6585 matches found
webkit2-gtk3 -- Denial of service
The WebKitGTK project reports the following vulnerability. Processing maliciously crafted web content may lead to arbitrary code execution or application crash denial of service. Description: A memory corruption issue use-after-free was addressed with improved memory handling...
chromium -- use after free
Google Chrome Releases reports: 1067851 Critical CVE-2020-6457: Use after free in speech recognizer. Reported by Leecraso and Guang Gong of Alpha Lab, Qihoo 360 on 2020-04-04...
ceph14 -- multiple security issues
RedHat reports: ceph: secure mode of msgr2 breaks both confidentiality and integrity aspects for long-lived sessions. ceph: header-splitting in RGW GetObject has a possible XSS...
glpi -- SQL injection for all helpdesk instances
MITRE Corporation reports: In GLPI before version 9.4.6, there is a SQL injection vulnerability for all helpdesk instances. Exploiting this vulnerability requires a technician account. This is fixed in version 9.4.6...
WeeChat -- Multiple vulnerabilities
The WeeChat project reports: Buffer overflow when receiving a malformed IRC message 324 channel mode. CVE-2020-8955 Buffer overflow when a new IRC message 005 is received with longer nick prefixes. Crash when receiving a malformed IRC message 352 WHO...
Gitlab -- Vulnerability
Gitlab reports: Incorrect membership handling of group sharing feature...
PostgresSQL -- ALTER ... DEPENDS ON EXTENSION is missing authorization checks
The PostgreSQL project reports: Versions Affected: 9.6 - 12 The ALTER ... DEPENDS ON EXTENSION sub-commands do not perform authorization checks, which can allow an unprivileged user to drop any function, procedure, materialized view, index, or trigger under certain conditions. This attack is...
NPM -- Multiple vulnerabilities
NPM reports: Global nodemodules Binary Overwrite Symlink reference outside of nodemodules Arbitrary File Write...
Django -- multiple vulnerabilities
Django release reports: CVE-2019-19118: Privilege escalation in the Django admin. Since Django 2.1, a Django model admin displaying a parent model with related model inlines, where the user has view-only permissions to a parent model but edit permissions to the inline model, would display a...
security/py-ecdsa -- multiple issues
py-ecdsa developers report: Fix CVE-2019-14853 - possible DoS caused by malformed signature decoding. Fix CVE-2019-14859 - signature malleability caused by insufficient checks of DER encoding...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Insecure Authentication Methods Disabled for Grafana By Default Multiple Command-Line Flag Injection Vulnerabilities Insecure Cookie Handling on GitLab Pages...
Nokogiri -- injection vulnerability
Nokogiri GitHub release: A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess by Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizerloadfile is being passed untrusted user input...
glpi -- Account takeover vulnerability
MITRE Corporation reports: GLPI through 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletion feature. The lack of correct validation leads to recovery of the token generated via the password reset functionality, and thus an authenticated attacker can set an...
py39-sqlalchemy12 -- multiple SQL Injection vulnerabilities
21k reports: SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the orderby parameter. nosecurity reports: SQLAlchemy 1.2.17 has SQL Injection when the groupby parameter can be controlled...
phpMyAdmin -- File disclosure and SQL injection
The phpMyAdmin development team reports: Summary Arbitrary file read vulnerability Description When AllowArbitraryServer configuration set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. phpMyadmin attempts to block...
Django -- Content spoofing possibility in the default 404 page
Django security releases issued reports: An attacker could craft a malicious URL that could make spoofed content appear on the default page generated by the django.views.defaults.pagenotfound view...
wget -- security flaw in caching credentials passed as a part of the URL
Gynvael Coldwind reports: setfilemetadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information e.g., credentials contained in the UR...
Gitlab -- Multiple vulnerabilities
Gitlab reports: Directory Traversal in Templates API...
strongswan -- Fix Denial-of-Service Vulnerability strongSwan (CVE-2018-10811, CVE-2018-5388)
strongSwan security team reports: A denial-of-service vulnerability in the IKEv2 key derivation was fixed if the openssl plugin is used in FIPS mode and HMAC-MD5 is negotiated as PRF which is not FIPS-compliant. So this should only affect very specific setups, but in such configurations all...
mozilla -- multiple vulnerabilities
The Mozilla Foundation reports: CVE-2018-5146: Out of bounds memory write in libvorbis An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. CVE-2018-5147: Out of bounds memory write in libtremor The libtremor library has the same flaw as...
libraw -- multiple DoS vulnerabilities
Secunia Research reports: CVE-2018-5800: An off-by-one error within the "LibRaw::kodakycbcrloadraw" function internal/dcrawcommon.cpp can be exploited to cause a heap-based buffer overflow and subsequently cause a crash. CVE-2017-5801: An error within the "LibRaw::unpack" function src/librawcxx.c...
asterisk -- Crash in PJSIP resource when missing a contact header
The Asterisk project reports: A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and using the PJSIP channel driver, it would cause Asterisk to crash. The severity of this vulnerability is...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: CVE-2017-7843: Web worker in Private Browsing mode can write IndexedDB data CVE-2017-7844: Visited history information leak through SVG image...
Flash Player -- Remote code execution
Adobe reports: This update resolves a type confusion vulnerability that could lead to remote code execution CVE-2017-11292...
sam2p -- multiple issues
sam2p developers report: In sam2p 0.49.3, a heap-based buffer overflow exists in the pcxLoadImage24 function of the file inpcx.cpp. In sam2p 0.49.3, the inxpmreader function in inxpm.cpp has an integer signedness error, leading to a crash when writing to an out-of-bounds array element. In sam2p...
gdk-pixbuf -- multiple vulnerabilities
TALOS reports: An exploitable integer overflow vulnerability exists in the tiffimageparse functionality. An exploitable heap-overflow vulnerability exists in the gdkpixbufjpegimageloadincrement functionality...
drupal -- Drupal Core - Multiple Vulnerabilities
Drupal Security Team: CVE-2017-6923: Views - Access Bypass - Moderately Critical CVE-2017-6924: REST API can bypass comment approval - Access Bypass - Moderately Critica CVE-2017-6925: Entity access bypass for entities that do not have UUIDs or have protected revisions - Access Bypass - Critical...
subversion -- Arbitrary code execution vulnerability
subversion team reports: A Subversion client sometimes connects to URLs provided by the repository. This happens in two primary cases: during 'checkout', 'export', 'update', and 'switch', when the tree being downloaded contains svn:externals properties; and when using 'svnsync sync' with one URL...
chromium -- multiple vulnerabilities
Google Chrome releases reports: 40 security fixes in this release Please reference CVE/URL list for details...
FreeBSD -- heimdal KDC-REP service name validation vulnerability
Problem Description: There is a programming error in the Heimdal implementation that used an unauthenticated, plain-text version of the KDC-REP service name found in a ticket. Impact: An attacker who has control of the network between a client and the service it talks to will be able to impersona...
irssi -- multiple vulnerabilities
irssi reports: When receiving messages with invalid time stamps, Irssi would try to dereference a NULL pointer. While updating the internal nick list, Irssi may incorrectly use the GHashTable interface and free the nick while updating it. This will then result in use-after-free conditions on each...
exim -- Privilege escalation via multiple memory leaks
Qualsys reports: Exim supports the use of multiple "-p" command line arguments which are malloc'ed and never free'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has...
python -- possible integer overflow vulnerability
Python issue: There is a possible integer overflow in PyStringDecodeEscape function of the file stringobject.c, which can be abused to gain a heap overflow, possibly leading to arbitrary code execution...
strongswan -- multiple vulnerabilities
strongSwan security team reports: RSA public keys passed to the gmp plugin aren't validated sufficiently before attempting signature verification, so that invalid input might lead to a floating point exception. CVE-2017-9022 ASN.1 CHOICE types are not correctly handled by the ASN.1 parser when...
BIND -- multiple vulnerabilities
ISC reports: A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other...
xen-tools -- cirrus_bitblt_cputovideo does not check if memory region is safe
The Xen Project reports: In CIRRUSBLTMODEMEMSYSSRC mode the bitblit copy routine cirrusbitbltcputovideo fails to check whether the specified memory region is safe. A malicious guest administrator can cause an out of bounds memory write, very likely exploitable as a privilege escalation...
libevent -- multiple vulnerabilities
Debian Security reports: CVE-2016-10195: The nameparse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the labellen variable, which triggers an out-of-bounds stack read. CVE-2016-10196: Stack-based buffer overflow in the...
PuTTY -- integer overflow permits memory overwrite by forwarded ssh-agent connections
Simon G. Tatham reports: Many versions of PuTTY prior to 0.68 have a heap-corrupting integer overflow bug in the sshagentchanneldata function which processes messages sent by remote SSH clients to a forwarded agent connection. ... This bug is only exploitable at all if you have enabled SSH agent...
FreeBSD -- link_ntoa(3) buffer overflow
Problem Description: A specially crafted argument can trigger a static buffer overflow in the library, with possibility to rewrite following static buffers that belong to other library functions. Impact: Due to very limited use of the function in the existing applications, and limited length of t...
wget -- Access List Bypass / Race Condition
Dawid Golunski reports: GNU wget in version 1.17 and earlier, when used in mirroring/recursive mode, is affected by a Race Condition vulnerability that might allow remote attackers to bypass intended wget access list restrictions specified with -A parameter...
wireshark -- multiple vulnerabilities
Wireshark project reports: Wireshark project is releasing Wireshark 2.2.2, which addresses: wnpa-sec-2016-58: Profinet I/O long loop - CVE-2016-9372 wnpa-sec-2016-59: AllJoyn crash - CVE-2016-9374 wnpa-sec-2016-60: OpenFlow crash - CVE-2016-9376 wnpa-sec-2016-61: DCERPC crash - CVE-2016-9373...
py-cryptography -- vulnerable HKDF key generation
Alex Gaynor reports: Fixed a bug where HKDF would return an empty byte-string if used with a length less than algorithm.digestsize...
node.js -- ares_create_query single byte out of buffer write
Node.js has released new versions containing the following security fix: The following releases all contain fixes for CVE-2016-5180 "arescreatequery single byte out of buffer write": Node.js v0.10.48 Maintenance, Node.js v0.12.17 Maintenance, Node.js v4.6.1 LTS "Argon" While this is not a critica...
xen-kernel -- x86 HVM: Overflow of sh_ctxt->seg_reg[]
The Xen Project reports: x86 HVM guests running with shadow paging use a subset of the x86 emulator to handle the guest writing to its own pagetables. There are situations a guest can provoke which result in exceeding the space allocated for internal state. A malicious HVM guest administrator can...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 10 security fixes in this release, including: 629542 High CVE-2016-5141 Address bar spoofing. Credit to anonymous 626948 High CVE-2016-5142 Use-after-free in Blink. Credit to anonymous 625541 High CVE-2016-5139 Heap overflow in pdfium. Credit to GiWan Go of Stealie...
Apache OpenOffice 4.1.2 -- Memory Corruption Vulnerability (Impress Presentations)
The Apache OpenOffice Project reports: An OpenDocument Presentation .ODP or Presentation Template .OTP file can contain invalid presentation elements that lead to memory corruption when the document is loaded in Apache OpenOffice Impress. The defect may cause the document to appear as corrupted a...
NSS -- multiple vulnerabilities
Mozilla Foundation reports: Mozilla has updated the version of Network Security Services NSS library used in Firefox to NSS 3.23. This addresses four moderate rated networking security issues reported by Mozilla engineers Tyson Smith and Jed Davis...
ikiwiki -- XSS vulnerability
Mitre reports: Cross-site scripting XSS vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message...
Bugzilla security issues
Bugzilla Security Advisory A specially crafted bug summary could trigger XSS in dependency graphs. Due to an incorrect parsing of the image map generated by the dot script, a specially crafted bug summary could trigger XSS in dependency graphs...
flash -- multiple vulnerabilities
Adobe reports: These updates resolve a type confusion vulnerability that could lead to code execution CVE-2016-0985. These updates resolve use-after-free vulnerabilities that could lead to code execution CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984. The...