6588 matches found
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 25 security fixes, including: 1263620 High CVE-2021-38008: Use after free in media. Reported by Marcin Towalski of Cisco Talos on 2021-10-26 1260649 High CVE-2021-38009: Inappropriate implementation in cache. Reported by Luan Herrera @lbherrera on...
FreeBSD-kernel -- SMAP bypass
Problem Description: The FreeBSD kernel enables SMAP during boot when the CPU reports that the SMAP capability is present. Subroutines such as copyin and copyout are responsible for disabling SMAP around the sections of code that perform user memory accesses. Such subroutines must handle page...
tomcat -- JNDI Realm Authentication Weakness in multiple versions
ilja.farber reports: Queries made by the JNDI Realm did not always correctly escape parameters. Parameter values could be sourced from user provided data eg user names as well as configuration data provided by an administrator. In limited circumstances it was possible for users to authenticate...
Node.js -- September 2020 Security Releases
Node.js reports: Updates are now available for v10,x, v12.x and v14.x Node.js release lines for the following issues. HTTP Request Smuggling due to CR-to-Hyphen conversion High CVE-2020-8201 Affected Node.js versions converted carriage returns in HTTP request headers to a hyphen before parsing...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Path Traversal to Arbitrary File Read User Permissions Not Validated in ProjectExportWorker XSS Vulnerability in File API Package and File Disclosure through GitLab Workhorse XSS Vulnerability in Create Groups Issue and Merge Request Activity Counts Exposed Email Confirmation Bypa...
Mozilla -- multiple vulnerabilities
Mozilla Foundation reports: CVE-2019-11708: sandbox escape using Prompt:Open Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When...
Several Security Defects in the Bouncy Castle Crypto APIs
The Legion of the Bouncy Castle reports: Release 1.60 is now available for download. CVE-2018-1000180: issue around primality tests for RSA key pair generation if done using only the low-level API. CVE-2018-1000613: lack of class checking in deserialization of XMSS/XMSS^MT private keys with BDS...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: CVE-2018-12359: Buffer overflow using computed size of canvas element CVE-2018-12360: Use-after-free when using focus CVE-2018-12361: Integer overflow in SwizzleData CVE-2018-12358: Same-origin bypass using service worker and redirection CVE-2018-12362: Integer overflo...
OpenSSL -- multiple vulnerabilities
The OpenSSL project reports: Constructed ASN.1 types with a recursive definition could exceed the stack CVE-2018-0739 Constructed ASN.1 types with a recursive definition such as can be found in PKCS7 could eventually exceed the stack given malicious input with excessive recursion. This could resu...
tomcat -- multiple vulnerabilities
The Apache Software Foundation reports: Low: Unrestricted Access to Global Resources CVE-2016-6797 Low: Security Manager Bypass CVE-2016-6796 Low: System Property Disclosure CVE-2016-6794 Low: Security Manager Bypass CVE-2016-5018 Low: Timing Attack CVE-2016-0762...
OpenSSL -- multiple vulnerabilities
OpenSSL reports: Critical vulnerability in OpenSSL 1.1.0a Fix Use After Free for large message sizes CVE-2016-6309 Moderate vulnerability in OpenSSL 1.0.2i Missing CRL sanity check CVE-2016-7052...
openssl -- multiple vulnerabilities
OpenSSL project reports: Historically OpenSSL only ever generated DH parameters based on "safe" primes. More recently in version 1.0.2 support was provided for generating X9.42 style parameter files such as those required for RFC 5114 support. The primes used in such files may not be "safe". Wher...
qemu -- denial of service vulnerability in MegaRAID SAS HBA emulation
Prasad J Pandit, Red Hat Product Security Team, reports: Qemu emulator built with the SCSI MegaRAID SAS HBA emulation support is vulnerable to a stack buffer overflow issue. It occurs while processing the SCSI controller's CTRLGETINFO command. A privileged guest user could use this flaw to crash...
MySQL - Multiple vulnerabilities
Oracle reports: Critical Patch Update: MySQL Server, versions 5.5.45 and prior, 5.6.26 and prior...
OpenSSL -- multiple vulnerabilities
The OpenSSL Project reports: A flaw in the DTLS SRTP extension parsing code allows an attacker, who sends a carefully crafted handshake message, to cause OpenSSL to fail to free up to 64k of memory causing a memory leak. This could be exploited in a Denial Of Service attack. This issue affects...
apache24 -- several vulnerabilities
Apache HTTP SERVER PROJECT reports: moddav: Sending a MERGE request against a URI handled by moddavsvn with the source href sent as part of the request body as XML pointing to a URI that is not configured for DAV will trigger a segfault. modsessiondbd: Make sure that dirty flag is respected when...
php -- vulnerability in certain CGI-based setups
php development team reports: Security Enhancements and Fixes in PHP 5.3.12: Initial fix for cgi-bin ?-s cmdarg parse issue CVE-2012-1823...
libsndfile -- PAF file processing integer overflow
Secunia reports: Hossein Lotfi has discovered a vulnerability in libsndfile, which can be exploited by malicious people to potentially compromise an application using the library. The vulnerability is caused due to an integer overflow error in the "paf24init" function src/paf.c when processing...
apr -- multiple vunerabilities
Secunia reports: Multiple vulnerabilities have been reported in APR-util, which can be exploited by malicious people to cause a DoS Denial of Service. Two XML parsing vulnerabilities exist in the bundled version of expat. An error within the "aprbrigadesplitline" function in buckets/aprbrigade.c...
opera -- multiple vulnerabilities
Opera Team reports: Fixed a heap buffer overflow in string to number conversion Fixed an issue where error messages could leak onto unrelated sites Fixed a moderately severe issue, as reported by Chris Evans of the Google Security Team; details will be disclosed at a later date...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: MFSA 2009-64 Crashes with evidence of memory corruption rv:1.9.1.4/ 1.9.0.15 MFSA 2009-63 Upgrade media libraries to fix memory safety bugs MFSA 2009-62 Download filename spoofing with RTL override MFSA 2009-61 Cross-origin data theft through document.getSelection MFSA...
tomcat -- multiple vulnerabilities
Apache Project reports: The Apache Tomcat team is proud to announce the immediate availability of Tomcat 4.1.36 stable. This build contains numerous library updates, A small number of bug fixes and two important security fixes...
Vulnerabilities in H.323 implementations
The NISCC and the OUSPG developed a test suite for the H.323 protocol. This test suite has uncovered vulnerabilities in several H.323 implementations with impacts ranging from denial-of-service to arbitrary code execution. In the FreeBSD Ports Collection, pwlib' is directly affected. Other...
Erlang/OTP -- TLS hostname verification bypass via Subject CommonName fallback and name constraints
https://github.com/erlang/otp/security/advisories/GHSA-22cw-4ph4-6447 reports: Erlang/OTP's TLS hostname verification implements a legacy RFC 6125 fallback that checks the Subject CommonName when the Subject Alternative Name SAN extension is absent, rather than following RFC 9525 which requires...
Django -- multiple vulnerabilities
Django reports: CVE-2024-24680:Potential denial-of-service in intcomma template filter...
samba -- multiple vulnerabilities
The Samba Team reports: An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory. The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update includes 40 security fixes: 1411210 High CVE-2023-1213: Use after free in Swiftshader. Reported by Jaehun Jeong@n3sk of Theori on 2023-01-30 1412487 High CVE-2023-1214: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2023-02-03 1417176...
chromium -- insufficient data validation in Mojo
Chrome Releases reports: This release contains 1 security fix: 1358134 High CVE-2022-3075: Insufficient data validation in Mojo. Reported by Anonymous on 2022-08-30 Google is aware that an exploit of CVE-2022-3075 exists in the wild...
samba -- buffer overflow in Heimdal unwrap_des3()
The Samba Team reports: The DES for Samba 4.11 and earlier and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc allocated memory when presented with a maliciously small packet...
chromium -- Type confusion in V8
Chrome Releases reports: This release includes one security fix: 1311641 High CVE-2022-1232: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2022-03-30...
gitea -- Open Redirect on login
Andrew Thornton reports: When a location containing backslashes is presented, the existing protections against open redirect are bypassed, because browsers will convert adjacent forward and backslashes within the location to double forward slashes...
moonlight-embedded -- multiple vulnerabilities
The moonlight-embedded project reports: Moonlight Embedded v2.6.1 fixed CVE-2023-42799, CVE-2023-42800, and CVE-2023-42801...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 19 security fixes, including: 1180126 High CVE-2021-30506: Incorrect security UI in Web App Installs. Reported by @retsew0x01 on 2021-02-19 1178202 High CVE-2021-30507: Inappropriate implementation in Offline. Reported by Alison Huffman, Microsoft...
OpenSSL -- Multiple vulnerabilities
The OpenSSL project reports: High: CA certificate check bypass with X509VFLAGX509STRICT CVE-2021-3450The X509VFLAGX509STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. High: NULL pointer deref in signaturealgorithms...
Python -- multiple vulnerabilities
Python reports: bpo-29778: Ensure python3.dll is loaded from correct locations when Python is embedded CVE-2020-15523. bpo-41004: CVE-2020-14422: The hash methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This...
Rails -- remote code execution vulnerability
Ruby on Rails blog: Due to an unfortunate oversight, Rails 4.2.11.2 has a missing constant error. To address this Rails 4.2.11.3 has been released. The original announcement for CVE-2020-8163 has a follow-up message with an updated patch if you’re unable to use the gems...
zeek -- Various vulnerabilities
Jon Siwek of Corelight reports: This release fixes the following security issues: Fix buffer over-read in Ident analyzer Fix SSL scripting error leading to uninitialized field access and memory leak Fix POP3 analyzer global buffer over-read Fix potential stack overflows due to use of...
clamav -- multiple vulnerabilities
Micah Snyder reports: An out of bounds write was possible within ClamAV&s NSIS bzip2 library when attempting decompression in cases where the number of selectors exceeded the max limit set by the library CVE-2019-12900. The issue has been resolved by respecting that limit. The zip bomb...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS CVE-2019-9816: Type confusion with object groups and UnboxedObjects CVE-2019-9817: Stealing of cross-domain images using canvas CVE-2019-9818: Use-after-free in crash generation server...
python 3.6 -- multiple vulnerabilities
Python changelog: bpo-35907: CVE-2019-9948: Avoid file reading by disallowing local-file:// and localfile:// URL schemes in URLopener.open and URLopener.retrieve of urllib.request. bpo-36742: Fixes mishandling of pre-normalization characters in urlsplit. bpo-30458: Address CVE-2019-9740 by...
py-twisted -- multiple vulnerabilities
Twisted developers reports: All HTTP clients in twisted.web.client now raise a ValueError when called with a method and/or URL that contain invalid characters. This mitigates CVE-2019-12387. Thanks to Alex Brasetvik for reporting this vulnerability. The HTTP/2 server implementation now enforces T...
urllib3 -- multiple vulnerabilities
NIST reports: by search in the range 2018/01/01 - 2019/11/10: urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect i.e., a redirect that differs in host, port, or scheme. This can allow for credentials in the Authorization header to be...
node.js -- multiple vulnerabilities
Node.js reports: Updates are now available for all active Node.js release lines. These include fixes for the vulnerabilities identified in the initial announcement. They also include upgrades of Node.js 6 and 8 to OpenSSL 1.0.2q, and upgrades of Node.js 10 and 11 to OpenSSL 1.1.0j. We recommend...
proftpd -- user chroot escape vulnerability
NVD reports: ProFTPD ... controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks...
xen-tools -- oob access in cirrus bitblt copy
The Xen Project reports: When doing bitblt copy backwards, qemu should negate the blit width. This avoids an oob access before the start of video memory. A malicious guest administrator can cause an out of bounds memory access, possibly leading to information disclosure or privilege escalation...
FreeRADIUS -- TLS resumption authentication bypass
Stefan Winter reports: The TLS session cache in FreeRADIUS before 3.0.14 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers such as malicious 802.1X supplicants to bypass authentication via PEAP or TTLS...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: Please reference CVE/URL list for details...
nginx -- a specially crafted request might result in worker process crash
Maxim Dounin reports: A problem was identified in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while writing client request body to a temporary file...
glibc -- getaddrinfo stack-based buffer overflow
Fabio Olive Leite reports: A stack-based buffer overflow was found in libresolv when invoked from nssdns, allowing specially crafted DNS responses to seize control of EIP in the DNS client. The buffer overflow occurs in the functions senddg send datagram and sendvc send TCP for the NSS module...
openssl -- multiple vulnerabilities
The OpenSSL team reports: Missing DHE man-in-the-middle protection Logjam CVE-2015-4000 Malformed ECParameters causes infinite loop CVE-2015-1788 Exploitable out-of-bounds read in X509cmptime CVE-2015-1789 PKCS7 crash with missing EnvelopedContent CVE-2015-1790 CMS verify infinite loop with unkno...