6585 matches found
openafs -- Denial of Service
The OpenAFS development team reports: An attacker with the ability to connect to an OpenAFS fileserver can trigger a buffer overflow, crashing the server. The buffer overflow can be triggered by sending an unauthenticated request for file server statistical information. Clients are not affected...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 19 vulnerabilities fixed in this release, including: 344492 High CVE-2013-6663: Use-after-free in svg images. Credit to Atte Kettunen of OUSPG. 326854 High CVE-2013-6664: Use-after-free in speech recognition. Credit to Khalil Zhani. 337882 High CVE-2013-6665: Heap...
svnserve is vulnerable to a local privilege escalation vulnerability via symlink attack.
Subversion Project reports: svnserve takes a --pid-file option which creates a file containing the process id it is running as. It does not take steps to ensure that the file it has been directed at is not a symlink. If the pid file is in a directory writeable by unprivileged users, the destinati...
chromium -- WebKit vulnerability
Google Chrome Releases reports: 180763 High CVE-2013-0912: Type confusion in WebKit. Credit to Nils and Jon of MWR Labs...
bugzilla -- multiple vulnerabilities
A Bugzilla Security Advisory reports: Cross-Site Scripting When viewing a single bug report, which is the default, the bug ID is validated and rejected if it is invalid. But when viewing several bug reports at once, which is specified by the format=multiple parameter, invalid bug IDs can go throu...
ruby -- Unintentional file creation caused by inserting an illegal NUL character
The official ruby site reports: A vulnerability was found that file creation routines can create unintended files by strategically inserting NULs in file paths. This vulnerability has been reported as CVE-2012-4522. Ruby can handle arbitrary binary patterns as Strings, including NUL chars. On the...
php -- potential overflow in _php_stream_scandir
The PHP Development Team reports: The release of PHP 5.4.15 and 5.4.5 fix a potential overflow in phpstreamscandir...
puppet -- multiple vulnerabilities
puppet -- multiple vulnerabilities Arbitrary file read on the puppet master from authenticated clients high. It is possible to construct an HTTP get request from an authenticated client with a valid certificate that will return the contents of an arbitrary file on the Puppet master that the maste...
Zend Framework -- Multiple vulnerabilities via XXE injection
The Zend Framework team reports: The XmlRpc package of Zend Framework is vulnerable to XML eXternal Entity Injection attacks both server and client. The SimpleXMLElement class SimpleXML PHP extension is used in an insecure way to parse XML data. External entities can be specified by adding a...
dns/bind9* -- zero-length RDATA can cause named to terminate, reveal memory
ISC reports: Processing of DNS resource records where the rdata field is zero length may cause various issues for the servers handling them. Processing of these records may lead to unexpected outcomes. Recursive servers may crash or disclose some portion of memory to the client. Secondary servers...
OpenSSL -- CMS and S/MIME Bleichenbacher attack
The OpenSSL Team reports: A weakness in the OpenSSL CMS and PKCS 7 code can be exploited using Bleichenbacher's attack on PKCS 1 v1.5 RSA padding also known as the million message attack MMA. Only users of CMS, PKCS 7, or S/MIME decryption operations are affected. A successful attack needs on...
phpMyAdmin -- Multiple XSS
The phpMyAdmin development team reports: Using crafted url parameters, it was possible to produce XSS on the export panels in the server, database and table sections. Crafted values entered in the setup interface can produce XSS; also, if the config directory exists and is writeable, the XSS...
postfix -- plaintext command injection with SMTP over TLS
Wietse Venema has discovered a software flaw that allows an attacker to inject client commands into an SMTP session during the unprotected plaintext SMTP protocol phase, such that the server will execute those commands during the SMTP- over-TLS protocol phase when all communication is supposed to...
sudo -- Privilege escalation with sudoedit
Todd Miller reports: Sudo's command matching routine expects actual commands to include one or more slash '/' characters. The flaw is that sudo's path resolution code did not add a "./" prefix to commands found in the current working directory. This creates an ambiguity between a "sudoedit" comma...
otrs -- SQL injection
OTRS Security Advisory reports: Missing security quoting for SQL statements allows agents and customers to manipulate SQL queries. So it's possible for authenticated users to inject SQL queries via string manipulation of statements. A malicious user may be able to manipulate SQL queries to read o...
libvorbis -- multiple vulnerabilities
The Ubuntu security team reports: It was discovered that libvorbis did not correctly handle certain malformed vorbis files. If a user were tricked into opening a specially crafted vorbis file with an application that uses libvorbis, an attacker could cause a denial of service or possibly execute...
cups -- remote code execution and DNS rebinding
Gentoo security team summarizes: The following issues were reported in CUPS: iDefense reported an integer overflow in the cupsImageReadTIFF function in the "imagetops" filter, leading to a heap-based buffer overflow CVE-2009-0163. Aaron Siegel of Apple Product Security reported that the CUPS web...
xpdf -- multiple vulnerabilities
Secunia reports: Some vulnerabilities have been reported in Xpdf, which can be exploited by malicious people to potentially compromise a user's system. A boundary error exists when decoding JBIG2 symbol dictionary segments. This can be exploited to cause a heap-based buffer overflow and potential...
xterm -- DECRQSS remote command execution vulnerability
SecurityFocus reports: The xterm program is prone to a remote command-execution vulnerability because it fails to sufficiently validate user input. Successfully exploiting this issue would allow an attacker to execute arbitrary commands on an affected computer in the context of the affected...
php -- multiple vulnerabilities
Secunia reports: Some vulnerabilities have been reported in PHP, where some have an unknown impact and others can potentially be exploited by malicious people to cause a DoS Denial of Service or compromise a vulnerable system. An input validation error exists within the "ZipArchive::extractTo"...
dovecot -- ACL plugin bypass vulnerabilities
Timo Sirainen reports in dovecot 1.1.4 release notes: ACL plugin fixes: Negative rights were actually treated as positive rights. 'k' right didn't prevent creating parent/child/child mailbox. ACL groups weren't working...
wordpress -- remote privilege escalation
The Wordpress development team reports: With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another users password to a randomly generated password. The randomly generated password is not disclosed to the...
php -- integer overflow vulnerability
CVE reports: Integer overflow in PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service and possibly have unspecified other impact via a printf format parameter with a large width specifier, related to the phpsprintfappendstring function in formattedprint.c and...
mozilla -- code execution via Quicktime media-link files
The Mozilla Foundation reports a vulnerability within the mozilla browser. This vulnerability also affects various other browsers like firefox and seamonkey. The vulnerability is caused by QuickTime Media-Link files that contain a qtnext attribute. This could allow an attacker to start the browse...
samba -- memory exhaustion DoS in smbd
The Samba Team reports: The smbd daemon maintains internal data structures used track active connections to file and printer shares. In certain circumstances an attacker may be able to continually increase the memory usage of an smbd process by issuing a large number of share connection requests...
MySQL -- Information Disclosure and Buffer Overflow Vulnerabilities
Secunia reports: MySQL have some vulnerabilities, which can be exploited by malicious users to disclose potentially sensitive information and compromise a vulnerable system. 1 An error within the code that generates an error response to an invalid COMTABLEDUMP packet can be exploited by an...
pear-XML_RPC -- arbitrary remote code execution
GulfTech Security Research Team reports: PEAR XMLRPC is vulnerable to a very high risk php code injection vulnerability due to unsanatized data being passed into an eval call...
wordpress -- multiple vulnerabilities
GulfTech Security Research reports: There are a number of vulnerabilities in WordPress that may allow an attacker to ultimately run arbitrary code on the vulnerable system. These vulnerabilities include SQL Injection, Cross Site Scripting, and also issues that may aid an attacker in social...
lsh -- multiple vulnerabilities
Secunia reports: A vulnerability has been reported in LSH, which potentially can be exploited by malicious people to cause a DoS Denial of Service...
awstats -- arbitrary command execution
Several input validation errors exist in AWStats that allow a remote unauthenticated attacker to execute arbitrary commands with the priviliges of the web server. These programming errors involve CGI parameters including loadplugin, logfile, pluginmode, update, and possibly others. Additionally,...
xpdf -- integer overflow vulnerabilities
Chris Evans discovered several integer arithmetic overflows in the xpdf 2 and xpdf 3 code bases. The flaws have impacts ranging from denial-of-service to arbitrary code execution...
qt -- image loader vulnerabilities
Qt contains several vulnerabilities related to image loading, including possible crashes when loading corrupt GIF, BMP, or JPEG images. Most seriously, Chris Evans reports that the BMP crash is actually due to a heap buffer overflow. It is believed that an attacker may be able to construct a BMP...
FreeBSD -- Prefix Truncation Attack in the SSH protocol
Problem Description: The SSH protocol executes an initial handshake between the server and the client. This protocol handshake includes the possibility of several extensions allowing different options to be selected. Validation of the packets in the handshake is done through sequence numbers...
Gitlab -- Vulnerabilities
Gitlab reports: Privilege escalation of "external user" to internal access through group service account Maintainer can leak sentry token by changing the configured URL fix bypass Google Cloud Logging private key showed in plain text in GitLab UI leaking to other group owners Information disclosu...
redis -- Heap overflow in the cjson and cmsgpack libraries
Redis core team reports: A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson and cmsgpack libraries, and result in heap corruption and potentially remote code execution...
curl -- multiple vulnerabilities
Wei Chong Tan, Harry Sintonen, and Hiroki Kurosawa reports: This update fixes 4 security vulnerabilities: Medium CVE-2023-28319: UAF in SSH sha256 fingerprint check. Reported by Wei Chong Tan on 2023-03-21 Low CVE-2023-28320: siglongjmp race condition. Reported by Harry Sintonen on 2023-04-02 Low...
curl -- multiple vulnerabilities
Harry Sintonen reports: CVE-2023-27533 curl supports communicating using the TELNET protocol and as a part of this it offers users to pass on user name and "telnet options" for the server negotiation. Due to lack of proper input scrubbing and without it being the documented functionality, curl...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 28 security fixes, including: 1379054 High CVE-2022-4174: Type Confusion in V8. Reported by Zhenghang Xiao @Kipreyyy on 2022-10-27 1381401 High CVE-2022-4175: Use after free in Camera Capture. Reported by Leecraso and Guang Gong of 360 Alpha Lab on...
Grafana -- Improper authentication
Grafana Labs reports: On September 7, as a result of an internal security audit, we discovered a security vulnerability in Grafana’s basic authentication related to the usage of username and email address. n Grafana, a user’s username and email address are unique fields, which means no other user...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Stealing GitLab OAuth access tokens using XSLeaks in Safari Denial of service through recursive triggered pipelines Unauthenticated CI lint API may lead to information disclosure and SSRF Server-side DoS through rendering crafted Markdown documents Issue and merge request length...
PostgreSQL -- Memory disclosure in partitioned-table UPDATE ... RETURNING
The PostgreSQL project reports: Using an UPDATE ... RETURNING on a purpose-crafted partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can create prerequisite objects and complete this attack at will. A user lacki...
salt -- multiple vulnerabilities
SaltStack reports multiple security vulnerabilities in Salt CVE-2021-3197: The Salt-API.s SSH client is vulnerable to a shell injection by including ProxyCommand in an argument, or via sshoptions provided in an API request. CVE-2021-25281: The Salt-API does not have eAuth credentials for the...
jenkins -- Arbitrary file read vulnerability in workspace browsers
Jenkins Security Advisory: Description Medium SECURITY-2197 / CVE-2021-21615 Arbitrary file read vulnerability in workspace browsers...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 36 security fixes, including: 1137179 Critical CVE-2021-21117: Insufficient policy enforcement in Cryptohome. Reported by Rory McNamara on 2020-10-10 1161357 High CVE-2021-21118: Insufficient data validation in V8. Reported by Tyler Nighswander...
Wagtail -- XSS vulnerability
GitHub Advisory Database: When a form page type is made available to Wagtail editors through the wagtail.contrib.forms app, and the page template is built using Django's standard form rendering helpers such as form.asp as directed in the documentation, any HTML tags used within a form field's hel...
webkit2-gtk3 -- multible vulnerabilities
The WebKitGTK project reports vulnerabilities: CVE-2020-9802: Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2020-9803: Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2020-9805: Processing maliciously crafted web content...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Arbitrary File Read when Moving an Issue Path Traversal in NPM Package Registry SSRF on Project Import External Users Can Create Personal Snippet Triggers Decription Can be Updated by Other Maintainers in Project Information Disclosure on Confidential Issues Moved to Private...
samba -- multiple vulnerabilities
The Samba Team reports: CVE-2019-14902 The implementation of ACL inheritance in the Samba AD DC was not complete, and so absent a 'full-sync' replication, ACLs could get out of sync between domain controllers. CVE-2019-14907 When processing untrusted string input Samba can read past the end of th...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Unauthorized access to grafana metrics Update Mattermost dependency...
OpenSSL -- Multiple vulnerabilities
The OpenSSL project reports: ECDSA remote timing attack CVE-2019-1547 Low Fork Protection CVE-2019-1549 Low OpenSSL 1.1.1 only...