6585 matches found
chromium -- type confusion in v8
Chrome Releases reports: This update includes 1 security fix: 1485829 High CVE-2023-5346: Type Confusion in V8. Reported by Amit Kumar on 2023-09-22...
11/libX11 multiple vulnerabilities
The X.Org project reports: CVE-2023-43785: out-of-bounds memory access in XkbReadKeySyms When libX11 is processing the reply from the X server to the XkbGetMap request, if it detected the number of symbols in the new map was less than the size of the buffer it had allocated, it always added room...
Django -- multiple vulnerabilities
Django reports: CVE-2023-41164: Potential denial of service vulnerability in django.utils.encoding.uritoiri...
mediawiki -- multiple vulnerabilities
Mediawikwi reports: T264765, CVE-2023-PENDING SECURITY: Users without correct permission are incorrectly shown MediaWiki:Missing-revision-permission. T333050, CVE-2023-PENDING SECURITY: Fix infinite loop for self-redirects with variants conversion. T340217, CVE-2023-PENDING SECURITY: Vector 2022:...
clamav -- Possible denial of service vulnerability in the AutoIt file parser
The ClamAV project reports: There is a possible denial of service vulnerability in the AutoIt file parser...
Grafana -- Grafana DS proxy race condition
Grafana Labs reports: We have discovered a vulnerability with Grafana’s data source query endpoints that could end up crashing a Grafana instance. If you have public dashboards PD enabled, we are scoring this as a CVSS 7.5 High. If you have disabled PD, this vulnerability is still a risk, but...
xorg-server -- Security issue in the X server
The X.org project reports: CVE-2023-0494/ZDI-CAN-19596: X.Org Server DeepCopyPointerClasses use-after-free A dangling pointer in DeepCopyPointerClasses can be exploited by ProcXkbSetDeviceInfo and ProcXkbGetDeviceInfo to read/write into freed memory...
libde256 -- multiple vulnerabilities
Libde265 developer reports: This release fixes the known CVEs below. Many of them are actually caused by the same underlying issues that manifest in different ways...
git -- gitattributes parsing integer overflow
git team reports: gitattributes are used to define unique attributes corresponding to paths in your repository. These attributes are defined by .gitattributes files within your repository. The parser used to read these files has multiple integer overflows, which can occur when parsing either a...
freerdp -- multiple vulnerabilities
FreeRDP reports: GHSA-5w4j-mrrh-jjrm: Out of bound read in zgfx decoder. GHSA-99cm-4gw7-c8jh: Undefined behaviour in zgfx decoder. GHSA-387j-8j96-7q35: Division by zero in urbdrc channel. GHSA-mvxm-wfj2-5fvh: Missing length validation in urbdrc channel. GHSA-qfq2-82qr-7f4j: Heap buffer overflow i...
emacs -- multiple vulnerabilities
Xi Lu reports: CVE-2022-48337 GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u ...
rubygem-cgi -- HTTP response splitting vulnerability
Hiroshi Tokumaru reports: If an application that generates HTTP responses using the cgi gem with untrusted user input, an attacker can exploit it to inject a malicious HTTP response header and/or body. Also, the contents for a CGI::Cookie object were not checked properly. If an application create...
tailscale -- Security vulnerability in the client
Tailscale team reports: A vulnerability identified in the Tailscale client allows a malicious website to access the peer API, which can then be used to access Tailscale environment variables...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 3 security fixes, including: 1366813 High CVE-2022-3370: Use after free in Custom Elements. Reported by Aviv A. on 2022-09-22 1366399 High CVE-2022-3373: Out of bounds write in V8. Reported by Tibor Klajnscek on 2022-09-21...
Gitlab -- multiple vulnerabilities
Gitlab reports: Revoke access to confidential notes todos Pipeline subscriptions trigger new pipelines with the wrong author Ability to gain access to private project through an email invite by using other user's email address as an unverified secondary email Import via git protocol allows to...
Subversion -- Multiple vulnerabilities in server code
Subversion project reports: Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization authz rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also...
powerdns-recursor -- denial of service
PowerDNS Team reports: PowerDNS Security Advisory 2022-01: incomplete validation of incoming IXFR transfer in Authoritative Server and Recursor...
e2fsprogs -- out-of-bounds read/write vulnerability
Nils Bars reports: During the processing of a specially fuzzed disk image, an out-of-bounds write is triggered and causes a segmentation fault SIGSEGV...
Django -- multiple vulnerabilities
Django Release reports: CVE-2021-45115: Denial-of-service possibility in UserAttributeSimilarityValidator. CVE-2021-45116: Potential information disclosure in dictsort template filter. CVE-2021-45452: Potential directory-traversal via Storage.save...
OpenSSL -- Certificate validation issue
The OpenSSL project reports: Invalid handling of X509verifycert internal errors in libssl Moderate Internally libssl in OpenSSL calls X509verifycert on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error for...
py39-celery -- command injection vulnerability
Snyk reports: This affects the package celery before 5.2.2. It by default trusts the messages and metadata stored in backends result stores. When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within ...
routinator -- multiple vulnerabilities
nlnetlabs reports: Release 0.10.2 contains fixes for the following issues: Medium CVE-2021-43172: Infinite length chain of RRDP repositories. Credit: Koen van Hove. Date: 2021-11-09 Medium CVE-2021-43173: Hanging RRDP request. Credit: Koen van Hove. Date: 2021-11-09 Medium CVE-2021-43174: gzip...
py-matrix-synapse -- several vulnerabilities
Matrix developers report: This release patches two moderate severity issues which could reveal metadata about private rooms: CVE-2021-39164: Enumerating a private room's list of members and their display names. CVE-2021-39163: Disclosing a private room's name, avatar, topic, and number of members...
fetchmail -- STARTTLS bypass vulnerabilities
Problem: In certain circumstances, fetchmail 6.4.21 and older would not encrypt the session using STARTTLS/STLS, and might not have cleared session state across the TLS negotiation...
Gitlab -- Gitlab
Gitlab reports: Stored XSS in Mermaid when viewing Markdown files Stored XSS in default branch name Perform Git actions with an impersonation token even if impersonation is disabled Tag and branch name confusion allows Developer to access protected CI variables New subscriptions generate OAuth...
Ansible -- Templating engine bug
Ansible developers report: Templating engine fix for not preserving usnafe status when trying to preserve newlines...
OpenDMARC - Remote denial of service
OpenDMARC 1.4.1 and 1.4.1.1 will dereference a NULL pointer when encountering a multi-value From: header field. A remote attacker can send a specially crafted message resulting in a denial of service...
Apache OpenOffice -- multiple vulnerabilities.
The Apache Openoffice project reports: Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A careful...
asterisk -- Remote Crash Vulnerability in PJSIP channel driver
The Asterisk project reports: When Asterisk receives a re-INVITE without SDP after having sent a BYE request a crash will occur. This occurs due to the Asterisk channel no longer being present while code assumes it is...
aiohttp -- open redirect vulnerability
Sviatoslav Sydorenko reports: Open redirect vulnerability — a maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a bug in the aiohttp.webmiddlewares.normalizepathmiddleware middleware...
FreeBSD -- jail_attach(2) relies on the caller to change the cwd
Problem Description: When a process, such as jexec8 or killall1, calls jailattach2 to enter a jail, the jailed root can attach to it using ptrace2 before the current working directory is changed. Impact: A process with superuser privileges running inside a jail could change the root directory...
moinmoin -- multiple vulnerabilities
MoinMoin reports: Security fix for CVE-2020-25074: fix remote code execution via cache action Security fix for CVE-2020-15275: fix malicious SVG attachment causing stored XSS vulnerability...
Rails -- Possible XSS vulnerability
Ruby on Rails blog: Rails version 6.0.3.4 has been released! This version is a security release and addresses one possible XSS attack vector in Actionable Exceptions...
go -- net/http/cgi, net/http/fcgi: Cross-Site Scripting (XSS) when Content-Type is not specified
The Go project reports: When a Handler does not explicitly set the Content-Type header, both CGI implementations default to “text/html”. If an attacker can make a server generate content under their control e.g. a JSON containing user data or an uploaded image file this might be mistakenly return...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update includes 2 security fixes, including: 1092308 High CVE-2020-6509: Use after free in extensions. Reported by Anonymous on 2020-06-08...
libjpeg-turbo -- Issue in the PPM reader causing a buffer overrun in cjpeg, TJBench, or the tjLoadImage() function.
libjpeg-turbo releases reports: This release fixes the following security issue: Heap-based buffer over-read in getrgbrow in rdppm.c via a malformed PPM input file...
webkit2-gtk3 -- Denial of service
The WebKitGTK project reports the following vulnerability. Processing maliciously crafted web content may lead to arbitrary code execution or application crash denial of service. Description: A memory corruption issue use-after-free was addressed with improved memory handling...
ceph14 -- multiple security issues
RedHat reports: ceph: secure mode of msgr2 breaks both confidentiality and integrity aspects for long-lived sessions. ceph: header-splitting in RGW GetObject has a possible XSS...
FreeBSD -- Missing IPsec anti-replay window check
Problem Description: A missing check means that an attacker can reinject an old packet and it will be accepted and processed by the IPsec endpoint. Impact: The impact depends on the higher-level protocols in use over IPsec. For example, an attacker who can capture and inject packets could cause a...
salt -- salt-api vulnerability
SaltStack reports: With the Salt NetAPI enabled in addition to having a SSH roster defined, unauthenticated access is possible when specifying the client as SSH. Additionally, when the rawshell option is specified any arbitrary command may be run on the Salt master when specifying SSH options...
MongoDB -- Ensure RoleGraph can serialize authentication restrictions to BSON
reports: Improper serialization of MongoDB Server's internal authorization state permits a user with valid credentials to bypass IP source address protection mechanisms following administrative action. Credit Discovered by Tony Yesudas...
spamassassin -- multiple vulnerabilities
the Apache Spamassassin project reports: An input validation error of user-supplied input parsing multipart emails. Specially crafted emails can consume all resources on the system. A local user is able to execute arbitrary shell commands through specially crafted nefarious CF files...
Django -- multiple vulnerabilities
Django release reports: CVE-2019-19118: Privilege escalation in the Django admin. Since Django 2.1, a Django model admin displaying a parent model with related model inlines, where the user has view-only permissions to a parent model but edit permissions to the inline model, would display a...
libidn2 -- roundtrip check vulnerability
CVE list: GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except fo...
e2fsprogs -- maliciously corrupted file systems can trigger buffer overruns in the quota code used by e2fsck
Ted Y. Ts'o reports: A maliciously corrupted file systems can trigger buffer overruns in the quota code used by e2fsck...
FreeBSD -- kernel memory disclosure from /dev/midistat
Problem Description: The kernel driver for /dev/midistat implements a handler for read2. This handler is not thread-safe, and a multi-threaded program can exploit races in the handler to cause it to copy out kernel memory outside the boundaries of midistat's data buffer. Impact: The races allow a...
mongodb -- Bump Windows package dependencies
Rich Mirch reports: An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server versions less than 4.0.11, 3.6.14, and 3.4.22 to run attacker defined code as the user running the utili...
mongodb -- Our init scripts check /proc/[pid]/stat should validate that `(${procname})` is the process' command name.
Sicheng Liu of Beijing DBSEC Technology Co., Ltd reports: Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init...
FreeBSD -- pts(4) write-after-free
Problem Description: The code which handles a close2 of a descriptor created by posixopenpt2 fails to undo the configuration which causes SIGIO to be raised. This bug can lead to a write-after-free of kernel memory. Impact: The bug permits malicious code to trigger a write-after-free, which may b...
vlc -- multiple vulnerabilities
The VLC project reports: Security: Fix a buffer overflow in the MKV demuxer CVE-2019-14970 Fix a read buffer overflow in the avcodec decoder CVE-2019-13962 Fix a read buffer overflow in the FAAD decoder Fix a read buffer overflow in the OGG demuxer CVE-2019-14437, CVE-2019-14438 Fix a read buffer...