6585 matches found
mutt -- Remote Buffer Overflow Vulnerability
SecurityFocus reports: Mutt is prone to a remote buffer-overflow vulnerability. This issue is due to the application's failure to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. This issue may allow remote attackers to execute arbitrary machin...
phpldapadmin -- Cross-Site Scripting and Script Insertion vulnerabilities
Secunia reports: phpLDAPadmin have some vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks. 1 Some input isn't properly sanitised before being returned to the user. This can be exploited to...
asterisk -- denial of service vulnerability, local system access
Emmanouel Kellenis reports a denial of service vulnerability within asterisk. The vulnerability is caused by a buffer overflow in "formatjpeg.c". A large JPEG image could trigger this bug, potentially allowing a local attacker to execute arbitrary code...
mplayer -- heap overflow in the ASF demuxer
The Mplayer team reports: A potential buffer overflow was found in the ASF demuxer. Arbitrary remote code execution is possible under the user ID running the player when streaming an ASF file from a malicious server or local code execution under the user ID running the player if a malicious ASF...
postgresql81-server -- SET ROLE privilege escalation
The PostgreSQL team reports: Due to inadequate validity checking, a user could exploit the special case that SET ROLE normally uses to restore the previous role setting after an error. This allowed ordinary users to acquire superuser status, for example...
p5-Mail-SpamAssassin -- long message header denial of service
A Secunia Advisory reports: A vulnerability has been reported in SpamAssassin, which can be exploited by malicious people to cause a DoS Denial of Service. The vulnerability is caused due to the use of an inefficient regular expression in "/SpamAssassin/Message.pm" to parse email headers. This ca...
sudo -- arbitrary command execution
Tavis Ormandy reports: The bash shell uses the value of the PS4 environment variable after expansion as a prefix for commands run in execution trace mode. Execution trace mode xtrace is normally set via bash's -x command line option or interactively by running "set -o xtrace". However, it may als...
clamav -- arbitrary code execution and DoS vulnerabilities
Gentoo Linux Security Advisory reports: Clam AntiVirus is vulnerable to a buffer overflow in "libclamav/upx.c" when processing malformed UPX-packed executables. It can also be sent into an infinite loop in "libclamav/fsg.c" when processing specially-crafted FSG-packed executables. By sending a...
X11 server -- pixmap allocation vulnerability
Allocating large pixmaps by a client can trigger an integer overflow in the X server, potentially leading to execution of arbitrary code with elevated root privileges...
xinetd -- ignores user and group directives for TCPMUX services
xinetd would execute configured TCPMUX services without dropping privilege to match the service configuration allowing the service to run with same privilege as the xinetd process root...
ethereal -- multiple protocol dissectors vulnerabilities
An Ethreal Security Advisories reports: An aggressive testing program as well as independent discovery has turned up a multitude of security issues Please reference CVE/URL list for details...
kdelibs -- kimgio input validation errors
A KDE Security Advisory reports: kimgio contains a PCX image file format reader that does not properly perform input validation. A source code audit performed by the KDE security team discovered several vulnerabilities in the PCX and other image file format readers, some of them exploitable to...
gaim -- remote DoS on receiving malformed HTML
The GAIM team reports: The gaimmarkupstriphtml function in Gaim 1.2.0, and possibly earlier versions, allows remote attackers to cause a denial of service application crash via a string that contains malformed HTML, which causes an out-of-bounds read...
wu-ftpd -- remote globbing DoS vulnerability
An iDEFENSE Security Advisory reports: Remote exploitation of an input validation vulnerability in version 2.6.2 of WU-FPTD could allow for a denial of service of the system by resource exhaustion. The vulnerability specifically exists in the wufnmatch function in wufnmatch.c. When a pattern...
enscript -- multiple vulnerabilities
Erik Sjölund discovered several issues in enscript: it suffers from several buffer overflows, quotes and shell escape characters are insufficiently sanitized in filenames, and it supported taking input from an arbitrary command pipe, with unwanted side effects...
mod_python -- information leakage vulnerability
Mark J Cox reports: Graham Dumpleton discovered a flaw which can affect anyone using the publisher handle of the Apache Software Foundation modpython. The publisher handle lets you publish objects inside modules to make them callable via URL. The flaw allows a carefully crafted URL to obtain extr...
xshisen -- local buffer overflows
Steve Kemp has found buffer overflows in the handling of the command line flag -KCONV and the XSHISENLIB environment variable. Ulf Härnhammer has detected an unbounded copy from the GECOS field to a char array. All overflows can be exploited to gain group games privileges...
unarj -- long filename buffer overflow
Ludwig Nussel has discovered a buffer overflow vulnerability in unarj's handling of long filenames which could potentially lead to execution of arbitrary code with the permissions of the user running unarj...
CUPS -- local information disclosure
Certain methods of authenticated remote printing in CUPS can disclose user names and passwords in the log files. A workaround for this problem is to set more strict access permissions on the CUPS logfiles...
powerdns -- DoS vulnerability
PowerDNS is vulnerable to a temporary denial-of-service vulnerability that can be triggered using a random stream of bytes...
webmin -- insecure temporary file creation at installation time
The Webmin developers documented a security issue in the release notes for version 1.160: Fixed a security hole in the maketemp.pl script, used to create the /tmp/.webmin directory at install time. If an un-trusted user creates this directory before Webmin is installed, he could create in it a...
Linux binary compatibility mode input validation error
A programming error in the handling of some Linux system calls may result in memory locations being accessed without proper validation. It may be possible for a local attacker to read and/or overwrite portions of kernel memory, resulting in disclosure of sensitive information or potential privile...
tcpdump ISAKMP payload handling remote denial-of-service
Chad Loder has discovered vulnerabilities in tcpdump's ISAKMP protocol handler. During an audit to repair these issues, Bill Fenner discovered some related problems. These vulnerabilities may be used by an attacker to crash a running tcpdump' process. They can only be triggered if the -v' command...
shmat reference counting bug
A programming error in the shmat2 system call can result in a shared memory segment's reference count being erroneously incremented. It may be possible to cause a shared memory segment to reference unallocated kernel memory, but remain valid. This could allow a local attacker to gain read or writ...
Mathopd buffer overflow
Mathopd contains a buffer overflow in the preparereply function that may be remotely exploitable...
ElGamal sign+encrypt keys created by GnuPG can be compromised
Any ElGamal sign+encrypt keys created by GnuPG contain a cryptographic weakness that may allow someone to obtain the private key. These keys should be considered unusable and should be revoked. The following summary was written by Werner Koch, GnuPG author: Phong Nguyen identified a severe bug in...
eperl -- Remote code execution
David Madison reports: ePerl is a multipurpose Perl filter and interpreter program for Unix systems. The ePerl preprocessor contains an input validation error. The preprocessor allows foreign data to be "safely" included using the 'sinclude' directive. The problem occurs when a file referenced by...
traefik -- Bypassing security controls via special characters
The traefik project reports: There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a matcher based on the path; if the request path contains an encoded restricted...
qt6-webengine -- Multiple vulnerabilities
Qt qtwebengine-chromium repo reports: Backports for 9 security bugs in Chromium: CVE-2024-12693: Out of bounds memory access in V8 CVE-2024-12694: Use after free in Compositing CVE-2025-0436: Integer overflow in Skia CVE-2025-0437: Out of bounds read in Metrics CVE-2025-0438: Stack buffer overflo...
electron31 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-9121. Security: backported fix for CVE-2024-9122. Security: backported fix for CVE-2024-7025. Security: backported fix for CVE-2024-9369. Security: backported fix for CVE-2024-7965...
Gitlab -- vulnerabilities
Gitlab reports: Run pipelines on arbitrary branches An attacker can impersonate arbitrary user SSRF in Analytics Dashboard Viewing diffs of MR with conflicts can be slow HTMLi in OAuth page Deploy Keys can push changes to an archived repository Guests can disclose project templates GitLab instanc...
php -- Multiple vulnerabilities
php.net reports: CVE-2024-8926: CGI: Fixed bug GHSA-9pqp-7h25-4f32 Bypass of CVE-2024-4577, Parameter Injection Vulnerability. CVE-2024-8927: CGI: Fixed bug GHSA-94p6-54jq-9mwp cgi.forceredirect configuration is bypassable due to the environment variable collision. CVE-2024-9026: FPM: Fixed bug...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 4 security fixes: 351865302 High CVE-2024-7969: Type Confusion in V8. Reported by CFF of Topsec Alpha Team on 2024-07-09 360265320 High CVE-2024-8193: Heap buffer overflow in Skia. Reported by Renan Rios @hyhy100 on 2024-08-16 360533914 High...
Gitlab -- Vulnerabilities
Gitlab reports: Privilege Escalation via LFS Tokens Granting Unrestricted Repository Access Cross project access of Security policy bot Advanced search ReDOS in highlight for code results Denial of Service via banzai pipeline Denial of service using adoc files ReDoS in RefMatcher when matching...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 5 security fixes: 342428008 High CVE-2024-6290: Use after free in Dawn. Reported by wgslfuzz on 2024-05-23 40942995 High CVE-2024-6291: Use after free in Swiftshader. Reported by Cassidy Kim@cassidy6564 on 2023-11-15 342545100 High CVE-2024-6292: Use...
Gitlab -- Vulnerabilities
Gitlab reports: ReDoS in gomod dependency linker ReDoS in CI interpolation fix bypass ReDoS in Asana integration issue mapping when webhook is called XSS and content injection when viewing raw XHTML files on iOS devices Missing agentk request validation could cause KAS to panic...
chromium -- security fix
Chrome Releases reports: This update includes 1 security fix: 341663589 High CVE-2024-5274: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group and Brendon Tiszka of Chrome Security on 2024-05-20...
electron29 -- setuid() does not affect libuv's internal io_uring
Electron developers report: This update fixes the following vulnerability: Backported fix for CVE-2024-22017...
electron29 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-3914. Security: backported fix for CVE-2024-4558...
clamav -- Possible crash in the HTML file parser that could cause a denial-of-service (DoS) condition
Błażej Pawłowski reports: A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this...
forgejo -- multiple issues
The forgejo team reports: CVE-2024-24789: The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the...
emacs -- multiple vulnerabilities
GNU Emacs developers report: Emacs 29.3 is an emergency bugfix release intended to fix several security vulnerabilities. Arbitrary Lisp code is no longer evaluated as part of turning on Org mode. This is for security reasons, to avoid evaluating malicious Lisp code. New buffer-local variable...
p5-Spreadsheet-ParseExcel -- Remote Code Execution Vulnerability
Spreadsheet-ParseExcel reports: Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution ACE vulnerability due to passing unvalidated input from a file into a string-type eval "eval". Specifically, the...
FreeBSD -- NFS client data corruption and kernel memory disclosure
Problem Description: In FreeBSD 13.2 and 14.0, the NFS client was optimized to improve the performance of IOAPPEND writes, that is, writes which add data to the end of a file and so extend its size. This uncovered an old bug in some routines which copy userspace data into the kernel. The bug also...
OpenSSL -- potential loss of confidentiality
The OpenSSL team reports: Moderate severity: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers...
FreeBSD -- msdosfs data disclosure
Problem Description: In certain cases using the truncate or ftruncate system call to extend a file size populates the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes. Impact: A user with write access to files on a msdosfs file system may ...
Remote Code Execution via web-accessible composer
Composer project reports: Description: Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be impacted if PHP also has registerargcargv enabled in php.ini. Workaround: Make sure registerargcargv is disabled in php.ini, and...
xrdp -- unchecked access to font glyph info
xrdp team reports: Access to the font glyphs in xrdppainter.c is not bounds-checked. Since some of this data is controllable by the user, this can result in an out-of-bounds read within the xrdp executable. The vulnerability allows an out-of-bounds read within a potentially privileged process. On...
Gitlab -- vulnerability
Gitlab reports: Attacker can abuse scan execution policies to run pipelines as another user...
xrdp -- Improper handling of session establishment errors allows bypassing OS-level session restrictions
xrdp team reports: In versions prior to 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The authstartsession function can return non-zero 1 value on, e.g., PAM error which may result in session restrictions such as max concurrent sessions p...