6585 matches found
Nextcloud Calendar -- SMTP Command Injection
reports: SMTP Command Injection in Appointment Emails via Newlines: as newlines and special characters are not sanitized in the email value in the JSON request, a malicious attacker can inject newlines to break out of the RCPT TO: SMTP command and begin injecting arbitrary SMTP commands...
Gitlab -- multiple vulnerabilities
Gitlab reports: Arbitrary POST requests via special HTML attributes in Jupyter Notebooks DNS Rebinding vulnerability in Irker IRC Gateway integration Missing certificate validation for external CI services Blind SSRF Through Project Import Open redirect vulnerability in Jira Integration Issue lin...
Rust -- Race condition enabling symlink following
The Rust Security Response WG was notified that the std::fs::removedirall standard library function is vulnerable to a race condition enabling symlink following CWE-363. An attacker could use this security issue to trick a privileged program into deleting files and directories the attacker couldn...
Teeworlds -- Buffer Overflow
NVD reports: Teeworlds up to and including 0.7.5 is vulnerable to Buffer Overflow. A map parser does not validate mChannels value coming from a map file, leading to a buffer overflow. A malicious server may offer a specially crafted map that will overwrite client's stack causing denial of service...
cryptopp -- ElGamal implementation allows plaintext recovery
Crypto++ 8.6 release notes reports: The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the...
FreeBSD -- Missing error handling in bhyve(8) device models
Problem Description: Certain VirtIO-based device models failed to handle errors when fetching I/O descriptors. Such errors could be triggered by a malicious guest. As a result, the device model code could be tricked into operating on uninitialized I/O vectors, leading to memory corruption. Impact...
cyrus-imapd -- multiple-minute daemon hang via input that is mishandled during hash-table interaction
Cyrus IMAP 3.4.2 Release Notes states: Fixed CVE-2021-33582: Certain user inputs are used as hash table keys during processing. A poorly chosen string hashing algorithm meant that the user could control which bucket their data was stored in, allowing a malicious user to direct many inputs to a...
libpano13 -- arbitrary memory access through format string vulnerability
libpano13 developers reports: Fix crash and security issue caused by malformed filename prefix...
py-markdown2 -- regular expression denial of service vulnerability
Ben Caller reports: markdown2 =1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time...
oauth2-proxy -- domain whitelist could be used as redirect
The oauth2-proxy Team reports: In OAuth2 Proxy before version 7.0.0, for users that use the whitelist domain feature, a domain that ended in a similar way to the intended domain could have been allowed as a redirect...
All versions of Apache OpenOffice through 4.1.9 can open non-http(s) hyperlinks. If the link is specifically crafted this could lead to untrusted code execution.
The Apache Openofffice project reports: The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non-https hyperlinks. The problem has existed since about 2006 and the issue is also in 4.1.9. If the link is specifically crafted this could lead to untrusted code...
postsrsd -- Denial of service vulnerability
postsrsd developer reports: PostSRSd could be tricked into consuming a lot of CPU time with an SRS address that has an excessively long time stamp tag...
sympa -- Unauthorised full access via SOAP API due to illegal cookie
Sympa community reports: Unauthorised full access via SOAP API due to illegal cookie...
py-beaker -- arbitrary code execution vulnerability
matheusbrat reports: The Beaker library through 1.12.1 for Python is affected by deserialization of untrusted data, which could lead to arbitrary code execution...
glpi -- Multiple SQL Injections Stemming From isNameQuoted()
MITRE Corporation reports: In GLPI before version 9.5.2, when supplying a back tick in input that gets put into a SQL query,the application does not escape or sanitize allowing for SQL Injection to occur. Leveraging this vulnerability an attacker is able to exfiltrate sensitive information like...
zeek -- Remote crash vulnerability
Jon Siwek of Corelight reports: This release fixes the following security issue: An attacker can crash Zeek remotely via crafted packet sequence...
phpMyAdmin -- SQL injection
phpMyAdmin Team reports: PMASA-2020-2 SQL injection vulnerability in the user accounts page, particularly when changing a password PMASA-2020-3 SQL injection vulnerability relating to the search feature PMASA-2020-4 SQL injection and XSS having to do with displaying results Removing of the...
www/varnish6 -- Denial of Service
The Varnish Team reports: A failure in HTTP/1 parsing can allow a remote attacker to trigger an assertion in varnish, restarting the daemon and clearing the cache...
Mozilla -- Stored passwords in 'Saved Logins' can be copied without master password entry
Mozilla Foundation reports: CVE-2019-11733: Stored passwords in 'Saved Logins' can be copied without master password entry When a master password is set, it is required to be entered again before stored passwords can be accessed in the 'Saved Logins' dialog. It was found that locally stored...
FreeBSD -- Bhyve out-of-bounds read in XHCI device
Problem Description: The pcixhcidevicedoorbell function does not validate the 'epid' and 'streamid' provided by the guest, leading to an out-of-bounds read. Impact: A misbehaving bhyve guest could crash the system or access memory that it should not be able to...
bro -- Null pointer dereference and Signed integer overflow
Jon Siwek of Corelight reports: This is a security patch release to address potential Denial of Service vulnerabilities: Null pointer dereference in the RPC analysis code. RPC analyzers e.g. MOUNT or NFS are not enabled in the default configuration. Signed integer overflow in BinPAC-generated...
libxslt -- security framework bypass
Mitre report: libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded...
rubygem-doorkeeper -- token revocation vulnerability
NVD reports: Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry...
mozilla -- use-after-free in compositor
The Mozilla Foundation reports: CVE-2018-5148: Use-after-free in compositor A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash...
procmail -- Heap-based buffer overflow
MITRE reports: A remote attacker could use a flaw to cause formail to crash, resulting in a denial of service or data loss...
chromium -- out of bounds read
Google Chrome Releases reports: 1 security fix in this release, including: 782145 High CVE-2017-15428: Out of bounds read in V8. Reported by Zhao Qixun of Qihoo 360 Vulcan Team on 2017-11-07...
rubygem-passenger -- arbitrary file read vulnerability
Phusion reports: The cPanel Security Team discovered a vulnerability in Passenger that allows users to list the contents of arbitrary files on the system. CVE-2017-16355 has been assigned to this issue...
py-kerberos -- DoS and MitM vulnerabilities
macosforgebot reports: The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service bad response, or have other unspecified impact by performing a man-in-the-middle attack...
adns -- multiple vulnerabilities
Ian Jackson and the adns project reports: Vulnerable applications: all adns callers. Exploitable by: the local recursive resolver. Likely worst case: Remote code execution. Vulnerable applications: those that make SOA queries. Exploitable by: upstream DNS data sources. Likely worst case: DoS cras...
libmad -- multiple vulnerabilities
National Vulnerability Database: CVE-2017-8372: The madlayerIII function in layer3.c in Underbit MAD libmad 0.15.1b, if NDEBUG is omitted, allows remote attackers to cause a denial of service assertion failure and application exit via a crafted audio file. CVE-2017-8373: The madlayerIII function ...
ipsec-tools -- remotely exploitable computational-complexity attack
Robert Foggia via NetBSD GNATS reports: The ipsec-tools racoon daemon contains a remotely exploitable computational complexity attack when parsing and storing isakmp fragments. The implementation permits a remote attacker to exhaust computational resources on the remote endpoint by repeatedly...
flash -- multiple vulnerabilities
Adobe reports: These updates resolve type confusion vulnerabilities that could lead to code execution CVE-2016-7860, CVE-2016-7861, CVE-2016-7865. These updates resolve use-after-free vulnerabilities that could lead to code execution CVE-2016-7857, CVE-2016-7858, CVE-2016-7859, CVE-2016-7862,...
h2o -- Use-after-free vulnerability
Kazuho Oku reports: A use-after-free vulnerability exists in H2O up to and including version 2.0.4 / 2.1.0-beta3 that can be used by a remote attacker to mount DoS attacks and / or information theft...
drupal -- multiple vulnerabilities
Drupal Security Team reports: Saving user accounts can sometimes grant the user all roles User module - Drupal 7 - Moderately Critical Views can allow unauthorized users to see Statistics information Views module - Drupal 8 - Less Critical...
quassel -- remote denial of service
Mitre reports: The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service NULL pointer dereference and crash via invalid handshake data...
ansible -- use of predictable paths in lxc_container
Ansible developers report: CVE-2016-3096: do not use predictable paths in lxccontainer do not use a predictable filename for the LXC attach script don't use predictable filenames for LXC attach script logging don't set a predictable archivepath this should prevent symlink attacks which could resu...
py-imaging, py-pillow -- Buffer overflow in FLI decoding code
The Pillow maintainers report: In all versions of Pillow, dating back at least to the last PIL 1.1.7 release, FliDecode.c has a buffer overflow error. There is a memcpy error where x is added to a target buffer address. X is used in several internal temporary variable roles, but can take a value ...
dhcpcd -- remote code execution/denial of service
MITRE reports: The printoption function in dhcp-common.c in dhcpcd through 6.9.1, as used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products, misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of...
asterisk -- Long Contact URIs in REGISTER requests can crash Asterisk
The Asterisk project reports: Asterisk may crash when processing an incoming REGISTER request if that REGISTER contains a Contact header with a lengthy URI. This crash will only happen for requests that pass authentication. Unauthenticated REGISTER requests will not result in a crash occurring...
django -- information leak vulnerability
Tim Graham reports: If an application allows users to specify an unvalidated format for dates and passes this format to the date filter, e.g. lastupdated|date:userdateformat , then a malicious user could obtain any secret in the application's settings by specifying a settings key instead of a dat...
OpenOffice 4.1.1 -- multiple vulnerabilities
The Apache OpenOffice Project reports: A vulnerability in OpenOffice settings of OpenDocument Format files and templates allows silent access to files that are readable from an user account, over-riding the user's default configuration settings. Once these files are imported into a...
FreeBSD -- rpcbind(8) remote denial of service [REVISED]
Problem Description: In rpcbind8, netbuf structures are copied directly, which would result in two netbuf structures that reference to one shared address buffer. When one of the two netbuf structures is freed, access to the other netbuf structure would result in an undefined result that may crash...
otrs -- Scheduler Process ID File Access
The OTRS project reports: An attacker with valid LOCAL credentials could access and manipulate the process ID file for bin/otrs.schduler.pl from the CLI. The Proc::Daemon module 0.14 for Perl uses world-writable permissions for a file that stores a process ID, which allows local users to have an...
h2o -- directory traversal vulnerability
Yakuzo reports: H2O up to version 1.4.4 / 1.5.0-beta1 contains a flaw in its URL normalization logic. When file.dir directive is used, this flaw allows a remote attacker to retrieve arbitrary files that exist outside the directory specified by the directive. H2O version 1.4.5 and version...
ntp -- control message remote Denial of Service vulnerability
ntp.org reports: Under limited and specific circumstances an attacker can send a crafted packet to cause a vulnerable ntpd instance to crash. This requires each of the following to be true: ntpd set up to allow for remote configuration not allowed by default, and knowledge of the configuration...
p5-Dancer -- possible to abuse session cookie values
Russell Jenkins reports: It was possible to abuse session cookie values so that file-based session stores such as Dancer::Session::YAML or Dancer2::Session::YAML would attempt to read/write from any file on the filesystem with the same extension the file-based store uses, such as '.yml' for the...
polkit -- multiple vulnerabilities
Colin Walters reports: Integer overflow in the authenticationagentnewcookie function in PolicyKit aka polkit before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value. The authenticationagentnew function i...
zenphoto -- multiple vulnerabilities
zenphoto reports: Fixes several SQL Injection, XSS and path traversal security issues...
proxychains-ng -- current path as the first directory for the library search path
Mamoru TASAKA reports: proxychains4 sets LDPRELOAD to dlopen libproxychains4.so and execvp the arbitrary command user has specified. proxychains4 sets the current directory as the first path to search libproxychains4.so...
wordpress -- multiple vulnerabilities
Gary Pendergast reports: WordPress 4.1.2 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.1.1 and earlier are affected by a critical cross-site scripting vulnerability, which could...