A remote code execution vulnerability has been found in Drupal, a fully-featured content management framework. For additional information, please refer to the upstream advisory at https://www.drupal.org/sa-core-2018-002
Two vulnerabilities were discovered in strongSwan, an IKE/IPsec suite. CVE-2018-5388 The stroke plugin did not verify the message length when reading from its control socket. This vulnerability could lead to denial of service. On Debian write access to the socket requires root permission on default configuration. CVE-2018-10811 A missing variable initialization in IKEv2 key derivation could lead t ...
Two vulnerabilities have been found in the PostgreSQL database system: CVE-2018-10915 Andrew Krasichkov discovered that libpq did not reset all its connection state during reconnects. CVE-2018-10925 It was discovered that some "CREATE TABLE" statements could disclose server memory. For additional information please refer to the upstream announcement at https://www.postgresql.org/about/ne ...
Sze Yiu Chau and his team from Purdue University and The University of Iowa found several issues in the gmp plugin for strongSwan, an IKE/IPsec suite. Problems in the parsing and verification of RSA signatures could lead to a Bleichenbacher-style low-exponent signature forgery in certificates and during IKE authentication. While the gmp plugin doesn"t allow arbitrary data after the ASN.1 structure ...
Google"s OSS-Fuzz revealed an exploitable bug in the gmp plugin caused by the patch that fixes CVE-2018-16151 and CVE-2018-16151 . An attacker could trigger it using crafted certificates with RSA keys with very small moduli. Verifying signatures with such keys would cause an integer underflow and subsequent heap buffer overflow resulting in a crash of the daemon. While arbitrary code execution is ...
Frediano Ziglio reported a missing check in the script to generate demarshalling code in the SPICE protocol client and server library. The generated demarshalling code is prone to multiple buffer overflows. An authenticated attacker can take advantage of this flaw to cause a denial of service , or possibly, execute arbitrary code.