6585 matches found
firefox -- Re-use of freed object due to scope confusion
Mozilla Project reports: MFSA 2009-25 Re-use of freed object due to scope confusion...
libcdaudio -- remote buffer overflow and code execution
securityfocus reports: The 'libcdaudio' library is prone to a remote heap code in the context of an application that uses the library. Failed attacks will cause denial-of-service conditions. A buffer-overflow in Grip occurs when the software processes a response to a CDDB query that has more than...
tomcat -- XSS vulnerability in sample applications
The Apache Project reports: The JSP and Servlet included in the sample application within the Tomcat documentation webapp did not escape user provided data before including it in the output. This enabled a XSS attack. These pages have been simplified not to use any user provided data in the outpu...
tomcat -- multiple vulnerabilities
Apache Project reports: The Apache Tomcat team is proud to announce the immediate availability of Tomcat 4.1.36 stable. This build contains numerous library updates, A small number of bug fixes and two important security fixes...
bind -- buffer overrun vulnerability
An ISC advisory reports a buffer overrun vulnerability within bind. The vulnerability could result in a Denial of Service. A workaround is available by disabling recursion and glue fetching...
squid -- buffer overflow vulnerability in gopherToHTML
The squid patches page notes: A malicious gopher server may return a response with very long lines that cause a buffer overflow in Squid. Workaround: Since gopher is very obscure these days, do not allow Squid to any gopher servers. Use an ACL rule like: acl Gopher proto gopher httpaccess deny...
php -- readfile() DoS vulnerability
A SUSE Security advisory reports: A bug in the readfile function of php4 could be used to to crash the httpd running the php4 code when accessing files with a multiple of the architectures page size leading to a denial of service...
bind8 negative cache poison attack
A programming error in BIND 8 named can result in a DNS message being incorrectly cached as a negative response. As a result, an attacker may arrange for malicious DNS messages to be delivered to a target name server, and cause that name server to cache a negative response for some target domain...
Django -- multiple vulnerabilities
Django reports: CVE-2023-31047: Potential bypass of validation when uploading multiple files using one form field...
Grafana -- Critical vulnerability in golang
Grafana Labs reports: An issue in how go handles backticks with Javascript can lead to an injection of arbitrary code into go templates. While Grafana Labs software contains potentially vulnerable versions of go, we have not identified any exploitable use cases at this time. The CVSS score for th...
OpenSSL -- Excessive Resource Usage Verifying X.509 Policy Constraints
The OpenSSL project reports: Severity: Low A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious...
go -- multiple vulnerabilities
The Go project reports: path/filepath: path traversal in filepath.Clean on Windows On Windows, the filepath.Clean function could transform an invalid path such as a/../c:/b into the valid path c:\b. This transformation of a relative if invalid path into an absolute path could enable a directory...
mediawiki -- multiple vulnerabilities
Mediawiki reports: T308471 Username is not escaped in the "welcomeuser" message. T308473 Username not escaped in the contributions-title message. T309377, CVE-2022-29248 Update "guzzlehttp/guzzle" to version 6.5.6. T311384, CVE-2022-27776 Update "guzzlehttp/guzzle" to 6.5.8/7.4.5...
redis -- multiple vulnerabilities
The Redis Team reports: CVE-2021-41099 Integer to heap buffer overflow handling certain string commands and network payloads, when proto-max-bulk-len is manually configured. CVE-2021-32762 Integer to heap buffer overflow issue in redis-cli and redis-sentinel parsing large multi-bulk replies on so...
Node.js -- July 2021 Security Releases
Node.js reports: libuv upgrade - Out of bounds read Medium CVE-2021-22918 Node.js is vulnerable to out-of-bounds read in libuv's uvidnatoascii function which is used to convert strings to ASCII. This is called by Node's dns module's lookup function and can lead to information disclosures or...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 19 security fixes, including: 1180126 High CVE-2021-30506: Incorrect security UI in Web App Installs. Reported by @retsew0x01 on 2021-02-19 1178202 High CVE-2021-30507: Inappropriate implementation in Offline. Reported by Alison Huffman, Microsoft...
Node.js -- February 2021 Security Releases
Node.js reports: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion Critical CVE-2021-22883 Affected Node.js versions are vulnerable to denial of service attacks when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file...
Gitlab -- multiple vulnerabilities
Gitlab reports: Ability to steal a user's API access token through GitLab Pages Prometheus denial of service via HTTP request with custom method Unauthorized user is able to access private repository information under specific conditions Regular expression denial of service in NuGet API Regular...
Security Vulnerability found in ExifTool
Debian Security Advisory reports: A vulnerability was discovered in libimage-exiftool-perl, a library and program to read and write meta information in multimedia files, which may result in execution of arbitrary code if a malformed DjVu file is processed...
Node.js -- January 2021 Security Releases
Node.js reports: use-after-free in TLSWrap High CVE-2020-8265 Affected Node.js versions are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first...
nexus2-oss -- Apache ActiveMQ JMX vulnerability
Sonatype reports: CVE-2020-13920: Apache ActiveMQ JMX is vulnerable to a MITM attack...
go -- encoding/binary: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs
The Go project reports: Certain invalid inputs to ReadUvarint or ReadVarint could cause those functions to read an unlimited number of bytes from the ByteReader argument before returning an error. This could lead to processing more input than expected when the caller is reading directly from the...
Python -- multiple vulnerabilities
Python reports: bpo-29778: Ensure python3.dll is loaded from correct locations when Python is embedded CVE-2020-15523. bpo-41004: CVE-2020-14422: The hash methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This...
Node.js -- June 2020 Security Releases
Node.js reports: Updates are now available for all supported Node.js release lines for the following issues. TLS session reuse can lead to host certificate verification bypass High CVE-2020-8172 The 'session' event could be emitted before the 'secureConnect' event. It should not be, because the...
phpMyAdmin -- SQL injection
The phpMyAdmin development team reports: A SQL injection flaw has been discovered in the user accounts page...
drm graphics drivers -- Local privilege escalation and denial of service
Intel reports: As part of IPU 2019.2, INTEL-SA-00242 advises that insufficient access control may allow an authenticated user to potentially enable escalation of privilege via local access. INTEL-SA-00260 advises that insufficient access control may allow an authenticated user to potentially enab...
python 3.6 -- multiple vulnerabilities
Python changelog: bpo-35907: CVE-2019-9948: Avoid file reading by disallowing local-file:// and localfile:// URL schemes in URLopener.open and URLopener.retrieve of urllib.request. bpo-36742: Fixes mishandling of pre-normalization characters in urlsplit. bpo-30458: Address CVE-2019-9740 by...
Rails -- Active Job vulnerability
Ruby on Rails blog: Rails 4.2.11, 5.0.7.1, 5.1.6.1 and 5.2.1.1 have been released! These contain the following important security fixes, and it is recommended that users upgrade as soon as possible CVE-2018-16476 Broken Access Control vulnerability in Active Job: Carefully crafted user input can...
Gitlab -- multiple vulnerabilities
Gitlab reports: Markdown DoS Information Disclosure Prometheus Metrics CSRF in System Hooks Persistent XSS Pipeline Tooltip Persistent XSS in Branch Name via Web IDE Persistent XSS in Branch Name via Web IDE...
awstats -- remote code execution
Mitre reports: Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution...
cURL -- out of bounds read
The cURL project reports: libcurl contains a buffer overrun flaw in the IMAP handler. An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that non-existing data with a pointer and the size...
MySQL -- multiple vulnerabilities
Oracle reports: Please reference CVE/URL list for details...
GraphicsMagick -- multiple vulnerabilities
GraphicsMagick reports: Multiple vulnerabilities have been found in GraphicsMagick 1.3.26 or earlier. Please refer to the CVE list for details...
FreeRADIUS -- TLS resumption authentication bypass
Stefan Winter reports: The TLS session cache in FreeRADIUS before 3.0.14 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers such as malicious 802.1X supplicants to bypass authentication via PEAP or TTLS...
proftpd -- vulnerability in mod_tls
MITRE reports: The modtls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman DH key to be used and consequently allow attackers to have unspecified impact via unknown vectors...
phpMyAdmin -- XSRF and man-in-the-middle vulnerabilities
The phpMyAdmin development team reports: XSRF/CSRF vulnerability in phpMyAdmin setup. By deceiving a user to click on a crafted URL, it is possible to alter the configuration file being generated with phpMyAdmin setup. This vulnerability only affects the configuration file generation process and...
krb5 -- Vulnerabilities in kadmind, libgssrpc, gss_process_context_token VU#540092
MIT krb5 Security Advisory 2015-001 reports: CVE-2014-5352: In the MIT krb5 libgssapikrb5 library, after gssprocesscontexttoken is used to process a valid context deletion token, the caller is left with a security context handle containing a dangling pointer. Further uses of this handle will resu...
phpMyAdmin -- multiple XSS vulnerabilities, missing validation
The phpMyAdmin development team reports: Self-XSS due to unescaped HTML output in database structure page. With a crafted table comment, it is possible to trigger an XSS in database structure page. Self-XSS due to unescaped HTML output in database triggers page. When navigating into the database...
PostgreSQL -- anonymous remote access data corruption vulnerability
PostgreSQL project reports: The PostgreSQL Global Development Group has released a security update to all current versions of the PostgreSQL database system, including versions 9.2.4, 9.1.9, 9.0.13, and 8.4.17. This update fixes a high-exposure security vulnerability in versions 9.0 and later. Al...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 118633 Low CVE-2012-2815: Leak of iframe fragment id. Credit to Elie Bursztein of Google. 120222 High CVE-2012-2817: Use-after-free in table section handling. Credit to miaubiz. 120944 High CVE-2012-2818: Use-after-free in counter layout. Credit to miaubiz. 120977...
phpMyAdmin -- Path disclosure due to missing verification of file presence
The phpMyAdmin development team reports: The showconfigerrors.php scripts did not validate the presence of the configuration file, so an error message shows the full path of this file, leading to possible further attacks. For the error messages to be displayed, php.ini's errorreporting must be se...
Apache -- Insecure LD_LIBRARY_PATH handling
Apache reports: Insecure handling of LDLIBRARYPATH was found that could lead to the current working directory to be searched for DSOs. This could allow a local user to execute code as root if an administrator runs apachectl from an untrusted directory...
libtremor -- memory corruption
The Mozilla Project reports: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative the possibility of memory corruption during the decoding of Ogg Vorbis files. This can cause a crash during decoding and has the potential for remote code execution...
avahi -- denial of service
Avahi developers reports: A vulnerability has been reported in Avahi, which can be exploited by malicious people to cause a DoS Denial of Service. The vulnerability is caused due to an error when processing certain UDP packets, which can be exploited to trigger an infinite loop by e.g. sending an...
webkit-gtk2 -- Multiple vulnerabilities
Gustavo Noronha reports: Debian's Michael Gilbert has done a great job going through all CVEs released about WebKit, and including patches in the Debian package. 1.2.3 includes all of the commits from trunk to fix those, too...
xorg -- multiple vulnerabilities
Matthieu Herrb of X.Org reports: Several vulnerabilities have been found in the server-side code of some extensions in the X Window System. Improper validation of client-provided data can cause data corruption. Exploiting these overflows will crash the X server or, under certain circumstances all...
mozilla -- multiple vulnerabilities
The Mozilla Foundation reports of multiple security issues in Firefox, Seamonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program. Web forgery overwrite with div overlay URL token stealing via stylesheet redire...
samba -- multiple vulnerabilities
The Samba Team reports: Secunia Research reported a vulnerability that allows for the execution of arbitrary code in nmbd. This defect may only be exploited when the "wins support" parameter has been enabled in smb.conf. Samba developers have discovered what is believed to be a non-exploitable...
gd -- multiple vulnerabilities
gd had been reported vulnerable to several vulnerabilities: CVE-2007-3472: Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library libgd before 2.0.35 allows user-assisted remote attackers has unspecified attack vectors and impact. CVE-2007-3473: The gdImageCreateXbm functi...
openssh -- multiple vulnerabilities
Problem Description The CRC compensation attack detector in the sshd8 daemon, upon receipt of duplicate blocks, uses CPU time cubic in the number of duplicate blocks received. CVE-2006-4924 A race condition exists in a signal handler used by the sshd8 daemon to handle the LoginGraceTime option,...