6582 matches found
bash -- remote code execution vulnerability
Chet Ramey reports: Under certain circumstances, bash will execute user code while processing the environment for exported function definitions. The original fix released for CVE-2014-6271 was not adequate. A similar vulnerability was discovered and tagged as CVE-2014-7169...
rubygem-rails -- multiple vulnerabilities
Rails core team reports: This version contains three important security fixes, please upgrade immediately. One of security fixes impacts all users and is related to HTML escaping code. The other two fixes impacts people using selecttag's prompt option and striptags helper from ActionPack...
Exim -- heap-based buffer overflow in string_vformat leading to RCE
Exim developers team report: There is a heap overflow in stringvformat.Using a EHLO message, remote code execution seems to be possible...
Apache httpd -- Multiple vulnerabilities
The Apache httpd project reports: CVE-2023-27522: Apache HTTP Server: modproxyuwsgi HTTP response splitting cve.mitre.org. HTTP Response Smuggling vulnerability in Apache HTTP Server via modproxyuwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the...
Apache httpd -- multiple vulnerabilities
The Apache httpd project reports: important: Read after free in modhttp2 CVE-2017-9789 When under stress, closing many connections, the HTTP/2 handling code would sometimes access memory after it has been freed, resulting in potentially erratic behaviour. important: Uninitialized memory reflectio...
Vinyl/Varnish -- HTTP/2 parsing deficiency
Vinyl Development Team reports: A deficiency in HTTP/2 request parsing can be exploited to launch a backend request desync attack request smuggling, which in turn can be used for cache poisoning, authentication bypass or possibly even information disclosure and manipulation...
putty -- add protocol extension against 'Terrapin attack'
Simon Tatham reports: PuTTY version 0.80 contains one security fix ... for a newly discovered security issue known as the 'Terrapin' attack, also numbered CVE-2023-48795. The issue affects widely-used OpenSSH extensions to the SSH protocol: the ChaCha20+Poly1305 cipher system, and...
FreeBSD -- Xen guests can triger backend Out Of Memory
Problem Description: Some OSes including Linux, FreeBSD, and NetBSD are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbound, a guest may be able to trigger a OOM in the backend...
ImageMagick -- multiple vulnerabilities
cvedetails.com reports: CVE-2019-7175: In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c. CVE-2019-7395: In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c. CVE-2019-7396: In ImageMagick before 7.0.8-25, a memory leak exist...
mediawiki -- multiple vulnerabilities
mediawiki reports: security fixes: T128209: Reflected File Download from api.php. Reported by Abdullah Hussam. T165846: BotPasswords doesn't throttle login attempts. T134100: On private wikis, login form shouldn't distinguish between login failure due to bad username and bad password. T178451: XS...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory: Description SECURITY-412 through SECURITY-420 / CVE-2017-1000356 CSRF: Multiple vulnerabilities SECURITY-429 / CVE-2017-1000353 CLI: Unauthenticated remote code execution SECURITY-466 / CVE-2017-1000354 CLI: Login command allowed impersonating any Jenkins user...
jenkins -- Terrapin SSH vulnerability in Jenkins CLI client
Jenkins Security Advisory: Description Medium SECURITY-3386 / CVE-2023-48795 Terrapin SSH vulnerability in Jenkins CLI client...
Axis2 -- Security vulnerability on dependency Apache Commons FileUpload
Apache Axis2 reports: The commons-fileupload dependency has been updated to a version that fixes CVE-2016-1000031 AXIS2-5853...
www/awstats -- Partial absolute pathname
MITRE reports: It seems 90 is not completely fixed in 7.8. that is, even after CVE-2017-1000501 and CVE-2020-29600 are fixed. In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname omitting the initial /etc, even though it was intended to only read a file in the...
OpenSSL -- NULL pointer de-reference
The OpenSSL project reports: EDIPARTYNAME NULL pointer de-reference High The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERALNAMEcmp which compares different instances of a...
phpmailer -- XSS in code example and default exeception handler
PHPMailer reports: Fix XSS vulnerability in one of the code examples, CVE-2017-11503. The codegenerator.phps example did not filter user input prior to output. This file is distributed with a .phps extension, so it it not normally executable unless it is explicitly renamed, so it is safe by...
openssh -- multiple vulnerabilities
The OpenSSH project reports: ssh-agent1: Will now refuse to load PKCS11 modules from paths outside a trusted whitelist run-time configurable. Requests to load modules could be passed via agent forwarding and an attacker could attempt to load a hostile PKCS11 module across the forwarded agent...
openssh -- command injection when X11Forwarding is enabled
The OpenSSH project reports: Missing sanitisation of untrusted input allows an authenticated user who is able to request X11 forwarding to inject commands to xauth1. Injection of xauth commands grants the ability to read arbitrary files under the authenticated user's privilege, Other xauth comman...
nginx -- heap buffer overflow in ngx_http_rewrite_module
The nginx developers report: A heap memory buffer overflow might occur in a worker process when using a configuration with overlapping captures in ngxhttprewritemodule, potentially resulting in arbitrary code execution CVE-2026-9256...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 32 security fixes, including: 1208721 High CVE-2021-30521: Heap buffer overflow in Autofill. Reported by ZhanJia Song on 2021-05-13 1176218 High CVE-2021-30522: Use after free in WebAudio. Reported by Piotr Bania of Cisco Talos on 2021-02-09 1187797...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 15 security fixes in this release, including: 601073 High CVE-2016-1696: Cross-origin bypass in Extension bindings. Credit to anonymous. 613266 High CVE-2016-1697: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. 603725 Medium CVE-2016-1698: Information lea...
traefik -- Resource exhaustion by malicious HTTP/2 client
The traefik authors report: There is a vulnerability in GO managing HTTP/2 requests, which impacts Traefik. This vulnerability could be exploited to cause a denial of service...
Python -- HTTP Header Injection in Python urllib
Guido Vranken reports: HTTP header injection in urrlib2/urllib/httplib/http.client with newlines in header values, where newlines have a semantic consequence of denoting the start of an additional header line...
Apache httpd -- multiple vulnerabilities
The Apache httpd project reports: HTTP/2 DoS by memory exhaustion on endless continuation frames HTTP Response Splitting in multiple modules...
Apache httpd -- Multiple vulnerabilities
The Apache httpd project reports: CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST CVE-2023-43622: Apache HTTP Server: DoS in HTTP/2 with initial windows size 0 CVE-2023-31122: modmacro buffer over-read...
go -- decoding big.Float and big.Rat can panic
The Go project reports: encoding/gob & math/big: decoding big.Float and big.Rat can panic Decoding big.Float and big.Rat types can panic if the encoded message is too short...
FreeBSD-kernel -- Multiple WiFi issues
Problem Description: The paper "Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation" reported a number of security vulnerabilities in the 802.11 specification related to frame aggregation and fragmentation. Additionally, FreeBSD 12.x missed length validation of SSIDs an...
OpenSSL -- Multiple vulnerabilities
The OpenSSL project reports: Null pointer deref in X509issuerandserialhash CVE-2021-23841Moderate The OpenSSL public API function X509issuerandserialhash attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to...
apache -- multiple vulnerabilities
The Apache httpd reports: Out of bound write in modauthnzldap with AuthLDAPCharsetConfig enabled CVE-2017-15710 modsession: CGI-like applications that intend to read from modsession's 'SessionEnv ON' could be fooled into reading user-supplied data instead. CVE-2018-1283 modcachesocache: Fix reque...
nginx -- a specially crafted request might result in an integer overflow
Maxim Dounin reports: A security issue was identified in nginx range filter. A specially crafted request might result in an integer overflow and incorrect processing of ranges, potentially resulting in sensitive information leak CVE-2017-7529...
tomcat -- multiple vulnerabilities
The Apache Software Foundation reports: Important: Remote Code Execution CVE-2016-8735 Important: Information Disclosure CVE-2016-6816...
FreeBSD -- OpenSSH Remote Denial of Service vulnerability
Problem Description: When processing the SSHMSGKEXINIT message, the server could allocate up to a few hundreds of megabytes of memory per each connection, before any authentication take place. Impact: A remote attacker may be able to cause a SSH server to allocate an excessive amount of memory...
Apache 1.3 -- mod_proxy reverse proxy exposure
Apache HTTP server project reports: An exposure was found when using modproxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from...
dokuwiki -- multiple vulnerabilities
Secunia reports: rgod has discovered a vulnerability in DokuWiki, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the "TARGETFN" parameter in bin/dwpage.php is not properly sanitised before being used to copy files. This can be exploited via directory...
dnsmasq -- DNS cache poisoning, and DNSSEC buffer overflow, vulnerabilities
Simon Kelley reports: There are broadly two sets of problems. The first is subtle errors in dnsmasq's protections against the chronic weakness of the DNS protocol to cache-poisoning attacks; the Birthday attack, Kaminsky, etc.... the second set of errors is a good old fashioned buffer overflow in...
sqlite3 -- heap-buffer overflow
Google reports: A heap-buffer overflow sometimes a crash can arise when running a SQL request on malformed sqlite3 databases...
Zabbix -- Remote code execution
mitre reports: An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X. A specially crafted set of packets can cause a command injection resulting in remote code execution. An attacker can make requests from an active Zabbix Proxy to trigger...
FreeBSD -- Multiple vulnerabilities of ntp
Problem Description: Multiple vulnerabilities have been discovered in the NTP suite: CVE-2016-9311: Trap crash, Reported by Matthew Van Gundy of Cisco ASIG. CVE-2016-9310: Mode 6 unauthenticated trap information disclosure and DDoS vector. Reported by Matthew Van Gundy of Cisco ASIG. CVE-2016-742...
php -- multiple vulnerabilities
PHP reports: Fixed bug 69975 PHP segfaults when accessing nvarcharmax defined columns Fixed bug 72479 Use After Free Vulnerability in SNMP with GC and unserialize. Fixed bug 72512 gdImageTrueColorToPaletteBody allows arbitrary write/read access. Fixed bug 72519 imagegif/output out-of-bounds acces...
proftpd -- arbitrary code execution vulnerability with chroot
ProFTPd development team reports: Vadim Melihow reported a critical issue with proftpd installations that use the modcopy module's SITE CPFR/SITE CPTO commands; modcopy allows these commands to be used by unauthenticated clients...
cacti -- SQL injection and command execution vulnerabilities
Bonsai information security reports: A Vulnerability has been discovered in Cacti, which can be exploited by any user to conduct SQL Injection attacks. Input passed via the "exportitemid" parameter to "templatesexport.php" script is not properly sanitized before being used in a SQL query. The sam...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 28 security fixes, including: 1289383 High CVE-2022-0789: Heap buffer overflow in ANGLE. Reported by SeongHwan Park SeHwa on 2022-01-21 1274077 High CVE-2022-0790: Use after free in Cast UI. Reported by Anonymous on 2021-11-26 1278322 High...
traefik -- Denial of service in HTTP/2
The traefik project reports: Update of dependency to go go1.12.8 resolves potential HTTP/2 denial of service in traefik...
FreeBSD -- Speculative Execution Vulnerabilities
Problem Description: A number of issues relating to speculative execution were found last year and publicly announced January 3rd. Two of these, known as Meltdown and Spectre V2, are addressed here. CVE-2017-5754 Meltdown - ------------------------ This issue relies on an affected CPU speculative...
ntp -- multiple vulnerabilities
Network Time Foundation reports: NTF's NTP Project is releasing ntp-4.2.8p9, which addresses: 1 HIGH severity vulnerability that only affects Windows 2 MEDIUM severity vulnerabilities 2 MEDIUM/LOW severity vulnerabilities 5 LOW severity vulnerabilities 28 other non-security fixes and improvements...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update includes 16 security fixes: 1479274 Critical CVE-2023-4863: Heap buffer overflow in WebP. Reported by Apple Security Engineering and Architecture SEAR and The Citizen Lab at The University of Torontoʼs Munk School on 2023-09-06 1430867 Medium CVE-2023-4900:...
chromium -- heap buffer overflow in V8
Chrome Releases reports: 1170176 High CVE-2021-21148: Heap buffer overflow in V8. Reported by Mattias Buelens on 2021-01-24. Google is aware of reports that an exploit for CVE-2021-21148 exists in the wild...
oniguruma -- multiple vulnerabilities
the PHP project reports: A stack out-of-bounds read occurs in matchat during regular expression searching. A logical error involving order of validation and access in matchat could result in an out-of-bounds read from a stack buffer CVE-2017-9224. A heap out-of-bounds write or read occurs in...
phpmailer -- Remote Code Execution
Legal Hackers reports: An independent research uncovered a critical vulnerability in PHPMailer that could potentially be used by unauthenticated remote attackers to achieve remote arbitrary code execution in the context of the web server user and remotely compromise the target web application. To...
ntpd DRDoS / Amplification Attack using ntpdc monlist command
ntp.org reports: Unrestricted access to the monlist feature in ntprequest.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service traffic amplification via forged 1 REQMONGETLIST or 2 REQMONGETLIST1 requests, as exploited in the wild in December 2013 Use noquery to...