6583 matches found
apache2 -- SSL remote DoS
The Apache HTTP Server 2.0.51 release notes report that the following issues have been fixed: A segfault in modssl which can be triggered by a malicious remote server, if proxying to SSL servers has been configured. CAN-2004-0751 A potential infinite loop in modssl which could be triggered given...
cvs pserver remote heap buffer overflow
Due to a programming error in code used to parse data received from the client, malformed data can cause a heap buffer to overflow, allowing the client to overwrite arbitrary portions of the server's memory. A malicious CVS client can exploit this to run arbitrary code on the server at the...
CVS path validation errors
Two programming errors were discovered in which path names handled by CVS were not properly validated. In one case, the CVS client accepts absolute path names from the server when determining which files to update. In another case, the CVS server accepts relative path names from the client when...
mozilla -- hostname spoofing bug
When processing URIs that contain an unqualified host name-- specifically, a domain name of only one component-- Mozilla will perform matching against the first component of the domain name in SSL certificates. In other words, in some situations, a certificate issued to "www.example.com" will be...
OpenSSL -- OOB memory access vulnerability
The OpenSSL project reports: Low-level invalid GF2^m parameters lead to OOB memory access CVE-2024-9143 Low Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes...
ruby -- Arbitrary memory address read vulnerability with Regex search
sp2ip reports: If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings...
OpenSSL -- Multiple vulnerabilities
The OpenSSL project reports: Excessive time spent checking invalid RSA public keys CVE-2023-6237 PKCS12 Decoding crashes CVE-2024-0727...
chromium -- security fix
Chrome Releases reports: This update includes 1 security fix: 1513379 High CVE-2024-0333: Insufficient data validation in Extensions. Reported by Malcolm Stagg @malcolmst of SODIUM-24, LLC on 2023-12-20...
postgresql-server -- Memory disclosure in aggregate function calls
PostgreSQL Project reports: Certain aggregate function calls receiving "unknown"-type arguments could disclose bytes of server memory from the end of the "unknown"-type value to the next zero byte. One typically gets an "unknown"-type value via a string literal having no type designation. We have...
Gitlab -- multiple vulnerabilities
Gitlab reports: Account take over via SCIM email change Stored XSS in Jira integration Quick action commands susceptible to XSS IP allowlist bypass when using Trigger tokens IP allowlist bypass when using Project Deploy Tokens Improper authorization in the Interactive Web Terminal Subgroup member...
squid -- Exposure of sensitive information in cache manager
Mikhail Evdokimov aka konata reports: Due to inconsistent handling of internal URIs Squid is vulnerable to Exposure of Sensitive Information about clients using the proxy. This problem allows a trusted client to directly access cache manager information bypassing the manager ACL protection. The...
Asterisk -- multiple vulnerabilities
The Asterisk project reports: AST-2022-001 - When using STIR/SHAKEN, its possible to download files that are not certificates. These files could be much larger than what you would expect to download. AST-2022-002 - When using STIR/SHAKEN, its possible to send arbitrary requests like GET to...
py-httpie -- exposure of sensitive information vulnerabilities
Glyph reports: HTTPie is a command-line HTTP client. HTTPie has the practical concept of sessions, which help users to persistently store some of the state that belongs to the outgoing requests and incoming responses on the disk for further usage. Before 3.1.0, HTTPie didn't distinguish between...
Grafana -- Directory Traversal
GitHub Security Labs reports: A vulnerability through which authenticated users could read out fully lowercase or fully uppercase .md files through directory traversal. Doing our own follow-up investigation we found a related vulnerability through which authenticated users could read out arbitrar...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 22 security fixes, including: 1267661 High CVE-2021-4052: Use after free in web apps. Reported by Wei Yuan of MoyunSec VLab on 2021-11-07 1267791 High CVE-2021-4053: Use after free in UI. Reported by Rox on 2021-11-08 1265806 High CVE-2021-4079: Out ...
Node.js -- October 2021 Security Releases
Node.js reports: HTTP Request Smuggling due to spaced in headers MediumCVE-2021-22959 The http parser accepts requests with a space SP right after the header name before the colon. This can lead to HTTP Request Smuggling HRS. HTTP Request Smuggling when parsing the body MediumCVE-2021-22960 The...
go -- misc/wasm, cmd/link: do not let command line arguments overwrite global data
The Go project reports: When invoking functions from WASM modules, built using GOARCH=wasm GOOS=js, passing very large arguments can cause portions of the module to be overwritten with data from the arguments. If using wasmexec.js to execute WASM modules, users will need to replace their copy aft...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update contains 19 security fixes, including: 1243117 High CVE-2021-37956: Use after free in Offline use. Reported by Huyna at Viettel Cyber Security on 2021-08-24 1242269 High CVE-2021-37957: Use after free in WebGPU. Reported by Looben Yang on 2021-08-23 1223290 Hi...
Gitlab -- Vulnerabilities
Gitlab reports: Stored XSS in DataDog Integration Invited group members continue to have project access even after invited group is deleted Specially crafted requests to apollouploadserver middleware leads to denial of service Privilege escalation of an external user through project token Missing...
consul -- rpc: authorize raft requests
Hashicorp reports: HashiCorp Consul Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation...
Matrix clients -- several vulnerabilities
Matrix developers report: Today we are disclosing a critical security issue affecting multiple Matrix clients and libraries including Element Web/Desktop/Android, FluffyChat, Nheko, Cinny, and SchildiChat. Specifically, in certain circumstances it may be possible to trick vulnerable clients into...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 10 security fixes, including: 1227777 High CVE-2021-30590: Heap buffer overflow in Bookmarks. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-07-09 1229298 High CVE-2021-30591: Use after free in File System API. Reported by SorryMybad...
fetchmail -- 6.4.19 and older denial of service or information disclosure
Matthias Andree reports: When a log message exceeds c. 2 kByte in size, for instance, with very long header contents, and depending on verbosity option, fetchmail can crash or misreport each first log message that requires a buffer reallocation...
Rails -- multiple vulnerabilities
Ruby on Rails blog: Rails versions 6.1.3.2, 6.0.3.7, and 5.2.6 have been released! These releases contain important security fixes. Here is a list of the issues fixed: CVE-2021-22885: Possible Information Disclosure / Unintended Method Execution in Action Pack CVE-2021-22902: Possible Denial of...
Gitlab -- vulnerability
The GitLab Team reports: Ability to steal a user's API access token through GitLab Pages...
Node.js -- November 2020 Security Releases
Node.js reports: Updates are now available for v12.x, v14.x and v15.x Node.js release lines for the following issues. Denial of Service through DNS request CVE-2020-8277 A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of...
salt -- multiple vulnerabilities
SaltStack reports multiple security vulnerabilities in Salt 3002: CVE-2020-16846: Prevent shell injections in netapi ssh client. CVE-2020-17490: Prevent creating world readable private keys with the tls execution module. CVE-2020-25592: Properly validate eauth credentials and tokens along with...
Django -- multiple vulnerabilities
Django Release notes: CVE-2020-24583: Incorrect permissions on intermediate-level directories on Python 3.7+ On Python 3.7+, FILEUPLOADDIRECTORYPERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files and to intermediate-level collected static...
libX11 -- Doublefree in locale handlng code
The X.org project reports: There is an integer overflow and a double free vulnerability in the way LibX11 handles locales. The integer overflow is a necessary precursor to the double free...
Icinga Web 2 -- directory traversal vulnerability
Icinga development team reports: CVE-2020-24368 Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process running Icinga Web 2. This issue is fixed in Icinga Web 2 in v2.6.4,...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 15 security fixes, including: 1107433 High CVE-2020-6542: Use after free in ANGLE. Reported by Piotr Bania of Cisco Talos on 2020-07-20 1104046 High CVE-2020-6543: Use after free in task scheduling. Reported by Looben Yang on 2020-07-10 1108497 High...
FreeBSD -- IPv6 socket option race condition and use after free
Problem Description: The IPV62292PKTOPTIONS set handler was missing synchronization, so racing accesses could modify freed memory. Impact: A malicious user application could trigger memory corruption, leading to privilege escalation...
glpi -- SQL Injection in Search API
MITRE Corporation reports: In GLPI before version 9.5.2, there is a SQL Injection in the API's search function. Not only is it possible to break the SQL syntax, but it is also possible to utilise a UNION SELECT query to reflect sensitive information such as the current database version, or databa...
ceph14 -- HTTP header injection via CORS ExposeHeader tag
Red Hat bugzilla reports: A flaw was found in the Red Hat Ceph Storage RadosGW Ceph Object Gateway. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection ...
mail/dovecot -- multiple vulnerabilities
Aki Tuomi reports: Parsing mails with a large number of MIME parts could have resulted in excessive CPU usage or a crash due to running out of stack memory.. Dovecot's NTLM implementation does not correctly check message buffer size, which leads to reading past allocation which can lead to crash...
librsvg2 -- multiple vulnerabilities
Librsvg2 developers reports: Backport the following fixes from 2.46.x: Librsvg now has limits on the number of loaded XML elements, and the number of referenced elements within an SVG document. This is to mitigate malicious SVGs which try to consume all memory, and those which try to consume an...
cacti -- multiple vulnerabilities
The Cacti developers reports: When guest users have access to realtime graphs, remote code could be executed CVE-2020-8813. Lack of escaping on some pages can lead to XSS exposure CVE-2020-7106. Remote Code Execution due to input validation failure in Performance Boost Debug Log CVE-2020-7237...
FreeBSD -- EAP-pwd side-channel attack
Problem Description: Potential side channel attacks in the SAE implementations used by both hostapd and wpasupplicant see CVE-2019-9494 and VU871675. EAP-pwd uses a similar design for deriving PWE from the password and while a specific attack against EAP-pwd is not yet known to be tested, there i...
clamav -- multiple vulnerabilities
Clamav reports: An out-of-bounds heap read condition may occur when scanning PDF documents An out-of-bounds heap read condition may occur when scanning PE files An out-of-bounds heap write condition may occur when scanning OLE2 files An out-of-bounds heap read condition may occur when scanning...
Gitlab -- Multiple vulnerabilities
Gitlab reports: Arbitrary file read via MergeRequestDiff CSRF add Kubernetes cluster integration Blind SSRF in prometheus integration Merge request information disclosure IDOR milestone name information disclosure Burndown chart information disclosure Private merge request titles in public projec...
joomla3 -- vulnerabilitiesw
JSST reports: Inadequate escaping in modbanners leads to a stored XSS vulnerability. Inadequate escaping in comcontact leads to a stored XSS vulnerability Inadequate checks at the Global Configuration Text Filter settings allowed a stored XSS. Inadequate checks at the Global Configuration helpurl...
FreeBSD -- Resource exhaustion in TCP reassembly
Problem Description: One of the data structures that holds TCP segments uses an inefficient algorithm to reassemble the data. This causes the CPU time spent on segment processing to grow linearly with the number of segments in the reassembly queue. Impact: An attacker who has the ability to send...
www/py-requests -- Information disclosure vulnerability
The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network...
Flash Player -- multiple vulnerabilities
Adobe reports: This update resolves a type confusion vulnerability that could lead to arbitrary code execution CVE-2018-4945. This update resolves an integer overflow vulnerability that could lead to information disclosure CVE-2018-5000. This update resolves an out-of-bounds read vulnerability th...
FreeBSD -- vt console memory disclosure
Problem Description: Insufficient validation of user-provided font parameters can result in an integer overflow, leading to the use of arbitrary kernel memory as glyph data. Characters that reference this data can be displayed on the screen, effectively disclosing kernel memory. Impact:...
PostgreSQL vulnerabilities
The PostgreSQL project reports: CVE-2018-1058: Uncontrolled search path element in pgdump and other client applications...
Mailman -- Cross-site scripting (XSS) vulnerability in the web UI
Mark Sapiro reports: An XSS vulnerability in the user options CGI could allow a crafted URL to execute arbitrary javascript in a user's browser. A related issue could expose information on a user's options page without requiring login...
exim -- remote DoS attack in BDAT processing
Exim developers team reports: The receivemsg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service infinite loop and stack exhaustion via vectors involving BDAT commands and an improper check for a '.' character signifying the end of t...
xorg-server -- multiple vulnerabilities
Adam Jackson reports: One regression fix since 1.19.4 mea culpa, and fixes for CVEs 2017-12176 through 2017-12187...
zookeeper -- Denial Of Service
zookeeper developers report: Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from...