6585 matches found
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 10 security fixes, including: 1138911 High CVE-2020-16004: Use after free in user interface. Reported by Leecraso and Guang Gong of 360 Alpha Lab working with 360 BugCloud on 2020-10-15 1139398 High CVE-2020-16005: Insufficient policy enforcement in...
xorg-server -- Pixel Data Uninitialized Memory Information Disclosure
The X.org project reports: Allocation for pixmap data in AllocatePixmap does not initialize the memory in xserver, it leads to leak uninitialize heap memory to clients. When the X server runs with elevated privileges. This flaw can lead to ASLR bypass, which when combined with other flaws...
LibreOffice Security Advisory
LibreOffice reports: Two flaws were found in LibreOffice: CVE-2020-12802: remote graphics contained in docx format retrieved in 'stealth mode' CVE-2020-12803: XForms submissions could overwrite local files...
Mbed TLS -- Side channel attack on ECDSA
Manuel Pégourié-Gonnard reports: An attacker with access to precise enough timing and memory access information typically an untrusted operating system attacking a secure enclave such as SGX or the TrustZone secure world can fully recover an ECDSA private key after observing a number of signature...
dbus file descriptor leak
GitHub Security Lab reports: D-Bus has a file descriptor leak, which can lead to denial of service when the dbus-daemon runs out of file descriptors. An unprivileged local attacker can use this to attack the system dbus-daemon, leading to denial of service for all users of the machine...
ansible - Vault password leak from temporary file
Borja Tarraso reports: A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file...
clamav -- Denial-of-Service (DoS) vulnerability
Micah Snyder reports: A denial-of-service DoS condition may occur when using the optional credit card data-loss-prevention DLP feature. Improper bounds checking of an unsigned variable resulted in an out-of-bounds read, which causes a crash...
Gitlab -- Private objects exposed through project import
Gitlab reports: Private objects exposed through project importi...
dovecot -- null pointer deref in notify with empty headers
Aki Tuomi reports Mail with group address as sender will cause a signal 11 crash in push notification drivers. Group address as recipient can cause crash in some drivers...
cacti -- multiple vulnerabilities
The cacti developers reports: When viewing graphs, some input variables are not properly checked SQL injection possible. Multiple instances of lib/functions.php are affected by unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence...
Pillow -- Allocation of resources without limits or throttling
Mitre reports: An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image...
powerdns -- multiple vulnerabilities
PowerDNS Team reports: CVE-2019-10162: An issue has been found in PowerDNS Authoritative Server allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit whe...
FreeBSD -- IPv6 fragment reassembly panic in pf(4)
Problem Description: A bug in the pf4 IPv6 fragment reassembly logic incorrectly uses the last extension header offset from the last received packet instead of from the first packet. Impact: Malicious IPv6 packets with different IPv6 extensions could cause a kernel panic or potentially a filterin...
Rust -- violation of Rust's safety guarantees
Sean McArthur reports: The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if overridden, can violate Rust's safety guarantees and cause memory unsafety. If the Error::typeid method is overridden then any type can be safely cast to any other typ...
drupal -- Drupal core - Moderately critical - Cross Site Scripting
Drupal Security Team reports: Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting XSS vulnerability...
Gitlab -- Vulnerability
Gitlab reports: Public project in a private group makes the group page publicly accessible...
mutt -- remote code injection and path traversal vulnerability
Kevin J. McCarthy reports: Fixes a remote code injection vulnerability when "subscribing" to an IMAP mailbox, either via $imapchecksubscribed, or via the function in the browser menu. Mutt was generating a "mailboxes" command and sending that along to the muttrc parser. However, it was not escapi...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList CVE-2018-5128: Use-after-free manipulating editor selection ranges CVE-2018-5129: Out-of-bounds write with malformed IPC messages CVE-2018-5130: Mismatched RTP payload type can trigger memory corruptio...
rsync -- multiple vulnerabilities
Jeriko One reports: The receivexattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service heap-based buffer over-read and application crash or possibly have unspecified...
libvorbis -- two vulnerabilities
Two vulnerabilities were fixed in the upstream repository: The barknoisehybridmp function allows remote attackers to cause a denial of service out-of-bounds access and application crash or possibly have unspecified other impact via a crafted file. mapping0forward does not validate the number of...
libsoup -- stack based buffer overflow
Tobias Mueller reports: libsoup is susceptible to a stack based buffer overflow attack when using chunked encoding. Regardless of libsoup being used as a server or client...
rt and dependent modules -- multiple security vulnerabilities
BestPractical reports: Please reference CVE/URL list for details...
weechat -- multiple vulnerabilities
Common Vulnerabilities and Exposures: WeeChat before 1.7.1 allows a remote crash by sending a filename via DCC to the IRC plugin. This occurs in the ircctcpdccfilenamewithoutquotes function during quote removal, with a buffer overflow...
tiff -- multiple vulnerabilities
NVD reports: Please reference CVE/URL list for details...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 36 security fixes in this release Please reference CVE/URL list for details...
mozilla -- data: URL can inherit wrong origin after an HTTP redirect
The Mozilla Foundation reports: Redirection from an HTTP connection to a data: URL assigns the referring site's origin to the data: URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has...
xen-tools -- delimiter injection vulnerabilities in pygrub
The Xen Project reports: pygrub, the boot loader emulator, fails to quote or sanity check its results when reporting them to its caller. A malicious guest administrator can obtain the contents of sensitive host files an information leak. Additionally, a malicious guest administrator can cause fil...
gitlab -- Directory traversal via "import/export" feature
GitLab reports: The import/export feature did not properly check for symbolic links in user-provided archives and therefore it was possible for an authenticated user to retrieve the contents of any file accessible to the GitLab service account. This included sensitive files such as those that...
chromium -- out-of-bounds memory access
Google Chrome Releases reports: 659475 High CVE-2016-5198: Out of bounds memory access in V8. Credit to Tencent Keen Security Lab, working with Trend Micro's Zero Day Initiative...
BIND -- Remote Denial of Service vulnerability
ISC reports: A defect in BIND's handling of responses containing a DNAME answer can cause a resolver to exit after encountering an assertion failure in db.c or resolver.c...
X.org libraries -- multiple vulnerabilities
Matthieu Herrb reports: Tobias Stoeckmann from the OpenBSD project has discovered a number of issues in the way various X client libraries handle the responses they receive from servers, and has worked with X.Org's security team to analyze, confirm, and fix these issues. These issue come in...
cURL -- Escape and unescape integer overflows
The cURL project reports The four libcurl functions curlescape, curleasyescape, curlunescape and curleasyunescape perform string URL percent escaping and unescaping. They accept custom string length inputs in signed integer arguments. The provided string length arguments were not properly checked...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: Several security fixes in this release, including: 641101 High CVE-2016-5170: Use after free in Blink.Credit to Anonymous 643357 High CVE-2016-5171: Use after free in Blink. Credit to Anonymous 616386 Medium CVE-2016-5172: Arbitrary Memory Read in v8. Credit to...
Vulnerabilities in Curl
Curl security team reports: CVE-2016-5419 - TLS session resumption client cert bypass CVE-2016-5420 - Re-using connections with wrong client cert CVE-2016-5421 - use of connection struct after free...
phpmyadmin -- XSS and sensitive data leakage
The phpmyadmin development team reports: Description Because user SQL queries are part of the URL, sensitive information made as part of a user query can be exposed by clicking on external links to attackers monitoring user GET query parameters or included in the webserver logs. Severity We...
flash -- multiple vulnerabilities
Adobe reports: These updates harden a mitigation against JIT spraying attacks that could be used to bypass memory layout randomization mitigations CVE-2016-1006. These updates resolve type confusion vulnerabilities that could lead to code execution CVE-2016-1015, CVE-2016-1019. These updates...
go -- remote denial of service
Jason Buberel reports: Go has an infinite loop in several big integer routines that makes Go programs vulnerable to remote denial of service attacks. Programs using HTTPS client authentication or the Go ssh server libraries are both exposed to this vulnerability...
FreeBSD -- Incorrect argument validation in sysarch(2)
Problem Description: A special combination of sysarch2 arguments, specify a request to uninstall a set of descriptors from the LDT. The start descriptor is cleared and the number of descriptors are provided. Due to lack of sufficient bounds checking during argument validity verification, unbound...
activemq -- Web Console Clickjacking
Michael Furman reports: The web based administration console does not set the X-Frame-Options header in HTTP responses. This allows the console to be embedded in a frame or iframe which could then be used to cause a user to perform an unintended action in the console...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 560011 High CVE-2016-1630: Same-origin bypass in Blink. 569496 High CVE-2016-1631: Same-origin bypass in Pepper Plugin. 549986 High CVE-2016-1632: Bad cast in Extensions. 572537 High CVE-2016-1633: Use-after-free in Blink. 559292 High CVE-2016-1634: Use-after-free ...
rails -- multiple vulnerabilities
Ruby on Rails blog: Rails 4.2.5.2, 4.1.14.2, and 3.2.22.2 have been released! These contain the following important security fixes, and it is recommended that users upgrade as soon as possible...
libgcrypt -- side-channel attack on ECDH
GnuPG reports: Mitigate side-channel attack on ECDH with Weierstrass curves...
rails -- multiple vulnerabilities
Ruby on Rails blog: Rails 5.0.0.beta1.1, 4.2.5.1, 4.1.14.1, and 3.2.22.1 have been released! These contain important security fixes, and it is recommended that users upgrade as soon as possible...
qemu and xen-tools -- denial of service vulnerabilities in AMD PC-Net II NIC support
Prasad J Pandit, Red Hat Product Security Team, reports: Qemu emulator built with the AMD PC-Net II Ethernet Controller support is vulnerable to a heap buffer overflow flaw. While receiving packets in the loopback mode, it appends CRC code to the receive buffer. If the data size given is same as...
gdm -- lock screen bypass when holding escape key
Ray Strode reports: CVE-2015-7496 - lock screen bypass when holding escape key...
gdk-pixbuf2 -- head overflow and DoS
reports: We found a heap overflow and a DoS in the gdk-pixbuf implementation triggered by the scaling of tga file. We found a heap overflow in the gdk-pixbuf implementation triggered by the scaling of gif file...
unzip -- multiple vulnerabilities
Gustavo Grieco reports: Two issues were found in unzip 6.0: A heap overflow triggered by unzipping a file with password e.g unzip -p -P x sigsegv.zip. A denegation of service with a file that never finishes unzipping e.g. unzip sigxcpu.zip...
libvpx -- buffer overflow in vp9_init_context_buffers
The Mozilla Project reports: Security researcher Khalil Zhani reported that a maliciously crafted vp9 format video could be used to trigger a buffer overflow while parsing the file. This leads to a potentially exploitable crash due to a flaw in the libvpx library...
vlc -- arbitrary pointer dereference vulnerability
oCERT reports: The stable VLC version suffers from an arbitrary pointer dereference vulnerability. The vulnerability affects the 3GP file format parser, insufficient restrictions on a writable buffer can be exploited to execute arbitrary code via the heap memory. A specific 3GP file can be crafte...
django -- multiple vulnerabilities
Tim Graham reports: Denial-of-service possibility in logout view by filling session store Previously, a session could be created when anonymously accessing the django.contrib.auth.views.logout view provided it wasn't decorated with django.contrib.auth.decorators.loginrequired as done in the admin...