6585 matches found
lftp HTML parsing vulnerability
A buffer overflow exists in lftp which may be triggered when requesting a directory listing from a malicious server over HTTP...
fetchmail -- denial-of-service vulnerability
Dave Jones discovered a denial-of-service vulnerability in fetchmail. An email message containing a very long line could cause fetchmail to segfault due to missing NUL termination in transact.c. Eric Raymond decided not to mention this issue in the release notes for fetchmail 6.2.5, but it was...
nginx-devel -- multiple vulnerabilities
The nginx project reports: nginx 1.31.0 fixes multiple security issues affecting HTTP/2 proxying, rewrite handling, SCGI/uWSGI response handling, charset conversion, HTTP/3 connection migration, and OCSP resolver response processing...
Gitlab -- vulnerabilities
Gitlab reports: Unprotected large blob endpoint in GitLab allows Denial of Service Improper XPath validation allows modified SAML response to bypass 2FA requirement A Discord webhook integration may cause DoS Unbounded Kubernetes cluster tokens may lead to DoS Unvalidated notes position may lead ...
firefox -- out-of-bounds read/write
[email protected] reports: An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes...
zabbix -- SQL injection in user.get API
[email protected] reports: A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.g...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 38 security fixes: 358296941 High CVE-2024-7964: Use after free in Passwords. Reported by Anonymous on 2024-08-08 356196918 High CVE-2024-7965: Inappropriate implementation in V8. Reported by TheDog on 2024-07-30 355465305 High CVE-2024-7966: Out of...
jose -- DoS vulnerability
[email protected] reports: latchset jose through version 11 allows attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value...
Libgit2 -- multiple vulnerabilities
Git community reports: A bug in gitrevparsesingle is fixed that could have caused the function to enter an infinite loop given well-crafted inputs, potentially causing a Denial of Service attack in the calling application A bug in gitrevparsesingle is fixed that could have caused the function to...
slurm-wlm -- Several security issues
Slurm releases notes: Description CVE-2023-49933 through CVE-2023-49938 Slurm versions 23.11.1, 23.02.7, 22.05.11 are now available and address a number of recently-discovered security issues. They've been assigned CVE-2023-49933 through CVE-2023-49938...
sdl2_sound -- multiple vulnerabilities
GitHub Security Lab reports: stbimage.h and stbvorbis libraries contain several memory access violations of different severity Wild address read in stbigifloadnext GHSL-2023-145. Multi-byte read heap buffer overflow in stbiverticalflip GHSL-2023-146. Disclosure of uninitialized memory in...
Phishing through a login page malicious URL in GLPI
[email protected] reports: GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The lack of path filtering on the GLPI URL may allow an attacker t...
krb5 -- Double-free in KDC TGS processing
The MIT krb5 Team reports: When issuing a ticket for a TGS renew or validate request, copy only the server field from the outer part of the header ticket to the new ticket. Copying the whole structure causes the encpart pointer to be aliased to the header ticket until krb5encrypttktpart is called...
Grafana -- Broken access control: viewer can send test alerts
Grafana Labs reports: Grafana can allow an attacker in the Viewer role to send alerts by API Alert - Test. This option, however, is not available in the user panel UI for the Viewer role. The CVSS score for this vulnerability is 4.1 Medium CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N...
cloud-init -- sensitive data exposure in cloud-init logs
[email protected] reports: Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege...
element-web -- matrix-react-sdk vulnerable to HTML injection in search results via plaintext message highlighting
Matrix developers report: matrix-react-sdk is a react-based SDK for inserting a Matrix chat/VoIP client into a web page. Prior to version 3.71.0, plain text messages containing HTML tags are rendered as HTML in the search results. To exploit this, an attacker needs to trick a user into searching...
py39-configobj -- vulnerable to Regular Expression Denial of Service
DarkTinia reports: All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate function, using .+?.. Note: This is only exploitable in the case of a developer, putting the offending value in a server side configuration file...
py39-joblib -- arbitrary code execution
jimlinntu reports: The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...
Django -- multiple vulnerabilities
Django reports: CVE-2022-41323: Potential denial-of-service vulnerability in internationalized URLs...
MinIO -- unprivileged users can create service accounts for admin users
MinIO reports: A security issue was found where an unprivileged user is able to create service accounts for root or other admin users and then is able to assume their access policies via the generated credentials...
Nextcloud Calendar -- SMTP Command Injection
reports: SMTP Command Injection in Appointment Emails via Newlines: as newlines and special characters are not sanitized in the email value in the JSON request, a malicious attacker can inject newlines to break out of the RCPT TO: SMTP command and begin injecting arbitrary SMTP commands...
powerdns -- denial of service
PowerDNS Team reports: PowerDNS Security Advisory 2022-01: incomplete validation of incoming IXFR transfer in Authoritative Server and Recursor...
Gitlab -- multiple vulnerabilities
Gitlab reports: Arbitrary POST requests via special HTML attributes in Jupyter Notebooks DNS Rebinding vulnerability in Irker IRC Gateway integration Missing certificate validation for external CI services Blind SSRF Through Project Import Open redirect vulnerability in Jira Integration Issue lin...
Rust -- Race condition enabling symlink following
The Rust Security Response WG was notified that the std::fs::removedirall standard library function is vulnerable to a race condition enabling symlink following CWE-363. An attacker could use this security issue to trick a privileged program into deleting files and directories the attacker couldn...
Teeworlds -- Buffer Overflow
NVD reports: Teeworlds up to and including 0.7.5 is vulnerable to Buffer Overflow. A map parser does not validate mChannels value coming from a map file, leading to a buffer overflow. A malicious server may offer a specially crafted map that will overwrite client's stack causing denial of service...
tcpslice -- heap-based use-after-free in extract_slice()
The Tcpdump Group reports: heap-based use-after-free in extractslice...
cryptopp -- ElGamal implementation allows plaintext recovery
Crypto++ 8.6 release notes reports: The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the...
FreeBSD -- Missing error handling in bhyve(8) device models
Problem Description: Certain VirtIO-based device models failed to handle errors when fetching I/O descriptors. Such errors could be triggered by a malicious guest. As a result, the device model code could be tricked into operating on uninitialized I/O vectors, leading to memory corruption. Impact...
libpano13 -- arbitrary memory access through format string vulnerability
libpano13 developers reports: Fix crash and security issue caused by malformed filename prefix...
py-markdown2 -- regular expression denial of service vulnerability
Ben Caller reports: markdown2 =1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time...
oauth2-proxy -- domain whitelist could be used as redirect
The oauth2-proxy Team reports: In OAuth2 Proxy before version 7.0.0, for users that use the whitelist domain feature, a domain that ended in a similar way to the intended domain could have been allowed as a redirect...
All versions of Apache OpenOffice through 4.1.9 can open non-http(s) hyperlinks. If the link is specifically crafted this could lead to untrusted code execution.
The Apache Openofffice project reports: The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non-https hyperlinks. The problem has existed since about 2006 and the issue is also in 4.1.9. If the link is specifically crafted this could lead to untrusted code...
postsrsd -- Denial of service vulnerability
postsrsd developer reports: PostSRSd could be tricked into consuming a lot of CPU time with an SRS address that has an excessively long time stamp tag...
py-beaker -- arbitrary code execution vulnerability
matheusbrat reports: The Beaker library through 1.12.1 for Python is affected by deserialization of untrusted data, which could lead to arbitrary code execution...
glpi -- Multiple SQL Injections Stemming From isNameQuoted()
MITRE Corporation reports: In GLPI before version 9.5.2, when supplying a back tick in input that gets put into a SQL query,the application does not escape or sanitize allowing for SQL Injection to occur. Leveraging this vulnerability an attacker is able to exfiltrate sensitive information like...
zeek -- Remote crash vulnerability
Jon Siwek of Corelight reports: This release fixes the following security issue: An attacker can crash Zeek remotely via crafted packet sequence...
phpMyAdmin -- SQL injection
phpMyAdmin Team reports: PMASA-2020-2 SQL injection vulnerability in the user accounts page, particularly when changing a password PMASA-2020-3 SQL injection vulnerability relating to the search feature PMASA-2020-4 SQL injection and XSS having to do with displaying results Removing of the...
FreeBSD -- Improper checking in SCTP-AUTH shared key update
Problem Description: The SCTP layer does improper checking when an application tries to update a shared key. Therefore an unprivileged local user can trigger a use-after- free situation, for example by specific sequences of updating shared keys and closing the SCTP association. Impact: Triggering...
www/varnish6 -- Denial of Service
The Varnish Team reports: A failure in HTTP/1 parsing can allow a remote attacker to trigger an assertion in varnish, restarting the daemon and clearing the cache...
bro -- Null pointer dereference and Signed integer overflow
Jon Siwek of Corelight reports: This is a security patch release to address potential Denial of Service vulnerabilities: Null pointer dereference in the RPC analysis code. RPC analyzers e.g. MOUNT or NFS are not enabled in the default configuration. Signed integer overflow in BinPAC-generated...
libxslt -- security framework bypass
Mitre report: libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded...
rubygem-doorkeeper -- token revocation vulnerability
NVD reports: Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry...
procmail -- Heap-based buffer overflow
MITRE reports: A remote attacker could use a flaw to cause formail to crash, resulting in a denial of service or data loss...
FreeBSD -- POSIX shm allows jails to access global namespace
Problem Description: Named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. Impact: A malicious user that has access to a jailed system is able to abuse shared...
chromium -- out of bounds read
Google Chrome Releases reports: 1 security fix in this release, including: 782145 High CVE-2017-15428: Out of bounds read in V8. Reported by Zhao Qixun of Qihoo 360 Vulcan Team on 2017-11-07...
rubygem-passenger -- arbitrary file read vulnerability
Phusion reports: The cPanel Security Team discovered a vulnerability in Passenger that allows users to list the contents of arbitrary files on the system. CVE-2017-16355 has been assigned to this issue...
py-kerberos -- DoS and MitM vulnerabilities
macosforgebot reports: The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service bad response, or have other unspecified impact by performing a man-in-the-middle attack...
adns -- multiple vulnerabilities
Ian Jackson and the adns project reports: Vulnerable applications: all adns callers. Exploitable by: the local recursive resolver. Likely worst case: Remote code execution. Vulnerable applications: those that make SOA queries. Exploitable by: upstream DNS data sources. Likely worst case: DoS cras...
libmad -- multiple vulnerabilities
National Vulnerability Database: CVE-2017-8372: The madlayerIII function in layer3.c in Underbit MAD libmad 0.15.1b, if NDEBUG is omitted, allows remote attackers to cause a denial of service assertion failure and application exit via a crafted audio file. CVE-2017-8373: The madlayerIII function ...
ipsec-tools -- remotely exploitable computational-complexity attack
Robert Foggia via NetBSD GNATS reports: The ipsec-tools racoon daemon contains a remotely exploitable computational complexity attack when parsing and storing isakmp fragments. The implementation permits a remote attacker to exhaust computational resources on the remote endpoint by repeatedly...