6585 matches found
multiple buffer overflows in xboing
Steve Kemp reports in a Debian bug submission: Due to improper bounds checking it is possible for a malicious user to gain a shell with membership group 'games'. The binary is installed setgid games. Environmental variables are used without being bounds-checked in any way, from the source code:...
qt6-webengine -- multiple vulnerabilities
Qt qtwebengine-chromium repo reports: Backports for 262 security bugs in Chromium: CVE-2025-13223: Type Confusion in V8 CVE-2025-13224: Type Confusion in V8 CVE-2025-13630: Type Confusion in V8 CVE-2025-13632: Inappropriate implementation in DevTools CVE-2025-13634: Inappropriate implementation i...
Gitlab -- Vulnerabilities
Gitlab reports: Cross Site Scripting XSS in Maven Dependency Proxy through CSP directives Cross Site Scripting XSS in Maven dependency proxy through cache headers Network Error Logging NEL Header Injection in Maven Dependency Proxy Allows Browser Activity Monitoring Denial of service DOS via issu...
Gitlab -- Vulnerabilities
Gitlab reports: CVE-2025-25291 and CVE-2025-25292 third party gem ruby-saml CVE-2025-27407 third party gem graphql Denial of Service Due to Inefficient Processing of Untrusted Input Credentials disclosed when repository mirroring fails Denial of Service Vulnerability in GitLab Approval Rules due ...
Gitlab -- Vulnerabilities
Gitlab reports: Injection of Network Error Logging NEL headers in kubernetes proxy response could lead to ATO abusing OAuth flows Denial of Service by repeatedly sending unauthenticated requests for diff-files CIJOBTOKEN could be used to obtain GitLab session Open redirect in releases API...
firefox -- use-after-free code execution
[email protected] reports: An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild...
cups-filters -- remote code execution
OpenPrinting reports: Due to the service binding to :631 INADDRANY , multiple bugs in cups-browsed can be exploited in sequence to introduce a malicious printer to the system. This chain of exploits ultimately enables an attacker to execute arbitrary commands remotely on the target machine withou...
netatalk3 -- multiple WolfSSL vulnerabilities
Netatalk release reports: WolfSSL 5.7.0 included in netatalk includes multiple security vulnerabilities...
Django -- multiple vulnerabilities
Django reports: CVE-2024-41989: Memory exhaustion in django.utils.numberformat.floatformat. CVE-2024-41990: Potential denial-of-service in django.utils.html.urlize. CVE-2024-41991: Potential denial-of-service vulnerability in django.utils.html.urlize and AdminURLFieldWidget. CVE-2024-42005:...
electron28 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-4948. Security: backported fix for CVE-2024-3914. Security: backported fix for CVE-2024-4060. Security: backported fix for CVE-2024-4058. Security: backported fix for CVE-2024-4558...
Intel CPUs -- multiple vulnerabilities
Intel reports: Potential security vulnerabilities in some Intel Trust Domain Extensions TDX module software may allow escalation of privilege. Improper input validation in some Intel TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of...
electron29 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-4060. Security: backported fix for CVE-2024-4058...
qt5-webengine -- Multiple vulnerabilities
Backports for 2 security bugs in Chromium: CVE-2024-3157: Out of bounds write in Compositing CVE-2024-3516: Heap buffer overflow in ANGLE...
Gitlab -- Patch Release: 16.10.2, 16.9.4, 16.8.6
Gitlab reports: Stored XSS injected in diff viewer Stored XSS via autocomplete results Redos on Integrations Chat Messages Redos During Parse Junit Test Report...
Django -- multiple vulnerabilities
Django reports: CVE-2024-27351: Potential regular expression denial-of-service in django.utils.text.Truncator.words...
Grafana -- Data source permission escalation
Grafana Labs reports: The vulnerability impacts Grafana Cloud and Grafana Enterprise instances, and it is exploitable if a user who should not be able to access all data sources is granted permissions to create a data source. By default, only organization Administrators are allowed to create a da...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 4 security fixes: 1511567 High CVE-2024-1060: Use after free in Canvas. Reported by Anonymous on 2023-12-14 1514777 High CVE-2024-1059: Use after free in WebRTC. Reported by Cassidy Kim@cassidy6564 on 2023-12-29 1511085 High CVE-2024-1077: Use after...
Gitlab -- Vulnerabilities
Gitlab reports: XSS and ReDoS in Markdown via Banzai pipeline of Jira Members with admingroupmember custom permission can add members with higher role Release Description visible in public projects despite release set as project members only through atom response Manipulate the repository content...
chromium -- type confusion in v8
Chrome Releases reports: This update includes 1 security fix: 1485829 High CVE-2023-5346: Type Confusion in V8. Reported by Amit Kumar on 2023-09-22...
11/libX11 multiple vulnerabilities
The X.Org project reports: CVE-2023-43785: out-of-bounds memory access in XkbReadKeySyms When libX11 is processing the reply from the X server to the XkbGetMap request, if it detected the number of symbols in the new map was less than the size of the buffer it had allocated, it always added room...
electron22 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-4427. Security: backported fix for CVE-2023-4428...
typo3 -- multiple vulnerabilities
TYPO3 reports: TYPO3-CORE-SA-2023-002: By-passing Cross-Site Scripting Protection in HTML Sanitizer TYPO3-CORE-SA-2023-003: Information Disclosure due to Out-of-scope Site Resolution TYPO3-CORE-SA-2023-004: Cross-Site Scripting in CKEditor4 WordCount Plugin...
electron{23,24} -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-3422. Security: backported fix for CVE-2023-3421. Security: backported fix for CVE-2023-3420...
Openfire administration console authentication bypass
[email protected] reports: Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configure...
py39-redis -- can send response data to the client of an unrelated request
drago-balto reports: redis-py before 4.5.3, as used in ChatGPT and other products, leaves a connection open after canceling an async Redis command at an inopportune time in the case of a pipeline operation, and can send response data to the client of an unrelated request in an off-by-one manner...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update includes 8 security fixes: 1421773 High CVE-2023-1528: Use after free in Passwords. Reported by Wan Choi of Seoul National University on 2023-03-07 1419718 High CVE-2023-1529: Out of bounds memory access in WebHID. Reported by anonymous on 2023-02-27 1419831...
rubygem-cgi -- HTTP response splitting vulnerability
Hiroshi Tokumaru reports: If an application that generates HTTP responses using the cgi gem with untrusted user input, an attacker can exploit it to inject a malicious HTTP response header and/or body. Also, the contents for a CGI::Cookie object were not checked properly. If an application create...
freerdp -- clients using the `/video` command line switch might read uninitialized data
MITRE reports: All FreeRDP based clients when using the /video command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected...
puppetdb -- Potential SQL injection
Puppet reports: The org.postgresql/postgresql driver has been updated to version 42.4.1 to address CVE-2022-31197, which is an SQL injection risk that according to the CVE report, can only be exploited if an attacker controls the database to the extent that they can adjust relevant tables to have...
Django -- multiple vulnerabilities
Django reports: CVE-2022-36359: Potential reflected file download vulnerability in FileResponse...
XFCE -- Allows executing malicious .desktop files pointing to remote code
XFCE Project reports: Prevent executing possibly malicious .desktop files from online sources ftp://, http:// etc...
libspf2 -- Integer Underflow Remote Code Execution
Trendmicro ZDI reports: Integer Underflow Remote Code Execution Vulnerability The specific flaw exists within the parsing of SPF macros. When parsing SPF macros, the process does not properly validate user-supplied data, which can result in an integer underflow before writing to memory. An attack...
gogs -- XSS in issue attachments
The gogs project reports: Repository issues page allows HTML attachments with arbitrary JS code...
powerdns-recursor -- denial of service
PowerDNS Team reports: PowerDNS Security Advisory 2022-01: incomplete validation of incoming IXFR transfer in Authoritative Server and Recursor...
go -- multiple vulnerabilities
The Go project reports: regexp: stack exhaustion compiling deeply nested expressions On 64-bit platforms, an extremely deeply nested expression can cause regexp.Compile to cause goroutine stack exhaustion, forcing the program to exit. Note this applies to very large expressions, on the order of 2...
rubygem-date -- Regular Expression Denial of Service Vunlerability of Date Parsing Methods
Stanislav Valkanov reports: Date's parsing methods including Date.parse are using Regexps internally, some of which are vulnerable against regular expression denial of service. Applications and libraries that apply such methods to untrusted input may be affected...
webkit2-gtk3 -- multiple vulnerabilities
The WebKitGTK project reports vulnerabilities: CVE-2021-30858: Processing maliciously crafted web content may lead to arbitrary code execution...
fetchmail -- STARTTLS bypass vulnerabilities
Problem: In certain circumstances, fetchmail 6.4.21 and older would not encrypt the session using STARTTLS/STLS, and might not have cleared session state across the TLS negotiation...
Prosody -- Remote Information Disclosure
A Prosody XMPP server advisory reports: It was discovered that Prosody allows any entity to access the list of admins, members, owners and banned entities of any federated XMPP group chat of which they know the address...
Gitlab -- Multiple vulnerabilities
Gitlab reports: JWT token leak via Workhorse Stored XSS in wiki pages Group Maintainers are able to use the Group CI/CD Variables API Insecure storage of GitLab session keys...
FreeBSD -- jail_attach(2) relies on the caller to change the cwd
Problem Description: When a process, such as jexec8 or killall1, calls jailattach2 to enter a jail, the jailed root can attach to it using ptrace2 before the current working directory is changed. Impact: A process with superuser privileges running inside a jail could change the root directory...
asterisk -- Remote Crash Vulnerability in PJSIP channel driver
The Asterisk project reports: Given a scenario where an outgoing call is placed from Asterisk to a remote SIP server it is possible for a crash to occur...
pysaml2 -- multiple vulnerabilities
pysaml2 Releases: Fix processing of invalid SAML XML documents - CVE-2021-21238 Fix unspecified xmlsec1 key-type preference - CVE-2021-21239...
FreeBSD -- Multiple vulnerabilities in rtsold
Problem Description: Two bugs exist in rtsold8's RDNSS and DNSSL option handling. First, rtsold8 failed to perform sufficient bounds checking on the extent of the option. In particular, it does not verify that the option does not extend past the end of the received packet before processing its...
zeek -- Vulnerability due to memory leak
Jon Siwek of Corelight reports: This release fixes the following security issue: A memory leak in multipart MIME code has potential for remote exploitation and cause for Denial of Service via resource exhaustion...
FreeBSD -- ure device driver susceptible to packet-in-packet attack
Problem Description: A programming error in the ure4 device driver caused some Realtek USB Ethernet interfaces to incorrectly report packets with more than 2048 bytes in a single USB transfer as having a length of only 2048 bytes. An adversary can exploit this to cause the driver to misinterpret...
GnuTLS -- null pointer dereference
The GnuTLS project reports: It was found by oss-fuzz that the server sending a "norenegotiation" alert in an unexpected timing, followed by an invalid second handshake can cause a TLS 1.3 client to crash via a null-pointer dereference. The crash happens in the application's error handling path,...
gnupg -- AEAD key import overflow
Importing an OpenPGP key having a preference list for AEAD algorithms will lead to an array overflow and thus often to a crash or other undefined behaviour. Importing an arbitrary key can often easily be triggered by an attacker and thus triggering this bug. Exploiting the bug aside from crashes ...
go -- net/http/cgi, net/http/fcgi: Cross-Site Scripting (XSS) when Content-Type is not specified
The Go project reports: When a Handler does not explicitly set the Content-Type header, both CGI implementations default to “text/html”. If an attacker can make a server generate content under their control e.g. a JSON containing user data or an uploaded image file this might be mistakenly return...
nexus2-oss -- NXRM2 Directory Traversal vulnerability
Sonatype reports: CVE-2020-15012: NXRM2 Directory Traversal vulnerability...