6591 matches found
libxine -- multiple buffer overflows in RTSP
A xine security announcement states: Multiple vulnerabilities have been found and fixed in the Real-Time Streaming Protocol RTSP client for RealNetworks servers, including a series of potentially remotely exploitable buffer overflows. This is a joint advisory by the MPlayer and xine teams as the...
Apache httpd -- Multiple vulnerabilities
The Apache httpd project reports: See changelog or 2.4 vulnerabilities for details...
Gitlab -- vulnerabilities
Attacker can add other projects policy bot as member to their own project and use that bot to trigger pipelines in victims project Group import allows impersonation of users in CI pipelines Developers can bypass code owners approval by changing a MR's base branch Leaking source code of restricted...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Malicious Runner Attachment via GraphQL...
OpenSSL -- Excessive Resource Usage Verifying X.509 Policy Constraints
The OpenSSL project reports: Severity: Low A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update includes 40 security fixes: 1411210 High CVE-2023-1213: Use after free in Swiftshader. Reported by Jaehun Jeong@n3sk of Theori on 2023-01-30 1412487 High CVE-2023-1214: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2023-02-03 1417176...
go -- multiple vulnerabilities
The Go project reports: path/filepath: path traversal in filepath.Clean on Windows On Windows, the filepath.Clean function could transform an invalid path such as a/../c:/b into the valid path c:\b. This transformation of a relative if invalid path into an absolute path could enable a directory...
OpenSSL -- Multiple vulnerabilities
The OpenSSL project reports: X.400 address type confusion in X.509 GeneralName CVE-2023-0286 High: There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for...
chromium -- insufficient data validation in Mojo
Chrome Releases reports: This release contains 1 security fix: 1358134 High CVE-2022-3075: Insufficient data validation in Mojo. Reported by Anonymous on 2022-08-30 Google is aware that an exploit of CVE-2022-3075 exists in the wild...
Grafana -- CSRF
Grafana Labs reports: On Jan. 18, security researchers @jub0bs and @abrahack contacted Grafana to disclose a CSRF vulnerability which allows anonymous attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users for example, Editors or...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 25 security fixes, including: 1263620 High CVE-2021-38008: Use after free in media. Reported by Marcin Towalski of Cisco Talos on 2021-10-26 1260649 High CVE-2021-38009: Inappropriate implementation in cache. Reported by Luan Herrera @lbherrera on...
redis -- multiple vulnerabilities
The Redis Team reports: CVE-2021-41099 Integer to heap buffer overflow handling certain string commands and network payloads, when proto-max-bulk-len is manually configured. CVE-2021-32762 Integer to heap buffer overflow issue in redis-cli and redis-sentinel parsing large multi-bulk replies on so...
FreeBSD-kernel -- SMAP bypass
Problem Description: The FreeBSD kernel enables SMAP during boot when the CPU reports that the SMAP capability is present. Subroutines such as copyin and copyout are responsible for disabling SMAP around the sections of code that perform user memory accesses. Such subroutines must handle page...
tomcat -- JNDI Realm Authentication Weakness in multiple versions
ilja.farber reports: Queries made by the JNDI Realm did not always correctly escape parameters. Parameter values could be sourced from user provided data eg user names as well as configuration data provided by an administrator. In limited circumstances it was possible for users to authenticate...
Node.js -- September 2020 Security Releases
Node.js reports: Updates are now available for v10,x, v12.x and v14.x Node.js release lines for the following issues. HTTP Request Smuggling due to CR-to-Hyphen conversion High CVE-2020-8201 Affected Node.js versions converted carriage returns in HTTP request headers to a hyphen before parsing...
Mozilla -- multiple vulnerabilities
Mozilla Foundation reports: CVE-2019-11708: sandbox escape using Prompt:Open Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When...
py-twisted -- multiple vulnerabilities
Twisted developers reports: All HTTP clients in twisted.web.client now raise a ValueError when called with a method and/or URL that contain invalid characters. This mitigates CVE-2019-12387. Thanks to Alex Brasetvik for reporting this vulnerability. The HTTP/2 server implementation now enforces T...
Several Security Defects in the Bouncy Castle Crypto APIs
The Legion of the Bouncy Castle reports: Release 1.60 is now available for download. CVE-2018-1000180: issue around primality tests for RSA key pair generation if done using only the low-level API. CVE-2018-1000613: lack of class checking in deserialization of XMSS/XMSS^MT private keys with BDS...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: CVE-2018-12359: Buffer overflow using computed size of canvas element CVE-2018-12360: Use-after-free when using focus CVE-2018-12361: Integer overflow in SwizzleData CVE-2018-12358: Same-origin bypass using service worker and redirection CVE-2018-12362: Integer overflo...
proftpd -- user chroot escape vulnerability
NVD reports: ProFTPD ... controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks...
tomcat -- multiple vulnerabilities
The Apache Software Foundation reports: Low: Unrestricted Access to Global Resources CVE-2016-6797 Low: Security Manager Bypass CVE-2016-6796 Low: System Property Disclosure CVE-2016-6794 Low: Security Manager Bypass CVE-2016-5018 Low: Timing Attack CVE-2016-0762...
OpenSSL -- multiple vulnerabilities
OpenSSL reports: Critical vulnerability in OpenSSL 1.1.0a Fix Use After Free for large message sizes CVE-2016-6309 Moderate vulnerability in OpenSSL 1.0.2i Missing CRL sanity check CVE-2016-7052...
openssl -- multiple vulnerabilities
OpenSSL project reports: Historically OpenSSL only ever generated DH parameters based on "safe" primes. More recently in version 1.0.2 support was provided for generating X9.42 style parameter files such as those required for RFC 5114 support. The primes used in such files may not be "safe". Wher...
apache24 -- several vulnerabilities
Apache HTTP SERVER PROJECT reports: moddav: Sending a MERGE request against a URI handled by moddavsvn with the source href sent as part of the request body as XML pointing to a URI that is not configured for DAV will trigger a segfault. modsessiondbd: Make sure that dirty flag is respected when...
FreeBSD -- Privilege escalation when returning from kernel
Problem description: FreeBSD/amd64 runs on CPUs from different vendors. Due to varying behaviour of CPUs in 64 bit mode a sanity check of the kernel may be insufficient when returning from a system call. Successful exploitation of the problem can lead to local kernel privilege escalation, kernel...
php -- vulnerability in certain CGI-based setups
php development team reports: Security Enhancements and Fixes in PHP 5.3.12: Initial fix for cgi-bin ?-s cmdarg parse issue CVE-2012-1823...
typo3 -- Remote Code Execution
The typo3 security team reports: A crafted request to a vulnerable TYPO3 installation will allow an attacker to load PHP code from an external source and to execute it on the TYPO3 installation. This is caused by a PHP file, which is part of the workspaces system extension, that does not validate...
libsndfile -- PAF file processing integer overflow
Secunia reports: Hossein Lotfi has discovered a vulnerability in libsndfile, which can be exploited by malicious people to potentially compromise an application using the library. The vulnerability is caused due to an integer overflow error in the "paf24init" function src/paf.c when processing...
apr -- multiple vunerabilities
Secunia reports: Multiple vulnerabilities have been reported in APR-util, which can be exploited by malicious people to cause a DoS Denial of Service. Two XML parsing vulnerabilities exist in the bundled version of expat. An error within the "aprbrigadesplitline" function in buckets/aprbrigade.c...
firefox -- Re-use of freed object due to scope confusion
Mozilla Project reports: MFSA 2009-25 Re-use of freed object due to scope confusion...
opera -- multiple vulnerabilities
Opera Team reports: Fixed a heap buffer overflow in string to number conversion Fixed an issue where error messages could leak onto unrelated sites Fixed a moderately severe issue, as reported by Chris Evans of the Google Security Team; details will be disclosed at a later date...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: MFSA 2009-64 Crashes with evidence of memory corruption rv:1.9.1.4/ 1.9.0.15 MFSA 2009-63 Upgrade media libraries to fix memory safety bugs MFSA 2009-62 Download filename spoofing with RTL override MFSA 2009-61 Cross-origin data theft through document.getSelection MFSA...
tomcat -- multiple vulnerabilities
Apache Project reports: The Apache Tomcat team is proud to announce the immediate availability of Tomcat 4.1.36 stable. This build contains numerous library updates, A small number of bug fixes and two important security fixes...
Vulnerabilities in H.323 implementations
The NISCC and the OUSPG developed a test suite for the H.323 protocol. This test suite has uncovered vulnerabilities in several H.323 implementations with impacts ranging from denial-of-service to arbitrary code execution. In the FreeBSD Ports Collection, pwlib' is directly affected. Other...
Erlang/OTP -- TLS hostname verification bypass via Subject CommonName fallback and name constraints
https://github.com/erlang/otp/security/advisories/GHSA-22cw-4ph4-6447 reports: Erlang/OTP's TLS hostname verification implements a legacy RFC 6125 fallback that checks the Subject CommonName when the Subject Alternative Name SAN extension is absent, rather than following RFC 9525 which requires...
Gitlab -- Vulnerabilities
Gitlab reports: Run pipelines as any user Stored XSS injected in imported project's commit notes CSRF on GraphQL API IntrospectionQuery Remove search results from public projects with unauthorized repos Cross window forgery in user application OAuth flow Project maintainers can bypass group's mer...
Django -- multiple vulnerabilities
Django reports: CVE-2024-24680:Potential denial-of-service in intcomma template filter...
MariaDB -- Denial-of-Service vulnerability
The MariaDB project reports: Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete...
samba -- multiple vulnerabilities
The Samba Team reports: An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory. The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset...
samba -- buffer overflow in Heimdal unwrap_des3()
The Samba Team reports: The DES for Samba 4.11 and earlier and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc allocated memory when presented with a maliciously small packet...
chromium -- Type confusion in V8
Chrome Releases reports: This release includes one security fix: 1311641 High CVE-2022-1232: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2022-03-30...
gitea -- Open Redirect on login
Andrew Thornton reports: When a location containing backslashes is presented, the existing protections against open redirect are bypassed, because browsers will convert adjacent forward and backslashes within the location to double forward slashes...
moonlight-embedded -- multiple vulnerabilities
The moonlight-embedded project reports: Moonlight Embedded v2.6.1 fixed CVE-2023-42799, CVE-2023-42800, and CVE-2023-42801...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 19 security fixes, including: 1180126 High CVE-2021-30506: Incorrect security UI in Web App Installs. Reported by @retsew0x01 on 2021-02-19 1178202 High CVE-2021-30507: Inappropriate implementation in Offline. Reported by Alison Huffman, Microsoft...
OpenSSL -- Multiple vulnerabilities
The OpenSSL project reports: High: CA certificate check bypass with X509VFLAGX509STRICT CVE-2021-3450The X509VFLAGX509STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. High: NULL pointer deref in signaturealgorithms...
Python -- multiple vulnerabilities
Python reports: bpo-29778: Ensure python3.dll is loaded from correct locations when Python is embedded CVE-2020-15523. bpo-41004: CVE-2020-14422: The hash methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This...
Rails -- remote code execution vulnerability
Ruby on Rails blog: Due to an unfortunate oversight, Rails 4.2.11.2 has a missing constant error. To address this Rails 4.2.11.3 has been released. The original announcement for CVE-2020-8163 has a follow-up message with an updated patch if you’re unable to use the gems...
zeek -- Various vulnerabilities
Jon Siwek of Corelight reports: This release fixes the following security issues: Fix buffer over-read in Ident analyzer Fix SSL scripting error leading to uninitialized field access and memory leak Fix POP3 analyzer global buffer over-read Fix potential stack overflows due to use of...
MySQL Client -- Multiple vulerabilities
Oracle reports: This Critical Patch Update contains 45 new security patches for Oracle MySQL. 9 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials...
clamav -- multiple vulnerabilities
Micah Snyder reports: An out of bounds write was possible within ClamAV&s NSIS bzip2 library when attempting decompression in cases where the number of selectors exceeded the max limit set by the library CVE-2019-12900. The issue has been resolved by respecting that limit. The zip bomb...