6585 matches found
libvirt -- ACL bypass using ../ to access beyond storage pool
Libvit development team reports: Various virStorageVol API operate on user-supplied volume names by concatenating the volume name to the pool location. Note that the virStoragePoolListVolumes API, when used on a storage pool backed by a directory in a file system, will only list volumes immediate...
mediawiki -- multiple vulnerabilities
MediaWiki reports: Wikipedia user RobinHood70 reported two issues in the chunked upload API. The API failed to correctly stop adding new chunks to the upload when the reported size was exceeded T91203, allowing a malicious users to upload add an infinite number of chunks for a single file upload...
qemu -- denial of service vulnerabilities in eepro100 NIC support
Prasad J Pandit, Red Hat Product Security Team, reports: Qemu emulator built with the i8255x PRO100 emulation support is vulnerable to an infinite loop issue. It could occur while processing a chain of commands located in the Command Block List CBL. Each Command BlockCB points to the next command...
Git -- Execute arbitrary code
Git release notes: Some protocols like git-remote-ext can execute arbitrary code found in the URL. The URLs that submodules use may come from arbitrary sources e.g., .gitmodules files in a remote repository, and can hurt those who blindly enable recursive fetch. Restrict the allowed protocols to...
Joomla! -- Core - XSS Vulnerability
The JSST and the Joomla! Security Center report: 20150908 - Core - XSS Vulnerability Inadequate escaping leads to XSS vulnerability in login module...
ffmpeg -- multiple vulnerabilities
NVD reports: The decodeihdrchunk function in libavcodec/pngdec.c in FFmpeg before 2.7.2 does not enforce uniqueness of the IHDR aka image header chunk in a PNG image, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact vi...
adminer -- XSS vulnerability
Jakub Vrana reports: Fix XSS in alter table...
clamav -- multiple vulnerabilities
ClamAV project reports: ClamAV 0.98.7 is here! This release contains new scanning features and bug fixes. Fix infinite loop condition on crafted y0da cryptor file. Identified and patch suggested by Sebastian Andrzej Siewior. CVE-2015-2221. Fix crash on crafted petite packed file. Reported and pat...
chromium -- multiple vulnerabilities
Chrome Releases reports: 11 security fixes in this release, including: 447906 High CVE-2015-1209: Use-after-free in DOM. Credit to Maksymillian. 453979 High CVE-2015-1210: Cross-origin-bypass in V8 bindings. Credit to anonymous. 453982 High CVE-2015-1211: Privilege escalation using service worker...
rabbitmq -- Security issues in management plugin
The RabbitMQ project reports: Some user-controllable content was not properly HTML-escaped before being presented to a user in the management web UI: When a user unqueued a message from the management UI, message details header names, arguments, etc. were displayed unescaped. An attacker could...
file -- multiple vulnerabilities
RedHat reports: Thomas Jarosch of Intra2net AG reported a number of denial of service issues resource consumption in the ELF parser used by file1. These issues were fixed in the 5.21 release of file1, but by mistake are missing from the changelog...
dbus -- incomplete fix for CVE-2014-3636 part A
Simon McVittie reports: The patch issued by the D-Bus maintainers for CVE-2014-3636 was based on incorrect reasoning, and does not fully prevent the attack described as "CVE-2014-3636 part A", which is repeated below. Preventing that attack requires raising the system dbus-daemon's RLIMITNOFILE...
jenkins -- remote execution, privilege escalation, XSS, password exposure, ACL hole, DoS
Jenkins Security Advisory: Please reference CVE/URL list for details...
samba -- multiple vulnerabilities
The samba project reports: A malformed packet can cause the nmbd server to loop the CPU and prevent any further NetBIOS name service. Valid unicode path names stored on disk can cause smbd to crash if an authenticated client attempts to read them using a non-unicode request...
gnutls -- client-side memory corruption
GnuTLS project reports: This vulnerability affects the client side of the gnutls library. A server that sends a specially crafted ServerHello could corrupt the memory of a requesting client...
chromium -- multiple vulnerabilities
Google Chrome Releases reports belatedly: 9 security fixes in this release, including: 354967 High CVE-2014-1730: Type confusion in V8. Credit to Anonymous. 349903 High CVE-2014-1731: Type confusion in DOM. Credit to John Butler. 359802 High CVE-2014-1736: Integer overflow in V8. Credit to SkyLin...
ruby -- Heap Overflow in Floating Point Parsing
Ruby developers report: Any time a string is converted to a floating point value, a specially crafted string can cause a heap overflow. This can lead to a denial of service attack via segmentation faults and possibly arbitrary code execution. Any program that converts input of unknown origin to...
PHP5 -- Heap corruption in XML parser
The PHP development team reports: ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service heap memory corruption or possibly have unspecified other impact via a crafted document that is processed by the...
phpMyAdmin -- Multiple security vulnerabilities
The phpMyAdmin development team reports: In some PHP versions, the pregreplace function can be tricked into executing arbitrary PHP code on the server. This is done by passing a crafted argument as the regular expression, containing a null byte. phpMyAdmin does not correctly sanitize an argument...
libarchive -- multiple vulnerabilities
MITRE reports: Integer signedness error in the archivewritezipdata function in archivewritesetformatzip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service crash via unspecified vectors, which triggers an improper...
apache22 -- several vulnerabilities
Apache HTTP SERVER PROJECT reports: low: XSS due to unescaped hostnames CVE-2012-3499 Various XSS flaws due to unescaped hostnames and URIs HTML output in modinfo, modstatus, modimagemap, modldap, and modproxyftp. moderate: XSS in modproxybalancer CVE-2012-4558 A XSS flaw affected the...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: Linux only 125225 Medium CVE-2012-2846: Cross-process interference in renderers. Credit to Google Chrome Security Team Julien Tinnes. 127522 Low CVE-2012-2847: Missing re-prompt to user upon excessive downloads. Credit to Matt Austin of Aspect Security. 127525 Medi...
linux-flashplugin -- multiple vulnerabilities
These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system...
BIND -- Large RRSIG RRsets and Negative Caching DoS
ISC reports: A BIND 9 DNS server set up to be a caching resolver is vulnerable to a user querying a domain with very large resource record sets RRSets when trying to negatively cache a response. This can cause the BIND 9 DNS server named process to crash...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2010-34 Miscellaneous memory safety hazards rv:1.9.2.7/ 1.9.1.11 MFSA 2010-35 DOM attribute cloning remote code execution vulnerability MFSA 2010-36 Use-after-free error in NodeIterator MFSA 2010-37 Plugin parameter EnsureCachedAttrParamArrays remote code executi...
KDM -- local privilege escalation vulnerability
KDE Security Advisory reports: KDM contains a race condition that allows local attackers to make arbitrary files on the system world-writeable. This can happen while KDM tries to create its control socket during user login. A local attacker with a valid local account can under certain circumstanc...
dojo -- cross-site scripting and other vulnerabilities
The Dojo Toolkit team reports: Some PHP files did not properly escape input. Some files could operate like "open redirects". A bad actor could form an URL that looks like it came from a trusted site, but the user would be redirected or load content from the bad actor's site. A file exposed a more...
GnuTLS -- improper SSL certificate verification
GnuTLS reports: By using a NUL byte in CN/SAN fields, it was possible to fool GnuTLS into 1 not printing the entire CN/SAN field value when printing a certificate and 2 cause incorrect positive matches when matching a hostname against a certificate...
libxml -- Multiple use-after-free vulnerabilities
Multiple use-after-free vulnerabilities in libxml 1.8.17 that allow context-dependent attackers to cause a denial of service application crash via crafted 1 Notation or 2 Enumeration attribute types in an XML file...
dokuwiki -- Local File Inclusion with register_globals on
DokuWiki reports: A security hole was discovered which allows an attacker to include arbitrary files located on the attacked DokuWiki installation. The included file is executed in the PHP context. This can be escalated by introducing malicious code through uploading file via the media manager or...
joomla -- flaw in the reset token validation
Joomla project reports: A flaw in the reset token validation mechanism allows for non-validating tokens to be forged. This will allow an unauthenticated, unauthorized user to reset the password of the first enabled user lowest id. Typically, this is an administrator user. Note, that changing the...
opera -- multiple vulnerabilities
Opera Software ASA reports about multiple security fixes: Fixed an issue where simulated text inputs could trick users into uploading arbitrary files, as reported by Mozilla. Image properties can no longer be used to execute scripts, as reported by Max Leonov. Fixed an issue where the...
mysql -- privilege escalation and overwrite of the system table information
MySQL reports: Using RENAME TABLE against a table with explicit DATA DIRECTORY and INDEX DIRECTORY options can be used to overwrite system table information by replacing the symbolic link points. the file to which the symlink points...
phpmyadmin -- cross-site scripting vulnerability
The DigiTrust Group reports: When creating a new database, a malicious user can use a client-side Web proxy to place malicious code in the db parameter of the POST request. Since dbcreate.php does not properly sanitize user-supplied input, an administrator could face a persistent XSS attack when...
phpmyadmin -- cross-site scripting vulnerability
The DigiTrust Group discovered serious XSS vulnerability in the phpMyAdmin serverstatus.php script. According to their report vulnerability can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site...
xpdf -- stack based buffer overflow
The KDE Team reports: kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a vulnerability that can cause a stack based buffer overflow via a PDF file that exploits an integer overflow in StreamPredictor::StreamPredictor. Remotely supplied pdf files can be used to disrupt the kpdf viewe...
png -- DoS crash vulnerability
A Libpng Security Advisory reports: A grayscale PNG image with a malformed bad CRC tRNS chunk will crash some libpng applications. This vulnerability could be used to crash a browser when a user tries to view such a malformed PNG file. It is not known whether the vulnerability could be exploited...
FreeBSD -- Kernel memory disclosure in firewire(4)
Problem Description: In the FWGCROM ioctl, a signed integer comparison is used instead of an unsigned integer comparison when computing the length of a buffer to be copied from the kernel into the calling application. Impact: A user in the "operator" group can read the contents of kernel memory...
fetchmail -- remote root/code injection from malicious POP3 server
fetchmail's POP3/UIDL code does not truncate received UIDs properly. A malicious or compromised POP3 server can thus corrupt fetchmail's stack and inject code when fetchmail is using UIDL, either through configuration, or as a result of certain server capabilities. Note that fetchmail is run as...
mozilla -- POP client heap overflow
zen-parse discovered a heap buffer overflow in Mozilla's POP client implementation. A malicious POP server could exploit this vulnerability to cause Mozilla to execute arbitrary code...
mailman denial-of-service vulnerability in MailCommandHandler
A malformed message could cause mailman to crash...
www/apache24 -- Multiple vulnerabilities
The Apache httpd project reports: modproxyajp: CVE-2026-34059, CVE-2026-34032, CVE-2026-33857, CVE-2026-28780 multiple modules: CVE-2026-33523 modauthnsocache: CVE-2026-33007 modauthdigest: CVE-2026-33006 moddavlock: moddavlock modmd: CVE-2026-29168 modrewrite: CVE-2026-24072 modhttp2:...
py-social-auth-app-django -- Improper Handling of Case Sensitivity
GitHub Advisory Database: Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This...
go -- multiple vulnerabilities
The Go project reports reports: crypto/x509: Verify panics on certificates with an unknown public key algorithm Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. net/http: memory exhaustion in...
chromium -- use after free in MediaStream
Chrome Releases reports: This update includes 1 security fix: 1472492 High CVE-2023-4572: Use after free in MediaStream. Reported by fwnfwn@fwnfwn on 2023-08-12...
Gitlab -- Vulnerabilities
Gitlab reports: ReDoS via EpicReferenceFilter in any Markdown fields New commits to private projects visible in forks created while project was public New commits to private projects visible in forks created while project was public Maintainer can leak masked webhook secrets by manipulating URL...
rubygem-time -- ReDoS vulnerability
oooooooq reports: The Time parser mishandles invalid strings that have specific characters. It causes an increase in execution time for parsing strings to Time objects...
traefik -- Use of vulnerable Go modules net/http, net/textproto
The Go project reports: HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially...
strongSwan -- certificate verification vulnerability
strongSwan reports: A vulnerability related to certificate verification in TLS-based EAP methods was discovered in strongSwan that results in a denial of service but possibly even remote code execution. Versions 5.9.8 and 5.9.9 may be affected...
curl -- multiple vulnerabilities
Harry Sintonen and Patrick Monnerat report: CVE-2023-23914 A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead...