6578 matches found
OpenSSH -- Pre-authentication async signal safety issue
The FreeBSD Project reports: A signal handler in sshd8 may call a logging function that is not async- signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds 120 by default. This signal handler executes in the context of the sshd8's...
graylog -- remote code execution in log4j from user-controlled log input
Apache Software Foundation reports: It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default...
curl -- multiple vulnerabilities
curl security problems: CVE-2020-8169: Partial password leak over DNS on HTTP redirect libcurl can be tricked to prepend a part of the password to the host name before it resolves it, potentially leaking the partial password over the network and to the DNS servers. libcurl can be given a username...
asterisk -- Remote crash vulnerability DNS SRV and NAPTR lookups
The Asterisk project reports: There is a buffer overflow vulnerability in dnssrv and dnsnaptr functions of Asterisk that allows an attacker to crash Asterisk via a specially crafted DNS SRV or NAPTR response. The attackers request causes Asterisk to segfault and crash...
OpenSSH -- Double-free memory corruption in ssh-agent
OpenBSD Project reports: ssh-agent1: fixed a double-free memory corruption that was introduced in OpenSSH 8.2 . We treat all such memory faults as potentially exploitable. This bug could be reached by an attacker with access to the agent socket. On modern operating systems where the OS can provid...
NGINX -- HTTP request smuggling
NGINX Team reports: NGINX before 1.17.7, with certain errorpage configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer...
mediawiki -- multiple vulnerabilities
Mediawiki reports: Security fixes: T169545: $wgRateLimits entry for 'user' overrides 'newbie'. T194605: BotPasswords can bypass CentralAuth's account lock. T187638: When a log event is partially hidden Special:Redirect/logid can link to the incorrect log and reveal hidden T193237:...
OpenSearch -- Log4Shell
OpenSearch reports: A recently published security issue CVE-2021-44228 affects several versions of the broadly-used Apache Log4j library. Some software in the OpenSearch project includes versions of Log4j referenced in this CVE. While, at time of writing, the team has not found a reproduceable...
Gitlab -- multiple vulnerabilities
Gitlab reports: Persistent XSS in Pipeline Tooltip GitLab.com GCP Endpoints Exposure Persistent XSS in Merge Request Changes View Sensitive Data Disclosure in Sidekiq Logs Missing CSRF in System Hooks Orphaned Upload Files Exposure Missing Authorization Control API Repository Storage...
powerdns-recursor -- Multiple vulnerabilities
powerdns Team reports: CVE-2018-10851: An issue has been found in PowerDNS Recursor allowing a malicious authoritative server to cause a memory leak by sending specially crafted records. The issue is due to the fact that some memory is allocated before the parsing and is not always properly...
joomla3 -- vulnerabilitiesw
JSST reports: Multiple low-priority Vulnerabilities Inadequate checks in the InputFilter class could allow specifically prepared PHAR files to pass the upload filter. Inadequate output filtering on the user profile page could lead to a stored XSS attack. Inadequate checks regarding disabled field...
YUI JavaScript library -- JavaScript injection exploits in Flash components
The YUI team reports: Vulnerability in YUI 2.4.0 through YUI 2.9.0 A XSS vulnerability has been discovered in some YUI 2 .swf files from versions 2.4.0 through 2.9.0. This defect allows JavaScript injection exploits to be created against domains that host affected YUI .swf files. If your site loa...
bro -- array bounds and potential DOS issues
Corelight reports: Bro 2.5.5 primarily addresses security issues: Fix array bounds checking in BinPAC: for arrays that are fields within a record, the bounds check was based on a pointer to the start of the record rather than the start of the array field, potentially resulting in a buffer...
git -- privilege escalation
The git project reports: Git is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a gi...
lighttpd - use-after-free vulnerabilities
Lighttpd Project reports: Security fixes for Lighttpd: security: process headers after combining folded headers...
OpenSSL -- Multiple vulnerabilities
The OpenSSL project reports: The crehash script allows command injection CVE-2022-1292 Moderate The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 14 security fixes, including: 1212618 Critical CVE-2021-30544: Use after free in BFCache. Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2021-05-24 1201031 High CVE-2021-30545: Use after free in Extensions. Reported by kkwon with everpall a...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: CVE-2019-9811: Sandbox escape via installation of malicious language pack CVE-2019-11711: Script injection within domain through inner window reuse CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects CVE-2019-11713:...
OpenSSH -- OpenSSH 6.2 through 8.7 failed to correctly initialise supplemental groups when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand
OpenBSD Project reports: sshd8 from OpenSSH 6.2 through 8.7 failed to correctly initialise supplemental groups when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand, where a AuthorizedKeysCommandUser or AuthorizedPrincipalsCommandUser directive has been set to run the command as ...
nginx-devel -- SSL session reuse vulnerability
The nginx development team reports: This update fixes the SSL session reuse vulnerability...
gitea -- password hash quality
The Gitea team reports: This PR refactors and improves the password hashing code within gitea and makes it possible for server administrators to set the password hashing parameters. In addition it takes the opportunity to adjust the settings for pbkdf2 in order to make the hashing a little...
MySQL -- multiple vulnerabilities
The MySQL project reports: CVE-2016-3492: Remote security vulnerability in 'Server: Optimizer' sub component. CVE-2016-5616, CVE-2016-6663: Race condition allows local users with certain permissions to gain privileges by leveraging use of mycopystat by REPAIR TABLE to repair a MyISAM table...
powerdns -- Multiple vulnerabilities
PowerDNS Team reports: CVE-2018-10851: An issue has been found in PowerDNS Authoritative Server allowing an authorized user to cause a memory leak by inserting a specially crafted record in a zone under their control, then sending a DNS query for that record. The issue is due to the fact that som...
Gitlab -- Multiple vulnerabilities
Gitlab reports: Persistent XSS Autocompletion Unauthorized service template creation...
Grafana -- Path Traversal
Grafana Labs reports: Grafana is vulnerable to directory traversal, allowing access to local files. We have confirmed this for versions v8.0.0-beta1 to v8.3.0. Thanks to our defense-in-depth approach, at no time has Grafana Cloud been vulnerable. The vulnerable URL path is: /public/plugins/ where...
FreeBSD -- OpenSSH multiple vulnerabilities
Problem Description: The ssh-agent1 agent supports loading a PKCS11 module from outside a trusted whitelist. An attacker can request loading of a PKCS11 module across forwarded agent-socket. CVE-2016-10009 When privilege separation is disabled, forwarded Unix domain sockets would be created by...
Flash Player -- arbitrary code execution
Adobe reports: This update resolves a type confusion vulnerability that could lead to arbitrary code execution CVE-2018-15981...
mybb -- vulnerabilities
mybb Team reports: High risk: Image MyCode “alt” attribute persistent XSS. Medium risk: RSS Atom 1.0 item title persistent XSS...
phpmailer -- Multiple vulnerability
The PHPMailer Team reports: CVE-2018-19296:Fix potential object injection vulnerability...
nginx -- Multiple Vulnerabilities in HTTP/3
The nginx development team reports: This update fixes the following vulnerabilities: Stack overflow and use-after-free in HTTP/3 Buffer overwrite in HTTP/3 Memory disclosure in HTTP/3 NULL pointer dereference in HTTP/3...
jenkins -- Denial of service vulnerability in bundled Jetty
Jenkins Security Advisory: Description High JENKINS-65280 / CVE-2021-28165 Denial of service vulnerability in bundled Jetty...
php-imap -- imap_open allows to run arbitrary shell commands via mailbox parameter
The PHP team reports: imapopen allows to run arbitrary shell commands via mailbox parameter...
Grafana -- Snapshot authentication bypass
Grafana Labs reports: Unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key If the snapshot "publicmode" configuration setting is set to true vs default of false,...
MySQL -- multiple vulnerabilities
Oracle reports: Critical Patch Update Oracle MySQL Executive Summary This Critical Patch Update contains 44 new security fixes for Oracle MySQL. 3 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory: Description Medium SECURITY-1424 / CVE-2019-10352 Arbitrary file write vulnerability using file parameter definitions High SECURITY-626 / CVE-2019-10353 CSRF protection tokens did not expire Medium SECURITY-534 / CVE-2019-10354 Unauthorized view fragment access...
x11vnc -- authentication bypass vulnerability
Ludwig Nussel reports that x11vnc is vulnerable to an authentication bypass vulnerability. The vulnerability is caused by an error in auth.c. This could allow a remote attacker to gain unauthorized and unauthenticated access to the system...
FreeBSD -- Missing message validation in libradius(3)
Problem Description: libradius did not perform sufficient validation of received messages. radgetattr3 did not verify that the attribute length is valid before subtracting the length of the Type and Length fields. As a result, it could return success while also providing a bogus length of SIZETMA...
Apache httpd -- Multiple vulnerabilities
The Apache httpd project reports: CVE-2022-31813: modproxy X-Forwarded-For dropped by hop-by-hop mechanism. Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded- headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP...
unbound -- parsing vulnerability
Unbound Security Advisories: Due to an error in parsing NOTIFY queries, it is possible for Unbound to continue processing malformed queries and may ultimately result in a pointer dereference in uninitialized memory. This results in a crash of the Unbound daemon...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 24 security fixes, including: 1340253 Critical CVE-2022-3038: Use after free in Network Service. Reported by Sergei Glazunov of Google Project Zero on 2022-06-28 1343348 High CVE-2022-3039: Use after free in WebSQL. Reported by Nan Wang@eternalsakura...
ruby -- multiple vulnerabilities
Ruby news: This release includes security fixes. Please check the topics below for details. CVE-2019-15845: A NUL injection vulnerability of File.fnmatch and File.fnmatch? A NUL injection vulnerability of Ruby built-in methods File.fnmatch and File.fnmatch? was found. An attacker who has the...
NGINX -- 1-byte memory overwrite in resolver
NGINX team reports: 1-byte memory overwrite might occur during DNS server response processing if the "resolver" directive was used, allowing an attacker who is able to forge UDP packets from the DNS server to cause worker process crash or, potentially, arbitrary code execution...
libdwarf -- multiple vulnerabilities
Christian Rebischke reports: libdwarf is vulnerable to multiple issues including arbitrary code execution, information disclosure and denial of service...
Dropbear -- two vulnerabilities
Matt Johnston reports: Fix double-free in server TCP listener cleanup A double-free in the server could be triggered by an authenticated user if dropbear is running with -a Allow connections to forwarded ports from any host This could potentially allow arbitrary code execution as root by an...
PuTTY -- security fixes in new release
The PuTTY team reports: New in 0.71: Security fixes found by an EU-funded bug bounty programme: + a remotely triggerable memory overwrite in RSA key exchange, which can occur before host key verification + potential recycling of random numbers used in cryptography + on Unix, remotely triggerable...
graylog -- include log4j patches
Apache Software Foundation repos: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or paramters can execute arbitrary code from attacker-controller LDAP servers when message lookup substitution i...
OpenSSL -- Buffer overflows in Email verification
The OpenSSL project reports: X.509 Email Address 4-byte Buffer Overflow CVE-2022-3602 High: A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. X.509 Email Address Variable Length Buffer Overflow CVE-2022-3786 High: A buffer overrun can b...
libX11 -- Multiple vulnerabilities
The freedesktop.org project reports: The functions XGetFontPath, XListExtensions, and XListFonts are vulnerable to an off-by-one override on malicious server responses. The server replies consist of chunks consisting of a length byte followed by actual string, which is not NUL-terminated. While...
memcached -- multiple vulnerabilities
Cisco Talos reports: Multiple integer overflow vulnerabilities exist within Memcached that could be exploited to achieve remote code execution on the targeted system. These vulnerabilities manifest in various Memcached functions that are used in inserting, appending, prepending, or modifying...
redis -- Potential remote code execution vulnerability
The Redis core team reports: A specially crafted XAUTOCLAIM command on a stream key in a specific state may result with heap overflow, and potentially remote code execution...