6585 matches found
putty -- pscp/psftp heap corruption vulnerabilities
Simon Tatham reports: This version fixes a security hole in previous versions of PuTTY, which can allow a malicious SFTP server to attack your client. If you use either PSCP or PSFTP, you should upgrade. Users of the main PuTTY program are not affected. However, note that the server must have...
unace -- multiple vulnerabilities
Ulf Härnhammar reports: There are buffer overflows when extracting, testing or listing specially prepared ACE archives. There are directory traversal bugs when extracting ACE archives. There are also buffer overflows when dealing with long 17000 characters command line arguments. Secunia reports:...
postgresql -- multiple buffer overflows in PL/PgSQL parser
The PL/PgSQL parser in postgresql is vulnerable to several buffer overflows. These could be exploited by a remote attacker to execute arbitrary code with the permissions of the postgresql server by running a specially crafted query...
squirrelmail -- XSS and remote code injection vulnerabilities
A SquirrelMail Security Advisory reports: SquirrelMail 1.4.4 has been released to resolve a number of security issues disclosed below. It is strongly recommended that all running SquirrelMail prior to 1.4.4 upgrade to the latest release. Remote File Inclusion Manoel Zaninetti reported an issue in...
mysql-scripts -- mysqlaccess insecure temporary file creation
The Debian Security Team reports: Javier Fernández-Sanguino Peña from the Debian Security Audit Project discovered a temporary file vulnerability in the mysqlaccess script of MySQL that could allow an unprivileged user to let root overwrite arbitrary files via a symlink attack and could also coul...
yamt -- arbitrary command execution vulnerability
Manigandan Radhakrishnan discovered a security vulnerability in YAMT which can lead to execution of arbitrary commands with the privileges of the user running YAMT when sorting based on MP3 tags. The problem exist in the id3tagsort routine which does not properly sanitize the artist tag from the...
helvis -- arbitrary file deletion problem
The setuid root elvprsv utility, used to preserve recovery helvis files, can be abused by local users to delete with root privileges. The problem is that elvprsv deletes files when it thinks they have become corrupt. When elvprsv is pointed to a normal file then it will almost always think the fi...
zip -- long path buffer overflow
A HexView security advisory reports: When zip performs recursive folder compression, it does not check for the length of resulting path. If the path is too long, a buffer overflow occurs leading to stack corruption and segmentation fault. It is possible to exploit this vulnerability by embedding ...
cyrus-sasl -- dynamic library loading and set-user-ID applications
The Cyrus SASL library, libsasl, contains functions which may load dynamic libraries. These libraries may be loaded from the path specified by the environmental variable SASLPATH, which in some situations may be fully controlled by a local attacker. Thus, if a set-user-ID application such as chsh...
libxine -- DVD subpicture decoder heap overflow
A xine security announcement states: A heap overflow has been found in the DVD subpicture decoder of xine-lib. This can be used for a remote heap overflow exploit, which can, on some systems, lead to or help in executing malicious code with the permissions of the user running a xine-lib based med...
samba3 DoS attack
Code found in nmbd and smbd may allow a remote attacker to effectively crash the nmbd server or use the smbd server to exhaust the system memory...
courier-imap -- format string vulnerability in debug mode
An iDEFENSE security advisory describes a format string vulnerability that could be exploited when Courier-IMAP is run in debug mode DEBUGLOGIN set...
squid -- NTLM authentication denial-of-service vulnerability
A remote attacker is able to cause a denial-of-service situation, when NTLM authentication is enabled in squid. NTLM authentication uses two functions which lack correct offset checking...
MoinMoin administrative group name privilege escalation vulnerability
A serious flaw exists in the MoinMoin software which may allow a malicious user to gain access to unauthorized privileges...
lha buffer overflows and path traversal issues
Ulf Härnhammar discovered several vulnerabilities in LHa for UNIX's path name handling code. Specially constructed archive files may cause LHa to overwrite files or execute arbitrary code with the privileges of the user invoking LHa. This could be particularly harmful for automated systems that...
squid -- HTTP response splitting cache pollution attack
According to a whitepaper published by Sanctum, Inc., it is possible to mount cache poisoning attacks against, among others, squid proxies by inserting false replies into the HTTP stream. The squid patches page notes: This patch additionally strengthens Squid from the HTTP response attack describ...
metamail format string bugs and buffer overflows
Ulf Härnhammar reported four bugs in metamail: two are format string bugs and two are buffer overflows. The bugs are in SaveSquirrelFile, PrintHeader, and ShareThisHeader. These vulnerabilities could be triggered by a maliciously formatted email message if metamail' or splitmail' is used to proce...
L2TP, ISAKMP, and RADIUS parsing vulnerabilities in tcpdump
Jonathan Heusser discovered vulnerabilities in tcpdump's L2TP, ISAKMP, and RADIUS protocol handlers. These vulnerabilities may be used by an attacker to crash a running tcpdump' process...
pine remotely exploitable vulnerabilities
Pine versions prior to 4.58 are affected by two vulnerabilities discovered by iDEFENSE, a buffer overflow in mailview.c and an integer overflow in strings.c. Both vulnerabilities can result in arbitrary code execution when processing a malicious message...
mpg123 vulnerabilities
In 2003, two vulnerabilities were discovered in mpg123 that could result in remote code execution when using untrusted input or streaming from an untrusted server...
Cyrus IMAP pre-authentication heap overflow vulnerability
In December 2002, Timo Sirainen reported: Cyrus IMAP server has a remotely exploitable pre-login buffer overflow. ... Note that you don't have to log in before exploiting this, and since Cyrus runs everything under one UID, it's possible to read every user's mail in the system. It is unknown...
qt6-webengine -- multiple vulnerabilities
Qt qtwebengine-chromium repo reports: Backports for 262 security bugs in Chromium: CVE-2025-13223: Type Confusion in V8 CVE-2025-13224: Type Confusion in V8 CVE-2025-13630: Type Confusion in V8 CVE-2025-13632: Inappropriate implementation in DevTools CVE-2025-13634: Inappropriate implementation i...
Gitlab -- Vulnerabilities
Gitlab reports: Cross Site Scripting XSS in Maven Dependency Proxy through CSP directives Cross Site Scripting XSS in Maven dependency proxy through cache headers Network Error Logging NEL Header Injection in Maven Dependency Proxy Allows Browser Activity Monitoring Denial of service DOS via issu...
Gitlab -- Vulnerabilities
Gitlab reports: CVE-2025-25291 and CVE-2025-25292 third party gem ruby-saml CVE-2025-27407 third party gem graphql Denial of Service Due to Inefficient Processing of Untrusted Input Credentials disclosed when repository mirroring fails Denial of Service Vulnerability in GitLab Approval Rules due ...
Gitlab -- Vulnerabilities
Gitlab reports: Injection of Network Error Logging NEL headers in kubernetes proxy response could lead to ATO abusing OAuth flows Denial of Service by repeatedly sending unauthenticated requests for diff-files CIJOBTOKEN could be used to obtain GitLab session Open redirect in releases API...
firefox -- use-after-free code execution
[email protected] reports: An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild...
cups-filters -- remote code execution
OpenPrinting reports: Due to the service binding to :631 INADDRANY , multiple bugs in cups-browsed can be exploited in sequence to introduce a malicious printer to the system. This chain of exploits ultimately enables an attacker to execute arbitrary commands remotely on the target machine withou...
netatalk3 -- multiple WolfSSL vulnerabilities
Netatalk release reports: WolfSSL 5.7.0 included in netatalk includes multiple security vulnerabilities...
Django -- multiple vulnerabilities
Django reports: CVE-2024-41989: Memory exhaustion in django.utils.numberformat.floatformat. CVE-2024-41990: Potential denial-of-service in django.utils.html.urlize. CVE-2024-41991: Potential denial-of-service vulnerability in django.utils.html.urlize and AdminURLFieldWidget. CVE-2024-42005:...
electron28 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-4948. Security: backported fix for CVE-2024-3914. Security: backported fix for CVE-2024-4060. Security: backported fix for CVE-2024-4058. Security: backported fix for CVE-2024-4558...
electron29 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-4060. Security: backported fix for CVE-2024-4058...
qt5-webengine -- Multiple vulnerabilities
Backports for 2 security bugs in Chromium: CVE-2024-3157: Out of bounds write in Compositing CVE-2024-3516: Heap buffer overflow in ANGLE...
Gitlab -- Patch Release: 16.10.2, 16.9.4, 16.8.6
Gitlab reports: Stored XSS injected in diff viewer Stored XSS via autocomplete results Redos on Integrations Chat Messages Redos During Parse Junit Test Report...
Django -- multiple vulnerabilities
Django reports: CVE-2024-27351: Potential regular expression denial-of-service in django.utils.text.Truncator.words...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 4 security fixes: 1511567 High CVE-2024-1060: Use after free in Canvas. Reported by Anonymous on 2023-12-14 1514777 High CVE-2024-1059: Use after free in WebRTC. Reported by Cassidy Kim@cassidy6564 on 2023-12-29 1511085 High CVE-2024-1077: Use after...
FreeBSD -- TCP spoofing vulnerability in pf(4)
Problem Description: As part of its stateful TCP connection tracking implementation, pf performs sequence number validation on inbound packets. This makes it difficult for a would-be attacker to spoof the sender and inject packets into a TCP stream, since crafted packets must contain sequence...
Gitlab -- Vulnerabilities
Gitlab reports: XSS and ReDoS in Markdown via Banzai pipeline of Jira Members with admingroupmember custom permission can add members with higher role Release Description visible in public projects despite release set as project members only through atom response Manipulate the repository content...
electron22 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-4427. Security: backported fix for CVE-2023-4428...
typo3 -- multiple vulnerabilities
TYPO3 reports: TYPO3-CORE-SA-2023-002: By-passing Cross-Site Scripting Protection in HTML Sanitizer TYPO3-CORE-SA-2023-003: Information Disclosure due to Out-of-scope Site Resolution TYPO3-CORE-SA-2023-004: Cross-Site Scripting in CKEditor4 WordCount Plugin...
electron{23,24} -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-3422. Security: backported fix for CVE-2023-3421. Security: backported fix for CVE-2023-3420...
Openfire administration console authentication bypass
[email protected] reports: Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configure...
py39-redis -- can send response data to the client of an unrelated request
drago-balto reports: redis-py before 4.5.3, as used in ChatGPT and other products, leaves a connection open after canceling an async Redis command at an inopportune time in the case of a pipeline operation, and can send response data to the client of an unrelated request in an off-by-one manner...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update includes 8 security fixes: 1421773 High CVE-2023-1528: Use after free in Passwords. Reported by Wan Choi of Seoul National University on 2023-03-07 1419718 High CVE-2023-1529: Out of bounds memory access in WebHID. Reported by anonymous on 2023-02-27 1419831...
glpi -- multiple vulnerabilities
glpi Project reports: Multiple vulnerabilities found and fixed in this version: High CVE-2023-28849: SQL injection and Stored XSS via inventory agent request. High CVE-2023-28632: Account takeover by authenticated user. High CVE-2023-28838: SQL injection through dynamic reports. Moderate...
freerdp -- clients using the `/video` command line switch might read uninitialized data
MITRE reports: All FreeRDP based clients when using the /video command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected...
puppetdb -- Potential SQL injection
Puppet reports: The org.postgresql/postgresql driver has been updated to version 42.4.1 to address CVE-2022-31197, which is an SQL injection risk that according to the CVE report, can only be exploited if an attacker controls the database to the extent that they can adjust relevant tables to have...
XFCE -- Allows executing malicious .desktop files pointing to remote code
XFCE Project reports: Prevent executing possibly malicious .desktop files from online sources ftp://, http:// etc...
libspf2 -- Integer Underflow Remote Code Execution
Trendmicro ZDI reports: Integer Underflow Remote Code Execution Vulnerability The specific flaw exists within the parsing of SPF macros. When parsing SPF macros, the process does not properly validate user-supplied data, which can result in an integer underflow before writing to memory. An attack...
gogs -- XSS in issue attachments
The gogs project reports: Repository issues page allows HTML attachments with arbitrary JS code...
go -- multiple vulnerabilities
The Go project reports: regexp: stack exhaustion compiling deeply nested expressions On 64-bit platforms, an extremely deeply nested expression can cause regexp.Compile to cause goroutine stack exhaustion, forcing the program to exit. Note this applies to very large expressions, on the order of 2...