6583 matches found
YUI JavaScript library -- JavaScript injection exploits in Flash components
The YUI team reports: A security-related defect was introduced in the YUI 2 Flash component infrastructure beginning with the YUI 2.4.0 release. This defect allows JavaScript injection exploits to be created against domains that host affected YUI .swf files...
cyrus-imapd -- buffer overrun in httpd
Cyrus IMAP 3.0.10 Release Notes states: Fixed CVE-2019-11356: buffer overrun in httpd...
Containous Traefik -- exposes the configuration and secret
MITRE reports: Containous Traefik 1.6.x before 1.6.6, when --api is used, exposes the configuration and secret if authentication is missing and the API's port is publicly reachable...
ntp -- multiple vulnerabilities
Network Time Foundation reports: NTF's NTP Project has been notified of the following low- and medium-severity vulnerabilities that are fixed in ntp-4.2.8p6, released on Tuesday, 19 January 2016: Bug 2948 / CVE-2015-8158: Potential Infinite Loop in ntpq. Reported by Cisco ASIG. Bug 2945 /...
LZO -- potential buffer overrun when processing malicious input data
Markus Franz Xaver Johannes Oberhumer reports, in the package's NEWS file: Fixed a potential integer overflow condition in the "safe" decompressor variants which could result in a possible buffer overrun when processing maliciously crafted compressed input data. As this issue only affects 32-bit...
databases/postgresql*-server -- multiple vulnerabilities
The PostgreSQL Global Development Group reports: The PostgreSQL Global Development Group today released security updates for all active branches of the PostgreSQL database system, including versions 9.1.5, 9.0.9, 8.4.13 and 8.3.20. This update patches security holes associated with libxml2 and...
Matrix clients -- several vulnerabilities
Matrix developers report: Two critical severity vulnerabilities in end-to-end encryption were found in the SDKs which power Element, Beeper, Cinny, SchildiChat, Circuli, Synod.im and any other clients based on matrix-js-sdk, matrix-ios-sdk or matrix-android-sdk2...
OpenSSL -- Infinite loop in BN_mod_sqrt parsing certificates
The OpenSSL project reports: Infinite loop in BNmodsqrt reachable when parsing certificates High The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that...
seatd-launch -- remove files with escalated privileges with SUID
Kenny Levinsen reports: seatd-launch could use a user-specified socket path instead of the internally generated socket path, and would unlink the socket path before use to guard against collision with leftover sockets. This meant that a caller could freely control what file path would be unlinked...
curl -- multiple vulnerabilities
curl security problems: CVE-2019-5435: Integer overflows in curlurlset libcurl contains two integer overflows in the curlurlset function that if triggered, can lead to a too small buffer allocation and a subsequent heap buffer overflow. The flaws only exist on 32 bit architectures and require...
groovy -- remote execution of untrusted code/DoS vulnerability
The Apache Groovy project reports: When an application with Groovy on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it is possible for an attacker to bake a special serialized object that will execute code directly when...
bogofilter -- heap corruption through malformed input
Matthias Andree reports: When using Unicode databases default in more recent bogofilter installations, upon encountering invalid input sequences, bogofilter or bogolexer could overrun a malloc'd buffer, corrupting the heap, while converting character sets. Bogofilter would usually be processing...
qt5-webengine -- Multiple vulnerabilities
Qt qtwebengine-chromium repo reports: Backports for 8 security bugs in Chromium: 1505053 High CVE-2023-6345: Integer overflow in Skia 1501326 High CVE-2023-6702: Type Confusion in V8 1513170 High CVE-2023-7024: Heap buffer overflow in WebRTC 1501798 High CVE-2024-0222: Use after free in ANGLE...
MySQL -- Multiple vulnerabilities
Oracle reports: The 2022 April Critical Patch Update contains 43 new security patches for Oracle MySQL. 11 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials...
Apache -- Multiple vulnerabilities
The Apache httpd Project reports: Apache HTTP Server privilege escalation from modules' scripts CVE-2019-0211 important modauthdigest access control bypass CVE-2019-0217 important modssl access control bypass CVE-2019-0215 important modhttp2, possible crash on late upgrade CVE-2019-0197 low...
samba -- multiple vulnerabilities
The samba project reports: Samba releases 4.7.0 to 4.8.3 inclusive contain an error which allows authentication using NTLMv1 over an SMB1 transport either directory or via NETLOGON SamLogon calls from a member server, even when NTLMv1 is explicitly disabled on the server. Missing input sanitizati...
PostgreSQL vulnerabilities
The PostgreSQL project reports: Security Fixes nested CASE expressions + database and role names with embedded special characters CVE-2017-7484: selectivity estimators bypass SELECT privilege checks. CVE-2017-7485: libpq ignores PGREQUIRESSL environment variable CVE-2017-7486: pgusermappings view...
dropbear -- multiple vulnerabilities
Matt Johnston reports: If specific usernames including "%" symbols can be created on a system validated by getpwnam then an attacker could run arbitrary code as root when connecting to Dropbear server. A dbclient user who can control username or host arguments could potentially run arbitrary code...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 235638 High CVE-2013-2837: Use-after-free in SVG. Credit to Slawomir Blazek. 235311 Medium CVE-2013-2838: Out-of-bounds read in v8. Credit to Christian Holler. 230176 High CVE-2013-2839: Bad cast in clipboard handling. Credit to Jon of MWR InfoSecurity. 230117 High...
php-mbstring -- php mbstring buffer overflow vulnerability
SecurityFocus reports: PHP is prone to a buffer-overflow vulnerability because it fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers. The issue affects the 'mbstring' extension included in the standard distribution. An attacker can exploit th...
h2o -- HTTP/2 Rapid Reset attack vulnerability
Kazuo Okuhu reports: H2O is vulnerable to the HTTP/2 Rapid Reset attack. An attacker might be able to consume more than adequate amount of processing power of h2o and the backend servers by mounting the attack...
cassandra3 -- multiple vulnerabilities
Cassandra tema reports: This release contains 6 security fixes including CVE-2022-24823: When Netty's multipart decoders are used local information disclosure can occur via the local system temporary directory CVE-2020-7238: Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release includes 11 security fixes, including: 1358381 High CVE-2022-3195: Out of bounds write in Storage. Reported by Ziling Chen and Nan Wang @eternalsakura13 of 360 Vulnerability Research Institute on 2022-08-31 1358090 High CVE-2022-3196: Use after free in PDF...
MySQL -- Multiple vulnerabilities
Oracle reports: This Critical Patch Update contains 41 new security patches for Oracle MySQL. 10 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabiliti...
p11-kit -- Multiple vulnerabilities
The p11-glue project reports: CVE-2020-29363: Out-of-bounds write in p11rpcbuffergetbytearrayvalue functionA heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the remote entity supplies a serialized byte array in...
MySQL -- Multiple vulerabilities
Oracle reports: This Critical Patch Update contains 31 new security fixes for Oracle MySQL. 6 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials...
nginx -- SPDY heap buffer overflow
The nginx project reports: A bug in the experimental SPDY implementation in nginx was found, which might allow an attacker to cause a heap memory buffer overflow in a worker process by using a specially crafted request, potentially resulting in arbitrary code execution CVE-2014-0133. The problem...
Grafana -- Exposure of sensitive information to an unauthorized actor
Grafana Labs reports: When setting up Grafana, there is an option to enable JWT authentication. Enabling this will allow users to authenticate towards the Grafana instance with a special header default X-JWT-Assertion . In Grafana, there is an additional way to authenticate using JWT called URL...
Gitlab -- multiple vulnerabilities
Gitlab reports: Potential Denial Of Service Via Update Release Links API Insecure Storage of Session Key In Redis Improper Access Expiration Date Validation Cross-Site Scripting in Multiple Pages Unauthorized Users Can View Custom Project Template Cross-Site Scripting in SVG Image Preview...
Exim -- RCE in deliver_message() function
Exim team and Qualys report: We received a report of a possible remote exploit. Currently there is no evidence of an active use of this exploit. A patch exists already, is being tested, and backported to all versions we released since and including 4.87. The severity depends on your configuration...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory: Description High SECURITY-868 Administrators could persist access to Jenkins using crafted 'Remember me' cookie Medium SECURITY-901 Deleting a user in an external security realm did not invalidate their session or 'Remember me' cookie...
apache24 -- several vulnerabilities
Apache HTTP SERVER PROJECT reports: modproxy: Fix crash in Connection header handling which allowed a denial of service attack against a reverse proxy with a threaded MPM. Fix a race condition in scoreboard handling, which could lead to a heap buffer overflow. moddeflate: The DEFLATE input filter...
wget -- multiple vulnerabilities
Jan Minar reports that there exists multiple vulnerabilities in wget: Wget erroneously thinks that the current directory is a fair game, and will happily write in any file in and below it. Malicious HTTP response or malicious HTML file can redirect wget to a file that is vital to the system, and...
caddy -- multiple vulnerabilities
Caddy project reports: Caddy 2.11.4 contains multiple security fixes. GitHub Security Advisory GHSA-qrp7-cvwr-j2c6 reports: Windows-encoded backslashes in request paths could bypass path-scoped authorization rules before files are served by fileserver. GitHub Security Advisory GHSA-f59h-q822-g45g...
nginx-devel -- Multiple Vulnerabilities in HTTP/3
The nginx development team reports: When using HTTP/3 a segmentation fault might occur in a worker process while processing a specially crafted QUIC session...
PostgreSQL server -- Client memory disclosure when connecting, with Kerberos, to modified server.
PostgreSQL Project reports: A modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. When a libpq client application has a Kerberos credential cache and doesn't explicitly disable option gssencmode, a server can cause libpq to...
nokogiri -- Security vulnerability
Nokogiri reports: In Nokogiri versions = 1.11.0.rc3, XML Schemas parsed by Nokogiri::XML::Schema were trusted by default, allowing external resources to be accessed over the network, potentially enabling XXE or SSRF attacks...
Apache -- Multiple vulnerabilities
Apache Team reports: SECURITY: CVE-2020-1934 modproxyftp: Use of uninitialized value with malicious backend FTP server. SECURITY: CVE-2020-1927 rewrite, core: Set PCREDOTALL flag by default to avoid unpredictable matches and substitutions with encoded line break characters. The fix for...
Node.js -- multiple vulnerabilities
Node.js reports: Updates are now available for all active Node.js release lines for the following issues. HTTP request smuggling using malformed Transfer-Encoding header Critical CVE-2019-15605HTTP request smuggling using malformed Transfer-Encoding header Critical CVE-2019-15605 Affected Node.js...
mantis -- multiple vulnerabilities
The Mantis developers report: CVE-2019-15715: Admin Required - Post Authentication Command Execution / Injection Vulnerability CVE-2019-8331: In Bootstrap before 3.4.1, XSS is possible in the tooltip or popover data-template attribute Missing integrity hashes for CSS resources from CDNs...
NGINX -- Multiple vulnerabilities
NGINX Team reports: Several security issues were identified in nginx HTTP/2 implementation which might cause excessive memory consumption and CPU usage CVE-2019-9511, CVE-2019-9513, CVE-2019-9516. The issues affect nginx compiled with the ngxhttpv2module not compiled by default if the http2 optio...
samba -- remote code execution vulnerability
The samba project reports: Remote code execution from a writable share. All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it...
tomcat -- bypass of CSRF prevention filter
The Apache Software Foundation reports: The CSRF prevention filter could be bypassed if a request was made to a protected resource without a session identifier present in the request...
horde -- Cross site scripting vulnerabilities in MIME viewers
Announce of Horde 3.0.7 final: This 3.0.7 is a security release that fixes cross site scripting vulnerabilities in two of Horde's MIME viewers. These holes could for example be exploited by an attacker sending specially crafted emails to Horde's webmail client IMP. The attack could be used to ste...
Grafana -- XSS
Grafana Labs reports: If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim’s browser. The user visiting the malicious link must be unauthenticated, and the link must be for a page th...
MySQL -- Multiple vulerabilities
Oracle reports: This Critical Patch Update contains 17 new security fixes for Oracle MySQL. 5 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials...
dovecot -- json encoder crash
Aki Tuomi reports: CVE-2019-10691: Trying to login with 8bit username containing invalid UTF8 input causes auth process to crash if auth policy is enabled. This could be used rather easily to cause a DoS. Similar crash also happens during mail delivery when using invalid UTF8 in From or Subject...
Apache httpd -- multiple vulnerabilities
The Apache project reports: DoS for HTTP/2 connections by crafted requests CVE-2018-1333. By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. low modmd, DoS via Coredumps on specially crafted...
exim -- a buffer overflow vulnerability, remote code execution
Exim developers report: There is a buffer overflow in base64d, if some pre-conditions are met. Using a handcrafted message, remote code execution seems to be possible...
mini_httpd,thttpd -- Buffer overflow in htpasswd
Alessio Santoru reports: Buffer overflow in htpasswd...