6585 matches found
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Path traversal with potential remote code execution Disclosure of private code via Elasticsearch integration Update Git dependency...
GNU cpio -- multiple vulnerabilities
Sergey Poznyakoff reports: This stable release fixes several potential vulnerabilities CVE-2015-1197: cpio, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive. CVE-2016-2037: The cpiosafernamesuffix function i...
Mozilla -- multiple vulnerabilities
Mozilla Foundation reports: CVE-2019-11707: Type confusion in Array.pop A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. CVE-2019-11708...
curl -- multiple vulnerabilities
curl security problems: CVE-2018-16890: NTLM type-2 out-of-bounds buffer read libcurl contains a heap buffer out-of-bounds read flaw. The function handling incoming NTLM type-2 messages lib/vauth/ntlm.c:ntlmdecodetype2target does not validate incoming data correctly and is subject to an integer...
MySQL -- multiple vulnerabilities
Oracle reports: MySQL Multiple Flaws Let Remote Authenticated Users Access and Modify Data, Remote and Local Users Deny Service, and Local Users Access Data and Gain Elevated Privileges A local user can exploit a flaw in the Replication component to gain elevated privileges CVE-2018-2755. A remot...
ruby -- multiple vulnerabilities
Ruby news: CVE-2017-17742: HTTP response splitting in WEBrick If a script accepts an external input and outputs it without modification as a part of HTTP responses, an attacker can use newline characters to deceive the clients that the HTTP response header is stopped at there, and can inject fake...
payara -- Default typing issue in Jackson Databind
FasterXML jackson-databind before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper,...
Flash Player -- multiple vulnerabilities
Adobe reports: These updates resolve out-of-bounds read vulnerabilities that could lead to remote code execution CVE-2017-3112, CVE-2017-3114, CVE-2017-11213. These updates resolve use after free vulnerabilities that could lead to remote code execution CVE-2017-11215, CVE-2017-11225...
PHP -- denial of service attack
The PHP project reports: The PHP development team announces the immediate availability of PHP 5.6.32. This is a security release. Several security bugs were fixed in this release. All PHP 5.6 users are encouraged to upgrade to this version. The PHP development team announces the immediate...
MySQL -- multiple vulnerabilities
Oracle reports: Please reference CVE/URL list for details...
ImageMagick -- denial of service via a crafted font file
MITRE reports: The ReadCAPTIONImage function in coders/caption.c in ImageMagick allows remote attackers to cause a denial of service infinite loop via a crafted font file...
libxml2 -- Multiple Issues
libxml2 developers report: The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service buffer over-read or information disclosure. A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent i...
icu -- multiple vulnerabilities
NVD reports: International Components for Unicode ICU for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utextsetNativeIndex function. International Components for Unicode ICU for C/C++...
PHP -- multiple vulnerabilities
The PHP project reports: Use After Free Vulnerability in unserialize CVE-2016-9936 Invalid read when wddx decodes empty boolean element CVE-2016-9935...
OpenSSL -- multiple vulnerabilities
OpenSSL reports: High: OCSP Status Request extension unbounded memory growth SSLpeek hang on empty record SWEET32 Mitigation OOB write in MDC2Update Malformed SHA512 ticket DoS OOB write in BNbn2dec OOB read in TSOBJprintbio Pointer arithmetic undefined behaviour Constant time flag not preserved ...
mupdf -- multiple vulnerabilities
Tobias Kortkamp reports: Heap-based buffer overflow in the pdfloadmeshparams function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service crash or execute arbitrary code via a large decode array. Use-after-free vulnerability in the pdfloadxref function in pdf/pdf-xref...
chromium -- vulnerability
Google Chrome Releases reports: 45 security fixes in this release: 758848 High CVE-2017-11215: Use after free in Flash. Reported by JieZeng of Tencent Zhanlu Lab on 2017-08-25 758863 High CVE-2017-11225: Use after free in Flash. Reported by JieZeng of Tencent Zhanlu Lab on 2017-08-25 780919 High...
MySQL -- multiple vulnerabilities
Oracle reports reports: Critical Patch Update contains 31 new security fixes for Oracle MySQL 5.5.48, 5.6.29, 5.7.11 and earlier...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2012-74 Miscellaneous memory safety hazards rv:16.0/ rv:10.0.8 MFSA 2012-75 select element persistance allows for attacks MFSA 2012-76 Continued access to initial origin after setting document.domain MFSA 2012-77 Some DOMWindowUtils methods bypass security checks...
tomcat -- information disclosure vulnerability
The Apache software foundation reports: The "WWW-Authenticate" header for BASIC and DIGEST authentication includes a realm name. If a element is specified for the application in web.xml it will be used. However, a is not specified then Tomcat will generate one. In some circumstances this can expo...
mysql -- MyISAM table privileges security bypass vulnerability for symlinked paths
MySQL Team reports: Additional corrections were made for the symlink-related privilege problem originally addressed. The original fix did not correctly handle the data directory pathname if it contained symlinked directories in its path, and the check was made only at table-creation time, not at...
php -- multiple security vulnerabilities
PHP project reports: Security Enhancements and Fixes in PHP 5.2.5: Fixed dl to only accept filenames. Reported by Laurent Gaffie. Fixed dl to limit argument size to MAXPATHLEN CVE-2007-4887. Reported by Laurent Gaffie. Fixed htmlentities/htmlspecialchars not to accept partial multibyte sequences...
sendmail -- race condition vulnerability
Problem Description A race condition has been reported to exist in the handling by sendmail of asynchronous signals. Impact A remote attacker may be able to execute arbitrary code with the privileges of the user running sendmail, typically root. Workaround There is no known workaround other than...
mozilla -- scripting vulnerabilities
Several scripting vulnerabilities were discovered and corrected in Mozilla: CVE-2004-0905 javascript; links dragged onto another frame or page allows an attacker to steal or modify sensitive information from other sites. The user could be convinced to drag obscurred links in the context of a game...
libxine -- multiple buffer overflows in RTSP
A xine security announcement states: Multiple vulnerabilities have been found and fixed in the Real-Time Streaming Protocol RTSP client for RealNetworks servers, including a series of potentially remotely exploitable buffer overflows. This is a joint advisory by the MPlayer and xine teams as the...
exim -- SQL injection
[email protected] reports: Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Malicious Runner Attachment via GraphQL...
Gitlab -- Multiple vulnerabilities
Gitlab reports: Denial of Service via cloning an issue Arbitrary PUT request as victim user through Sentry error list Content injection via External Status Checks Project maintainers can access Datadog API Key from logs Unsafe serialization of Json data could lead to sensitive data leakage Import...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory: Description High SECURITY-2781 / CVE-2022-34170 SECURITY-2779, CVE-2022-34171 SECURITY-2761, CVE-2022-34172 SECURITY-2776, CVE-2022-34173 SECURITY-2780 Multiple XSS vulnerabilities Medium SECURITY-2566 / CVE-2022-34174 Observable timing discrepancy allows determining...
Grafana -- CSRF
Grafana Labs reports: On Jan. 18, security researchers @jub0bs and @abrahack contacted Grafana to disclose a CSRF vulnerability which allows anonymous attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users for example, Editors or...
FreeBSD-kernel -- SMAP bypass
Problem Description: The FreeBSD kernel enables SMAP during boot when the CPU reports that the SMAP capability is present. Subroutines such as copyin and copyout are responsible for disabling SMAP around the sections of code that perform user memory accesses. Such subroutines must handle page...
tomcat -- JNDI Realm Authentication Weakness in multiple versions
ilja.farber reports: Queries made by the JNDI Realm did not always correctly escape parameters. Parameter values could be sourced from user provided data eg user names as well as configuration data provided by an administrator. In limited circumstances it was possible for users to authenticate...
sudo -- Multiple vulnerabilities
Todd C. Miller reports: When invoked as sudoedit, the same set of command line options are now accepted as for sudo -e. The -H and -P options are now rejected for sudoedit and sudo -e which matches the sudo 1.7 behavior. This is part of the fix for CVE-2021-3156. Fixed a potential buffer overflow...
Node.js -- September 2020 Security Releases
Node.js reports: Updates are now available for v10,x, v12.x and v14.x Node.js release lines for the following issues. HTTP Request Smuggling due to CR-to-Hyphen conversion High CVE-2020-8201 Affected Node.js versions converted carriage returns in HTTP request headers to a hyphen before parsing...
Mozilla -- multiple vulnerabilities
Mozilla Foundation reports: CVE-2019-11708: sandbox escape using Prompt:Open Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When...
MySQL -- multiple vulnerabilities
Oracle reports: Multiple vulnerabilities have been disclosed by Oracle without further detail. CVSS scores 7.1 - 2.7...
Several Security Defects in the Bouncy Castle Crypto APIs
The Legion of the Bouncy Castle reports: Release 1.60 is now available for download. CVE-2018-1000180: issue around primality tests for RSA key pair generation if done using only the low-level API. CVE-2018-1000613: lack of class checking in deserialization of XMSS/XMSS^MT private keys with BDS...
OpenSSL -- multiple vulnerabilities
The OpenSSL project reports: Constructed ASN.1 types with a recursive definition could exceed the stack CVE-2018-0739 Constructed ASN.1 types with a recursive definition such as can be found in PKCS7 could eventually exceed the stack given malicious input with excessive recursion. This could resu...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: Please reference CVE/URL list for details...
phpMyAdmin -- Multiple vulnerabilities
The phpMyAdmin development team reports: Open redirect php-gettext code execution DOS vulnerability in table editing CSS injection in themes Cookie attribute injection attack SSRF in replication DOS in replication status...
OpenSSL -- multiple vulnerabilities
OpenSSL reports: Critical vulnerability in OpenSSL 1.1.0a Fix Use After Free for large message sizes CVE-2016-6309 Moderate vulnerability in OpenSSL 1.0.2i Missing CRL sanity check CVE-2016-7052...
wordpress -- multiple vulnerabilities
Adam Silverstein reports: WordPress 4.5.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.5.2 and earlier are affected by several security issues: redirect bypass in the customizer, reporte...
openssl -- multiple vulnerabilities
OpenSSL project reports: Historically OpenSSL only ever generated DH parameters based on "safe" primes. More recently in version 1.0.2 support was provided for generating X9.42 style parameter files such as those required for RFC 5114 support. The primes used in such files may not be "safe". Wher...
qemu -- denial of service vulnerability in MegaRAID SAS HBA emulation
Prasad J Pandit, Red Hat Product Security Team, reports: Qemu emulator built with the SCSI MegaRAID SAS HBA emulation support is vulnerable to a stack buffer overflow issue. It occurs while processing the SCSI controller's CTRLGETINFO command. A privileged guest user could use this flaw to crash...
MySQL - Multiple vulnerabilities
Oracle reports: Critical Patch Update: MySQL Server, versions 5.5.45 and prior, 5.6.26 and prior...
OpenSSL -- multiple vulnerabilities
The OpenSSL Project reports: A flaw in the DTLS SRTP extension parsing code allows an attacker, who sends a carefully crafted handshake message, to cause OpenSSL to fail to free up to 64k of memory causing a memory leak. This could be exploited in a Denial Of Service attack. This issue affects...
FreeBSD -- Multiple vulnerabilities in file(1) and libmagic(3)
Problem Description: A specifically crafted Composite Document File CDF file can trigger an out-of-bounds read or an invalid pointer dereference. CVE-2012-1571 A flaw in regular expression in the awk script detector makes use of multiple wildcards with unlimited repetitions. CVE-2013-7345 A...
samba -- multiple vulnerabilities
Samba project reports: In Samba's SAMR server we neglect to ensure that attempted password changes will update the bad password count, nor set the lockout flags. This would allow a user unlimited attempts against the password by simply calling ChangePasswordUser2 repeatedly. This is available...
libsndfile -- PAF file processing integer overflow
Secunia reports: Hossein Lotfi has discovered a vulnerability in libsndfile, which can be exploited by malicious people to potentially compromise an application using the library. The vulnerability is caused due to an integer overflow error in the "paf24init" function src/paf.c when processing...
phpmyadmin -- multiple vulnerabilities
The phpMyAdmin development team reports: It was possible to manipulate the PHP session superglobal using some of the Swekey authentication code. This could open a path for other attacks. An unsanitized key from the Servers array is written in a comment of the generated config. An attacker can...