6585 matches found
go -- http2: close connections when receiving too many headers
The Go project reports: http2: close connections when receiving too many headers Maintaining HPACK state requires that we parse and process all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, we don't allocate memory to store the excess headers but...
electron{27,28} -- Use after free in Mojo
Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2024-1670...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 3 security fixes: 41494539 High CVE-2024-1284: Use after free in Mojo. Reported by Anonymous on 2024-01-25 41494860 High CVE-2024-1283: Heap buffer overflow in Skia. Reported by Jorge Buzeti @r3tr074 on 2024-01-25...
electron{25,26} -- Use after free in Site Isolation
Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2023-5218...
vscode -- VS Code Remote Code Execution Vulnerability
VSCode developers report: Visual Studio Code Remote Code Execution Vulnerability A remote code execution vulnerability exists in VS Code 1.82.0 and earlier versions that working in a maliciously crafted package.json can result in executing commands locally. This scenario would require the attacke...
electron25 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-4427. Security: backported fix for CVE-2023-4428. Security: backported fix for CVE-2023-4429. Security: backported fix for CVE-2023-4430. Security: backported fix for CVE-2023-4572...
electron{22,23,24,25} -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-3732. Security: backported fix for CVE-2023-3728. Security: backported fix for CVE-2023-3730...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update includes 2 security fixes: 1450481 High CVE-2023-3079: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group on 2023-06-01...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Privilege escalation for external users when OIDC is enabled under certain conditions Account takeover through open redirect for Group SAML accounts Users on banned IP addresses can still commit to projects User with developer role group can modify Protected branches setting on...
jellyfin -- Multiple vulnerabilities
[email protected] reports: Jellyfin is a free-software media system. Versions starting with 10.8.0 and prior to 10.8.10 and prior have a directory traversal vulnerability inside the ClientLogController, specifically /ClientLog/Document. When combined with a cross-site scripting...
redis -- HINCRBYFLOAT can be used to crash a redis-server process
Redis core team reports: Authenticated users can use the HINCRBYFLOAT command to create an invalid hash field that may later crash Redis on access...
powerdns-recursor -- denial of service
PowerDNS Team reports: PowerDNS Security Advisory 2023-02: Deterred spoofing attempts can lead to authoritative servers being marked unavailable...
typo3 -- multiple vulnerabilities
TYPO3 reports: TYPO3-CORE-SA-2022-012: Denial of Service in Page Error Handling. TYPO3-CORE-SA-2022-013: Weak Authentication in Frontend Login. TYPO3-CORE-SA-2022-014: Insufficient Session Expiration after Password Reset. TYPO3-CORE-SA-2022-015: Arbitrary Code Execution via Form Framework...
Grafana -- Privilege escalation
Grafana Labs reports: Internal security audit identified a race condition in the Grafana codebase, which allowed an unauthenticated user to query an arbitrary endpoint in Grafana. A race condition in the HTTP context creation could make a HTTP request being assigned the authentication/authorizati...
chromium -- mulitple vulnerabilities
Chrome Releases reports: This release contains 6 security fixes: 1364604 High CVE-2022-3445: Use after free in Skia. Reported by Nan Wang @eternalsakura13 and Yong Liu of 360 Vulnerability Research Institute on 2022-09-16 1368076 High CVE-2022-3446: Heap buffer overflow in WebSQL. Reported by...
strongswan -- DOS attack vulnerability
Lahav Schlesinger reported a bug related to online certificate revocation checking that can lead to a denial-of-service attack...
go -- multiple vulnerabilities
The Go project reports: net/http: handle server errors after sending GOAWAY A closing HTTP/2 server connection could hang forever waiting for a clean shutdown that was preempted by a subsequent fatal error. This failure mode could be exploited to cause a denial of service. net/url: JoinPath does...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Group members with developer role can escalate their privilege to maintainer on projects that they import When user registration is limited, external users that aren't developers shouldn't have access to the CI Lint API Collision in access memoization leads to potential elevated...
libssh -- possible heap-buffer overflow vulnerability
libssh security advisories: The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secrethash and and the other sessionid. Initially, both of them are the same, but after key re-exchange, previous sessionid is kept and used as an input to new...
go -- archive/zip: overflow in preallocation check can cause OOM panic
The Go project reports: An oversight in the previous fix still allows for an OOM panic when the indicated directory size in the archive header is so large that subtracting it from the archive size overflows a uint64, effectively bypassing the check that the number of files in the archive is...
py-flask-caching -- remote code execution or local privilege escalation vulnerabilities
subnix reports: The Flask-Caching extension through 2.0.2 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage e.g., filesystem, Memcached, Redis, etc., they can construct a crafted payloa...
Django -- multiple vulnerabilities
Django Release reports: CVE-2021-31542:Potential directory-traversal via uploaded files. MultiPartParser, UploadedFile, and FieldFile allowed directory-traversal via uploaded files with suitably crafted file names...
FreeBSD -- jail escape possible by mounting over jail root
Problem Description: Due to a race condition between lookup of ".." and remounting a filesystem, a process running inside a jail might access filesystem hierarchy outside of jail. Impact: A process with superuser privileges running inside a jail configured with the allow.mount permission not...
mdbook -- XSS in mdBook's search page
Rust Security Response Working Group reports: The search feature of mdBook introduced in version 0.1.4 was affected by a cross site scripting vulnerability that allowed an attacker to execute arbitrary JavaScript code on an user's browser by tricking the user into typing a malicious search query,...
asterisk -- Remote attacker could prematurely tear down SRTP calls
The Asterisk project reports: An unauthenticated remote attacker could replay SRTP packets which could cause an Asterisk instance configured without strict RTP validation to tear down calls prematurely...
cacti -- SQL Injection was possible due to incorrect validation order
Cati team reports: Due to a lack of validation, datadebug.php can be the source of a SQL injection...
FreeBSD -- bhyve SVM guest escape
Problem Description: A number of AMD virtualization instructions operate on host physical addresses, are not subject to nested page table translation, and guest use of these instructions was not trapped. Impact: From kernel mode a malicious guest can write to arbitrary host memory with some...
chromium -- heap buffer overflow
Chrome Releases reports: This release contains one security fix: 1115345 High CVE-2020-6556: Heap buffer overflow in SwiftShader. Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2020-08-12...
mail/dovecot -- multiple vulnerabilities
Aki Tuomi reports: When imap hibernation is active, an attacker can cause Dovecot to discover file system directory structure and access other users' emails using specially crafted command. The attacker must have valid credentials to access the mail server. Mail delivery / parsing crashed when th...
Python -- multiple vulnerabilities
Python reports: bpo-41162:Audit hooks are now cleared later during finalization to avoid missing events. bpo-29778:Ensure python3.dll is loaded from correct locations when Python is embedded...
Several issues in Lynis
lynis update: This release resolves two security issues CVE-2020-13882 - Discovered by Sander Bos, code submission by Katarina Durechova CVE-2019-13033 - Discovered by Sander Bos...
Anydesk -- Multiple Vulnerabilities
Anydesk reports: AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution...
Django -- multiple vulnerabilities
Django security release reports: CVE-2020-13254: Potential data leakage via malformed memcached keys In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage. In order to avoid this vulnerability,...
FreeBSD -- Insufficient oce(4) ioctl(2) privilege checking
Problem Description: The driver-specific ioctl2 command handlers in oce4 failed to check whether the caller has sufficient privileges to perform the corresponding operation. Impact: The oce4 handler permits unprivileged users to send passthrough commands to device firmware...
Django -- potential SQL injection vulnerability
MITRE CVE reports: Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was...
OpenSMTPd -- LPE and RCE in OpenSMTPD's default install
OpenSMTPD developers reports: An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the smtpq group. An unprivileged local...
FreeBSD -- libfetch buffer overflow
Problem Description: A programming error allows an attacker who can specify a URL with a username and/or password components to overflow libfetch3 buffers. Impact: An attacker in control of the URL to be fetched possibly via HTTP redirect may cause a heap buffer overflow, resulting in program...
pkg -- vulnerability in libfetch
A programming error allows an attacker who can specify a URL with a username and/or password components to overflow libfetch3 buffers...
Client/server denial of service when handling AES-CTR ciphers
The libssh team reports originally reported by Yasheng Yang from Google: A malicious client or server could crash the counterpart implemented with libssh AES-CTR ciphers are used and don't get fully initialized. It will crash when it tries to cleanup the AES-CTR ciphers when closing the connectio...
dovecot -- multiple vulnerabilities
Aki Tuomi reports: lib-smtp doesn't handle truncated command parameters properly, resulting in infinite loop taking 100% CPU for the process. This happens for LMTP where it doesn't matter so much and also for submission-login where unauthenticated users can trigger it. Aki also reports: Snippet...
rack -- information leak / session hijack vulnerability
National Vulnerability Database: There's a possible information leak / session hijack vulnerability in Rack RubyGem rack. This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are...
asterisk -- SIP request can change address of a SIP peer
The Asterisk project reports: A SIP request can be sent to Asterisk that can change a SIP peers IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peers name; authentication details such as passwords do not need to be...
file -- Heap buffer overflow possible
mitre reports cdfreadpropertyinfo in cdf.c in file through 5.37 does not restrict the number of CDFVECTOR elements, which allows a heap-based buffer overflow 4-byte out-of-bounds write...
xymon-server -- multiple vulnerabilities
Japheth Cleaver reports: Several buffer overflows were reported by University of Cambridge Computer Security Incident Response Team...
asterisk -- Remote Crash Vulnerability in chan_sip channel driver
The Asterisk project reports: When T.38 faxing is done in Asterisk a T.38 reinvite may be sent to an endpoint to switch it to T.38. If the endpoint responds with an improperly formatted SDP answer including both a T.38 UDPTL stream and an audio or video stream containing only codecs not allowed o...
asterisk -- Remote crash vulnerability with MESSAGE messages
The Asterisk project reports: A specially crafted SIP in-dialog MESSAGE message can cause Asterisk to crash...
bro -- Unsafe integer conversions can cause unintentional code paths to be executed
Jon Siwek of Corelight reports: The following Denial of Service vulnerabilities are addressed: Integer type mismatches in BinPAC-generated parser code and Bro analyzer code may allow for crafted packet data to cause unintentional code paths in the analysis logic to be taken due to unsafe integer...
Gitlab -- Information Disclosure
Gitlab reports: Information Disclosure with Limited Scope Token...
moodle -- Login CSRF vulnerability
moodle reports: The login form is not protected by a token to prevent login cross-site request forgery...
chromium -- Incorrect handling of CSP header
Google Chrome Releases reports: 1 security fix contributed by external researchers: 845961 High CVE-2018-6148: Incorrect handling of CSP header. Reported by Michal Bentkowski on 2018-05-23...