6585 matches found
tiff -- RLE decoder heap overflows
Chris Evans discovered several heap buffer overflows in libtiff's RLE decoder. These overflows could be triggered by a specially-crafted TIFF image file, resulting in an application crash and possibly arbitrary code execution...
mozilla -- POP client heap overflow
zen-parse discovered a heap buffer overflow in Mozilla's POP client implementation. A malicious POP server could exploit this vulnerability to cause Mozilla to execute arbitrary code...
mailman XSS in admin script
Dirk Mueller reports: I've found a cross-site scripting vulnerability in the admin interface of mailman 2.1.3 that allows, under certain circumstances, for anyone to retrieve the valid session cookie...
www/apache24 -- Multiple vulnerabilities
The Apache httpd project reports: modproxyajp: CVE-2026-34059, CVE-2026-34032, CVE-2026-33857, CVE-2026-28780 multiple modules: CVE-2026-33523 modauthnsocache: CVE-2026-33007 modauthdigest: CVE-2026-33006 moddavlock: moddavlock modmd: CVE-2026-29168 modrewrite: CVE-2026-24072 modhttp2:...
vscode -- multiple vulnerabilities
VSCode developers report: The update addresses these issues, including a fix for a security vulnerability. Scope nodemodule binary resolution in js-debug Elevation of Privilege Vulnerability with VS Code server for web UI...
go -- multiple vulnerabilities
The Go project reports reports: crypto/x509: Verify panics on certificates with an unknown public key algorithm Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. net/http: memory exhaustion in...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update includes 4 security fixes: 1476403 High CVE-2023-4761: Out of bounds memory access in FedCM. Reported by DarkNavy on 2023-08-28 1473247 High CVE-2023-4762: Type Confusion in V8. Reported by Rong Jian of VRI on 2023-08-16 1469928 High CVE-2023-4763: Use after...
chromium -- use after free in MediaStream
Chrome Releases reports: This update includes 1 security fix: 1472492 High CVE-2023-4572: Use after free in MediaStream. Reported by fwnfwn@fwnfwn on 2023-08-12...
MySQL -- Multiple vulnerabilities
Oracle reports: This Critical Patch Update contains 24 new security patches for Oracle MySQL. 11 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials...
Gitlab -- Vulnerabilities
Gitlab reports: ReDoS via EpicReferenceFilter in any Markdown fields New commits to private projects visible in forks created while project was public New commits to private projects visible in forks created while project was public Maintainer can leak masked webhook secrets by manipulating URL...
rubygem-time -- ReDoS vulnerability
oooooooq reports: The Time parser mishandles invalid strings that have specific characters. It causes an increase in execution time for parsing strings to Time objects...
traefik -- Use of vulnerable Go modules net/http, net/textproto
The Go project reports: HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially...
strongSwan -- certificate verification vulnerability
strongSwan reports: A vulnerability related to certificate verification in TLS-based EAP methods was discovered in strongSwan that results in a denial of service but possibly even remote code execution. Versions 5.9.8 and 5.9.9 may be affected...
curl -- multiple vulnerabilities
Harry Sintonen and Patrick Monnerat report: CVE-2023-23914 A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead...
ffmpeg -- multiple vulnerabilities
NVD reports: An issue was discovered in the FFmpeg package, where vp3decodeframe in libavcodec/vp3.c lacks check of the return value of avmalloc and will cause a null pointer dereference, impacting availability. A null pointer dereference issue was discovered in 'FFmpeg' in decodemainheader...
curl -- multiple vulnerabilities
Daniel Stenberg reports: CVE-2022-32221: POST following PUT confusion When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously was used to issue a PUT...
OpenSSL -- Potential NULL encryption in NID_undef with Custom Cipher
The OpenSSL project reports: Using a Custom Cipher with NIDundef may lead to NULL encryption low...
mediawiki -- multiple vulnerabilities
Mediawiki reports: T316304, CVE-2022-41767 SECURITY: reassignEdits doesn't update results in an IP range check on Special:Contributions.. T309894, CVE-2022-41765 SECURITY: HTMLUserTextField exposes existence of hidden users. T307278, CVE-2022-41766 SECURITY: On action=rollback the message...
Grafana -- Privilege escalation
Grafana Labs reports: On August 9 an internal security review identified a vulnerability in the Grafana which allows an escalation from Admin privileges to Server Admin when Auth proxy authentication is used. Auth proxy allows to authenticate a user by only providing the username or email in a...
Django -- multiple vulnerabilities
Django Release reports: CVE-2022-28346: Potential SQL injection in QuerySet.annotate, aggregate, and extra. CVE-2022-28347: Potential SQL injection via QuerySet.explainoptions on PostgreSQL...
Prosody -- multiple vulnerabilities
The Prosody security advisory 2021-05-12 reports: This advisory details 5 new security vulnerabilities discovered in the Prosody.im XMPP server software. All issues are fixed in the 0.11.9 release default configuration. CVE-2021-32918: DoS via insufficient memory consumption controls...
sudo -- Potential information leak in sudoedit
Todd C. Miller reports: A potential information leak in sudoedit that could be used to test for the existence of directories not normally accessible to the user in certain circumstances. When creating a new file, sudoedit checks to make sure the parent directory of the new file exists before...
ImageMagick6 -- multiple vulnerabilities
CVE reports: Several vulnerabilities have been discovered in ImageMagick: CVE-2021-20309: A flaw was found in ImageMagick in versions before 6.9.12, where a division by zero in WaveImage of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release includes 5 security fixes: 1125337 High CVE-2020-16000: Inappropriate implementation in Blink. Reported by amaebijp on 2020-09-06 1135018 High CVE-2020-16001: Use after free in media. Reported by Khalil Zhani on 2020-10-05 1137630 High CVE-2020-16002: Use aft...
Rails -- Potential XSS vulnerability
Ruby on Rails blog: Rails 5.2.4.4 and 6.0.3.3 have been released! These releases contain an important security fix, so please upgrade when you can. Both releases contain the following fix: CVE-2020-15169 Potential XSS vulnerability in Action View...
VirtualBox -- Multiple vulnerabilities
Oracle reports: Vulnerabilities in VirtualBox core can allow users with logon access to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of these vulnerabilities can result in unauthorized access to critical data, access to all Oracle V...
FreeBSD -- USB HID descriptor parsing error
Problem Description: If the push/pop level of the USB HID state is not restored within the processing of the same HID item, an invalid memory location may be used for subsequent HID item processing. Impact: An attacker with physical access to a USB port may be able to use a specially crafted USB...
FreeBSD -- TCP IPv6 SYN cache kernel information disclosure
Problem Description: When a TCP server transmits or retransmits a TCP SYN-ACK segment over IPv6, the Traffic Class field is not initialized. This also applies to challenge ACK segments, which are sent in response to received RST segments during the TCP connection setup phase. Impact: For each TCP...
sqlite3 -- use after free
MITRE reports: An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigg...
PHP -- Multiple vulnerabilities in EXIF module
The PHP project reports: Heap-buffer-overflow in phpifdget32s CVE-2019-11034 Heap-buffer-overflow in exifiifaddvalue CVE-2019-11035...
RubyGems -- multiple vulnerabilities
RubyGems Security Advisories: CVE-2019-8320: Delete directory using symlink when decompressing tar CVE-2019-8321: Escape sequence injection vulnerability in 'verbose' CVE-2019-8322: Escape sequence injection vulnerability in 'gem owner' CVE-2019-8323: Escape sequence injection vulnerability in AP...
Node.js -- multiple vulnerabilities
Node.js reports: Updates are now available for all active Node.js release lines. In addition to fixes for security flaws in Node.js, they also include upgrades of Node.js 6 and 8 to OpenSSL 1.0.2r which contains a fix for a moderate severity security vulnerability. For these releases, we have...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: CVE-2018-12407: Buffer overflow with ANGLE library when using VertexBuffer11 module CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 CVE-2018-18492: Use-after-free with select element CVE-2018-18493: Buffer overflow in...
Flash Player -- multiple vulnerabilities
Adobe reports: This update resolves out-of-bounds read vulnerabilities that could lead to information disclosure CVE-2018-12824, CVE-2018-12826, CVE-2018-12827. This update resolves a security bypass vulnerability that could lead to security mitigation bypass CVE-2018-12825. This update resolves ...
wpa_supplicant -- unauthenticated encrypted EAPOL-Key data
SO-AND-SO reports: A vulnerability was found in how wpasupplicant processes EAPOL-Key frames. It is possible for an attacker to modify the frame in a way that makes wpasupplicant decrypt the Key Data field without requiring a valid MIC value in the frame, i.e., without the frame being...
mbed TLS -- plaintext recovery vulnerabilities
Simon Butcher reports: When using a CBC based ciphersuite, a remote attacker can partially recover the plaintext. When using a CBC based ciphersuite, an attacker with the ability to execute arbitrary code on the machine under attack can partially recover the plaintext by use of cache based...
mantis -- multiple vulnerabilities
mantis reports: Teun Beijers reported a cross-site scripting XSS vulnerability in the Edit Filter page which allows execution of arbitrary code if CSP settings permit it when displaying a filter with a crafted name. Prevent the attack by sanitizing the filter name before display. Ömer Cıtak,...
Flash Player -- multiple vulnerabilities
Adobe reports: This update resolves an out-of-bounds read vulnerability that could lead to information disclosure CVE-2018-5008. This update resolves a type confusion vulnerability that could lead to arbitrary code execution CVE-2018-5007...
wavpack -- multiple vulnerabilities
Sebastian Ramacher reports: A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file. The...
tor -- Use-after-free in onion service v2
The Torproject.org reports: TROVE-2017-009: Replay-cache ineffective for v2 onion services TROVE-2017-010: Remote DoS attack against directory authorities TROVE-2017-011: An attacker can make Tor ask for a password TROVE-2017-012: Relays can pick themselves in a circuit path TROVE-2017-013:...
varnish -- information disclosure vulnerability
Varnish reports: A wrong if statement in the varnishd source code means that synthetic objects in stevedores which over-allocate, may leak up to page size of data from a malloc3 memory allocation...
PostgreSQL vulnerabilities
The PostgreSQL project reports: CVE-2017-7546: Empty password accepted in some authentication methods CVE-2017-7547: The "pgusermappings" catalog view discloses passwords to users lacking server privileges CVE-2017-7548: loput function ignores ACLs...
GitLab -- Various security issues
GitLab reports: Please reference CVE/URL list for details...
cURL -- TLS session resumption client cert bypass (again)
cURL security advisory: libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established by the...
libsndfile -- multiple vulnerabilities
Agostino Sarubbo, Gentoo reports: CVE-2017-8361 Medium: The flacbuffercopy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service buffer overflow and application crash or possibly have unspecified other impact via a crafted audio file. CVE-2017-8362 Medium: T...
chromium -- vulnerability
Google Chrome Releases reports: 62 security fixes in this release: 826626 Critical CVE-2018-6085: Use after free in Disk Cache. Reported by Ned Williamson on 2018-03-28 827492 Critical CVE-2018-6086: Use after free in Disk Cache. Reported by Ned Williamson on 2018-03-30 813876 High CVE-2018-6087:...
django -- multiple vulnerabilities
Django team reports: These release addresses two security issues detailed below. We encourage all users of Django to upgrade as soon as possible. Open redirect and possible XSS attack via user-supplied numeric redirect URLs Open redirect vulnerability in django.views.static.serve...
ffmpeg -- heap overflow in lavf/mov.c
FFmpeg security reports: FFmpeg 3.2.4 fixes the following vulnerabilities: CVE-2017-5024, CVE-2017-5025...
cURL -- uninitialized random vulnerability
Project curl Security Advisory: libcurl's new internal function that returns a good 32bit random value was implemented poorly and overwrote the pointer instead of writing the value into the buffer the pointer pointed to. This random value is used to generate nonces for Digest and NTLM...
tiff -- multiple vulnerabilities
libtiff project reports: Multiple flaws have been discovered in libtiff library and utilities...