6585 matches found
wireshark -- Multiple problems
wireshark Team reports: It may be possible to make Wireshark or Ethereal crash or use up available memory by injecting a purposefully malformed packet onto the wire or by convincing someone to read a malformed packet trace file...
mysql -- renaming of arbitrary tables by authenticated users
MySQL reports: The requirement of the DROP privilege for RENAME TABLE was not enforced...
p5-Imager -- possibly exploitable buffer overflow
Imager 0.56 and all earlier versions with BMP support have a security issue when reading compressed 8-bit per pixel BMP files where either a compressed run of data or a literal run of data overflows the scan-line. Such an overflow causes a buffer overflow in a malloc allocated memory buffer,...
opera -- URL parsing heap overflow vulnerability
iDefense Labs reports: Remote exploitation of a heap overflow vulnerability within version 9 of Opera Software's Opera Web browser could allow an attacker to execute arbitrary code on the affected host. A flaw exists within Opera when parsing a tag that contains a URL. A heap buffer with a consta...
libxine -- buffer overflow vulnerability
A Secunia Advisory reports: Federico L. Bossi Bonin has discovered a weakness in xine-lib, which can be exploited by malicious people to crash certain applications on a user's system. The weakness is cause due to a heap corruption within the "xinepluginphttp.so" plugin when handling an overly lar...
postgresql -- encoding based SQL injection
The PostgreSQL development team reports: An attacker able to submit crafted strings to an application that will embed those strings in SQL commands can use invalidly-encoded multibyte characters to bypass standard string-escaping methods, resulting in possible injection of hostile SQL commands in...
linux-realplayer -- heap overflow
iDefense Reports: Remote exploitation of a heap-based buffer overflow in RealNetwork Inc's RealPlayer could allow the execution of arbitrary code in the context of the currently logged in user. In order to exploit this vulnerability, an attacker would need to entice a user to follow a link to a...
heimdal -- Multiple vulnerabilities
A Project heimdal Security Advisory reports: The telnet client program in Heimdal has buffer overflows in the functions slcaddreply and envoptadd, which may lead to remote code execution. The telnetd server program in Heimdal has buffer overflows in the function getterminaltype, which may lead to...
squid -- FTP server response handling denial of service
A Secunia Advisory reports: M.A.Young has reported a vulnerability in Squid, which can be exploited by malicious people to cause a DoS Denial of Service. The vulnerability is caused due to an error in handling certain FTP server responses. This can be exploited to crash Squid by visiting a...
kdebase -- Kate backup file permission leak
A KDE Security Advisory explains: Kate / Kwrite create a file backup before saving a modified file. These backup files are created with default permissions, even if the original file had more strict permissions set. Depending on the system security settings, backup files might be readable by othe...
acroread -- XML External Entity vulnerability
Sverre H. Huseby discovered a vulnerability in Adobe Acrobat and Adobe Reader. Under certain circumstances, using XML scripts it is possible to discover the existence of local files...
fswiki -- XSS problem in file upload form
A Secunia security advisory reports: A vulnerability has been reported in FreeStyle Wiki and FSWikiLite, which can be exploited by malicious people to conduct script insertion attacks. Input passed in uploaded attachments is not properly sanitised before being used. This can be exploited to injec...
gld -- format string and buffer overflow vulnerabilities
Gld has been found vulnerable to multiple buffer overflows as well as multiple format string vulnerabilities. An attacker could exploit this vulnerability to execute arbitrary code with the permissions of the user running Gld, the default user being root. The FreeBSD port defaults to running gld ...
ethereal -- multiple protocol dissectors vulnerabilities
An Ethreal Security Advisories reports: Issues have been discovered in the following protocol dissectors: Matevz Pustisek discovered a buffer overflow in the Etheric dissector. CVE: CAN-2005-0704 The GPRS-LLC dissector could crash if the "ignore cipher bit" option was enabled. CVE: CAN-2005-0705...
perl -- vulnerabilities in PERLIO_DEBUG handling
Kevin Finisterre discovered bugs in perl's I/O debug support: The environmental variable PERLIODEBUG is honored even by the set-user-ID perl command usually named sperl or suidperl. As a result, a local attacker may be able to gain elevated privileges. CVE-2005-0155 A buffer overflow may occur in...
postgresql -- multiple vulnerabilities
Multiple vulnerabilities had been reported in various versions of PostgreSQL: The EXECUTE restrictions can be bypassed by using the AGGREGATE function, which is missing a permissions check. A buffer overflow exists in gram.y which could allow an attacker to execute arbitrary code by sending a lar...
squid -- confusing results on empty acl declarations
Applying an empty ACL list results in unexpected behavior: anything will match an empty ACL list. For example, The meaning of the configuration gets very confusing when we encounter empty ACLs such as acl something src "/path/to/emptyfile.txt" httpaccess allow something somewhere gets parsed with...
mod_dav -- lock related denial-of-service
A malicious user with DAV write privileges can trigger a null pointer dereference in the Apache moddav module. This could cause the server to become unavailable...
krb5 -- double-free vulnerabilities
An advisory published by the MIT Kerberos team says: The MIT Kerberos 5 implementation's Key Distribution Center KDC program contains a double-free vulnerability that potentially allows a remote attacker to execute arbitrary code. Compromise of a KDC host compromises the security of the entire...
a2ps -- insecure command line argument handling
Rudolf Polzer reports: a2ps builds a command line for file containing an unescaped version of the file name, thus might call external programs described by the file name. Running a cronjob over a public writable directory a2ps-ing all files in it - or simply typing "a2ps .txt" in /tmp - is...
acroread uudecoder input validation error
An iDEFENSE security advisory reports: Remote exploitation of an input validation error in the uudecoding feature of Adobe Acrobat Reader Unix 5.0 allows an attacker to execute arbitrary code. The Unix and Linux versions of Adobe Acrobat Reader 5.0 automatically attempt to convert uuencoded...
gaim remotely exploitable vulnerabilities in MSN component
Sebastian Krahmer discovered several remotely exploitable buffer overflow vulnerabilities in the MSN component of gaim. In two places in the MSN protocol plugins object.c and slp.c, strncpy was used incorrectly; the size of the array was not checked before copying to it. Both bugs affect MSN's...
Mutiple browser frame injection vulnerability
A class of bugs affecting many web browsers in the same way was discovered. A Secunia advisory reports: The problem is that the browsers don't check if a target frame belongs to a website containing a malicious link, which therefore doesn't prevent one browser window from loading content in a nam...
Buffer overflow in Squid NTLM authentication helper
Remote exploitation of a buffer overflow vulnerability in the NTLM authentication helper routine of the Squid Web Proxy Cache could allow a remote attacker to execute arbitrary code. A remote attacker can compromise a target system if the Squid Proxy is configured to use the NTLM authentication...
mozilla -- automated file upload
A malicious web page can cause an automated file upload from the victim's machine when viewed with Mozilla with Javascript enabled. This is due to a bug permitting default values for type="file" elements in certain situations...
racoon fails to verify signature during Phase 1
Ralf Spenneberg discovered a serious flaw in racoon. When using Phase 1 main or aggressive mode, racoon does not verify the client's RSA signature. Any installations using X.509 authentication are strongly urged to upgrade. Installations using pre-shared keys are believed to be unaffected...
jailed processes can manipulate host routing tables
A programming error resulting in a failure to verify that an attempt to manipulate routing tables originated from a non-jailed process. Jailed processes running with superuser privileges could modify host routing tables. This could result in a variety of consequences including packets being sent...
ezbounce remote format string vulnerability
A security hole exists that can be used to crash the proxy and execute arbitrary code. An exploit is circulating that takes advantage of this, and in some cases succeeds in obtaining a login shell on the machine...
PostgreSQL -- Multiple vulnerabilities
The PostgreSQL project reports: Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's...
Apache Tomcat -- RCE due to TOCTOU issue in JSP compilation
[email protected] reports: Time-of-check Time-of-use TOCTOU Race Condition The mitigation for CVE-2024-50379 was incomplete. Users running Tomcat on a case insensitive file system with the default servlet write enabled readonly initialisation parameter set to the non-default value of false may...
FreeBSD -- Multiple issues in the bhyve hypervisor
Problem Description: Several vulnerabilities were found in the bhyve hypervisor's device models. The NVMe driver function nvmeopcgetlogpage is vulnerable to a buffer over- read from a guest-controlled value. CVE-2024-51562 The virtiovqrecordon function is subject to a time-of-check to time-of-use...
firefox -- multiple vulnerabilities
[email protected] reports: CVE-2024-9392: A compromised content process could have allowed for the arbitrary loading of cross-origin pages. CVE-2024-9396: It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could lead to...
AMD CPUs -- Guest Memory Vulnerabilities
AMD reports: Researchers from IOActive have reported that it may be possible for an attacker with ring 0 access to modify the configuration of System Management Mode SMM even when SMM Lock is enabled. Improper validation in a model specific register MSR could allow a malicious program with ring0...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 21 security fixes: 342456991 High CVE-2024-5830: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2024-05-24 339171223 High CVE-2024-5831: Use after free in Dawn. Reported by wgslfuzz on 2024-05-07 340196361 High CVE-2024-5832: U...
electron29 -- use after free in Dawn
Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2024-4948...
electron{27,28} -- Use after free in Mojo
Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2024-1670...
Gitlab -- vulnerabilities
Gitlab reports: Restrict group access token creation for custom roles Project maintainers can bypass group's scan result policy blockbranchmodification setting ReDoS in CI/CD Pipeline Editor while verifying Pipeline syntax Resource exhaustion using GraphQL vulnerabilitiesCountByDay...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 3 security fixes: 41494539 High CVE-2024-1284: Use after free in Mojo. Reported by Anonymous on 2024-01-25 41494860 High CVE-2024-1283: Heap buffer overflow in Skia. Reported by Jorge Buzeti @r3tr074 on 2024-01-25...
electron{25,26} -- Use after free in Site Isolation
Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2023-5218...
vscode -- VS Code Remote Code Execution Vulnerability
VSCode developers report: Visual Studio Code Remote Code Execution Vulnerability A remote code execution vulnerability exists in VS Code 1.82.0 and earlier versions that working in a maliciously crafted package.json can result in executing commands locally. This scenario would require the attacke...
electron25 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-4427. Security: backported fix for CVE-2023-4428. Security: backported fix for CVE-2023-4429. Security: backported fix for CVE-2023-4430. Security: backported fix for CVE-2023-4572...
electron{22,23,24,25} -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-3732. Security: backported fix for CVE-2023-3728. Security: backported fix for CVE-2023-3730...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update includes 2 security fixes: 1450481 High CVE-2023-3079: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group on 2023-06-01...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Privilege escalation for external users when OIDC is enabled under certain conditions Account takeover through open redirect for Group SAML accounts Users on banned IP addresses can still commit to projects User with developer role group can modify Protected branches setting on...
jellyfin -- Multiple vulnerabilities
[email protected] reports: Jellyfin is a free-software media system. Versions starting with 10.8.0 and prior to 10.8.10 and prior have a directory traversal vulnerability inside the ClientLogController, specifically /ClientLog/Document. When combined with a cross-site scripting...
redis -- HINCRBYFLOAT can be used to crash a redis-server process
Redis core team reports: Authenticated users can use the HINCRBYFLOAT command to create an invalid hash field that may later crash Redis on access...
powerdns-recursor -- denial of service
PowerDNS Team reports: PowerDNS Security Advisory 2023-02: Deterred spoofing attempts can lead to authoritative servers being marked unavailable...
typo3 -- multiple vulnerabilities
TYPO3 reports: TYPO3-CORE-SA-2022-012: Denial of Service in Page Error Handling. TYPO3-CORE-SA-2022-013: Weak Authentication in Frontend Login. TYPO3-CORE-SA-2022-014: Insufficient Session Expiration after Password Reset. TYPO3-CORE-SA-2022-015: Arbitrary Code Execution via Form Framework...
Grafana -- Privilege escalation
Grafana Labs reports: Internal security audit identified a race condition in the Grafana codebase, which allowed an unauthenticated user to query an arbitrary endpoint in Grafana. A race condition in the HTTP context creation could make a HTTP request being assigned the authentication/authorizati...
chromium -- mulitple vulnerabilities
Chrome Releases reports: This release contains 6 security fixes: 1364604 High CVE-2022-3445: Use after free in Skia. Reported by Nan Wang @eternalsakura13 and Yong Liu of 360 Vulnerability Research Institute on 2022-09-16 1368076 High CVE-2022-3446: Heap buffer overflow in WebSQL. Reported by...