6585 matches found
Spotipy -- Path traversal vulnerability
Stéphane Bruckert If a malicious URI is passed to the library, the library can be tricked into performing an operation on a different API endpoint than intended...
devel/viewvc-devel is vulnerable to cross-site scripting
C. Michael Pilato reports: security fix: escape revision view copy paths 311 CVE-2023-22464 security fix: escape revision view changed paths 311 CVE-2023-22456...
py27-setuptools44 -- denial of service vulnerability
SCH227 reports: Python Packaging Authority PyPA's setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page du...
py-tensorflow -- denial of service vulnerability
Kang Hong Jin, Neophytos Christou, 刘力源 and Pattarakrit Rattankul report: Another instance of CVE-2022-35935, where SobolSample is vulnerable to a denial of service via assumed scalar inputs, was found and fixed. Pattarakrit Rattankul reports: Another instance of CVE-2022-35991, where...
pixman -- heap overflow
Pixman reports: for release 0.42.2 Avoid integer overflow leading to out-of-bounds write...
dendrite -- Incorrect parsing of the event default power level in event auth
Dendrite team reports: The power level parsing within gomatrixserverlib was failing to parse the "eventsdefault" key of the m.room.powerlevels event, defaulting the event default power level to zero in all cases. In rooms where the "eventsdefault" power level had been changed, this could result i...
py-httpx -- input validation vulnerability
lebr0nli reports: Encode OSS httpx =1.0.0.beta0 is affected by improper input validation in httpx.URL, httpx.Client and some functions using httpx.URL.copywith...
zeek -- potential DoS vulnerabilty
Tim Wojtulewicz of Corelight reports: Fix potential unbounded state growth in the FTP analyzer when receiving a specially-crafted stream of commands. This may lead to a buffer overflow and cause Zeek to crash. Due to the possibility of this happening with packets received from the network, this i...
FreeBSD -- Bhyve e82545 device emulation out-of-bounds write
Problem Description: The e1000 network adapters permit a variety of modifications to an Ethernet packet when it is being transmitted. These include the insertion of IP and TCP checksums, insertion of an Ethernet VLAN header, and TCP segmentation offload "TSO". The e1000 device model uses an...
xrdp -- privilege escalation
xrdp project reports: An integer underflow leading to a heap overflow in the sesman server allows any unauthenticated attacker which is accessible to a sesman server listens by default on localhost when installing xrdp, but can be remote if configured otherwise to execute code as root...
minio -- policy restriction issue
minio developers report: Looks like policy restriction was not working properly for normal users when they are not svc or STS accounts. svc accounts are now properly fixed to get right permissions when its inherited, so we do not have to set 'owner = true' sts accounts have always been using righ...
FreeBSD -- Remote code execution in ggatec(8)
Problem Description: The ggatec8 daemon does not validate the size of a response before writing it to a fixed-sized buffer. This allows to overwrite the stack of ggatec8. Impact: A malicious ggated8 or an attacker in a priviledged network position can overwrite the stack with crafted content and...
cyrus-imapd -- Remote authenticated users could bypass intended access restrictions on certain server annotations.
Cyrus IMAP 3.4.1 Release Notes states: Fixed CVE-2021-32056: Remote authenticated users could bypass intended access restrictions on certain server annotations. Additionally, a long-standing bug in replication did not allow server annotations to be replicated. Combining these two bugs, a remote...
opengrok -- Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise OpenGrok.
Bobby Rauch of Accenture reports: I ended up finding OpenGrok, and after careful testing, discovered that OpenGrok insecurely deserializes XML input, which can lead to Remote Code Execution. This vulnerability was found in all versions of OpenGrok 1.6.8 and was reported to Oracle. The vulnerabili...
gitea -- quoting in markdown text
The Gitea Team reports for release 1.13.5: Update to goldmark 1.3.3...
Gitlab -- Multiple vulnerabilities
Gigtlab reports: Remote code execution via unsafe user-controlled markdown rendering options...
asterisk -- Remote crash in res_pjsip_diversion
The Asterisk project reports: If a registered user is tricked into dialing a malicious number that sends lots of 181 responses to Asterisk, each one will cause a 181 to be sent back to the original caller with an increasing number of entries in the "Supported" header. Eventually the number of...
gitea -- multiple vulnerabilities
The Gitea Team reports for release 1.13.0: Add Allow-/Block-List for Migrate and Mirrors Prevent git operations for inactive users Disallow urlencoded new lines in git protocol paths if there is a port Mitigate Security vulnerability in the git hook feature Disable DSA ssh keys by default Set TLS...
darkhttpd -- DOS vulnerability
Mitre reports: flaw was found in darkhttpd. Invalid error handling allows remote attackers to cause denial-of-service by accessing a file with a large modification date. The highest threat from this vulnerability is to system availability...
Ghostscript -- SAFER Sandbox Breakout
NVD reports: A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32t...
upnp -- denial of service (crash)
CVE mitre reports: Portable UPnP SDK aka libupnp 1.12.1 and earlier allows remote attackers to cause a denial of service crash via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/servicetable/servicetable.c...
FreeBSD -- Memory disclosure vulnerability in libalias
Problem Description: The FTP packet handler in libalias incorrectly calculates some packet lengths. This may result in disclosing small amounts of memory from the kernel for the in-kernel NAT implementation or from the process space for natd for the userspace implementation. Impact: A malicious...
puppetserver and puppetdb -- Puppet Server and PuppetDB may leak sensitive information via metrics API
Puppetlabs reports: Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types which may contain sensitive information as we...
puppet6 -- Arbitrary Catalog Retrieval
Puppetlabs reports: Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the default node, the catalog ca...
KDE Frameworks -- malicious .desktop files execute code
The KDE Community has released a security announcement: The syntax Key$e=$shell command in .desktop files, .directory files, and configuration files typically found in /.config was an intentional feature of KConfig, to allow flexible configuration. This could however be abused by malicious people...
doas -- Prevent passing of environment variables
Jesse Smith upstream author of the doas program reported: Previous versions of "doas" transferred most environment variables, such as USER, HOME, and PATH from the original user to the target user. Passing these variables could cause files in the wrong path or home directory to be read or written...
gitea -- multiple vulnerabilities
The Gitea Team reports: This release contains two security fixes, so we highly recommend updating...
znc -- Denial of Service
Mitre reports: ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service crash via invalid encoding...
glpi -- stored XSS
MITRE Corporation reports: inc/user.class.php in GLPI before 9.4.3 allows XSS via a user picture...
botan2 -- Side channel during ECC key generation
botan2 developers reports: A timing side channel during ECC key generation could leak information about the high bits of the secret scalar. Such information allows an attacker to perform a brute force attack on the key somewhat more efficiently than they would otherwise. Found by Ján Jančár using...
wordpress -- multiple issues
wordpress developers reports: WordPress versions 5.0 and earlier are affected by the following bugs, which are fixed in version 5.0.1. Updated versions of WordPress 4.9 and older releases are also available, for users who have not yet updated to 5.0. Karim El Ouerghemmi discovered that authors...
OpenEXR -- heap buffer overflow, and out-of-memory bugs
Cary Phillips reports: OpenEXR IlmBase v2.4.0 fixes the following security vulnerabilities: CVE-2018-18444 Issue 351 Out of Memory CVE-2018-18443 Issue 350 heap-buffer-overflow The relevant patches have been backported to the FreeBSD ports...
FreeBSD -- Unauthenticated EAPOL-Key Decryption Vulnerability
Problem Description: When using WPA2, EAPOL-Key frames with the Encrypted flag and without the MIC flag set, the data field was decrypted first without verifying the MIC. When the dta field was encrypted using RC4, for example, when negotiating TKIP as a pairwise cipher, the unauthenticated but...
X11 Session -- SDDM allows unauthorised unlocking
MITRE reports: An issue was discovered in SDDM through 0.17.0. If configured with ReuseSession=true, the password is not checked for users with an already existing session. Any user with access to the system D-Bus can therefore unlock any graphical session. The default configuration of SDDM on...
Gitlab -- multiple vulnerabilities
GitLab reports: Confidential issue comments in Slack, Mattermost, and webhook integrations. Persistent XSS in milestones data-milestone-id. Persistent XSS in filename of merge request...
moodle -- multiple vulnerabilities
moodle reports: Unauthenticated users can trigger custom messages to admin via paypal enrol script. Suspended users with OAuth 2 authentication method can still log in to the site...
libXfont -- permission bypass when opening files through symlinks
the freedesktop.org project reports: A non-privileged X client can instruct X server running under root to open any file by creating own directory with "fonts.dir", "fonts.alias" or any font file being a symbolic link to any other file in the system. X server will then open it. This can be issue...
FreeBSD -- Kernel data leak via ptrace(PT_LWPINFO)
Problem Description: Not all information in the struct ptracelwpinfo is relevant for the state of any thread, and the kernel does not fill the irrelevant bytes or short strings. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of informatio...
node -- access to unintended files
node developers report: Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules...
libraw -- Out-of-bounds Read
libraw developers report: In LibRaw through 0.18.4, an out of bounds read flaw related to kodak65000loadraw has been reported in dcraw/dcraw.c and internal/dcrawcommon.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash...
libbson -- Denial of Service
mongodb developers report: In MongoDB libbson 1.7.0, the bsonitercodewscope function in bson-iter.c miscalculates a bsonutf8validate length argument, which allows remote attackers to cause a denial of service heap-based buffer over-read in the bsonutf8validate function in bson-utf8.c, as...
FreeBSD -- ipfilter(4) fragment handling panic
Problem Description: ipfilter4, capable of stateful packet inspection, using the "keep state" or "keep frags" rule options, will not only maintain the state of connections, such as TCP streams or UDP communication, it also maintains the state of fragmented packets. When a packet fragments are...
asterisk -- Buffer Overrun in PJSIP transaction layer
The Asterisk project reports: A remote crash can be triggered by sending a SIP packet to Asterisk with a specially crafted CSeq header and a Via header with no branch parameter. The issue is that the PJSIP RFC 2543 transaction key generation algorithm does not allocate a large enough buffer. By...
phpMyAdmin -- bypass 'no password' restriction
The phpMyAdmin team reports: Summary Bypass $cfg'Servers'$i'AllowNoPassword' Description A vulnerability was discovered where the restrictions caused by $cfg'Servers'$i'AllowNoPassword' = false are bypassed under certain PHP versions. This can allow the login of users who have no password set eve...
FreeBSD -- Possible login(1) argument injection in telnetd(8)
Problem Description: An unexpected sequence of memory allocation failures combined with insufficient error checking could result in the construction and execution of an argument sequence that was not intended. Impact: An attacker who controls the sequence of memory allocation failures and success...
potrace -- multiple memory failure
potrace reports: CVE-2016-8685: invalid memory access in findnext CVE-2016-8686: memory allocation failure...
collectd -- Network plugin heap overflow
The collectd Project reports: Emilien Gaspar has identified a heap overflow in collectd's network plugin which can be triggered remotely and is potentially exploitable...
jansson -- local denial of service vulnerabilities
QuickFuzz reports: A crash caused by stack exhaustion parsing a JSON was found...
libotr -- integer overflow
X41 D-Sec reports: A remote attacker may crash or execute arbitrary code in libotr by sending large OTR messages...
kamailio -- SEAS Module Heap overflow
Stelios Tsampas reports: A remotely exploitable heap overflow vulnerability was found in Kamailio v4.3.4...