6585 matches found
GnuTLS -- timing sidechannel in RSA decryption
The GnuTLS project reports: A vulnerability was found that the response times to malformed RSA ciphertexts in ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding. Only TLS ciphertext processing is affected...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 17 security fixes, including: 1353208 High CVE-2023-0128: Use after free in Overview Mode. Reported by Khalil Zhani on 2022-08-16 1382033 High CVE-2023-0129: Heap buffer overflow in Network Service. Reported by asnine on 2022-11-07 1370028 Medium...
rsync -- client-side arbitrary file write vulnerability
Openwall oss-security reports: We have discovered a critical arbitrary file write vulnerability in the rsync utility that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. Due to...
Gitlab -- multiple vulnerabilities
Gitlab reports: Static passwords inadvertently set during OmniAuth-based registration Stored XSS in notes Stored XSS on Multi-word milestone reference Denial of service caused by a specially crafted RDoc file GitLab Pages access tokens can be reused on multiple domains GitLab Pages uses default...
kafka -- Denial Of Service vulnerability
NIST reports: jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects...
Grafana -- Directory Traversal
GitHub Security Labs reports: A vulnerability through which authenticated users could read out fully lowercase or fully uppercase .md files through directory traversal. Doing our own follow-up investigation we found a related vulnerability through which authenticated users could read out arbitrar...
Grafana -- Directory Traversal
GitHub Security Labs reports: A vulnerability through which authenticated users could read out fully lowercase or fully uppercase .md files through directory traversal. Doing our own follow-up investigation we found a related vulnerability through which authenticated users could read out arbitrar...
jenkins -- Jenkins core bundles vulnerable version of the commons-httpclient library
Jenkins Security Advisory: Description Medium SECURITY-2475 / CVE-2014-3577 Jenkins core bundles vulnerable version of the commons-httpclient library...
PostgreSQL server -- Memory disclosure in certain queries
The PostgreSQL Project reports: A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include...
fetchmail -- 6.4.19 and older denial of service or information disclosure
Matthias Andree reports: When a log message exceeds c. 2 kByte in size, for instance, with very long header contents, and depending on verbosity option, fetchmail can crash or misreport each first log message that requires a buffer reallocation...
redis -- Integer overflow issues with BITFIELD command on 32-bit systems
Huang Zhw reports: On 32-bit versions, Redis BITFIELD command is vulnerable to integer overflow that can potentially be exploited to corrupt the heap, leak arbitrary heap contents or trigger remote code execution. The vulnerability involves constructing specially crafted bit commands which overfl...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release includes 4 security fixes, including: 1219857 High CVE-2021-30554: Use after free in WebGL. Reported by anonymous on 2021-06-15 1215029 High CVE-2021-30555: Use after free in Sharing. Reported by David Erceg on 2021-06-01 1212599 High CVE-2021-30556: Use afte...
curl -- Automatic referer leaks credentials
Daniel Stenberg reports: libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request. libcurl...
spamassassin -- Malicious rule configuration (.cf) files can be configured to run system commands
The Apache SpamAssassin project reports: Apache SpamAssassin 3.4.5 was recently released 1, and fixes an issue of security note where malicious rule configuration .cf files can be configured to run system commands. In Apache SpamAssassin before 3.4.5, exploits can be injected in a number of...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release includes 5 security fixes, including: 1167357 High CVE-2021-21191: Use after free in WebRTC. Reported by raven @raidakame on 2021-01-15 1181387 High CVE-2021-21192: Heap buffer overflow in tab groups. Reported by Abdulrahman Alqabandi, Microsoft Browser...
libX11 -- Doublefree in locale handlng code
The X.org project reports: There is an integer overflow and a double free vulnerability in the way LibX11 handles locales. The integer overflow is a necessary precursor to the double free...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: User Email Verification Bypass OAuth Flow Missing Email Verification Checks Notification Email Verification Bypass Undisclosed Vulnerability on a Third-Party Rendering Engine Group Sign-Up Restriction Bypass Mirror Project Owner Impersonation Missing Permission Check on Fork...
salt -- multiple vulnerabilities in salt-master process
F-Secure reports: CVE-2020-11651 - Authentication bypass vulnerabilities The ClearFuncs class processes unauthenticated requests and unintentionally exposes the sendpub method, which can be used to queue messages directly on the master publish server. Such messages can be used to trigger minions ...
nested filters leads to stack overflow
Howard Chu reports: nested filters leads to stack overflow...
mail/dovecot -- multiple vulnerabilities
Aki Tuomi reports: Parsing mails with a large number of MIME parts could have resulted in excessive CPU usage or a crash due to running out of stack memory.. Dovecot's NTLM implementation does not correctly check message buffer size, which leads to reading past allocation which can lead to crash...
mailman -- arbitrary content injection vulnerability via options or private archive login pages
Mark Sapiro reports: A content injection vulnerability via the options login page has been discovered and reported by Vishal Singh. An issue similar to CVE-2018-13796 exists at different endpoint & param. It can lead to a phishing attack. added 2020-05-07 This is essentially the same as...
ansible - win_unzip path normalization
Borja Tarraso reports: A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the winunzip module as the extracted files are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by...
cacti -- multiple vulnerabilities
The Cacti developers reports: When guest users have access to realtime graphs, remote code could be executed CVE-2020-8813. Lack of escaping on some pages can lead to XSS exposure CVE-2020-7106. Remote Code Execution due to input validation failure in Performance Boost Debug Log CVE-2020-7237...
OpenSMTPd -- critical LPE / RCE vulnerability
OpenSMTPD developers report: An incorrect check allows an attacker to trick mbox delivery into executing arbitrary commands as root and lmtp delivery into executing arbitrary commands as an unprivileged user...
libxml -- multiple vulnerabilities
CVE mitre reports: CVE-2019-20388 xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. CVE-2020-7595 xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. CVE-2020-24977 GNOME project libxml2...
samba -- combination of parameters and permissions can allow user to escape from the share path definition
The samba project reports: On a Samba SMB server for all versions of Samba from 4.9.0 clients are able to escape outside the share root directory if certain configuration parameters set in the smb.conf file...
drupal -- Drupal core - Moderately critical
Drupal Security Team reports: CVE-2019-10909: Escape validation messages in the PHP templating engine. CVE-2019-10910: Check service IDs are valid. CVE-2019-10911: Add a separator in the remember me cookie hash. jQuery 3.4.0 includes a fix for some unintended behavior when using jQuery.extendtrue...
turnserver -- multiple vulnerabilities
Mihály Mészáros reports: We made 4.5.1.0 release public today that fixes many vulnerabilities. It fix the following vulnerabilities: CVE-2018-4056 CVE-2018-4058 CVE-2018-4059 They will be exposed very soon...
asterisk -- Remote crash vulnerability with SDP protocol violation
The Asterisk project reports: When Asterisk makes an outgoing call, a very specific SDP protocol violation by the remote party can cause Asterisk to crash...
Libgit2 -- Fixing insufficient validation of submodule names
The Git community reports: Insufficient validation of submodule names...
PostgreSQL vulnerabilities
The PostgreSQL project reports: CVE-2018-1058: Uncontrolled search path element in pgdump and other client applications...
phpMyAdmin -- self XSS in central columns feature
The phpMyAdmin team reports: Summary Self XSS in central columns feature Description A self-cross site scripting XSS vulnerability has been reported relating to the central columns feature. Severity We consider this vulnerability to be of moderate severity. Mitigation factor A valid token must be...
Mailman -- Cross-site scripting (XSS) vulnerability in the web UI
Mark Sapiro reports: An XSS vulnerability in the user options CGI could allow a crafted URL to execute arbitrary javascript in a user's browser. A related issue could expose information on a user's options page without requiring login...
xorg-server -- multiple vulnerabilities
Alan Coopersmith reports: X.Org thanks Michal Srb of SuSE for finding these issues and bringing them to our attention, Julien Cristau of Debian for getting the fixes integrated, and Adam Jackson of Red Hat for publishing the release...
Mercurial -- multiple vulnerabilities
Mercurial Release Notes: CVE-2017-1000115 Mercurial's symlink auditing was incomplete prior to 4.3, and could be abused to write to files outside the repository. CVE-2017-1000116 Mercurial was not sanitizing hostnames passed to ssh, allowing shell injection attacks on clients by specifying a...
kauth: Local privilege escalation
Albert Astals Cid reports: KAuth contains a logic flaw in which the service invoking dbus is not properly checked. This allows spoofing the identity of the caller and with some carefully crafted calls can lead to gaining root from an unprivileged account...
ansible -- Input validation flaw in jinja2 templating system
RedHat security team reports: An input validation flaw was found in Ansible, where it fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup calls, they could inject Unicode strings to be parsed by the jinja2 templating system, result in code...
cURL -- potential memory disclosure
The cURL project reports: There were two bugs in curl's parser for the command line option --write-out or -w for short that would skip the end of string zero byte if the string ended in a % percent or \ backslash, and it would read beyond that buffer in the heap memory and it could then potential...
OpenEXR -- multiple remote code execution and denial of service vulnerabilities
Brandon Perry reports: There is a zip file of EXR images that cause segmentation faults in the OpenEXR library tested against 2.2.0. CVE-2017-9110 In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash. CVE-2017-9111 In OpenEXR...
xen-kernel -- x86 PV guests may be able to mask interrupts
The Xen Project reports: Certain PV guest kernel operations page table writes in particular need emulation, and use Xen's general x86 instruction emulator. This allows a malicious guest kernel which asynchronously modifies its instruction stream to effect the clearing of EFLAGS.IF from the state...
exim -- DKIM private key leak
The Exim project reports: Exim leaks the private DKIM signing key to the log files. Additionally, if the build option EXPERIMENTALDSNINFO=yes is used, the key material is included in the bounce message...
subversion -- Unrestricted XML entity expansion in mod_dontdothat and Subversionclients using http(s)
The Apache Software Foundation reports: The moddontdothat module of subversion and subversion clients using https:// are vulnerable to a denial-of-service attack, caused by exponential XML entity expansion. The attack targets XML parsers causing targeted process to consume excessive amounts of...
xen-kernel -- guest 32-bit ELF symbol table load leaking host data
The Xen Project reports: Along with their main kernel binary, unprivileged guests may arrange to have their Xen environment load kernel symbol tables for their use. The ELF image metadata created for this purpose has a few unused bytes when the symbol table binary is in 32-bit ELF format. These...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 21 security fixes in this release, including: 645211 High CVE-2016-5181: Universal XSS in Blink. Credit to Anonymous 638615 High CVE-2016-5182: Heap overflow in Blink. Credit to Giwan Go of STEALIEN 645122 High CVE-2016-5183: Use after free in PDFium. Credit to...
MySQL -- Multiple vulnerabilities
Oracle reports: The quarterly Critical Patch Update contains 22 new security fixes for Oracle MySQL 5.5.49, 5.6.30, 5.7.13 and earlier...
libreoffice -- use-after-free vulnerability
Talos reports: An exploitable Use After Free vulnerability exists in the RTF parser LibreOffice. A specially crafted file can cause a use after free resulting in a possible arbitrary code execution. To exploit the vulnerability a malicious file needs to be opened by the user via vulnerable...
expat2 -- denial of service
Adam Maris reports: It was found that original patch for issues CVE-2015-1283 and CVE-2015-2716 used overflow checks that could be optimized out by some compilers applying certain optimization settings, which can cause the vulnerability to remain even after applying the patch...
xercesi-c3 -- multiple vulnerabilities
Apache reports: The Xerces-C XML parser fails to successfully parse a DTD that is deeply nested, and this causes a stack overflow, which makes a denial of service attack against many applications possible by an unauthenticated attacker. Also, CVE-2016-2099: Use-after-free vulnerability in...
php -- multiple vulnerabilities
The PHP Group reports: BCMath: Fixed bug 72093 bcpowmod accepts negative scale and corrupts one definition. Exif: Fixed bug 72094 Out of bounds heap read access in exif header processing. GD: Fixed bug 71912 libgd: signedness vulnerability. CVE-2016-3074 Intl: Fixed bug 72061 Out-of-bounds reads ...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: MFSA 2016-39 Miscellaneous memory safety hazards rv:46.0 / rv:45.1 / rv:38.8 MFSA 2016-42 Use-after-free and buffer overflow in Service Workers MFSA 2016-44 Buffer overflow in libstagefright with CENC offsets MFSA 2016-45 CSP not applied to pages sent with...