6583 matches found
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 24 security fixes in this release, including: 519558 High CVE-2015-6755: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. 507316 High CVE-2015-6756: Use-after-free in PDFium. Credit to anonymous. 529520 High CVE-2015-6757: Use-after-free in ServiceWorker...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2015-79 Miscellaneous memory safety hazards rv:40.0 / rv:38.2 MFSA 2015-80 Out-of-bounds read with malformed MP3 file MFSA 2015-81 Use-after-free in MediaStream playback MFSA 2015-82 Redefinition of non-configurable JavaScript object properties MFSA 2015-83...
rubygem-rails -- multiple vulnerabilities
Ruby on Rails blog: Rails 3.2.22, 4.1.11 and 4.2.2 have been released, along with web console and jquery-rails plugins and Rack 1.5.4 and 1.6.2...
Adobe Flash Player -- critical vulnerabilities
Adobe reports: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the lates...
hostapd and wpa_supplicant -- multiple vulnerabilities
Jouni Malinen reports: WPS UPnP vulnerability with HTTP chunked transfer encoding. 2015-2 - CVE-2015-4141 Integer underflow in AP mode WMM Action frame processing. 2015-3 - CVE-2015-4142 EAP-pwd missing payload length validation. 2015-4 - CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146...
apache24 -- several vulnerabilities
Apache HTTP SERVER PROJECT reports: modproxyfcgi: Fix a potential crash due to buffer over-read, with response headers' size above 8K. modcache: Avoid a crash when Content-Type has an empty value. PR 56924. modlua: Fix handling of the Require line when a LuaAuthzProvider is used in multiple Requi...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: ASN.1 DER decoding of lengths is too permissive, allowing undetected smuggling of arbitrary data MFSA-2014-90 Apple CoreGraphics framework on OS X 10.10 logging input data to /tmp directory MFSA-2014-89 Bad casting from the BasicThebesLayer to BasicContainerLayer...
libxml2 -- Denial of service
RedHat reports: A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption denia...
gnupg -- RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis attack
Werner Koch reports: CVE-2013-4576 has been assigned to this security bug. The paper describes two attacks. The first attack allows to distinguish keys: An attacker is able to notice which key is currently used for decryption. This is in general not a problem but may be used to reveal the...
bind -- denial of service vulnerability
ISC reports: A specially crafted query that includes malformed rdata can cause named to terminate with an assertion failure while rejecting the malformed query...
rubygem-rails -- multiple vulnerabilities
Ruby on Rails team reports: Rails versions 3.2.13 has been released. This release contains important security fixes. It is recommended users upgrade as soon as possible. Four vulnerabilities have been discovered and fixed: CVE-2013-1854 Symbol DoS vulnerability in Active Record CVE-2013-1855 XSS...
texproc/expat2 -- billion laugh attack
Kurt Seifried reports: So here are the CVE's for the two big ones, libxml2 and expat. Both are affected by the expansion of internal entities which can be used to consume resources and external entities which can cause a denial of service against other services, be used to port scan, etc.. A...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2012-91 Miscellaneous memory safety hazards rv:17.0/ rv:10.0.11 MFSA 2012-92 Buffer overflow while rendering GIF images MFSA 2012-93 evalInSanbox location context incorrectly applied MFSA 2012-94 Crash when combining SVG text on path with CSS MFSA 2012-95...
mantis -- multiple vulnerabilities
Mantis reports: Roland Becker and Damien Regad MantisBT developers found that any user able to report issues via the SOAP interface could also modify any bugnotes comments created by other users. In a default/typical MantisBT installation, SOAP API is enabled and any user can sign up to report ne...
php-zip -- multiple Denial of Service vulnerabilities
The following DoS conditions in Zip extension were fixed in PHP 5.3.4 and PHP 5.2.15: Fixed crash in zip extract method possible CWE-170. The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service...
php -- open_basedir bypass
MITRE reports: fopenwrappers.c in PHP 5.3.x through 5.3.3 might allow remote attackers to bypass openbasedir restrictions via vectors related to the length of a filename...
krb5 -- multiple checksum handling vulnerabilities
The MIT Kerberos team reports: MIT krb incorrectly accepts an unkeyed checksum with DES session keys for version 2 RFC 4121 of the GSS-API krb5 mechanism. An unauthenticated remote attacker can forge GSS tokens that are intended to be integrity-protected but unencrypted, if the targeted...
mozilla -- multiple vulnerabilities
Mozilla Project reports: MFSA 2010-24 XMLDocument::load doesn't check nsIContentPolicy MFSA 2010-23 Image src redirect to mailto: URL opens email editor MFSA 2010-22 Update NSS to support TLS renegotiation indication MFSA 2010-21 Arbitrary code execution with Firebug XMLHttpRequestSpy MFSA 2010-2...
mozilla -- multiple vulnerabilities
The Mozilla Foundation reports: MFSA 2008-58 Parsing error in E4X default namespace MFSA 2008-57 -moz-binding property bypasses security checks on codebase principals MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners same-origin violation MFSA 2008-55 Crash and remote code execution in...
wordpress -- remote privilege escalation
The Wordpress development team reports: With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another users password to a randomly generated password. The randomly generated password is not disclosed to the...
mozilla -- code execution via Quicktime media-link files
The Mozilla Foundation reports a vulnerability within the mozilla browser. This vulnerability also affects various other browsers like firefox and seamonkey. The vulnerability is caused by QuickTime Media-Link files that contain a qtnext attribute. This could allow an attacker to start the browse...
mysql50-server -- COM_TABLE_DUMP arbitrary code execution
Stefano Di Paola reports: An authenticated user could remotely execute arbitrary commands by taking advantage of a stack overflow. To take advantage of these flaws an attacker should have direct access to MySQL server communication layer port 3306 or unix socket. But if used in conjuction with so...
python -- SimpleXMLRPCServer.py allows unrestricted traversal
According to Python Security Advisory PSF-2005-001, The Python development team has discovered a flaw in the SimpleXMLRPCServer library module which can give remote attackers access to internals of the registered object or its module or possibly other modules. The flaw only affects Python XML-RPC...
qt -- image loader vulnerabilities
Qt contains several vulnerabilities related to image loading, including possible crashes when loading corrupt GIF, BMP, or JPEG images. Most seriously, Chris Evans reports that the BMP crash is actually due to a heap buffer overflow. It is believed that an attacker may be able to construct a BMP...
qt6-webengine -- Multiple vulnerabilities
Qt qtwebengine-chromium repo reports: Backports for 5 security bugs in Chromium: CVE-2024-11110: Inappropriate implementation in Blink CVE-2024-11112: Use after free in Media CVE-2024-11114: Inappropriate implementation in Views CVE-2024-11116: Inappropriate implementation in Paint CVE-2024-11117...
OpenSSL -- Use after free vulnerability
The OpenSSL project reports: Use After Free with SSLfreebuffers low. Calling the OpenSSL API function SSLfreebuffers may cause memory to be accessed that was previously freed in some situations...
Gitlab -- Vulnerabilities
Gitlab reports: Privilege escalation of "external user" to internal access through group service account Maintainer can leak sentry token by changing the configured URL fix bypass Google Cloud Logging private key showed in plain text in GitLab UI leaking to other group owners Information disclosu...
FreeBSD -- Remote denial of service in IPv6 fragment reassembly
Problem Description: Each fragment of an IPv6 packet contains a fragment header which specifies the offset of the fragment relative to the original packet, and each fragment specifies its length in the IPv6 header. When reassembling the packet, the kernel calculates the complete IPv6 payload...
redis -- Heap overflow in the cjson and cmsgpack libraries
Redis core team reports: A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson and cmsgpack libraries, and result in heap corruption and potentially remote code execution...
curl -- multiple vulnerabilities
Harry Sintonen reports: CVE-2023-27533 curl supports communicating using the TELNET protocol and as a part of this it offers users to pass on user name and "telnet options" for the server negotiation. Due to lack of proper input scrubbing and without it being the documented functionality, curl...
redis -- multiple vulnerabilities
The Redis core team reports: CVE-2023-25155 Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. CVE-2022-36021 String matching commands like SCAN or KEYS with a specially...
Gitlab -- Multiple vulnerabilities
Gitlab reports: DAST analyzer sends custom request headers with every request Stored-XSS with CSP-bypass via scoped labels' color Maintainer can leak Datadog API key by changing integration URL Uncontrolled resource consumption when parsing URLs Issue HTTP requests when users view an OpenAPI...
Grafana -- Improper authentication
Grafana Labs reports: On September 7, as a result of an internal security audit, we discovered a security vulnerability in Grafana’s basic authentication related to the usage of username and email address. n Grafana, a user’s username and email address are unique fields, which means no other user...
MariaDB -- Multiple vulnerabilities
The MariaDB project reports: Multiple vulnerabilities, mostly segfaults, in the server component...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 27 security fixes, including: 1325699 High CVE-2022-2603: Use after free in Omnibox. Reported by Anonymous on 2022-05-16 1335316 High CVE-2022-2604: Use after free in Safe Browsing. Reported by Nan Wang@eternalsakura13 and Guang Gong of 360 Alpha Lab...
OpenSSL -- Heap memory corruption with RSA private key operation
The OpenSSL project reports: The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X8664 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during t...
git -- Multiple vulnerabilities
This release contains 2 security fixes: CVE-2022-39253 When relying on the --local clone optimization, Git dereferences symbolic links in the source repository before creating hardlinks or copies of the dereferenced link in the destination repository. This can lead to surprising behavior where...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 32 security fixes, including: 1324864 Critical CVE-2022-1853: Use after free in Indexed DB. Reported by Anonymous on 2022-05-12 1320024 High CVE-2022-1854: Use after free in ANGLE. Reported by SeongHwan Park SeHwa on 2022-04-27 1228661 High...
MariaDB -- Multiple vulnerabilities
MariaDB reports: MariaDB reports 5 vulnerabilities in supported versions without further detailed information...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 26 security fixes, including: 1284367 Critical CVE-2022-0289: Use after free in Safe browsing. Reported by Sergei Glazunov of Google Project Zero on 2022-01-05 12601341260007 High CVE-2022-0290: Use after free in Site isolation. Reported by Brendon...
Mbed TLS -- Potential double-free after an out of memory error
Manuel Pégourié-Gonnard reports: If mbedtlssslsetsession or mbedtlssslgetsession were to fail with MBEDTLSERRSSLALLOCFAILED in an out of memory condition, then calling mbedtlssslsessionfree and mbedtlssslfree in the usual manner would cause an internal session buffer to be freed twice, due to two...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 5 security fixes, including: 1263457 Critical CVE-2021-4098: Insufficient data validation in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2021-10-26 1270658 High CVE-2021-4099: Use after free in Swiftshader. Reported by Aki Helin of...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Stored XSS via ipynb files Pipeline schedules on imported projects can be set to automatically active after import Potential Denial of service via Workhorse Improper Access Control allows Merge Request creator to bypass locked status Projects API discloses ID and name of private...
Exiv2 -- Multiple vulnerabilities
Exiv2 teams reports: Multiple vulnerabilities covering buffer overflows, out-of-bounds, read of uninitialized memory and denial of serivce. The heap overflow is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to ga...
dovecot -- multiple vulnerabilities
Dovecot team reports: CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens in some configurations. This requires attacker to be able to write files to local disk. CVE-2021-33515: On-path attacker...
openexr, ilmbase -- security fixes related to reading corrupted input files
Cary Phillips reports: Patch release with various bug/sanitizer/security fixes, primarily related to reading corrupted input files...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 36 security fixes, including: 1137179 Critical CVE-2021-21117: Insufficient policy enforcement in Cryptohome. Reported by Rory McNamara on 2020-10-10 1161357 High CVE-2021-21118: Insufficient data validation in V8. Reported by Tyler Nighswander...
Gitlab -- Multiple vulnerabilities
Gitlab reports: XSS in Zoom Meeting URL Limited Information Disclosure in Private Profile User email exposed via GraphQL endpoint Group and project membership potentially exposed via GraphQL Search terms logged in search parameter in rails logs Un-authorised access to feature flag user list A...
MariaDB -- Undisclosed vulnerability
The MariaDB project reports: Details of this vulnerability have not yet been disclosed...
webkit2-gtk3 -- multible vulnerabilities
The WebKitGTK project reports vulnerabilities: CVE-2020-9802: Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2020-9803: Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2020-9805: Processing maliciously crafted web content...