6585 matches found
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 11 security fixes, including: 1336266 High CVE-2022-2477: Use after free in Guest View. Reported by anonymous on 2022-06-14 1335861 High CVE-2022-2478: Use after free in PDF. Reported by triplepwns on 2022-06-13 1329987 High CVE-2022-2479: Insufficie...
Asterisk -- func_odbc: Possible SQL Injection
The Asterisk project reports: Some databases can use backslashes to escape certain characters, such as backticks. If input is provided to funcodbc which includes backslashes it is possible for funcodbc to construct a broken SQL query and the SQL query to fail...
Ruby -- multiple vulnerabilities
Ruby news: This release includes security fixes. Please check the topics below for details. CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP CVE-2021-31799: A command injection vulnerability in RDoc...
SOGo -- SAML user authentication impersonation
sogo.nu reports: SOGo was not validating the signatures of any SAML assertions it received. This means any actor with network access to the deployment could impersonate users when SAML was the authentication method...
freetype2 -- heap buffer overlfow
The freetype project reports: A heap buffer overflow has been found in the handling of embedded PNG bitmaps, introduced in FreeType version 2.6...
suricata -- buffer over-read
Mitre reports: An issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the function SSHParseBanner is composed only of a \n character, then the program runs into a heap-based buffer over-read. This occurs because the erroneous search for \r results in an integer underflow...
Flash Player -- multiple vulnerabilities
Adobe reports: This update resolves use-after-free vulnerabilities that could lead to remote code execution CVE-2018-4877, CVE-2018-4878...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: CVE-2017-7845: Buffer overflow when drawing and validating elements with ANGLE library using Direct 3D 9 CVE-2017-7846: JavaScript Execution via RSS in mailbox:// origin CVE-2017-7847: Local path string can be leaked from RSS feed CVE-2017-7848: RSS Feed vulnerable to...
roundcube -- file disclosure vulnerability
MITRE reports: Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target syst...
cURL -- ocsp status validation error
The cURL project reports: SSLVERIFYSTATUS ignored curl and libcurl support "OCSP stapling", also known as the TLS Certificate Status Request extension using the CURLOPTSSLVERIFYSTATUS option. When telling curl to use this feature, it uses that TLS extension to ask for a fresh proof of the server'...
FreeBSD -- OpenSSL Remote DoS vulnerability
Problem Description: Due to improper handling of alert packets, OpenSSL would consume an excessive amount of CPU time processing undefined alert messages. Impact: A remote attacker who can initiate handshakes with an OpenSSL based server can cause the server to consume a lot of computation power...
PHP -- multiple vulnerabilities
PHP reports: Fixed bug 73007 add locale length check Fixed bug 72293 Heap overflow in mysqlnd related to BIT fields Fixed bug 72928 Out of bound when verify signature of zip phar in pharparsezipfile Fixed bug 73029 Missing type check when unserializing SplArray Fixed bug 73052 Memory Corruption i...
Remote-Code-Execution vulnerability in mysql and its variants CVE 2016-6662
LegalHackers' reports: RCE Bugs discovered in MySQL and its variants like MariaDB. It works by manipulating my.cnf files and using --malloc-lib. The bug seems fixed in MySQL 5.7.15 by Oracle...
LibreSSL -- DTLS vulnerability
OpenSSL Security Advisory: A memory leak can occur in the dtls1bufferrecord function under certain conditions. In particular this could occur if an attacker sent repeated DTLS records with the same sequence number but for the next epoch. The memory leak could be exploited by an attacker in a Deni...
cacti -- multiple security vulnerabilities
The Cacti Group, Inc. reports: Important Security Fixes CVE-2013-5588 - XSS issue via installer or device editing CVE-2013-5589 - SQL injection vulnerability in device editing CVE-2014-2326 - XSS issue via CDEF editing CVE-2014-2327 - Cross-site request forgery CSRF vulnerability CVE-2014-2328 -...
asterisk -- Remote Crash Vulnerability in WebSocket Server
The Asterisk project reports: When handling a WebSocket frame the reshttpwebsocket module dynamically changes the size of the memory used to allow the provided payload to fit. If a payload length of zero was received the code would incorrectly attempt to resize to zero. This operation would succe...
asterisk -- Asterisk Susceptibility to POODLE Vulnerability
The Asterisk project reports: The POODLE vulnerability is described under CVE-2014-3566. This advisory describes the Asterisk's project susceptibility to this vulnerability...
OpenSSL -- multiple vulnerabilities
The OpenSSL Project reports: An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle MITM attack where the attacker can decrypt and modify traffic from the attacked client and...
socat -- buffer overflow with data from command line
Florian Weimer of the Red Hat Product Security Team reports: Due to a missing check during assembly of the HTTP request line a long target server name in the PROXY-CONNECT address can cause a stack buffer overrun. Exploitation requires that the attacker is able to provide the target server name t...
apache -- Range header DoS vulnerability
Apache HTTP server project reports: A denial of service vulnerability has been found in the way the multiple overlapping ranges are handled by Apache HTTPD server...
Mozilla certificate spoofing
Mozilla and Mozilla Firefox contains a flaw that may allow a malicious user to spoof SSL certification...
php -- memory_limit related vulnerability
Stefan Esser of e-matters discovered a condition within PHP that may lead to remote execution of arbitrary code. The memorylimit facility is used to notify functions when memory contraints have been met. Under certain conditions, the entry into this facility is able to interrupt functions such as...
electron27 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-6706. Security: backported fix for CVE-2023-6705. Security: backported fix for CVE-2023-6703. Security: backported fix for CVE-2023-6702. Security: backported fix for CVE-2023-6704...
postgresql-server -- Buffer overrun from integer overflow in array modification
PostgreSQL Project reports: While modifying certain SQL array values, missing overflow checks let authenticated database users write arbitrary bytes to a memory area that facilitates arbitrary code execution. Missing overflow checks also let authenticated database users read a wide area of server...
jenkins -- HTTP/2 denial of service vulnerability in bundled Jetty
Jenkins Security Advisory: Description High SECURITY-3291 / CVE-2023-36478, CVE-2023-44487 HTTP/2 denial of service vulnerability in bundled Jetty...
nebula -- security fix for terrapin vulnerability
Upstream reports: Security fix: Update golang.org/x/crypto, which includes a fix for CVE-2023-48795...
mediawiki -- multiple vulnerabilities
Mediawiki reports: T335203, CVE-2023-29197 Upgrade guzzlehttp/psr7 to = 1.9.1/2.4.5. T335612, CVE-2023-36674 Manualthumb bypasses badFile lookup. T332889, CVE-2023-36675 XSS in BlockLogFormatter due to unsafe message use...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Cross-site scripting in "Maximum page reached" page Private project guests can read new changes using a fork Mirror repository error reveals password in Settings UI DOS and high resource consumption of Prometheus server through abuse of Prometheus integration proxy endpoint...
redis -- multiple vulnerabilities
The Redis core team reports: CVE-2022-35977 Integer overflow in the Redis SETRANGE and SORT/SORTRO commands can drive Redis to OOM panic. CVE-2023-22458 Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER commands can lead to denial-of-service...
cURL -- Multiple vulnerabilities
The cURL project reports: UAF and double-free in MQTT sending CVE-2021-22945 Protocol downgrade required TLS bypassed CVE-2021-22946 STARTTLS protocol injection via MITM CVE-2021-22945...
FreeBSD -- dhclient heap overflow
Problem Description: When parsing option 119 data, dhclient8 computes the uncompressed domain list length so that it can allocate an appropriately sized buffer to store the uncompressed list. The code to compute the length failed to handle certain malformed input, resulting in a heap overflow whe...
samba -- Multiple Vulnerabilities
The Samba Team reports: Four vulnerabilities were fixed in samba: CVE-2020-10730: NULL pointer de-reference and use-after-free in Samba AD DC LDAP Server with ASQ, VLV and pagedresults CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume excessive CPU in the AD DC only...
node.js -- multiple vulnerabilities
Node.js reports: OpenSSL: Client DoS due to large DH parameter This fixes a potential denial of service DoS attack against client connections by a malicious server. During a TLS communication handshake, where both client and server agree to use a cipher-suite using DH or DHE Diffie-Hellman, in bo...
cURL -- out of bounds read
The cURL project reports: FTP PWD response parser out of bounds read libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in anonymous or not, it asks the server for the current directory with the PWD command. The server...
openssl -- crash on handshake
The OpenSSL project reports: Severity: High During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake or vice-versa then this can cause OpenSSL to crash dependent on ciphersuite. Both clients and servers are affected. This issue do...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 42 security fixes in this release Please reference CVE/URL list for details...
php -- multiple vulnerabilities
PHP development team reports: Fixed bug 69364 PHP Multipart/form-data remote DoS Vulnerability. CVE-2015-4024 Fixed bug 69418 CVE-2006-7243 fix regressions in 5.4+. CVE-2015-4025 Fixed bug 69545 Integer overflow in ftpgenlist resulting in heap overflow. CVE-2015-4022 Fixed bug 68598 pcntlexec...
ntp -- multiple vulnerabilities
ntp.org reports: Sec 2779 ntpd accepts unauthenticated packets with symmetric key crypto. Sec 2781 Authentication doesn't protect symmetric associations against DoS attacks...
OpenSSL -- multiple vulnerabilities
OpenSSL project reports: Reclassified: RSA silently downgrades to EXPORTRSA Client CVE-2015-0204. OpenSSL only. Segmentation fault in ASN1TYPEcmp CVE-2015-0286 ASN.1 structure reuse memory corruption CVE-2015-0287 PKCS7 NULL pointer dereferences CVE-2015-0289 Base64 decode CVE-2015-0292. OpenSSL...
dbus -- multiple vulnerabilities
Simon McVittie reports: Do not accept an extra fd in the padding of a cmsg message, which could lead to a 4-byte heap buffer overrun CVE-2014-3635. Reduce default for maximum Unix file descriptors passed per message from 1024 to 16, preventing a uid with the default maximum number of connections...
PHP multiple vulnerabilities
The PHP Team reports: insecure temporary file use in the configure script unserialize SPL ArrayObject / SPLObjectStorage Type Confusion Heap buffer over-read in DateInterval fileinfo: cdfreadshortsector insufficient boundary check fileinfo: CDF infinite loop in nelements DoS fileinfo: fileinfo:...
rails -- multiple vulnerabilities
Rails weblog: Rails 3.2.16 and 4.0.2 have been released! These two releases contain important security fixes, so please upgrade as soon as possible! In order to make upgrading as smooth as possible, we've only included commits directly related to each security issue. The security fixes in 3.2.16...
databases/postgresql*-server -- crypt vulnerabilities
The PostgreSQL Global Development Group reports: Today the PHP, OpenBSD and FreeBSD communities announced updates to patch a security hole involving their crypt hashing algorithms. This issue is described in CVE-2012-2143. This vulnerability also affects a minority of PostgreSQL users, and will b...
FreeBSD -- amd64 swapgs local privilege escalation
Problem Description: If a General Protection Fault happens on a FreeBSD/amd64 system while it is returning from an interrupt, trap or system call, the swapgs CPU instruction may be called one extra time when it should not resulting in userland and kernel state being mixed. Impact: A local attacke...
postnuke -- multiple vulnerabilities
Postnuke Security Announcementss reports of the following vulnerabilities: missing input validation within /modules/Messages/readpmsg.php possible path disclosure within /user.php possible path disclosure within /modules/News/article.php possible remote code injection within /includes/pnMod.php...
mantis -- multiple vulnerabilities
Mantis 2.25.8 release reports: Security and maintenance release 0032432: Update guzzlehttp/psr7 to 1.9.1 CVE-2023-29197 0032981: Information Leakage on DokuWiki Integration CVE-2023-44394...
electron{22,24,25} -- Heap buffer overflow in vp8 encoding in libvpx
Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2023-5217...
postgresql-server -- MERGE fails to enforce UPDATE or SELECT row security policies
PostgreSQL Project reports PostgreSQL 15 introduced the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some row that INSERT policies do not forbid, a user could store such rows. Subsequent consequences...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 35 security fixes, including: 1210985 High CVE-2021-30565: Out of bounds write in Tab Groups. Reported by David Erceg on 2021-05-19 1202661 High CVE-2021-30566: Stack buffer overflow in Printing. Reported by Leecraso and Guang Gong of 360 Alpha Lab o...
MySQL -- Multiple vulnerabilities
Oracle reports: This Critical Patch Update contains 48 new security patches for Oracle MySQL. The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle MySQL is 8. NOTE: MariaDB only contains CVE-2020-14812 CVE-2020-14765 CVE-2020-14776 and CVE-2020-14789...