6585 matches found
FreeBSD -- ssh-add does not honor per-hop destination constraints
Problem Description: When using ssh-add1 to add smartcard keys to ssh-agent1 with per-hop destination constraints, a logic error prevented the constraints from being sent to the agent resulting in keys being added to the agent without constraints. Impact: A malicious server could leverage the key...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update includes 10 security fixes: 1415366 Critical CVE-2023-0941: Use after free in Prompts. Reported by Anonymous on 2023-02-13 1414738 High CVE-2023-0927: Use after free in Web Payments API. Reported by Rong Jian of VRI on 2023-02-10 1309035 High CVE-2023-0928: Us...
FreeBSD -- Multiple vulnerabilities in OpenSSL
Problem Description: X.400 address type confusion in X.509 GeneralName CVE-2023-0286 There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrect...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Race condition on gitlab.com enables verified email forgery and third-party account hijacking DOS and high resource consumption of Prometheus server through abuse of Grafana integration proxy endpoint Maintainer can leak sentry token by changing the configured URL Maintainer can...
sudo -- Potential out-of-bounds write for small passwords
CVE.org reports: Sudo 1.8.0 through 1.9.12, with the crypt password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to sudo by entering a password of seven...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 20 security fixes, including: 1358907 High CVE-2022-3304: Use after free in CSS. Reported by Anonymous on 2022-09-01 1343104 High CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools. Reported by NDevTK on 2022-07-09 1319229...
expat -- Heap use-after-free vulnerability
Debian Security Advisory reports: Rhodri James discovered a heap use-after-free vulnerability in the doContent function in Expat, an XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code, if a malformed XML file is processed...
security/keycloak -- Multiple possible DoS attacks
CIRCL reports: CVE-2022-41966: XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. CVE-2022-40151: I...
MariaDB -- Multiple vulnerabilities
The MariaDB project reports: MariaDB fixed 23 vulnerabilities across all supported versions...
cyrus-sasl -- Escape password for SQL insert/update commands
Cyrus SASL 2.1.x Release Notes New in 2.1.28 reports: Escape password for SQL insert/update commands...
www/chromium -- multiple vulnerabilities
Chrome Releases reports: This update include 6 security fixes: 1169317 Critical CVE-2021-21142: Use after free in Payments. Reported by Khalil Zhani on 2021-01-21 1163504 High CVE-2021-21143: Heap buffer overflow in Extensions. Reported by Allen Parker and Alex Morgan of MU on 2021-01-06 1163845...
python -- Information disclosure via pydoc -p: /getfile?key=path allows to read arbitrary file on the filesystem
David Schwörer reports: Remove the getfile feature of the pydoc module which could be abused to read arbitrary files on the disk directory traversal vulnerability. Moreover, even source code of Python modules can contain sensitive data like passwords...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 8 security fixes, including: 1142331 High CVE-2020-16037: Use after free in clipboard. Reported by Ryoya Tsukasaki on 2020-10-26 1138683 High CVE-2020-16038: Use after free in media. Reported by Khalil Zhani on 2020-10-14 1149177 High CVE-2020-16039:...
webkit-gtk3 -- Multiple vulnerabilities
The WebKitGTK project reports multiple vulnerabilities...
webkit2-gtk3 -- Multiple vulnerabilities
The WebKitGTK project reports multiple vulnerabilities...
Xpdf -- Multiple Vulnerabilities
Xpdf 4.02 fixes two vulnerabilities. Both fixes have been backported to 3.04. An invalid memory access vulnerability in TextPage::findGaps in Xpdf 4.01 through a crafted PDF document can cause a segfault. An out of bounds write exists in TextPage::findGaps of Xpdf 4.01.01...
Exim -- RCE in ${sort} expansion
Exim team report: A local or remote attacker can execute programs with root privileges - if you've an unusual configuration. If your configuration uses the $sort expansion for items that can be controlled by an attacker e.g. $localpart, $domain. The default config, as shipped by the Exim...
PostgreSQL -- Selectivity estimators bypass row security policies
The PostgreSQL project reports: PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release, a user able to execute SQL queries with permissions to read a given column could craft a leaky operato...
drupal -- Drupal core - Highly critical - Remote Code Execution
Drupal Security Team Some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases...
Python -- NULL pointer dereference vulnerability
Python Changelog: bpo-35746: CVE-2019-5010 Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL distribution points with empty DP or URI correctly. A malicious or buggy certificate can result into segfault. Vulnerability TALOS-2018-0758 reported by Colin Read and Nicolas Ede...
FreeBSD -- bootpd buffer overflow
Problem Description: Due to insufficient validation of network-provided data it may be possible for a malicious attacker to craft a bootp packet which could cause a stack buffer overflow. Impact: It is possible that the buffer overflow could lead to a Denial of Service or remote code execution...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory: Description Critical SECURITY-595 Code execution through crafted URLs Medium SECURITY-904 Forced migration of user records Medium SECURITY-1072 Workspace browser allowed accessing files outside the workspace Medium SECURITY-1193 Potential denial of service through cron...
mutt/neomutt -- multiple vulnerabilities
NeoMutt report: Description CVE-2018-14349NO Response Heap Overflow CVE-2018-14350INTERNALDATE Stack Overflow CVE-2018-14351STATUS Literal Length relative write CVE-2018-14352imapquotestring off-by-one stack overflow CVE-2018-14353imapquotestring int underflow CVE-2018-14354imapsubscribe Remote...
sinatra -- XSS vulnerability
Sinatra blog: Sinatra had a critical vulnerability since v2.0.0. The purpose of this release is to fix CVE-2018-11627. The vulnerability is that XSS can be executed by using illegal parameters...
Django -- information leakage
Django release notes: CVE-2018-6188: Information leakage in AuthenticationForm A regression in Django 1.11.8 made AuthenticationForm run its confirmloginallowed method even if an incorrect password is entered. This can leak information about a user, depending on what messages confirmloginallowed...
GitLab -- multiple vulnerabilities
GitLab reports: Please reference CVE/URL list for details...
OpenVPN -- several vulnerabilities
Samuli Seppänen reports: In May/June 2017 Guido Vranken threw a fuzzer at OpenVPN 2.4.2. In the process he found several vulnerabilities and reported them to the OpenVPN project. ... The first releases to have these fixes are OpenVPN 2.4.3 and 2.3.17. This is a list of fixed important...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 51 security fixes in this release Please reference CVE/URL list for details...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: CVE-2016-9894: Buffer overflow in SkiaGL CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements CVE-2016-9895: CSP bypass using marquee tag CVE-2016-9896: Use-after-free with WebVR CVE-2016-9897: Memory corruption in libGLES CVE-2016-9898:...
moodle -- multiple vulnerabilities
Marina Glancy reports: MSA-16-0013: Users are able to change profile fields that were locked by the administrator. MSA-16-0015: Information disclosure of hidden forum names and sub-names. MSA-16-0016: User can view badges of other users without proper permissions. MSA-16-0017: Course idnumber not...
expat -- denial of service vulnerability on malformed input
Gustavo Grieco reports: The Expat XML parser mishandles certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. The overflows can manifest as a segmentation fault or as memory corruption during a parse operation. The bugs allow for a denial...
bind -- denial of service vulnerability
ISC reports: A problem parsing resource record signatures for DNAME resource records can lead to an assertion failure in resolver.c or db.c...
graphite2 -- multiple vulnerabilities
Mozilla Foundation reports: Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a...
squid -- remote DoS in HTTP response processing
Squid security advisory 2016:2 reports: Due to incorrect bounds checking Squid is vulnerable to a denial of service attack when processing HTTP responses. These problems allow remote servers delivering certain unusual HTTP response syntax to trigger a denial of service for all clients accessing t...
tomcat -- multiple vulnerabilities
Mark Thomas reports: CVE-2015-5346 Apache Tomcat Session fixation CVE-2015-5351 Apache Tomcat CSRF token leak CVE-2016-0763 Apache Tomcat Security Manager Bypass...
py-pillow -- Buffer overflow in TIFF decoding code
The Pillow maintainers report: Pillow 3.1.0 and earlier when linked against libtiff = 4.0.0 on x64 may overflow a buffer when reading a specially crafted tiff file. Specifically, libtiff = 4.0.0 changed the return type of TIFFScanlineSize from int32 to machine dependent int32|64. If the scanline ...
openldap -- denial of service vulnerability
Denis Andzakovic reports: By sending a crafted packet, an attacker may cause the OpenLDAP server to reach an assert9 9 statement, crashing the daemon...
qemu -- code execution on host machine
Petr Matousek of Red Hat Inc. reports: Due converting PIO to the new memory read/write api we no longer provide separate I/O region lenghts for read and write operations. As a result, reading from PIT Mode/Command register will end with accessing pit-channels with invalid index and potentially...
wordpress -- multiple vulnerabilities
MITRE reports: wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message. wp-includes/http.php in WordPress before 3.7.5, 3.8...
serf -- SSL Certificate Null Byte Poisoning
serf Development list reports: Serf provides APIs to retrieve information about a certificate. These APIs return the information as NUL terminated strings commonly called C strings. X.509 uses counted length strings which may include a NUL byte. This means that a library user will interpret any...
openafs -- Denial of Service
The OpenAFS development team reports: An attacker with the ability to connect to an OpenAFS fileserver can trigger a buffer overflow, crashing the server. The buffer overflow can be triggered by sending an unauthenticated request for file server statistical information. Clients are not affected...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 19 vulnerabilities fixed in this release, including: 344492 High CVE-2013-6663: Use-after-free in svg images. Credit to Atte Kettunen of OUSPG. 326854 High CVE-2013-6664: Use-after-free in speech recognition. Credit to Khalil Zhani. 337882 High CVE-2013-6665: Heap...
svnserve is vulnerable to a local privilege escalation vulnerability via symlink attack.
Subversion Project reports: svnserve takes a --pid-file option which creates a file containing the process id it is running as. It does not take steps to ensure that the file it has been directed at is not a symlink. If the pid file is in a directory writeable by unprivileged users, the destinati...
chromium -- WebKit vulnerability
Google Chrome Releases reports: 180763 High CVE-2013-0912: Type confusion in WebKit. Credit to Nils and Jon of MWR Labs...
bugzilla -- multiple vulnerabilities
A Bugzilla Security Advisory reports: Cross-Site Scripting When viewing a single bug report, which is the default, the bug ID is validated and rejected if it is invalid. But when viewing several bug reports at once, which is specified by the format=multiple parameter, invalid bug IDs can go throu...
FreeBSD -- glob(3) related resource exhaustion
Problem description: GLOBLIMIT is supposed to limit the number of paths to prevent against memory or CPU attacks. The implementation however is insufficient...
ruby -- Unintentional file creation caused by inserting an illegal NUL character
The official ruby site reports: A vulnerability was found that file creation routines can create unintended files by strategically inserting NULs in file paths. This vulnerability has been reported as CVE-2012-4522. Ruby can handle arbitrary binary patterns as Strings, including NUL chars. On the...
php -- potential overflow in _php_stream_scandir
The PHP Development Team reports: The release of PHP 5.4.15 and 5.4.5 fix a potential overflow in phpstreamscandir...
puppet -- multiple vulnerabilities
puppet -- multiple vulnerabilities Arbitrary file read on the puppet master from authenticated clients high. It is possible to construct an HTTP get request from an authenticated client with a valid certificate that will return the contents of an arbitrary file on the Puppet master that the maste...
Zend Framework -- Multiple vulnerabilities via XXE injection
The Zend Framework team reports: The XmlRpc package of Zend Framework is vulnerable to XML eXternal Entity Injection attacks both server and client. The SimpleXMLElement class SimpleXML PHP extension is used in an insecure way to parse XML data. External entities can be specified by adding a...