6578 matches found
glibc -- gethostbyname buffer overflow
Robert Krátký reports: GHOST is a 'buffer overflow' bug affecting the gethostbyname and gethostbyname2 function calls in the glibc library. This vulnerability allows a remote attacker that is able to make an application call to either of these functions to execute arbitrary code with the...
FreeBSD -- Intel CPU Microcode Update
Starting with version 1.26, the devcpu-data port/package includes updates and mitigations for the following technical and security advisories depending on CPU model. Intel TSX Updates TAA CVE-2019-11135 Voltage Modulation Vulnerability CVE-2019-11139 MDCLEAR Operations CVE-2018-12126 CVE-2018-121...
Apache httpd -- several vulnerabilities
Apache Software Foundation reports: Please reference CVE/URL list for details...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Ability to Write a Note to a Private Snippet Recent Pipeline Information Disclosed to Unauthorised Users Resource Exhaustion Attack Error Caused by Encoded Characters in Comments Authorization Issues in GraphQL Number of Merge Requests was Accessible Enabling One of the Service...
GraphicsMagick -- multiple vulnerabilities
GraphicsMagick News: Read "Security Fixes:" section for details...
rt -- XSS via jQuery
BestPractical reports: The version of jQuery used in RT 4.2 and 4.4 has a Cross-site Scripting XSS vulnerability when using cross-domain Ajax requests. This vulnerability is assigned CVE-2015-9251. RT does not use this jQuery feature so it is not directly vulnerable. jQuery version 1.12 no longer...
MariaDB -- unspecified vulnerability
The MariaDB project reports: Fixes for the following security vulnerabilities: CVE-2017-15365...
phpmyadmin -- XSS in the import dialog
The phpMyAdmin development team reports: Description A Cross-Site Scripting vulnerability was found in the file import feature, where an attacker can deliver a payload to a user through importing a specially-crafted file. Severity We consider this attack to be of moderate severity...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 9 security fixes, including: 1199345 High CVE-2021-21227: Insufficient data validation in V8. Reported by Gengming Liu of Singular Security Lab on 2021-04-15 1175058 High CVE-2021-21232: Use after free in Dev Tools. Reported by Abdulrahman Alqabandi,...
webmin -- unauthenticated remote code execution
Joe Cooper reports: I've rolled out Webmin version 1.930 and Usermin version 1.780 for all repositories. This release includes several security fixes, including one potentially serious one caused by malicious code inserted into Webmin and Usermin at some point on our build infrastructure. We're...
chromium -- multiple vulnerabilities
Chrome Reelases reports: This release includes 7 security fixes, including: 1194046 High CVE-2021-21222: Heap buffer overflow in V8. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2021-03-30 1195308 High CVE-2021-21223: Integer overflow in Mojo. Reported by Guang Gong of Alpha Lab, Qihoo 360 o...
serviio -- affected by log4j vulnerability
Serviio reports: Serviio is affectred by the log4j vulnerability...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 8 security fixes, including: 1219082 High CVE-2021-30559: Out of bounds write in ANGLE. Reported by Seong-Hwan Park SeHwa of SecunologyLab on 2021-06-11 1214842 High CVE-2021-30541: Use after free in V8. Reported by Richard Wheeldon on 2021-05-31...
iperf3 -- buffer overflow
ESnet reports: A malicious process can connect to an iperf3 server and, by sending a malformed message on the control channel, corrupt the server process's heap area. This can lead to a crash and a denial of service, or theoretically a remote code execution as the user running the iperf3 server. ...
Consul -- Multiple vulnerabilities
Hashicorp reports: Add content-type headers to raw KV responses to prevent XSS attacks CVE-2020-25864. audit-logging: Parse endpoint URL to prevent requests from bypassing the audit log CVE-2021-28156...
mailman < 2.1.38 -- CSRF vulnerability of list mod or member against list admin page
Mark Sapiro reports: A list moderator or list member can potentially carry out a CSRF attack by getting a list admin to visit a crafted web page...
openhab -- log4j remote code injection
Openhab reports: Any openHAB instance that is publicly available or which consumes untrusted content from remote servers is potentially a target of this attack...
payara -- Code execution via crafted PUT requests to JSPs
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled e.g. via setting the readonly initialisation parameter of the Default to false it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it containe...
py-matrix-synapse -- incomplete cleanup of 3rd-party-IDs on user deactivation
Matrix developers report: Clean up local threepids from user on account deactivation...
Ghostscript -- arbitrary code execution
CERT reports: Ghostscript contains an optional -dSAFER option, which is supposed to prevent unsafe PostScript operations. Multiple PostScript operations bypass the protections provided by -dSAFER, which can allow an attacker to execute arbitrary commands with arbitrary arguments. This vulnerabili...
OpenSSH -- MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices
It was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates. A remote attacker could use this flaw to bypass the MaxAuthTries limit, making it easier to perform password guessing attacks...
lighttpd -- Log injection vulnerability in mod_auth
MITRE reports: modauth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character...
Apache httpd -- Multiple vulnerabilities
The Apache httpd project reports: moderate: Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlier CVE-2021-44224 A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer dereference or, for...
chromium -- V8 type confusion
Chrome Releases reports: This release contains 1 security fix: 1309225 High CVE-2022-1096: Type Confusion in V8. Reported by anonymous on 2022-03-23 Google is aware that an exploit for CVE-2022-1096 exists in the wild...
MySQL -- Multiple vulnerabilities
Oracle reports: This Critical Patch Update contains 37 new security patches for Oracle MySQL. 8 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network withouti requiring user credentials...
phpmyadmin -- Full path disclosure vulnerability in SQL parser
The phpMyAdmin development team reports: By calling a particular script that is part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. We consider this vulnerability ...
Apache httpd -- Path Traversal and Remote Code Execution
The Apache http server project reports: critical: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 incomplete fix of CVE-2021-41773 CVE-2021-42013. It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a...
phpMyAdmin -- XSRF/CSRF vulnerability
The phpMyAdmin team reports: Description By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc. Severity We consider this vulnerability to be critical...
MySQL -- Multiple vulnerabilities
Oracle reports: This Critical Patch Update contains 34 new security patches plus additional third party patches noted below for Oracle MySQL. 10 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials...
Apache httpd -- several vulnerabilities
The Apache httpd project reports: apgetbasicauthpw Authentication Bypass CVE-2017-3167: Use of the apgetbasicauthpw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. modssl Null Pointer Dereference CVE-2017-3169:modssl may dereferen...
cyrus-imapd -- integer overflow in the start_octet addition
Cyrus IMAP 2.5.7 Release Note states: CVE-2015-8077, CVE-2015-8078: protect against integer overflow in urlfetch range checks...
OpenEXR -- several integer overflow vulnerabilities
Cary Phillips reports: OpenEXR 3.4.10 is a patch release that addresses the following security vulnerabilities: CVE-2026-39886 HTJ2K Signed Integer Overflow in htundoimpl CVE-2026-40244 Integer overflow in DWA setupChannelData planarUncRle pointer arithmetic missed variant of CVE-2026-34589...
Grafana -- XSS
Grafana Labs reports: On Jan. 16, an external security researcher, Jasu Viding contacted Grafana to disclose an XSS vulnerability in the way that Grafana handles data sources. Should an existing data source connected to Grafana be compromised, it could be used to inappropriately gain access to...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory: Description High SECURITY-3037 / CVE-2023-27898 XSS vulnerability in plugin manager Medium SECURITY-3030 / CVE-2023-24998 upstream issue, CVE-2023-27900 MultipartFormDataParser, CVE-2023-27901 StaplerRequest DoS vulnerability in bundled Apache Commons FileUpload library...
Gitlab -- multiple vulnerabilities
Gitlab reports: Remote Command Execution via Project Imports XSS in ZenTao integration affecting self hosted instances without strict CSP XSS in project settings page Unallowed users can read unprotected CI variables IP allow-list bypass to access Container Registries 2FA status is disclosed to...
OpenSearch -- Log4Shell
OpenSearch reports: CVE-2021-45105 for Log4j was issued after the release of OpenSearch 1.2.2. This CVE advises upgrading to Log4j 2.17.0. While there has been no observed reproduction of the issue described in CVE-2021-45105 in OpenSearch, we have released OpenSearch 1.2.3 which updates Log4j to...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Remote Command Execution Vulnerability on Repository Download Feature Confidential Issue Titles Revealed to Restricted Users on Unsubscribe Disclosure of Milestone Metadata through the Search API Private Project Discovery via Comment Links Metadata of Confidential Issues Disclosed...
codeigniter -- file upload class vulnerability
Derek Jones reports: A fix has been implemented for a security flaw in CodeIgniter 1.7.2. All applications using the File Upload class should install the patch to ensure that their application is not subject to a vulnerability...
Apache Maven -- multiple vulnerabilities
The Apache Maven project reports: We received a report from Jonathan Leitschuh about a vulnerability of custom repositories in dependency POMs. We've split this up into three separate issues: Possible Man-In-The-Middle-Attack due to custom repositories using HTTP. More and more repositories use...
Flash Player -- arbitrary code execution
Adobe reports: This update resolves a use-after-free vulnerability that could lead to arbitrary code execution CVE-2019-7845...
MySQL -- Multiple vulnerabilities
Oracle reports: This Critical Patch Update contains 34 new security patches, plus additional third party patches noted below, for Oracle MySQL. 11 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials...
MySQL -- Multiple vulnerabilities
Oracle reports: This Critical Patch Update contains 49 new security patches for Oracle MySQL. 10 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabiliti...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: CVE-2018-18356: Use-after-free in Skia CVE-2019-5785: Integer overflow in Skia CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext...
MySQL -- Multiple vulnerabilities
Oracle reports: This Critical Patch Update contains 37 new security patches for Oracle MySQL. 11 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials...
redis -- Potential remote code execution vulnerability
The Redis core team reports: Executing a XAUTOCLAIM command on a stream key in a specific state, with a specially crafted COUNT argument, may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. The problem affects Redis versions 7.0.0 or newer...
MySQL -- Multiple vulnerabilities
Oracle reports: This Critical Patch Update contains 34 new security patches for Oracle MySQL Server and 4 for MySQL Client. The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle MySQL is 6.8...
Apache -- Multiple vulnerabilities
The Apache Team reports: SECURITY: CVE-2019-10081 modhttp2: HTTP/2 very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data...
rsyslog -- remote syslog PRI vulnerability
The rsyslog project reports: potential abort when a message with PRI 191 was processed if the "pri-text" property was used in active templates, this could be abused to a remote denial of service from permitted senders The original fix for CVE-2014-3634 was not adequate...
Grafana -- Username enumeration
Grafana Labs reports: When using the forget password on the login page, a POST request is made to the /api/user/password/sent-reset-email URL. When the username or email does not exist, a JSON response contains a “user not found” message. The CVSS score for this vulnerability is 5.3 Moderate...
OpenSSL -- multiple vulnerabilities
The OpenSSL project reports: SM2 Decryption Buffer Overflow CVE-2021-3711: High Read buffer overruns processing ASN.1 strings CVE-2021-3712: Moderate...