6585 matches found
proftpd -- remote code execution vulnerability
Tippingpoint reports: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ProFTPD. Authentication is not required to exploit this vulnerability. The flaw exists within the proftpd server component which listens by default on TCP port 21. When readin...
mozilla firefox -- multiple vulnerabilities
Mozilla Foundation reports: MFSA 2009-51 Chrome privilege escalation with FeedWriter MFSA 2009-50 Location bar spoofing via tall line-height Unicode characters MFSA 2009-49 TreeColumns dangling pointer vulnerability MFSA 2009-48 Insufficient warning for PKCS11 module installation and removal MFSA...
mysql -- MyISAM table privileges security bypass vulnerability
SecurityFocus reports: MySQL is prone to a security-bypass vulnerability. An attacker can exploit this issue to overwrite existing table files in the MySQL data directory, bypassing certain security restrictions...
python -- Integer Signedness Error in zlib Module
Justin Ferguson reports: Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow...
png -- multiple vulnerabilities
A Secunia Advisory reports: Some vulnerabilities have been reported in libpng, which can be exploited by malicious people to cause a DoS Denial of Service. Certain errors within libpng, including a logical NOT instead of a bitwise NOT in pngtrtran.c, an error in the 16bit cheap transparency...
drupal -- multiple vulnerabilities
The Drupal team reports: Vulnerability: XSS Vulnerability in taxonomy module It is possible for a malicious user to insert and execute XSS into terms, due to lack of validation on output of the page title. The fix wraps the display of terms in checkplain...
drupal -- PHP code execution vulnerabilities
Kuba Zygmunt discovered a flaw in the input validation routines of Drupal's filter mechanism. An attacker could execute arbitrary PHP code on a target site when public comments or postings are allowed...
ImageMagick -- PSD handler heap overflow vulnerability
An iDEFENSE Security Advisory reports: Remote exploitation of a buffer overflow vulnerability in The ImageMagick's Project's ImageMagick PSD image-decoding module could allow an attacker to execute arbitrary code. Exploitation may allow attackers to run arbitrary code on a victim's computer if th...
many out-of-sequence TCP packets denial-of-service
FreeBSD does not limit the number of TCP segments that may be held in a reassembly queue. A remote attacker may conduct a low-bandwidth denial-of-service attack against a machine providing services based on TCP there are many such services, including HTTP, SMTP, and FTP. By sending many...
FreeBSD -- Multiple vulnerabilities in OpenSSH
Problem Description: OpenSSH client host verification error CVE-2025-26465 ssh1 contains a logic error that allows an on-path attacker to impersonate any server during certain conditions when the VerifyHostKeyDNS option is enabled. OpenSSH server denial of service CVE-2025-26466 The OpenSSH clien...
OpenSSL -- OOB memory access vulnerability
The OpenSSL project reports: Low-level invalid GF2^m parameters lead to OOB memory access CVE-2024-9143 Low Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes...
openvpn -- 2.6.0...2.6.6 --fragment option division by zero crash, and TLS data leak
The OpenVPN community project team reports: CVE-2023-46849 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly restore "--fragment" configuration in some circumstances, leading to a division by zero when "--fragment" is used. On platforms where division by zero is fatal, this will cause an OpenV...
FreeBSD -- ssh-add does not honor per-hop destination constraints
Problem Description: When using ssh-add1 to add smartcard keys to ssh-agent1 with per-hop destination constraints, a logic error prevented the constraints from being sent to the agent resulting in keys being added to the agent without constraints. Impact: A malicious server could leverage the key...
FreeBSD -- Multiple vulnerabilities in OpenSSL
Problem Description: X.400 address type confusion in X.509 GeneralName CVE-2023-0286 There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrect...
sudo -- Potential out-of-bounds write for small passwords
CVE.org reports: Sudo 1.8.0 through 1.9.12, with the crypt password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to sudo by entering a password of seven...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 20 security fixes, including: 1358907 High CVE-2022-3304: Use after free in CSS. Reported by Anonymous on 2022-09-01 1343104 High CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools. Reported by NDevTK on 2022-07-09 1319229...
expat -- Heap use-after-free vulnerability
Debian Security Advisory reports: Rhodri James discovered a heap use-after-free vulnerability in the doContent function in Expat, an XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code, if a malformed XML file is processed...
security/keycloak -- Multiple possible DoS attacks
CIRCL reports: CVE-2022-41966: XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. CVE-2022-40151: I...
cyrus-sasl -- Escape password for SQL insert/update commands
Cyrus SASL 2.1.x Release Notes New in 2.1.28 reports: Escape password for SQL insert/update commands...
python -- Information disclosure via pydoc -p: /getfile?key=path allows to read arbitrary file on the filesystem
David Schwörer reports: Remove the getfile feature of the pydoc module which could be abused to read arbitrary files on the disk directory traversal vulnerability. Moreover, even source code of Python modules can contain sensitive data like passwords...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 8 security fixes, including: 1142331 High CVE-2020-16037: Use after free in clipboard. Reported by Ryoya Tsukasaki on 2020-10-26 1138683 High CVE-2020-16038: Use after free in media. Reported by Khalil Zhani on 2020-10-14 1149177 High CVE-2020-16039:...
Gitlab -- Multiple vulnerabilities
Gitlab reports: Path Traversal in LFS Upload Path traversal allows saving packages in arbitrary location Kubernetes agent API leaks private repos Terraform state deletion API exposes object storage URL Stored-XSS in error message of build-dependencies Git credentials persisted on disk Potential...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory: Description High SECURITY-1868 / CVE-2020-2220 Stored XSS vulnerability in job build time trend High SECURITY-1901 / CVE-2020-2221 Stored XSS vulnerability in upstream cause High SECURITY-1902 / CVE-2020-2222 Stored XSS vulnerability in 'keep forever' badge icons High...
webkit-gtk3 -- Multiple vulnerabilities
The WebKitGTK project reports multiple vulnerabilities...
webkit2-gtk3 -- Multiple vulnerabilities
The WebKitGTK project reports multiple vulnerabilities...
Xpdf -- Multiple Vulnerabilities
Xpdf 4.02 fixes two vulnerabilities. Both fixes have been backported to 3.04. An invalid memory access vulnerability in TextPage::findGaps in Xpdf 4.01 through a crafted PDF document can cause a segfault. An out of bounds write exists in TextPage::findGaps of Xpdf 4.01.01...
Exim -- RCE in ${sort} expansion
Exim team report: A local or remote attacker can execute programs with root privileges - if you've an unusual configuration. If your configuration uses the $sort expansion for items that can be controlled by an attacker e.g. $localpart, $domain. The default config, as shipped by the Exim...
PostgreSQL -- Selectivity estimators bypass row security policies
The PostgreSQL project reports: PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release, a user able to execute SQL queries with permissions to read a given column could craft a leaky operato...
drupal -- Drupal core - Highly critical - Remote Code Execution
Drupal Security Team Some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases...
Python -- NULL pointer dereference vulnerability
Python Changelog: bpo-35746: CVE-2019-5010 Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL distribution points with empty DP or URI correctly. A malicious or buggy certificate can result into segfault. Vulnerability TALOS-2018-0758 reported by Colin Read and Nicolas Ede...
FreeBSD -- bootpd buffer overflow
Problem Description: Due to insufficient validation of network-provided data it may be possible for a malicious attacker to craft a bootp packet which could cause a stack buffer overflow. Impact: It is possible that the buffer overflow could lead to a Denial of Service or remote code execution...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory: Description Critical SECURITY-595 Code execution through crafted URLs Medium SECURITY-904 Forced migration of user records Medium SECURITY-1072 Workspace browser allowed accessing files outside the workspace Medium SECURITY-1193 Potential denial of service through cron...
mutt/neomutt -- multiple vulnerabilities
NeoMutt report: Description CVE-2018-14349NO Response Heap Overflow CVE-2018-14350INTERNALDATE Stack Overflow CVE-2018-14351STATUS Literal Length relative write CVE-2018-14352imapquotestring off-by-one stack overflow CVE-2018-14353imapquotestring int underflow CVE-2018-14354imapsubscribe Remote...
sinatra -- XSS vulnerability
Sinatra blog: Sinatra had a critical vulnerability since v2.0.0. The purpose of this release is to fix CVE-2018-11627. The vulnerability is that XSS can be executed by using illegal parameters...
Django -- information leakage
Django release notes: CVE-2018-6188: Information leakage in AuthenticationForm A regression in Django 1.11.8 made AuthenticationForm run its confirmloginallowed method even if an incorrect password is entered. This can leak information about a user, depending on what messages confirmloginallowed...
GitLab -- multiple vulnerabilities
GitLab reports: Please reference CVE/URL list for details...
OpenVPN -- several vulnerabilities
Samuli Seppänen reports: In May/June 2017 Guido Vranken threw a fuzzer at OpenVPN 2.4.2. In the process he found several vulnerabilities and reported them to the OpenVPN project. ... The first releases to have these fixes are OpenVPN 2.4.3 and 2.3.17. This is a list of fixed important...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 51 security fixes in this release Please reference CVE/URL list for details...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: CVE-2016-9894: Buffer overflow in SkiaGL CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements CVE-2016-9895: CSP bypass using marquee tag CVE-2016-9896: Use-after-free with WebVR CVE-2016-9897: Memory corruption in libGLES CVE-2016-9898:...
wget -- HTTP to FTP redirection file name confusion vulnerability
Giuseppe Scrivano reports: On a server redirect from HTTP to a FTP resource, wget would trust the HTTP server and uses the name in the redirected URL as the destination filename...
moodle -- multiple vulnerabilities
Marina Glancy reports: MSA-16-0013: Users are able to change profile fields that were locked by the administrator. MSA-16-0015: Information disclosure of hidden forum names and sub-names. MSA-16-0016: User can view badges of other users without proper permissions. MSA-16-0017: Course idnumber not...
expat -- denial of service vulnerability on malformed input
Gustavo Grieco reports: The Expat XML parser mishandles certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. The overflows can manifest as a segmentation fault or as memory corruption during a parse operation. The bugs allow for a denial...
bind -- denial of service vulnerability
ISC reports: A problem parsing resource record signatures for DNAME resource records can lead to an assertion failure in resolver.c or db.c...
graphite2 -- multiple vulnerabilities
Mozilla Foundation reports: Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a...
squid -- remote DoS in HTTP response processing
Squid security advisory 2016:2 reports: Due to incorrect bounds checking Squid is vulnerable to a denial of service attack when processing HTTP responses. These problems allow remote servers delivering certain unusual HTTP response syntax to trigger a denial of service for all clients accessing t...
py-pillow -- Buffer overflow in TIFF decoding code
The Pillow maintainers report: Pillow 3.1.0 and earlier when linked against libtiff = 4.0.0 on x64 may overflow a buffer when reading a specially crafted tiff file. Specifically, libtiff = 4.0.0 changed the return type of TIFFScanlineSize from int32 to machine dependent int32|64. If the scanline ...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2015-133 NSS and NSPR memory corruption issues MFSA 2015-132 Mixed content WebSocket policy bypass through workers MFSA 2015-131 Vulnerabilities found through code inspection MFSA 2015-130 JavaScript garbage collection crash with Java applet MFSA 2015-129 Certain...
openldap -- denial of service vulnerability
Denis Andzakovic reports: By sending a crafted packet, an attacker may cause the OpenLDAP server to reach an assert9 9 statement, crashing the daemon...
qemu -- code execution on host machine
Petr Matousek of Red Hat Inc. reports: Due converting PIO to the new memory read/write api we no longer provide separate I/O region lenghts for read and write operations. As a result, reading from PIT Mode/Command register will end with accessing pit-channels with invalid index and potentially...
wordpress -- multiple vulnerabilities
MITRE reports: wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message. wp-includes/http.php in WordPress before 3.7.5, 3.8...