6585 matches found
linux-flashplugin -- multiple vulnerabilities
Adobe Security bulletin: Critical vulnerabilities have been identified in Adobe Flash Player that could allow an attacker who successfully exploits these potential vulnerabilities to take control of the affected system. A malicious SWF must be loaded in Flash Player by the user for an attacker to...
rubygem-rails -- JSON XSS vulnerability
Rails core team reports: All users of Rails 1.2.4 or earlier are advised to upgrade to 1.2.5, though it isn't strictly necessary if you aren't working with JSON. For more information the JSON vulnerability, see CVE-2007-3227...
lighttpd -- multiple vulnerabilities
Secunia Advisory reports: Some vulnerabilities have been reported in lighttpd, which can be exploited by malicious people to bypass certain security restrictions or cause a DoS Denial of Service...
tikiwiki -- multiple vulnerabilities
Secunia reports: Thomas Pollet has discovered a vulnerability in TikiWiki, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "highlight" parameter in tiki-searchindex.php is not properly sanitised before being returned to the user. This can be...
xli -- integer overflows in image size calculations
Tavis Ormandy discovered several integer overflows in xli's image size handling. A maliciously crafted image may be able to cause a heap buffer overflow and execute arbitrary code...
mailman -- directory traversal vulnerability
A directory traversal vulnerability in mailman allow remote attackers to read arbitrary files due to inadequate input sanitizing. This could, among other things, lead remote attackers to gaining access to the mailman configuration database which contains subscriber email addresses and passwords o...
imlib -- xpm heap buffer overflows and integer overflows
Pavel Kankovsky reports: Imlib affected by a variant of CAN-2004-0782 too. I've discovered more vulnerabilities in Imlib 1.9.13. In particular, it appears to be affected by a variant of Chris Evans' libXpm flaw 1 CAN-2004-0782, see http://scary.beasts.org/security/CESA-2004-003.txt. Look at the...
cvs -- numerous vulnerabilities
A number of vulnerabilities were discovered in CVS by Stefan Esser, Sebastian Krahmer, and Derek Price. Insufficient input validation while processing "Entry" lines. CVE-2004-0414 A double-free resulting from erroneous state handling while processing "Argumentx" commands. CVE-2004-0416 Integer...
databases/mongodb* -- Improper Certificate Validation
MongoDB, Inc. reports: A security vulnerability was found where a server process running MongoDB 3.2.6 or later will allow incoming connections to skip peer certificate validation if the server process was started with TLS enabled net.tls.mode set to allowTLS, preferTLS, or requireTLS and without...
electron22 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-4572. Security: backported fix for CVE-2023-4762. Security: backported fix for CVE-2023-4863...
Pillow -- multiple vulnerabilities
python-pillow reports: This release fixes several vulnerabilities found with OSS-Fuzz. CVE-2021-25288: Fix OOB read in Jpeg2KDecode. This dates to Pillow 2.4.0. CVE-2021-28675: Fix DOS in PsdImagePlugin. This dates to the PIL fork. CVE-2021-28676: Fix FLI DOS. This dates to the PIL fork...
jasper -- multiple vulnerabilities
JasPer NEWS: - Fix CVE-2018-9154 - Fix CVE-2018-19541 - Fix CVE-2016-9399, CVE-2017-13751 - Fix CVE-2018-19540 - Fix CVE-2018-9055 - Fix CVE-2017-13748 - Fix CVE-2017-5503, CVE-2017-5504, CVE-2017-5505 - Fix CVE-2018-9252 - Fix CVE-2018-19139 - Fix CVE-2018-19543, CVE-2017-9782 - Fix CVE-2018-205...
python 3.7 -- multiple vulnerabilities
Python changelog: bpo-38243: Escape the server title of xmlrpc.server.DocXMLRPCServer when rendering the document page as HTML. bpo-38174: Update vendorized expat library version to 2.2.8, which resolves CVE-2019-15903. bpo-37764: Fixes email.headervalueparser.getunstructured going into an infini...
irssi -- Use after free when sending SASL login to the server
Irssi reports: Use after free when sending SASL login to the server found by ilbelkyr. CWE-416, CWE-825...
Kubectl -- Potential directory traversal
Kubernetes.io reports: A security issue was discovered with the Kubernetes kubectl cp command that could enable a directory traversal replacing or deleting files on a user’s workstation...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 43 security fixes in this release, including: High CVE-2018-17480: Out of bounds write in V8 High CVE-2018-17481: Use after free in PDFium High CVE-2018-18335: Heap buffer overflow in Skia High CVE-2018-18336: Use after free in PDFium High CVE-2018-18337: Use after...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 34 security fixes in this release, including: 835639 High CVE-2018-6123: Use after free in Blink. Reported by Looben Yang on 2018-04-22 840320 High CVE-2018-6124: Type confusion in Blink. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2018-05-07 818592 High...
bitmessage -- remote code execution vulnerability
Bitmessage developers report: A remote code execution vulnerability has been spotted in use against some users running PyBitmessage v0.6.2. The cause was identified and a fix has been added and released as 0.6.3.2. Will be updated if/when CVE will be available...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: CVE-2018-5091: Use-after-free with DTMF timers CVE-2018-5092: Use-after-free in Web Workers CVE-2018-5093: Buffer overflow in WebAssembly during Memory/Table resizing CVE-2018-5094: Buffer overflow in WebAssembly with garbage collection on uninitialized memory...
Python 2.7 -- multiple vulnerabilities
Python reports: Multiple vulnerabilities have been fixed in Python 2.7.14. Please refer to the CVE list for details...
Supervisord -- An authenticated client can run arbitrary shell commands via malicious XML-RPC requests
mnaberez reports: supervisord can be configured to run an HTTP server on a TCP socket and/or a Unix domain socket. The HTTP server is how supervisorctl communicates with supervisord. If an HTTP server has been enabled, it will always serve both HTML pages and an XML-RPC interface. A vulnerability...
tcpdump -- multiple vulnerabilities
tcpdump developers report: Too many issues to detail, see CVE references for details...
Joomla3 -- SQL Injection
JSST reports: Inadequate filtering of request data leads to a SQL Injection vulnerability...
vim -- arbitrary command execution
Mitre reports: vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened...
cURL -- multiple vulnerabilities
The cURL project reports cookie injection for other servers case insensitive password comparison OOB write via unchecked multiplication double-free in curlmaprintf double-free in krb5 code glob parser write/read out of bounds curlgetdate read out of bounds URL unescape heap overflow via integer...
tiff -- buffer overflow
Mathias Svensson reports: potential buffer write overrun in PixarLogDecode on corrupted/unexpected images...
xen-kernel -- information leak in legacy x86 FPU/XMM initialization
The Xen Project reports: When XSAVE/XRSTOR are not in use by Xen to manage guest extended register state, the initial values in the FPU stack and XMM registers seen by the guest upon first use are those left there by the previous user of those registers. A malicious domain may be able to leverage...
wordpress -- multiple vulnerabilities
Samuel Sidler reports: WordPress 4.3.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.3 and earlier are vulnerable to a cross-site scripting vulnerability when processing shortcode tags...
FreeBSD -- Resource exhaustion due to sessions stuck in LAST_ACK state
Problem Description: TCP connections transitioning to the LASTACK state can become permanently stuck due to mishandling of protocol state in certain situations, which in turn can lead to accumulated consumption and eventual exhaustion of system resources, such as mbufs and sockets. Impact: An...
php-phar -- multiple vulnerabilities
reports: Segfault in Phar::convertToData on invalid file. Buffer overflow and stack smashing error in pharfixfilepath...
net-snmp -- snmp_pdu_parse() function incomplete initialization
Qinghao Tang reports: Incompletely initialized vulnerability exists in the function ‘snmppduparse’ of ‘snmpapi.c', and remote attackers can cause memory leak, DOS and possible command executions by sending malicious packets...
krfb -- Multiple security issues in bundled libvncserver
Martin Sandsmark reports: krfb 4.14 and earlier embeds libvncserver which has had several security issues. Several remotely exploitable security issues have been uncovered in libvncserver, some of which might allow a remote authenticated user code execution or application crashes...
nginx -- inject commands into SSL session vulnerability
The nginx project reports: Security: it was possible to reuse SSL sessions in unrelated contexts if a shared SSL session cache or the same TLS session ticket key was used for multiple "server" blocks CVE-2014-3616...
OpenSSL -- NULL pointer dereference / DoS
OpenBSD and David Ramos reports: Applications that use SSLMODERELEASEBUFFERS, such as nginx/apache, are prone to a race condition which may allow a remote attacker to crash the current service...
OpenSSL -- TLS 1.1, 1.2 denial of service
OpenSSL security team reports: A flaw in the OpenSSL handling of CBC mode ciphersuites in TLS 1.1 and TLS 1.2 on AES-NI supporting platforms can be exploited in a DoS attack. A flaw in the OpenSSL handling of OCSP response verification can be exploited in a denial of service attack...
Axis2 -- Security vulnerabilities on dependency Apache HttpClient
Apache Axis2 reports: Apache Axis2 1.7.4 is a maintenance release that includes fixes for several issues, including the following security issues: Session fixation AXIS2-4739 and XSS AXIS2-5683 vulnerabilities affecting the admin console. A dependency on an Apache HttpClient version affected by...
lighttpd -- remote DoS in header parsing
Lighttpd security advisory reports: Certain Connection header values will trigger an endless loop, for example: "Connection: TE,,Keep-Alive" On receiving such value, lighttpd will enter an endless loop, detecting an empty token but not incrementing the current string position, and keep reading th...
Multiple implementations -- DoS via hash algorithm collision
oCERT reports: A variety of programming languages suffer from a denial-of-service DoS condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting predictable collisions in the underlying hashing algorithms. The issue finds particula...
proftpd -- remote code execution vulnerability
Tippingpoint reports: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ProFTPD. Authentication is not required to exploit this vulnerability. The flaw exists within the proftpd server component which listens by default on TCP port 21. When readin...
mozilla firefox -- multiple vulnerabilities
Mozilla Foundation reports: MFSA 2009-51 Chrome privilege escalation with FeedWriter MFSA 2009-50 Location bar spoofing via tall line-height Unicode characters MFSA 2009-49 TreeColumns dangling pointer vulnerability MFSA 2009-48 Insufficient warning for PKCS11 module installation and removal MFSA...
mysql -- MyISAM table privileges security bypass vulnerability
SecurityFocus reports: MySQL is prone to a security-bypass vulnerability. An attacker can exploit this issue to overwrite existing table files in the MySQL data directory, bypassing certain security restrictions...
png -- multiple vulnerabilities
A Secunia Advisory reports: Some vulnerabilities have been reported in libpng, which can be exploited by malicious people to cause a DoS Denial of Service. Certain errors within libpng, including a logical NOT instead of a bitwise NOT in pngtrtran.c, an error in the 16bit cheap transparency...
drupal -- PHP code execution vulnerabilities
Kuba Zygmunt discovered a flaw in the input validation routines of Drupal's filter mechanism. An attacker could execute arbitrary PHP code on a target site when public comments or postings are allowed...
ImageMagick -- PSD handler heap overflow vulnerability
An iDEFENSE Security Advisory reports: Remote exploitation of a buffer overflow vulnerability in The ImageMagick's Project's ImageMagick PSD image-decoding module could allow an attacker to execute arbitrary code. Exploitation may allow attackers to run arbitrary code on a victim's computer if th...
many out-of-sequence TCP packets denial-of-service
FreeBSD does not limit the number of TCP segments that may be held in a reassembly queue. A remote attacker may conduct a low-bandwidth denial-of-service attack against a machine providing services based on TCP there are many such services, including HTTP, SMTP, and FTP. By sending many...
GNATS local privilege elevation
GNATS 3.113.1 contains multiple buffer overflows, through which a local attacker could gain elevated privileges on the system...
FreeBSD -- Multiple vulnerabilities in OpenSSH
Problem Description: OpenSSH client host verification error CVE-2025-26465 ssh1 contains a logic error that allows an on-path attacker to impersonate any server during certain conditions when the VerifyHostKeyDNS option is enabled. OpenSSH server denial of service CVE-2025-26466 The OpenSSH clien...
clamav -- Multiple vulnerabilities
The ClamAV project reports: CVE-2024-20290 A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during...
qt6-webengine -- Multiple vulnerabilities
Qt qtwebengine-chromium repo reports: Backports for 3 security bugs in Chromium: 1505080 High CVE-2024-0807: Use after free in WebAudio 1504936 Critical CVE-2024-0808: Integer underflow in WebUI 1496250 Medium CVE-2024-0810: Insufficient policy enforcement in DevTools...
openvpn -- 2.6.0...2.6.6 --fragment option division by zero crash, and TLS data leak
The OpenVPN community project team reports: CVE-2023-46849 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly restore "--fragment" configuration in some circumstances, leading to a division by zero when "--fragment" is used. On platforms where division by zero is fatal, this will cause an OpenV...