235 matches found
Out-of-bounds Read
Overview Versions of atob before 2.1.0 uninitialized Buffers when number is passed in input on Node.js 4.x and below. Recommendation Update to version 2.1.0 or later. References - HackerOne Report - GitHub Advisory...
CVE-2017-18206
In utils.c in zsh before 5.4, symlink expansion had a buffer overflow...
Discourse: Gaining access to private topics using quoting feature
Description Some topics have limited access to certain groups and users, and while there exists a validation for access on this topic, it can be bypassed by abusing a vulnerability in the "onebox" quoting feature. When pasting a link in a reply, if this link happens to be a link to another topic ...
OPENSUSE-SU-2017:1824-1 Security update for irssi
This update for irssi to version fixes the following issues: - CVE-2017-10965: A malicious server could cause irssi to crash by providing an invalid timestamp - CVE-2017-10966: Undefined behavior may be triggered when irssi updates the internal nick list A number of minor upstream bug fixes are...
OPENSUSE-SU-2017:1823-1 Security update for irssi
This update for irssi to version fixes the following issues: - CVE-2017-10965: A malicious server could cause irssi to crash by providing an invalid timestamp - CVE-2017-10966: Undefined behavior may be triggered when irssi updates the internal nick list A number of minor upstream bug fixes are...
gdal: Heap-buffer-overflow in ReadBITDOUBLE
Detailed report: https://oss-fuzz.com/testcase?key=4985169473699840 Project: gdal Fuzzer: libFuzzergdalcadfuzzer Fuzz target binary: cadfuzzer Job Type: libfuzzerasangdal Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Address: 0x60d000000677 Crash State: ReadBITDOUBLE...
CVE-2017-6637
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software prior to Release 11.1 could allow an authenticated, remote attacker to delete any file from an affected system. The vulnerability exists because the affected software does not perform proper input validation o...
Integer overflow leads to heap-based buffer overflow in encode_config_buf
Affected versions of this crate suffered from an integer overflow bug when calculating the size of a buffer to use when encoding base64 using the encodeconfigbuf and encodeconfig functions. If the input string was large, this would cause a buffer to be allocated that was too small. Since this...
libass: Attempting free in parse_events
Project: https://github.com/libass/libass.git Detailed report: https://clusterfuzz-external.appspot.com/testcase?key=5420800962199552 Project: libass Fuzzer: libFuzzerlibassfuzzer Fuzz target binary: libassfuzzer Job Type: libfuzzerasanlibass Platform Id: linux Crash Type: Attempting free Crash...
SUSE-SU-2016:2898-1 Security update for nodejs4
This update for nodejs4 fixes the following issues: Security issues fixed: - CVE-2016-5180: c-ares: Fix for single-byte buffer overwrite bsc1007728. Bug fixes: - bsc1009011: npm4 should provide versioned nodejs-npm and npm allowing nodejs-packaging to continue to function properly in Leap 42.2...
SUSE-SU-2016:0459-1 Security update for qemu
This update fixes the following security issues: - Enforce receive packet size, thus eliminating buffer overflow and potential security issue. bsc957162 CVE-2015-7512 - Infinite loop in processing command block list. CVE-2015-8345 bsc956829: This update also fixes a non-security bug: - Due to spa...
Jail Authorities Mistakenly Early Released 3,200 Prisoners due to a Silly Software Bug
Washington State Department of Corrections DoC is facing an investigation after it early released around 3,200 prisoners over the course of 13 years, since 2002, when a bug was introduced in the software used to calculate time credits for inmates' good behavior. The software glitch led to a...
CentOS 7 : kernel (CESA-2015:0726)
Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, a...
XSS when adding Stash Linked Repositories
Stash server title in the "Stash server" dropdown is not being escaped and if it contains a script tag that script will be eval'd. Our Stash QA test data has the server title "Welcome to alert666 Long Ståш Title with ..." which causes the "666" to alert when the "Add repository" button is clicked...
Removing user from LDAP doesn't clear LDAP group membership
Reproduction steps: 1. Setup generic LDAP user repository RW, with jira-users, jira-developers, jira-administrators groups. 2. Create user for John Smith as [email protected]. 3. Add him to jira-administrators group. 4. Remove user [email protected] John changed the company. 5. Create user for Jake Sunny as...
DSA-2925-1 rxvt-unicode - security update
Bulletin has no description...
@mention Notification for Comments on Restricted Page in Confluence 5.4.x
In Confluence 5.4.x versions, the user is getting comment notifications in a page that he's restricted to view. If you restrict an user to view or edit the page through 'Tools Restrictions' and then comment in a page, the user will get the notification about it in the Workbox. h4.Steps to...
WinRM Script Exec Remote Code Execution
This module uses valid credentials to login to the WinRM service and execute a payload. It has two available methods for payload delivery: Powershell 2 and above and VBS CmdStager. The module will check if Powershell is available, and if so uses that method. Otherwise it falls back to the VBS...
CVE-2012-2392
Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote attackers to cause a denial of service infinite loop via vectors related to the 1 ANSI MAP, 2 ASF, 3 IEEE 802.11, 4 IEEE 802.3, and 5 LTP dissectors...
persistent xss through svg file attachment download
The fix for CONF-22132 was not sufficient because "svg" files are not "said" to be xml by the isXml method. This means that is possible for a malicious party to upload a svg file containing html/javascript which will be rendered in victim's web browser. This bug should have been raised a while ag...