6585 matches found
virtualbox-ose -- multiple vulnerabilities
[email protected] reports: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure...
GLPI vulnerable to unauthorized access to KnowbaseItem data
[email protected] reports: GLPI is a free asset and IT management software package. Versions of the software starting with 9.2.0 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user, allows access to the view all KnowbaseItems. Version...
FreeBSD -- GELI silently omits the keyfile if read from stdin
Problem Description: When GELI reads a key file from a standard input, it doesn't store it anywhere. If the user tries to initialize multiple providers at once, for the second and subsequent devices the standard input stream will be already empty. In this case, GELI silently uses a NULL key as th...
py-django-photologue -- XSS vulnerability
domiee13 reports: A vulnerability was found in django-photologue up to 3.15.1 and classified as problematic. Affected by this issue is some unknown functionality of the file photologue/templates/photologue/photodetail.html of the component Default Template Handler. The manipulation of the argumen...
traefik -- multiple vulnerabilities
The Traefik project reports: This update is recommended for all traefik users and provides following important security fixes: CVE-2022-23469: Authorization header displayed in the debug logs CVE-2022-46153: Routes exposed with an empty TLSOption in traefik...
netdata -- multiple vulnerabilities with streaming
Netdata reports: GHSA-xg38-3vmw-2978: Netdata Streaming Alert Command Injection GHSA-jx85-39cw-66f2: Netdata Streaming Authentication Bypass...
Grafana -- Privilege escalation
Grafana Labs reports: Grafana admins can invite other members to the organization they are an admin for. When admins add members to the organization, non existing users get an email invite, existing members are added directly to the organization. When an invite link is sent, it allows users to si...
advancecomp -- Multiple vulnerabilities
GitHub advisories reports: Multiple vulnerabilities found in advancecomp including: Three segmentation faults. Heap buffer overflow via leuint32read at /lib/endianrw.h. Three more heap buffer overflows...
gitea -- Improper/incorrect authorization
Youssef Rebahi-Gilbert reports: When Gitea is built and configured for PAM authentication it skips checking authorization completely. Therefore expired accounts and accounts with expired passwords can still login...
py-treq -- sensitive information leak vulnerability
Treq's request methods treq.get, treq.post, HTTPClient.request, HTTPClient.get, etc. accept cookies as a dictionary. Such cookies are not bound to a single domain, and are therefore sent to every domain "supercookies". This can potentially cause sensitive information to leak upon an HTTP redirect...
powerdns -- remotely triggered crash
powerdns reports: PowerDNS Security Advisory 2021-01: Specific query crashes Authoritative Server...
dragonfly -- argument injection
NVD reports: An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verifyurl option is disabled. This may lead to code execution. The problem occurs because the generate and process...
h2o -- uninitialised memory access in HTTP3
Emil Lerner reports: When receiving QUIC frames in certain order, HTTP/3 server-side implementation of h2o can be misguided to treat uninitialized memory as HTTP/3 frames that have been received. When h2o is used as a reverse proxy, an attacker can abuse this vulnerability to send internal state ...
libzmq4 -- Denial of Service
Google's oss-fuzz project reports: Denial-of-Service on CURVE/ZAP-protected servers by unauthenticated clients. If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able to exchange any message. Handshakes complete...
powerdns-recursor -- access restriction bypass
PowerDNS Team reports: CVE-2020-14196: An issue has been found in PowerDNS Recursor where the ACL applied to the internal web server via webserver-allow-from is not properly enforced, allowing a remote attacker to send HTTP queries to the internal web server, bypassing the restriction. In the...
libadplug -- Various vulnerabilities
Malvineous on Github reports: This release fixes the following security issues: buffer overflow in .bmf buffer overflow in .dtm buffer overflow in .mkj buffer overflow in .a2m buffer overflow in .rad buffer overflow in .mtk double free and OOB reads in .u6m...
wordpress -- multiple issues
wordpress developers reports: Props to Simon Scannell of RIPS Technologies for finding and disclosing two issues. The first, a cross-site scripting XSS vulnerability found in post previews by contributors. The second was a cross-site scripting vulnerability in stored comments. Props to Tim Coen f...
FreeBSD -- Reference count overflow in mqueue filesystem
Problem Description: System calls operating on file descriptors obtain a reference to relevant struct file which due to a programming error was not always put back, which in turn could be used to overflow the counter of affected struct file. Impact: A local user can use this flaw to obtain access...
ettercap -- out-of-bound read vulnerability
Ettercap GitHub issue: Etterfilter results in an invalid read of 8 bytes when parsing a crafted file...
gitea -- multiple vulnerabilities
Gitea Team reports: This release contains two new security fixes which cannot be backported to the 1.7.0 branch, so it is recommended to update to this version...
www/mod_dav_svn -- Malicious SVN clients can crash mod_dav_svn.
Subversion project reports: Malicious SVN clients can trigger a crash in moddavsvn by omitting the root path from a recursive directory listing request...
irssi -- Use after free
Irssi reports: Use after free when hidden lines were expired from the scroll buffer. It may affect the stability of Irssi. CWE-417, CWE-825...
uriparser -- Out-of-bounds read
Upstream project reports: Out-of-bounds read in uriParseEx for incomplete URIs with IPv6 addresses with embedded IPv4 address, e.g. "//::44.1"; mitigated if passed parameter afterLast points to readable memory containing a '\0' byte...
FreeBSD -- Insufficient bounds checking in bhyve(8) device model
Problem Description: Insufficient bounds checking in one of the device models provided by bhyve8 can permit a guest operating system to overwrite memory in the bhyve8 processing possibly permitting arbitary code execution. Impact: A guest OS using a firmware image can cause the bhyve process to...
Memory leak in different components
MITRE reports: bsixel 1.8.1 has a memory leak in sixeldecoderdecode in decoder.c, imagebufferresize in fromsixel.c, sixeldecoderaw in fromsixel.c and sixelallocatornew in allocator.c...
slurm -- insecure handling of user_name and gid fields
SchedMD reports: Insecure handling of username and gid fields CVE-2018-10995 While fixes are only available for the supported 17.02 and 17.11 releases, it is believed that similar vulnerabilities do affect past versions as well. The only resolution is to upgrade Slurm to a fixed release...
py-asyncssh -- Allows bypass of authentication
mitre.org Reports: The SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authentication is completed before processing other requests A customized SSH client can simply skip the authentication step...
consul -- vulnerability in embedded DNS library
Consul developers report: A flaw was found in the embedded DNS library used in consul which may allow a denial of service attack. Consul was updated to include the fixed version...
cacti -- Cross Site Scripting issue
cacti developers report: The file include/globalsession.php in Cacti 1.1.25 has XSS related to 1 the URI or 2 the refresh page...
cyrus-imapd -- broken "other users" behaviour
Cyrus IMAP 3.0.4 Release Notes states: Fixed Issue 2132: Broken "Other Users" behaviour...
asterisk -- Remote Crash Vulerability in res_pjsip
The Asterisk project reports: A carefully crafted URI in a From, To or Contact header could cause Asterisk to crash...
rubygems -- multiple vulnerabilities
Official blog of RubyGems reports: The following vulnerabilities have been reported: a DNS request hijacking vulnerability, an ANSI escape sequence vulnerability, a DoS vulnerability in the query command, and a vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary...
pear-Horde_Image -- remote code execution vulnerability
Michael J Rubinsky reports: The fist vulnerability CVE-2017-9774 is a Remote Code Execution vulnerability and is exploitable by a logged in user sending a maliciously crafted GET request to the Horde server...
cURL -- URL file scheme drive letter buffer overflow
cURL security advisory: When libcurl is given either 1. a file: URL that doesn't use two slashes following the colon, or 2. is told that file is the default scheme to use for URLs without scheme ... and the given path starts with a drive letter and libcurl is built for Windows or DOS, then libcur...
Wordpress -- multiple vulnerabilities
WordPress versions 4.7.4 and earlier are affected by six security issues Insufficient redirect validation in the HTTP class. Improper handling of post meta data values in the XML-RPC API. Lack of capability checks for post meta data in the XML-RPC API. A Cross Site Request Forgery CRSF...
gitlab -- Various security issues
GitLab reports: Please reference CVE/URL list for details...
id Tech 3 -- remote code execution vulnerability
The content auto-download of id Tech 3 can be used to deliver maliciously crafted content, that triggers downloading of further content and loading and executing it as native code with user credentials. This affects ioquake3, ioUrbanTerror, OpenArena, the original Quake 3 Arena and other forks...
MPD -- buffer overflows in http output
The MPD project reports: httpd: fix two buffer overflows in IcyMetaData length calculation...
nfsen -- remote command execution
Peter Haag reports: A remote attacker with access to the web interface to execute arbitrary commands on the host operating system...
asterisk -- Crash on SDP offer or answer from endpoint using Opus
The Asterisk project reports: If an SDP offer or answer is received with the Opus codec and with the format parameters separated using a space the code responsible for parsing will recursively call itself until it crashes. This occurs as the code does not properly handle spaces separating the...
FreeBSD -- Multiple portsnap vulnerabilities
Problem Description: Flaws in portsnap's verification of downloaded tar files allows additional files to be included without causing the verification to fail. Portsnap may then use or execute these files. Impact: An attacker who can conduct man in the middle attack on the network at the time when...
h2o -- fix DoS attack vector
Frederik Deweerdt reported a denial-of-service attack vector due to an unhandled error condition during socket connection...
libtorrent-rasterbar -- denial of service
Brandon Perry reports: The parsechunkheader function in libtorrent before 1.1.1 allows remote attackers to cause a denial of service crash via a crafted 1 HTTP response or possibly a 2 UPnP broadcast...
p7zip -- out-of-bounds read vulnerability
Cisco Talos reports: An out-of-bounds read vulnerability exists in the way 7-Zip handles Universal Disk Format UDF files. Central to 7-Zip’s processing of UDF files is the CInArchive::ReadFileItem method. Because volumes can have more than one partition map, their objects are kept in an object...
libarchive -- RCE vulnerability
The libarchive project reports: Heap-based buffer overflow in the zipreadmacmetadata function in archivereadsupportformatzip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive...
squid -- SSL/TLS processing remote DoS
Squid security advisory 2016:1 reports: Due to incorrectly handling server errors Squid is vulnerable to a denial of service attack when connecting to TLS or SSL servers. This problem allows any trusted client to perform a denial of service attack on the Squid service regardless of whether TLS or...
django -- regression in permissions model
Tim Graham reports: User with "change" but not "add" permission can create objects for ModelAdmin’s with saveas=True...
a2ps -- format string vulnerability
Jong-Gwon Kim reports: When user runs a2ps with malicious crafted proa2ps prologue file, an attacker can execute arbitrary code...
moodle -- multiple vulnerabilities
Moodle Release Notes report: MSA-15-0037 Possible to send a message to a user who blocked messages from non contacts MSA-15-0038 DDoS possibility in Atto MSA-15-0039 CSRF in site registration form MSA-15-0040 Student XSS in survey MSA-15-0041 XSS in flash video player MSA-15-0042 CSRF in lesson...
owncloudclient -- Improper validation of certificates when using self-signed certificates
owncloud.org reports: The ownCloud Desktop Client was vulnerable against MITM attacks until version 2.0.0 in combination with self-signed certificates...