6585 matches found
libwebp heap buffer overflow
[email protected] reports: Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: Critical The Tor browser is based on Firefox and GeckoView and uses al...
electron24 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-3079. Security: backported fix for CVE-2023-2933. Security: backported fix for CVE-2023-2932. Security: backported fix for CVE-2023-2931. Security: backported fix for CVE-2023-2936...
git -- Local clone-based data exfiltration with non-local transports
git team reports: Using a specially-crafted repository, Git can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source $GITDIR/objects directory contains symbolic links c.f., CVE-2022-39253, the objects directory...
mantis -- multiple vulnerabilities
Mantis 2.25.6 release reports: Security and maintenance release 0031086: Private issue summary disclosure CVE-2023-22476 0030772: Update bundled moment.js to 2.29.4 CVE-2022-31129 0030791: Allow adding relation type noopener/noreferrer to outgoing links...
py39-py -- Regular expression Denial of Service vulnerability
SCH227 reports: The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 4 security fixes, including: 1341043 High CVE-2022-2294: Heap buffer overflow in WebRTC. Reported by Jan Vojtesek from the Avast Threat Intelligence team on 2022-07-01 1336869 High CVE-2022-2295: Type Confusion in V8. Reported by avaue and Buff3tts a...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 7 security fixes, including: 1326210 High CVE-2022-2007: Use after free in WebGPU. Reported by David Manouchehri on 2022-05-17 1317673 High CVE-2022-2008: Out of bounds memory access in WebGL. Reported by khangkito - Tran Van Khang VinCSS on 2022-04-...
rsyslog8 -- heap buffer overflow on receiving TCP syslog
Rainer Gerhards reports: Modules for TCP syslog reception have a heap buffer overflow when octet-counted framing is used. The attacker can corrupt heap values, leading to data integrity issues and availability impact. Remote code execution is unlikely to happen but not impossible...
Ruby -- Buffer overrun in String-to-Float conversion
piao reports: Due to a bug in an internal function that converts a String to a Float, some convertion methods like KernelFloat and Stringtof could cause buffer over-read. A typical consequence is a process termination due to segmentation fault, but in a limited circumstances, it may be exploitabl...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 28 security fixes, including: 1292261 High CVE-2022-1125: Use after free in Portals. Reported by Khalil Zhani on 2022-01-29 1291891 High CVE-2022-1127: Use after free in QR Code Generator. Reported by anonymous on 2022-01-28 1301920 High CVE-2022-112...
mediawiki -- multiple vulnerabilities
Mediawiki reports: T292763. CVE-2021-44854 REST API incorrectly publicly caches autocomplete search results from private wikis. T271037, CVE-2021-44856 Title blocked in AbuseFilter can be created via Special:ChangeContentModel. T297322, CVE-2021-44857 Unauthorized users can use action=mcrundo to...
PostgreSQL -- Possible man-in-the-middle attacks
The PostgreSQL Project reports: CVE-2021-23214: A man-in-the-middle with the ability to inject data into the TCP connection could stuff some cleartext data into the start of a supposedly encryption-protected database session. This could be abused to send faked SQL commands to the server, although...
seatd-launch -- privilege escalation with SUID
Kenny Levinsen reports: seatd-launch used execlp, which reads the PATH environment variable to search for the requested executable, to execute seatd. This meant that the caller could freely control what executable was loaded by adding a user-writable directory to PATH. If seatd-launch had the SUI...
cURL -- Multiple vulnerabilities
The cURL project reports: CURLOPTSSLCERT mixup with Secure Transport CVE-2021-22926 TELNET stack contents disclosure again CVE-2021-22925 Bad connection reuse due to flawed path name checks CVE-2021-92254 Metalink download sends credentials CVE-2021-92253 Wrong content via metalink not discarded...
PostgreSQL server -- two security issues
The PostgreSQL project reports: Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an attacker can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can crea...
xorg-server -- Multiple input validation failures in X server extensions
The X.org project reports: All theses issuses can lead to local privileges elevation on systems where the X server is running privileged. The handler for the XkbSetNames request does not validate the request length before accessing its contents. An integer underflow exists in the handler for the...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory: Description High SECURITY-1955 / CVE-2020-2229 Stored XSS vulnerability in help icons High SECURITY-1957 / CVE-2020-2230 Stored XSS vulnerability in project naming strategy High SECURITY-1960 / CVE-2020-2231 Stored XSS vulnerability in 'Trigger builds remotely'...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update contains 38 security fixes, including: 1103195 Critical CVE-2020-6510: Heap buffer overflow in background fetch. Reported by Leecraso and Guang Gong of 360 Alpha Lab working with 360 BugCloud on 2020-07-08 1074317 High CVE-2020-6511: Side-channel information...
unbound -- mutliple vulnerabilities
NLNetLabs reports: This release fixes CVE-2020-12662 and CVE-2020-12663. Bug Fixes: CVE-2020-12662 Unbound can be tricked into amplifying an incoming query into a large number of queries directed to a target. CVE-2020-12663 Malformed answers from upstream name servers can be used to make Unbound...
webkit-gtk3 -- Multiple vulnerabilities
The WebKitGTK project reports multiple vulnerabilities...
TYPO3 -- multiple vulnerabilities
TYPO3 news: Please read the corresponding Security Advisories for details...
Gitlab -- Multiple vulnerabilities
Gitlab reports: Moving an Issue to Private Repo Leaks Project Namespace Notification Emails Sent to Restricted Users Unauthorized Comments on Confidential Issues Merge Request Approval Count Inflation Unsanitized Branch Names on New Merge Request Notification Emails Improper Sanitation of...
FreeBSD -- Lazy FPU State Restore Information Disclosure
Problem Description: A subset of Intel processors can allow a local thread to infer data from another thread through a speculative execution side channel when Lazy FPU state restore is used. Impact: Any local thread can potentially read FPU state information from other threads running on the host...
OpenSSL -- Cache timing vulnerability
The OpenSSL project reports: The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key...
wget -- Stack overflow in HTTP protocol handling
Antti Levomäki, Christian Jalio, Joonas Pihlaja: Wget contains two vulnerabilities, a stack overflow and a heap overflow, in the handling of HTTP chunked encoding. By convincing a user to download a specific link over HTTP, an attacker may be able to execute arbitrary code with the privileges of...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: CVE-2017-7793: Use-after-free with Fetch API CVE-2017-7817: Firefox for Android address bar spoofing through fullscreen mode CVE-2017-7818: Use-after-free during ARIA array manipulation CVE-2017-7819: Use-after-free while resizing images in design mode CVE-2017-7824:...
ImageMagick -- denial of service via a crafted font file
MITRE reports: The ReadCAPTIONImage function in coders/caption.c in ImageMagick allows remote attackers to cause a denial of service infinite loop via a crafted font file...
rubygem-geminabox -- XSS & CSRF vulnerabilities
Gem in a box XSS vulenrability - CVE-2017-14506: Malicious attacker create GEM file with crafted homepage value gem.homepage in .gemspec file includes XSS payload. The attacker access geminabox system and uploads the gem file or uses CSRF/SSRF attack to do so. From now on, any user access Geminab...
cURL -- multiple vulnerabilities
The cURL project reports: FILE buffer read out of bounds TFTP sends more than buffer size URL globbing out of bounds read...
expat -- multiple vulnerabilities
Mitre reports: An integer overflow during the parsing of XML using the Expat library. XML External Entity vulnerability in libexpat 2.2.0 and earlier Expat XML Parser Library allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: MFSA 2016-16 Miscellaneous memory safety hazards rv:45.0 / rv:38.7 MFSA 2016-17 Local file overwriting and potential privilege escalation through CSP reports MFSA 2016-18 CSP reports fail to strip location information for embedded iframe pages MFSA 2016-19 Linux video...
tomcat -- multiple vulnerabilities
Mark Thomas reports: CVE-2015-5345 Apache Tomcat Directory disclosure CVE-2016-0706 Apache Tomcat Security Manager bypass CVE-2016-0714 Apache Tomcat Security Manager Bypass...
bsh -- remote code execution vulnerability
Stian Soiland-Reyes reports: This release fixes a remote code execution vulnerability that was identified in BeanShell by Alvaro Muñoz and Christian Schneider. The BeanShell team would like to thank them for their help and contributions to this fix! An application that includes BeanShell on the...
nghttp2 -- Out of memory in nghttpd, nghttp, and libnghttp2_asio
Nghttp2 reports: Out of memory in nghttpd, nghttp, and libnghttp2asio applications due to unlimited incoming HTTP header fields. nghttpd, nghttp, and libnghttp2asio applications do not limit the memory usage for the incoming HTTP header field. If peer sends specially crafted HTTP/2 HEADERS frames...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: This update includes 37 security fixes, including: 497632 High CVE-2016-1612: Bad cast in V8. 572871 High CVE-2016-1613: Use-after-free in PDFium. 544691 Medium CVE-2016-1614: Information leak in Blink. 468179 Medium CVE-2016-1615: Origin confusion in Omnibox. 5414...
samba -- multiple vulnerabilities
Samba team reports: CVE-2015-3223 Malicious request can cause Samba LDAP server to hang, spinning using CPU. CVE-2015-5330 Malicious request can cause Samba LDAP server to return uninitialized memory that should not be part of the reply. CVE-2015-5296 Requesting encryption should also request...
sqlite -- multiple vulnerabilities
NVD reports: SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service uninitialized memory access and application crash or possibly have unspecified other impact via a crafted COLLATE clause, a...
mysql -- SSL Downgrade
Duo Security reports: Researchers have identified a serious vulnerability in some versions of Oracle’s MySQL database product that allows an attacker to strip SSL/TLS connections of their security wrapping transparently...
phpMyAdmin -- XSS and DoS vulnerabilities
The phpMyAdmin development team reports: DoS vulnerability with long passwords. With very long passwords it was possible to initiate a denial of service attack on phpMyAdmin. We consider this vulnerability to be serious. This vulnerability can be mitigated by configuring throttling in the...
asterisk -- multiple vulnerabilities
The Asterisk project reports: Stack Overflow in HTTP Processing of Cookie Headers. Sending a HTTP request that is handled by Asterisk with a large number of Cookie headers could overflow the stack. You could even exhaust memory if you sent an unlimited number of headers in the request. Denial of...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2013-116 JPEG information leak MFSA 2013-105 Application Installation doorhanger persists on navigation MFSA 2013-106 Character encoding cross-origin XSS attack MFSA 2013-107 Sandbox restrictions not applied to nested object elements MFSA 2013-108 Use-after-free ...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 25 security fixes in this release, including: 268565 Medium CVE-2013-6621: Use after free related to speech input elements. Credit to Khalil Zhani. 272786 High CVE-2013-6622: Use after free related to media elements. Credit to cloudfuzzer. 282925 High CVE-2013-6623...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: Eleven vulnerabilities, including: 257748 Medium CVE-2013-2881: Origin bypass in frame handling. Credit to Karthik Bhargavan. 260106 High CVE-2013-2882: Type confusion in V8. Credit to Cloudfuzzer. 260165 High CVE-2013-2883: Use-after-free in MutationObserver. Cred...
krb5 -- UDP ping-pong vulnerability in the kpasswd (password changing) service. [CVE-2002-2443]
No advisory has been released yet. schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 aka krb5 before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service CPU and bandwidth consumption via a forged packet that...
libxml2 -- lack of end-of-document check DoS
CVE MITRE reports: parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service out-of-bounds read via a document that ends abruptly, related to the lack of certain checks for the XMLPARSEREOF state...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2012-34 Miscellaneous memory safety hazards rv:13.0/ rv:10.0.5 MFSA 2012-36 Content Security Policy inline-script bypass MFSA 2012-37 Information disclosure though Windows file shares and shortcut files MFSA 2012-38 Use-after-free while replacing/inserting a node...
openjpeg -- Multiple vulnerabilities
Openjpeg release notes report: That CVE-2012-3535 and CVE-2012-3358 are fixed in the 1.5.1 release. That CVE-2013-4289, CVE-2013-4290, CVE-2013-1447, CVE-2013-6045, CVE-2013-6052, CVE-2013-6054, CVE-2013-6053, CVE-2013-6887, where fixed in the 1.5.2 release...
tomcat -- Denial of Service
The Tomcat security team reports: Analysis of the recent hash collision vulnerability identified unrelated inefficiencies with Apache Tomcat's handling of large numbers of parameters and parameter values. These inefficiencies could allow an attacker, via a specially crafted request, to cause larg...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2010-49 Miscellaneous memory safety hazards rv:1.9.2.9/ 1.9.1.12 MFSA 2010-50 Frameset integer overflow vulnerability MFSA 2010-51 Dangling pointer vulnerability using DOM plugin array MFSA 2010-52 Windows XP DLL loading vulnerability MFSA 2010-53 Heap buffer...
ruby -- UTF-7 encoding XSS vulnerability in WEBrick
The official ruby site reports: WEBrick have had a cross-site scripting vulnerability that allows an attacker to inject arbitrary script or HTML via a crafted URI. This does not affect user agents that strictly implement HTTP/1.1, however, some user agents do not...