OpenSSH -- remote code execution via a forwarded agent socket

OpenSSH project reports: Fix CVE-2023-38408 - a condition where specific libaries loaded via ssh-agent1's PKCS11 support could be abused to achieve remote code execution via a forwarded agent socket if the following conditions are met: Exploitation requires the presence of specific libraries on t...

NGINX -- Multiple vulnerabilities

NGINX Team reports: Two security issues were identified in nginx HTTP/2 implementation, which might cause excessive memory consumption CVE-2018-16843 and CPU usage CVE-2018-16844. The issues affect nginx compiled with the ngxhttpv2module not compiled by default if the "http2" option of the "liste...

PostgreSQL -- SQL injection in pg_upgrade and pg_dump

The PostgreSQL project reports: CVE-2018-16850: SQL injection in pgupgrade and pgdump, via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can run arbitrary SQL statements with superuser privileges when a superuser runs pgupgrade on the database or during a...

OpenSSL -- Multiple vulnerabilities in 1.1 branch

The OpenSSL project reports: Timing vulnerability in ECDSA signature generation CVE-2018-0735: The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key Low. Timing...

Gitlab -- multiple vulnerabilities

Gitlab reports: SSRF GCP access token disclosure Persistent XSS on issue details Diff formatter DoS in Sidekiq jobs Confidential information disclosure in events API endpoint validatelocalhost function in urlblocker.rb could be bypassed Slack integration CSRF Oauth2 GRPC::Unknown logging token...

mini_httpd -- disclose arbitrary files is some circumstances

Jef Poskanzer reports: Prior versions allowed remote users to read arbitrary files in some circumstances...

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2018-12391: HTTP Live Stream audio data is accessible cross-origin CVE-2018-12392: Crash with nested event loops CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript CVE-2018-12395: WebExtension bypass of domain restrictions through...

clamav -- multiple vulnerabilities

Joel Esler reports: CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. Reported by Secunia Research at Flexera. Fix for a 2-byte buffer over-read bug in ClamAV&s PDF...

curl -- multiple vulnerabilities

curl security problems: CVE-2018-16839: SASL password overflow via integer overflow libcurl contains a buffer overrun in the SASL authentication code. The internal function Curlauthcreateplainmessage fails to correctly verify that the passed in lengths for name and password aren't too long, then...

MySQL -- multiple vulnerabilities

Oracle reports: Please reference CVE/URL list for details...

Gitlab -- multiple vulnerabilities

Gitlab reports: Merge request information disclosure Private project namespace information disclosure Gitlab Flavored Markdown API information disclosure...

Libgit2 -- multiple vulnerabilities

The Git community reports: Multiple vulnerabilities...

moodle -- multiple vulnerabilities

moodle reports: Moodle XML import of ddwtos could lead to intentional remote code execution QuickForm library remote code vulnerability upstream Boost theme - blog search GET parameter insufficiently filtered...

libssh -- authentication bypass vulnerability

gladiac reports: libssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server an SSH2MSGUSERAUTHSUCCESS message in place of the SSH2MSGUSERAUTHREQUEST message which the server would expect to initiate authentication, the attacker could...

ruby -- multiple vulnerabilities

Ruby news: CVE-2018-16395: OpenSSL::X509::Name equality check does not work correctly An instance of OpenSSL::X509::Name contains entities such as CN, C and so on. Some two instances of OpenSSL::X509::Name are equal only when all entities are exactly equal. However, there is a bug that the equali...

Apache -- Denial of service vulnerability in HTTP/2

The Apache httpd project reports: low: DoS for HTTP/2 connections by continuous SETTINGS By sending continous SETTINGS frames of maximum size an ongoing HTTP/2 connection could be kept busy and would never time out. This can be abused for a DoS on the server. This only affect a server that has...

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2018-12386: Type confusion in JavaScript A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered...

Gitlab -- multiple vulnerabilities

Gitlab reports: RCE in Gitlab Wiki API SSRF in Hipchat integration Cleartext storage of personal access tokens Information exposure through stack trace error message Persistent XSS autocomplete Information exposure in stored browser history Information exposure when replying to issues through ema...

firefox -- Crash in TransportSecurityInfo due to cached data

The Mozilla Foundation reports: A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into...

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2018-12377: Use-after-free in refresh driver timers CVE-2018-12378: Use-after-free in IndexedDB CVE-2018-12379: Out-of-bounds write with malicious MAR file CVE-2017-16541: Proxy bypass using automount and autofs CVE-2018-12381: Dragging and dropping Outlook email...

bitcoin -- Denial of Service and Possible Mining Inflation

Bitcoin Core reports: CVE-2018-17144, a fix for which was released on September 18th in Bitcoin Core versions 0.16.3 and 0.17.0rc4, includes both a Denial of Service component and a critical inflation vulnerability. It was originally reported to several developers working on Bitcoin Core, as well...

spamassassin -- multiple vulnerabilities

the Apache Spamassassin project reports: In Apache SpamAssassin, using HTML::Parser, we setup an object and hook into the begin and end tag event handlers In both cases, the "open" event is immediately followed by a "close" event - even if the tag does not close in the HTML being parsed. Because ...

Gitlab -- SSRF in Kubernetes integration

The GitLab Team reports: SSRF in Kubernetes integration...

matomo -- XSS vulnerability

Matomo reports: Several XSS issues have been fixed thanks to the great work of security researchers who responsible disclosed issues to us...

liveMedia -- potential remote code execution

Talos reports: An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerabili...

drupal -- Drupal Core - Multiple Vulnerabilities

Drupal Security Team reports: CVE-2018-7600: Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations...

FreeBSD -- Improper ELF header parsing

Problem Description: Insufficient validation was performed in the ELF header parser, and malformed or otherwise invalid ELF binaries were not rejected as they should be. Impact: Execution of a malicious ELF binary may result in a kernel crash or may disclose kernel memory...

gitea -- multiple vulnerabilities

Gitea project reports: CSRF Vulnerability on API. Enforce token on api routes...

salt -- multiple vulnerabilities

SaltStack reports: Remote command execution and incorrect access control when using salt-api. Directory traversal vulnerability when using salt-api. Allows an attacker to determine what files exist on a server when querying /run or /events...

drupal -- Drupal Core - Multiple Vulnerabilities

Drupal Security Team reports: he path module allows users with the 'administer paths' to create pretty URLs for content. In certain circumstances the user can enter a particular path that triggers an open redirect to a malicious url.The issue is mitigated by the fact that the user needs the...

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description Low SECURITY-867 Path traversal vulnerability in Stapler allowed accessing internal data Medium SECURITY-1074 Arbitrary file write vulnerability using file parameter definitions Medium SECURITY-1129 Reflected XSS vulnerability Medium SECURITY-1162 Ephemeral...

Django -- password hash disclosure

Django release notes: CVE-2018-16984: Password hash disclosure to "view only" admin users If an admin user has the change permission to the user model, only part of the password hash is displayed in the change form. Admin users with the view but not change permission to the user model were...

smart_proxy_dynflow -- authentication bypass vulnerability

MITRE reports: An authentication bypass flaw was found in the smartproxydynflow component used by Foreman. A malicious attacker can use this flaw to remotely execute arbitrary commands on machines managed by vulnerable Foreman instances, in a highly privileged context...

Flash Player -- information disclosure

Adobe reports: This update resolves a privilege escalation vulnerability that could lead to information disclosure CVE-2018-15967...

gitea -- remote code exeution

The Gitea project reports: This release contains critical security fix for vulnerability that could potentially allow for authorized users to do remote code execution...

Serendipity -- multiple vulnerabilities

Serendipity reports: Security: Fix XSS for pagination, when multi-category selection is used...

tinc -- Buffer overflow

tinc-vpn.org reports: The authentication protocol allows an oracle attack that could potentially be exploited. If a man-in-the-middle has intercepted the TCP connection it might be able to force plaintext UDP packets between two nodes for up to a PingInterval period...

Loofah -- XSS vulnerability

GitHub issue: This issue has been created for public disclosure of an XSS vulnerability that was responsibly reported independently by Shubham Pathak and @yasinS Yasin Soliman. In the Loofah gem, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is...

mybb -- vulnerabilities

mybb Team reports: High risk: Email field SQL Injection. Medium risk: Video MyCode Persistent XSS in Visual Editor. Low risk: Insufficient permission check in User CP’s attachment management. Low risk: Insufficient email address verification...

Memory leak bug in Toxcore

The Tox project blog reports: A memory leak bug was discovered in Toxcore that can be triggered remotely to exhaust one’s system memory, resulting in a denial of service attack. The bug is present in the TCP Server module of Toxcore and therefore it affects mostly bootstrap nodes. Regular Tox...

OpenSSH -- Race condition resulting in potential remote code execution

The OpenSSH project reports: A race condition in sshd8 could allow remote code execution as root on non-OpenBSD systems...

curl -- password overflow vulnerability

curl security problems: CVE-2018-14618: NTLM password overflow via integer overflow The internal function Curlntlmcoremknthash multiplies the length of the password by two SUM to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to...

nginx -- Vulnerability in the ngx_http_mp4_module

The nginx development team reports: This update fixes the buffer overread vulnerability in the ngxhttpmp4module...

mantis -- XSS vulnerability

Brian Carpenter reports: Reflected XSS in viewfilterspage.php via core/filterformapi.php...

OpenSSL -- timing vulnerability

The OpenSSL project reports: Microarchitecture timing vulnerability in ECC scalar multiplication. Severity: Low OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been shown to be vulnerable to a microarchitecture timing side channel attack. An attacker with sufficient access to...

gsoap -- remote code execution via via overflow

Senrio reports: Genivia gSOAP is prone to a stack-based buffer-overflow vulnerability because it fails to properly bounds check user-supplied data before copying it into an insufficiently sized buffer. A remote attacker may exploit this issue to execute arbitrary code in the context of the affect...

kio-extras -- HTML Thumbnailer automatic remote file access

Albert Astals Cid reports: Various KDE applications share a plugin system to create thumbnails of various file types for displaying in file managers, file dialogs, etc. kio-extras contains a thumbnailer plugin for HTML files. The HTML thumbnailer was incorrectly accessing some content of remote...

nginx -- Two vulnerabilities

NGINX Development Team reports: Two security issues were identified in the ngxhttpmp4module, which might allow an attacker to cause a worker process crash or worker process memory disclosure by using a specially crafted mp4 file, or might have potential other impact CVE-2022-41741, CVE-2022-41742...

dnsmasq -- TFTP server remote code injection vulnerability

Simon Kelley reports: Fix security problem which allowed any host permitted to do TFTP to possibly compromise dnsmasq by remote buffer overflow when TFTP enabled. Fix a problem which allowed a malicious TFTP client to crash dnsmasq...

Flash Player -- information disclosure

Adobe reports: This update resolves a out-of-bounds vulnerability that could lead to information disclosure CVE-2018-15978...