6583 matches found
FreeBSD -- zlib heap buffer overflow
Problem Description: zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. Impact: Applications that call inflateGetHeader may be vulnerable to a buffer overflow. Note that inflateGetHeader is not used by anything in...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory: Description High SECURITY-1682 / CVE-2020-2099 Inbound TCP Agent Protocol/3 authentication bypass Medium SECURITY-1641 / CVE-2020-2100 Jenkins vulnerable to UDP amplification reflection attack Medium SECURITY-1659 / CVE-2020-2101 Non-constant time comparison of inbound...
payara -- multiple vulnerabilities
Payara Releases reports: The following is a list of tracked Common Vulnerabilities and Exposures that have been reported and analyzed, which can or have impacted Payara Server across releases: CVE-2018-14721 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct...
dnsmasq -- multiple vulnerabilities
Google Project Zero reports: CVE-2017-14491: Heap based overflow 2 bytes. Before 2.76 and this commit overflow was unrestricted. CVE-2017-14492: Heap based overflow. CVE-2017-14493: Stack Based overflow. CVE-2017-14494: Information Leak CVE-2017-14495: Lack of free CVE-2017-14496: Invalid boundar...
wordpress -- multiple vulnerabilities
Aaron D. Campbell reports: WordPress versions 4.7 and earlier are affected by eight security issues...
FreeBSD -- routed(8) remote denial of service vulnerability
Problem Description: The input path in routed8 will accept queries from any source and attempt to answer them. However, the output path assumes that the destination address for the response is on a directly connected network. Impact: Upon receipt of a query from a source which is not on a directl...
lighttpd -- remote DoS in HTTP authentication
US-CERT/NIST reports: Integer signedness error in the base64decode function in the HTTP authentication functionality httpauth.c in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service segmentation fault via crafted base64 input that...
Gitlab -- Vulnerability
Gitlab reports: Stored-XSS with CSP-bypass in Merge requests ReDoS via FrontMatterFilter in any Markdown fields ReDoS via InlineDiffFilter in any Markdown fields ReDoS via DollarMathPostFilter in Markdown fields DoS via malicious test report artifacts Restricted IP addresses can clone repositorie...
Gitlab -- multiple vulnerabilities
Gitlab reports: Remote Command Execution via GitHub import Stored XSS via labels color Content injection via Incidents Timeline description Lack of length validation in Snippets leads to Denial of Service Group IP allow-list not fully respected by the Package Registry Abusing Gitaly.GetTreeEntrie...
redis -- multiple vulnerabilities
Redis project reports: Vulnerability in the STRALGO LCS command An integer overflow bug in Redis version 6.0 or newer could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. Vulnerability in the COPY command for large intsets An...
HAproxy -- serious vulnerability affecting the HPACK decoder used for HTTP/2
The HAproxy Project reports: The main driver for this release is that it contains a fix for a serious vulnerability that was responsibly reported last week by Felix Wilhelm from Google Project Zero, affecting the HPACK decoder used for HTTP/2. CVE-2020-11100 was assigned to this issue...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: CVE-2019-11751: Malicious code execution through command line parameters CVE-2019-11746: Use-after-free while manipulating video CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML CVE-2019-11742: Same-origin policy violation with SVG...
mediawiki -- multiple vulnerabilities
Mediawiki reports: Security fixes: T197279, CVE-2019-12468: Directly POSTing to Special:ChangeEmail would allow for bypassing reauthentication, allowing for potential account takeover. T204729, CVE-2019-12473: Passing invalid titles to the API could cause a DoS by querying the entire watchlist...
OpenSSL -- Padding oracle vulnerability
The OpenSSL project reports: 0-byte record padding oracle CVE-2019-1559 Moderate If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte...
BIND,Knot,NSD,PowerDNS -- denial over service via oversized zone transfers
ISC reports: DNS protocols were designed with the assumption that a certain amount of trust could be presumed between the operators of primary and secondary servers for a given zone. However, in current practice some organizations have scenarios which require them to accept zone data from sources...
xen-tools -- QEMU: Banked access to VGA memory (VBE) uses inconsistent bounds checks
The Xen Project reports: Qemu VGA module allows banked access to video memory using the window at 0xa00000 and it supports different access modes with different address calculations. Qemu VGA module allows guest to edit certain registers in 'vbe' and 'vga' modes. A privileged guest user could use...
samba -- multiple vulnerabilities
Samba team reports: CVE-2015-5370 Errors in Samba DCE-RPC code can lead to denial of service crashes and high cpu consumption and man in the middle attacks. CVE-2016-2110 The feature negotiation of NTLMSSP is not downgrade protected. A man in the middle is able to clear even required flags,...
openssh -- information disclosure
OpenSSH reports: OpenSSH clients between versions 5.4 and 7.1 are vulnerable to information disclosure that may allow a malicious server to retrieve information including under some circumstances, user's private keys...
samba -- Unexpected code execution in smbd
Samba development team reports: All versions of Samba from 3.5.0 to 4.2.0rc4 are vulnerable to an unexpected code execution vulnerability in the smbd file server daemon. A malicious client could send packets that may set up the stack in such a way that the freeing of memory in a subsequent...
inn -- plaintext command injection into encrypted channel
INN developers report: Fixed a possible plaintext command injection during the negotiation of a TLS layer. The vulnerability detailed in CVE-2011-0411 affects the STARTTLS and AUTHINFO SASL commands. nnrpd now resets its read buffer upon a successful negotiation of a TLS layer. It prevents...
go -- multiple vulnerabilities
The Go project reports: crypto/tls: restrict RSA keys in certificates to = 8192 bits Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. Limit this by restricting the size of RSA keys transmitted during handshakes to = 8192...
bouncycastle15 -- bcrypt password checking vulnerability
The Bouncy Castle team reports: The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different...
PuTTY -- Release 0.74 fixes two security vulnerabilities
Simon Tatham reports: Release 0.74 fixes the following security issues: New configuration option to disable PuTTY's default policy of changing its host key algorithm preferences to prefer keys it already knows. There is a theoretical information leak in this policy. CVE-2020-14002 In some...
FreeBSD -- ipfw invalid mbuf handling
Problem Description: Incomplete packet data validation may result in accessing out-of-bounds memory CVE-2019-5614 or may access memory after it has been freed CVE-2019-15874. Impact: Access to out of bounds or freed mbuf data can lead to a kernel panic or other unpredictable results...
MySQL Server -- Multiple vulerabilities
Oracle reports: This Critical Patch Update contains 45 new security patches for Oracle MySQL. 9 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. MariaDB reports 4 of these vulnerabilities exist i...
Exim -- RCE with root privileges in TLS SNI handler
Exim developers report: If your Exim server accepts TLS connections, it is vulnerable. This does not depend on the TLS libray, so both, GnuTLS and OpenSSL are affected. The vulnerability is exploitable by sending a SNI ending in a backslash-null sequence during the initial TLS handshake. The...
FreeBSD -- Mishandling of x86 debug exceptions
Problem Description: The MOV SS and POP SS instructions inhibit debug exceptions until the instruction boundary following the next instruction. If that instruction is a system call or similar instruction that transfers control to the operating system, the debug exception will be handled in the...
FreeBSD -- OpenSSL multiple vulnerabilities
Problem Description: Invoking SSLread/SSLwrite while in an error state causes data to be passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSLread/SSLwrite being...
salt -- multiple vulnerabilities
SaltStack reports: Directory traversal vulnerability in minion id validation in SaltStack. Allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. Credit for discovering the security flaw goes to: Julian Brost [email protected]. NOTE: this vulnerabili...
MySQL -- multiple vulnerabilities
Oracle reports: This Critical Patch Update contains 39 new security fixes for Oracle MySQL. 11 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials...
mysql -- multiple vulnerabilities
Oracle reports: No further details have been provided in the Critical Patch Update...
Roundcube -- arbitrary command execution
The Roundcube project reports steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allows remote...
phpMyAdmin -- multiple vulnerabilities
Please reference CVE/URL list for details...
OCaml -- Multiple Security Vulnerabilities
MITRE reports: OCaml before 4.03.0 does not properly handle sign extensions, which allows remote attackers to conduct buffer overflow attacks or obtain sensitive information as demonstrated by a long string to the String.copy function...
tomcat -- multiple vulnerabilities
Apache Software Foundation reports: Low: Denial of Service CVE-2014-0230 When a response for a request with a request body is returned to the user agent before the request body is fully read, by default Tomcat swallows the remaining request body so that the next request on the connection may be...
php -- multiple vulnerabilities
PHP developers reports: This release focuses on improving the stability of the PHP 5.2.x branch with over 60 bug fixes, some of which are security related. All users of PHP 5.2 are encouraged to upgrade to this release. Security Enhancements and Fixes in PHP 5.2.12: Fixed a safemode bypass in...
linux_base -- vulnerabilities in Red Hat 7.1 libraries
Trevor Johnson reported that the Red Hat Linux RPMs used by linuxbase contained multiple older vulnerabilities, such as a DNS resolver issue and critical bugs in X font handling and XPM image handling...
samba -- Multiple Vulnerabilities
The Samba Team reports: CVE-2021-43566: Malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. CVE-2021-44141: Information leak via symlinks of existance of files or directories outside of the...
bastillion -- log4j vulnerability
FreeBSD port maintainer reports: Bastillion uses log4j...
redis -- integer overflow
Redis development team reports: An integer overflow bug in Redis version 6.0 or newer can be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. This is a result of an incomplete fix by CVE-2021-29477...
samba -- Unauthenticated domain takeover via netlogon
The Samba Team reports: An unauthenticated attacker on the network can gain administrator access by exploiting a netlogon protocol flaw...
gitea -- multiple vulnerabilities
The Gitea Team reports: This version of Gitea contains security fixes that could not be backported to 1.8. For this reason, we strongly recommend updating...
Django -- AdminURLFieldWidget XSS
Django security releases issued: The clickable "Current URL" link generated by AdminURLFieldWidget displayed the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provided as a URL query parameter payload, could result in an clickabl...
unit -- heap memory buffer overflow
unit security problems: CVE-2019-7401: a head memory buffer overflow might have been caused in the router process by a specially crafted request, potentially resulting in a segmentation fault or other unspecified behavior...
Apache -- vulnerability
The Apache httpd Project reports: SECURITY: CVE-2018-17199 modsession: modsessioncookie does not respect expiry time allowing sessions to be reused. SECURITY: CVE-2019-0190 modssl: Fix infinite loop triggered by a client-initiated renegotiation in TLSv1.2 or earlier with OpenSSL 1.1.1 and later. ...
py-gunicorn -- CWE-113 vulnerability
Everardo reports: gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in processheaders function in gunicorn/http/wsgi.py that can result in an attacker causing the server to return arbitrary HTTP headers...
ntp -- multiple vulnerabilities
Network Time Foundation reports: The NTP Project at Network Time Foundation is releasing ntp-4.2.8p11. This release addresses five security issues in ntpd: LOW/MEDIUM: Sec 3012 / CVE-2016-1549 / VU961909: Sybil vulnerability: ephemeral association attack INFO/MEDIUM: Sec 3412 / CVE-2018-7182 /...
Apache httpd -- denial of service in HTTP/2
modhttp2 reports: The Apache HTTPD web server from 2.4.17-2.4.23 did not apply limitations on request headers correctly when experimental module for the HTTP/2 protocol is used to access a resource. The net result is that a the server allocates too much memory instead of denying the request. This...
php -- multiple vulnerabilities
php development team reports: Security Enhancements and Fixes in PHP 5.3.9: Added maxinputvars directive to prevent attacks based on hash collisions. CVE-2011-4885 Fixed bug 60150 Integer overflow during the parsing of invalid exif header. CVE-2011-4566...
pureftpd -- multiple vulnerabilities
Pure-FTPd development team reports: Support for braces expansion in directory listings has been disabled -- Cf. CVE-2011-0418. Fix a STARTTLS flaw similar to Postfix's CVE-2011-0411. If you're using TLS, upgrading is recommended...