6585 matches found
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 27 security fixes, including: 1284584 High CVE-2022-0452: Use after free in Safe Browsing. Reported by avaue at S.S.L. on 2022-01-05 1284916 High CVE-2022-0453: Use after free in Reader Mode. Reported by Rong Jian of VRI on 2022-01-06 1287962 High...
mustache - Possible Remote Code Execution
huntr.dev reports: In Mustache.php v2.0.0 through v2.14.0, Sections tag can lead to arbitrary php code execution even if strictcallables is true when section value is controllable...
go -- multiple vulnerabilities
The Go project reports: net/http: limit growth of header canonicalization cache. An attacker can cause unbounded memory growth in a Go server accepting HTTP/2 requests. syscall: don’t close fd 0 on ForkExec error. When a Go program running on a Unix system is out of file descriptors and calls...
puppet -- Silent Configuration Failure
Puppet reports: A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first pluginsync...
Node.js -- July 2021 Security Releases (2)
Node.js reports: Use after free on close http2 on stream canceling High CVE-2021-22930 Node.js is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior...
mediawiki -- multiple vulnerabilities
Mediawiki reports: T285515, CVE-2021-41798 SECURITY: XSS vulnerability in Special:Search. T290379, CVE-2021-41799 SECURITY: ApiQueryBacklinks can cause a full table scan. T284419, CVE-2021-41800 SECURITY: fix PoolCounter protection of Special:Contributions. T279090, CVE-2021-41801 SECURITY:...
lasso -- signature checking failure
entrouvert reports: When AuthnResponse messages are not signed which is permitted by the specifiation, all assertion's signatures should be checked, but currently after the first signed assertion is checked all following assertions are accepted without checking their signature, and the last one i...
py-flask-caching -- remote code execution or local privilege escalation vulnerabilities
subnix reports: The Flask-Caching extension through 2.0.2 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage e.g., filesystem, Memcached, Redis, etc., they can construct a crafted payloa...
FreeBSD -- Memory disclosure by stale virtual memory mapping
Problem Description: A particular case of memory sharing is mishandled in the virtual memory system. It is possible and legal to establish a relationship where multiple descendant processes share a mapping which shadows memory of an ancestor process. In this scenario, when one process modifies...
glpi -- Any CalDAV calendars is read-only for every authenticated user
MITRE Corporation reports: In GLPI before version 9.5.3, any authenticated user has read-only permissions to the planning of every other user, even admin ones. This issue is fixed in version 9.5.3. As a workaround, one can remove the caldav.php file to block access to CalDAV server...
mantis -- multiple vulnerabilities
Mantis 2.24.3 release reports: This release fixes 3 security issues: 0027039: CVE-2020-25781: Access to private bug note attachments 0027275: CVE-2020-25288: HTML Injection on bugupdatepage.php 0027304: CVE-2020-25830: HTML Injection in bugactiongrouppage.php...
textproc/elasticsearch6 -- field disclosure flaw
Elastic reports: A field disclosure flaw was found in Elasticsearch when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attacker...
chrony <= 3.5.1 data corruption through symlink vulnerability writing the pidfile
Miroslav Lichvar reports: chrony-3.5.1 ... fixes a security issue in writing of the pidfile. When chronyd is configured to save the pidfile in a directory where the chrony user has write permissions e.g. /var/run/chrony - the default since chrony-3.4, an attacker that compromised the chrony user...
libX11 -- Heap corruption in the X input method client in libX11
The X.org project reports: The X Input Method XIM client implementation in libX11 has some integer overflows and signed/unsigned comparison issues that can lead to heap corruption when handling malformed messages from an input method...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Workhorse bypass allows files in /tmp to be read via Maven Repository APIs...
chromium -- use after free
Google Chrome Releases reports: 1067851 Critical CVE-2020-6457: Use after free in speech recognizer. Reported by Leecraso and Guang Gong of Alpha Lab, Qihoo 360 on 2020-04-04...
glpi -- SQL injection for all helpdesk instances
MITRE Corporation reports: In GLPI before version 9.4.6, there is a SQL injection vulnerability for all helpdesk instances. Exploiting this vulnerability requires a technician account. This is fixed in version 9.4.6...
WeeChat -- Multiple vulnerabilities
The WeeChat project reports: Buffer overflow when receiving a malformed IRC message 324 channel mode. CVE-2020-8955 Buffer overflow when a new IRC message 005 is received with longer nick prefixes. Crash when receiving a malformed IRC message 352 WHO...
PostgresSQL -- ALTER ... DEPENDS ON EXTENSION is missing authorization checks
The PostgreSQL project reports: Versions Affected: 9.6 - 12 The ALTER ... DEPENDS ON EXTENSION sub-commands do not perform authorization checks, which can allow an unprivileged user to drop any function, procedure, materialized view, index, or trigger under certain conditions. This attack is...
Gitlab -- Vulnerability
Gitlab reports: Incorrect membership handling of group sharing feature...
NPM -- Multiple vulnerabilities
NPM reports: Global nodemodules Binary Overwrite Symlink reference outside of nodemodules Arbitrary File Write...
security/py-ecdsa -- multiple issues
py-ecdsa developers report: Fix CVE-2019-14853 - possible DoS caused by malformed signature decoding. Fix CVE-2019-14859 - signature malleability caused by insufficient checks of DER encoding...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Insecure Authentication Methods Disabled for Grafana By Default Multiple Command-Line Flag Injection Vulnerabilities Insecure Cookie Handling on GitLab Pages...
Nokogiri -- injection vulnerability
Nokogiri GitHub release: A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess by Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizerloadfile is being passed untrusted user input...
glpi -- Account takeover vulnerability
MITRE Corporation reports: GLPI through 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletion feature. The lack of correct validation leads to recovery of the token generated via the password reset functionality, and thus an authenticated attacker can set an...
bro -- Unsafe integer conversions can cause unintentional code paths to be executed
Jon Siwek of Corelight reports: The following Denial of Service vulnerabilities are addressed: Integer type mismatches in BinPAC-generated parser code and Bro analyzer code may allow for crafted packet data to cause unintentional code paths in the analysis logic to be taken due to unsafe integer...
py39-sqlalchemy12 -- multiple SQL Injection vulnerabilities
21k reports: SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the orderby parameter. nosecurity reports: SQLAlchemy 1.2.17 has SQL Injection when the groupby parameter can be controlled...
phpMyAdmin -- File disclosure and SQL injection
The phpMyAdmin development team reports: Summary Arbitrary file read vulnerability Description When AllowArbitraryServer configuration set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. phpMyadmin attempts to block...
Django -- Content spoofing possibility in the default 404 page
Django security releases issued reports: An attacker could craft a malicious URL that could make spoofed content appear on the default page generated by the django.views.defaults.pagenotfound view...
wget -- security flaw in caching credentials passed as a part of the URL
Gynvael Coldwind reports: setfilemetadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information e.g., credentials contained in the UR...
Gitlab -- Multiple vulnerabilities
Gitlab reports: Directory Traversal in Templates API...
strongswan -- Fix Denial-of-Service Vulnerability strongSwan (CVE-2018-10811, CVE-2018-5388)
strongSwan security team reports: A denial-of-service vulnerability in the IKEv2 key derivation was fixed if the openssl plugin is used in FIPS mode and HMAC-MD5 is negotiated as PRF which is not FIPS-compliant. So this should only affect very specific setups, but in such configurations all...
mozilla -- multiple vulnerabilities
The Mozilla Foundation reports: CVE-2018-5146: Out of bounds memory write in libvorbis An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. CVE-2018-5147: Out of bounds memory write in libtremor The libtremor library has the same flaw as...
libraw -- multiple DoS vulnerabilities
Secunia Research reports: CVE-2018-5800: An off-by-one error within the "LibRaw::kodakycbcrloadraw" function internal/dcrawcommon.cpp can be exploited to cause a heap-based buffer overflow and subsequently cause a crash. CVE-2017-5801: An error within the "LibRaw::unpack" function src/librawcxx.c...
asterisk -- Crash in PJSIP resource when missing a contact header
The Asterisk project reports: A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and using the PJSIP channel driver, it would cause Asterisk to crash. The severity of this vulnerability is...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: CVE-2017-7843: Web worker in Private Browsing mode can write IndexedDB data CVE-2017-7844: Visited history information leak through SVG image...
Flash Player -- Remote code execution
Adobe reports: This update resolves a type confusion vulnerability that could lead to remote code execution CVE-2017-11292...
sam2p -- multiple issues
sam2p developers report: In sam2p 0.49.3, a heap-based buffer overflow exists in the pcxLoadImage24 function of the file inpcx.cpp. In sam2p 0.49.3, the inxpmreader function in inxpm.cpp has an integer signedness error, leading to a crash when writing to an out-of-bounds array element. In sam2p...
gdk-pixbuf -- multiple vulnerabilities
TALOS reports: An exploitable integer overflow vulnerability exists in the tiffimageparse functionality. An exploitable heap-overflow vulnerability exists in the gdkpixbufjpegimageloadincrement functionality...
drupal -- Drupal Core - Multiple Vulnerabilities
Drupal Security Team: CVE-2017-6923: Views - Access Bypass - Moderately Critical CVE-2017-6924: REST API can bypass comment approval - Access Bypass - Moderately Critica CVE-2017-6925: Entity access bypass for entities that do not have UUIDs or have protected revisions - Access Bypass - Critical...
subversion -- Arbitrary code execution vulnerability
subversion team reports: A Subversion client sometimes connects to URLs provided by the repository. This happens in two primary cases: during 'checkout', 'export', 'update', and 'switch', when the tree being downloaded contains svn:externals properties; and when using 'svnsync sync' with one URL...
chromium -- multiple vulnerabilities
Google Chrome releases reports: 40 security fixes in this release Please reference CVE/URL list for details...
FreeBSD -- heimdal KDC-REP service name validation vulnerability
Problem Description: There is a programming error in the Heimdal implementation that used an unauthenticated, plain-text version of the KDC-REP service name found in a ticket. Impact: An attacker who has control of the network between a client and the service it talks to will be able to impersona...
irssi -- multiple vulnerabilities
irssi reports: When receiving messages with invalid time stamps, Irssi would try to dereference a NULL pointer. While updating the internal nick list, Irssi may incorrectly use the GHashTable interface and free the nick while updating it. This will then result in use-after-free conditions on each...
exim -- Privilege escalation via multiple memory leaks
Qualsys reports: Exim supports the use of multiple "-p" command line arguments which are malloc'ed and never free'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has...
strongswan -- multiple vulnerabilities
strongSwan security team reports: RSA public keys passed to the gmp plugin aren't validated sufficiently before attempting signature verification, so that invalid input might lead to a floating point exception. CVE-2017-9022 ASN.1 CHOICE types are not correctly handled by the ASN.1 parser when...
BIND -- multiple vulnerabilities
ISC reports: A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other...
xen-tools -- cirrus_bitblt_cputovideo does not check if memory region is safe
The Xen Project reports: In CIRRUSBLTMODEMEMSYSSRC mode the bitblit copy routine cirrusbitbltcputovideo fails to check whether the specified memory region is safe. A malicious guest administrator can cause an out of bounds memory write, very likely exploitable as a privilege escalation...
collectd5 -- Denial of service by sending a signed network packet to a server which is not set up to check signatures
marcinguy reports: After sending this payload, collectd seems to be entering endless while loop in packetparse consuming high CPU resources, possibly crash/gets killed after a while...
libevent -- multiple vulnerabilities
Debian Security reports: CVE-2016-10195: The nameparse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the labellen variable, which triggers an out-of-bounds stack read. CVE-2016-10196: Stack-based buffer overflow in the...