6585 matches found
Django -- multiple vulnerabilities
Django reports: CVE-2023-31047: Potential bypass of validation when uploading multiple files using one form field...
Grafana -- Critical vulnerability in golang
Grafana Labs reports: An issue in how go handles backticks with Javascript can lead to an injection of arbitrary code into go templates. While Grafana Labs software contains potentially vulnerable versions of go, we have not identified any exploitable use cases at this time. The CVSS score for th...
OpenSSL -- Excessive Resource Usage Verifying X.509 Policy Constraints
The OpenSSL project reports: Severity: Low A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious...
go -- multiple vulnerabilities
The Go project reports: path/filepath: path traversal in filepath.Clean on Windows On Windows, the filepath.Clean function could transform an invalid path such as a/../c:/b into the valid path c:\b. This transformation of a relative if invalid path into an absolute path could enable a directory...
mediawiki -- multiple vulnerabilities
Mediawiki reports: T308471 Username is not escaped in the "welcomeuser" message. T308473 Username not escaped in the contributions-title message. T309377, CVE-2022-29248 Update "guzzlehttp/guzzle" to version 6.5.6. T311384, CVE-2022-27776 Update "guzzlehttp/guzzle" to 6.5.8/7.4.5...
gitea -- Open Redirect on login
Andrew Thornton reports: When a location containing backslashes is presented, the existing protections against open redirect are bypassed, because browsers will convert adjacent forward and backslashes within the location to double forward slashes...
redis -- multiple vulnerabilities
The Redis Team reports: CVE-2021-41099 Integer to heap buffer overflow handling certain string commands and network payloads, when proto-max-bulk-len is manually configured. CVE-2021-32762 Integer to heap buffer overflow issue in redis-cli and redis-sentinel parsing large multi-bulk replies on so...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 19 security fixes, including: 1180126 High CVE-2021-30506: Incorrect security UI in Web App Installs. Reported by @retsew0x01 on 2021-02-19 1178202 High CVE-2021-30507: Inappropriate implementation in Offline. Reported by Alison Huffman, Microsoft...
Node.js -- February 2021 Security Releases
Node.js reports: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion Critical CVE-2021-22883 Affected Node.js versions are vulnerable to denial of service attacks when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file...
Gitlab -- multiple vulnerabilities
Gitlab reports: Ability to steal a user's API access token through GitLab Pages Prometheus denial of service via HTTP request with custom method Unauthorized user is able to access private repository information under specific conditions Regular expression denial of service in NuGet API Regular...
Security Vulnerability found in ExifTool
Debian Security Advisory reports: A vulnerability was discovered in libimage-exiftool-perl, a library and program to read and write meta information in multimedia files, which may result in execution of arbitrary code if a malformed DjVu file is processed...
Node.js -- January 2021 Security Releases
Node.js reports: use-after-free in TLSWrap High CVE-2020-8265 Affected Node.js versions are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first...
go -- encoding/binary: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs
The Go project reports: Certain invalid inputs to ReadUvarint or ReadVarint could cause those functions to read an unlimited number of bytes from the ByteReader argument before returning an error. This could lead to processing more input than expected when the caller is reading directly from the...
Python -- multiple vulnerabilities
Python reports: bpo-29778: Ensure python3.dll is loaded from correct locations when Python is embedded CVE-2020-15523. bpo-41004: CVE-2020-14422: The hash methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This...
Node.js -- June 2020 Security Releases
Node.js reports: Updates are now available for all supported Node.js release lines for the following issues. TLS session reuse can lead to host certificate verification bypass High CVE-2020-8172 The 'session' event could be emitted before the 'secureConnect' event. It should not be, because the...
phpMyAdmin -- SQL injection
The phpMyAdmin development team reports: A SQL injection flaw has been discovered in the user accounts page...
drm graphics drivers -- Local privilege escalation and denial of service
Intel reports: As part of IPU 2019.2, INTEL-SA-00242 advises that insufficient access control may allow an authenticated user to potentially enable escalation of privilege via local access. INTEL-SA-00260 advises that insufficient access control may allow an authenticated user to potentially enab...
clamav -- multiple vulnerabilities
Micah Snyder reports: An out of bounds write was possible within ClamAV&s NSIS bzip2 library when attempting decompression in cases where the number of selectors exceeded the max limit set by the library CVE-2019-12900. The issue has been resolved by respecting that limit. The zip bomb...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS CVE-2019-9816: Type confusion with object groups and UnboxedObjects CVE-2019-9817: Stealing of cross-domain images using canvas CVE-2019-9818: Use-after-free in crash generation server...
python 3.6 -- multiple vulnerabilities
Python changelog: bpo-35907: CVE-2019-9948: Avoid file reading by disallowing local-file:// and localfile:// URL schemes in URLopener.open and URLopener.retrieve of urllib.request. bpo-36742: Fixes mishandling of pre-normalization characters in urlsplit. bpo-30458: Address CVE-2019-9740 by...
Rails -- Active Job vulnerability
Ruby on Rails blog: Rails 4.2.11, 5.0.7.1, 5.1.6.1 and 5.2.1.1 have been released! These contain the following important security fixes, and it is recommended that users upgrade as soon as possible CVE-2018-16476 Broken Access Control vulnerability in Active Job: Carefully crafted user input can...
Gitlab -- multiple vulnerabilities
Gitlab reports: Markdown DoS Information Disclosure Prometheus Metrics CSRF in System Hooks Persistent XSS Pipeline Tooltip Persistent XSS in Branch Name via Web IDE Persistent XSS in Branch Name via Web IDE...
awstats -- remote code execution
Mitre reports: Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution...
cURL -- out of bounds read
The cURL project reports: libcurl contains a buffer overrun flaw in the IMAP handler. An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that non-existing data with a pointer and the size...
GraphicsMagick -- multiple vulnerabilities
GraphicsMagick reports: Multiple vulnerabilities have been found in GraphicsMagick 1.3.26 or earlier. Please refer to the CVE list for details...
proftpd -- vulnerability in mod_tls
MITRE reports: The modtls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman DH key to be used and consequently allow attackers to have unspecified impact via unknown vectors...
phpMyAdmin -- XSRF and man-in-the-middle vulnerabilities
The phpMyAdmin development team reports: XSRF/CSRF vulnerability in phpMyAdmin setup. By deceiving a user to click on a crafted URL, it is possible to alter the configuration file being generated with phpMyAdmin setup. This vulnerability only affects the configuration file generation process and...
krb5 -- Vulnerabilities in kadmind, libgssrpc, gss_process_context_token VU#540092
MIT krb5 Security Advisory 2015-001 reports: CVE-2014-5352: In the MIT krb5 libgssapikrb5 library, after gssprocesscontexttoken is used to process a valid context deletion token, the caller is left with a security context handle containing a dangling pointer. Further uses of this handle will resu...
phpMyAdmin -- multiple XSS vulnerabilities, missing validation
The phpMyAdmin development team reports: Self-XSS due to unescaped HTML output in database structure page. With a crafted table comment, it is possible to trigger an XSS in database structure page. Self-XSS due to unescaped HTML output in database triggers page. When navigating into the database...
PostgreSQL -- anonymous remote access data corruption vulnerability
PostgreSQL project reports: The PostgreSQL Global Development Group has released a security update to all current versions of the PostgreSQL database system, including versions 9.2.4, 9.1.9, 9.0.13, and 8.4.17. This update fixes a high-exposure security vulnerability in versions 9.0 and later. Al...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 118633 Low CVE-2012-2815: Leak of iframe fragment id. Credit to Elie Bursztein of Google. 120222 High CVE-2012-2817: Use-after-free in table section handling. Credit to miaubiz. 120944 High CVE-2012-2818: Use-after-free in counter layout. Credit to miaubiz. 120977...
php -- vulnerability in certain CGI-based setups
php development team reports: Security Enhancements and Fixes in PHP 5.3.12: Initial fix for cgi-bin ?-s cmdarg parse issue CVE-2012-1823...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2012-20 Miscellaneous memory safety hazards rv:12.0/ rv:10.0.4 MFSA 2012-21 Multiple security flaws fixed in FreeType v2.4.9 MFSA 2012-22 use-after-free in IDBKeyRange MFSA 2012-23 Invalid frees causes heap corruption in gfxImageSurface MFSA 2012-24 Potential XSS...
phpMyAdmin -- Path disclosure due to missing verification of file presence
The phpMyAdmin development team reports: The showconfigerrors.php scripts did not validate the presence of the configuration file, so an error message shows the full path of this file, leading to possible further attacks. For the error messages to be displayed, php.ini's errorreporting must be se...
Apache -- Insecure LD_LIBRARY_PATH handling
Apache reports: Insecure handling of LDLIBRARYPATH was found that could lead to the current working directory to be searched for DSOs. This could allow a local user to execute code as root if an administrator runs apachectl from an untrusted directory...
libtremor -- memory corruption
The Mozilla Project reports: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative the possibility of memory corruption during the decoding of Ogg Vorbis files. This can cause a crash during decoding and has the potential for remote code execution...
avahi -- denial of service
Avahi developers reports: A vulnerability has been reported in Avahi, which can be exploited by malicious people to cause a DoS Denial of Service. The vulnerability is caused due to an error when processing certain UDP packets, which can be exploited to trigger an infinite loop by e.g. sending an...
xorg -- multiple vulnerabilities
Matthieu Herrb of X.Org reports: Several vulnerabilities have been found in the server-side code of some extensions in the X Window System. Improper validation of client-provided data can cause data corruption. Exploiting these overflows will crash the X server or, under certain circumstances all...
mozilla -- multiple vulnerabilities
The Mozilla Foundation reports of multiple security issues in Firefox, Seamonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program. Web forgery overwrite with div overlay URL token stealing via stylesheet redire...
samba -- multiple vulnerabilities
The Samba Team reports: Secunia Research reported a vulnerability that allows for the execution of arbitrary code in nmbd. This defect may only be exploited when the "wins support" parameter has been enabled in smb.conf. Samba developers have discovered what is believed to be a non-exploitable...
gd -- multiple vulnerabilities
gd had been reported vulnerable to several vulnerabilities: CVE-2007-3472: Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library libgd before 2.0.35 allows user-assisted remote attackers has unspecified attack vectors and impact. CVE-2007-3473: The gdImageCreateXbm functi...
openssh -- multiple vulnerabilities
Problem Description The CRC compensation attack detector in the sshd8 daemon, upon receipt of duplicate blocks, uses CPU time cubic in the number of duplicate blocks received. CVE-2006-4924 A race condition exists in a signal handler used by the sshd8 daemon to handle the LoginGraceTime option,...
smbd -- buffer-overrun vulnerability
Caused by improper bounds checking of certain trans2 requests, there is a possible buffer overrun in smbd. The attacker needs to be able to create files with very specific Unicode filenames on the share to take advantage of this issue...
MariaDB -- Multiple vulnerabilities
The MariaDB project reports: See linked CVE's for details...
Gitlab -- Vulnerabilities
Gitlab reports: Run pipelines as any user Stored XSS injected in imported project's commit notes CSRF on GraphQL API IntrospectionQuery Remove search results from public projects with unauthorized repos Cross window forgery in user application OAuth flow Project maintainers can bypass group's mer...
quiche -- Multiple Vulnerabilities
Quiche Releases reports: This release includes 2 security fixes: CVE-2024-1410: Unbounded storage of information related to connection ID retirement, in quiche. Reported by Marten Seeman @marten-seeman CVE-2024-1765: Unlimited resource allocation by QUIC CRYPTO frames flooding in quiche. Reported...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 7 security fixes: 1491459 High CVE-2023-6348: Type Confusion in Spellcheck. Reported by Mark Brand of Google Project Zero on 2023-10-10 1494461 High CVE-2023-6347: Use after free in Mojo. Reported by Leecraso and Guang Gong of 360 Vulnerability Resear...
electron{24,25} -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-4763. Security: backported fix for CVE-2023-4762. Security: backported fix for CVE-2023-4761. Security: backported fix for CVE-2023-4863...
postgresql-server -- CREATE SCHEMA ... schema elements defeats protective search_path changes
PostgreSQL Project reports This enabled an attacker having database-level CREATE privilege to execute arbitrary code as the bootstrap superuser. Database owners have that right by default, and explicit grants may extend it to other users...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 6 security fixes, including: 1376354 High CVE-2023-0471: Use after free in WebTransport. Reported by chichoo Kimchichoo and Cassidy Kim@cassidy6564 on 2022-10-19 1405256 High CVE-2023-0472: Use after free in WebRTC. Reported by Cassidy Kim@cassidy656...