6585 matches found
Grafana -- Privilege escalation
Grafana Labs reports: On August 9 an internal security review identified a vulnerability in the Grafana which allows an escalation from Admin privileges to Server Admin when Auth proxy authentication is used. Auth proxy allows to authenticate a user by only providing the username or email in a...
mat2 -- directory traversal/arbitrary file read during ZIP file processing
mat2 aka metadata anonymisation toolkit before 0.13.0 allows ../ directory traversal during the ZIP archive cleaning process. This primarily affects mat2 web instances, in which clients could obtain sensitive information via a crafted archive...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 2 security fixes, including: 1315901 High CVE-2022-1364: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group on 2022-0-13...
FreeBSD -- mpr/mps/mpt driver ioctl heap out-of-bounds write
Problem Description: Handlers for CFGPAGE read / write ioctls in the mpr, mps, and mpt drivers allocated a buffer of a caller-specified size, but copied to it a fixed size header. Other heap content would be overwritten if the specified size was too small. Impact: Users with access to the mpr, mp...
dnsmasq -- heap use-after-free in dhcp6_no_relay
Petr MenÅ¡Ãk reports: Possible vulnerability ... found in latest dnsmasq. It was found with help of oss-fuzz Google project by me and short after that independently also by Richard Johnson of Trellix Threat Labs. It is affected only by DHCPv6 requests, which could be crafted to modify already free...
NSS -- Memory corruption
The Mozilla project reports: Memory corruption in NSS via DER-encoded DSA and RSA-PSS signatures Critical NSS Network Security Services versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory: Description Critical SECURITY-2455 / CVE-2021-21685, CVE-2021-21686, CVE-2021-21687, CVE-2021-21688, CVE-2021-21689, CVE-2021-21690, CVE-2021-21691, CVE-2021-21692, CVE-2021-21693, CVE-2021-21694, CVE-2021-21695 Multiple vulnerabilities allow bypassing path filtering of...
Gitlab -- vulnerabilities
Gitlab reports: Stored XSS in merge request creation page Denial-of-service attack in Markdown parser Stored Cross-Site Scripting vulnerability in the GitLab Flavored Markdown DNS Rebinding vulnerability in Gitea importer Exposure of trigger tokens on project exports Improper access control for...
Python -- multiple vulnerabilities
Python reports: bpo-42278: Replaced usage of tempfile.mktemp with TemporaryDirectory to avoid a potential race condition. bpo-41180: Add auditing events to the marshal module, and stop raising code.init events for every unmarshalled code object. Directly instantiated code objects will continue to...
Python -- multiple vulnerabilities
Python reports: bpo-42278: Replaced usage of tempfile.mktemp with TemporaryDirectory to avoid a potential race condition. bpo-44394: Update the vendored copy of libexpat to 2.4.1 from 2.2.8 to get the fix for the CVE-2013-0340 "Billion Laughs" vulnerability. This copy is most used on Windows and...
Python -- multiple vulnerabilities
Python reports: bpo-44394: Update the vendored copy of libexpat to 2.4.1 from 2.2.8 to get the fix for the CVE-2013-0340 "Billion Laughs" vulnerability. This copy is most used on Windows and macOS. bpo-43124: Made the internal putcmd function in smtplib sanitize input for presence of \r and \n...
tomcat -- HTTP request smuggling in multiple versions
Bahruz Jabiyev, Steven Sprecher and Kaan Onarlioglu of NEU seclab reports: Apache Tomcat did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: Tomcat incorrectly ignored...
Gitlab -- Vulnerabilities
Gitlab reports: Read API scoped tokens can execute mutations Pull mirror credentials were exposed Denial of Service when querying repository branches API Non-owners can set systemnotetimestamp when creating / updating issues DeployToken will impersonate a User with the same ID when using Dependen...
samba -- Multiple Vulnerabilities
The Samba Team reports: CVE-2020-27840: An anonymous attacker can crash the Samba AD DC LDAP server by sending easily crafted DNs as part of a bind request. More serious heap corruption is likely also possible. CVE-2021-20277: User-controlled LDAP filter strings against the AD DC LDAP server may...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory: Description Medium SECURITY-1452 / CVE-2021-21602 Arbitrary file read vulnerability in workspace browsers High SECURITY-1889 / CVE-2021-21603 XSS vulnerability in notification bar High SECURITY-1923 / CVE-2021-21604 Improper handling of REST API XML deserialization erro...
VirtualBox -- Multiple vulnerabilities
Oracle reports: Vulnerabilities in VirtualBox core can allow users with logon access to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of these vulnerabilities can result in unauthorized access to critical data, access to all Oracle V...
php72 -- use of freed hash key
grigoritchy at gmail dot com reports: The pharparsezipfile function had use-after-free vulnerability because of mishandling of the actualalias variable...
The Bouncy Castle Crypto APIs -- EC math vulnerability
The Bouncy Castle team reports:: Bouncy Castle BC Java before 1.66 has a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures...
libexif -- multiple vulnerabilities
Release notes: Lots of fixes exposed by fuzzers like AFL, ClusterFuzz, OSSFuzz and others: CVE-2016-6328: fixed integer overflow when parsing maker notes CVE-2017-7544: fixed buffer overread CVE-2018-20030: Fix for recursion DoS CVE-2019-9278: replaced integer overflow checks the compiler could...
Squid -- multiple vulnerabilities
The Squid developers reports: Improper Input Validation issues in HTTP Request processing CVE-2020-8449, CVE-2020-8450. Information Disclosure issue in FTP Gateway CVE-2019-12528. Buffer Overflow issue in extlmgroupacl helper CVE-2020-8517...
unbound -- parsing vulnerability
Unbound Security Advisories: Recent versions of Unbound contain a vulnerability that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with --enable-ipsecmod support, and ipsecmod is enabled and used in the...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory: Description Medium SECURITY-1498 / CVE-2019-10401 Stored XSS vulnerability in expandable textbox form control Medium SECURITY-1525 / CVE-2019-10402 XSS vulnerability in combobox form control Medium SECURITY-1537 1 / CVE-2019-10403 Stored XSS vulnerability in SCM tag...
curl -- multiple vulnerabilities
curl security problems: CVE-2019-5481: FTP-KRB double-free libcurl can be told to use kerberos over FTP to a server, as set with the CURLOPTKRBLEVEL option. During such kerberos FTP data transfer, the server sends data to curl in blocks with the 32 bit size of each block first and then that amoun...
FreeBSD -- telnet(1) client multiple vulnerabilities
Problem Description: Insufficient validation of environment variables in the telnet client supplied in FreeBSD can lead to stack-based buffer overflows. A stack- based overflow is present in the handling of environment variables when connecting via the telnet client to remote telnet servers. This...
PostgreSQL -- Stack-based buffer overflow via setting a password
The PostgreSQL project reports: An authenticated user could create a stack-based buffer overflow by changing their own password to a purpose-crafted value. In addition to the ability to crash the PostgreSQL server, this could be further exploited to execute arbitrary code as the PostgreSQL...
PowerDNS -- Insufficient validation in the HTTP remote backend
PowerDNS developers report: An issue has been found in PowerDNS Authoritative Server when the HTTP remote backend is used in RESTful mode without post=1 set, allowing a remote user to cause the HTTP backend to connect to an attacker-specified host instead of the configured one, via a crafted DNS...
Rails -- Action View vulnerabilities
Ruby on Rails blog: Rails 4.2.11.1, 5.0.7.2, 5.1.6.2, 5.2.2.1, and 6.0.0.beta3 have been released! These contain the following important security fixes. It is recommended that users upgrade as soon as possible: CVE-2019-5418 File Content Disclosure in Action View CVE-2019-5419 Denial of Service...
py-yaml -- arbitrary code execution
pyyaml reports: the PyYAML.load function could be easily exploited to call any Python function. That means it could call any system command using os.system...
botan2 -- ECDSA side channel
botan2 developers report: A side channel in the ECDSA signature operation could allow a local attacker to recover the secret key. Found by Keegan Ryan of NCC Group. Bug introduced in 2.5.0, fixed in 2.7.0. The 1.10 branch is not affected...
gnupg -- unsanitized output (CVE-2018-12020)
GnuPG reports: GnuPG did not sanitize input file names, which may then be output to the terminal. This could allow terminal control sequences or fake status messages to be injected into the output...
drupal -- Drupal Core - Multiple Vulnerabilities
Drupal Security Team reports: CVE-2017-6926: Comment reply form allows access to restricted content CVE-2017-6927: JavaScript cross-site scripting prevention is incomplete CVE-2017-6928: Private file access bypass - Moderately Critical CVE-2017-6929: jQuery vulnerability with untrusted domains -...
quagga -- several security issues
Quagga reports: The Quagga BGP daemon, bgpd, does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or it may crash. The Quagga BGP daemon, bgpd, can double-free memor...
ikiwiki -- multiple vulnerabilities
Mitre reports: ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page...
tiff -- multiple vulnerabilities
libtiff project reports: Multiple flaws have been discovered in libtiff library and utilities...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 3 security fixes in this release, including: 642496 High CVE-2016-5177: Use after free in V8. Credit to Anonymous 651092 CVE-2016-5178: Various fixes from internal audits, fuzzing and other initiatives...
gd -- multiple vulnerabilities
Pierre Joye reports: fix php bug 72339, Integer Overflow in gd2GetHeader CVE-2016-5766 gd: Buffer over-read issue when parsing crafted TGA file CVE-2016-6132 Integer overflow error within gdContributionsAlloc CVE-2016-6207 fix php bug 72494, invalid color index not handled, can lead to crash...
perl -- local arbitrary code execution
Sawyer X reports: Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . period characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory...
samba -- client side SMB2/3 required signing can be downgraded
Samba team reports: A man in the middle attack can disable client signing over SMB2/3, even if enforced by configuration parameters...
Apache Commons FileUpload -- denial of service
Jochen Wiedmann reports: A malicious client can send file upload requests that cause the HTTP server using the Apache Commons Fileupload library to become unresponsive, preventing the server from servicing other requests...
openssl -- denial of service
Mitre reports: OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service integer overflow and application crash or possibly have unspecified other impact by leveraging unexpected malloc behavior,...
brotli -- buffer overflow
Google Chrome Releases reports: 583607 High CVE-2016-1624: Buffer overflow in Brotli. Credit to lukezli. Mozilla Foundation reports: Security researcher Luke Li reported a pointer underflow bug in the Brotli library's decompression that leads to a buffer overflow. This results in a potentially...
tiff -- out-of-bounds read in tif_getimage.c
LMX of Qihoo 360 Codesafe Team discovered an out-of-bounds read in tifgetimage.c. An attacker could create a specially-crafted TIFF file that could cause libtiff to crash...
qemu -- denial of service vulnerability in VMWARE VMXNET3 NIC support
Prasad J Pandit, Red Hat Product Security Team, reports: Qemu emulator built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to a memory leakage flaw. It occurs when a guest repeatedly tries to activate the vmxnet3 device. A privileged guest user could use this flaw to leak...
xen-kernel -- XENMEM_exchange error handling issues
The Xen Project reports: Error handling in the operation may involve handing back pages to the domain. This operation may fail when in parallel the domain gets torn down. So far this failure unconditionally resulted in the host being brought down due to an internal error being assumed. This is...
qemu -- denial of service vulnerability in VNC
Prasad J Pandit, Red Hat Product Security Team, reports: Qemu emulator built with the VNC display driver support is vulnerable to an arithmetic exception flaw. It occurs on the VNC server side while processing the 'SetPixelFormat' messages from a client. A privileged remote client could use this...
libraw -- index overflow in smal_decode_segment
ChenQin reports: The LibRaw raw image decoder has multiple vulnerabilities that can cause memory errors which may lead to code execution or other problems. In CVE-2015-8366, LibRaw's smaldecodesegment function does not handle indexes carefully, which can cause an index overflow...
libxslt -- DoS vulnerability due to type confusing error
libxslt maintainer reports: CVE-2015-7995: http://www.openwall.com/lists/oss-security/2015/10/27/10 We need to check that the parent node is an element before dereferencing its namespace...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2015-95 Add-on notification bypass through data URLs MFSA 2015-94 Use-after-free when resizing canvas element during restyling...
qemu -- stack buffer overflow while parsing SCSI commands
Prasad J Pandit, Red Hat Product Security Team, reports: Qemu emulator built with the SCSI device emulation support is vulnerable to a stack buffer overflow issue. It could occur while parsing SCSI command descriptor block with an invalid operation code. A privilegedCAPSYSRAWIO user inside guest...
libav -- divide by zero
Agostino Sarubbo reports: libav: divide-by-zero in ffh263decodemba...