6585 matches found
chromium -- multiple security fixes
Chrome Releases reports: This update includes 17 security fixes: 1484394 High CVE-2024-0812: Inappropriate implementation in Accessibility. Reported by Anonymous on 2023-09-19 1504936 High CVE-2024-0808: Integer underflow in WebUI. Reported by Lyra Rebane rebane2001 on 2023-11-24 1496250 Medium...
electron26 -- Out of bounds memory access in V8
Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2024-0519...
GLPI -- multiple vulnerabilities
GLPI team reports: GLPI 10.0.11 Changelog SECURITY - moderate Authenticated SQL Injection CVE-2023-43813 SECURITY - high SQL injection through inventory agent request CVE-2023-46727 SECURITY - high Remote code execution from LDAP server configuration form on PHP 7.4 CVE-2023-46726...
rclone -- Multiple vulnerabilities
Multiple vulnerabilities in ssh and golang CVE-2023-45286: HTTP request body disclosure in go-resty disclosure across requests. CVE-2023-48795: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity...
OpenSSL -- DoS in DH generation
The OpenSSL project reports: Excessive time spent in DH check / generation with large Q parameter value low. Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow...
Unallowed PHP script execution in GLPI
From the GLPI 10.0.10 Changelog: You will find below security issues fixed in this bugfixes version: SECURITY - Critical Unallowed PHP script execution CVE-2023-42802. The mentioned CVE is invalid...
electron24 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-4427. Security: backported fix for CVE-2023-4428. Security: backported fix for CVE-2023-4430. Security: backported fix for CVE-2023-4572...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update includes 26 security fixes: 1448548 High CVE-2023-2312: Use after free in Offline. Reported by avaue at S.S.L. on 2023-05-24 1458303 High CVE-2023-4349: Use after free in Device Trust Connectors. Reported by Weipeng Jiang @Krace of VRI on 2023-06-27 1454817 Hi...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update includes 5 security fixes: 1450568 Critical CVE-2023-3214: Use after free in Autofill payments. Reported by Rong Jian of VRI on 2023-06-01 1446274 High CVE-2023-3215: Use after free in WebRTC. Reported by asnine on 2023-05-17 1450114 High CVE-2023-3216: Type...
electron -- vulnerability
Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2023-29469...
Matrix clients -- Prototype pollution in matrix-js-sdk
Matrix developers report: Today we are issuing security releases of matrix-js-sdk and matrix-react-sdk to patch a pair of High severity vulnerabilities CVE-2023-28427 / GHSA-mwq8-fjpf-c2gr for matrix-js-sdk and CVE-2023-28103 / GHSA-6g43-88cp-w5gv for matrix-react-sdk. The issues involve prototyp...
Grafana -- Stored XSS in Graphite FunctionDescription tooltip
Grafana Labs reports: When a user adds a Graphite data source, they can then use the data source in a dashboard. This capability contains a feature to use Functions. Once a function is selected, a small tooltip appears when hovering over the name of the function. This tooltip allows you to delete...
go -- crypto/elliptic: incorrect P-256 ScalarMult and ScalarBaseMult results
The Go project reports: crypto/elliptic: incorrect P-256 ScalarMult and ScalarBaseMult results The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars a scalar larger than the order of the curve...
clamav -- Multiple vulnerabilities
Simon Scannell reports: CVE-2023-20032 Fixed a possible remote code execution vulnerability in the HFS+ file parser. CVE-2023-20052 Fixed a possible remote information leak vulnerability in the DMG file parser...
py-cryptography -- includes a vulnerable copy of OpenSSL
pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 0.8.1-39.0.0 are vulnerable to a security issue. More details about the vulnerabilities themselves can be found in https://www.openssl.org/news/secadv/20221213.txt and...
git -- Heap overflow in `git archive`, `git log --format` leading to RCE
The git team reports: git log has the ability to display commits using an arbitrary format with its --format specifiers. This functionality is also exposed to git archive via the export-subst gitattribute. When processing the padding operators e.g., %, %, or % , an integer overflow can occur in...
go -- syscall.Faccessat checks wrong group on Linux
The Go project reports: When called with a non-zero flags parameter, the syscall.Faccessat function could incorrectly report that a file is accessible. This bug only occurs on Linux systems...
Qt5 -- QProcess unexpected search path
The Qt Company reports: Recently, the Qt Project's security team was made aware of an issue regarding QProcess and determined it to be a security issue on Unix-based platforms only. We do not believe this to be a considerable risk for applications as the likelihood of it being triggered is minima...
Grafana -- Teams API IDOR
Grafana Labs reports: On Jan. 18, an external security researcher, Kürşad ALSAN from NSPECT.IO @nspectio on Twitter, contacted Grafana to disclose an IDOR Insecure Direct Object Reference vulnerability on Grafana Teams APIs. This vulnerability only impacts the following API endpoints:...
aide -- heap-based buffer overflow
David Bouman reports: AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata such as XFS extended attributes or tmpfs ACLs, because of a heap-based buffer overflow. Aide uses a fixed size 16k bytes for the return buffer in encodebase64/decodebase64 functions. Th...
OpenSearch -- Log4Shell
OpenSearch reports: CVE-2021-45046 was issued shortly following the release of OpenSearch 1.2.1. This new CVE advises upgrading from Log4j 2.15.0 used in OpenSearch 1.2.1 to Log4j 2.16.0. Out of an abundance of caution, the team is releasing OpenSearch 1.2.2 which includes Log4j 2.16.0. While the...
go -- multiple vulnerabilities
The Go project reports: debug/macho fails out when loading a file that contains a dynamic symbol table command that indicates a larger number of symbols than exist in the loaded symbol table. Previously, opening a zip with Reader.Open could result in a panic if the zip contained a file whose name...
mod_auth_mellon -- Redirect URL validation bypass
Jakub Hrozek reports: Version 0.17.0 and older of modauthmellon allows the redirect URL validation to be bypassed by specifying an URL formatted as ///fishing-site.example.com/logout.html...
dino -- Path traversal in Dino file transfers
Dino team reports: It was discovered that when a user receives and downloads a file in Dino, URI-encoded path separators in the file name will be decoded, allowing an attacker to traverse directories and create arbitrary files in the context of the user...
dnsmasq -- cache poisoning vulnerability in certain configurations
Simon Kelley reports: In configurations where the forwarding server address contains an @ character for specifying a sending interface or source address, the random source port behavior was disabled, making cache poisoning attacks possible. This only affects configurations of the form...
mod_dav_svn -- server crash
Subversion project reports: Subversion's modauthzsvn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL...
py-matrix-synapse -- DoS on Federation API
Matrix developers reports: A malicious or poorly-implemented homeserver can inject malformed events into a room by specifying a different room id in the path of a /sendjoin, /sendleave, /invite or /exchangethirdpartyinvite request. This can lead to a denial of service in which future events will...
jasper -- heap overflow vulnerability
JasPer NEWS: Fix CVE-2020-27828, heap-overflow in cpcreate in jpcenc.c...
FreeBSD -- ICMPv6 use-after-free in error message handling
Problem Description: When an ICMPv6 error message is received, the FreeBSD ICMPv6 stack may extract information from the message to hand to upper-layer protocols. As a part of this operation, it may parse IPv6 header options from a packet embedded in the ICMPv6 message. The handler for a routing...
ark -- extraction outside of extraction directory
Albert Astals Cid reports: Overview A maliciously crafted TAR archive containing symlink entries would install files anywhere in the user's home directory upon extraction. Proof of concept For testing, an example of malicious archive can be found at dirsymlink.tar Impact Users can unwillingly...
FreeBSD -- sendmsg(2) privilege escalation
Problem Description: When handling a 32-bit sendmsg2 call, the compat32 subsystem copies the control message to be transmitted if any into kernel memory, and adjusts alignment of control message headers. The code which performs this work contained a time-of-check to time-of-use TOCTOU vulnerabili...
clamav -- multiple vulnerabilities
Micah Snyder reports: CVE-2020-3350 Fixed a vulnerability a malicious user could exploit to replace a scan target's directory with a symlink to another path to trick clamscan, clamdscan, or clamonacc into removing or moving a different file such as a critical system file. The issue would affect...
Mbed TLS -- Side-channel attack on ECC key import and validation
Manuel Pégourié-Gonnard reports: The scalar multiplication function in Mbed TLS accepts a random number generator RNG as an optional argument and, if provided, uses it to protect against some attacks. It is the caller's responsibility to provide a RNG if protection against side-channel attacks is...
BIND -- Remote Denial of Service vulnerability
ISC reports: An assertion check in BIND that is meant to prevent going beyond the end of a buffer when processing incoming data can be incorrectly triggered by a large response during zone transfer...
websocket-extensions -- ReDoS vulnerability
Changelog: Remove a ReDoS vulnerability in the header parser CVE-2020-7663...
kaminari -- potential XSS vulnerability
Kaminari Security Advisories: There was a vulnerability in versions of Kaminari that would allow an attacker to inject arbitrary code into pages with pagination links. The 1.2.1 gem including the patch has already been released. All past released versions are affected by this vulnerability...
asterisk -- Re-invite with T.38 and malformed SDP causes crash
The Asterisk project reports: If Asterisk receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a crash will occur...
squid -- Vulnerable to HTTP Digest Authentication
Squid Team reports: Problem Description: Due to incorrect data management Squid is vulnerable to a information disclosure when processing HTTP Digest Authentication. Severity: Nonce tokens contain the raw byte value of a pointer which sits within heap memory allocation. This information reduces...
nsd -- Stack-based Buffer Overflow
Frederic Cambus reports: nsd-checkzone in NLnet Labs NSD 4.2.0 has a Stack-based Buffer Overflow in the dnameconcatenate function in dname.c...
libzmq4 -- Stack overflow
Fang-Pen Lin reports: A remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary data, due to a buffer overflow in the library. Users running...
FreeBSD -- ICMP/ICMP6 packet filter bypass in pf
Problem Description: States in pf4 let ICMP and ICMP6 packets pass if they have a packet in their payload matching an existing condition. pf4 does not check if the outer ICMP or ICMP6 packet has the same destination IP as the source IP of the inner protocol packet. Impact: A maliciously crafted...
libssh2 -- multiple issues
libssh2 developers report: Defend against possible integer overflows in compmethodzlibdecomp. Defend against writing beyond the end of the payload in libssh2transportread. Sanitize paddinglength - libssh2transportread. This prevents an underflow resulting in a potential out-of-bounds read if a...
Gitlab -- Multiple vulnerabilities
Gitlab reports: Leak of Confidential Issue and Merge Request Titles Persistent XSS in User Status...
GraphicsMagick -- SVG/Rendering vulnerability
GraphicsMagick News: Fix heap write overflow of PrimitiveInfo and PointInfo arrays. This is another manefestation of CVE-2016-2317, which should finally be fixed correctly due to active detection/correction of pending overflow rather than using estimation...
Gitlab -- multiple vulnerabilities
GitLab reports: Persistent XSS in Move Issue using project namespace Download Archive allowing unauthorized private repo access Mattermost Updates...
wget -- cookie injection vulnerability
Harry Sintonen of F-Secure Corporation reports: GNU Wget is susceptible to a malicious web server injecting arbitrary cookies to the cookie jar file...
Flash Player -- multiple vulnerabilities
Adobe reports: This update resolves a use-after-free vulnerability that could lead to remote code execution CVE-2018-4919. This update resolves a type confusion vulnerability that could lead to remote code execution CVE-2018-4920...
strongswan - Insufficient input validation in RSASSA-PSS signature parser
Strongswan Release Notes reports: Fixed a DoS vulnerability in the parser for PKCS1 RSASSA-PSS signatures that was caused by insufficient input validation. One of the configurable parameters in algorithm identifier structures for RSASSA-PSS signatures is the mask generation function MGF. Only MGF...
gitlab -- Remote code execution on project import
GitLab developers report: Today we are releasing versions 10.3.4, 10.2.6, and 10.1.6 for GitLab Community Edition CE and Enterprise Edition EE. These versions contain a number of important security fixes, including two that prevent remote code execution, and we strongly recommend that all GitLab...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 2 security fixes in this release, including: 788453 High CVE-2017-15429: UXSS in V8. Reported by Anonymous on 2017-11-24 794792 Various fixes from internal audits, fuzzing and other initiatives...