553, and TL00MC01 before TL00MC01B553; and RIO smartphones with software AL00C00 before AL00C00B360 allows remote attackers to inject arbitrary web script or HTML via an email message.
Teampass 2.1.25 Unauthenticated Access
Teampass version 2.1.25 suffers from an unauthenticated access vulnerability.
Teampass 2.1.25 Arbitrary File Download
Teampass version 2.1.25 suffers from an arbitrary file download.
XML Sitemap – Moderately Critical – XSS – SA-CONTRIB-2016-030
- Advisory ID: DRUPAL-SA-CONTRIB-2016-030
- Project: XML Sitemap (third-party module)
- Version: 7.x
- Date: 2016-May-25
- Security risk: 13/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:Default
- Vulnerability: Cross Site Scripting
Description
The XML Sitemap module enables you to create sitemaps which help search engines to more intelligently crawl a website and keep their results up to date.
The module doesn’t sufficiently filter the URL when it is displayed in the sitemap.
This vulnerability is mitigated if the setting for “Include a stylesheet in the sitemaps for humans.” on the module’s administration settings page is not enabled (the default is enabled).
CVE identifier(s) issued
- A CVE identifier will be requested, and added upon issuance, in accordance with Drupal Security Team processes.
Versions affected
- XML Sitemap 7.x-2.x versions prior to 7.x-2.3.
Drupal core is not affected. If you do not use the contributed XML Sitemap module, there is nothing you need to do.
Solution
Install the latest version:
- If you use the XML Sitemap module for Drupal 7.x, upgrade to XML Sitemap 7.x-2.3
Also see the XML Sitemap project page.
Reported by
Fixed by
- Pablo López
- Dave Reid the module maintainer and of the Drupal Security Team
- David Snopek of the Drupal Security Team
Coordinated by
- David Snopek of the Drupal Security Team
Contact and More Information
The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.
Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.
Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity
Drupal version:
Open-Xchange OX AppSuite 7.8.0 XSS / Open Redirect
Open-Xchange OX AppSuite versions 7.8.0 and below suffer from cross site scripting, open redirection, and argument injection vulnerabilities.
GDPR Day: countdown to a global privacy and security regimen?
This thing called GDPR will impact data security and privacy policy at many US firms when it takes effect two years from today. Start learning what the EU General Data Protection Regulation means to your business.
The post GDPR Day: countdown to a global privacy and security regimen? appeared first on We Live Security.
dotCMS Email Header Injection
dotCMS versions prior to 3.5 and 3.3.2 suffers from an email header injection vulnerability.