6585 matches found
OpenSSL -- TLS 1.1, 1.2 denial of service
OpenSSL security team reports: A flaw in the OpenSSL handling of CBC mode ciphersuites in TLS 1.1 and TLS 1.2 on AES-NI supporting platforms can be exploited in a DoS attack. A flaw in the OpenSSL handling of OCSP response verification can be exploited in a denial of service attack...
lighttpd -- remote DoS in header parsing
Lighttpd security advisory reports: Certain Connection header values will trigger an endless loop, for example: "Connection: TE,,Keep-Alive" On receiving such value, lighttpd will enter an endless loop, detecting an empty token but not incrementing the current string position, and keep reading th...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2012-34 Miscellaneous memory safety hazards rv:13.0/ rv:10.0.5 MFSA 2012-36 Content Security Policy inline-script bypass MFSA 2012-37 Information disclosure though Windows file shares and shortcut files MFSA 2012-38 Use-after-free while replacing/inserting a node...
tomcat -- Denial of Service
The Tomcat security team reports: Analysis of the recent hash collision vulnerability identified unrelated inefficiencies with Apache Tomcat's handling of large numbers of parameters and parameter values. These inefficiencies could allow an attacker, via a specially crafted request, to cause larg...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2010-49 Miscellaneous memory safety hazards rv:1.9.2.9/ 1.9.1.12 MFSA 2010-50 Frameset integer overflow vulnerability MFSA 2010-51 Dangling pointer vulnerability using DOM plugin array MFSA 2010-52 Windows XP DLL loading vulnerability MFSA 2010-53 Heap buffer...
ruby -- UTF-7 encoding XSS vulnerability in WEBrick
The official ruby site reports: WEBrick have had a cross-site scripting vulnerability that allows an attacker to inject arbitrary script or HTML via a crafted URI. This does not affect user agents that strictly implement HTTP/1.1, however, some user agents do not...
linux-flashplugin -- multiple vulnerabilities
Adobe Security bulletin: Critical vulnerabilities have been identified in Adobe Flash Player that could allow an attacker who successfully exploits these potential vulnerabilities to take control of the affected system. A malicious SWF must be loaded in Flash Player by the user for an attacker to...
lighttpd -- multiple vulnerabilities
Secunia Advisory reports: Some vulnerabilities have been reported in lighttpd, which can be exploited by malicious people to bypass certain security restrictions or cause a DoS Denial of Service...
tikiwiki -- multiple vulnerabilities
Secunia reports: Thomas Pollet has discovered a vulnerability in TikiWiki, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "highlight" parameter in tiki-searchindex.php is not properly sanitised before being returned to the user. This can be...
xli -- integer overflows in image size calculations
Tavis Ormandy discovered several integer overflows in xli's image size handling. A maliciously crafted image may be able to cause a heap buffer overflow and execute arbitrary code...
mailman -- directory traversal vulnerability
A directory traversal vulnerability in mailman allow remote attackers to read arbitrary files due to inadequate input sanitizing. This could, among other things, lead remote attackers to gaining access to the mailman configuration database which contains subscriber email addresses and passwords o...
imlib -- xpm heap buffer overflows and integer overflows
Pavel Kankovsky reports: Imlib affected by a variant of CAN-2004-0782 too. I've discovered more vulnerabilities in Imlib 1.9.13. In particular, it appears to be affected by a variant of Chris Evans' libXpm flaw 1 CAN-2004-0782, see http://scary.beasts.org/security/CESA-2004-003.txt. Look at the...
cvs -- numerous vulnerabilities
A number of vulnerabilities were discovered in CVS by Stefan Esser, Sebastian Krahmer, and Derek Price. Insufficient input validation while processing "Entry" lines. CVE-2004-0414 A double-free resulting from erroneous state handling while processing "Argumentx" commands. CVE-2004-0416 Integer...
GNATS local privilege elevation
GNATS 3.113.1 contains multiple buffer overflows, through which a local attacker could gain elevated privileges on the system...
databases/mongodb* -- Improper Certificate Validation
MongoDB, Inc. reports: A security vulnerability was found where a server process running MongoDB 3.2.6 or later will allow incoming connections to skip peer certificate validation if the server process was started with TLS enabled net.tls.mode set to allowTLS, preferTLS, or requireTLS and without...
clamav -- Multiple vulnerabilities
The ClamAV project reports: CVE-2024-20290 A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during...
qt6-webengine -- Multiple vulnerabilities
Qt qtwebengine-chromium repo reports: Backports for 3 security bugs in Chromium: 1505080 High CVE-2024-0807: Use after free in WebAudio 1504936 Critical CVE-2024-0808: Integer underflow in WebUI 1496250 Medium CVE-2024-0810: Insufficient policy enforcement in DevTools...
electron22 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-4572. Security: backported fix for CVE-2023-4762. Security: backported fix for CVE-2023-4863...
FreeBSD -- Remote denial of service in IPv6 fragment reassembly
Problem Description: Each fragment of an IPv6 packet contains a fragment header which specifies the offset of the fragment relative to the original packet, and each fragment specifies its length in the IPv6 header. When reassembling the packet, the kernel calculates the complete IPv6 payload...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Race condition on gitlab.com enables verified email forgery and third-party account hijacking DOS and high resource consumption of Prometheus server through abuse of Grafana integration proxy endpoint Maintainer can leak sentry token by changing the configured URL Maintainer can...
MariaDB -- Multiple vulnerabilities
The MariaDB project reports: MariaDB fixed 23 vulnerabilities across all supported versions...
Pillow -- multiple vulnerabilities
python-pillow reports: This release fixes several vulnerabilities found with OSS-Fuzz. CVE-2021-25288: Fix OOB read in Jpeg2KDecode. This dates to Pillow 2.4.0. CVE-2021-28675: Fix DOS in PsdImagePlugin. This dates to the PIL fork. CVE-2021-28676: Fix FLI DOS. This dates to the PIL fork...
www/chromium -- multiple vulnerabilities
Chrome Releases reports: This update include 6 security fixes: 1169317 Critical CVE-2021-21142: Use after free in Payments. Reported by Khalil Zhani on 2021-01-21 1163504 High CVE-2021-21143: Heap buffer overflow in Extensions. Reported by Allen Parker and Alex Morgan of MU on 2021-01-06 1163845...
jasper -- multiple vulnerabilities
JasPer NEWS: - Fix CVE-2018-9154 - Fix CVE-2018-19541 - Fix CVE-2016-9399, CVE-2017-13751 - Fix CVE-2018-19540 - Fix CVE-2018-9055 - Fix CVE-2017-13748 - Fix CVE-2017-5503, CVE-2017-5504, CVE-2017-5505 - Fix CVE-2018-9252 - Fix CVE-2018-19139 - Fix CVE-2018-19543, CVE-2017-9782 - Fix CVE-2018-205...
python 3.7 -- multiple vulnerabilities
Python changelog: bpo-38243: Escape the server title of xmlrpc.server.DocXMLRPCServer when rendering the document page as HTML. bpo-38174: Update vendorized expat library version to 2.2.8, which resolves CVE-2019-15903. bpo-37764: Fixes email.headervalueparser.getunstructured going into an infini...
irssi -- Use after free when sending SASL login to the server
Irssi reports: Use after free when sending SASL login to the server found by ilbelkyr. CWE-416, CWE-825...
Kubectl -- Potential directory traversal
Kubernetes.io reports: A security issue was discovered with the Kubernetes kubectl cp command that could enable a directory traversal replacing or deleting files on a user’s workstation...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 34 security fixes in this release, including: 835639 High CVE-2018-6123: Use after free in Blink. Reported by Looben Yang on 2018-04-22 840320 High CVE-2018-6124: Type confusion in Blink. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2018-05-07 818592 High...
bitmessage -- remote code execution vulnerability
Bitmessage developers report: A remote code execution vulnerability has been spotted in use against some users running PyBitmessage v0.6.2. The cause was identified and a fix has been added and released as 0.6.3.2. Will be updated if/when CVE will be available...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: CVE-2018-5091: Use-after-free with DTMF timers CVE-2018-5092: Use-after-free in Web Workers CVE-2018-5093: Buffer overflow in WebAssembly during Memory/Table resizing CVE-2018-5094: Buffer overflow in WebAssembly with garbage collection on uninitialized memory...
Python 2.7 -- multiple vulnerabilities
Python reports: Multiple vulnerabilities have been fixed in Python 2.7.14. Please refer to the CVE list for details...
Supervisord -- An authenticated client can run arbitrary shell commands via malicious XML-RPC requests
mnaberez reports: supervisord can be configured to run an HTTP server on a TCP socket and/or a Unix domain socket. The HTTP server is how supervisorctl communicates with supervisord. If an HTTP server has been enabled, it will always serve both HTML pages and an XML-RPC interface. A vulnerability...
tcpdump -- multiple vulnerabilities
tcpdump developers report: Too many issues to detail, see CVE references for details...
Joomla3 -- SQL Injection
JSST reports: Inadequate filtering of request data leads to a SQL Injection vulnerability...
vim -- arbitrary command execution
Mitre reports: vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened...
cURL -- multiple vulnerabilities
The cURL project reports cookie injection for other servers case insensitive password comparison OOB write via unchecked multiplication double-free in curlmaprintf double-free in krb5 code glob parser write/read out of bounds curlgetdate read out of bounds URL unescape heap overflow via integer...
tiff -- buffer overflow
Mathias Svensson reports: potential buffer write overrun in PixarLogDecode on corrupted/unexpected images...
tomcat -- multiple vulnerabilities
Mark Thomas reports: CVE-2015-5346 Apache Tomcat Session fixation CVE-2015-5351 Apache Tomcat CSRF token leak CVE-2016-0763 Apache Tomcat Security Manager Bypass...
xen-kernel -- information leak in legacy x86 FPU/XMM initialization
The Xen Project reports: When XSAVE/XRSTOR are not in use by Xen to manage guest extended register state, the initial values in the FPU stack and XMM registers seen by the guest upon first use are those left there by the previous user of those registers. A malicious domain may be able to leverage...
wordpress -- multiple vulnerabilities
Samuel Sidler reports: WordPress 4.3.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.3 and earlier are vulnerable to a cross-site scripting vulnerability when processing shortcode tags...
php-phar -- multiple vulnerabilities
reports: Segfault in Phar::convertToData on invalid file. Buffer overflow and stack smashing error in pharfixfilepath...
net-snmp -- snmp_pdu_parse() function incomplete initialization
Qinghao Tang reports: Incompletely initialized vulnerability exists in the function ‘snmppduparse’ of ‘snmpapi.c', and remote attackers can cause memory leak, DOS and possible command executions by sending malicious packets...
krfb -- Multiple security issues in bundled libvncserver
Martin Sandsmark reports: krfb 4.14 and earlier embeds libvncserver which has had several security issues. Several remotely exploitable security issues have been uncovered in libvncserver, some of which might allow a remote authenticated user code execution or application crashes...
nginx -- inject commands into SSL session vulnerability
The nginx project reports: Security: it was possible to reuse SSL sessions in unrelated contexts if a shared SSL session cache or the same TLS session ticket key was used for multiple "server" blocks CVE-2014-3616...
serf -- SSL Certificate Null Byte Poisoning
serf Development list reports: Serf provides APIs to retrieve information about a certificate. These APIs return the information as NUL terminated strings commonly called C strings. X.509 uses counted length strings which may include a NUL byte. This means that a library user will interpret any...
OpenSSL -- NULL pointer dereference / DoS
OpenBSD and David Ramos reports: Applications that use SSLMODERELEASEBUFFERS, such as nginx/apache, are prone to a race condition which may allow a remote attacker to crash the current service...
FreeBSD -- glob(3) related resource exhaustion
Problem description: GLOBLIMIT is supposed to limit the number of paths to prevent against memory or CPU attacks. The implementation however is insufficient...
Axis2 -- Security vulnerabilities on dependency Apache HttpClient
Apache Axis2 reports: Apache Axis2 1.7.4 is a maintenance release that includes fixes for several issues, including the following security issues: Session fixation AXIS2-4739 and XSS AXIS2-5683 vulnerabilities affecting the admin console. A dependency on an Apache HttpClient version affected by...
sudo -- format string vulnerability
Todd Miller reports: Sudo 1.8.0 introduced simple debugging support that was primarily intended for use when developing policy or I/O logging plugins. The sudodebug function contains a flaw where the program name is used as part of the format string passed to the fprintf function. The program nam...
Multiple implementations -- DoS via hash algorithm collision
oCERT reports: A variety of programming languages suffer from a denial-of-service DoS condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting predictable collisions in the underlying hashing algorithms. The issue finds particula...