6585 matches found
powerdns-recursor -- access restriction bypass
PowerDNS Team reports: CVE-2020-14196: An issue has been found in PowerDNS Recursor where the ACL applied to the internal web server via webserver-allow-from is not properly enforced, allowing a remote attacker to send HTTP queries to the internal web server, bypassing the restriction. In the...
libadplug -- Various vulnerabilities
Malvineous on Github reports: This release fixes the following security issues: buffer overflow in .bmf buffer overflow in .dtm buffer overflow in .mkj buffer overflow in .a2m buffer overflow in .rad buffer overflow in .mtk double free and OOB reads in .u6m...
wordpress -- multiple issues
wordpress developers reports: Props to Simon Scannell of RIPS Technologies for finding and disclosing two issues. The first, a cross-site scripting XSS vulnerability found in post previews by contributors. The second was a cross-site scripting vulnerability in stored comments. Props to Tim Coen f...
FreeBSD -- Reference count overflow in mqueue filesystem
Problem Description: System calls operating on file descriptors obtain a reference to relevant struct file which due to a programming error was not always put back, which in turn could be used to overflow the counter of affected struct file. Impact: A local user can use this flaw to obtain access...
ettercap -- out-of-bound read vulnerability
Ettercap GitHub issue: Etterfilter results in an invalid read of 8 bytes when parsing a crafted file...
gitea -- multiple vulnerabilities
Gitea Team reports: This release contains two new security fixes which cannot be backported to the 1.7.0 branch, so it is recommended to update to this version...
www/mod_dav_svn -- Malicious SVN clients can crash mod_dav_svn.
Subversion project reports: Malicious SVN clients can trigger a crash in moddavsvn by omitting the root path from a recursive directory listing request...
irssi -- Use after free
Irssi reports: Use after free when hidden lines were expired from the scroll buffer. It may affect the stability of Irssi. CWE-417, CWE-825...
FreeBSD -- Insufficient bounds checking in bhyve(8) device model
Problem Description: Insufficient bounds checking in one of the device models provided by bhyve8 can permit a guest operating system to overwrite memory in the bhyve8 processing possibly permitting arbitary code execution. Impact: A guest OS using a firmware image can cause the bhyve process to...
Memory leak in different components
MITRE reports: bsixel 1.8.1 has a memory leak in sixeldecoderdecode in decoder.c, imagebufferresize in fromsixel.c, sixeldecoderaw in fromsixel.c and sixelallocatornew in allocator.c...
slurm -- insecure handling of user_name and gid fields
SchedMD reports: Insecure handling of username and gid fields CVE-2018-10995 While fixes are only available for the supported 17.02 and 17.11 releases, it is believed that similar vulnerabilities do affect past versions as well. The only resolution is to upgrade Slurm to a fixed release...
py-asyncssh -- Allows bypass of authentication
mitre.org Reports: The SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authentication is completed before processing other requests A customized SSH client can simply skip the authentication step...
consul -- vulnerability in embedded DNS library
Consul developers report: A flaw was found in the embedded DNS library used in consul which may allow a denial of service attack. Consul was updated to include the fixed version...
cacti -- Cross Site Scripting issue
cacti developers report: The file include/globalsession.php in Cacti 1.1.25 has XSS related to 1 the URI or 2 the refresh page...
libXfont -- multiple memory leaks
The freedesktop.org project reports: If a pattern contains '?' character, any character in the string is skipped, even if it is '\0'. The rest of the matching then reads invalid memory. Without the checks a malformed PCF file can cause the library to make atom from random heap memory that was...
libofx -- exploitable buffer overflow
Talos developers report: An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this...
cyrus-imapd -- broken "other users" behaviour
Cyrus IMAP 3.0.4 Release Notes states: Fixed Issue 2132: Broken "Other Users" behaviour...
asterisk -- Remote Crash Vulerability in res_pjsip
The Asterisk project reports: A carefully crafted URI in a From, To or Contact header could cause Asterisk to crash...
rubygems -- multiple vulnerabilities
Official blog of RubyGems reports: The following vulnerabilities have been reported: a DNS request hijacking vulnerability, an ANSI escape sequence vulnerability, a DoS vulnerability in the query command, and a vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary...
pear-Horde_Image -- remote code execution vulnerability
Michael J Rubinsky reports: The fist vulnerability CVE-2017-9774 is a Remote Code Execution vulnerability and is exploitable by a logged in user sending a maliciously crafted GET request to the Horde server...
cURL -- URL file scheme drive letter buffer overflow
cURL security advisory: When libcurl is given either 1. a file: URL that doesn't use two slashes following the colon, or 2. is told that file is the default scheme to use for URLs without scheme ... and the given path starts with a drive letter and libcurl is built for Windows or DOS, then libcur...
Wordpress -- multiple vulnerabilities
WordPress versions 4.7.4 and earlier are affected by six security issues Insufficient redirect validation in the HTTP class. Improper handling of post meta data values in the XML-RPC API. Lack of capability checks for post meta data in the XML-RPC API. A Cross Site Request Forgery CRSF...
gitlab -- Various security issues
GitLab reports: Please reference CVE/URL list for details...
id Tech 3 -- remote code execution vulnerability
The content auto-download of id Tech 3 can be used to deliver maliciously crafted content, that triggers downloading of further content and loading and executing it as native code with user credentials. This affects ioquake3, ioUrbanTerror, OpenArena, the original Quake 3 Arena and other forks...
MPD -- buffer overflows in http output
The MPD project reports: httpd: fix two buffer overflows in IcyMetaData length calculation...
nfsen -- remote command execution
Peter Haag reports: A remote attacker with access to the web interface to execute arbitrary commands on the host operating system...
asterisk -- Crash on SDP offer or answer from endpoint using Opus
The Asterisk project reports: If an SDP offer or answer is received with the Opus codec and with the format parameters separated using a space the code responsible for parsing will recursively call itself until it crashes. This occurs as the code does not properly handle spaces separating the...
FreeBSD -- Multiple portsnap vulnerabilities
Problem Description: Flaws in portsnap's verification of downloaded tar files allows additional files to be included without causing the verification to fail. Portsnap may then use or execute these files. Impact: An attacker who can conduct man in the middle attack on the network at the time when...
h2o -- fix DoS attack vector
Frederik Deweerdt reported a denial-of-service attack vector due to an unhandled error condition during socket connection...
libtorrent-rasterbar -- denial of service
Brandon Perry reports: The parsechunkheader function in libtorrent before 1.1.1 allows remote attackers to cause a denial of service crash via a crafted 1 HTTP response or possibly a 2 UPnP broadcast...
p7zip -- out-of-bounds read vulnerability
Cisco Talos reports: An out-of-bounds read vulnerability exists in the way 7-Zip handles Universal Disk Format UDF files. Central to 7-Zip’s processing of UDF files is the CInArchive::ReadFileItem method. Because volumes can have more than one partition map, their objects are kept in an object...
libarchive -- RCE vulnerability
The libarchive project reports: Heap-based buffer overflow in the zipreadmacmetadata function in archivereadsupportformatzip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive...
squid -- SSL/TLS processing remote DoS
Squid security advisory 2016:1 reports: Due to incorrectly handling server errors Squid is vulnerable to a denial of service attack when connecting to TLS or SSL servers. This problem allows any trusted client to perform a denial of service attack on the Squid service regardless of whether TLS or...
a2ps -- format string vulnerability
Jong-Gwon Kim reports: When user runs a2ps with malicious crafted proa2ps prologue file, an attacker can execute arbitrary code...
moodle -- multiple vulnerabilities
Moodle Release Notes report: MSA-15-0037 Possible to send a message to a user who blocked messages from non contacts MSA-15-0038 DDoS possibility in Atto MSA-15-0039 CSRF in site registration form MSA-15-0040 Student XSS in survey MSA-15-0041 XSS in flash video player MSA-15-0042 CSRF in lesson...
owncloudclient -- Improper validation of certificates when using self-signed certificates
owncloud.org reports: The ownCloud Desktop Client was vulnerable against MITM attacks until version 2.0.0 in combination with self-signed certificates...
redmine -- open redirect vulnerability
Redmine reports: Open Redirect vulnerability...
freexl -- integer overflow
Stefan Cornelius reports: There's an integer overflow in the allocatecells function when trying to allocate the memory for worksheet with specially crafted row/column dimensions. This can be exploited to cause a heap memory corruption. The most likely outcome of this is a crash when trying to...
mantis -- information disclosure vulnerability
Mantis reports: CVE-2015-5059: documentation in private projects can be seen by every user...
security/ossec-hids-* -- root escalation via syscheck feature
OSSEC reports: The CVE-2015-3222 vulnerability, which allows for root escalation via sys check has been fixed in OSSEC 2.8.2. This issue does not affect agents...
Wesnoth -- Remote information disclosure
US-CERT/NIST reports: The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x before 1.12.2 allows remote attackers to read arbitrary files via a crafted 1 campaign or 2 map file...
FreeBSD -- Integer overflow in IGMP protocol
Problem Description: An integer overflow in computing the size of IGMPv3 data buffer can result in a buffer which is too small for the requested operation. Impact: An attacker who can send specifically crafted IGMP packets could cause a denial of service situation by causing the kernel to crash...
cassandra3 -- jBCrypt integer overflow
mindrot project reports: There is an integer overflow that occurs with very large logrounds values, first reported by Marcus Rathsfeld...
FreeBSD -- SCTP stream reset vulnerability
Problem Description: The input validation of received SCTP RECONFIG chunks is insufficient, and can result in a NULL pointer deference later. Impact: A remote attacker who can send a malformed SCTP packet to a FreeBSD system that serves SCTP can cause a kernel panic, resulting in a Denial of...
libzmq4 -- V3 protocol handler vulnerable to downgrade attacks
Pieter Hintjens reports: It is easy to bypass the security mechanism in 4.1.0 and 4.0.5 by sending a ZMTP v2 or earlier header. The library accepts such connections without applying its security mechanism...
py-foolscap -- local file inclusion
Brian Warner reports: The "flappserver" feature was found to have a vulnerability in the service-lookup code which, when combined with an attacker who has the ability to write files to a location where the flappserver process could read them, would allow that attacker to obtain control of the...
Joomla! -- Core - XSS Vulnerability
The JSST and the Joomla! Security Center report: 20140901 - Core - XSS Vulnerability Inadequate escaping leads to XSS vulnerability in commedia...
FreeBSD -- Kernel memory disclosure in control messages and SCTP
Problem Description: Buffer between control message header and data may not be completely initialized before being copied to userland. CVE-2014-3952 Three SCTP cmsgs, SCTPSNDRCV, SCTPEXTRCV and SCTPRCVINFO, have implicit padding that may not be completely initialized before being copied to...
gpgme -- heap-based buffer overflow in gpgsm status handler
Tomas Trnka reports: Gpgme contains a buffer overflow in the gpgsm status handler that could possibly be exploited using a specially crafted certificate...
subversion -- multiple vulnerabilities
Subversion Project reports: moddontdothat does not restrict requests from serf based clients moddontdothat allows you to block update REPORT requests against certain paths in the repository. It expects the paths in the REPORT request to be absolute URLs. Serf based clients send relative URLs...