6585 matches found
Prometheus -- arbitrary redirects
Prometheus reports: Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an attacker to craft an...
rubygem-json -- Unsafe Objection Creation Vulnerability in JSON (Additional fix)
When parsing certain JSON documents, the json gem including the one bundled with Ruby can be coerced into creating arbitrary objects in the target system. This is the same issue as CVE-2013-0269. The previous fix was incomplete, which addressed JSON.parseuserinput, but didn’t address some other...
webkit2-gtk3 -- Multiple vulnerabilities
The WebKitGTK project reports multiple vulnerabilities...
FreeBSD -- File description reference count leak
Problem Description: FreeBSD 12.0 attempts to handle the case where the receiving process does not provide a sufficiently large buffer for an incoming control message containing rights. In particular, to avoid leaking the corresponding descriptors into the receiving process' descriptor table, the...
messagelib -- HTML email can open browser window automatically
Albert Astals Cid reports: messagelib is the library used by KMail to display emails. messagelib by default displays emails as plain text, but gives the user an option to "Prefer HTML to plain text" in the settings and if that option is not enabled there is way to enable HTML display when an emai...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory: Description High SECURITY-897 / CVE-2018-1999001 Users without Overall/Read permission can have Jenkins reset parts of global configuration on the next restart High SECURITY-914 / CVE-2018-1999002 Arbitrary file read vulnerability Medium SECURITY-891 / CVE-2018-1999003...
PHP5 -- memory corruption in openssl_x509_parse()
Stefan Esser reports: The PHP function opensslx509parse uses a helper function called asn1timetotimet to convert timestamps from ASN1 string format into integer timestamp values. The parser within this helper function is not binary safe and can therefore be tricked to write up to five NUL bytes...
redis -- specially crafted MSETNX command can lead to denial-of-service
Yupeng Yang reports: Authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process...
chromium -- Type confusion in V8
Chrome Releases reports: This release contains 1 security fix: 1378239 High CVE-2022-3723: Type Confusion in V8. Reported by Jan Vojtešek, Milánek, and Przemek Gmerek of Avast on 2022-10-25...
Node.js -- July 7th 2022 Security Releases
Node.js reports: HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding MediumCVE-2022-32213 The llhttp parser in the http module does not correctly parse and validate Transfer-Encoding headers. This can lead to HTTP Request Smuggling HRS. HTTP Request Smuggling - Improper Delimiting of...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 37 security fixes, including: $TBD1275020 Critical CVE-2022-0096: Use after free in Storage. Reported by Yangkang @dnpushme of 360 ATA on 2021-11-30 1117173 High CVE-2022-0097: Inappropriate implementation in DevTools. Reported by David Erceg on...
Intel CPU issues
Intel reports: Intel CPUs suffer Special Register Buffer Data Sampling vulnerability...
samba -- multiple vulnerabilities
The Samba Team reports: CVE-2020-10700 A client combining the 'ASQ' and 'Paged Results' LDAP controls can cause a use-after-free in Samba's AD DC LDAP server. CVE-2020-10704 A deeply nested filter in an un-authenticated LDAP search can exhaust the LDAP server's stack memory causing a SIGSEGV...
OpenSMTPd -- Local information disclosure
Qualys reports: We discovered a minor vulnerability in OpenSMTPD, OpenBSD's mail server: an unprivileged local attacker can read the first line of an arbitrary file for example, root's password hash in /etc/master.passwd or the entire contents of another user's file if this file and...
Flash Player -- arbitrary code execution
Adobe reports: This update resolves a type confusion vulnerability that could lead to arbitrary code execution CVE-2020-3757...
Python -- multiple vulnerabilities
Python reports: The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager...
payara -- Multiple vulnerabilities
Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution. Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware subcomponent: Administration. Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability...
xen-kernel -- CPU lockup during exception delivery
The Xen Project reports: A malicious HVM guest administrator can cause a denial of service. Specifically, prevent use of a physical CPU for a significant, perhaps indefinite period. If a host watchdog Xen or dom0 is in use, this can lead to a watchdog timeout and consequently a reboot of the host...
apache24 -- multiple vulnerabilities
Jim Jagielski reports: CVE-2015-3183 cve.mitre.org core: Fix chunk header parsing defect. Remove aprbrigadeflatten, buffering and duplicated code from the HTTPIN filter, parse chunks in a single pass with zero copy. Limit accepted chunk-size to 2^63-1 and be strict about chunk-ext authorized...
proftpd -- Long Command Processing Vulnerability
Secunia reports: The vulnerability is caused due to the application truncating an overly long FTP command, and improperly interpreting the remainder string as a new FTP command. This can be exploited to execute arbitrary FTP commands with the privileges of another user by e.g. tricking the user...
net-snmp -- denial of service via GETBULK request
CVE reports: The SNMP agent snmpagent.c in net-snmp before 5.4.1 allows remote attackers to cause a denial of service CPU and memory consumption via a GETBULK request with a large max-repeaters value...
xorg server -- Multiple vulnerabilities
The X.Org project reports: CVE-2024-31080: Heap buffer overread/data leakage in ProcXIGetSelectedEvents The ProcXIGetSelectedEvents function uses the byte-swapped length of the return data for the amount of data to return to the client, if the client has a different endianness than the X server...
powerdns-recursor -- Multiple Vulnerabilities
[email protected] reports: CVE-2023-50868: The Closest Encloser Proof aspect of the DNS protocol in RFC 5155 when RFC 9276 guidance is skipped allows remote attackers to cause a denial of service CPU consumption for SHA-1 computations via DNSSEC responses in a random subdomain attack, aka the "NSEC3"...
electron25 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-4071. Security: backported fix for CVE-2023-4070. Security: backported fix for CVE-2023-4075. Security: backported fix for CVE-2023-4076. Security: backported fix for CVE-2023-4074...
polkit -- Local Privilege Escalation
Qualys reports: We discovered a Local Privilege Escalation from any user to root in polkit's pkexec, a SUID-root program that is installed by default on every major Linux distribution...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 8 security fixes, including: 1259864 High CVE-2021-37997 : Use after free in Sign-In. Reported by Wei Yuan of MoyunSec VLab on 2021-10-14 1259587 High CVE-2021-37998 : Use after free in Garbage Collection. Reported by Cassidy Kim of Amber Security La...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 27 security fixes, including: 1233975 High CVE-2021-30606: Use after free in Blink. Reported by Nan Wang @eternalsakura13 and koocola @alocook of 360 Alpha Lab on 2021-07-28 1235949 High CVE-2021-30607: Use after free in Permissions. Reported by...
samba -- negative idmap cache entries vulnerability
The Samba Team reports: CVE-2021-20254: Negative idmap cache entries can cause incorrect group entries in the Samba file server process token...
Gitlab -- Disclosure Vulnerabilities
Gitlab reports: Disclosure of Private Code, Merge Requests and Commits via Elasticsearch integration...
FreeBSD -- Microarchitectural Data Sampling (MDS)
Problem Description: On some Intel processors utilizing speculative execution a local process may be able to infer stale information from microarchitectural buffers to obtain a memory disclosure. Impact: An attacker may be able to read secret data from the kernel or from a process when executing...
node.js -- Data Confidentiality/Integrity Vulnerability, December 2017
Node.js reports: Data Confidentiality/Integrity Vulnerability - CVE-2017-15896 Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSLread due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: Please reference CVE/URL list for details...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: Please reference CVE/URL list for details...
BIND -- Remote Denial of Service vulnerability
ISC reports: Testing by ISC has uncovered a critical error condition which can occur when a nameserver is constructing a response. A defect in the rendering of messages into packets can cause named to exit with an assertion failure in buffer.c while constructing a response to a query that meets...
php -- multiple vulnerabilities
The PHP Group reports: Core: Fixed bug 72114 Integer underflow / arbitrary null write in fread/gzread. CVE-2016-5096 PHP 5.5/5.6 only Fixed bug 72135 Integer Overflow in phphtmlentities. CVE-2016-5094 PHP 5.5/5.6 only GD: Fixed bug 72227 imagescale out-of-bounds read. CVE-2013-7456 Intl: Fixed bu...
dropbear -- authorized_keys command= bypass
Matt Johnson reports: Validate X11 forwarding input. Could allow bypass of authorizedkeys command= restrictions...
phpmyadmin -- Multiple full path disclosure vulnerabilities
The phpMyAdmin development team reports: By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. We consider these vulnerabilities to ...
elasticsearch -- remote code execution via transport protocol
Elastic reports: Vulnerability Summary: Elasticsearch versions prior to 1.6.1 are vulnerable to an attack that can result in remote code execution. Remediation Summary: Users should upgrade to 1.6.1 or 1.7.0. Alternately, ensure that only trusted applications have access to the transport protocol...
Several vulnerabilities found in PHP
The PHP project reports: The PHP development team announces the immediate availability of PHP 5.6.7. Several bugs have been fixed as well as CVE-2015-0231, CVE-2015-2305 and CVE-2015-2331. All PHP 5.6 users are encouraged to upgrade to this version. The PHP development team announces the immediat...
OpenSSL -- Remote Information Disclosure
OpenSSL Reports: A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server. Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately upgrade can alternatively recompile OpenSSL with...
py-graphite-web -- Multiple vulnerabilities
Graphite developers report: This release contains several security fixes for cross-site scripting XSS as well as a fix for a remote-execution exploit in graphite-web CVE-2013-5903...
php -- multiple vulnerabilities
php development team reports: Security Enhancements for both PHP 5.3.11 and PHP 5.4.1: Insufficient validating of upload name leading to corrupted $FILES indices. CVE-2012-1172 Add openbasedir checks to readlinewritehistory and readlinereadhistory. Security Enhancements for both PHP 5.3.11 only:...
proftpd -- multiple sql injection vulnerabilities
Secunia reports: Some vulnerabilities have been reported in ProFTPD, which can be exploited by malicious people to conduct SQL injection attacks. The application improperly sets the character encoding prior to performing SQL queries. This can be exploited to manipulate SQL queries by injecting...
xorg -- multiple vulnerabilities
Matthieu Herrb of X.Org reports: Several vulnerabilities have been identified in server code of the X window system caused by lack of proper input validation on user controlled data in various parts of the software, causing various kinds of overflows. Exploiting these overflows will crash the X...
Vaultwarden -- Multiple vulnerabilities
The Vaultwarden Team reports: This release has several CVE Reports fixed and we recommend everybody to update to the latest version as soon as possible...
x11/libXpm multiple vulnerabilities
The X.Org project reports: CVE-2023-43788: Out of bounds read in XpmCreateXpmImageFromBuffer An out-of-bounds read is located in ParseComment when reading from a memory buffer instead of a file, as it continued to look for the closing comment marker past the end of the buffer. CVE-2023-43789: Out...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update includes 2 security fixes: 1432210 High CVE-2023-2033: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group on 2023-04-11...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 11 security fixes, including: 1336266 High CVE-2022-2477: Use after free in Guest View. Reported by anonymous on 2022-06-14 1335861 High CVE-2022-2478: Use after free in PDF. Reported by triplepwns on 2022-06-13 1329987 High CVE-2022-2479: Insufficie...
Asterisk -- func_odbc: Possible SQL Injection
The Asterisk project reports: Some databases can use backslashes to escape certain characters, such as backticks. If input is provided to funcodbc which includes backslashes it is possible for funcodbc to construct a broken SQL query and the SQL query to fail...
Ruby -- multiple vulnerabilities
Ruby news: This release includes security fixes. Please check the topics below for details. CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP CVE-2021-31799: A command injection vulnerability in RDoc...