6585 matches found
chromium -- security fix
Chrome Releases reports: This update includes 1 security fix: 1513170 High CVE-2023-7024: Heap buffer overflow in WebRTC. Reported by Clément Lecigne and Vlad Stolyarov of Google's Threat Analysis Group on 2023-12-19...
Django -- multiple vulnerabilities
Django reports: CVE-2023-43665: Denial-of-service possibility in django.utils.text.Truncator...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update includes 10 security fixes: 1486441 High CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx. Reported by Clément Lecigne of Google's Threat Analysis Group on 2023-09-25 1478889 High CVE-2023-5186: Use after free in Passwords. Reported by pwn2car on...
Python -- multiple vulnerabilities
Python reports: gh-108310: Fixed an issue where instances of ssl.SSLSocket were vulnerable to a bypass of the TLS handshake and included protections like certificate verification and treating sent unencrypted data as if it were post-handshake TLS encrypted data...
rack -- possible DoS vulnerability in multipart MIME parsing
Aaron Patterson reports: The Multipart MIME parsing code in Rack limits the number of file parts, but does not limit the total number of parts that can be uploaded. Carefully crafted requests can abuse this and cause multipart parsing to take longer than expected...
Django -- multiple vulnerabilities
Django reports: CVE-2023-24580: Potential denial-of-service vulnerability in file uploads...
Django -- multiple vulnerabilities
Django reports: CVE-2023-23969: Potential denial-of-service via Accept-Language headers...
libXpm -- Issues handling XPM files
The X.Org project reports: CVE-2022-46285: Infinite loop on unclosed comments When reading XPM images from a file with libXpm 3.5.14 or older, if a comment in the file is not closed i.e. a C-style comment starts with "/" and is missing the closing "/", the ParseComment function will loop forever...
net/krill -- DoS vulnerability
MITRE reports: NLnet Labs Krill supports direct access to the RRDP repository content through its built-in web server at the "/rrdp" endpoint. Prior to 0.12.1 a direct query for any existing directory under "/rrdp/", rather than an RRDP file such as "/rrdp/notification.xml" as would be expected,...
freerdp -- multiple vulnerabilities
FreeRDP reports: GHSA-5w4j-mrrh-jjrm: Out of bound read in zgfx decoder. GHSA-99cm-4gw7-c8jh: Undefined behaviour in zgfx decoder. GHSA-387j-8j96-7q35: Division by zero in urbdrc channel. GHSA-mvxm-wfj2-5fvh: Missing length validation in urbdrc channel. GHSA-qfq2-82qr-7f4j: Heap buffer overflow i...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 8 security fixes, including: 1383991 High CVE-2022-4436: Use after free in Blink Media. Reported by Anonymous on 2022-11-15 1394692 High CVE-2022-4437: Use after free in Mojo IPC. Reported by koocola@alocook and Guang Gong of 360 Vulnerability Resear...
routinator -- multiple vulnerabilities
NLnet Labs report: This release fixes two issues in Routinator that can be exploited remotely by rogue RPKI CAs and repositories. We therefore advise all users of Routinator to upgrade to this release at their earliest convenience. The first issue, CVE-2022-39915, can lead to Routinator crashing...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: DAST API scanner exposes Authorization headers in vulnerabilities Group IP allow-list not fully respected by the Package Registry Deploy keys and tokens may bypass External Authorization service if it is enabled Repository import still allows to import 40 hexadecimal branches...
FreeBSD -- Stack overflow in ping(8)
Problem Description: ping reads raw IP packets from the network to process responses in the prpack function. As part of processing a response ping has to reconstruct the IP header, the ICMP header and if present a "quoted packet," which represents the packet that generated an ICMP error. The quot...
go -- multiple vulnerabilities
The Go project reports: archive/tar: unbounded memory consumption when reading headers Reader.Read did not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics...
Unbound -- Multiple vulnerabilities
NLnet Labs reports: novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation...
Grafana -- Plugin signature bypass
Grafana Labs reports: On July 4th as a result of an internal security audit we have discovered a bypass in the plugin signature verification by exploiting a versioning flaw. We believe that this vulnerability is rated at CVSS 6.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L...
py-matrix-synapse -- unbounded recursion in urlpreview
Matrix developers report: This release fixes a vulnerability with Synapse's URL preview feature. URL previews of some web pages can lead to unbounded recursion, causing the request to either fail, or in some cases crash the running Synapse process. Note that: Homeservers with the urlpreviewenable...
py-cinder -- data leak
Duncan Thomas reports: The 1 GlusterFS and 2 Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header...
go -- multiple vulnerabilities
The Go project reports: encoding/pem: fix stack overflow in Decode. A large more than 5 MB PEM input can cause a stack overflow in Decode, leading the program to crash. crypto/elliptic: tolerate all oversized scalars in generic P-256. A crafted scalar input longer than 32 bytes can cause...
e2fsprogs -- out-of-bounds read/write vulnerability
Nils Bars reports: During the processing of a specially fuzzed disk image, an out-of-bounds write is triggered and causes a segmentation fault SIGSEGV...
zsh -- Arbitrary command execution vulnerability
Marc Cornellà reports: Some prompt expansion sequences, such as %F, support 'arguments' which are themselves expanded in case they contain colour values, etc. This additional expansion would trigger PROMPTSUBST evaluation, if enabled. This could be abused to execute code the user didn't expect...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 27 security fixes, including: 1284584 High CVE-2022-0452: Use after free in Safe Browsing. Reported by avaue at S.S.L. on 2022-01-05 1284916 High CVE-2022-0453: Use after free in Reader Mode. Reported by Rong Jian of VRI on 2022-01-06 1287962 High...
mustache - Possible Remote Code Execution
huntr.dev reports: In Mustache.php v2.0.0 through v2.14.0, Sections tag can lead to arbitrary php code execution even if strictcallables is true when section value is controllable...
go -- multiple vulnerabilities
The Go project reports: net/http: limit growth of header canonicalization cache. An attacker can cause unbounded memory growth in a Go server accepting HTTP/2 requests. syscall: don’t close fd 0 on ForkExec error. When a Go program running on a Unix system is out of file descriptors and calls...
puppet -- Silent Configuration Failure
Puppet reports: A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first pluginsync...
Node.js -- July 2021 Security Releases (2)
Node.js reports: Use after free on close http2 on stream canceling High CVE-2021-22930 Node.js is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior...
mediawiki -- multiple vulnerabilities
Mediawiki reports: T285515, CVE-2021-41798 SECURITY: XSS vulnerability in Special:Search. T290379, CVE-2021-41799 SECURITY: ApiQueryBacklinks can cause a full table scan. T284419, CVE-2021-41800 SECURITY: fix PoolCounter protection of Special:Contributions. T279090, CVE-2021-41801 SECURITY:...
lasso -- signature checking failure
entrouvert reports: When AuthnResponse messages are not signed which is permitted by the specifiation, all assertion's signatures should be checked, but currently after the first signed assertion is checked all following assertions are accepted without checking their signature, and the last one i...
FreeBSD -- Memory disclosure by stale virtual memory mapping
Problem Description: A particular case of memory sharing is mishandled in the virtual memory system. It is possible and legal to establish a relationship where multiple descendant processes share a mapping which shadows memory of an ancestor process. In this scenario, when one process modifies...
glpi -- Any CalDAV calendars is read-only for every authenticated user
MITRE Corporation reports: In GLPI before version 9.5.3, any authenticated user has read-only permissions to the planning of every other user, even admin ones. This issue is fixed in version 9.5.3. As a workaround, one can remove the caldav.php file to block access to CalDAV server...
mantis -- multiple vulnerabilities
Mantis 2.24.3 release reports: This release fixes 3 security issues: 0027039: CVE-2020-25781: Access to private bug note attachments 0027275: CVE-2020-25288: HTML Injection on bugupdatepage.php 0027304: CVE-2020-25830: HTML Injection in bugactiongrouppage.php...
textproc/elasticsearch6 -- field disclosure flaw
Elastic reports: A field disclosure flaw was found in Elasticsearch when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attacker...
chrony <= 3.5.1 data corruption through symlink vulnerability writing the pidfile
Miroslav Lichvar reports: chrony-3.5.1 ... fixes a security issue in writing of the pidfile. When chronyd is configured to save the pidfile in a directory where the chrony user has write permissions e.g. /var/run/chrony - the default since chrony-3.4, an attacker that compromised the chrony user...
libX11 -- Heap corruption in the X input method client in libX11
The X.org project reports: The X Input Method XIM client implementation in libX11 has some integer overflows and signed/unsigned comparison issues that can lead to heap corruption when handling malformed messages from an input method...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Workhorse bypass allows files in /tmp to be read via Maven Repository APIs...
chromium -- use after free
Google Chrome Releases reports: 1067851 Critical CVE-2020-6457: Use after free in speech recognizer. Reported by Leecraso and Guang Gong of Alpha Lab, Qihoo 360 on 2020-04-04...
glpi -- SQL injection for all helpdesk instances
MITRE Corporation reports: In GLPI before version 9.4.6, there is a SQL injection vulnerability for all helpdesk instances. Exploiting this vulnerability requires a technician account. This is fixed in version 9.4.6...
WeeChat -- Multiple vulnerabilities
The WeeChat project reports: Buffer overflow when receiving a malformed IRC message 324 channel mode. CVE-2020-8955 Buffer overflow when a new IRC message 005 is received with longer nick prefixes. Crash when receiving a malformed IRC message 352 WHO...
PostgresSQL -- ALTER ... DEPENDS ON EXTENSION is missing authorization checks
The PostgreSQL project reports: Versions Affected: 9.6 - 12 The ALTER ... DEPENDS ON EXTENSION sub-commands do not perform authorization checks, which can allow an unprivileged user to drop any function, procedure, materialized view, index, or trigger under certain conditions. This attack is...
Gitlab -- Vulnerability
Gitlab reports: Incorrect membership handling of group sharing feature...
NPM -- Multiple vulnerabilities
NPM reports: Global nodemodules Binary Overwrite Symlink reference outside of nodemodules Arbitrary File Write...
security/py-ecdsa -- multiple issues
py-ecdsa developers report: Fix CVE-2019-14853 - possible DoS caused by malformed signature decoding. Fix CVE-2019-14859 - signature malleability caused by insufficient checks of DER encoding...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Insecure Authentication Methods Disabled for Grafana By Default Multiple Command-Line Flag Injection Vulnerabilities Insecure Cookie Handling on GitLab Pages...
Nokogiri -- injection vulnerability
Nokogiri GitHub release: A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess by Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizerloadfile is being passed untrusted user input...
glpi -- Account takeover vulnerability
MITRE Corporation reports: GLPI through 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletion feature. The lack of correct validation leads to recovery of the token generated via the password reset functionality, and thus an authenticated attacker can set an...
py39-sqlalchemy12 -- multiple SQL Injection vulnerabilities
21k reports: SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the orderby parameter. nosecurity reports: SQLAlchemy 1.2.17 has SQL Injection when the groupby parameter can be controlled...
phpMyAdmin -- File disclosure and SQL injection
The phpMyAdmin development team reports: Summary Arbitrary file read vulnerability Description When AllowArbitraryServer configuration set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. phpMyadmin attempts to block...
Django -- Content spoofing possibility in the default 404 page
Django security releases issued reports: An attacker could craft a malicious URL that could make spoofed content appear on the default page generated by the django.views.defaults.pagenotfound view...
wget -- security flaw in caching credentials passed as a part of the URL
Gynvael Coldwind reports: setfilemetadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information e.g., credentials contained in the UR...