6580 matches found
asterisk -- Memory/File Descriptor/RTP leak in pjsip session resource
The Asterisk project reports: A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed. This then leads to file descriptors and RTP ports being leaked...
mysql -- Remote Root Code Execution
Dawid Golunski reports: An independent research has revealed multiple severe MySQL vulnerabilities. This advisory focuses on a critical vulnerability with a CVEID of CVE-2016-6662 which can allow attackers to remotely inject malicious settings into MySQL configuration files my.cnf leading to...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: MFSA 2016-49 Miscellaneous memory safety hazards rv:47.0 / rv:45.2 MFSA 2016-50 Buffer overflow parsing HTML5 fragments MFSA 2016-51 Use-after-free deleting tables from a contenteditable document MFSA 2016-52 Addressbar spoofing though the SELECT element MFSA 2016-54...
pgbouncer -- failed auth_query lookup leads to connection as auth_user
PgBouncer reports: New authuser functionality introduced in 1.6 allows login as authuser when client presents unknown username. It's quite likely authuser is superuser. Affects only setups that have enabled authuser in their config...
Joomla! -- Core - Remote File Execution/Denial of Service vulnerabilities
The JSST and the Joomla! Security Center report: 20140903 - Core - Remote File Inclusion Inadequate checking allowed the potential for remote files to be executed. 20140904 - Core - Denial of Service Inadequate checking allowed the potential for a denial of service attack...
apache -- mod_rewrite buffer overflow vulnerability
The Apache Software Foundation and The Apache HTTP Server Project reports: An off-by-one flaw exists in the Rewrite module, modrewrite, as shipped with Apache 1.3 since 1.3.28, 2.0 since 2.0.46, and 2.2 since 2.2.0. Depending on the manner in which Apache HTTP Server was compiled, this software...
Apache httpd -- Multiple vulnerabilities
The Apache httpd project reports: moderate: Apache HTTP Server: HTTP response splitting CVE-2024-42516 low: Apache HTTP Server: SSRF with modheaders setting Content-Type header CVE-2024-43204 moderate: Apache HTTP Server: SSRF on Windows due to UNC paths CVE-2024-43394 low: Apache HTTP Server:...
Apache httpd -- Multiple vulnerabilities
The Apache httpd project reports: DoS by Null pointer in websocket over HTTP/2 CVE-2024-36387 Low. Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance. Proxy encoding problem...
jenkins -- Privilege escalation vulnerability in bundled Spring Security library
Jenkins Security Advisory: Description high SECURITY-2195 / CVE-2021-22112 Privilege escalation vulnerability in bundled Spring Security library...
Python -- multiple vulnerabilities
Python reports: bpo-39603: Prevent http header injection by rejecting control characters in http.client.putrequest…. bpo-29778: Ensure python3.dll is loaded from correct locations when Python is embedded CVE-2020-15523. bpo-41004: CVE-2020-14422: The hash methods of ipaddress.IPv4Interface and...
Gitlab -- Multiple vulnerabilities
Gitlab reports: View Names of Private Groups Persistent XSS in Environments SSRF in Prometheus integration Unauthorized Promotion of Milestones Exposure of Confidential Issue Title Persisent XSS in Markdown Fields via Mermaid Script Persistent XSS in Markdown Fields via Unrecognized HTML Tags...
OpenSSL -- multiple vulnerabilities
The OpenSSL project reports: Truncated packet could crash via OOB read CVE-2017-3731 Bad ECDHE parameters cause a client crash CVE-2017-3730 BNmodexp may produce incorrect results on x8664 CVE-2017-3732 Montgomery multiplication may produce incorrect results CVE-2016-7055...
moodle -- multiple vulnerabilities
Marina Glancy reports: MSA-17-0001: System file inclusion when adding own preset file in Boost theme MSA-17-0002: Incorrect sanitation of attributes in forums MSA-17-0003: PHPMailer vulnerability in no-reply address MSA-17-0004: XSS in assignment submission page...
openssl -- multiple vulnerabilities
OpenSSL reports: ChaCha20/Poly1305 heap-buffer-overflow CVE-2016-7054 Severity: High TLS connections using -CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a Do...
Python -- smtplib StartTLS stripping vulnerability
Red Hat reports: A vulnerability in smtplib allowing MITM attacker to perform a startTLS stripping attack. smtplib does not seem to raise an exception when the remote end smtp server is capable of negotiating starttls but fails to respond with 220 ok to an explicit call of SMTP.starttls. This may...
FreeBSD -- Multiple OpenSSL vulnerabilities
Problem Description: A cross-protocol attack was discovered that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. Note that traffic between clients and non-vulnerable servers can be decrypted provided...
mozilla -- multiple vulnerabilities
The Mozilla Foundation reports: MFSA 2008-37UTF-8 URL stack buffer overflow MFSA 2008-38nsXMLDocument::OnChannelRedirect same-origin violation MFSA 2008-39Privilege escalation using feed preview page and XSS flaw MFSA 2008-40Forced mouse drag MFSA 2008-41Privilege escalation via XPCnativeWrapper...
WebCalendar -- remote file inclusion vulnerability
WebCalendar is proven vulnerable to a remote file inclusion vulnerability. The sendreminders.php does not properly verify the "includedir" parameter, giving remote attackers the possibility to include local and remote files. These files can be used by the attacker to gain access to the system...
Python -- multiple vulnerabilities
Python reports: gh-103142: The version of OpenSSL used in Windows and Mac installers has been upgraded to 1.1.1u to address CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464, as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 fixed previously in 1.1.1t gh-101727. gh-102153:...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 4 security fixes, including: 1252878 High CVE-2021-37977: Use after free in Garbage Collection. Reported by Anonymous on 2021-09-24 1236318 High CVE-2021-37978: Heap buffer overflow in Blink. Reported by Yangkang @dnpushme of 360 ATA on 2021-08-04...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 9 security fixes, including: 1234764 High CVE-2021-30598: Type Confusion in V8. Reported by Manfred Paul on 2021-07-30 1234770 High CVE-2021-30599: Type Confusion in V8. Reported by Manfred Paul on 2021-07-30 1231134 High CVE-2021-30600: Use after fr...
FreeBSD -- SAE side-channel attacks
Problem Description: Side channel attacks in the SAE implementations used by both hostapd AP and wpasupplicant infrastructure BSS station/mesh station. SAE Simultaneous Authentication of Equals is also known as WPA3-Personal. The discovered side channel attacks may be able to leak information abo...
Gitlab -- Arbitrary repo read in Gitlab project import
Gitlab reports: Arbitrary repo read in Gitlab project import...
webkit2-gtk3 -- multiple vulnerabilities
The WebKit team reports many vulnerabilities. Please reference the CVE/URL list for details...
PHP -- multiple vulnerabilities
Check Point reports: ... discovered 3 fresh and previously unknown vulnerabilities CVE-2016-7479, CVE-2016-7480, CVE-2016-7478 in the PHP 7 unserialize mechanism. The first two vulnerabilities allow attackers to take full control over servers, allowing them to do anything they want with the...
php -- multiple vulnerabilities
PHP reports: Core: Fixed bug 70172 Use After Free Vulnerability in unserialize. Fixed bug 70219 Use after free vulnerability in session deserializer. EXIF: Fixed bug 70385 Buffer over-read in exifreaddata with TIFF IFD tag byte value of 32 bytes. hash: Fixed bug 70312 HAVAL gives wrong hashes in...
OpenSSH -- PAM vulnerabilities
OpenSSH 6.8 and 6.9 incorrectly set TTYs to be world-writable. Local attackers may be able to write arbitrary messages to logged-in users, including terminal escape sequences. Reported by Nikolay Edigaryev. Fixed a privilege separation weakness related to PAM support. Attackers who could...
php5 -- multiple vulnerabilities
The PHP Project reports: Use after free vulnerability in unserialize with DateTimeZone. Mitigation for CVE-2015-0235 -- GHOST: glibc gethostbyname buffer overflow...
davmail -- fix potential CVE-2014-3566 vulnerability (POODLE)
Mickaël Guessant reports: DavMail 4.6.0 released Enhancements: Fix potential CVE-2014-3566 vulnerability...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory: Description Critical SECURITY-3314 / CVE-2024-23897 Arbitrary file read vulnerability through the CLI can lead to RCE Description High SECURITY-3315 / CVE-2024-23898 Cross-site WebSocket hijacking vulnerability in the CLI...
FreeBSD -- L1 Terminal Fault (L1TF) Kernel Information Disclosure
Problem Description: On certain Intel 64-bit x86 systems there is a period of time during terminal fault handling where the CPU may use speculative execution to try to load data. The CPU may speculatively access the level 1 data cache L1D. Data which would otherwise be protected may then be...
wordpress -- multiple vulnerabilities
Aaron D. Campbell reports: WordPress versions 4.7.1 and earlier are affected by three security issues: The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it. WPQuery is vulnerable to a SQL injection SQLi when passing unsafe data...
php -- multiple vulnerabilities
PHP reports: Core: Fixed bug 71039 exec functions ignore length but look for NULL termination. Fixed bug 71323 Output of streamgetmetadata can be falsified by its input. Fixed bug 71459 Integer overflow in iptcembed. PCRE: Upgraded bundled PCRE library to 8.38.CVE-2015-8383, CVE-2015-8386,...
openoffice.org -- multiple vulnerabilities
OpenOffice.org Security Team reports: Fixed in OpenOffice.org 3.2 CVE-2006-4339: Potential vulnerability from 3rd party libxml2 libraries CVE-2009-0217: Potential vulnerability from 3rd party libxmlsec libraries CVE-2009-2493: OpenOffice.org 3 for Windows bundles a vulnerable version of MSVC...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory: Description Medium SECURITY-3261 / CVE-2023-43494 Builds can be filtered by values of sensitive build variables High SECURITY-3245 / CVE-2023-43495 Stored XSS vulnerability High SECURITY-3072 / CVE-2023-43496 Temporary plugin file created with insecure permissions Low...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release includes 11 security fixes, including: 1237533 High CVE-2021-30625: Use after free in Selection API. Reported by Marcin Towalski of Cisco Talos on 2021-08-06 1241036 High CVE-2021-30626: Out of bounds memory access in ANGLE. Reported by Jeonghoon Shin of Theo...
Cacti -- multiple vulnerabilities
Cacti developers reports: Multiple fixes for bundled jQuery to prevent code exec CVE-2020-11022, CVE-2020-11023. PHPMail contains a escaping bug CVE-2020-13625. SQL Injection via color.php in Cacti CVE-2020-14295...
Apache Tomcat -- Multiple Vulnerabilities
The Apache Software Foundation reports: An h2c direct connection did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service. The payload length in a WebSocket frame was n...
powerdns-recursor -- multiple vulnerabilities
PowerDNS Team reports: CVE-2020-10995: An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafted reply by an authoritative name server to amplify the resulting traffic between...
drm graphics drivers -- potential information disclusure via local access
Intel reports: .A potential security vulnerability in IntelR Processor Graphics may allow information disclosure. Intel is releasing software updates to mitigate this potential vulnerability. Description: Insufficient control flow in certain data structures for some IntelR Processors with IntelR...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Path traversal with potential remote code execution Private objects exposed through project import Disclosure of notes via Elasticsearch integration Disclosure of comments via Elasticsearch integration DNS Rebind SSRF in various chat notifications Disclosure of vulnerability statu...
FreeBSD -- Machine Check Exception on Page Size Change
Intel discovered a previously published erratum on some Intel platforms can be exploited by malicious software to potentially cause a denial of service by triggering a machine check that will crash or hang the system. Malicious guest operating systems may be able to crash the host...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory: Description Medium SECURITY-1453 / CVE-2019-10383 Stored XSS vulnerability in update center High SECURITY-1491 / CVE-2019-10384 CSRF protection tokens for anonymous users did not expire in some circumstances...
OpenSSL -- multiple vulnerabilities
OpenSSL reports: Memory corruption in the ASN.1 encoder Padding oracle in AES-NI CBC MAC check EVPEncodeUpdate overflow EVPEncryptUpdate overflow ASN.1 BIO excessive memory allocation EBCDIC overread OpenSSL only...
ntp -- multiple vulnerabilities
Network Time Foundation reports: NTF's NTP Project has been notified of the following low- and medium-severity vulnerabilities that are fixed in ntp-4.2.8p7, released on Tuesday, 26 April 2016: Bug 3020 / CVE-2016-1551: Refclock impersonation vulnerability, AKA: refclock-peering. Reported by Matt...
libxml2 -- cpu consumption Dos
Kurt Seifried reports: libxml2 is affected by the expansion of internal entities which can be used to consume resources and external entities which can cause a denial of service against other services, be used to port scan, etc...
FreeBSD -- Incorrect crypt() hashing
Problem description: There is a programming error in the DES implementation used in crypt when handling input which contains characters that cannot be represented with 7-bit ASCII. When the input contains characters with only the most significant bit set 0x80, that character and all characters...
Apache APR -- DoS vulnerabilities
The Apache Portable Runtime Project reports: Note especially a security fix to APR 1.4.4, excessive CPU consumption was possible due to an unconstrained, recursive invocation of aprfnmatch, as aprfnmatch processed '' wildcards. Reimplement aprfnmatch from scratch using a non-recursive algorithm n...
php -- multiple vulnerabilities
The PHP development team reports: Security Enhancements and Fixes in PHP 5.2.4: Fixed a floating point exception inside wordwrap Reported by Mattias Bengtsson Fixed several integer overflows inside the GD extension Reported by Mattias Bengtsson Fixed size calculation in chunksplit Reported by...
phpmyadmin -- command execution vulnerability
A phpMyAdmin security announcement reports: Command execution: since phpMyAdmin 2.6.0-pl2, on a system where external MIME-based transformations are activated, an attacker can put into MySQL data an offensive value that starts a shell command when browsed. Enabling PHP safe mode on the server can...