6585 matches found
Ruby insecure file permissions in the CGI session management
According to a Debian Security Advisory: Andres Salomon noticed a problem in the CGI session management of Ruby, an object-oriented scripting language. CGI::Session's FileStore and presumably PStore ... implementations store session information insecurely. They simply create files, ignoring...
kdelibs insecure temporary file handling
According to a KDE Security Advisory, KDE may sometimes create temporary files without properly checking the ownership and type of the target path. This could allow a local attacker to cause KDE applications to overwrite arbitrary files...
mozilla -- security icon spoofing
Under certain situations it is possible for the security icon which Mozilla displays when connected to a site using SSL to be spoofed. This could be used to make so-called "phishing attacks" more difficult to detect...
racoon remote denial of service vulnerability (IKE Generic Payload Header)
When racoon receives an IKE message with an incorrectly constructed Generic Payload Header, it may behave erratically, going into a tight loop and dropping connections...
Apache httpd -- DoS exploit in HTTP/2
Calif security reports: Remote DoS in modhttp2...
Vaultwarden -- Multiple vulnerabilities
The Vaultwarden project reports: GHSA-937x-3j8m-7w7p Unconfirmed Owner Can Purge Entire Organization Vault. GHSA-569v-845w-g82p Cross-Org Group Binding Enables Unauthorized Read And Write Access Into Another Organization GHSA-6j4w-g4jh-xjfx Refresh tokens not invalidated on security stamp rotatio...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory: Description Critical SECURITY-3430 / CVE-2024-43044 Arbitrary file read vulnerability through agent connections can lead to RCE Description Medium SECURITY-3349 / CVE-2024-43045 Missing permission check allows accessing other users' "My Views"...
PuTTY and embedders (f.i., filezilla) -- biased RNG with NIST P521/ecdsa-sha2-nistp521 signatures permits recovering private key
Simon Tatham reports: ECDSA signatures using 521-bit keys the NIST P521 curve, otherwise known as ecdsa-sha2-nistp521 were generated with biased random numbers. This permits an attacker in possession of a few dozen signatures to RECOVER THE PRIVATE KEY. Any 521-bit ECDSA private key that PuTTY or...
xorg server -- Multiple vulnerabilities
The X.Org project reports: CVE-2023-6816: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255 but the X.Org Server was only...
OpenSSL -- Vector register corruption on PowerPC
The OpenSSL Team reports: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions...
electron26 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-6704. Security: backported fix for CVE-2023-6705. Security: backported fix for CVE-2023-6703. Security: backported fix for CVE-2023-6702...
xorg-server -- Multiple vulnerabilities
The X.Org project reports: CVE-2023-6377/ZDI-CAN-22412/ZDI-CAN-22413: X.Org server: Out-of-bounds memory write in XKB button actions A device has XKB button actions for each button on the device. When a logical device switch happens e.g. moving from a touchpad to a mouse, the server re-calculates...
electron25 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-6345. Security: backported fix for CVE-2023-6346. Security: backported fix for CVE-2023-6347...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update includes 15 security fixes: 1492698 High CVE-2023-5480: Inappropriate implementation in Payments. Reported by Vsevolod Kokorin Slonser of Solidlab on 2023-10-14 1492381 High CVE-2023-5482: Insufficient data validation in USB. Reported by DarkNavy on 2023-10-13...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update includes 4 security fixes: 1452137 High CVE-2023-3420: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2023-06-07 1447568 High CVE-2023-3421: Use after free in Media. Reported by Piotr Bania of Cisco Talos on 2023-05-22 1450397 High...
OpenSSL -- Possible DoS translating ASN.1 identifiers
The OpenSSL project reports: Severity: Moderate. Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow...
Intel CPUs -- multiple vulnerabilities
Intel reports: 2024.1 IPU - Intel Processor Bus Lock Advisory A potential security vulnerability in the bus lock regulator mechanism for some Intel Processors may allow denial of service. Intel is releasing firmware updates to mitigate this potential vulnerability. 2024.1 IPU - Intel Processor...
net-mgmt/cacti is vulnerable to remote command injection
cacti team reports: A command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device...
py-tflite -- buffer overflow vulnerability
Thibaut Goetghebuer-Planchon reports: The reference kernel of the CONV3DTRANSPOSE TensorFlow Lite operator wrongly increments the dataptr when adding the bias to the result. Instead of dataptr += numchannels; it should be dataptr += outputnumchannels; as if the number of input channels is differe...
Gitlab -- Remote Code Execution
Gitlab reports: Remote Command Execution via Github import...
rpm4 -- Multiple Vulnerabilities
rpm project reports: Fix intermediate symlinks not verified CVE-2021-35939. Fix subkey binding signatures not checked on PGP public keys CVE-2021-3521. Refactor file and directory operations to use fd-based APIs throughout CVE-2021-35938...
wolfssl -- multiple issues
wolfSSL blog reports: In release 5.4.0 there were 3 vulnerabilities listed as fixed in wolfSSL. Two relatively new reports, one dealing with a DTLS 1.0/1.2 denial of service attack and the other a ciphertext attack on ECC/DH operations. The last vulnerability listed was a public disclosure of a...
Rails -- XSS vulnerabilities
Ruby on Rails blog: This is an announcement to let you know that Rails 7.0.2.4, 6.1.5.1, 6.0.4.8, and 5.2.7.1 have been released! These are security releases so please update as soon as you can. Once again we've made these releases based on the last release tag, so hopefully upgrading will go...
Rundeck3 -- Log4J RCE vulnerability
The Rundeck project reports: This release updates both Community and Enterprise with the latest Log4J to address CVE-2021-44832 by updating it to 2.17.1...
puppet -- Unsafe HTTP Redirect
Puppet reports: A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007...
chromium -- multiple vulnerabilities
Chrome Releases/Stable updates reports: This release contains 4 security fixes, including: 1245578 High CVE-2021-37974: Use after free in Safe Browsing. Reported by Weipeng Jiang @Krace from Codesafe Team of Legendsec at Qi'anxin Group on 2021-09-01 1252918 High CVE-2021-37975: Use after free in...
Node.js -- August 2021 Security Releases
Node.js reports: cares upgrade - Improper handling of untypical characters in domain names High CVE-2021-22931 Node.js was vulnerable to Remote Code Execution, XSS, application crashes due to missing input validation of host names returned by Domain Name Servers in the Node.js DNS library which c...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory: Description Medium SECURITY-2278 / CVE-2021-21670 Improper permission checks allow canceling queue items and aborting builds High SECURITY-2371 / CVE-2021-21671 Session fixation vulnerability...
PuppetDB -- SQL Injection
Puppet reports: Fixed an issue where someone with the ability to query PuppetDB could arbitrarily write, update, or delete data CVE-2021-27021 PDB-5138...
jasper -- multiple vulnerabilities
JasPer Releases: - Fix memory-related bugs in the JPEG-2000 codec resulting from attempting to decode invalid code streams. 264, 265 This fix is associated with CVE-2021-26926 and CVE-2021-26927. - Fix wrong return value under some compilers 260 - Fix CVE-2021-3272 heap buffer overflow in jp2deco...
kdeconnect -- packet manipulation can be exploited in a Denial of Service attack
Albert Astals Cid reports: KDE Project Security Advisory Title KDE Connect: packet manipulation can be exploited in a Denial of Service attack Risk Rating Important CVE CVE-2020-26164 Versions kdeconnect Date 2 October 2020 Overview An attacker on your local network could send maliciously crafted...
FreeBSD -- ftpd privilege escalation via ftpchroot feature
Problem Description: A ftpd8 bug in the implementation of the file system sandbox, combined with capabilities available to an authenticated FTP user, can be used to escape the file system restriction configured in ftpchroot5. Moreover, the bug allows a malicious client to gain root privileges...
curl -- expired pointer dereference vulnerability
curl security problems: CVE-2020-8231: wrong connect-only connection An application that performs multiple requests with libcurl's multi API and sets the CURLOPTCONNECTONLY option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pi...
ark -- directory traversal
KDE Project Security Advisory reports: KDE Project Security Advisory Title: Ark: maliciously crafted archive can install files outside the extraction directory. Risk Rating: Important CVE: CVE-2020-16116 Versions: ark Date: 30 July 2020 Overview A maliciously crafted archive with "../" in the fil...
glpi -- Unauthenticated File Deletion
MITRE Corporation reports: In GLPI before version 9.5.2, the pluginimage.send.php endpoint allows a user to specify an image from a plugin. The parameters can be maliciously crafted to instead delete the .htaccess file for the files directory. Any user becomes able to read all the files and folde...
Rails -- permission vulnerability
Ruby on Rails blog: Rails 6.0.3.2 has been released! This version of Rails contains an important security patch, and you should upgrade! The release contains only one patch that addresses CVE-2020-8185...
security/trousers -- several vulnerabilities
the TrouSerS project reports reports: If the tcsd daemon is started with root privileges, it fails to drop the root gid after it is no longer needed. If the tcsd daemon is started with root privileges, the tss user has read and write access to the /etc/tcsd.conf file. If the tcsd daemon is starte...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: This release includes 38 security fixes, including CVEs CVE-2020-6465 through CVE-2020-6491...
qutebrowser -- Reloading page with certificate errors shows a green URL
Qutebrowser developers report: After a certificate error was overridden by the user, qutebrowser displays the URL as yellow colors.statusbar.url.warn.fg. However, when the affected website was subsequently loaded again, the URL was mistakenly displayed as green colors.statusbar.url.successhttps...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: This updates includes 32 security fixes, including: 1019161 High CVE-2020-6454: Use after free in extensions. Reported by Leecraso and Guang Gong of Alpha Lab, Qihoo 360 on 2019-10-29 1043446 High CVE-2020-6423: Use after free in audio. Reported by Anonymous on...
spamassassin -- Nefarious rule configuration files can run system commands
The Apache SpamAssassin project reports: A nefarious rule configuration .cf files can be configured to run system commands. This issue is less stealthy and attempts to exploit the issue will throw warnings. Thanks to Damian Lukowski at credativ for reporting the issue ethically. With this bug...
Solr -- multiple vulnerabilities
Community reports: 8.1.1 and 8.2.0 users check ENABLEREMOTEJMXOPTS setting Apache Solr RCE vulnerability due to bad config default Apache Solr RCE through VelocityResponseWriter...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Project Template Functionality Could Be Used to Access Restricted Project Data Security Enhancements in GitLab Pages...
asterisk -- Crash when negotiating for T.38 with a declined stream
The Asterisk project reports: When Asterisk sends a re-invite initiating T.38 faxing, and the endpoint responds with a declined media stream a crash will then occur in Asterisk...
Gitlab -- Multiple vulnerabilities
Gitlab reports: DoS potential for regex in CI/CD refs Related branches visible in issues for guests Persistent XSS at merge request resolve conflicts Improper authorization control "move issue" Guest users of private projects have access to releases DoS potential on project languages page Recurit...
buildbot -- CRLF injection in Buildbot login and logout redirect code
A CRLF can be injected in Location header of /auth/login and /auth/logout This is due to lack of input validation in the buildbot redirection code. It was not found a way to impact Buildbot product own security through this vulnerability, but it could be used to compromise other sites hosted on t...
powerdns-recursor -- multiple vulnerabilities
PowerDNS Team reports: CVE-2019-3806: An issue has been found in PowerDNS Recursor where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua. When the recursor is configured to run with...
netatalk3 -- remote code execution vulnerability
NIST reports: Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsiopensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution...
Gitlab -- Remote Code Execution Vulnerability in GitLab Projects Import
Gitlab reports: Remote Code Execution Vulnerability in GitLab Projects Import...
BIND -- multiple vulnerabilities
ISC reports: An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession. A problem with the implementation of the new serve-stale feature in BIND 9.12 can lea...