6583 matches found
electron{23,24} -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-3215. Security: backported fix for CVE-2023-3216...
git -- Multiple vulnerabilities
git developers reports: This update includes 2 security fixes: CVE-2023-25652: By feeding specially crafted input to git apply --reject, a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunks from the given patch CVE-2023-29007: A...
rack -- Multiple vulnerabilities
Aaron Patterson reports: CVE-2022-44570 Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests such as streaming applications, or...
py39-setuptools58 -- denial of service vulnerability
SCH227 reports: Python Packaging Authority PyPA's setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page du...
Grafana -- Stored XSS in ResourcePicker component
Grafana Labs reports: On 2022-12-16 during an internal audit of Grafana, a member of the security team found a stored XSS vulnerability affecting the core plugin GeoMap. The stored XSS vulnerability was possible due to SVG-files weren't properly sanitized and allowed arbitrary JavaScript to be...
Tomcat -- Request Smuggling
Apache Tomcat reports: If Tomcat was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false the default for 8.5.x only, Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a...
Django -- multiple vulnerabilities
The Django Project reports: CVE-2022-34265: Potential SQL injection via Trunckind and Extractlookupname arguments...
clamav -- Multiple vulnerabilities
The ClamAV project reports: Fixed a possible double-free vulnerability in the OLE2 file parser. Issue affects versions 0.104.0 through 0.104.2. Issue identified by OSS-Fuzz. Fixed a possible infinite loop vulnerability in the CHM file parser. Issue affects versions 0.104.0 through 0.104.2 and LTS...
FreeBSD -- Potential jail escape vulnerabilities in netmap
Problem Description: The total size of the user-provided nmreq to nmreqcopyin was first computed and then trusted during the copyin. This time-of-check to time-of-use bug could lead to kernel memory corruption. CVE-2022-23084 A user-provided integer option was passed to nmreqcopyin without checki...
Apache OpenOffice -- master password vulnerabilities
The Apache Openoffice project reports: Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where the required initialization...
cassandra3 -- arbitrary code execution
Marcus Eriksson reports: When running Apache Cassandra with the following configuration: enableuserdefinedfunctions: true enablescripteduserdefinedfunctions: true enableuserdefinedfunctionsthreads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need...
go -- multiple vulnerabilities
The Go project reports: crypto/elliptic: fix IsOnCurve for big.Int values that are not valid coordinates Some big.Int values that are not valid field elements negative or overflowing might cause Curve.IsOnCurve to incorrectly return true. Operating on those values may cause a panic or an invalid...
strongswan - Incorrect Handling of Early EAP-Success Messages
Strongswan Release Notes reports: Fixed a vulnerability in the EAP client implementation that was caused by incorrectly handling early EAP-Success messages. It may allow to bypass the client and in some scenarios even the server authentication, or could lead to a denial-of-service attack. This...
OpenEXR -- Heap-buffer-overflow in Imf_3_1::LineCompositeTask::execute
Cary Phillips reports: OpenEXR Version 3.1.4 is a patch release that ... addresses one public security vulnerability: CVE-2021-45942 Heap-buffer-overflow in Imf31::LineCompositeTask::execute and several specific OSS-fuzz issues...
rubygem-cgi -- cookie prefix spoofing in CGI::Cookie.parse
oooooooq reports: The old versions of CGI::Cookie.parse applied URL decoding to cookie names. An attacker could exploit this vulnerability to spoof security prefixes in cookie names, which may be able to trick a vulnerable application. By this fix, CGI::Cookie.parse no longer decodes cookie names...
chromium -- use after free in Portals
Chrome Releases reports: 1251727 High CVE-2021-37973 : Use after free in Portals. Reported by Clement Lecigne from Google TAG, with technical assistance from Sergei Glazunov and Mark Brand from Google Project Zero on 2021-09-21 Google is aware that an exploit for CVE-2021-37973 exists in the wild...
py-tflite -- denial of service vulnerability
Yakun Zhang of Baidu Security reports: An attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service...
FreeBSD -- libfetch out of bounds read
Problem Description: The passive mode in FTP communication allows an out of boundary read while libfetch uses strtol to parse the relevant numbers into address bytes. It does not check if the line ends prematurely. If it does, the for-loop condition checks for p == '\0' one byte too late because...
go -- crypto/tls: clients can panic when provided a certificate of the wrong type for the negotiated parameters
The Go project reports: crypto/tls clients can panic when provided a certificate of the wrong type for the negotiated parameters. net/http clients performing HTTPS requests are also affected. The panic can be triggered by an attacker in a privileged network position without access to the server...
Ansible -- Ansible user credentials disclosure in ansible-connection module
Red Hat reports: A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality...
isc-dhcp -- remotely exploitable vulnerability
Michael McNally reports: Program code used by the ISC DHCP package to read and parse stored leases has a defect that can be exploited by an attacker to cause one of several undesirable outcomes...
OpenDMARC - Multiple vulnerabilities
OpenDMARC releases prior to 1.4.1 are susceptible to the following vulnerabilities: CVE-2019-16378 OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be...
FreeBSD -- login.access fails to apply rules
Problem Description: A regression in the login.access5 rule processor has the effect of causing rules to fail to match even when they should not. This means that rules denying access may be ignored. Impact: The configuration in login.access5 may not be applied, permitting login access to users ev...
asterisk -- Crash when negotiating T.38 with a zero port
The Asterisk project reports: When Asterisk sends a re-invite initiating T.38 faxing and the endpoint responds with a m=image line and zero port, a crash will occur in Asterisk. This is a reoccurrence of AST-2019-004...
Gitlab -- Multiple vulnerabilities
Gitlab reports: Stored XSS in merge request Stored XSS in epic's pages Sensitive GraphQL variables exposed in structured log Guest user can see tag names in private projects Information disclosure via error message DNS rebinding protection bypass Validate existence of private project...
go -- cmd/go: packages using cgo can cause arbitrary code execution at build time; crypto/elliptic: incorrect operations on the P-224 curve
The Go project reports: The go command may execute arbitrary code at build time when cgo is in use on Windows. This may occur when running "go get", or any other command that builds code. Only users who build untrusted code and don't execute it are affected. In addition to Windows users, this can...
xorg-server -- Multiple input validation failures in X server XKB extension
The X.org project reports: These issues can lead to privileges elevations for authorized clients on systems where the X server is running privileged. Insufficient checks on the lengths of the XkbSetMap request can lead to out of bounds memory accesses in the X server. Insufficient checks on input...
chromium -- multiple vulnerabilities
Chrome releases reports: This release contains 35 security fixes, including: 1127322 Critical CVE-2020-15967: Use after free in payments. Reported by Man Yue Mo of GitHub Security Lab on 2020-09-11 1126424 High CVE-2020-15968: Use after free in Blink. Reported by Anonymous on 2020-09-09 1124659...
FreeBSD -- SCTP socket use-after-free bug
Problem Description: Due to improper handling in the kernel, a use-after-free bug can be triggered by sending large user messages from multiple threads on the same socket. Impact: Triggering the use-after-free situation may result in unintended kernel behaviour including a kernel panic...
Mbed TLS -- Local side channel attack on classical CBC decryption in (D)TLS
Manuel Pégourié-Gonnard reports: When decrypting/authenticating DTLS record in a connection using a CBC ciphersuite without the Encrypt-then-Mac extension RFC 7366, Mbed TLS used dummy rounds of the compression function associated with the hash used for HMAC in order to hide the length of the...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update contains 8 security fixes, including: 1105318 High CVE-2020-6537: Type Confusion in V8. Reported by Alphalaab on 2020-07-14 1096677 High CVE-2020-6538: Inappropriate implementation in WebView. Reported by Yongke Wang@Rudykewang and Aryb1n@aryb1n of Tencent...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update includes 5 security fixes. Below, we highlight fixes that were contributed by external researchers. 1082105 High CVE-2020-6493: Use after free in WebAuthentication. Reported by Anonymous on 2020-05-13 1083972 High CVE-2020-6494: Incorrect security UI in...
malicious URLs can cause git to send a stored credential to wrong server
git security advisory reports: Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are considered illegal as of the recently published Git versions can cause Git to se...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: NuGet Package and File Disclosure through GitLab Workhorse Job Artifact Uploads and File Disclosure through GitLab Workhorse Incorrect membership following group removal Logging of Praefect tokens Update Rack dependency Update OpenSSL dependency...
GnuTLS -- flaw in DTLS protocol implementation
The GnuTLS project reports: It was found that GnuTLS 3.6.3 introduced a regression in the DTLS protocol implementation. This caused the DTLS client to not contribute any randomness to the DTLS negotiation breaking the security guarantees of the DTLS protocol...
FreeBSD -- Incorrect user-controlled pointer use in epair
Problem Description: Incorrect use of a potentially user-controlled pointer in the kernel allowed vnet jailed users to panic the system and potentially execute aribitrary code in the kernel. Impact: Users with root level access or the PRIVNETIFCREATE privilege can panic the system, or potentially...
samba -- multiple vulnerabilities
The Samba Team reports: CVE-2019-14861: An authenticated user can crash the DCE/RPC DNS management server by creating records with matching the zone name. CVE-2019-14870: The DelegationNotAllowed Kerberos feature restriction was not being applied when processing protocol transition requests...
asterisk -- Remote Crash Vulnerability in audio transcoding
The Asterisk project reports: When audio frames are given to the audio transcoding support in Asterisk the number of samples are examined and as part of this a message is output to indicate that no samples are present. A change was done to suppress this message for a particular scenario in which...
FreeBSD -- Multiple vulnerabilities in bzip2
Problem Description: The decompressor used in bzip2 contains a bug which can lead to an out-of-bounds write when processing a specially crafted bzip21 file. bzip2recover contains a heap use-after-free bug which can be triggered when processing a specially crafted bzip21 file. Impact: An attacker...
drupal -- Drupal core - Moderately critical
Drupal Security Team reports: CVE-2019-11831: By-passing protection of Phar Stream Wrapper Interceptor. In order to intercept file invocations like fileexists or stat on compromised Phar archives the base name has to be determined and checked before allowing to be handled by PHP Phar stream...
FreeBSD -- SAE confirm missing state validation
Problem Description: When hostapd is used to operate an access point with SAE Simultaneous Authentication of Equals; also known as WPA3-Personal, an invalid authentication sequence could result in the hostapd process terminating due to a NULL pointer dereference when processing SAE confirm messag...
powerdns-recursor -- multiple vulnerabilities
PowerDNS Team reports: CVE-2019-3806: An issue has been found in PowerDNS Recursor where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua. When the recursor is configured to run with...
znc -- multiple vulnerabilities
Mitre reports: ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf. ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files...
asterisk -- PJSIP endpoint presence disclosure when using ACL
The Asterisk project reports: When endpoint specific ACL rules block a SIP request they respond with a 403 forbidden. However, if an endpoint is not identified then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot b...
patch -- multiple vulnerabilities
NVD reports: An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuitdifftype function in pch.c, aka a "mangled rename" issue. A double free exists in the anotherhunk function in pch...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 4 security fixes in this release: 835887 Critical: Chain leading to sandbox escape. Reported by Anonymous on 2018-04-23 836858 High CVE-2018-6121: Privilege Escalation in extensions 836141 High CVE-2018-6122: Type confusion in V8 833721 High CVE-2018-6120: Heap...
perl -- multiple vulnerabilities
perldelta: CVE-2018-6797: heap-buffer-overflow WRITE of size 1 in Sregatom regcomp.c A crafted regular expression could cause a heap buffer write overflow, with control over the bytes written. perl 132227 CVE-2018-6798: Heap-buffer-overflow in Perlbytedumpstring utf8.c Matching a crafted locale...
chromium -- vulnerability
Google Chrome Releases reports: 3 security fixes in this release: 831963 Critical CVE-2018-6118: Use after free in Media Cache. Reported by Ned Williamson on 2018-04-12 837635 Various fixes from internal audits, fuzzing and other initiatives...
SQLite -- Corrupt DB can cause a NULL pointer dereference
MITRE reports: SQLite databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c...
PostgreSQL vulnerabilities
The PostgreSQL project reports: CVE-2018-1052: Fix the processing of partition keys containing multiple expressions only for PostgreSQL-10.x CVE-2018-1053: Ensure that all temporary files made with "pgupgrade" are non-world-readable...