DELTA 419969 0 10552 SVN† † † † † † † ŒÀ† † † ’à† † "‚$!…Ëz€IŒ…ËW€Y„a…×]H…°zÀ,…Ü`‚" FreeBSD 10.310.3_4 10.210.2_18 10.110.1_35 9.39.3_43freebsdsa>SA-16:22.libarchive SA-16:23.libarchive

OpenSSH clients between versions 5.4 and 7.1 are vulnerable to information disclosure that may allow a malicious server to retrieve information including under some circumstances, user's private keyurl>httpŸ † † ~€sx„Þ~€ †|mage -- multiple integer overflows freeimage 3.16.0Pcheng pcheng reports:

An integer overflow issue i¥À† † ‚v€‚t†‚tntry>2015-10-23 mediawiki -- multiple vulnerabilities mediawiki123 1.23.11 mediawiki124 1.24.4 «à† † { €zƒ,‘+†›Z2zme> mencoder 1.1.r20150403²€† † E€Z\§U‚o€B†C9-3293. NOTE: some of these details are obtained from third party information.
Heap-based buffer overflowor possibly execute arbitrary code via a crafted BMP image.

Open redirect (Overlay module - Drupal 7 - Less critical)

The Overlay module displays administrative pages as a layer over the current page (using JavaScript), rather than replacing the page in the browser window. The Overlay module does not sufficiently validate URLs prior to displaying their contents, leadin¾À† † ‚v€‚t†‚tJouni Malinen reports:

A vulnerability was found in how wpa_supplicant uses SSID information parsed from management frames that create or update P2P peer entries (e.g., Probe Response frame or number of P2P Public Action frames). SSID field has valid length raÄà† † ‚€‚Y·q† ‚01-28 2015-02-02 Adobe Flash Player -- critical vulnerability linux-c6-flashplugin 11.2r202.438
Security vulnerability in commons fileupload allows unauthenticated attacker to upload arbitrary files to Jenkins master.

SECURITY-149/CVE-2014-1869 (XSS vulnerabilities in ZeroClipboard)

reflective XSS vulnerability in one of the library dependencies of Jenkins.

SECURITY-113/CVE-2014-36Ñ † † €dæ!…_çwv…Í@†œ2Z015-07-15 OpenSSL -- NULL pointer dereference2
ntp.org reports:

Unrestricted access to the monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST oÝà† † ‚v€‚t†‚tg XBL Scopes

MFSA 2013-71 Further Privilege escalation through Mozilla Updater

MFSA 2013-72 Wrong principal used for validating URI for some Javascript components

MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest

MFSA 2013-74 Firefox full and stub installer DLL hijacking

MFSA 2013-75 Local Javä€† † ‚v€‚t†‚t using certain browsers.

SECURITY-69 / CVE-2013-2034

This is another CSRF vulnerability that allows an attacker to cause a deployment of binaries to Maven repositories. This vulnerability has the same CVE ID as SEUCRITY-63.

SECURITY-71 / CVE-2013-1808

This creates aê † † ‚€|J‚¥}žvã†œ&f‚ http://www.opera.com/support/kb/view/1043/ 2013-01-30 2013-02-01 upnpupnp 1.6.18ðÀ† † ‚v€‚t†‚trom the HTTP Host header. Some attacks against this are beyond Django's ability to control, and require the web server to be properly configured; Django's documentation has for some time contained notes advising users on such configuration.

Django's own built-in parsing of the Host header is, however, still vulnerable, as was reported töà† † ‚v€‚t†‚tM7xy-G48J https://groups.google.com/d/msg/rubyonrails-security/FgVEtBajcTY/tYLS1JJTu38J http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/ 2012-08-08 2012-08-10 portupgrade-devel -- lack of distfile checksums portupgrade-devel 0,3Ports security team reports:

The portupgrade-devel port fetched directly from a git resƒ † † a€1‚Îk®†_ CVE-2011-3924 CVE-2011-3926 CVE-2011-3927 CVE-2011-39282-01-23 2012-01-24 apache apache-event apache-itk apache-peruser apache-worker 2.*2.2.20pache HTTP server project reports:

png -- libpng decompression buffer overflow
Stefan Esser has reported a vulnerability in Piwik, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to the core/Cookie.php script using "unserial¨à† † 7€Ax„£GƒÉ€t†5affects> eggdrop 1.6.195104/">
The vulnerability is caused due to an error in the processing of private messages within the serv¯€† † ‚v€‚t†‚t> http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.6.0.6.txt 2008-12-20 2009-01-19 gtar -- GNU TAR safer_name_suffix Remote Denial of Service Vulnerability µ † † ‚(€2N„‹€t†‚&tised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected sitecvename>CVE-2007-6461 CVE-2008-1165 CVE-2008-1166 »À† † ‚(€N…Œ€ †‚&85-s9y.html">
In the referrer plugin of the blog application serendipity, the referrer string is not escaped, thus leading to a permanent XSSbid>28885 CVE-2008-1385 CVE-2008-1386 http://int21.de/cve/CVE-2008-138Áà† † ‚v€‚t†‚tm.cc can be exploited to cause a heap-based buffer overflow via a specially crafted PDF file.

A boundary error within the "CCITTFaxStream::lookChar()" method in xpdf/Stream.cc can be exploited to cause a heap-based buffer overflow by tricking a user into opening a PDF file containing a specially crafted "CCITTFaxDecode" filter.<È€† † ‚v€‚t†‚t=87 http://bugs.libgd.org/?do=details&task_id=92 http://bugs.libgd.org/?do=details&task_id=74 http://bugs.libgd.org/?do=details&task_id=48 http://bugs.php.net/bug.php?id=40578 2007-06-21 2007-06-29 http://secunia.com/advisories/20665/ 2006-06-12 alsaplayer 0

The function which handles the HTTP connections is Úà† † ‚* €‚(_‚Ú@†œy‚(cross-site scripting attacks.

Unspecified input passed to the private archive script is not properly sanitised before being returned to users. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable siteá€† † ~¿^†&¤_™š™{†œ6V}"http://www.w3.org/1999/xhtml">
Announce of Mnemo H3 (2.0.379228172&w=2">
This [2.0.3notepad name and noteç † † j•D‚¬€S‚]‡y†šw‚hty/advisory-20050721-1 2005-08-12 2005-10-23 gaim -- AIM/ICQ non-UTF-8 filename crashíÀ† † ‚,€JØ}€(†‚*ommand line option on untrusted files and do not uncompress files in directories where untrusted users have write access. CVE-2005-1228 SA-05:11.gzip http:/óà† † ‚3 €‚1N„³†‚1avis Ormandy of the Gentoo Linux Security Audit Team identified a flaw in the handling of image filenames by xv.

Successful exploitation would require a victim to process a specially crafted image with a malformed filename, potentially resulting in the execution of arbitrary codeú€† † <œLƒ¶@nŸf€†: CVE-2004-09906 2005-01-18 2005-01-21 ‚†À† † ‚v€‚t†‚te X11R6.8.1 release announcement reads:

This version is purely a security release, addressing multiple integer and stack overflows in libXpm, the X Pixmap library; all known versions of X (both XFree86 and X.Org) are affected, so all users of X are strongly ‚Œà…Ã@…Æ4Bf‚è@€7N‚ž‰…Ã@@Jindrich Makovicka reports a regression in proftpd's handling of IP address access control lists (IP ACLs). Due to this regression, some IP ACLs are treated as ``allow all''4-0432