Several vulnerabilities have been discovered in the chromium web browser.
Toshifumi Sakaguchi discovered that PowerDNS Recursor, a high-performance
resolving name server was susceptible to denial of service via a crafted
It was discovered that the Private Browsing mode in the Mozilla Firefox
web browser allowed to fingerprint a user across multiple sessions
Multiple security issues have been found in Thunderbird, which may lead
to the execution of arbitrary code or denial of service.
It was discovered that wireshark, a network protocol analyzer, contained
several vulnerabilities in the dissectors for CIP Safety, IWARP_MPA,
NetBIOS, Profinet I/O and AMQP, which result in denial of dervice or the
execution of arbitrary code.
It was discovered that the TLS server in Erlang is vulnerable to an
adaptive chosen ciphertext attack against RSA keys.
Two vulnerabilities were discovered in optipng, an advanced PNG
optimizer, which may result in denial of service or the execution of
arbitrary code if a malformed file is processed.
It was discovered that libXcursor, a X cursor management library, is
prone to several heap overflows when parsing malicious files. An
attacker can take advantage of these flaws for arbitrary code execution,
if a user is tricked into processing a specially crafted cursor file.
George Shuklin from servers.com discovered that Nova, a cloud
computing fabric controller, did not correctly enforce its image- or
hosts-filters. This allowed an authenticated user to bypass those
filters by simply rebuilding an instance.
Michael Eder and Thomas Kittel discovered that Heimdal, an
implementation of Kerberos 5 that aims to be compatible with MIT
Kerberos, did not correctly handle ASN.1 data. This would allow an
unauthenticated remote attacker to cause a denial of service (crash of
the KDC daemon) by sending maliciously crafted packets.