6583 matches found
chromium -- multiple security fixes
Chrome Releases reports: This update includes 4 security fixes: 357391257 High CVE-2024-8362: Use after free in WebAudio. Reported by Cassidy Kim@cassidy6564 on 2024-08-05 358485426 High CVE-2024-7970: Out of bounds write in V8. Reported by Cassidy Kim@cassidy6564 on 2024-08-09...
binutils -- Multiple vulnerabilities
[email protected] reports PR/281070: A new version of devel/binutils has been released fixing CVE-2023-1972, CVE-2023-25585, CVE-2023-25586, and CVE-2023-25588...
Gitlab -- vulnerabilities
Gitlab reports: The GitLab Web Interface Does Not Guarantee Information Integrity When Downloading Source Code from Releases Denial of Service by importing maliciously crafted GitHub repository Prompt injection in "Resolve Vulnerabilty" results in arbitrary command execution in victim's pipeline ...
electron31 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-6989. Security: backported fix for CVE-2024-6991...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 5 security fixes: 350528343 Critical CVE-2024-7532: Out of bounds memory access in ANGLE. Reported by wgslfuzz on 2024-07-02 353552540 High CVE-2024-7533: Use after free in Sharing. Reported by lime@limeSec from TIANGONG Team of Legendsec at QI-ANXIN...
electron29 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-6291. Security: backported fix for CVE-2024-6293. Security: backported fix for CVE-2024-6290. Security: backported fix for CVE-2024-6292...
kanboard -- Project Takeover via IDOR in ProjectPermissionController
[email protected] reports: Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser. The users permission to add users to a project only get checked on the URL parameter projectid. I...
OpenSSL -- Denial of Service vulnerability
The OpenSSL project reports: Excessive time spent checking DSA keys and parameters Low Checking excessively long DSA keys or parameters may be very slow...
QtNetworkAuth -- predictable seeding of PRNG in QAbstractOAuth
Andy Shaw reports: The OAuth1 implementation in QtNetworkAuth created nonces using a PRNG that was seeded with a predictable seed. This means that an attacker that can somehow control the time of the first OAuth1 flow of the process has a high chance of predicting the nonce used in said OAuth flo...
Jinja2 -- Vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter
[email protected] reports: Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate...
frr - Multiple vulnerabilities
[email protected] reports: In FRRouting FRR through 9.1, there are multiples vulnerabilities. CVE-2024-31950: buffer overflow and daemon crash in ospfteparseri for OSPF LSA packets CVE-2024-31951: buffer overflow and daemon crash in ospfteparseextlink for OSPF LSA packets...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 7 security fixes: 327807820 Critical CVE-2024-2883: Use after free in ANGLE. Reported by Cassidy Kim@cassidy6564 on 2024-03-03 328958020 High CVE-2024-2885: Use after free in Dawn. Reported by wgslfuzz on 2024-03-11 330575496 High CVE-2024-2886: Use...
Gitlab -- Vulnerabilities
Gitlab reports: Stored-XSS in user's profile page User with "admingroupmembers" permission can invite other groups to gain owner access ReDoS issue in the Codeowners reference extractor LDAP user can reset password using secondary email and login using direct authentication Bypassing group ip...
FreeBSD -- jail(2) information leak
Problem Description: The jail2 system call has not limited a visiblity of allocated TTYs the kern.ttys sysctl. This gives rise to an information leak about processes outside the current jail. Impact: Attacker can get information about TTYs allocated on the host or in other jails. Effectively, the...
suricata -- multiple vulnerabilities
Suricata team reports: Multiple vulnerabilities fixed in the last release of suricata. No details have been disclosed yet...
Gitlab -- vulnerabilities
Gitlab reports: Smartcard authentication allows impersonation of arbitrary user using user's public certificate When subgroup is allowed to merge or push to protected branches, subgroup members with the Developer role may gain the ability to push or merge The GitLab web interface does not ensure...
typo3 -- Multiple vulnerabilities
[email protected] reports: Weak Authentication in Session Handling in typo3/cms-core: In typo3 installations there are always at least two different sites. Eg. first.example.org and second.example.com. In affected versions a session cookie generated for the first site can be reused o...
FreeBSD -- Incorrect libcap_net limitation list manipulation
Problem Description: Casper services allow limiting operations that a process can perform. Each service maintains a specific list of permitted operations. Certain operations can be further restricted, such as specifying which domain names can be resolved. During the verification of limits, the...
Account takeover through API in GLPI
[email protected] reports: GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user that have read access on users resource can steal...
vorbistools -- heap buffer overflow in oggenc
Frank-Z7 reports: Heap buffer overflow when vorbis-tools/oggenc converts WAV files to Ogg files...
FreeBSD -- pf incorrectly handles multiple IPv6 fragment headers
Problem Description: With a 'scrub fragment reassemble' rule, a packet containing multiple IPv6 fragment headers would be reassembled, and then immediately processed. That is, a packet with multiple fragment extension headers would not be recognized as the correct ultimate payload. Instead a pack...
GLPI vulnerable to SQL injection via dashboard administration
[email protected] reports: GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An administrator can trigger SQL injection via dashboards administration. This vulnerability has been patched in...
SoftEtherVPN -- multiple vulnerabilities
Daiyuu Nobori reports: The SoftEther VPN project received a high level code review and technical assistance from Cisco Systems, Inc. of the United States from April to June 2023 to fix several vulnerabilities in the SoftEther VPN code. The risk of exploitation of any of the fixed vulnerabilities ...
Grafana -- Broken access control: viewer can send test alerts
Grafana Labs reports: Grafana can allow an attacker in the Viewer role to send alerts by API Alert - Test. This option, however, is not available in the user panel UI for the Viewer role. The CVSS score for this vulnerability is 4.1 Medium CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N...
element-web -- matrix-react-sdk vulnerable to HTML injection in search results via plaintext message highlighting
Matrix developers report: matrix-react-sdk is a react-based SDK for inserting a Matrix chat/VoIP client into a web page. Prior to version 3.71.0, plain text messages containing HTML tags are rendered as HTML in the search results. To exploit this, an attacker needs to trick a user into searching...
py-cinder -- unauthorized data access
Utkarsh Gupta reports: An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specif...
Spotipy -- Path traversal vulnerability
Stéphane Bruckert If a malicious URI is passed to the library, the library can be tricked into performing an operation on a different API endpoint than intended...
devel/viewvc-devel is vulnerable to cross-site scripting
C. Michael Pilato reports: security fix: escape revision view copy paths 311 CVE-2023-22464 security fix: escape revision view changed paths 311 CVE-2023-22456...
py27-setuptools44 -- denial of service vulnerability
SCH227 reports: Python Packaging Authority PyPA's setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page du...
py-tensorflow -- denial of service vulnerability
Kang Hong Jin, Neophytos Christou, 刘力源 and Pattarakrit Rattankul report: Another instance of CVE-2022-35935, where SobolSample is vulnerable to a denial of service via assumed scalar inputs, was found and fixed. Pattarakrit Rattankul reports: Another instance of CVE-2022-35991, where...
pixman -- heap overflow
Pixman reports: for release 0.42.2 Avoid integer overflow leading to out-of-bounds write...
py39-joblib -- arbitrary code execution
jimlinntu reports: The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...
zeek -- potential DoS vulnerabilty
Tim Wojtulewicz of Corelight reports: Fix potential unbounded state growth in the FTP analyzer when receiving a specially-crafted stream of commands. This may lead to a buffer overflow and cause Zeek to crash. Due to the possibility of this happening with packets received from the network, this i...
MinIO -- unprivileged users can create service accounts for admin users
MinIO reports: A security issue was found where an unprivileged user is able to create service accounts for root or other admin users and then is able to assume their access policies via the generated credentials...
FreeBSD -- Bhyve e82545 device emulation out-of-bounds write
Problem Description: The e1000 network adapters permit a variety of modifications to an Ethernet packet when it is being transmitted. These include the insertion of IP and TCP checksums, insertion of an Ethernet VLAN header, and TCP segmentation offload "TSO". The e1000 device model uses an...
powerdns -- denial of service
PowerDNS Team reports: PowerDNS Security Advisory 2022-01: incomplete validation of incoming IXFR transfer in Authoritative Server and Recursor...
xrdp -- privilege escalation
xrdp project reports: An integer underflow leading to a heap overflow in the sesman server allows any unauthenticated attacker which is accessible to a sesman server listens by default on localhost when installing xrdp, but can be remote if configured otherwise to execute code as root...
clamav -- invalid pointer read that may cause a crash
Laurent Delosieres reports: Fix for invalid pointer read that may cause a crash. This issue affects 0.104.1, 0.103.4 and prior when ClamAV is compiled with libjson-c and the CLSCANGENERALCOLLECTMETADATA scan option the clamscan --gen-json option is enabled...
py-matrix-synapse -- several vulnerabilities
Matrix developers report: This release patches one high severity issue affecting Synapse installations 1.47.0 and earlier using the media repository. An attacker could cause these Synapses to download a remote file and store it in a directory outside the media repository. Note that: This only...
minio -- policy restriction issue
minio developers report: Looks like policy restriction was not working properly for normal users when they are not svc or STS accounts. svc accounts are now properly fixed to get right permissions when its inherited, so we do not have to set 'owner = true' sts accounts have always been using righ...
tcpslice -- heap-based use-after-free in extract_slice()
The Tcpdump Group reports: heap-based use-after-free in extractslice...
FreeBSD -- Remote code execution in ggatec(8)
Problem Description: The ggatec8 daemon does not validate the size of a response before writing it to a fixed-sized buffer. This allows to overwrite the stack of ggatec8. Impact: A malicious ggated8 or an attacker in a priviledged network position can overwrite the stack with crafted content and...
cyrus-imapd -- Remote authenticated users could bypass intended access restrictions on certain server annotations.
Cyrus IMAP 3.4.1 Release Notes states: Fixed CVE-2021-32056: Remote authenticated users could bypass intended access restrictions on certain server annotations. Additionally, a long-standing bug in replication did not allow server annotations to be replicated. Combining these two bugs, a remote...
opengrok -- Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise OpenGrok.
Bobby Rauch of Accenture reports: I ended up finding OpenGrok, and after careful testing, discovered that OpenGrok insecurely deserializes XML input, which can lead to Remote Code Execution. This vulnerability was found in all versions of OpenGrok 1.6.8 and was reported to Oracle. The vulnerabili...
gitea -- quoting in markdown text
The Gitea Team reports for release 1.13.5: Update to goldmark 1.3.3...
Gitlab -- Multiple vulnerabilities
Gigtlab reports: Remote code execution via unsafe user-controlled markdown rendering options...
asterisk -- Remote crash in res_pjsip_diversion
The Asterisk project reports: If a registered user is tricked into dialing a malicious number that sends lots of 181 responses to Asterisk, each one will cause a 181 to be sent back to the original caller with an increasing number of entries in the "Supported" header. Eventually the number of...
gitea -- multiple vulnerabilities
The Gitea Team reports for release 1.13.0: Add Allow-/Block-List for Migrate and Mirrors Prevent git operations for inactive users Disallow urlencoded new lines in git protocol paths if there is a port Mitigate Security vulnerability in the git hook feature Disable DSA ssh keys by default Set TLS...
py-matrix-synapse -- XSS vulnerability
Matrix developers reports: The fallback authentication endpoint served via Synapse were vulnerable to cross-site scripting XSS attacks. The impact depends on the configuration of the domain that Synapse is deployed on, but may allow access to cookies and other browser data, CSRF vulnerabilities,...
Ghostscript -- SAFER Sandbox Breakout
NVD reports: A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32t...