6585 matches found
mozilla -- BMP decoder vulnerabilities
Gael Delalleau discovered several integer overflows in Mozilla's BMP decoder that can result in denial-of-service or arbitrary code execution...
postgresql-contrib -- insecure temporary file creation
The makeoidjoinscheck script in the PostgreSQL RDBMS has insecure handling of temporary files, which could lead to an attacker overwriting arbitrary files with the credentials of the user running the makeoidjoinscheck script...
krb5 -- ASN.1 decoder denial-of-service vulnerability
An advisory published by the MIT Kerberos team says: The ASN.1 decoder library in the MIT Kerberos 5 distribution is vulnerable to a denial-of-service attack causing an infinite loop in the decoder. The KDC is vulnerable to this attack. An unauthenticated remote attacker can cause a KDC or...
Multiple Potential Buffer Overruns in Samba
Evgeny Demidov discovered that the Samba server has a buffer overflow in the Samba Web Administration Tool SWAT on decoding Base64 data during HTTP Basic Authentication. Versions 3.0.2 through 3.0.4 are affected. Another buffer overflow bug has been found in the code used to support the "mangling...
mysql -- mysql_real_connect buffer overflow vulnerability
The mysqlrealconnect function doesn't properly handle DNS replies by copying the IP address into a buffer without any length checking. A specially crafted DNS reply may therefore be used to cause a buffer overflow on affected systems. Note that whether this issue can be exploitable depends on the...
XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0
When the IPv6 code was added to xdm a critical test to disable xdmcp was accidentally removed. This caused xdm to create the chooser socket regardless if DisplayManager.requestPort was disabled in xdm-config or not...
xchat remotely exploitable buffer overflow (Socks5)
A straightforward stack buffer overflow exists in XChat's Socks5 proxy support. The XChat developers report that tsifra' discovered this issue. NOTE: XChat Socks5 support is disabled by support in the FreeBSD Ports Collection...
racoon remote denial of service vulnerability (ISAKMP header length field)
When racoon receives an ISAKMP header, it will attempt to allocate sufficient memory for the entire ISAKMP message according to the header's length field. If an attacker crafts an ISAKMP header with a ridiculously large value in the length field, racoon may exceed operating system resource limits...
mysql -- GRANT access restriction problem
When a user is granted access to a database with a name containing an underscore and the underscore is not escaped then that user might also be able to access other, similarly named, databases on the affected system. The problem is that the underscore is seen as a wildcard by MySQL and therefore ...
libxml2 stack buffer overflow in URI parsing
Yuuichi Teranishi reported a crash in libxml2's URI handling when a long URL is supplied. The implementation in nanohttp.c and nanoftp.c uses a 4K stack buffer, and longer URLs will overwrite the stack. This could result in denial-of-service or arbitrary code execution in applications using libxm...
Courier mail services: remotely exploitable buffer overflows
The Courier set of mail services use a common Unicode library. This library contains buffer overflows in the converters for two popular Japanese character encodings. These overflows may be remotely exploitable, triggered by a maliciously formatted email message that is later processed by one of t...
mod_python denial-of-service vulnerability in parse_qs
An attacker may cause Apache with modpython to crash by using a specially constructed query string...
squid -- possible abuse of cachemgr.cgi
The squid patches page notes: This patch adds access controls to the cachemgr.cgi script, preventing it from being abused to reach other servers than allowed in a local configuration file...
go -- net/http: denial of service due to improper 100-continue handling
The Go project reports: net/http: denial of service due to improper 100-continue handling The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational 200 or higher status. This mishandling could leave a clien...
Gitlab -- vulnerabilities
Gitlab reports: GitLab account takeover, under certain conditions, when using Bitbucket as an OAuth provider Path Traversal leads to DoS and Restricted File Read Unauthenticated ReDoS in FileFinder when using wildcard filters in project file search Personal Access Token scopes not honoured by...
typo3-{11,12} -- multiple vulnerabilities
Typo3 developers reports: All versions are security releases and contain important security fixes - read the corresponding security advisories here: Path Traversal in TYPO3 File Abstraction Layer Storages CVE-2023-30451 Code Execution in TYPO3 Install Tool CVE-2024-22188 Information Disclosure of...
qt6-webengine -- Multiple vulnerabilities
Qt qtwebengine-chromium repo reports: Backports for 15 security bugs in Chromium: 1505053 High CVE-2023-6345: Integer overflow in Skia 1500856 High CVE-2023-6346: Use after free in WebAudio 1494461 High CVE-2023-6347: Use after free in Mojo 1501326 High CVE-2023-6702: Type Confusion in V8 1502102...
FreeBSD -- libc stdio buffer overflow
Problem Description: For line-buffered streams the sflush function did not correctly update the FILE object's write space member when the write2 system call returns an error. Impact: Depending on the nature of an application that calls libc's stdio functions and the presence of errors returned fr...
OpenSSL -- Excessive time spent checking DH q parameter value
The OpenSSL project reports: Checking excessively long DH keys or parameters may be very slow severity: Low...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update includes 20 security fixes: 1454086 High CVE-2023-3727: Use after free in WebRTC. Reported by Cassidy Kim@cassidy6564 on 2023-06-12 1457421 High CVE-2023-3728: Use after free in WebRTC. Reported by Zhenghang Xiao @Kipreyyy on 2023-06-23 1453465 High...
Grafana -- Account takeover / authentication bypass
Grafana Labs reports: Grafana validates Azure Active Directory accounts based on the email claim. On Azure AD, the profile email field is not unique across Azure AD tenants. This can enable a Grafana account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant...
electron22 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-2724. Security: backported fix for CVE-2023-2723. Security: backported fix for CVE-2023-2725. Security: backported fix for CVE-2023-2721. Security: backported fix for CVE-2023-3079...
electron23 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-2724. Security: backported fix for CVE-2023-2725. Security: backported fix for CVE-2023-2721. Security: backported fix for CVE-2023-3079. Security: backported fix for CVE-2023-2933...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update includes 16 security fixes: 1410191 High CVE-2023-2929: Out of bounds write in Swiftshader. Reported by Jaehun Jeong@n3sk of Theori on 2023-01-25 1443401 High CVE-2023-2930: Use after free in Extensions. Reported by asnine on 2023-05-08 1444238 High...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update includes 8 security fixes: 1429197 High CVE-2023-2133: Out of bounds memory access in Service Worker API. Reported by Rong Jian of VRI on 2023-03-30 1429201 High CVE-2023-2134: Out of bounds memory access in Service Worker API. Reported by Rong Jian of VRI on...
Grafana -- Stored XSS in text panel plugin
Grafana Labs reports: During an internal audit of Grafana on January 1, a member of the security team found a stored XSS vulnerability affecting the core text plugin. The stored XSS vulnerability requires several user interactions in order to be fully exploited. The vulnerability was possible due...
xrdp -- multiple vulnerabilities
xrdp project reports: This update is recommended for all xrdp users and provides following important security fixes: CVE-2022-23468 CVE-2022-23477 CVE-2022-23478 CVE-2022-23479 CVE-2022-23480 CVE-2022-23481 CVE-2022-23483 CVE-2022-23482 CVE-2022-23484 CVE-2022-23493 These security issues are...
Grafana -- Unauthorized file disclosure
Grafana Labs reports: On July 21, an internal security review identified an unauthorized file disclosure vulnerability in the Grafana Image Renderer plugin when HTTP remote rendering is used. The Chromium browser embedded in the Grafana Image Renderer allows for “printing” of unauthorized files i...
Tomcat -- XSS in examples web application
Apache Tomcat reports: The Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability...
jenkins -- DoS vulnerability in bundled XStream library
Jenkins Security Advisory: Description Medium SECURITY-2602 / CVE-2021-43859 upstream issue, CVE-2022-0538 Jenkins-specific converters DoS vulnerability in bundled XStream library...
RabbitMQ -- Denial of Service via improper input validation
Jonathon Knudsen of Synopsys Cybersecurity Research Center reports: All versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious client can exploit the vulnerability by sending malicious AMQP...
asterisk -- pjproject/pjsip: crash when SSL socket destroyed during handshake
The Asterisk project reports: Depending on the timing, it's possible for Asterisk to crash when using a TLS connection if the underlying socket parent/listener gets destroyed during the handshake...
Gitlab -- Vulnerabilities
GitLab Team reports: Remote code execution when uploading specially crafted image files Update Rexml...
asterisk -- Remote crash when using IAX2 channel driver
The Asterisk project reports: If the IAX2 channel driver receives a packet that contains an unsupported media format it can cause a crash to occur in Asterisk...
tomcat -- Remote Denial of Service in multiple versions
rbeaudry reports: A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the Request object was not reset between requests. Thi...
py-pygments -- multiple DoS vulnerabilities
Red Hat reports: An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML SML source file, as demonstrated by input that only contains the "exception" keyword. Ben Caller reports: In pygments 1.1+, fixed in...
Flash Player -- arbitrary code execution
Adobe reports: This update resolves a NULL pointer dereference vulnerability that could lead to arbitrary code execution CVE-2020-9746...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release fixes 10 security issues, including: 1100136 High CVE-2020-15960: Out of bounds read in storage. Reported by Anonymous on 2020-06-28 1114636 High CVE-2020-15961: Insufficient policy enforcement in extensions. Reported by David Erceg on 2020-08-10 1121836 High...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Arbitrary File Read when Moving an Issue Memory Exhaustion via Excessive Logging of Invite Email Error Denial of Service Through Project Import Feature User Controlled Git Configuration Settings Resulting in SSRF Stored XSS in Issue Reference Number Tooltip Stored XSS in Issues Li...
kramdown -- template option vulnerability
kramdown news: CVE-2020-14001 is addressed to avoid problems when using the ::options / extension together with the 'template' option...
nghttp2 -- DoS vulnerability
nghttp2 security advisories: The overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes 2400 individual settings entries over and over again. The attack causes the CPU...
Rails -- multiple vulnerabilities
Ruby on Rails blog: Hi everyone! Rails 5.2.4.3 and 6.0.3.1 have been released! These releases contain important security fixes, so please upgrade when you can. Both releases contain the following fixes: CVE-2020-8162: Circumvention of file size limits in ActiveStorage CVE-2020-8164: Possible Stro...
Sane -- Multiple Vulnerabilities
The Sane Project reports: epson2: fixes CVE-2020-12867 GHSL-2020-075 and several memory management issues found while addressing that CVE epsonds: addresses out-of-bound memory access issues to fix CVE-2020-12862 GHSL-2020-082 and CVE-2020-12863 GHSL-2020-083, addresses a buffer overflow fixing...
Ansible -- Insecure Temporary File
NVD reports: An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running becomeuser from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems...
FreeRDP -- multiple vulnerabilities
The FreeRDP changelog reports 14 CVEs addressed after 2.0.0-rc4...
Django -- potential SQL injection vulnerability
MITRE CVE reports: Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter. By passing a suitabl...
Gitlab -- Multiple Vulnerabilities
The GitLab Team reports: XSS in Markdown Preview Using Mermaid Bypass Email Verification using Salesforce Authentication Account Takeover using SAML Uncontrolled Resource Consumption in Markdown using Mermaid Disclosure of Private Project Path and Labels Disclosure of Assignees via Milestones...
Django -- multiple vulnerabilities
Django release notes: CVE-2019-14232: Denial-of-service possibility in django.utils.text.Truncator If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a...
oniguruma -- multiple vulnerabilities
A use-after-free in onignewdeluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte...
Dovecot -- improper input validation
Aki Tuomi reports: Vulnerability Details: IMAP and ManageSieve protocol parsers do not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes. Risk: This vulnerability allows for out-of-bounds writes to objects stored on the heap up to 8096 byte...