6585 matches found
FreeBSD -- Infinite loop in SACK handling
Problem description: When insufficient memory is available to handle an incoming selective acknowledgement, the TCP/IP stack may enter an infinite loop. Impact: By opening a TCP connection and sending a carefully crafted series of packets, an attacker may be able to cause a denial of service...
tor -- malicious tor server can locate a hidden service
Roger Dingledine reports: If you offer a Tor hidden service, an adversary who can run a fast Tor server and who knows some basic statistics can find the location of your hidden service in a matter of minutes to hours...
rssh -- privilege escalation vulnerability
Pizzashack reports: Max Vozeler has reported a problem whereby rssh can allow users who have shell access to systems where rssh is installed and rsshchroothelper is installed SUID to gain root access to the system, due to the ability to chroot to arbitrary locations. There are a lot of potentiall...
trac -- search module SQL injection vulnerability
Secunia reports: A vulnerability has been reported in Trac, which can be exploited by malicious people to conduct SQL injection attacks. Some unspecified input passed in the search module isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by...
phpicalendar -- cross site scripting vulnerability
Francesco Ongaro reports that phpicalendar is vulnerable for a cross site scripting attack. The vulnerability is caused by improper validation of the index.php file allowing attackers to include an arbitrary file with the .php extension...
gaim -- MSN Remote DoS vulnerability
The GAIM team reports: Remote attackers can cause a denial of service crash via a malformed MSN message that leads to a memory allocation of a large size, possibly due to an integer signedness error...
picasm -- buffer overflow vulnerability
Shaun Colley reports: When generating error and warning messages, picasm copies strings into fixed length buffers without bounds checking. If an attacker could trick a user into assembling a source file with a malformed 'error' directive, arbitrary code could be executed with the privileges of th...
egroupware -- multiple cross-site scripting (XSS) and SQL injection vulnerabilities
Multiple cross-site scripting XSS vulnerabilities in eGroupware before 1.0.0.007 allow remote attackers to inject arbitrary web script or HTML via the 1 abid, 2 page, 3 type, or 4 lang parameter to index.php or 5 categoryid parameter. Multiple SQL injection vulnerabilities in index.php in...
libexif -- buffer overflow vulnerability
Sylvain Defresne reports that libexif is vulnerable to a buffer overflow vulnerability due to insufficient input checking. This could lead crash of applications using libexif...
uim -- privilege escalation vulnerability
The uim developers reports: Takumi ASAKI discovered that uim always trusts environment variables. But this is not correct behavior, sometimes environment variables shouldn't be trusted. This bug causes privilege escalation when libuim is linked against setuid/setgid application. Since GTK+...
ngircd -- buffer overflow vulnerability
Florian Westphal discovered a buffer overflow in ngircd which can be used remotely crash the server and possibly execute arbitrary code...
konversation -- shell script command injection
Konversation comes with Perl scripts that do not properly escape shell characters on executing a script. This makes it possible to attack Konversation with shell script command injection...
ruby -- CGI DoS
The Ruby CGI.rb module contains a bug which can cause the CGI module to go into an infinite loop, thereby causing a denial-of-service situation on the web server by using all available CPU time...
icecast -- HTTP header overflow
It is possible to execute remote code simply using HTTP request plus 31 headers followed by a shellcode that will be executed directly...
xv -- exploitable buffer overflows
In a Bugtraq posting, infamous41mdathotpop.com reported: there are at least 5 exploitable buffer and heap overflows in the image handling code. this allows someone to craft a malicious image, trick a user into viewing the file in xv, and upon viewing that image execute arbitrary code under...
Cyrus IMSPd multiple vulnerabilities
The Cyrus team reported multiple vulnerabilities in older versions of Cyrus IMSPd: These releases correct a recently discovered buffer overflow vulnerability, as well as clean up a significant amount of buffer handling throughout the code...
Incorrect cross-realm trust handling in Heimdal
Heimdal does not correctly validate the transited' field of Kerberos tickets when computing the authentication path. This could allow a rogue KDC with which cross-realm relationships have been established to impersonate any KDC in the authentication path...
MySQL insecure temporary file creation (mysqlbug)
Shaun Colley reports that the script mysqlbug' included with MySQL sometimes creates temporary files in an unsafe manner. As a result, an attacker may create a symlink in /tmp so that if another user invokes mysqlbug' and quits without making any changes, an arbitrary file may be overwritten with...
mysql -- FTS request denial of service vulnerability
A special crafted MySQL FTS request can cause the server to crash. Malicious MySQL users can abuse this bug in a denial of service attack against systems running an affected MySQL daemon. Note that because this bug is related to the parsing of requests, it may happen that this bug is triggered...
isakmpd payload handling denial-of-service vulnerabilities
Numerous errors in isakmpd's input packet validation lead to denial-of-service vulnerabilities. From the Rapid7 advisory: The ISAKMP packet processing functions in OpenBSD's isakmpd daemon contain multiple payload handling flaws that allow a remote attacker to launch a denial of service attack...
GNU Anubis buffer overflows and format string vulnerabilities
Ulf Härnhammar discovered several vulnerabilities in GNU Anubis. Unsafe uses of sscanf'. The %s' format specifier is used, which allows a classical buffer overflow. auth.c Format string bugs invoking syslog'. log.c, errs.c, ssl.c Ulf notes that these vulnerabilities can be exploited by a maliciou...
squid ACL bypass due to URL decoding bug
From the Squid advisory: Squid versions 2.5.STABLE4 and earlier contain a bug in the "%xx" URL decoding function. It may insert a NUL character into decoded URLs, which may allow users to bypass urlregex ACLs...
jailed processes can attach to other jails
A programming error has been found in the jailattach2 system call which affects the way that system call verifies the privilege level of the calling process. Instead of failing immediately if the calling process was already jailed, the jailattach system call would fail only after changing the...
www/nginx -- Remote Code Execution/DoS
nginx development team reports: When using the "proxysetbody" directive, an attacker might inject data in the proxied request to an HTTP/2 backend A heap memory buffer overflow might occur in a worker process while handling a specially crafted request by ngxhttprewritemodule, potentially resultin...
firefox -- Memory safety bugs present in Firefox 150
https://www.mozilla.org/en-US/security/advisories/mfsa2026-40/ reports: Memory safety bugs present in Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...
xwayland -- Multiple vulnerabilities
X.Org project reports: Multiple issues have been found in the X server and Xwayland implementations published by X.Org for which we are releasing security fixes for in xorg-server-21.1.22 and xwayland-24.1.10...
chromium -- security fixes
Chrome Releases reports: This update includes multiple security fixes: Critical: CVE-2026-5858: Heap buffer overflow in WebML. CVE-2026-5859: Integer overflow in WebML. High: CVE-2026-5860: Use after free in WebRTC. CVE-2026-5861: Use after free in V8. CVE-2026-5862: Inappropriate implementation ...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory: Description Medium SECURITY-3495 / CVE-2025-27622 Encrypted values of secrets stored in agent configuration revealed to users with Agent/Extended Read permission Description Medium SECURITY-3496 / CVE-2025-27623 Encrypted values of secrets stored in view configuration...
rsync -- Multiple security fixes
rsync reports: This update includes multiple security fixes: CVE-2024-12084: Heap Buffer Overflow in Checksum Parsing CVE-2024-12085: Info Leak via uninitialized Stack contents defeats ASLR CVE-2024-12086: Server leaks arbitrary client files CVE-2024-12087: Server can make client write files...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 4 security fixes: 379009132 High CVE-2024-12053: Type Confusion in V8. Reported by gal1ium and chluo on 2024-11-14...
Gitlab -- vulnerabilities
Gitlab reports: Privilege Escalation via LFS Tokens DoS through uncontrolled resource consumption when viewing a maliciously crafted cargo.toml file Unintended Access to Usage Data via Scoped Tokens Gitlab DOS via Harbor registry integration Resource exhaustion and denial of service with testrepo...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 3 security fixes: 368241697 High CVE-2024-9602: Type Confusion in V8. Reported by Seunghyun Lee @0x10n on 2024-09-20 367818758 High CVE-2024-9603: Type Confusion in V8. Reported by @WeShotTheMoon and @Nguyen Hoang Thach of starlabs on 2024-09-18...
redis,valkey -- Multiple vulnerabilities
Redis core team reports: CVE-2024-31449 Lua library commands may lead to stack overflow and potential RCE. CVE-2024-31227 Potential Denial-of-service due to malformed ACL selectors. CVE-2024-31228 Potential Denial-of-service due to unbounded pattern matching...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 4 security fixes: 367764861 High CVE-2024-7025: Integer overflow in Layout. Reported by Tashita Software Security on 2024-09-18 368208152 High CVE-2024-9369: Insufficient data validation in Mojo. Reported by Xiantong Hou and Pisanbao of Wuheng Lab on...
firefox -- Multiple vulnerabilities
[email protected] reports: CVE-2024-5697: A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox. CVE-2024-5698: By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a text box ove...
traefik -- Azure Identity Libraries Elevation of Privilege Vulnerability
The traefik authors report: There is a vulnerability in Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability...
Composer -- Multiple command injections via malicious git/hg branch names
Composer project reports: The status, reinstall and remove commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. The composer install command running inside a git/hg repository which has specially crafted bran...
minio -- unintentional information disclosure
Minio security advisory GHSA-95fr-cm4m-q5p9 reports: when used with anonymous requests by sending a random object name requests you can figure out if the object exists or not on the server on a specific bucket and also gain access to some amount of information...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 1 security fix: 339458194 High CVE-2024-4761: Out of bounds write in V8. Reported by Anonymous on 2024-05-09...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 1 security fix: 339266700 High CVE-2024-4671: Use after free in Visuals. Reported by Anonymous on 2024-05-07...
FreeBSD -- bhyveload(8) host file access
Problem Description: bhyveload -h may be used to grant loader access to the directory tree on the host. Affected versions of bhyveload8 do not make any attempt to restrict loader's access to , allowing the loader to read any file the host user has access to. Impact: In the bhyveload8 model, the...
QtNetwork -- potential buffer overflow
Andy Shaw reports: A potential integer overflow has been discovered in Qt's HTTP2 implementation. If the HTTP2 implementation receives more than 4GiB in total headers, or more than 2GiB for any given header pair, then the internal buffers may overflow...
Account takeover via Kanban feature in GLPI
[email protected] reports: GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A logged user from any profile can hijack the Kanban feature to...
Mailpit affected by vulnerability in included go markdown module
Mailpit author reports: Update Go modules to address CVE-2023-42821 go markdown module DoS...
virtualbox-ose -- multiple vulnerabilities
[email protected] reports: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure...
GLPI vulnerable to unauthorized access to KnowbaseItem data
[email protected] reports: GLPI is a free asset and IT management software package. Versions of the software starting with 9.2.0 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user, allows access to the view all KnowbaseItems. Version...
py-django-photologue -- XSS vulnerability
domiee13 reports: A vulnerability was found in django-photologue up to 3.15.1 and classified as problematic. Affected by this issue is some unknown functionality of the file photologue/templates/photologue/photodetail.html of the component Default Template Handler. The manipulation of the argumen...
traefik -- multiple vulnerabilities
The Traefik project reports: This update is recommended for all traefik users and provides following important security fixes: CVE-2022-23469: Authorization header displayed in the debug logs CVE-2022-46153: Routes exposed with an empty TLSOption in traefik...
netdata -- multiple vulnerabilities with streaming
Netdata reports: GHSA-xg38-3vmw-2978: Netdata Streaming Alert Command Injection GHSA-jx85-39cw-66f2: Netdata Streaming Authentication Bypass...
advancecomp -- Multiple vulnerabilities
GitHub advisories reports: Multiple vulnerabilities found in advancecomp including: Three segmentation faults. Heap buffer overflow via leuint32read at /lib/endianrw.h. Three more heap buffer overflows...