6585 matches found
gnupg -- AEAD key import overflow
Importing an OpenPGP key having a preference list for AEAD algorithms will lead to an array overflow and thus often to a crash or other undefined behaviour. Importing an arbitrary key can often easily be triggered by an attacker and thus triggering this bug. Exploiting the bug aside from crashes ...
nexus2-oss -- NXRM2 Directory Traversal vulnerability
Sonatype reports: CVE-2020-15012: NXRM2 Directory Traversal vulnerability...
GnuTLS -- flaw in TLS session ticket key construction
The GnuTLS project reports: It was found that GnuTLS 3.6.4 introduced a regression in the TLS protocol implementation. This caused the TLS server to not securely construct a session ticket encryption key considering the application supplied secret, allowing a MitM attacker to bypass authenticatio...
glpi -- bypass of the open redirect protection
MITRE Corporation reports: In GLPI before version 9.4.6, there is a vulnerability that allows bypassing the open redirect protection based which is based on a regexp. This is fixed in version 9.4.6...
e2fsprogs -- rehash.c/pass 3a mutate_name() code execution vulnerability
Lilith of Cisco Talos reports: A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger...
asterisk -- AMI user could execute system commands
The Asterisk project reports: A remote authenticated Asterisk Manager Interface AMI user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands...
ksh93 -- certain environment variables interpreted as arithmetic expressions on startup, leading to code injection
Upstream ksh93 maintainer Siteshwar Vashisht reports: A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated...
clamav -- Denial-of-Service (DoS) vulnerability
Micah Snyder reports: A Denial-of-Service DoS vulnerability may occur when scanning a specially crafted email file as a result of excessively long scan times. The issue is resolved by implementing several maximums in parsing MIME messages and by optimizing use of memory allocation...
SDL2_image -- multiple vulnerabilities
SDLimage developers report: Fixed a number of security issues: TALOS-2019-0820 TALOS-2019-0821 TALOS-2019-0841 TALOS-2019-0842 TALOS-2019-0843 TALOS-2019-0844...
libsndfile -- out-of-bounds read memory access
RedHat reports: It was discovered the fix for CVE-2018-19758 was not complete and still allows a read beyond the limits of a buffer in wavwriteheader function in wav.c. A local attacker may use this flaw to make the application crash...
libexif -- privilege escalation
Mitre reports: In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation...
rssh - multiple vulnerabilities
NVD reports: rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp...
p5-Email-Address-List -- DDoS related vulnerability
Best PRactical Solutions reports: 0.06 2019-01-02 - Changes to address CVE-2018-18898 which could allow DDoS-type attacks. Thanks to Lukas Kramer for reporting the issue and Alex Vandiver for contributing fixes. - Fix pathological backtracking for unkown regex - Fix pathological backtracking in...
Gitlab -- Multiple vulnerabilities
Gitlab reports: Source code disclosure merge request diff Todos improper access control URL rel attribute not set Persistent XSS Autocompletion SSRF repository mirroring CI job token LFS error message disclosure Secret CI variable exposure Guest user CI job disclosure Persistent XSS label referen...
FreeBSD -- Multiple vulnerabilities in NFS server code
Problem Description: Insufficient and improper checking in the NFS server code could cause a denial of service or possibly remote code execution via a specially crafted network packet. Impact: A remote attacker could cause the NFS server to crash, resulting in a denial of service, or possibly...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory: Description Low SECURITY-637 Jenkins allowed deserialization of URL objects with host components Medium SECURITY-672 Ephemeral user record was created on some invalid authentication attempts Medium SECURITY-790 Cron expression form validation could enter infinite loop,...
cgit -- directory traversal vulnerability
Jann Horn reports: cgitcloneobjects in CGit before 1.2.1 has a directory traversal vulnerability when enable-http-clone=1 is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request...
Jupyter Notebook -- vulnerability
MITRE reports: In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous...
p7zip-codec-rar -- insufficient error handling
MITRE reports: Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, alows remote attackers to cause a denial of service segmentation fault or execute arbitrary code via a crafte...
Flash Player -- information disclosure
Adobe reports: This update resolves an out-of-bounds read vulnerability that could lead to information disclosure CVE-2018-4871...
couchdb -- multiple vulnerabilities
Apache CouchDB PMC reports: Database Administrator could achieve privilege escalation to the account that CouchDB runs under, by abusing insufficient validation in the HTTP API, escaping security controls implemented in previous releases...
wordpress -- multiple issues
wordpress developers reports: WordPress versions 4.8.2 and earlier are affected by an issue where $wpdb-prepare can create unexpected and unsafe queries leading to potential SQL injection SQLi. WordPress core is not directly vulnerable to this issue, but we've added hardening to prevent plugins a...
phpmyfaq -- multiple issues
phpmyfaq developers report: Cross-site scripting XSS vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an "Add New FAQ" action. Cross-site scripting XSS vulnerability in phpMyFAQ through 2.9.8 allow...
Django -- possible XSS in traceback section of technical 500 debug page
Django blog: In older versions, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with DEBUG =...
asterisk -- RTP/RTCP information leak
The Asterisk project reports: This is a follow up advisory to AST-2017-005. Insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the "nat" and "symmetricrtp" options allow redirecting where Asterisk sends the next RTCP report. The RTP stream...
asterisk -- Unauthorized data disclosure and shell access command injection in app_minivm
The Asterisk project reports: AST-2017-005 - A change was made to the strict RTP support in the RTP stack to better tolerate late media when a reinvite occurs. When combined with the symmetric RTP support this introduced an avenue where media could be hijacked. Instead of only learning a new...
pspp -- multiple vulnerabilities
CVE Details reports: There is an Integer overflow in the hashint function of the libpspp library in GNU PSPP 0.10.5-pre2 CVE-2017-10791. There is a NULL Pointer Dereference in the function llinsert of the libpspp library in GNU PSPP 0.10.5-pre2 CVE-2017-10792. There is an illegal address access i...
xorg-server -- Multiple Issues
xorg-server developers reports: In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events. Uninitialized data in endianness conversion in the XEve...
SquirrelMail -- post-authentication remote code execution
SquirrelMail developers report: SquirrelMail 1.4.22 and other versions before 201704270200-SVN allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote...
raptor2 -- buffer overflow
CVE MITRE reports: raptorxmlwriterstartelementcommon in raptorxmlwriter.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows sometimes seen in raptorqnameformatasxml...
squashfs-tools -- Integer overflow
Phillip Lougher reports: Integer overflow in the readfragmenttable4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service application crash via a crafted input, which triggers a stack-based buffer overflow...
zziplib - multiple vulnerabilities
NIST reports by search in the range 2017/01/01 - 2018/07/06: 17 security fixes in this release: Heap-based buffer overflow in the zzipget32 function in fetch.c. Heap-based buffer overflow in the zzipget64 function in fetch.c. Heap-based buffer overflow in the zzipmementryextrablock function in...
gtk-vnc -- bounds checking vulnerabilities
Daniel P. Berrange reports: CVE-2017-5884 - fix bounds checking for RRE, hextile and copyrect encodings CVE-2017-5885 - fix color map index bounds checking...
PHP -- undisclosed vulnerabilities
The PHP project reports: The PHP development team announces the immediate availability of PHP 7.0.15. This is a security release. Several security bugs were fixed in this release. The PHP development team announces the immediate availability of PHP 5.6.30. This is a security release. Several...
xen-tools -- qemu incautious about shared ring processing
The Xen Project reports: The compiler can emit optimizations in qemu which can lead to double fetch vulnerabilities. Specifically data on the rings shared between qemu and the hypervisor which the guest under control can obtain mappings of can be fetched twice during which time the guest can alte...
flash -- remote code execution
Adobe reports: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address a critical vulnerability that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for...
Apache OpenOffice -- multiple vulnerabilities
The Apache Openofffice project reports: CVE-2017-3157: Arbitrary file disclosure in Calc and Writer By exploiting the way OpenOffice renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacke...
chicken -- multiple vulnerabilities
Peter Bex reports: A buffer overflow error was found in the POSIX unit's procedures process-execute and process-spawn. Additionally, a memory leak existed in this code, which would be triggered when an error is raised during argument and environment processing. Irregex versions before 0.9.6 conta...
Mozilla -- multiple vulnerabilities
Mozilla Foundation reports: Please reference CVE/URL list for details...
p5-XSLoader -- local arbitrary code execution
Jakub Wilk reports: XSLoader tries to load code from a subdirectory in the cwd when called inside a string eval...
The GIMP -- Use after Free vulnerability
The GIMP team reports: A Use-after-free vulnerability was found in the xcfloadimage function...
haproxy -- denial of service
HAproxy reports: HAproxy 1.6.x before 1.6.6, when a deny comes from a reqdeny rule, allows remote attackers to cause a denial of service uninitialized memory access and crash or possibly have unspecified other impact via unknown vectors...
wordpress -- multiple vulnerabilities
Helen Hou-Sandi reports: WordPress 4.5.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.5.1 and earlier are affected by a SOME vulnerability through Plupload, the third-party library...
mercurial -- multiple vulnerabilities
Mercurial reports: CVE-2016-3630: Remote code execution in binary delta decoding CVE-2016-3068: Arbitrary code execution with Git subrepos CVE-2016-3069: Arbitrary code execution when converting Git repos...
openvswitch -- MPLS buffer overflow
Open vSwitch reports: Multiple versions of Open vSwitch are vulnerable to remote buffer overflow attacks, in which crafted MPLS packets could overflow the buffer reserved for MPLS labels in an OVS internal data structure. The MPLS packets that trigger the vulnerability and the potential for...
git -- integer overflow
Debian reports: integer overflow due to a loop which adds more to "len"...
cacti -- multiple vulnerabilities
The Cacti Group, Inc. reports: Changelog bug:0002652: CVE-2015-8604: SQL injection in graphsnew.php bug:0002655: CVE-2015-8377: SQL injection vulnerability in the hostnewgraphssave function in graphsnew.php bug:0002656: Authentication using web authentication as a user not in the cacti database...
phpmyadmin -- Insecure password generation in JavaScript
The phpMyAdmin development team reports: Password suggestion functionality uses Math.random which does not provide cryptographically secure random numbers. We consider this vulnerability to be non-critical...
h2o -- directory traversal vulnerability
Yakuzo OKU reports: When redirect directive is used, this flaw allows a remote attacker to inject response headers into an HTTP redirect response...
nghttp2 -- use after free
nghttp2 reports: This release fixes heap-use-after-free bug in idle stream handling code. We strongly recommend to upgrade the older installation to this latest version as soon as possible...