6585 matches found
OpenSMTPd -- LPE and RCE in OpenSMTPD's default install
Qualys reports:...
MySQL -- Multiple vulerabilities
Oracle reports: This Critical Patch Update contains 45 new security fixes for Oracle MySQL. 4 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials...
Flash Player -- information disclosure
Adobe reports: This update resolves an out-of-bounds vulnerability that could lead to information disclosure CVE-2019-7090...
chromium -- Stack overflow in V8
Google Chrome Releases reports: 2 security fixes in this release, including: 770452 High CVE-2017-15396: Stack overflow in V8. Reported by Yuan Deng of Ant-financial Light-Year Security Lab on 2017-09-30 770450 Medium CVE-2017-15406: Stack overflow in V8. Reported by Yuan Deng of Ant-financial...
cURL -- out of bounds read
The cURL project reports: FTP PWD response parser out of bounds read libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in anonymous or not, it asks the server for the current directory with the PWD command. The server...
FreeBSD -- OpenSSH Denial of Service vulnerability
Problem Description: There is no limit on the password length. Impact: A remote attacker may be able to cause an affected SSH server to use excessive amount of CPU by sending very long passwords, when PasswordAuthentication is enabled by the system administrator...
samba -- Orpheus Lyre mutual authentication validation bypass
The samba project reports: A MITM attacker may impersonate a trusted server and thus gain elevated access to the domain by returning malicious replication or authorization data...
BIND -- multiple vulnerabilities
ISC reports: A malformed query response received by a recursive server in response to a query of RTYPE ANY could trigger an assertion failure while named is attempting to add the RRs in the query response to the cache. Depending on the type of query and the EDNS options in the query they receive,...
expat -- multiple vulnerabilities
Sebastian Pipping reports: CVE-2012-6702 -- Resolve troublesome internal call to srand that was introduced with Expat 2.1.0 when addressing CVE-2012-0876 issue 496 CVE-2016-5300 -- Use more entropy for hash initialization than the original fix to CVE-2012-0876...
LibreSSL -- Memory leak and buffer overflow
Qualys reports: During the code review of OpenSMTPD a memory leak and buffer overflow an off-by-one, usually stack-based were discovered in LibreSSL's OBJobj2txt function. This function is called automatically during a TLS handshake both client-side, unless an anonymous mode is used, and...
bash -- remote code execution
Note that this is different than the public "Shellshock" issue. Specially crafted environment variables could lead to remote arbitrary code execution. This was fixed in bash 4.3.27, however the port was patched with a mitigation in 4.3.252...
mozilla -- multiple vulnerabilities
The Mozilla Foundation reports of multiple security issues in Firefox, Seamonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program. MFSA 2008-19 XUL popup spoofing variant cross-tab popups MFSA 2008-18 Java sock...
cups-base -- HPGL buffer overflow vulnerability
Ariel Berkman has discovered a buffer overflow vulnerability in CUPS's HPGL input driver. This vulnerability could be exploited to execute arbitrary code with the permission of the CUPS server by printing a specially crated HPGL file...
libwmf -- multiple vulnerabilities
Mitre reports: Multiple buffer overflows in the gd graphics library libgd 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function, a different set of vulnerabilities than...
curl -- OCSP verification bypass with TLS session reuse
Hiroki Kurosawa reports: curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 14 security fixes, including: 1335458 Critical CVE-2022-2156: Use after free in Base. Reported by Mark Brand of Google Project Zero on 2022-06-11 1327312 High CVE-2022-2157: Use after free in Interest groups. Reported by Nan Wang@eternalsakura13 and...
OpenSSL -- BN_mod_exp incorrect results on MIPS
The OpenSSL project reports: BNmodexp may produce incorrect results on MIPS Moderate There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the...
MySQL -- Multiple vulnerabilities
Oracle reports: This Critical Patch Update contains 66 new security patches for Oracle MySQL. 8 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabilitie...
ruby -- XML round-trip vulnerability in REXML
Juho Nurminen reports: When parsing and serializing a crafted XML document, REXML gem including the one bundled with Ruby can create a wrong XML document whose structure is different from the original one. The impact of this issue highly depends on context, but it may lead to a vulnerability in...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release includes 47 security fixes, including the below. Google is aware of reports that an exploit for CVE-2021-21166 exists in the wild. Please see URL for details...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 5 security fixes: 1116304 High CVE-2020-6573: Use after free in video. Reported by Leecraso and Guang Gong of 360 Alpha Lab working with 360 BugCloud on 2020-08-14 1102196 High CVE-2020-6574: Insufficient policy enforcement in installer. Reported by...
spamassassin -- Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings
the Apache Spamassassin project reports: nefarious rule configuration .cf files can be configured to run system commands similar to CVE-2018-11805. This issue is less stealthy and attempts to exploit the issue will throw warnings...
MariaDB -- Vulnerability in C API
MariaDB reports: Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: GitHub Integration SSRF Trigger Token Impersonation Build Status Disclosure SSRF Mitigation Bypass Information Disclosure New Issue ID IDOR Label Name Enumeration Persistent XSS Wiki Pages User Revokation Bypass with Mattermost Integration Arbitrary File Upload via Import Project...
phpMyAdmin -- CSRF vulnerability in login form
The phpMyAdmin development team reports: Summary CSRF vulnerability in login form Description A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken tag pointing at the victim's phpMyAdmi...
samba -- multiple vulnerabilities
The samba project reports: The checksum validation in the S4U2Self handler in the embedded Heimdal KDC did not first confirm that the checksum was keyed, allowing replacement of the requested target client principal Authenticated users with write permission can trigger a symlink traversal to writ...
Flash Player -- arbitrary code execution
Adobe reports: This update resolves a use-after-free vulnerability that could lead to arbitrary code execution CVE-2019-7837...
PostgreSQL -- Memory disclosure in partition routing
The PostgreSQL project reports: Prior to this release, a user running PostgreSQL 11 can read arbitrary bytes of server memory by executing a purpose-crafted INSERT statement to a partitioned table...
webkit2-gtk3 -- Multiple vulnerabilities
The WebKitGTK project reports many vulnerabilities, including several arbitrary code execution vulnerabilities...
Gitlab -- Multiple vulnerabilities
Gitlab reports: Remote Command Execution via GitLab Pages Covert Redirect to Steal GitHub/Bitbucket Tokens Remote Mirror Branches Leaked by Git Transfer Refs Denial of Service with Markdown Guests Can View List of Group Merge Requests Guest Can View Merge Request Titles via System Notes Persisten...
MySQL -- multiple vulnerabilities
Oracle reports: Please reference CVE/URL list for details Not all listed CVE's are present in all versions/flavors...
ntp -- Crafted null dereference attack from a trusted source with an authenticated mode 6 packet
Network Time Foundation reports: A crafted malicious authenticated mode 6 ntpq packet from a permitted network address can trigger a NULL pointer dereference, crashing ntpd. Note that for this attack to work, the sending system must be on an address that the target's ntpd accepts mode 6 packets...
FreeBSD -- OpenSSL multiple vulnerabilities
Problem Description: If an X.509 certificate has a malformed IPAddressFamily extension, OpenSSL could do a one-byte buffer overread. CVE-2017-3735 There is a carry propagating bug in the x8664 Montgomery squaring procedure. This only affects processors that support the BMI1, BMI2 and ADX extensio...
wordpress -- multiple issues
wordpress developers report: Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL. Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name. Before versi...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: Please reference CVE/URL list for details...
sudo -- Potential bypass of sudo_noexec.so via wordexp()
Todd C. Miller reports: A flaw exists in sudo's noexec functionality that may allow a user with sudo privileges to run additional commands even when the NOEXEC tag has been applied to a command that uses the wordexp function...
php -- multiple vulnerabilities
PHP reports: Phar: Fixed bug 69720 Null pointer dereference in phargetfpoffset. Fixed bug 70433 Uninitialized pointer in pharmakedirstream when zip entry filename is "/"...
Several vulnerabilities found in PHP
The PHP project reports: The PHP development team announces the immediate availability of PHP 5.4.40. 14 security-related bugs were fixed in this release, including CVE-2014-9709, CVE-2015-2301, CVE-2015-2783, CVE-2015-1352. All PHP 5.4 users are encouraged to upgrade to this version. The PHP...
drupal7 -- SQL injection
Drupal Security Team reports: Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution...
apache22 -- several vulnerabilities
Apache HTTP SERVER PROJECT reports: moddeflate: The DEFLATE input filter inflates request bodies now limits the length and compression ratio of inflated request bodies to avoid denial of service via highly compressed bodies. See directives DeflateInflateLimitRequestBody, DeflateInflateRatioLimit,...
wordpress -- multiple vulnerabilities
Wordpress reports: WordPress 3.5.1 also addresses the following security issues: A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress...
wireshark -- denial of service in DRDA dissector
RedHat security team reports: A denial of service flaw was found in the way Distributed Relational Database Architecture DRDA dissector of Wireshark, a network traffic analyzer, performed processing of certain DRDA packet capture files. A remote attacker could create a specially-crafted capture...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2012-42 Miscellaneous memory safety hazards rv:14.0/ rv:10.0.6 MFSA 2012-43 Incorrect URL displayed in addressbar through drag and drop MFSA 2012-44 Gecko memory corruption MFSA 2012-45 Spoofing issue with location MFSA 2012-46 XSS through data: URLs MFSA 2012-47...
Dokuwiki -- cross site scripting vulnerability
Andy Webber reports: Add User appears to be vulnerable to Cross Site Request Forgery CSRF/XSRF...
php5 -- Multiple security issues
Vendor reports Security Enhancements and Fixes in PHP 5.2.11: Fixed certificate validation inside phpopensslapplyverificationpolicy. Fixed sanity check for the color index in imagecolortransparent. Added missing sanity checks around exif processing. Fixed bug 44683 popen crashes when an invalid...
FreeBSD -- DNS cache poisoning
Problem Description: The BIND DNS implementation does not randomize the UDP source port when doing remote queries, and the query id alone does not provide adequate randomization. Impact: The lack of source port randomization reduces the amount of data the attacker needs to guess in order to...
lighttpd -- FastCGI header overrun in mod_fastcgi
lighttpd maintainer reports: Lighttpd is prone to a header overflow when using the modfastcgi extension, this can lead to arbitrary code execution in the fastcgi application. For a detailed description of the bug see the external reference. This bug was found by Mattias Bengtsson and Philip Olaus...
mozilla -- multiple vulnerabilities
The Mozilla Foundation reports of multiple security issues in Firefox, Seamonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program. MFSA 2006-64 Crashes with evidence of memory corruption rv:1.8.0.7 MFSA 2006-63...
awstats -- arbitrary code execution vulnerability
An iDEFENSE Security Advisory reports: Remote exploitation of an input validation vulnerability in AWStats allows remote attackers to execute arbitrary commands. The problem specifically exists because of insufficient input filtering before passing user-supplied data to an eval function. As part ...
cups -- print queue browser denial-of-service
If the CUPS server cupsd receives a zero-length UDP message, it will disable its print queue browser service...