6585 matches found
bash -- out-of-bounds memory access in parser
RedHat security team reports: It was discovered that the fixed-sized redirstack could be forced to overflow in the Bash parser, resulting in memory corruption, and possibly leading to arbitrary code execution when evaluating untrusted input that would not otherwise be run as code. An off-by-one...
wordpress -- multiple vulnerabilities
The wordpress development team reports: Block unsafe PHP unserialization that could occur in limited situations and setups, which can lead to remote code execution. Prevent a user with an Author role, using a specially crafted request, from being able to create a post "written by" another user. F...
FreeBSD -- OpenSSL multiple vulnerabilities
A flaw in the OpenSSL handling of OCSP response verification could be exploited to cause a denial of service attack. OpenSSL has a weakness in the handling of CBC ciphersuites in SSL, TLS and DTLS. The weakness could reveal plaintext in a timing attack...
puppet27 and puppet -- multiple vulnerabilities
Moses Mendoza reports: A vulnerability found in Puppet could allow an authenticated client to cause the master to execute arbitrary code while responding to a catalog request. Specifically, in order to exploit the vulnerability, the puppet master must be made to invoke the 'template' or...
openjpeg -- Multiple vulnerabilities
Openjpeg release notes report: That CVE-2012-3535 and CVE-2012-3358 are fixed in the 1.5.1 release. That CVE-2013-4289, CVE-2013-4290, CVE-2013-1447, CVE-2013-6045, CVE-2013-6052, CVE-2013-6054, CVE-2013-6053, CVE-2013-6887, where fixed in the 1.5.2 release...
cURL -- inappropriate GSSAPI delegation
cURL reports: When doing GSSAPI authentication, libcurl unconditionally performs credential delegation. This hands the server a copy of the client's security credentials, allowing the server to impersonate the client to any other using the same GSSAPI mechanism...
rubygem-rails -- JSON XSS vulnerability
Rails core team reports: All users of Rails 1.2.4 or earlier are advised to upgrade to 1.2.5, though it isn't strictly necessary if you aren't working with JSON. For more information the JSON vulnerability, see CVE-2007-3227...
libpng denial-of-service
Steve Grubb reports a buffer read overrun in libpng's pngformatbuffer function. A specially constructed PNG image processed by an application using libpng may trigger the buffer read overrun and possibly result in an application crash...
php -- Multiple vulnerabilities
php.net reports: CVE-2024-11235: Core: Fixed GHSA-rwp7-7vc6-8477 Reference counting in phprequestshutdown causes Use-After-Free. CVE-2025-1219: LibXML: Fixed GHSA-p3x9-6h7p-cgfc libxml streams use wrong content-type header when requesting a redirected resource. CVE-2025-1736: Streams: Fixed...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 6 security fixes: 1501798 High CVE-2024-0222: Use after free in ANGLE. Reported by Toan suto Pham of Qrious Secure on 2023-11-13 1505009 High CVE-2024-0223: Heap buffer overflow in ANGLE. Reported by Toan suto Pham and Tri Dang of Qrious Secure on...
libwebp heap buffer overflow
[email protected] reports: Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: Critical The Tor browser is based on Firefox and GeckoView and uses al...
electron24 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-3079. Security: backported fix for CVE-2023-2933. Security: backported fix for CVE-2023-2932. Security: backported fix for CVE-2023-2931. Security: backported fix for CVE-2023-2936...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update includes 10 security fixes: 1415366 Critical CVE-2023-0941: Use after free in Prompts. Reported by Anonymous on 2023-02-13 1414738 High CVE-2023-0927: Use after free in Web Payments API. Reported by Rong Jian of VRI on 2023-02-10 1309035 High CVE-2023-0928: Us...
mantis -- multiple vulnerabilities
Mantis 2.25.6 release reports: Security and maintenance release 0031086: Private issue summary disclosure CVE-2023-22476 0030772: Update bundled moment.js to 2.29.4 CVE-2022-31129 0030791: Allow adding relation type noopener/noreferrer to outgoing links...
py39-py -- Regular expression Denial of Service vulnerability
SCH227 reports: The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 4 security fixes, including: 1341043 High CVE-2022-2294: Heap buffer overflow in WebRTC. Reported by Jan Vojtesek from the Avast Threat Intelligence team on 2022-07-01 1336869 High CVE-2022-2295: Type Confusion in V8. Reported by avaue and Buff3tts a...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 7 security fixes, including: 1326210 High CVE-2022-2007: Use after free in WebGPU. Reported by David Manouchehri on 2022-05-17 1317673 High CVE-2022-2008: Out of bounds memory access in WebGL. Reported by khangkito - Tran Van Khang VinCSS on 2022-04-...
rsyslog8 -- heap buffer overflow on receiving TCP syslog
Rainer Gerhards reports: Modules for TCP syslog reception have a heap buffer overflow when octet-counted framing is used. The attacker can corrupt heap values, leading to data integrity issues and availability impact. Remote code execution is unlikely to happen but not impossible...
Ruby -- Buffer overrun in String-to-Float conversion
piao reports: Due to a bug in an internal function that converts a String to a Float, some convertion methods like KernelFloat and Stringtof could cause buffer over-read. A typical consequence is a process termination due to segmentation fault, but in a limited circumstances, it may be exploitabl...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 28 security fixes, including: 1292261 High CVE-2022-1125: Use after free in Portals. Reported by Khalil Zhani on 2022-01-29 1291891 High CVE-2022-1127: Use after free in QR Code Generator. Reported by anonymous on 2022-01-28 1301920 High CVE-2022-112...
mediawiki -- multiple vulnerabilities
Mediawiki reports: T292763. CVE-2021-44854 REST API incorrectly publicly caches autocomplete search results from private wikis. T271037, CVE-2021-44856 Title blocked in AbuseFilter can be created via Special:ChangeContentModel. T297322, CVE-2021-44857 Unauthorized users can use action=mcrundo to...
PostgreSQL -- Possible man-in-the-middle attacks
The PostgreSQL Project reports: CVE-2021-23214: A man-in-the-middle with the ability to inject data into the TCP connection could stuff some cleartext data into the start of a supposedly encryption-protected database session. This could be abused to send faked SQL commands to the server, although...
seatd-launch -- privilege escalation with SUID
Kenny Levinsen reports: seatd-launch used execlp, which reads the PATH environment variable to search for the requested executable, to execute seatd. This meant that the caller could freely control what executable was loaded by adding a user-writable directory to PATH. If seatd-launch had the SUI...
cURL -- Multiple vulnerabilities
The cURL project reports: CURLOPTSSLCERT mixup with Secure Transport CVE-2021-22926 TELNET stack contents disclosure again CVE-2021-22925 Bad connection reuse due to flawed path name checks CVE-2021-92254 Metalink download sends credentials CVE-2021-92253 Wrong content via metalink not discarded...
PostgreSQL server -- two security issues
The PostgreSQL project reports: Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an attacker can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can crea...
xorg-server -- Multiple input validation failures in X server extensions
The X.org project reports: All theses issuses can lead to local privileges elevation on systems where the X server is running privileged. The handler for the XkbSetNames request does not validate the request length before accessing its contents. An integer underflow exists in the handler for the...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory: Description High SECURITY-1955 / CVE-2020-2229 Stored XSS vulnerability in help icons High SECURITY-1957 / CVE-2020-2230 Stored XSS vulnerability in project naming strategy High SECURITY-1960 / CVE-2020-2231 Stored XSS vulnerability in 'Trigger builds remotely'...
unbound -- mutliple vulnerabilities
NLNetLabs reports: This release fixes CVE-2020-12662 and CVE-2020-12663. Bug Fixes: CVE-2020-12662 Unbound can be tricked into amplifying an incoming query into a large number of queries directed to a target. CVE-2020-12663 Malformed answers from upstream name servers can be used to make Unbound...
webkit-gtk3 -- Multiple vulnerabilities
The WebKitGTK project reports multiple vulnerabilities...
TYPO3 -- multiple vulnerabilities
TYPO3 news: Please read the corresponding Security Advisories for details...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 43 security fixes in this release, including: High CVE-2018-17480: Out of bounds write in V8 High CVE-2018-17481: Use after free in PDFium High CVE-2018-18335: Heap buffer overflow in Skia High CVE-2018-18336: Use after free in PDFium High CVE-2018-18337: Use after...
FreeBSD -- Lazy FPU State Restore Information Disclosure
Problem Description: A subset of Intel processors can allow a local thread to infer data from another thread through a speculative execution side channel when Lazy FPU state restore is used. Impact: Any local thread can potentially read FPU state information from other threads running on the host...
OpenSSL -- Cache timing vulnerability
The OpenSSL project reports: The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: CVE-2017-7793: Use-after-free with Fetch API CVE-2017-7817: Firefox for Android address bar spoofing through fullscreen mode CVE-2017-7818: Use-after-free during ARIA array manipulation CVE-2017-7819: Use-after-free while resizing images in design mode CVE-2017-7824:...
cURL -- multiple vulnerabilities
The cURL project reports: FILE buffer read out of bounds TFTP sends more than buffer size URL globbing out of bounds read...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: MFSA 2016-16 Miscellaneous memory safety hazards rv:45.0 / rv:38.7 MFSA 2016-17 Local file overwriting and potential privilege escalation through CSP reports MFSA 2016-18 CSP reports fail to strip location information for embedded iframe pages MFSA 2016-19 Linux video...
tomcat -- multiple vulnerabilities
Mark Thomas reports: CVE-2015-5345 Apache Tomcat Directory disclosure CVE-2016-0706 Apache Tomcat Security Manager bypass CVE-2016-0714 Apache Tomcat Security Manager Bypass...
bsh -- remote code execution vulnerability
Stian Soiland-Reyes reports: This release fixes a remote code execution vulnerability that was identified in BeanShell by Alvaro Muñoz and Christian Schneider. The BeanShell team would like to thank them for their help and contributions to this fix! An application that includes BeanShell on the...
nghttp2 -- Out of memory in nghttpd, nghttp, and libnghttp2_asio
Nghttp2 reports: Out of memory in nghttpd, nghttp, and libnghttp2asio applications due to unlimited incoming HTTP header fields. nghttpd, nghttp, and libnghttp2asio applications do not limit the memory usage for the incoming HTTP header field. If peer sends specially crafted HTTP/2 HEADERS frames...
samba -- multiple vulnerabilities
Samba team reports: CVE-2015-3223 Malicious request can cause Samba LDAP server to hang, spinning using CPU. CVE-2015-5330 Malicious request can cause Samba LDAP server to return uninitialized memory that should not be part of the reply. CVE-2015-5296 Requesting encryption should also request...
FreeBSD -- Resource exhaustion due to sessions stuck in LAST_ACK state
Problem Description: TCP connections transitioning to the LASTACK state can become permanently stuck due to mishandling of protocol state in certain situations, which in turn can lead to accumulated consumption and eventual exhaustion of system resources, such as mbufs and sockets. Impact: An...
sqlite -- multiple vulnerabilities
NVD reports: SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service uninitialized memory access and application crash or possibly have unspecified other impact via a crafted COLLATE clause, a...
mysql -- SSL Downgrade
Duo Security reports: Researchers have identified a serious vulnerability in some versions of Oracle’s MySQL database product that allows an attacker to strip SSL/TLS connections of their security wrapping transparently...
phpMyAdmin -- XSS and DoS vulnerabilities
The phpMyAdmin development team reports: DoS vulnerability with long passwords. With very long passwords it was possible to initiate a denial of service attack on phpMyAdmin. We consider this vulnerability to be serious. This vulnerability can be mitigated by configuring throttling in the...
asterisk -- multiple vulnerabilities
The Asterisk project reports: Stack Overflow in HTTP Processing of Cookie Headers. Sending a HTTP request that is handled by Asterisk with a large number of Cookie headers could overflow the stack. You could even exhaust memory if you sent an unlimited number of headers in the request. Denial of...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2013-116 JPEG information leak MFSA 2013-105 Application Installation doorhanger persists on navigation MFSA 2013-106 Character encoding cross-origin XSS attack MFSA 2013-107 Sandbox restrictions not applied to nested object elements MFSA 2013-108 Use-after-free ...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 25 security fixes in this release, including: 268565 Medium CVE-2013-6621: Use after free related to speech input elements. Credit to Khalil Zhani. 272786 High CVE-2013-6622: Use after free related to media elements. Credit to cloudfuzzer. 282925 High CVE-2013-6623...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: Eleven vulnerabilities, including: 257748 Medium CVE-2013-2881: Origin bypass in frame handling. Credit to Karthik Bhargavan. 260106 High CVE-2013-2882: Type confusion in V8. Credit to Cloudfuzzer. 260165 High CVE-2013-2883: Use-after-free in MutationObserver. Cred...
krb5 -- UDP ping-pong vulnerability in the kpasswd (password changing) service. [CVE-2002-2443]
No advisory has been released yet. schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 aka krb5 before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service CPU and bandwidth consumption via a forged packet that...
libxml2 -- lack of end-of-document check DoS
CVE MITRE reports: parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service out-of-bounds read via a document that ends abruptly, related to the lack of certain checks for the XMLPARSEREOF state...