6585 matches found
pcre -- regular expression buffer overflow
The pcre library is vulnerable to a buffer overflow vulnerability due to insufficient validation of quantifier values. This could lead execution of arbitrary code with the permissions of the program using pcre by way of a specially crated regular expression...
openvpn -- denial of service: undecryptable packet from authorized client can disconnect unrelated clients
James Yonan reports: If the client sends a packet which fails to decrypt on the server, the OpenSSL error queue is not properly flushed, which can result in another unrelated client instance on the server seeing the error and responding to it, resulting in disconnection of the unrelated client...
libgadu -- multiple vulnerabilities
Wojtek Kaniewski reports: Multiple vulnerabilities have been found in libgadu, a library for handling Gadu-Gadu instant messaging protocol. It is a part of ekg, a Gadu-Gadu client, but is widely used in other clients. Also some of the user contributed scripts were found to behave in an insecure...
squid -- Denial Of Service Vulnerability in sslConnectTimeout
The squid patches page notes: After certain slightly odd requests Squid crashes with a segmentation fault in sslConnectTimeout...
squirrelmail -- _$POST variable handling allows for various attacks
A Squirrelmail Advisory reports: An extract$POST was done in optionsidentities.php which allowed for an attacker to set random variables in that file. This could lead to the reading and possible writing of other people's preferences, cross site scripting or writing files in webserver-writable...
mambo -- multiple vulnerabilities
A Secunia Advisory reports: Some vulnerabilities have been reported in Mambo, where some have unknown impacts and others can be exploited by malicious people to conduct spoofing and SQL injection attacks. Input passed to the "userrating" parameter when voting isn't properly sanitised before being...
tiff -- buffer overflow vulnerability
A Gentoo Linux Security Advisory reports: Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a stack based buffer overflow in the libTIFF library when reading a TIFF image with a malformed BitsPerSample tag. Successful exploitation would require the victim to open a specially crafte...
gaim -- MSN remote DoS vulnerability
The GAIM team reports: Potential remote denial of service bug resulting from not checking a pointer for non-NULL before passing it to strncmp, which results in a crash. This can be triggered by a remote client sending an SLP message with an empty body...
gaim -- jabber remote crash
The GAIM team reports: A remote jabber user can cause Gaim to crash by sending a specific file transfer request...
mozilla -- javascript "lambda" replace exposes memory contents
A Mozilla Foundation Security Advisory reports: A bug in javascript's regular expression string replacement when using an anonymous function as the replacement argument allows a malicious script to capture blocks of memory allocated to the browser. A web site could capture data and transmit it to...
lighttpd -- script source disclosure vulnerability
The lighttpd website reports: In lighttpd 1.3.7 and below it is possible to fetch the source files which should be handled by CGI or FastCGI applications. The vulnerability is in the handling of urlencoded trailing NUL bytes. Installations that do not use CGI or FastCGI are not affected...
squid -- DoS on failed PUT/POST requests vulnerability
The squid patches page notes: An inconsistent state is entered on a failed PUT/POST request making a high risk for segmentation faults or other strange errors...
phpmyadmin -- increased privilege vulnerability
The phpMyAdmin team reports: Escaping of the "" character was not properly done, giving a wildcard privilege when editing db-specific privileges with phpMyAdmin...
clamav -- zip handling DoS vulnerability
The clamav daemon is vulnerable to a DoS vulnerability due to insufficient handling of malformed zip files which can crash the clamav daemon...
opera -- "data:" URI handler spoofing vulnerability
A Secunia Advisory reports: Michael Holzt has discovered a vulnerability in Opera, which can be exploited by malicious people to trick users into executing malicious files. The vulnerability is caused due to an error in the processing of "data:" URIs, causing wrong information to be shown in a...
squid -- no sanity check of usernames in squid_ldap_auth
The LDAP authentication helper did not strip leading or trailing spaces from the login name. According to the squid patches page: LDAP is very forgiving about spaces in search filters and this could be abused to log in using several variants of the login name, possibly bypassing explicit access...
opera -- kfmclient exec command execution vulnerability
Giovanni Delvecchio reports: Opera for linux uses "kfmclient exec" as "Default Application" to handle saved files. This could be used by malicious remote users to execute arbitrary shell commands on a target system...
viewcvs -- information leakage
The hidecvsroot and forbidden configuration options are not properly honored by viewcvs when exporting to a tar file which can lead to information leakage...
Cyrus IMAPd -- FETCH command out of bounds memory corruption
The argument parser of the fetch command suffers a bug very similiar to the partial command problem. Arguments like "bodyp", "binaryp" or "binaryp" will be wrongly detected and the bufferposition can point outside of the allocated buffer for the rest of the parsing process. When the parser trigge...
samba -- potential remote DoS vulnerability
Karol Wiesek at iDEFENSE reports: A remote attacker could cause an smbd process to consume abnormal amounts of system resources due to an input validation error when matching filenames containing wildcard characters. Although samba.org classifies this as a DoS vulnerability, several members of th...
imlib2 -- BMP decoder buffer overflow
Marcus Meissner discovered that imlib2's BMP decoder would crash when loading the test BMP file created by Chris Evans for testing the previous Qt vulnerability. There appears to be both a stack-based and a heap-based buffer overflow that are believed to be exploitable for arbitrary code executio...
Mozilla / Firefox user interface spoofing vulnerability
The Mozilla project's family of browsers contain a design flaw that can allow a website to spoof almost perfectly any part of the Mozilla user interface, including spoofing web sites for phishing or internal elements such as the "Master Password" dialog box. This achieved by manipulating "chrome"...
lha -- numerous vulnerabilities when extracting archives
Source code reviews of lha by Lukasz Wojtow, Thomas Biege, and others uncovered a number of vulnerabilities affecting lha: Buffer overflows when handling archives and filenames. CVE-2004-0694 Possible command execution via shell meta-characters when built with NOMKDIR. CVE-2004-0745 Buffer overfl...
mailman -- password disclosure
Barry Warsaw reports: Today I am releasing Mailman 2.1.5, a bug fix release ... This version also contains a fix for an exploit that could allow 3rd parties to retrieve member passwords. It is thus highly recommended that all existing sites upgrade to the latest version...
Midnight Commander buffer overflows, format string bugs, and insecure temporary file handling
Jakub Jelinek reports several security related bugs in Midnight Commander, including: Multiple buffer overflows CVE-2004-0226 Insecure temporary file handling CVE-2004-0231 Format string bug CVE-2004-0232...
xloadimage -- buffer overflow in FACES image handling
In 2001, zen-parse discovered a buffer overflow in xloadimage's FACES image loader. A maliciously crafted image could cause xloadimage to execute arbitrary code. A published exploit exists for this vulnerability. In 2005, Rob Holland discovered that the same vulnerability was present in xli...
OpenEXR -- 3.4.12 fixes multiple vulnerabilities
Cary Phillips reports: The OpenEXR 3.4.12 release addresses the following security vulnerabilities: CVE-2026-45696 OpenEXR htundoimpl heap-buffer-overflow READ via codestream/channel width mismatch in HTJ2K decode CVE-2026-44663 Integer overflow in HTJ2K decoder htundoimpl leading to...
Gitlab -- vulnerabilities
Gitlab reports: SAML authentication bypass...
qt6-webengine -- Multiple vulnerabilities
Qt qtwebengine-chromium repo reports: Backports for 7 security bugs in Chromium: CVE-2024-4948: Use after free in Dawn CVE-2024-5274: Type Confusion in V8 CVE-2024-5493: Heap buffer overflow in WebRTC CVE-2024-5494: Use after free in Dawn CVE-2024-5495: Use after free in Dawn CVE-2024-5496: Use...
openvpn -- two security fixes
Gert Doering reports that OpenVPN 2.6.11 fixes two security bugs three on Windows: CVE-2024-5594: control channel: refuse control channel messages with nonprintable characters in them. Security scope: a malicious openvpn peer can send garbage to openvpn log, or cause high CPU load. Reynir Björnss...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 4 security fixes: 332546345 Critical CVE-2024-4058: Type Confusion in ANGLE. Reported by Toan suto Pham and Bao zx Pham of Qrious Secure on 2024-04-02 333182464 High CVE-2024-4059: Out of bounds read in V8 API. Reported by Eirik on 2024-04-08 33342062...
go -- http2: close connections when receiving too many headers
The Go project reports: http2: close connections when receiving too many headers Maintaining HPACK state requires that we parse and process all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, we don't allocate memory to store the excess headers but...
chromium -- security fix
Chrome Releases reports: This update includes 1 security fix: 1513170 High CVE-2023-7024: Heap buffer overflow in WebRTC. Reported by Clément Lecigne and Vlad Stolyarov of Google's Threat Analysis Group on 2023-12-19...
Django -- multiple vulnerabilities
Django reports: CVE-2023-43665: Denial-of-service possibility in django.utils.text.Truncator...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update includes 10 security fixes: 1486441 High CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx. Reported by Clément Lecigne of Google's Threat Analysis Group on 2023-09-25 1478889 High CVE-2023-5186: Use after free in Passwords. Reported by pwn2car on...
Python -- multiple vulnerabilities
Python reports: gh-108310: Fixed an issue where instances of ssl.SSLSocket were vulnerable to a bypass of the TLS handshake and included protections like certificate verification and treating sent unencrypted data as if it were post-handshake TLS encrypted data...
rack -- possible DoS vulnerability in multipart MIME parsing
Aaron Patterson reports: The Multipart MIME parsing code in Rack limits the number of file parts, but does not limit the total number of parts that can be uploaded. Carefully crafted requests can abuse this and cause multipart parsing to take longer than expected...
Django -- multiple vulnerabilities
Django reports: CVE-2023-24580: Potential denial-of-service vulnerability in file uploads...
Django -- multiple vulnerabilities
Django reports: CVE-2023-23969: Potential denial-of-service via Accept-Language headers...
libXpm -- Issues handling XPM files
The X.Org project reports: CVE-2022-46285: Infinite loop on unclosed comments When reading XPM images from a file with libXpm 3.5.14 or older, if a comment in the file is not closed i.e. a C-style comment starts with "/" and is missing the closing "/", the ParseComment function will loop forever...
net/krill -- DoS vulnerability
MITRE reports: NLnet Labs Krill supports direct access to the RRDP repository content through its built-in web server at the "/rrdp" endpoint. Prior to 0.12.1 a direct query for any existing directory under "/rrdp/", rather than an RRDP file such as "/rrdp/notification.xml" as would be expected,...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 8 security fixes, including: 1383991 High CVE-2022-4436: Use after free in Blink Media. Reported by Anonymous on 2022-11-15 1394692 High CVE-2022-4437: Use after free in Mojo IPC. Reported by koocola@alocook and Guang Gong of 360 Vulnerability Resear...
FreeBSD -- Stack overflow in ping(8)
Problem Description: ping reads raw IP packets from the network to process responses in the prpack function. As part of processing a response ping has to reconstruct the IP header, the ICMP header and if present a "quoted packet," which represents the packet that generated an ICMP error. The quot...
go -- multiple vulnerabilities
The Go project reports: archive/tar: unbounded memory consumption when reading headers Reader.Read did not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics...
Unbound -- Multiple vulnerabilities
NLnet Labs reports: novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation...
Grafana -- Plugin signature bypass
Grafana Labs reports: On July 4th as a result of an internal security audit we have discovered a bypass in the plugin signature verification by exploiting a versioning flaw. We believe that this vulnerability is rated at CVSS 6.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L...
py-matrix-synapse -- unbounded recursion in urlpreview
Matrix developers report: This release fixes a vulnerability with Synapse's URL preview feature. URL previews of some web pages can lead to unbounded recursion, causing the request to either fail, or in some cases crash the running Synapse process. Note that: Homeservers with the urlpreviewenable...
py-cinder -- data leak
Duncan Thomas reports: The 1 GlusterFS and 2 Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header...
go -- multiple vulnerabilities
The Go project reports: encoding/pem: fix stack overflow in Decode. A large more than 5 MB PEM input can cause a stack overflow in Decode, leading the program to crash. crypto/elliptic: tolerate all oversized scalars in generic P-256. A crafted scalar input longer than 32 bytes can cause...
zsh -- Arbitrary command execution vulnerability
Marc Cornellà reports: Some prompt expansion sequences, such as %F, support 'arguments' which are themselves expanded in case they contain colour values, etc. This additional expansion would trigger PROMPTSUBST evaluation, if enabled. This could be abused to execute code the user didn't expect...