6585 matches found
ansible - subversion password leak from PID
Borja Tarraso reports: A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading...
Gitlab -- Multiple Vulnerabilities
The GitLab Team reports: Group Maintainers Can Update/Delete Group Runners Using API GraphQL Queries Can Hang the Application Unauthorized Users Have Access to Milestones of Releases Private Group Name Revealed Through Protected Tags API Users Can Publish Reviews on Locked Merge Requests DoS in t...
glpi -- Public GLPIKEY can be used to decrypt any data
MITRE Corporation reports: GLPI before before version 9.4.6 has a vulnerability involving a default encryption key. GLPIKEY is public and is used on every instance. This means anyone can decrypt sensitive data stored using this key. It is possible to change the key before installing GLPI. But on...
Pillow -- Multiple vulnerabilities
Pillow developers report: This release addresses several security problems, as well as addressing CVE-2019-19911. CVE-2019-19911 is regarding FPX images. If an image reports that it has a large number of bands, a large amount of resources will be used when trying to process the image. This is fix...
OpenSSL -- Overflow vulnerability
The OpenSSL project reports: rsaz512sqr overflow bug on x8664 CVE-2019-1551 Low There is an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, a...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Kubernetes Integration Server-Side Request Forgery Server-Side Request Forgery in Jira Integration Improved Protection Against Credential Stuffing Attacks Markdown Clientside Resource Exhaustion Pipeline Status Disclosure Group Runner Authorization Issue CI Metrics Disclosure User...
FreeBSD -- ICMPv6 / MLDv2 out-of-bounds memory access
Problem Description: The ICMPv6 input path incorrectly handles cases where an MLDv2 listener query packet is internally fragmented across multiple mbufs. Impact: A remote attacker may be able to cause an out-of-bounds read or write that may cause the kernel to attempt to access an unmapped page a...
FreeBSD -- Resource exhaustion in non-default RACK TCP stack
Problem Description: While processing acknowledgements, the RACK code uses several linked lists to maintain state entries. A malicious attacker can cause the lists to grow unbounded. This can cause an expensive list traversal on every packet being processed, leading to resource exhaustion and a...
FreeBSD -- EAP-pwd missing commit validation
Problem Description: EAP-pwd implementation in hostapd EAP server and wpasupplicant EAP peer does not to validate the received scalar and element values in EAP-pwd-Commit messages properly. This could result in attacks that would be able to complete EAP-pwd authentication exchange without the...
Flash Player -- multiple vulnerabilities
Adobe reports: This update resolves a use-after-free vulnerability that could lead to arbitrary code execution CVE-2019-7096. This update resolves an out-of-bounds read vulnerability that could lead to information disclosure CVE-2019-7108...
Dovecot -- Multiple vulnerabilities
Aki Tuomi reports: Submission-login crashes with signal 11 due to null pointer access when authentication is aborted by disconnecting. This can lead to denial-of-service attack by persistent attackers. Aki Tuomi reports: Submission-login crashes when authentication is started over TLS secured...
rdesktop - critical - Remote Code Execution
Fix memory corruption in processbitmapdata - CVE-2018-8794 Fix remote code execution in processbitmapdata - CVE-2018-8795 Fix remote code execution in processplane - CVE-2018-8797 Fix Denial of Service in mcsrecvconnectresponse - CVE-2018-20175 Fix Denial of Service in mcsparsedomainparams -...
chromium -- Use after free in PDFium
Google Chrome Releases reports: 1 security fix contributed by external researches: High CVE-2018-17481: Use after free in PDFium...
samba -- multiple vulnerabilities
The samba project reports: All versions of Samba from 4.0.0 onwards are vulnerable to infinite query recursion caused by CNAME loops. Any dns record can be added via ldap by an unprivileged user using the ldbadd tool, so this is a security issue. When configured to accept smart-card authenticatio...
taglib -- heap-based buffer over-read via a crafted audio file
Webin security lab - dbapp security Ltd reports: The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure heap-based buffer over-read via a crafted audio file...
p7zip -- usage of uninitialized memory
NVD reports: Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service segmentation fault or execute arbitrary code via a crafted RAR archive...
roundcube -- IMAP command injection vulnerability
Upstream reports: This update primarily fixes a recently discovered IMAP-cmd-injection vulnerability caused by insufficient input validation within the archive plugin. Details about the vulnerability are published under CVE-2018-9846...
FreeBSD -- ipsec crash or denial of service
Problem Description: The length field of the option header does not count the size of the option header itself. This causes a problem when the length is zero, the count is then incremented by zero, which causes an infinite loop. In addition there are pointer/offset mistakes in the handling of IPv...
Flash Player -- multiple vulnerabilities
Adobe reports: This update resolves a use-after-free vulnerability that could lead to remote code execution CVE-2018-4919. This update resolves a type confusion vulnerability that could lead to remote code execution CVE-2018-4920...
mailman -- hardening against malicious listowners injecting evil HTML scripts
Mark Sapiro reports: Existing protections against malicious listowners injecting evil scripts into listinfo pages have had a few more checks added. A few more error messages have had their values HTML escaped. The hash generated when SUBSCRIBEFORMSECRET is set could have been the same as one...
gcab -- stack overflow
Upstream reports: A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file...
squid -- Vulnerable to Denial of Service attack
Louis Dion-Marcil reports: Due to incorrect pointer handling Squid is vulnerable to denial of service attack when processing ESI responses. This problem allows a remote server delivering certain ESI response syntax to trigger a denial of service for all clients accessing the Squid service. Due to...
konversation -- crash in IRC message parsing
KDE reports: Konversation has support for colors in IRC messages. Any malicious user connected to the same IRC network can send a carefully crafted message that will crash the Konversation user client...
libraw -- denial of service and remote code execution
libraw developers report: A Stack-based Buffer Overflow was discovered in xtransinterpolate in internal/dcrawcommon.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack...
libtiff -- Improper Input Validation
libtiff developers report: There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd in LibTIFF 4.0.8, related to tifdirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack. There is a reachable assertion abort in the function...
ncurses -- multiple issues
ncurses developers reports: There are multiple illegal address access issues and an infinite loop issue. Please refer to the CVE list for details...
php-gd and gd -- Buffer over-read into uninitialized memory
PHP developers report: The GIF decoding function gdImageCreateFromGifCtx in gdgifin.c in the GD Graphics Library aka libgd, as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read 700 byt...
Cacti -- Cross-site scripting (XSS) vulnerability in auth_profile.php
kimiizhang reports: Cross-site scripting XSS vulnerability in authprofile.php in Cacti 1.1.13 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers...
tiff -- multiple vulnerabilities
Debian Security Advisory reports: Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code...
drupal -- Drupal Core - Multiple Vulnerabilities
Drupal Security Team Reports: CVE-2017-6920: PECL YAML parser unsafe object handling. CVE-2017-6921: File REST resource does not properly validate CVE-2017-6922: Files uploaded by anonymous users into a private file system can be accessed by other anonymous users...
roundcube -- arbitrary password resets
Roundcube reports: Roundcube Webmail allows arbitrary password resets by authenticated users. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 29 security fixes in this release, including: 695826 High CVE-2017-5057: Type confusion in PDFium. Credit to Guang Gong of Alpha Team, Qihoo 360 694382 High CVE-2017-5058: Heap use after free in Print Preview. Credit to Khalil Zhani 684684 High CVE-2017-5059: Type...
gitlab -- Various security issues
GitLab reports: Information Disclosure in Issue and Merge Request Trackers During an internal code review a critical vulnerability in the GitLab Issue and Merge Request trackers was discovered. This vulnerability could allow a user with access to assign ownership of an issue or merge request to...
NSS -- multiple vulnerabilities
Mozilla Foundation reports: An out-of-bounds write during Base64 decoding operation in the Network Security Services NSS library due to insufficient memory being allocated to the buffer. This results in a potentially exploitable crash. The NSS library has been updated to fix this issue to address...
NVIDIA UNIX driver -- multiple vulnerabilities in the kernel mode layer handler
NVIDIA Unix security team reports: NVIDIA GPU Display Driver contains vulnerabilities in the kernel mode layer handler where multiple integer overflows, improper access control, and improper validation of a user input may cause a denial of service or potential escalation of privileges...
cURL -- buffer overflow
The cURL project reports: printf floating point buffer overflow libcurl's implementation of the printf functions triggers a buffer overflow when doing a large floating point output. The bug occurs when the conversion outputs more than 255 bytes...
dovecot -- Dovecot DoS when passdb dict was used for authentication
Timo Sirainen reports: passdb/userdb dict: Don't double-expand %variables in keys. If dict was used as the authentication passdb, using specially crafted %variables in the username could be used to cause DoS...
libvncserver -- multiple buffer overflows
libvnc server reports: Two unrelated buffer overflows can be used by a malicious server to overwrite parts of the heap and crash the client or possibly execute arbitrary code...
django -- multiple vulnerabilities
The Django project reports: Today the Django team released Django 1.10.3, Django 1.9.11, and 1.8.16. These releases addresses two security issues detailed below. We encourage all users of Django to upgrade as soon as possible. User with hardcoded password created when running tests on Oracle DNS...
urllib3 -- certificate verification failure
urllib3 reports: CVE-2016-9015: Certification verification failure...
PostgreSQL -- Denial-of-Service and Code Injection Vulnerabilities
PostgreSQL project reports: Security Fixes nested CASE expressions + database and role names with embedded special characters CVE-2016-5423: certain nested CASE expressions can cause the server to crash. CVE-2016-5424: database and role names with embedded special characters can allow code...
botan -- multiple vulnerabilities
Jack Lloyd reports: Botan 1.10.13 has been released backporting some side channel protections for ECDSA signatures CVE-2016-2849 and PKCS 1 RSA decryption CVE-2015-7827...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 6 security fixes in this release, including: 546677 High CVE-2016-1622: Same-origin bypass in Extensions. Credit to anonymous. 577105 High CVE-2016-1623: Same-origin bypass in DOM. Credit to Mariusz Mlynski. 509313 Medium CVE-2016-1625: Navigation bypass in Chrome...
phpmyadmin -- XSS vulnerability in SQL editor
The phpMyAdmin development team reports: With a crafted SQL query, it is possible to trigger an XSS attack in the SQL editor. We consider this vulnerability to be non-critical. This vulnerability can be triggered only by someone who is logged in to phpMyAdmin, as the usual token protection preven...
phpmyadmin -- Multiple XSS vulnerabilities
The phpMyAdmin development team reports: With a crafted table name it is possible to trigger an XSS attack in the database search page. With a crafted SET value or a crafted search query, it is possible to trigger an XSS attacks in the zoom search page. With a crafted hostname header, it is...
FreeBSD -- SCTP ICMPv6 error message vulnerability
Problem Description: A lack of proper input checks in the ICMPv6 processing in the SCTP stack can lead to either a failed kernel assertion or to a NULL pointer dereference. In either case, a kernel panic will follow. Impact: A remote, unauthenticated attacker can reliably trigger a kernel panic i...
atheme-services -- multiple vulnerabilities
Mitre reports: modules/chanserv/flags.c in Atheme before 7.2.7 allows remote attackers to modify the Anope FLAGS behavior by registering and dropping the 1 LIST, 2 CLEAR, or 3 MODIFY keyword nicks. Buffer overflow in the xmlrpccharencode function in modules/transport/xmlrpc/xmlrpclib.c in Atheme...
dhcpcd -- multiple vulnerabilities
Nico Golde reports: heap overflow via malformed dhcp responses later in printoption via dhcpenvoption1 due to incorrect option length values. Exploitation is non-trivial, but I'd love to be proven wrong. invalid read/crash via malformed dhcp responses. not exploitable beyond DoS as far as I can...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 2 security fixes in this release, including: 569486 CVE-2015-6792: Fixes from internal audits and fuzzing...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 520422 High CVE-2015-1302: Information leak in PDF viewer. Credit to Rob Wu...