6585 matches found
rubygem-geminabox -- XSS & CSRF vulnerabilities
Gem in a box XSS vulenrability - CVE-2017-14506: Malicious attacker create GEM file with crafted homepage value gem.homepage in .gemspec file includes XSS payload. The attacker access geminabox system and uploads the gem file or uses CSRF/SSRF attack to do so. From now on, any user access Geminab...
php -- multiple vulnerabilities
PHP development team reports: Security Enhancements and Fixes in PHP 5.3.7: Updated cryptblowfish to 1.2. CVE-2011-2483 Fixed crash in errorlog. Reported by Mateusz Kocielski Fixed buffer overflow on overlog salt in crypt. Fixed bug 54939 File path injection vulnerability in RFC1867 File upload...
OpenSSL -- Multiple vulnerabilities
The OpenSSL project reports: Severity: low Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. The function X509VERIFYPARAMadd0policy is documented to implicitly enable the certificate policy check...
go -- multiple vulnerabilities
The Go project reports: crypto/rand: rand.Read hangs with extremely large buffers On Windows, rand.Read will hang indefinitely if passed a buffer larger than 1 32 - 1 bytes. crypto/tls: session tickets lack random ticketageadd Session tickets generated by crypto/tls did not contain a randomly...
Prometheus -- arbitrary redirects
Prometheus reports: Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an attacker to craft an...
rubygem-json -- Unsafe Objection Creation Vulnerability in JSON (Additional fix)
When parsing certain JSON documents, the json gem including the one bundled with Ruby can be coerced into creating arbitrary objects in the target system. This is the same issue as CVE-2013-0269. The previous fix was incomplete, which addressed JSON.parseuserinput, but didn’t address some other...
FreeBSD -- File description reference count leak
Problem Description: FreeBSD 12.0 attempts to handle the case where the receiving process does not provide a sufficiently large buffer for an incoming control message containing rights. In particular, to avoid leaking the corresponding descriptors into the receiving process' descriptor table, the...
messagelib -- HTML email can open browser window automatically
Albert Astals Cid reports: messagelib is the library used by KMail to display emails. messagelib by default displays emails as plain text, but gives the user an option to "Prefer HTML to plain text" in the settings and if that option is not enabled there is way to enable HTML display when an emai...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory: Description High SECURITY-897 / CVE-2018-1999001 Users without Overall/Read permission can have Jenkins reset parts of global configuration on the next restart High SECURITY-914 / CVE-2018-1999002 Arbitrary file read vulnerability Medium SECURITY-891 / CVE-2018-1999003...
PHP5 -- memory corruption in openssl_x509_parse()
Stefan Esser reports: The PHP function opensslx509parse uses a helper function called asn1timetotimet to convert timestamps from ASN1 string format into integer timestamp values. The parser within this helper function is not binary safe and can therefore be tricked to write up to five NUL bytes...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update includes 2 security fixes: 1432210 High CVE-2023-2033: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group on 2023-04-11...
chromium -- Type confusion in V8
Chrome Releases reports: This release contains 1 security fix: 1378239 High CVE-2022-3723: Type Confusion in V8. Reported by Jan Vojtešek, Milánek, and Przemek Gmerek of Avast on 2022-10-25...
Node.js -- July 7th 2022 Security Releases
Node.js reports: HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding MediumCVE-2022-32213 The llhttp parser in the http module does not correctly parse and validate Transfer-Encoding headers. This can lead to HTTP Request Smuggling HRS. HTTP Request Smuggling - Improper Delimiting of...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 37 security fixes, including: $TBD1275020 Critical CVE-2022-0096: Use after free in Storage. Reported by Yangkang @dnpushme of 360 ATA on 2021-11-30 1117173 High CVE-2022-0097: Inappropriate implementation in DevTools. Reported by David Erceg on...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 27 security fixes, including: 1233975 High CVE-2021-30606: Use after free in Blink. Reported by Nan Wang @eternalsakura13 and koocola @alocook of 360 Alpha Lab on 2021-07-28 1235949 High CVE-2021-30607: Use after free in Permissions. Reported by...
Intel CPU issues
Intel reports: Intel CPUs suffer Special Register Buffer Data Sampling vulnerability...
samba -- multiple vulnerabilities
The Samba Team reports: CVE-2020-10700 A client combining the 'ASQ' and 'Paged Results' LDAP controls can cause a use-after-free in Samba's AD DC LDAP server. CVE-2020-10704 A deeply nested filter in an un-authenticated LDAP search can exhaust the LDAP server's stack memory causing a SIGSEGV...
OpenSMTPd -- Local information disclosure
Qualys reports: We discovered a minor vulnerability in OpenSMTPD, OpenBSD's mail server: an unprivileged local attacker can read the first line of an arbitrary file for example, root's password hash in /etc/master.passwd or the entire contents of another user's file if this file and...
Flash Player -- arbitrary code execution
Adobe reports: This update resolves a type confusion vulnerability that could lead to arbitrary code execution CVE-2020-3757...
Python -- multiple vulnerabilities
Python reports: The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager...
BIND -- Remote Denial of Service vulnerability
ISC reports: Testing by ISC has uncovered a critical error condition which can occur when a nameserver is constructing a response. A defect in the rendering of messages into packets can cause named to exit with an assertion failure in buffer.c while constructing a response to a query that meets...
payara -- Multiple vulnerabilities
Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution. Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware subcomponent: Administration. Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability...
xen-kernel -- CPU lockup during exception delivery
The Xen Project reports: A malicious HVM guest administrator can cause a denial of service. Specifically, prevent use of a physical CPU for a significant, perhaps indefinite period. If a host watchdog Xen or dom0 is in use, this can lead to a watchdog timeout and consequently a reboot of the host...
apache24 -- multiple vulnerabilities
Jim Jagielski reports: CVE-2015-3183 cve.mitre.org core: Fix chunk header parsing defect. Remove aprbrigadeflatten, buffering and duplicated code from the HTTPIN filter, parse chunks in a single pass with zero copy. Limit accepted chunk-size to 2^63-1 and be strict about chunk-ext authorized...
php -- multiple vulnerabilities
php development team reports: Security Enhancements for both PHP 5.3.11 and PHP 5.4.1: Insufficient validating of upload name leading to corrupted $FILES indices. CVE-2012-1172 Add openbasedir checks to readlinewritehistory and readlinereadhistory. Security Enhancements for both PHP 5.3.11 only:...
proftpd -- Long Command Processing Vulnerability
Secunia reports: The vulnerability is caused due to the application truncating an overly long FTP command, and improperly interpreting the remainder string as a new FTP command. This can be exploited to execute arbitrary FTP commands with the privileges of another user by e.g. tricking the user...
net-snmp -- denial of service via GETBULK request
CVE reports: The SNMP agent snmpagent.c in net-snmp before 5.4.1 allows remote attackers to cause a denial of service CPU and memory consumption via a GETBULK request with a large max-repeaters value...
xorg server -- Multiple vulnerabilities
The X.Org project reports: CVE-2024-31080: Heap buffer overread/data leakage in ProcXIGetSelectedEvents The ProcXIGetSelectedEvents function uses the byte-swapped length of the return data for the amount of data to return to the client, if the client has a different endianness than the X server...
powerdns-recursor -- Multiple Vulnerabilities
[email protected] reports: CVE-2023-50868: The Closest Encloser Proof aspect of the DNS protocol in RFC 5155 when RFC 9276 guidance is skipped allows remote attackers to cause a denial of service CPU consumption for SHA-1 computations via DNSSEC responses in a random subdomain attack, aka the "NSEC3"...
electron25 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-4071. Security: backported fix for CVE-2023-4070. Security: backported fix for CVE-2023-4075. Security: backported fix for CVE-2023-4076. Security: backported fix for CVE-2023-4074...
polkit -- Local Privilege Escalation
Qualys reports: We discovered a Local Privilege Escalation from any user to root in polkit's pkexec, a SUID-root program that is installed by default on every major Linux distribution...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 8 security fixes, including: 1259864 High CVE-2021-37997 : Use after free in Sign-In. Reported by Wei Yuan of MoyunSec VLab on 2021-10-14 1259587 High CVE-2021-37998 : Use after free in Garbage Collection. Reported by Cassidy Kim of Amber Security La...
samba -- negative idmap cache entries vulnerability
The Samba Team reports: CVE-2021-20254: Negative idmap cache entries can cause incorrect group entries in the Samba file server process token...
cURL -- Multiple vulnerabilities
The cURL project reports: Trusting FTP PASV responses CVE-2020-8284 FTP wildcard stack overflow CVE-2020-8285 Inferior OCSP verification CVE-2020-8286...
freetype2 -- heap buffer overlfow
The freetype project reports: A heap buffer overflow has been found in the handling of embedded PNG bitmaps, introduced in FreeType version 2.6...
FreeBSD -- Kernel memory disclosure with nested jails
Problem Description: A missing NUL-termination check for the jailset2 configration option "osrelease" may return more bytes when reading the jail configuration back with jailget2 than were originally set. Impact: For jails with a non-default setting of children.max 0 "nested jails" a superuser...
Gitlab -- Disclosure Vulnerabilities
Gitlab reports: Disclosure of Private Code, Merge Requests and Commits via Elasticsearch integration...
FreeBSD -- Microarchitectural Data Sampling (MDS)
Problem Description: On some Intel processors utilizing speculative execution a local process may be able to infer stale information from microarchitectural buffers to obtain a memory disclosure. Impact: An attacker may be able to read secret data from the kernel or from a process when executing...
suricata -- buffer over-read
Mitre reports: An issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the function SSHParseBanner is composed only of a \n character, then the program runs into a heap-based buffer over-read. This occurs because the erroneous search for \r results in an integer underflow...
node.js -- Data Confidentiality/Integrity Vulnerability, December 2017
Node.js reports: Data Confidentiality/Integrity Vulnerability - CVE-2017-15896 Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSLread due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: Please reference CVE/URL list for details...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: Please reference CVE/URL list for details...
php -- multiple vulnerabilities
The PHP Group reports: Core: Fixed bug 72114 Integer underflow / arbitrary null write in fread/gzread. CVE-2016-5096 PHP 5.5/5.6 only Fixed bug 72135 Integer Overflow in phphtmlentities. CVE-2016-5094 PHP 5.5/5.6 only GD: Fixed bug 72227 imagescale out-of-bounds read. CVE-2013-7456 Intl: Fixed bu...
dropbear -- authorized_keys command= bypass
Matt Johnson reports: Validate X11 forwarding input. Could allow bypass of authorizedkeys command= restrictions...
phpmyadmin -- Multiple full path disclosure vulnerabilities
The phpMyAdmin development team reports: By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. We consider these vulnerabilities to ...
elasticsearch -- remote code execution via transport protocol
Elastic reports: Vulnerability Summary: Elasticsearch versions prior to 1.6.1 are vulnerable to an attack that can result in remote code execution. Remediation Summary: Users should upgrade to 1.6.1 or 1.7.0. Alternately, ensure that only trusted applications have access to the transport protocol...
Several vulnerabilities found in PHP
The PHP project reports: The PHP development team announces the immediate availability of PHP 5.6.7. Several bugs have been fixed as well as CVE-2015-0231, CVE-2015-2305 and CVE-2015-2331. All PHP 5.6 users are encouraged to upgrade to this version. The PHP development team announces the immediat...
OpenSSL -- Remote Information Disclosure
OpenSSL Reports: A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server. Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately upgrade can alternatively recompile OpenSSL with...
py-graphite-web -- Multiple vulnerabilities
Graphite developers report: This release contains several security fixes for cross-site scripting XSS as well as a fix for a remote-execution exploit in graphite-web CVE-2013-5903...
proftpd -- multiple sql injection vulnerabilities
Secunia reports: Some vulnerabilities have been reported in ProFTPD, which can be exploited by malicious people to conduct SQL injection attacks. The application improperly sets the character encoding prior to performing SQL queries. This can be exploited to manipulate SQL queries by injecting...