6585 matches found
coppermine -- IP spoofing and XSS vulnerability
GHC team reports about coppermine The lack of sanitizing of user defined variables may result in undesirable consequences such as IP spoofing or XSS attack. Generally users of Coppermine Gallery can post comments. Remote address & x-forwarded-for variables are logged for admin's eyes...
gaim -- AIM/ICQ remote denial of service vulnerability
The GAIM team reports that GAIM is vulnerable to a denial-of-service vulnerability which can cause GAIM to freeze: Certain malformed SNAC packets sent by other AIM or ICQ users can trigger an infinite loop in Gaim when parsing the SNAC. The remote user would need a custom client, able to generate...
gnupg -- OpenPGP symmetric encryption vulnerability
Serge Mister and Robert Zuccherato reports that the OpenPGP protocol is vulnerable to a cryptographic attack when using symmetric encryption in an automated way. David Shaw reports about the impact: This attack, while very significant from a cryptographic point of view, is not generally effective...
squid -- correct handling of oversized HTTP reply headers
The squid patches page notes: This patch addresses a HTTP protocol mismatch related to oversized reply headers. In addition it enhances the cache.log reporting on reply header parsing failures to make it easier to track down which sites are malfunctioning. It is believed that this bug may lead to...
squid -- buffer overflow in WCCP recvfrom() call
According to the Squid Proxy Cache Security Update Advisory SQUID-2005:3, The WCCP recvfrom call accepts more data than will fit in the allocated buffer. An attacker may send a larger-than-normal WCCP message to Squid and overflow this buffer. Severity: The bug is important because it allows remo...
p5-DBI -- insecure temporary file creation vulnerability
Javier Fernández-Sanguino Peña reports: The DBI library, the Perl5 database interface, creates a temporary PID file in an insecure manner. This can be exploited by a malicious user to overwrite arbitrary files owned by the person executing the parts of the library...
groff -- pic2graph and eqn2graph are vulnerable to symlink attack through temporary files
The eqn2graph and pic2graph scripts in groff 1.18.1 allow local users to overwrite arbitrary files via a symlink attack on temporary files...
pcal -- buffer overflow vulnerabilities
Danny Lungstrom has found two buffer overflow vulnerabilities in pcal which can lead to execution of arbitrary code by making a user run pcal on a specially crafted calendar file...
phpmyadmin -- file disclosure vulnerability
A phpMyAdmin security announcement reports: File disclosure: on systems where the UploadDir mecanism is active, readdump.php can be called with a crafted form; using the fact that the sqllocalfile variable is not sanitized can lead to a file disclosure. Enabling PHP safe mode on the server can be...
fcron -- multiple vulnerabilities
An iDEFENSE Security Advisory states: Multiple vulnerabilities have been found in Fcron. File contents disclosure Configuration Bypass Vulnerability File Removal and Empty File Creation Vulnerability Information Disclosure Vulnerability...
zgv -- exploitable heap overflows
infamous41md reports: zgv uses malloc frequently to allocate memory for storing image data. When calculating how much to allocate, user supplied data from image headers is multiplied and/or added without any checks for arithmetic overflows. We can overflow numerous calculations, and cause small...
apache mod_include buffer overflow vulnerability
There is a buffer overflow in a function used by modinclude that may enable a local user to gain privileges of a httpd child. Only users that are able to create SSI documents can take advantage of that vulnerability...
unarj -- directory traversal vulnerability
unarj has insufficient checks for filenames that contain ... This can allow an attacker to overwrite arbitrary files with the permissions of the user running unarj...
gaim -- malicious smiley themes
The Gaim Security Issues page documents a problem with installing smiley themes from an untrusted source: To install a new smiley theme, a user can drag a tarball from a graphical file manager, or a hypertext link to one from a web browser. When a tarball is dragged, Gaim executes a shell command...
mozilla -- NULL bytes in FTP URLs
When handling FTP URLs containing NULL bytes, Mozilla will interpret the file content as HTML. This may allow unexpected execution of Javascript when viewing plain text or other file types via FTP...
Pavuk HTTP Location header overflow
When pavuk sends a request to a web server and the server sends back the HTTP status code 305 Use Proxy, pavuk copies data from the HTTP Location header in an unsafe manner. This leads to a stack-based buffer overflow with control over EIP...
gnats -- format string vulnerability
Gnats suffers from a format string bug, which may enable an attacker to execute arbitary code...
Gallery 1.4.3 and ealier user authentication bypass
A flaw exists in Gallery versions previous to 1.4.3-pl1 and post 1.2 which may give an attacker the potential to log in under the "admin" account. Data outside of the gallery is unaffected and the attacker cannot modify any data other than the photos or photo albums...
"Content-Type" XSS vulnerability affecting other webmail systems
Roman Medina-Heigl Hernandez did a survey which other webmail systems where vulnerable to a bug he discovered in SquirrelMail. This advisory summarizes the results...
exim buffer overflow when verify = header_syntax is used
A remote exploitable buffer overflow has been discovered in exim when verify = headersyntax is used in the configuration file. This does not affect the default configuration...
racoon security association deletion vulnerability
A remote attacker may use specially crafted IKE/ISAKMP messages to cause racoon to delete security associations. This could result in denial-of-service or possibly cause sensitive traffic to be transmitted in plaintext, depending upon configuration...
Buffer overflow in pam_smb password handling
Applications utilizing pamsmb can be compromised by any user who can enter a password. In many cases, this is a remote root compromise...
ProFTPD ASCII translation bug resulting in remote root compromise
A buffer overflow exists in the ProFTPD code that handles translation of newline characters during ASCII-mode file uploads. An attacker may exploit this buffer overflow by uploading a specially crafted file, resulting in code execution and ultimately a remote root compromise...
ecartis buffer overflows and input validation bugs
Timo Sirainen reports multiple buffer overflows that may be triggered while parsing messages, as well as input validation errors that could result in disclosure of mailing list passwords. These bugs were resolved in the August 2003 snapshot of ecartis...
cscope -- symlink attack vulnerability
cscope is vulnerable to a symlink attack which could lead to an attacker overwriting arbitrary files with the permissions of the user running cscope...
mailman XSS in user options page
From the 2.1.1 release notes: Closed a cross-site scripting vulnerability in the user options page...
icecast 1.x multiple vulnerabilities
icecast 1.3.11 and earlier contained numerous security vulnerabilities, the most severe allowing a remote attacker to execute arbitrary code as root...
jenkins -- Denial of service vulnerability in bundled json-lib
Jenkins Security Advisory: Description High SECURITY-3463 / CVE-2024-47855 Denial of service vulnerability in bundled json-lib...
qt5-webengine -- Multiple vulnerabilities
Backports for 6 security bugs in Chromium: CVE-2024-5496: Use after free in Media Session CVE-2024-5846: Use after free in PDFium CVE-2024-6291: Use after free in Swiftshader CVE-2024-6989: Use after free in Loader CVE-2024-6996: Race in Frames CVE-2024-7536: Use after free in WebAudio...
GLPI -- multiple vulnerabilities
GLPI team reports: GLPI 10.0.16 Changelog SECURITY - high Account takeover via SQL Injection in AJAX scripts CVE-2024-37148 SECURITY - high Remote code execution through the plugin loader CVE-2024-37149 SECURITY - moderate Authenticated file upload to restricted tickets CVE-2024-37147...
qt5-webengine -- Multiple vulnerabilities
Backports for 5 security bugs in Chromium: CVE-2024-3837: Use after free in QUIC CVE-2024-3839: Out of bounds read in Fonts CVE-2024-3914: Use after free in V8 CVE-2024-4058: Type confusion in ANGLE CVE-2024-4558: Use after free in ANGLE...
R -- arbitrary code execution vulnerability
HiddenLayer Research reports: Deserialization of untrusted data can occur in the R statistical programming language, enabling a maliciously crafted RDS R Data Serialization formatted file or R package to run arbitrary code on an end user's system...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 3 security fixes: 331237485 High CVE-2024-3157: Out of bounds write in Compositing. Reported by DarkNavy on 2024-03-26 328859176 High CVE-2024-3516: Heap buffer overflow in ANGLE. Reported by Bao zx Pham and Toan suto Pham of Qrious Secure on 2024-03-...
OpenSSL -- Unbounded memory growth with session handling in TLSv1.3
The OpenSSL project reports: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions...
Gitlab -- Vulnerabilities
Gitlab reports: Bypassing CODEOWNERS approval allowing to steal protected variables Guest with manage group access tokens can rotate and see group access token with owner permissions...
electron27 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2024-1283. Security: backported fix for CVE-2024-1284...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 12 security fixes: 41495060 High CVE-2024-1669: Out of bounds memory access in Blink. Reported by Anonymous on 2024-01-26 41481374 High CVE-2024-1670: Use after free in Mojo. Reported by Cassidy Kim@cassidy6564 on 2023-12-06 41487933 Medium...
electron{25,26} -- use after free in WebAudio
Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2023-5996...
postgresql-server -- Role pg_cancel_backend can signal certain superuser processes
PostgreSQL Project reports: Documentation says the pgcancelbackend role cannot signal "a backend owned by a superuser". On the contrary, it can signal background workers, including the logical replication launcher. It can signal autovacuum workers and the autovacuum launcher. Signaling autovacuum...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update includes 20 security fixes: 1487110 Critical CVE-2023-5218: Use after free in Site Isolation. Reported by @18楼梦想改造家 on 2023-09-27 1062251 Medium CVE-2023-5487: Inappropriate implementation in Fullscreen. Reported by Anonymous on 2020-03-17 1414936 Medium...
FreeBSD -- arm64 boot CPUs may lack speculative execution protections
Problem Description: On CPU 0 the check for the SMCCC workaround is called before SMCCC support has been initialized. Impact: No speculative execution workarounds are installed on CPU 0...
mediawiki -- multiple vulnerabilities
Mediawikwi reports: T264765, CVE-2023-PENDING SECURITY: Users without correct permission are incorrectly shown MediaWiki:Missing-revision-permission. T333050, CVE-2023-PENDING SECURITY: Fix infinite loop for self-redirects with variants conversion. T340217, CVE-2023-PENDING SECURITY: Vector 2022:...
Django -- multiple vulnerabilities
Django reports: CVE-2023-41164: Potential denial of service vulnerability in django.utils.encoding.uritoiri...
clamav -- Possible denial of service vulnerability in the AutoIt file parser
The ClamAV project reports: There is a possible denial of service vulnerability in the AutoIt file parser...
Grafana -- Grafana DS proxy race condition
Grafana Labs reports: We have discovered a vulnerability with Grafana’s data source query endpoints that could end up crashing a Grafana instance. If you have public dashboards PD enabled, we are scoring this as a CVSS 7.5 High. If you have disabled PD, this vulnerability is still a risk, but...
xorg-server -- Security issue in the X server
The X.org project reports: CVE-2023-0494/ZDI-CAN-19596: X.Org Server DeepCopyPointerClasses use-after-free A dangling pointer in DeepCopyPointerClasses can be exploited by ProcXkbSetDeviceInfo and ProcXkbGetDeviceInfo to read/write into freed memory...
libde256 -- multiple vulnerabilities
Libde265 developer reports: This release fixes the known CVEs below. Many of them are actually caused by the same underlying issues that manifest in different ways...
git -- gitattributes parsing integer overflow
git team reports: gitattributes are used to define unique attributes corresponding to paths in your repository. These attributes are defined by .gitattributes files within your repository. The parser used to read these files has multiple integer overflows, which can occur when parsing either a...
freerdp -- multiple vulnerabilities
FreeRDP reports: GHSA-5w4j-mrrh-jjrm: Out of bound read in zgfx decoder. GHSA-99cm-4gw7-c8jh: Undefined behaviour in zgfx decoder. GHSA-387j-8j96-7q35: Division by zero in urbdrc channel. GHSA-mvxm-wfj2-5fvh: Missing length validation in urbdrc channel. GHSA-qfq2-82qr-7f4j: Heap buffer overflow i...
routinator -- multiple vulnerabilities
NLnet Labs report: This release fixes two issues in Routinator that can be exploited remotely by rogue RPKI CAs and repositories. We therefore advise all users of Routinator to upgrade to this release at their earliest convenience. The first issue, CVE-2022-39915, can lead to Routinator crashing...