6578 matches found
Apache httpd -- Multiple vulnerabilities
The Apache httpd projec reports: modhttp2: Important: Push Diary Crash on Specifically Crafted HTTP/2 Header CVE-2020-9490 A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards...
DNSSEC validators -- denial-of-service/CPU exhaustion from KeyTrap and NSEC3 vulnerabilities
Simon Kelley reports: If DNSSEC validation is enabled, then an attacker who can force a DNS server to validate a specially crafted signed domain can use a lot of CPU in the validator. This only affects dnsmasq installations with DNSSEC enabled. Stichting NLnet Labs reports: The KeyTrap...
FreeBSD -- Potential remote code execution via ssh-agent forwarding
Problem Description: The server may cause ssh-agent to load shared libraries other than those required for PKCS11 support. These shared libraries may have side effects that occur on load and unload dlopen and dlclose. Impact: An attacker with access to a server that accepts a forwarded ssh-agent...
nginx -- multiple vulnerabilities
Maxim Dounin reports: Several problems in nginx resolver were identified, which might allow an attacker to cause worker process crash, or might have potential other impact if the "resolver" directive is used in a configuration file...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Path Traversal in NuGet Package Registry Workhorse Bypass Leads to File Disclosure OAuth Application Client Secrets Revealed Code Owners Approval Rules Are Not Updated for Existing Merge Requests When Source Branch Changes Code Owners Protection Not Enforced from Web UI Repository...
Postfix -- memory corruption vulnerability
The Postfix SMTP server has a memory corruption error, when the Cyrus SASL library is used with authentication mechanisms other than PLAIN and LOGIN ANONYMOUS is not affected, but should not be used for other reasons. This memory corruption is known to result in a program crash SIGSEV...
grafana -- LDAP and OAuth login vulnerability
Grafana Labs reports: On the 20th of August at 1800 CEST we were contacted about a potential security issue with the “remember me” cookie Grafana sets upon login. The issue targeted users without a local Grafana password LDAP & OAuth users and enabled a potential attacker to generate a valid cook...
openssh -- sshd -- remote valid user discovery and PAM /bin/login attack
The OpenSSH project reports: sshd8: Mitigate timing differences in password authentication that could be used to discern valid from invalid account names when long passwords were sent and particular password hashing algorithms are in use on the server. CVE-2016-6210, reported by EddieEzra.Harari ...
FreeBSD -- zlib compression out-of-bounds write
Problem Description: Certain inputs can cause zlib's compression routine to overwrite an internal buffer with compressed data. This issue may require the use of uncommon or non-default compression parameters. Impact: The out-of-bounds write may result in memory corruption and an application crash...
OpenSSL -- ChaCha20-Poly1305 nonce vulnerability
The OpenSSL project reports: Low: ChaCha20-Poly1305 with long nonces CVE-2019-1543 ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value IV should be 96 bits 12 bytes. OpenSSL allows a variable nonce length a...
jenkins -- Remote code execution vulnerability in remoting module
Jenkins Security Advisory: An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java object to the Jenkins CLI, making Jenkins connect to an attacker-controlled LDAP server, which in turn can send a serialized payload leading to code execution, bypassi...
redis -- Multiple vulnerabilities
Aviv Yahav reports: CVE-2022-24735 By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis can inject Lua code that will execute with the potentially higher privileges of another Redis user. CVE-2022-24736 An attacker attempting to load a specially craft...
Apache httpd -- Multiple vulnerabilities
The Apache http server project reports: moderate: null pointer dereference in h2 fuzzing CVE-2021-41524 important: Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49 CVE-2021-41773...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: CVE-2019-11707: Type confusion in Array.pop A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw...
Apache httpd -- multiple vulnerabilities
The Apache project reports: moderate: Request splitting via HTTP/2 method injection and modproxy CVE-2021-33193 moderate: NULL pointer dereference in httpd core CVE-2021-34798 moderate: modproxyuwsgi out of bound read CVE-2021-36160 low: apescapequotes buffer overflow CVE-2021-39275 high: modprox...
sudo -- Potential bypass of Runas user restrictions
Todd C. Miller reports: When sudo is configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, it is possible to run commands as root by specifying the user ID -1 or 4294967295. This can be used by a user with sufficient sudo privileges to run...
postfixadmin -- SQL injection vulnerability
Thijs Kinkhorst reports: Postfixadmin has an SQL injection vulnerability. This vulnerability is only exploitable by authenticated users able to create new aliases...
traefik -- Use of vulnerable Go module x/net/http2
The Go project reports: A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, whi...
Grafana -- Incorrect Access Control
Grafana Labs reports: When the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance, Grafana 8.0 introduced a mechanism which allowed users with the Organization Admin role to list, add, remove, and update users’ roles in other...
Apache httpd -- Multiple vulnerabilities
The Apache httpd reports: moderate: modproxywstunnel tunneling of non Upgraded connections CVE-2019-17567 moderate: Improper Handling of Insufficient Privileges CVE-2020-13938 low: modproxyhttp NULL pointer dereference CVE-2020-13950 low: modauthdigest possible stack overflow by one nul byte...
Node.js -- April 2021 Security Releases
Node.js reports: OpenSSL - CA certificate check bypass with X509VFLAGX509STRICT High CVE-2021-3450 This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt OpenSSL - NULL pointer deref in...
ntp -- 13 low- and medium-severity vulnerabilities
ntp.org reports: NTF's NTP Project has been notified of the following 13 low- and medium-severity vulnerabilities that are fixed in ntp-4.2.8p4, released on Wednesday, 21 October 2015: Bug 2941 CVE-2015-7871 NAK to the Future: Symmetric association authentication bypass via crypto-NAK Cisco ASIG...
OpenSSL -- AES OCB fails to encrypt some bytes
The OpenSSL project reports: AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special...
curl -- Multiple vulnerabilities
The curl project reports: CVE-2022-27778: curl removes wrong file on error CVE-2022-27779: cookie for trailing dot TLD CVE-2022-27780: percent-encoded path separator in URL host CVE-2022-27781: CERTINFO never-ending busy-loop CVE-2022-27782: TLS and SSH connection too eager reuse CVE-2022-30115:...
nghttp2 -- multiple vulnerabilities
nghttp2 GitHub releases: This release fixes CVE-2019-9511 "Data Dribble" and CVE-2019-9513 "Resource Loop" vulnerability in nghttpx and nghttpd. Specially crafted HTTP/2 frames cause Denial of Service by consuming CPU time. Check out...
openssl -- Incorrect PKCS#1 v1.5 padding validation in crypto(3)
Problem Description When verifying a PKCS1 v1.5 signature, OpenSSL ignores any bytes which follow the cryptographic hash being signed. In a valid signature there will be no such bytes. Impact OpenSSL will incorrectly report some invalid signatures as valid. When an RSA public exponent of 3 is use...
Apache httpd -- Multiple vulnerabilities
The Apache httpd project reports: modlua: Use of uninitialized value of in r:parsebody moderate CVE-2022-22719A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. HTTP request smuggling vulnerability important CVE-2022-22720 httpd fails...
Apache -- HTTP OPTIONS method can leak server memory
The Fuzzing Project reports: Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x...
PuTTY - old-style scp downloads may allow remote code execution
Simon G. Tatham reports: Many versions of PSCP prior to 0.67 have a stack corruption vulnerability in their treatment of the 'sink' direction i.e. downloading from server to client of the old-style SCP protocol. In order for this vulnerability to be exploited, the user must connect to a malicious...
mediawiki -- multiple vulnerabilities
Mediawiki reports: Bug 39700 Wikipedia administrator Writ Keeper discovered a stored XSS HTML injection vulnerability. This was possible due to the handling of link text on File: links for nonexistent files. MediaWiki 1.16 and later is affected. Bug 39180 User Fomafix reported several DOM-based X...
samba -- Multiple Vulnerabilities
The Samba Team reports: CVE-2020-25717: A user in an AD Domain could become root on domain members. CVE-2020-25718: Samba AD DC did not correctly sandbox Kerberos tickets issued by an RODC. CVE-2020-25719: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets. CVE-2020-25721:...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: CVE-2019-9790: Use-after-free when removing in-use DOM elements CVE-2019-9791: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey CVE-2019-9792: IonMonkey leaks JSOPTIMIZEDOUT magic value to script CVE-2019-9793: Improper...
kf5-kauth -- Insecure handling of arguments in helpers
Albert Astals Cid reports: KAuth allows to pass parameters with arbitrary types to helpers running as root over DBus. Certain types can cause crashes and trigger decoding arbitrary images with dynamically loaded plugin...
phpmyadmin -- remote code inclusion and XSS scripting
The phpMyAdmin development team reports: Summary XSS in Designer feature Description A Cross-Site Scripting vulnerability was found in the Designer feature, where an attacker can deliver a payload to a user through a specially-crafted database name. Severity We consider this attack to be of...
Flash Player -- multiple vulnerabilities
Adobe reports: This update resolves a use-after-free vulnerability that could lead to arbitrary code execution CVE-2018-15982. This update resolves an insecure library loading vulnerability that could lead to privilege escalation CVE-2018-15983...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory: Please reference CVE/URL list for details...
gitlab -- privilege escalation via "impersonate" feature
GitLab reports: During an internal code review, we discovered a critical security flaw in the "impersonate" feature of GitLab. Added in GitLab 8.2, this feature was intended to allow an administrator to simulate being logged in as any other user. A part of this feature was not properly secured an...
sudo -- potential privilege escalation via symlink misconfiguration
MITRE reports: sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home///file.txt."...
Apache httpd -- Multiple vulnerabilities
The Apache httpd project reports: moddav out of bounds read, or write of zero byte CVE-2006-20001 moderate modproxyajp Possible request smuggling CVE-2022-36760 moderate modproxy prior to 2.4.55 allows a backend to trigger HTTP response splitting CVE-2022-37436 moderate...
OpenSSL remote denial of service vulnerability
Problem Description: Server or client applications that call the SSLcheckchain function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signaturealgorithmscert" TLS extension. The crash occurs if an invalid or unrecognized...
tomcat -- Remote Code Execution
tomcat developers reports: When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled e.g. via setting the readonly initialisation parameter of the Default servlet to false it was possible to upload a JSP file to the serv...
RDoc -- multiple jQuery vulnerabilities
Ruby news: There are multiple vulnerabilities about Cross-Site Scripting XSS in jQuery shipped with RDoc which bundled in Ruby. All Ruby users are recommended to update Ruby to the latest release which includes the fixed version of RDoc. The following vulnerabilities have been reported...
phpmailer -- Remote Code Execution
Legal Hackers reports: An independent research uncovered a critical vulnerability in PHPMailer that could potentially be used by unauthenticated remote attackers to achieve remote arbitrary code execution in the context of the web server user and remotely compromise the target web application. To...
Apache httpd -- Source code disclosure with handlers configured via AddType
The Apache httpd project reports: source code disclosure with handlers configured via AddType CVE-2024-40725 Important: A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar...
py39-setuptools -- denial of service vulnerability
SCH227 reports: Python Packaging Authority PyPA's setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page du...
Django -- Incorrect HTTP detection with reverse-proxy connecting via HTTPS
Django security releases issued: When deployed behind a reverse-proxy connecting to Django via HTTPS, django.http.HttpRequest.scheme would incorrectly detect client requests made via HTTP as using HTTPS. This entails incorrect results for issecure, and buildabsoluteuri, and that HTTP requests wou...
python 3.7 -- multiple vulnerabilities
Python changelog: bpo-37463: ssl.matchhostname no longer accepts IPv4 addresses with additional text after the address and only quad-dotted notation without trailing whitespaces. Some inetaton implementations ignore whitespace and all data after whitespace, e.g.'127.0.0.1 whatever'. bpo-35907:...
OpenSSL -- multiple vulnerabilities
The OpenSSL project reports: Read/write after SSL object in error state CVE-2017-3737 OpenSSL 1.0.2 starting from version 1.0.2b introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediate...
activemq -- Unsafe deserialization
Alvaro Muatoz, Matthias Kaiser and Christian Schneider reports: JMS Object messages depends on Java Serialization for marshaling/unmashaling of the message payload. There are a couple of places inside the broker where deserialization can occur, like web console or stomp object message...
libzip -- integer overflow
libzip developers report: Avoid integer overflow. Fixed similarly to patch used in PHP copy of libzip...