6585 matches found
Exiv2 -- Multiple vulnerabilities
Exiv2 teams reports: Multiple vulnerabilities covering buffer overflows, out-of-bounds, read of uninitialized memory and denial of serivce. The heap overflow is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to ga...
dovecot -- multiple vulnerabilities
Dovecot team reports: CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens in some configurations. This requires attacker to be able to write files to local disk. CVE-2021-33515: On-path attacker...
openexr, ilmbase -- security fixes related to reading corrupted input files
Cary Phillips reports: Patch release with various bug/sanitizer/security fixes, primarily related to reading corrupted input files...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 36 security fixes, including: 1137179 Critical CVE-2021-21117: Insufficient policy enforcement in Cryptohome. Reported by Rory McNamara on 2020-10-10 1161357 High CVE-2021-21118: Insufficient data validation in V8. Reported by Tyler Nighswander...
Gitlab -- Multiple vulnerabilities
Gitlab reports: XSS in Zoom Meeting URL Limited Information Disclosure in Private Profile User email exposed via GraphQL endpoint Group and project membership potentially exposed via GraphQL Search terms logged in search parameter in rails logs Un-authorised access to feature flag user list A...
MariaDB -- Undisclosed vulnerability
The MariaDB project reports: Details of this vulnerability have not yet been disclosed...
Wagtail -- XSS vulnerability
GitHub Advisory Database: When a form page type is made available to Wagtail editors through the wagtail.contrib.forms app, and the page template is built using Django's standard form rendering helpers such as form.asp as directed in the documentation, any HTML tags used within a form field's hel...
webkit2-gtk3 -- multible vulnerabilities
The WebKitGTK project reports vulnerabilities: CVE-2020-9802: Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2020-9803: Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2020-9805: Processing maliciously crafted web content...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Missing Permission Check on Time Tracking Cross-Site Scripting in PyPi Files API Insecure Authorization Check on Private Project Security Dashboard Cross-Site Scripting in References Cross-Site Scripting in Group Names Cross-Site Scripting in Blob Viewer Cross-Site Scripting in...
cacti -- XSS exposure
Cacti developer reports: Lack of escaping of color items can lead to XSS exposure...
malicious URLs may present credentials to wrong server
git security advisory reports: Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that contain an encoded newline can inject unintended values into the credential helper...
Gitlab -- Disclosure Vulnerabilities
Gitlab reports: Source branch of a MR could be removed by an unauthorised user Private group members could be listed Disclosure of System Notes via Elasticsearch integration Disclosure of Private Comments via Elasticsearch integration Confirm existence of private repositories Private group...
asterisk -- Remote crash vulnerability in HTTP websocket upgrade
The Asterisk project reports: There is a stack overflow vulnerability in the reshttpwebsocket.so module of Asterisk that allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket. The attackers request causes Asterisk to run out of stack...
curl -- SMTP send heap buffer overflow
Peter Wu reports: curl might overflow a heap based memory buffer when sending data over SMTP and using a reduced read buffer...
password-store -- GPG parsing vulnerabilities
Jason A. Donenfeld reports: Markus Brinkmann discovered that the parsing of gpg command line output with regexes isn't anchored to the beginning of the line, which means an attacker can generate a malicious key that simply has the verification string as part of its username. This has a number of...
python 2.7 -- multiple vulnerabilities
python release notes: Multiple vulnerabilities has been fixed in this release. Please refer to the CVE list for details...
nghttp2 -- Denial of service due to NULL pointer dereference
nghttp2 blog: If ALTSVC frame is received by libnghttp2 and it is larger than it can accept, the pointer field which points to ALTSVC frame payload is left NULL. Later libnghttp2 attempts to access another field through the pointer, and gets segmentation fault. ALTSVC frame is defined by RFC 7838...
node.js -- multiple vulnerabilities
Node.js reports: Node.js Inspector DNS rebinding vulnerability CVE-2018-7160 Node.js 6.x and later include a debugger protocol also known as "inspector" that can be activated by the --inspect and related command line flags. This debugger service was vulnerable to a DNS rebinding attack which coul...
FreeBSD -- Multiple vulnerabilities of ntp
Problem Description: A vulnerability was discovered in the NTP server's parsing of configuration directives. CVE-2017-6464 A vulnerability was found in NTP, in the parsing of packets from the DPTS Clock. CVE-2017-6462 A vulnerability was discovered in the NTP server's parsing of configuration...
libXdmcp -- insufficient entropy generating session keys
The freedesktop and x.org project reports: It was discovered that libXdmcp before 1.1.3 used weak entropy to generate session keys on platforms without arc4randombuf but with getentropy. On a multi-user system using xdmcp, a local attacker could potentially use information available from the...
xen-kernel -- x86 CMPXCHG8B emulation fails to ignore operand size override
The Xen Project reports: The x86 instruction CMPXCHG8B is supposed to ignore legacy operand size overrides; it only honors the REX.W override making it CMPXCHG16B. So, the operand size is always 8 or 16. When support for CMPXCHG16B emulation was added to the instruction emulator, this restriction...
openjpeg -- multiple vulnerabilities
Tencent's Xuanwu LAB reports: A Heap Buffer Overflow Out-of-Bounds Write issue was found in function opjdwtinterleavev of dwt.c. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OpenJPEG. An integer overflow issue exists in function...
OpenSSL -- vulnerability in DSA signing
The OpenSSL team reports: Operations in the DSA signing algorithm should run in constant time in order to avoid side channel attacks. A flaw in the OpenSSL DSA implementation means that a non-constant time codepath is followed for certain operations. This has been demonstrated through a...
ImageMagick -- multiple vulnerabilities
Openwall reports: Insufficient filtering for filename passed to delegate's command allows remote code execution during conversion of several file formats. Any service which uses ImageMagick to process user supplied images and uses default delegates.xml / policy.xml, may be vulnerable to this issu...
node -- multiple vulnerabilities
Jeremiah Senkpiel reports: Fix a double-free defect in parsing malformed DSA keys that may potentially be used for DoS or memory corruption attacks. Fix a defect that can cause memory corruption in certain very rare cases Fix a defect that makes the CacheBleed Attack possible...
flash -- multiple vulnerabilities
Adobe reports: These updates resolve a type confusion vulnerability that could lead to code execution CVE-2015-7659. These updates resolve a security bypass vulnerability that could be exploited to write arbitrary data to the file system under user permissions CVE-2015-7662. These updates resolve...
xen-tools -- libxl fails to honour readonly flag on disks with qemu-xen
The Xen Project reports: Callers of libxl can specify that a disk should be read-only to the guest. However, there is no code in libxl to pass this information to qemu-xen the upstream-based qemu; and indeed there is no way in qemu to make a disk read-only. The vulnerability is exploitable only v...
miniupnpc -- buffer overflow
Talos reports: An exploitable buffer overflow vulnerability exists in the XML parser functionality of the MiniUPnP library. A specially crafted XML response can lead to a buffer overflow on the stack resulting in remote code execution. An attacker can set up a server on the local network to trigg...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 29 security fixes in this release, including: 516377 High CVE-2015-1291: Cross-origin bypass in DOM. Credit to anonymous. 522791 High CVE-2015-1292: Cross-origin bypass in ServiceWorker. Credit to Mariusz Mlynski. 524074 High CVE-2015-1293: Cross-origin bypass in...
bind -- denial of service vulnerability
ISC reports: An incorrect boundary check in openpgpkey61.c can cause named to terminate due to a REQUIRE assertion failure. This defect can be deliberately exploited by an attacker who can provide a maliciously constructed response in answer to a query...
wordpress -- XSS vulnerability
Gary Pendergast reports: WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site. This was reported by Jon Cave and fixed by Robert Chapin, both of the WordPress security team...
django -- multiple vulnerabilities
Tim Graham reports: In accordance with our security release policy, the Django team is issuing multiple releases -- Django 1.4.21, 1.7.9, and 1.8.3. These releases are now available on PyPI and our download page. These releases address several security issues detailed below. We encourage all user...
redis -- EVAL Lua Sandbox Escape
Ben Murphy reports: It is possible to break out of the Lua sandbox in Redis and execute arbitrary code. This shouldn’t pose a threat to users under the trusted Redis security model where only trusted users can connect to the database. However, in real deployments there could be databases that can...
krb5 -- requires_preauth bypass in PKINIT-enabled KDC
MIT reports: In MIT krb5 1.12 and later, when the KDC is configured with PKINIT support, an unauthenticated remote attacker can bypass the requirespreauth flag on a client principal and obtain a ciphertext encrypted in the principal's long-term key. This ciphertext could be used to conduct an...
rubygems -- request hijacking vulnerability
Jonathan Claudius reports: RubyGems provides the ability of a domain to direct clients to a separate host that is used to fetch gems and make API calls against. This mechanism is implemented via DNS, specifically a SRV record rubygems.tcp under the original requested domain. RubyGems did not...
libuv -- incorrect revocation order while relinquishing privileges
Nodejs releases reports: CVE-2015-0278 This may potentially allow an attacker to gain elevated privileges...
Adobe Flash Player -- critical vulnerabilities
Adobe reports: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. These updates resolve memory corruption vulnerabilities that could lea...
xen-kernel -- Hypervisor memory corruption due to x86 emulator flaw
The Xen Project reports: Instructions with register operands ignore eventual segment overrides encoded for them. Due to an insufficiently conditional assignment such a bogus segment override can, however, corrupt a pointer used subsequently to store the result of the instruction. A malicious gues...
openoffice -- information disclosure vulnerability
Apache reports: The exposure exploits the way OLE previews are generated to embed arbitrary file data into a specially crafted document when it is opened. Data exposure is possible if the updated document is distributed to other parties...
yii -- Remote arbitrary PHP code execution
Yii PHP Framework developers report: We are releasing Yii 1.1.15 to fix a security issue found in 1.1.14. We urge all 1.1.14 users to upgrade their Yii to this latest release. Note that the issue only affects 1.1.14. All previous releases are not affected. Upgrading to this release from 1.1.14 is...
otrs -- Clickjacking issue
The OTRS Project reports: An attacker could embed OTRS in a hidden iframe tag of another page, tricking the user into clicking links in OTRS...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory reports: This advisory announces multiple security vulnerabilities that were found in Jenkins core. Please reference CVE/URL list for details...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2013-93 Miscellaneous memory safety hazards rv:25.0 / rv:24.1 / rv:17.0.10 MFSA 2013-94 Spoofing addressbar though SELECT element MFSA 2013-95 Access violation with XSLT and uninitialized data MFSA 2013-96 Improperly initialized memory and overflows in some...
openafs -- single-DES cell-wide key brute force vulnerability
OpenAFS Project reports: The small size of the DES key space permits an attacker to brute force a cell's service key and then forge traffic from any user within the cell. The key space search can be performed in under 1 day at a cost of around $100 using publicly available services...
Ruby Activemodel Gem -- Circumvention of attr_protected
Aaron Patterson reports: The attrprotected method allows developers to specify a blacklist of model attributes which users should not be allowed to assign to. By using a specially crafted request, attackers could circumvent this protection and alter values that were meant to be protected. All use...
linux-flashplugin -- multiple vulnerabilities
Adobe reports: These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system...
otrs -- XSS vulnerability in Firefox and Opera could lead to remote code execution
The OTRS Project reports: This advisory covers vulnerabilities discovered in the OTRS core system. This is a variance of the XSS vulnerability, where an attacker could send a specially prepared HTML email to OTRS which would cause JavaScript code to be executed in your browser while displaying th...
samba -- incorrect permission checks vulnerability
The Samba project reports: Samba versions 3.4.x to 3.6.4 inclusive are affected by a vulnerability that allows arbitrary users to modify privileges on a file server. Security checks were incorrectly applied to the Local Security Authority LSA remote proceedure calls RPC CreateAccount, OpenAccount...
OpenSSL -- integer conversions result in memory corruption
OpenSSL security team reports: A potentially exploitable vulnerability has been discovered in the OpenSSL function asn1d2ireadbio. Any application which uses BIO or FILE based functions to read untrusted DER format data is vulnerable. Affected functions are of the form d2ibio or d2ifp, for exampl...
openoffice.org -- Multiple vulnerabilities
OpenOffice.org Security Team reports: Fixed in OpenOffice.org 3.3 CVE-2010-2935 / CVE-2010-2936: Security Vulnerability in OpenOffice.org related to PowerPoint document processing CVE-2010-3450: Security Vulnerability in OpenOffice.org related to Extensions and filter package files CVE-2010-3451 ...