6585 matches found
postgresql-server -- CREATE SCHEMA ... schema elements defeats protective search_path changes
PostgreSQL Project reports This enabled an attacker having database-level CREATE privilege to execute arbitrary code as the bootstrap superuser. Database owners have that right by default, and explicit grants may extend it to other users...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 6 security fixes, including: 1376354 High CVE-2023-0471: Use after free in WebTransport. Reported by chichoo Kimchichoo and Cassidy Kim@cassidy6564 on 2022-10-19 1405256 High CVE-2023-0472: Use after free in WebRTC. Reported by Cassidy Kim@cassidy656...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 14 security fixes, including: 1369871 High CVE-2022-3652: Type Confusion in V8. Reported by srodulv and ZNMchtss at S.S.L Team on 2022-09-30 1354271 High CVE-2022-3653: Heap buffer overflow in Vulkan. Reported by SeongHwan Park SeHwa on 2022-08-19...
go -- multiple vulnerabilities
The Go project reports: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permitted access to Windows device files under that root. For example,...
chromium -- insufficient data validation in Mojo
Chrome Releases reports: This release contains 1 security fix: 1358134 High CVE-2022-3075: Insufficient data validation in Mojo. Reported by Anonymous on 2022-08-30 Google is aware that an exploit of CVE-2022-3075 exists in the wild...
samba -- Multiple vulnerabilities
The Samba Team reports: CVE-2022-2031 The KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password can exploit this to obtain and use tickets to other services. CVE-2022-32744 The KDC...
OpenSSL -- Command injection vulnerability
The OpenSSL project reports: Circumstances where the crehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review...
Grafana -- Stored XSS
Grafana Labs reports: An attacker can exploit this vulnerability to escalate privilege from editor to admin by tricking an authenticated admin to click on a link. Note: Grafana Alerting is activated by default in Grafana 9.0...
Composer -- Command injection vulnerability
Composer developers reports: The Composer method VcsDriver::getFileContent with user-controlled $file or $identifier arguments is susceptible to an argument injection vulnerability. It can be leveraged to gain arbitrary command execution if the Mercurial or the Git driver are used...
RabbitMQ -- Denial of Service in AMQP1.0 plugin
Pivotal.io reports: All versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint...
go -- encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader; archive/zip: panic when calling Reader.Open
The Go project reports: The Decode, DecodeElement, and Skip methods of an xml.Decoder provided by xml.NewTokenDecoder may enter an infinite loop when operating on a custom xml.TokenReader which returns an EOF in the middle of an open XML element. The Reader.Open API, new in Go 1.16, will panic wh...
FreeBSD -- Uninitialized kernel stack leaks in several file systems
Problem Description: Several file systems were not properly initializing the doff field of the dirent structures returned by VOPREADDIR. In particular, tmpfs5, smbfs5, autofs5 and mqueuefs5 were failing to do so. As a result, eight uninitialized kernel stack bytes may be leaked to userspace by...
nexus2-oss -- Apache ActiveMQ JMX vulnerability
Sonatype reports: CVE-2020-13920: Apache ActiveMQ JMX is vulnerable to a MITM attack...
net/rsync -- multiple zlib issues
rsync developers reports: Various zlib fixes, including security fixes for CVE-2016-9843, CVE-2016-9842, CVE-2016-9841, and CVE-2016-9840...
Flash Player -- arbitrary code execution
Adobe reports: This update resolves a use-after-free vulnerability that could lead to arbitrary code execution CVE-2020-9633...
MySQL Client -- Multiple vulerabilities
Oracle reports: This Critical Patch Update contains 45 new security patches for Oracle MySQL. 9 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials...
Python -- Regular Expression DoS attack against client
Ben Caller and Matt Schwager reports: Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client because of urllib.request.AbstractBasicAuthHandler...
Flash Player -- multiple vulnerabilities
Adobe reports: This update resolves a same origin method execution vulnerability that could lead to arbitrary code execution CVE-2019-8069. This update resolves a use-after-free vulnerability that could lead to arbitrary code execution CVE-2019-8070...
webkit2-gtk3 -- Multiple vulnerabilities
The WebKitGTK project reports many vulnerabilities, including several arbitrary code execution vulnerabilities...
mail/dovecot -- Suitable client certificate can be used to login as other user
Aki Tuomi Open-Xchange Oy reports: Normally Dovecot is configured to authenticate imap/pop3/managesieve/submission clients using regular username/password combination. Some installations have also required clients to present a trusted SSL certificate on top of that. It's also possible to configur...
cURL -- multiple vulnerabilities
cURL security problems: CVE-2018-1000300: FTP shutdown response buffer overflow curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies. When doing FTP transfers, curl keeps a spare "closure handle" around internally that will be us...
SQLite -- Corrupt DB can cause a NULL pointer dereference
MITRE reports: SQLite databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c...
jenkins -- Path traversal vulnerability allows access to files outside plugin resources
Jenkins developers report: Jenkins did not properly prevent specifying relative paths that escape a base directory for URLs accessing plugin resource files. This allowed users with Overall/Read permission to download files from the Jenkins master they should not have access to...
cURL -- Multiple vulnerabilities
The cURL project reports: NTLM buffer overflow via integer overflow CVE-2017-8816libcurl contains a buffer overrun flaw in the NTLM authentication code. The internal function Curlntlmcoremkntlmv2hash sums up the lengths of the user name + password = SUM and multiplies the sum by two = SIZE to...
palemoon -- multiple vulnerabilities
Pale Moon reports: CVE-2017-7832: Domain spoofing through use of dotless 'i' character followed by accent markers CVE-2017-7835: Mixed content blocking incorrectly applies with redirects CVE-2017-7840: Exported bookmarks do not strip script elements from user-supplied tags...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: CVE-2017-7828: Use-after-free of PressShell while restyling layout CVE-2017-7830: Cross-origin URL information leak through Resource Timing API CVE-2017-7831: Information disclosure of exposed properties on JavaScript proxy objects CVE-2017-7832: Domain spoofing throug...
MySQL -- multiple vulnerabilities
Oracle reports: Please reference CVE/URL list for details...
FreeRADIUS -- TLS resumption authentication bypass
Stefan Winter reports: The TLS session cache in FreeRADIUS before 3.0.14 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers such as malicious 802.1X supplicants to bypass authentication via PEAP or TTLS...
Joomla! -- multiple vulnerabilities
The JSST and the Joomla! Security Center report: 20161201 - Core - Elevated Privileges Incorrect use of unfiltered data stored to the session on a form validation failure allows for existing user accounts to be modified; to include resetting their username, password, and user group assignments...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: Please reference CVE/URL list for details...
moodle -- multiple vulnerabilities
Marina Glancy reports: MSA-16-0023: Question engine allows access to files that should not be available MSA-16-0024: Non-admin site managers may accidentally edit admins via web services MSA-16-0025: Capability to view course notes is checked in the wrong context MSA-16-0026: When debugging is...
Rails 4 -- Unsafe Query Generation Risk in Active Record
Ruby Security team reports: There is a vulnerability when Active Record is used in conjunction with JSON parameter parsing. This vulnerability has been assigned the CVE identifier CVE-2016-6317. This vulnerability is similar to CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155...
typo3 -- Missing access check in Extbase
TYPO3 reports: Extbase request handling fails to implement a proper access check for requested controller/ action combinations, which makes it possible for an attacker to execute arbitrary Extbase actions by crafting a special request. To successfully exploit this vulnerability, an attacker must...
flash -- multiple vulnerabilities
Adobe reports: These updates resolve type confusion vulnerabilities that could lead to code execution CVE-2016-1105, CVE-2016-4117. These updates resolve use-after-free vulnerabilities that could lead to code execution CVE-2016-1097, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109,...
NSS -- multiple vulnerabilities
Mozilla Foundation reports: Security researcher Francis Gabriel reported a heap-based buffer overflow in the way the Network Security Services NSS libraries parsed certain ASN.1 structures. An attacker could create a specially-crafted certificate which, when parsed by NSS, would cause it to crash...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory: Description SECURITY-232 / CVE-2016-0788Remote code execution vulnerability in remoting module A vulnerability in the Jenkins remoting module allowed unauthenticated remote attackers to open a JRMP listener on the server hosting the Jenkins master process, which allowed...
asterisk -- Multiple vulnerabilities
The Asterisk project reports: AST-2016-001 - BEAST vulnerability in HTTP server AST-2016-002 - File descriptor exhaustion in chansip AST-2016-003 - Remote crash vulnerability when receiving UDPTL FAX data...
qemu -- buffer overflow vulnerability in virtio-serial message exchanges
Prasad J Pandit, Red Hat Product Security Team, reports: Qemu emulator built with the virtio-serial vmchannel support is vulnerable to a buffer overflow issue. It could occur while exchanging virtio control messages between guest and the host. A malicious guest could use this flaw to corrupt few...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 43 security fixes in this release, including: 446032 High CVE-2015-1271: Heap-buffer-overflow in pdfium. Credit to cloudfuzzer. 459215 High CVE-2015-1273: Heap-buffer-overflow in pdfium. Credit to makosoft. 461858 High CVE-2015-1274: Settings allowed executable fil...
xen-tools -- Potential unintended writes to host MSI message data field via qemu
The Xen Project reports: Logic is in place to avoid writes to certain host config space fields when the guest must nevertheless be able to access their virtual counterparts. A bug in how this logic deals with accesses spanning multiple fields allows the guest to write to the host MSI message data...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA-2015-46 Miscellaneous memory safety hazards rv:38.0 / rv:31.7 MFSA-2015-47 Buffer overflow parsing H.264 video with Linux Gstreamer MFSA-2015-48 Buffer overflow with SVG content and CSS MFSA-2015-49 Referrer policy ignored when links opened by middle-click and...
bash -- out-of-bounds memory access in parser
RedHat security team reports: It was discovered that the fixed-sized redirstack could be forced to overflow in the Bash parser, resulting in memory corruption, and possibly leading to arbitrary code execution when evaluating untrusted input that would not otherwise be run as code. An off-by-one...
wordpress -- multiple vulnerabilities
The wordpress development team reports: Block unsafe PHP unserialization that could occur in limited situations and setups, which can lead to remote code execution. Prevent a user with an Author role, using a specially crafted request, from being able to create a post "written by" another user. F...
FreeBSD -- OpenSSL multiple vulnerabilities
A flaw in the OpenSSL handling of OCSP response verification could be exploited to cause a denial of service attack. OpenSSL has a weakness in the handling of CBC ciphersuites in SSL, TLS and DTLS. The weakness could reveal plaintext in a timing attack...
puppet27 and puppet -- multiple vulnerabilities
Moses Mendoza reports: A vulnerability found in Puppet could allow an authenticated client to cause the master to execute arbitrary code while responding to a catalog request. Specifically, in order to exploit the vulnerability, the puppet master must be made to invoke the 'template' or...
cURL -- inappropriate GSSAPI delegation
cURL reports: When doing GSSAPI authentication, libcurl unconditionally performs credential delegation. This hands the server a copy of the client's security credentials, allowing the server to impersonate the client to any other using the same GSSAPI mechanism...
webkit-gtk2 -- Multiple vulnerabilities
Gustavo Noronha reports: Debian's Michael Gilbert has done a great job going through all CVEs released about WebKit, and including patches in the Debian package. 1.2.3 includes all of the commits from trunk to fix those, too...
libpng denial-of-service
Steve Grubb reports a buffer read overrun in libpng's pngformatbuffer function. A specially constructed PNG image processed by an application using libpng may trigger the buffer read overrun and possibly result in an application crash...
Apache httpd -- Multiple vulnerabilities
The Apache httpd project reports: See changelog or 2.4 vulnerabilities for details...
php -- Multiple vulnerabilities
php.net reports: CVE-2024-11235: Core: Fixed GHSA-rwp7-7vc6-8477 Reference counting in phprequestshutdown causes Use-After-Free. CVE-2025-1219: LibXML: Fixed GHSA-p3x9-6h7p-cgfc libxml streams use wrong content-type header when requesting a redirected resource. CVE-2025-1736: Streams: Fixed...