6585 matches found
dns/bind9* -- zero-length RDATA can cause named to terminate, reveal memory
ISC reports: Processing of DNS resource records where the rdata field is zero length may cause various issues for the servers handling them. Processing of these records may lead to unexpected outcomes. Recursive servers may crash or disclose some portion of memory to the client. Secondary servers...
OpenSSL -- CMS and S/MIME Bleichenbacher attack
The OpenSSL Team reports: A weakness in the OpenSSL CMS and PKCS 7 code can be exploited using Bleichenbacher's attack on PKCS 1 v1.5 RSA padding also known as the million message attack MMA. Only users of CMS, PKCS 7, or S/MIME decryption operations are affected. A successful attack needs on...
sudo -- format string vulnerability
Todd Miller reports: Sudo 1.8.0 introduced simple debugging support that was primarily intended for use when developing policy or I/O logging plugins. The sudodebug function contains a flaw where the program name is used as part of the format string passed to the fprintf function. The program nam...
phpMyAdmin -- Multiple XSS
The phpMyAdmin development team reports: Using crafted url parameters, it was possible to produce XSS on the export panels in the server, database and table sections. Crafted values entered in the setup interface can produce XSS; also, if the config directory exists and is writeable, the XSS...
postfix -- plaintext command injection with SMTP over TLS
Wietse Venema has discovered a software flaw that allows an attacker to inject client commands into an SMTP session during the unprotected plaintext SMTP protocol phase, such that the server will execute those commands during the SMTP- over-TLS protocol phase when all communication is supposed to...
sudo -- Privilege escalation with sudoedit
Todd Miller reports: Sudo's command matching routine expects actual commands to include one or more slash '/' characters. The flaw is that sudo's path resolution code did not add a "./" prefix to commands found in the current working directory. This creates an ambiguity between a "sudoedit" comma...
otrs -- SQL injection
OTRS Security Advisory reports: Missing security quoting for SQL statements allows agents and customers to manipulate SQL queries. So it's possible for authenticated users to inject SQL queries via string manipulation of statements. A malicious user may be able to manipulate SQL queries to read o...
libvorbis -- multiple vulnerabilities
The Ubuntu security team reports: It was discovered that libvorbis did not correctly handle certain malformed vorbis files. If a user were tricked into opening a specially crafted vorbis file with an application that uses libvorbis, an attacker could cause a denial of service or possibly execute...
cups -- remote code execution and DNS rebinding
Gentoo security team summarizes: The following issues were reported in CUPS: iDefense reported an integer overflow in the cupsImageReadTIFF function in the "imagetops" filter, leading to a heap-based buffer overflow CVE-2009-0163. Aaron Siegel of Apple Product Security reported that the CUPS web...
xpdf -- multiple vulnerabilities
Secunia reports: Some vulnerabilities have been reported in Xpdf, which can be exploited by malicious people to potentially compromise a user's system. A boundary error exists when decoding JBIG2 symbol dictionary segments. This can be exploited to cause a heap-based buffer overflow and potential...
xterm -- DECRQSS remote command execution vulnerability
SecurityFocus reports: The xterm program is prone to a remote command-execution vulnerability because it fails to sufficiently validate user input. Successfully exploiting this issue would allow an attacker to execute arbitrary commands on an affected computer in the context of the affected...
php -- multiple vulnerabilities
Secunia reports: Some vulnerabilities have been reported in PHP, where some have an unknown impact and others can potentially be exploited by malicious people to cause a DoS Denial of Service or compromise a vulnerable system. An input validation error exists within the "ZipArchive::extractTo"...
dovecot -- ACL plugin bypass vulnerabilities
Timo Sirainen reports in dovecot 1.1.4 release notes: ACL plugin fixes: Negative rights were actually treated as positive rights. 'k' right didn't prevent creating parent/child/child mailbox. ACL groups weren't working...
python -- Integer Signedness Error in zlib Module
Justin Ferguson reports: Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow...
php -- integer overflow vulnerability
CVE reports: Integer overflow in PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service and possibly have unspecified other impact via a printf format parameter with a large width specifier, related to the phpsprintfappendstring function in formattedprint.c and...
mozilla -- code execution via Quicktime media-link files
The Mozilla Foundation reports a vulnerability within the mozilla browser. This vulnerability also affects various other browsers like firefox and seamonkey. The vulnerability is caused by QuickTime Media-Link files that contain a qtnext attribute. This could allow an attacker to start the browse...
samba -- memory exhaustion DoS in smbd
The Samba Team reports: The smbd daemon maintains internal data structures used track active connections to file and printer shares. In certain circumstances an attacker may be able to continually increase the memory usage of an smbd process by issuing a large number of share connection requests...
drupal -- multiple vulnerabilities
The Drupal team reports: Vulnerability: XSS Vulnerability in taxonomy module It is possible for a malicious user to insert and execute XSS into terms, due to lack of validation on output of the page title. The fix wraps the display of terms in checkplain...
MySQL -- Information Disclosure and Buffer Overflow Vulnerabilities
Secunia reports: MySQL have some vulnerabilities, which can be exploited by malicious users to disclose potentially sensitive information and compromise a vulnerable system. 1 An error within the code that generates an error response to an invalid COMTABLEDUMP packet can be exploited by an...
pear-XML_RPC -- arbitrary remote code execution
GulfTech Security Research Team reports: PEAR XMLRPC is vulnerable to a very high risk php code injection vulnerability due to unsanatized data being passed into an eval call...
wordpress -- multiple vulnerabilities
GulfTech Security Research reports: There are a number of vulnerabilities in WordPress that may allow an attacker to ultimately run arbitrary code on the vulnerable system. These vulnerabilities include SQL Injection, Cross Site Scripting, and also issues that may aid an attacker in social...
lsh -- multiple vulnerabilities
Secunia reports: A vulnerability has been reported in LSH, which potentially can be exploited by malicious people to cause a DoS Denial of Service...
awstats -- arbitrary command execution
Several input validation errors exist in AWStats that allow a remote unauthenticated attacker to execute arbitrary commands with the priviliges of the web server. These programming errors involve CGI parameters including loadplugin, logfile, pluginmode, update, and possibly others. Additionally,...
xpdf -- integer overflow vulnerabilities
Chris Evans discovered several integer arithmetic overflows in the xpdf 2 and xpdf 3 code bases. The flaws have impacts ranging from denial-of-service to arbitrary code execution...
qt -- image loader vulnerabilities
Qt contains several vulnerabilities related to image loading, including possible crashes when loading corrupt GIF, BMP, or JPEG images. Most seriously, Chris Evans reports that the BMP crash is actually due to a heap buffer overflow. It is believed that an attacker may be able to construct a BMP...
FreeBSD -- Prefix Truncation Attack in the SSH protocol
Problem Description: The SSH protocol executes an initial handshake between the server and the client. This protocol handshake includes the possibility of several extensions allowing different options to be selected. Validation of the packets in the handshake is done through sequence numbers...
Gitlab -- Vulnerabilities
Gitlab reports: Privilege escalation of "external user" to internal access through group service account Maintainer can leak sentry token by changing the configured URL fix bypass Google Cloud Logging private key showed in plain text in GitLab UI leaking to other group owners Information disclosu...
FreeBSD -- Remote denial of service in IPv6 fragment reassembly
Problem Description: Each fragment of an IPv6 packet contains a fragment header which specifies the offset of the fragment relative to the original packet, and each fragment specifies its length in the IPv6 header. When reassembling the packet, the kernel calculates the complete IPv6 payload...
curl -- multiple vulnerabilities
Wei Chong Tan, Harry Sintonen, and Hiroki Kurosawa reports: This update fixes 4 security vulnerabilities: Medium CVE-2023-28319: UAF in SSH sha256 fingerprint check. Reported by Wei Chong Tan on 2023-03-21 Low CVE-2023-28320: siglongjmp race condition. Reported by Harry Sintonen on 2023-04-02 Low...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 28 security fixes, including: 1379054 High CVE-2022-4174: Type Confusion in V8. Reported by Zhenghang Xiao @Kipreyyy on 2022-10-27 1381401 High CVE-2022-4175: Use after free in Camera Capture. Reported by Leecraso and Guang Gong of 360 Alpha Lab on...
Grafana -- Improper authentication
Grafana Labs reports: On September 7, as a result of an internal security audit, we discovered a security vulnerability in Grafana’s basic authentication related to the usage of username and email address. n Grafana, a user’s username and email address are unique fields, which means no other user...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Stealing GitLab OAuth access tokens using XSLeaks in Safari Denial of service through recursive triggered pipelines Unauthenticated CI lint API may lead to information disclosure and SSRF Server-side DoS through rendering crafted Markdown documents Issue and merge request length...
PostgreSQL -- Memory disclosure in partitioned-table UPDATE ... RETURNING
The PostgreSQL project reports: Using an UPDATE ... RETURNING on a purpose-crafted partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can create prerequisite objects and complete this attack at will. A user lacki...
salt -- multiple vulnerabilities
SaltStack reports multiple security vulnerabilities in Salt CVE-2021-3197: The Salt-API.s SSH client is vulnerable to a shell injection by including ProxyCommand in an argument, or via sshoptions provided in an API request. CVE-2021-25281: The Salt-API does not have eAuth credentials for the...
jenkins -- Arbitrary file read vulnerability in workspace browsers
Jenkins Security Advisory: Description Medium SECURITY-2197 / CVE-2021-21615 Arbitrary file read vulnerability in workspace browsers...
Gitlab -- Multiple vulnerabilities
Gitlab reports: Path Traversal in LFS Upload Path traversal allows saving packages in arbitrary location Kubernetes agent API leaks private repos Terraform state deletion API exposes object storage URL Stored-XSS in error message of build-dependencies Git credentials persisted on disk Potential...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory: Description High SECURITY-1868 / CVE-2020-2220 Stored XSS vulnerability in job build time trend High SECURITY-1901 / CVE-2020-2221 Stored XSS vulnerability in upstream cause High SECURITY-1902 / CVE-2020-2222 Stored XSS vulnerability in 'keep forever' badge icons High...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Arbitrary File Read when Moving an Issue Path Traversal in NPM Package Registry SSRF on Project Import External Users Can Create Personal Snippet Triggers Decription Can be Updated by Other Maintainers in Project Information Disclosure on Confidential Issues Moved to Private...
samba -- multiple vulnerabilities
The Samba Team reports: CVE-2019-14902 The implementation of ACL inheritance in the Samba AD DC was not complete, and so absent a 'full-sync' replication, ACLs could get out of sync between domain controllers. CVE-2019-14907 When processing untrusted string input Samba can read past the end of th...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Unauthorized access to grafana metrics Update Mattermost dependency...
OpenSSL -- Multiple vulnerabilities
The OpenSSL project reports: ECDSA remote timing attack CVE-2019-1547 Low Fork Protection CVE-2019-1549 Low OpenSSL 1.1.1 only...
h2o -- multiple HTTP/2 vulnerabilities
Jonathon Loomey of Netflix reports: HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion Recently, a series of DoS attack vulnerabilities have been reported on a broad range of HTTP/2 stacks. Among the vulnerabilities, H2O is exposed to the following: CVE-2019-95...
Vim/NeoVim -- Security vulnerability
Security releases for Vim/NeoVim: Sandbox escape allows for arbitrary code execution...
Payara -- A Polymorphic Typing issue in FasterXML jackson-databind
Payara Releases reports: The following is a list of tracked Common Vulnerabilities and Exposures that have been reported and analyzed, which can or have impacted Payara Server across releases: CVE-2019-12086 A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9...
WPA packet number reuse with replayed messages and key reinstallation
wpasupplicant developers report: A vulnerability was found in how a number of implementations can be triggered to reconfigure WPA/WPA2/RSN keys TK, GTK, or IGTK by replaying a specific frame that is used to manage the keys...
cvs -- Remote code execution via ssh command injection
Hank Leininger reports: Bugs in Git, Subversion, and Mercurial were just announced and patched which allowed arbitrary local command execution if a malicious name was used for the remote server, such as starting with - to pass options to the ssh client: git clone...
phpmyadmin -- multiple vulnerabilities
The phpmyadmin development team reports: Weakness with cookie encryption Multiple XSS vulnerabilities Multiple XSS vulnerabilities PHP code injection Full path disclosure SQL injection attack Local file exposure Local file exposure through symlinks with UploadDir Path traversal with SaveDir and...
xen-kernel -- x86: Missing SMAP whitelisting in 32-bit exception / event delivery
The Xen Project reports: Supervisor Mode Access Prevention is a hardware feature designed to make an Operating System more robust, by raising a pagefault rather than accidentally following a pointer into userspace. However, legitimate accesses into userspace require whitelisting, and the exceptio...
Apache Commons FileUpload -- denial of service (DoS) vulnerability
Mark Thomas reports: CVE-2016-3092 is a denial of service vulnerability that has been corrected in the Apache Commons FileUpload component. It occurred when the length of the multipart boundary was just below the size of the buffer 4096 bytes used to read the uploaded file. This caused the file...
wget -- HTTP to FTP redirection file name confusion vulnerability
Giuseppe Scrivano reports: On a server redirect from HTTP to a FTP resource, wget would trust the HTTP server and uses the name in the redirected URL as the destination filename...