6587 matches found
ruby -- DNS spoofing vulnerability
The official ruby site reports: resolv.rb allow remote attackers to spoof DNS answers. This risk can be reduced by randomness of DNS transaction IDs and source ports...
opera -- multiple vulnerabilities
Opera Software ASA reports about multiple security fixes: Fixed an issue where simulated text inputs could trick users into uploading arbitrary files, as reported by Mozilla. Image properties can no longer be used to execute scripts, as reported by Max Leonov. Fixed an issue where the...
mysql -- privilege escalation and overwrite of the system table information
MySQL reports: Using RENAME TABLE against a table with explicit DATA DIRECTORY and INDEX DIRECTORY options can be used to overwrite system table information by replacing the symbolic link points. the file to which the symlink points...
phpmyadmin -- cross-site scripting vulnerability
The DigiTrust Group reports: When creating a new database, a malicious user can use a client-side Web proxy to place malicious code in the db parameter of the POST request. Since dbcreate.php does not properly sanitize user-supplied input, an administrator could face a persistent XSS attack when...
phpmyadmin -- cross-site scripting vulnerability
The DigiTrust Group discovered serious XSS vulnerability in the phpMyAdmin serverstatus.php script. According to their report vulnerability can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site...
tcl/tk -- buffer overflow in ReadImage function
A Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl/Tk, allows remote attackers to execute arbitrary code via multi-frame interlaced GIF files in which later frames are smaller than the first...
xpdf -- stack based buffer overflow
The KDE Team reports: kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a vulnerability that can cause a stack based buffer overflow via a PDF file that exploits an integer overflow in StreamPredictor::StreamPredictor. Remotely supplied pdf files can be used to disrupt the kpdf viewe...
png -- DoS crash vulnerability
A Libpng Security Advisory reports: A grayscale PNG image with a malformed bad CRC tRNS chunk will crash some libpng applications. This vulnerability could be used to crash a browser when a user tries to view such a malformed PNG file. It is not known whether the vulnerability could be exploited...
mozilla -- multiple vulnerabilities
The Mozilla Foundation reports of multiple security issues in Firefox, Seamonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program. MFSA 2007-08 onUnload + document.write memory corruption MFSA 2007-07 Embedded...
FreeBSD -- Kernel memory disclosure in firewire(4)
Problem Description: In the FWGCROM ioctl, a signed integer comparison is used instead of an unsigned integer comparison when computing the length of a buffer to be copied from the kernel into the calling application. Impact: A user in the "operator" group can read the contents of kernel memory...
gzip -- multiple vulnerabilities
Problem Description Multiple programming errors have been found in gzip which can be triggered when gzip is decompressing files. These errors include insufficient bounds checks in buffer use, a NULL pointer dereference, and a potential infinite loop. Impact The insufficient bounds checks in buffe...
win32-codecs -- multiple vulnerabilities
The Apple Security Team reports that there are multiple vulnerabilities within QuickTime one of the plugins for win32-codecs. A remote attacker capable of creating a malicious SGI image, FlashPix, FLC movie, or a QuickTime movie can possibly lead to execution of arbitrary code or cause a Denial o...
linux-flashplugin -- arbitrary code execution vulnerability
Adobe reports: Critical vulnerabilities have been identified in Flash Player that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. A malicious SWF must be loaded in Flash Player by the user for an attacker to exploit these...
tiff -- RLE decoder heap overflows
Chris Evans discovered several heap buffer overflows in libtiff's RLE decoder. These overflows could be triggered by a specially-crafted TIFF image file, resulting in an application crash and possibly arbitrary code execution...
mozilla -- POP client heap overflow
zen-parse discovered a heap buffer overflow in Mozilla's POP client implementation. A malicious POP server could exploit this vulnerability to cause Mozilla to execute arbitrary code...
mailman XSS in admin script
Dirk Mueller reports: I've found a cross-site scripting vulnerability in the admin interface of mailman 2.1.3 that allows, under certain circumstances, for anyone to retrieve the valid session cookie...
Apache httpd -- DoS exploit in HTTP/2
Calif security reports: Remote DoS in modhttp2...
www/apache24 -- Multiple vulnerabilities
The Apache httpd project reports: modproxyajp: CVE-2026-34059, CVE-2026-34032, CVE-2026-33857, CVE-2026-28780 multiple modules: CVE-2026-33523 modauthnsocache: CVE-2026-33007 modauthdigest: CVE-2026-33006 moddavlock: moddavlock modmd: CVE-2026-29168 modrewrite: CVE-2026-24072 modhttp2:...
vscode -- multiple vulnerabilities
VSCode developers report: The update addresses these issues, including a fix for a security vulnerability. Scope nodemodule binary resolution in js-debug Elevation of Privilege Vulnerability with VS Code server for web UI...
go -- multiple vulnerabilities
The Go project reports reports: crypto/x509: Verify panics on certificates with an unknown public key algorithm Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. net/http: memory exhaustion in...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update includes 4 security fixes: 1476403 High CVE-2023-4761: Out of bounds memory access in FedCM. Reported by DarkNavy on 2023-08-28 1473247 High CVE-2023-4762: Type Confusion in V8. Reported by Rong Jian of VRI on 2023-08-16 1469928 High CVE-2023-4763: Use after...
chromium -- use after free in MediaStream
Chrome Releases reports: This update includes 1 security fix: 1472492 High CVE-2023-4572: Use after free in MediaStream. Reported by fwnfwn@fwnfwn on 2023-08-12...
MySQL -- Multiple vulnerabilities
Oracle reports: This Critical Patch Update contains 24 new security patches for Oracle MySQL. 11 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials...
Gitlab -- Vulnerabilities
Gitlab reports: ReDoS via EpicReferenceFilter in any Markdown fields New commits to private projects visible in forks created while project was public New commits to private projects visible in forks created while project was public Maintainer can leak masked webhook secrets by manipulating URL...
rubygem-time -- ReDoS vulnerability
oooooooq reports: The Time parser mishandles invalid strings that have specific characters. It causes an increase in execution time for parsing strings to Time objects...
traefik -- Use of vulnerable Go modules net/http, net/textproto
The Go project reports: HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially...
curl -- multiple vulnerabilities
Harry Sintonen and Patrick Monnerat report: CVE-2023-23914 A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead...
ffmpeg -- multiple vulnerabilities
NVD reports: An issue was discovered in the FFmpeg package, where vp3decodeframe in libavcodec/vp3.c lacks check of the return value of avmalloc and will cause a null pointer dereference, impacting availability. A null pointer dereference issue was discovered in 'FFmpeg' in decodemainheader...
curl -- multiple vulnerabilities
Daniel Stenberg reports: CVE-2022-32221: POST following PUT confusion When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously was used to issue a PUT...
OpenSSL -- Potential NULL encryption in NID_undef with Custom Cipher
The OpenSSL project reports: Using a Custom Cipher with NIDundef may lead to NULL encryption low...
mediawiki -- multiple vulnerabilities
Mediawiki reports: T316304, CVE-2022-41767 SECURITY: reassignEdits doesn't update results in an IP range check on Special:Contributions.. T309894, CVE-2022-41765 SECURITY: HTMLUserTextField exposes existence of hidden users. T307278, CVE-2022-41766 SECURITY: On action=rollback the message...
Grafana -- Privilege escalation
Grafana Labs reports: On August 9 an internal security review identified a vulnerability in the Grafana which allows an escalation from Admin privileges to Server Admin when Auth proxy authentication is used. Auth proxy allows to authenticate a user by only providing the username or email in a...
Django -- multiple vulnerabilities
Django Release reports: CVE-2022-28346: Potential SQL injection in QuerySet.annotate, aggregate, and extra. CVE-2022-28347: Potential SQL injection via QuerySet.explainoptions on PostgreSQL...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory: Description Critical SECURITY-2455 / CVE-2021-21685, CVE-2021-21686, CVE-2021-21687, CVE-2021-21688, CVE-2021-21689, CVE-2021-21690, CVE-2021-21691, CVE-2021-21692, CVE-2021-21693, CVE-2021-21694, CVE-2021-21695 Multiple vulnerabilities allow bypassing path filtering of...
Prosody -- multiple vulnerabilities
The Prosody security advisory 2021-05-12 reports: This advisory details 5 new security vulnerabilities discovered in the Prosody.im XMPP server software. All issues are fixed in the 0.11.9 release default configuration. CVE-2021-32918: DoS via insufficient memory consumption controls...
ImageMagick6 -- multiple vulnerabilities
CVE reports: Several vulnerabilities have been discovered in ImageMagick: CVE-2021-20309: A flaw was found in ImageMagick in versions before 6.9.12, where a division by zero in WaveImage of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release includes 5 security fixes: 1125337 High CVE-2020-16000: Inappropriate implementation in Blink. Reported by amaebijp on 2020-09-06 1135018 High CVE-2020-16001: Use after free in media. Reported by Khalil Zhani on 2020-10-05 1137630 High CVE-2020-16002: Use aft...
VirtualBox -- Multiple vulnerabilities
Oracle reports: Vulnerabilities in VirtualBox core can allow users with logon access to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of these vulnerabilities can result in unauthorized access to critical data, access to all Oracle V...
FreeBSD -- USB HID descriptor parsing error
Problem Description: If the push/pop level of the USB HID state is not restored within the processing of the same HID item, an invalid memory location may be used for subsequent HID item processing. Impact: An attacker with physical access to a USB port may be able to use a specially crafted USB...
mail/dovecot -- multiple vulnerabilities
Aki Tuomi reports: Parsing mails with a large number of MIME parts could have resulted in excessive CPU usage or a crash due to running out of stack memory.. Dovecot's NTLM implementation does not correctly check message buffer size, which leads to reading past allocation which can lead to crash...
FreeBSD -- TCP IPv6 SYN cache kernel information disclosure
Problem Description: When a TCP server transmits or retransmits a TCP SYN-ACK segment over IPv6, the Traffic Class field is not initialized. This also applies to challenge ACK segments, which are sent in response to received RST segments during the TCP connection setup phase. Impact: For each TCP...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory: Description Medium SECURITY-1498 / CVE-2019-10401 Stored XSS vulnerability in expandable textbox form control Medium SECURITY-1525 / CVE-2019-10402 XSS vulnerability in combobox form control Medium SECURITY-1537 1 / CVE-2019-10403 Stored XSS vulnerability in SCM tag...
curl -- multiple vulnerabilities
curl security problems: CVE-2019-5481: FTP-KRB double-free libcurl can be told to use kerberos over FTP to a server, as set with the CURLOPTKRBLEVEL option. During such kerberos FTP data transfer, the server sends data to curl in blocks with the 32 bit size of each block first and then that amoun...
sqlite3 -- use after free
MITRE reports: An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigg...
PHP -- Multiple vulnerabilities in EXIF module
The PHP project reports: Heap-buffer-overflow in phpifdget32s CVE-2019-11034 Heap-buffer-overflow in exifiifaddvalue CVE-2019-11035...
RubyGems -- multiple vulnerabilities
RubyGems Security Advisories: CVE-2019-8320: Delete directory using symlink when decompressing tar CVE-2019-8321: Escape sequence injection vulnerability in 'verbose' CVE-2019-8322: Escape sequence injection vulnerability in 'gem owner' CVE-2019-8323: Escape sequence injection vulnerability in AP...
Node.js -- multiple vulnerabilities
Node.js reports: Updates are now available for all active Node.js release lines. In addition to fixes for security flaws in Node.js, they also include upgrades of Node.js 6 and 8 to OpenSSL 1.0.2r which contains a fix for a moderate severity security vulnerability. For these releases, we have...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: CVE-2018-12407: Buffer overflow with ANGLE library when using VertexBuffer11 module CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 CVE-2018-18492: Use-after-free with select element CVE-2018-18493: Buffer overflow in...
Flash Player -- multiple vulnerabilities
Adobe reports: This update resolves out-of-bounds read vulnerabilities that could lead to information disclosure CVE-2018-12824, CVE-2018-12826, CVE-2018-12827. This update resolves a security bypass vulnerability that could lead to security mitigation bypass CVE-2018-12825. This update resolves ...
wpa_supplicant -- unauthenticated encrypted EAPOL-Key data
SO-AND-SO reports: A vulnerability was found in how wpasupplicant processes EAPOL-Key frames. It is possible for an attacker to modify the frame in a way that makes wpasupplicant decrypt the Key Data field without requiring a valid MIC value in the frame, i.e., without the frame being...