6585 matches found
routinator -- multiple vulnerabilities
NLnet Labs report: This release fixes two issues in Routinator that can be exploited remotely by rogue RPKI CAs and repositories. We therefore advise all users of Routinator to upgrade to this release at their earliest convenience. The first issue, CVE-2022-39915, can lead to Routinator crashing...
emacs -- multiple vulnerabilities
Xi Lu reports: CVE-2022-48337 GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u ...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: DAST API scanner exposes Authorization headers in vulnerabilities Group IP allow-list not fully respected by the Package Registry Deploy keys and tokens may bypass External Authorization service if it is enabled Repository import still allows to import 40 hexadecimal branches...
tailscale -- Security vulnerability in the client
Tailscale team reports: A vulnerability identified in the Tailscale client allows a malicious website to access the peer API, which can then be used to access Tailscale environment variables...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 3 security fixes, including: 1366813 High CVE-2022-3370: Use after free in Custom Elements. Reported by Aviv A. on 2022-09-22 1366399 High CVE-2022-3373: Out of bounds write in V8. Reported by Tibor Klajnscek on 2022-09-21...
Gitlab -- multiple vulnerabilities
Gitlab reports: Revoke access to confidential notes todos Pipeline subscriptions trigger new pipelines with the wrong author Ability to gain access to private project through an email invite by using other user's email address as an unverified secondary email Import via git protocol allows to...
Subversion -- Multiple vulnerabilities in server code
Subversion project reports: Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization authz rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also...
e2fsprogs -- out-of-bounds read/write vulnerability
Nils Bars reports: During the processing of a specially fuzzed disk image, an out-of-bounds write is triggered and causes a segmentation fault SIGSEGV...
Django -- multiple vulnerabilities
Django Release reports: CVE-2021-45115: Denial-of-service possibility in UserAttributeSimilarityValidator. CVE-2021-45116: Potential information disclosure in dictsort template filter. CVE-2021-45452: Potential directory-traversal via Storage.save...
OpenSSL -- Certificate validation issue
The OpenSSL project reports: Invalid handling of X509verifycert internal errors in libssl Moderate Internally libssl in OpenSSL calls X509verifycert on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error for...
py39-celery -- command injection vulnerability
Snyk reports: This affects the package celery before 5.2.2. It by default trusts the messages and metadata stored in backends result stores. When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within ...
routinator -- multiple vulnerabilities
nlnetlabs reports: Release 0.10.2 contains fixes for the following issues: Medium CVE-2021-43172: Infinite length chain of RRDP repositories. Credit: Koen van Hove. Date: 2021-11-09 Medium CVE-2021-43173: Hanging RRDP request. Credit: Koen van Hove. Date: 2021-11-09 Medium CVE-2021-43174: gzip...
py-matrix-synapse -- several vulnerabilities
Matrix developers report: This release patches two moderate severity issues which could reveal metadata about private rooms: CVE-2021-39164: Enumerating a private room's list of members and their display names. CVE-2021-39163: Disclosing a private room's name, avatar, topic, and number of members...
Gitlab -- Gitlab
Gitlab reports: Stored XSS in Mermaid when viewing Markdown files Stored XSS in default branch name Perform Git actions with an impersonation token even if impersonation is disabled Tag and branch name confusion allows Developer to access protected CI variables New subscriptions generate OAuth...
Ansible -- Templating engine bug
Ansible developers report: Templating engine fix for not preserving usnafe status when trying to preserve newlines...
OpenDMARC - Remote denial of service
OpenDMARC 1.4.1 and 1.4.1.1 will dereference a NULL pointer when encountering a multi-value From: header field. A remote attacker can send a specially crafted message resulting in a denial of service...
Apache OpenOffice -- multiple vulnerabilities.
The Apache Openoffice project reports: Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A careful...
asterisk -- Remote Crash Vulnerability in PJSIP channel driver
The Asterisk project reports: When Asterisk receives a re-INVITE without SDP after having sent a BYE request a crash will occur. This occurs due to the Asterisk channel no longer being present while code assumes it is...
aiohttp -- open redirect vulnerability
Sviatoslav Sydorenko reports: Open redirect vulnerability — a maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a bug in the aiohttp.webmiddlewares.normalizepathmiddleware middleware...
moinmoin -- multiple vulnerabilities
MoinMoin reports: Security fix for CVE-2020-25074: fix remote code execution via cache action Security fix for CVE-2020-15275: fix malicious SVG attachment causing stored XSS vulnerability...
Rails -- Possible XSS vulnerability
Ruby on Rails blog: Rails version 6.0.3.4 has been released! This version is a security release and addresses one possible XSS attack vector in Actionable Exceptions...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update includes 2 security fixes, including: 1092308 High CVE-2020-6509: Use after free in extensions. Reported by Anonymous on 2020-06-08...
libjpeg-turbo -- Issue in the PPM reader causing a buffer overrun in cjpeg, TJBench, or the tjLoadImage() function.
libjpeg-turbo releases reports: This release fixes the following security issue: Heap-based buffer over-read in getrgbrow in rdppm.c via a malformed PPM input file...
webkit2-gtk3 -- Denial of service
The WebKitGTK project reports the following vulnerability. Processing maliciously crafted web content may lead to arbitrary code execution or application crash denial of service. Description: A memory corruption issue use-after-free was addressed with improved memory handling...
ceph14 -- multiple security issues
RedHat reports: ceph: secure mode of msgr2 breaks both confidentiality and integrity aspects for long-lived sessions. ceph: header-splitting in RGW GetObject has a possible XSS...
FreeBSD -- Missing IPsec anti-replay window check
Problem Description: A missing check means that an attacker can reinject an old packet and it will be accepted and processed by the IPsec endpoint. Impact: The impact depends on the higher-level protocols in use over IPsec. For example, an attacker who can capture and inject packets could cause a...
salt -- salt-api vulnerability
SaltStack reports: With the Salt NetAPI enabled in addition to having a SSH roster defined, unauthenticated access is possible when specifying the client as SSH. Additionally, when the rawshell option is specified any arbitrary command may be run on the Salt master when specifying SSH options...
MongoDB -- Ensure RoleGraph can serialize authentication restrictions to BSON
reports: Improper serialization of MongoDB Server's internal authorization state permits a user with valid credentials to bypass IP source address protection mechanisms following administrative action. Credit Discovered by Tony Yesudas...
spamassassin -- multiple vulnerabilities
the Apache Spamassassin project reports: An input validation error of user-supplied input parsing multipart emails. Specially crafted emails can consume all resources on the system. A local user is able to execute arbitrary shell commands through specially crafted nefarious CF files...
Django -- multiple vulnerabilities
Django release reports: CVE-2019-19118: Privilege escalation in the Django admin. Since Django 2.1, a Django model admin displaying a parent model with related model inlines, where the user has view-only permissions to a parent model but edit permissions to the inline model, would display a...
libidn2 -- roundtrip check vulnerability
CVE list: GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except fo...
e2fsprogs -- maliciously corrupted file systems can trigger buffer overruns in the quota code used by e2fsck
Ted Y. Ts'o reports: A maliciously corrupted file systems can trigger buffer overruns in the quota code used by e2fsck...
FreeBSD -- kernel memory disclosure from /dev/midistat
Problem Description: The kernel driver for /dev/midistat implements a handler for read2. This handler is not thread-safe, and a multi-threaded program can exploit races in the handler to cause it to copy out kernel memory outside the boundaries of midistat's data buffer. Impact: The races allow a...
mongodb -- Our init scripts check /proc/[pid]/stat should validate that `(${procname})` is the process' command name.
Sicheng Liu of Beijing DBSEC Technology Co., Ltd reports: Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init...
mongodb -- Bump Windows package dependencies
Rich Mirch reports: An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server versions less than 4.0.11, 3.6.14, and 3.4.22 to run attacker defined code as the user running the utili...
FreeBSD -- pts(4) write-after-free
Problem Description: The code which handles a close2 of a descriptor created by posixopenpt2 fails to undo the configuration which causes SIGIO to be raised. This bug can lead to a write-after-free of kernel memory. Impact: The bug permits malicious code to trigger a write-after-free, which may b...
vlc -- multiple vulnerabilities
The VLC project reports: Security: Fix a buffer overflow in the MKV demuxer CVE-2019-14970 Fix a read buffer overflow in the avcodec decoder CVE-2019-13962 Fix a read buffer overflow in the FAAD decoder Fix a read buffer overflow in the OGG demuxer CVE-2019-14437, CVE-2019-14438 Fix a read buffer...
chromium -- use after free
Google Chrome Releases reports: 961413 High CVE-2019-5842: Use-after-free in Blink. Reported by BUGFENSE Anonymous Bug Bounties https://bugfense.io on 2019-05-09...
vlc -- Buffer overflow vulnerability
zhangyang reports: The ReadFrame function in the avi.c file uses a variable iwidthbytes, which is obtained directly from the file. It is a signed integer. It does not do a strict check before the memory operationmemmove, memcpy, which may cause a buffer overflow...
pango -- remote DoS vulnerability
libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via crafted text with invalid Unicode sequences...
chromium -- Incorrect handling of CSP header
Google Chrome Releases reports: 1 security fix contributed by external researchers: 845961 High CVE-2018-6148: Incorrect handling of CSP header. Reported by Michal Bentkowski on 2018-05-23...
couchdb -- administrator privilege escalation
Apache CouchDB PMC reports: Database Administrator could achieve privilege escalation to the account that CouchDB runs under, by abusing insufficient validation in the HTTP API, escaping security controls implemented in previous releases...
Flash Player -- arbitrary code execution
Adobe reports: This update resolves a type confusion vulnerability that could lead to arbitrary code execution CVE-2018-4944...
Sanitize -- XSS vulnerability
Sanitize release: Fixed an HTML injection vulnerability that could allow XSS. When Sanitize = 2.9.2, a specially crafted HTML fragment can cause libxml2 to generate improperly escaped output, allowing non-whitelisted attributes to be used on whitelisted elements. Sanitize now performs additional...
dovecot -- abort of SASL authentication results in a memory leak
Pedro Sampaio reports: A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. A abort of SASL authentication results in a memory leak in Dovecot auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the...
irssi -- multiple vulnerabilities
Irssi reports: When the channel topic is set without specifying a sender, Irssi may dereference NULL pointer. Found by Joseph Bisch. When using incomplete escape codes, Irssi may access data beyond the end of the string. Found by Joseph Bisch. A calculation error in the completion code could caus...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 2 security fixes in this release, including: 777728 Critical CVE-2017-15398: Stack buffer overflow in QUIC. Reported by Ned Williamson on 2017-10-24 776677 High CVE-2017-15399: Use after free in V8. Reported by Zhao Qixun of Qihoo 360 Vulcan Team on 2017-10-20...
wireshark -- multiple security issues
wireshark developers reports: In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by adding decrements. In Wireshark 2.4.0 to 2.4.1, the RTSP dissector could crash. This was addressed in epan/dissectors/packet-rtsp...
GitLab -- two vulnerabilities
GitLab reports: Remote Command Execution in git client An external code review performed by Recurity-Labs identified a remote command execution vulnerability in git that could be exploited via the "Repo by URL" import option in GitLab. The command line git client was not properly escaping command...
python -- possible integer overflow vulnerability
Python issue: There is a possible integer overflow in PyStringDecodeEscape function of the file stringobject.c, which can be abused to gain a heap overflow, possibly leading to arbitrary code execution...