6585 matches found
proxytunnel -- format string vulnerability
A Gentoo Linux Security Advisory reports: Florian Schilhabel of the Gentoo Linux Security Audit project found a format string vulnerability in Proxytunnel. When the program is started in daemon mode -a port, it improperly logs invalid proxy answers to syslog. A malicious remote server could send...
jabberd -- denial-of-service vulnerability
José Antonio Calvo discovered a bug in the Jabber 1.x server. According to Matthias Wimmer: Without this patch, it is possible to remotly crash jabberd14, if there is access to one of the following types of network sockets: Socket accepting client connections Socket accepting connections from oth...
php -- vulnerability in RFC 1867 file upload processing
Stefano Di Paola discovered an issue with PHP that could allow someone to upload a file to any directory writeable by the httpd process. Any sanitizing performed on the prepended directory path is ignored. This bug can only be triggered if the $FILES element name contains an underscore...
multiple vulnerabilities in ethereal
Issues have been discovered in multiple protocol dissectors...
hsftp format string vulnerabilities
Ulf Härnhammar discovered a format string bug in hsftp's file listing code may allow a malicious server to cause arbitrary code execution by the client...
Buffer overflow in Mutt 1.4
Mutt 1.4 contains a buffer overflow that could be exploited with a specially formed message, causing Mutt to crash or possibly execute arbitrary code...
ChiTeX/ChiLaTeX unsafe set-user-id root
Niels Heinen reports that ChiTeX installs set-user-id root executables that invoked system3 without setting up the environment, trivially allowing local root compromise...
nap allows arbitrary file access
According to the author: Fixed security loophole which allowed remote clients to access arbitrary files on our system...
GNU finger vulnerability
GNU security announcement: GNU Finger unfortunately has not been updated in many years, and has known security vulnerabilities. Please do not use it in production environments...
Roundcube Webmail -- Multiple vulnerabilities
The Roundcube Webmail project reports: See link for details. No CVE numbers available at the moment...
putty -- multiple security vulnerabilities
Simon Tatham reports: These features are new in PuTTY 0.84: Security issue: fixed a remotely triggerable double-free in RSA key exchange. We don't know of any way it is exploitable to execute code. Minor security issue: fixed a remotely triggerable crash in NIST ECDSA signature verification. An...
Gitlab -- vulnerabilities
Gitlab reports: Cross-site Scripting issue in Analytics dashboard chart rendering impacts GitLab EE Cross-site Scripting issue in global search impacts GitLab CE/EE Cross-site Scripting issue in Duo Agent output rendering impacts GitLab EE Cross-site Scripting issue in Analytics Dashboard impacts...
chromium -- security fixes
Chrome Releases reports: This update includes multiple security fixes: Critical: CVE-2026-5858: Heap buffer overflow in WebML. CVE-2026-5859: Integer overflow in WebML. High: CVE-2026-5860: Use after free in WebRTC. CVE-2026-5861: Use after free in V8. CVE-2026-5862: Inappropriate implementation ...
Mozilla -- Incorrect computation of branch address
[email protected] reports: On arm64, a WASM brtable instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address...
mod_http2 -- Multiple vulnerabilities
The modhttp2 project reports: a client can increase memory consumption for a HTTP/2 connection via repeated request header names,leading to denial of service certain proxy configurations whith modproxyhttp2 as the backend, an assertion can be triggered by certain requests, leading to denial of...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 4 security fixes: 415810136 High CVE-2025-4664: Insufficient policy enforcement in Loader. Source: X post from @slonser on 2025-05-05 412578726 High CVE-2025-4609: Incorrect handle provided in unspecified circumstances in Mojo. Reported by Micky on...
electron{33,34} -- Incorrect handle provided in unspecified circumstances in Mojo
Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2025-2783...
cacti -- Multiple vulnerabilities
Cacti repo reports: security GHSA-c5j8-jxj3-hh36: Authenticated RCE via multi-line SNMP responses security GHSA-f9c7-7rc3-574c: SQL Injection vulnerability when using tree rules through Automation API security GHSA-fh3x-69rr-qqpp: SQL Injection vulnerability when request automation devices securi...
gstreamer1-plugins-gdkpixbuf -- NULL-pointer dereference
The GStreamer Security Center reports: A NULL-pointer dereference in the gdk-pixbuf decoder that can cause crashes for certain input files...
gstreamer1-plugins-good -- multiple vulnerabilities
The GStreamer Security Center reports: 20 security bugs. CVE-2024-47537: Integer overflow in MP4/MOV sample table parser leading to out-of-bounds writes CVE-2024-47598: MP4/MOV sample table parser out-of-bounds read CVE-2024-47539: MP4/MOV Closed Caption handling out-of-bounds write CVE-2024-4754...
gstreamer1-plugins -- multiple vulnerabilities
The GStreamer Security Center reports: 3 security bugs. CVE-2024-47542: ID3v2 parser out-of-bounds read and NULL-pointer dereference CVE-2024-47600: Out-of-bounds read in gst-discoverer-1.0 commandline tool CVE-2024-47541: Out-of-bounds write in SSA subtitle parser...
gstreamer1-rtsp-server -- Potential Denial-of-Service (DoS) with specially crafted client requests
Qingpeng Du reports: A series of specially crafted client requests during streaming setup post client authentication, if any can cause the RTSP server library to abort, if it has been compiled with assertions enabled...
qt5-webengine -- Multiple vulnerabilities
Backports for 15 security bugs in Chromium: CVE-2024-4761: Out of bounds write in V8 CVE-2024-5158: Type confusion in V8 CVE-2024-7532: Out of bounds memory access in ANGLE CVE-2024-7965: Inappropriate implementation in V8 CVE-2024-7967: Heap buffer overflow in Fonts CVE-2024-7971: Type confusion...
forgejo -- multiple vulnerabilities
Problem Description: Replace v-html with v-text in search inputbox Upgrade webpack to v5.94.0 as a precaution to mitigate CVE-2024-43788, although we were not yet able to confirm that this can be exploited in Forgejo...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 6 security fixes: 344608204 High CVE-2024-6100: Type Confusion in V8. Reported by Seunghyun Lee @0x10n participating in SSD Secure Disclosure's TyphoonPWN 2024 on 2024-06-04 343748812 High CVE-2024-6101: Inappropriate implementation in WebAssembly...
mozilla firefox -- protocol information guessing
[email protected] reports: By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12...
traefik -- Unexpected behavior with IPv4-mapped IPv6 addresses
The traefik authors report: There is a vulnerability in Go managing various Is methods IsPrivate, IsLoopback, etc for IPv4-mapped IPv6 addresses. They didn't work as expected returning false for addresses which would return true in their traditional IPv4 forms...
minio -- unintentional information disclosure
Minio security advisory GHSA-95fr-cm4m-q5p9 reports: when used with anonymous requests by sending a random object name requests you can figure out if the object exists or not on the server on a specific bucket and also gain access to some amount of information...
python -- several vulnerabilities
Hugo van Kemenade reports: Python 3.14.2 and 3.13.11 are now available ... and come with some bonus security fixes. gh-142145: Remove quadratic behavior in node ID cache clearing CVE-2025-12084 gh-119451: Fix a potential denial of service in http.client only in 3.13; CVE-2025-13836 gh-119452: Fix...
cyrus-imapd -- unbounded memory allocation
Cyrus IMAP 3.8.3 Release Notes states: Fixed CVE-2024-34055: Cyrus-IMAP through 3.8.2 and 3.10.0-beta2 allow authenticated attackers to cause unbounded memory allocation by sending many LITERALs in a single command. The IMAP protocol allows for command arguments to be LITERALs of negotiated lengt...
electron{27,28} -- Out of bounds memory access in V8
Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2024-2173...
go-git -- DoS vulnerability
The go-git project reports: See link for details...
openexr -- Heap Overflow in Scanline Deep Data Parsing
Austin Hackers Anonymous report: Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEXR image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. ... it is...
libcue -- out-of-bounds array access
The libcue team reports: There is a vulnerability to out-of-bounds array access...
Users login enumeration by unauthenticated user in GLPI
[email protected] reports: GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An unauthenticated user can enumerate users logins. Users are...
Privilege Escalation from technician to super-admin in GLPI
[email protected] reports: GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A user with write access to another user can make requests to chan...
FreeBSD -- Network authentication attack via pam_krb5
Problem Description: The problem detailed in FreeBSD-SA-23:04.pamkrb5 persisted following the patch for that advisory. Impact: The impact described in FreeBSD-SA-23:04.pamkrb5 persists...
jenkins -- Stored XSS vulnerability
Jenkins Security Advisory: Description High SECURITY-3188 / CVE-2023-39151 Stored XSS vulnerability...
libsndfile_project -- Integer overflow in dataend calculation
[email protected] reports: Multiple signed integers overflow in function aureadheader in src/au.c and in functions mat4open and mat4readheader in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified impacts...
GLPI vulnerable to SQL injection via inventory agent request
[email protected] reports: GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.8, GLPI inventory endpoint can be used to drive a SQL injection attack. By default, GLPI inventory endpoint requires no authentication. Version...
h2o -- Malformed HTTP/1.1 causes Out-of-Memory Denial of Service
Elijah Glover reports: Malformed HTTP/1.1 requests can crash worker processes. occasionally locking up child workers and causing denial of service, and an outage dropping any open connections...
FreeBSD -- GELI silently omits the keyfile if read from stdin
Problem Description: When GELI reads a key file from a standard input, it doesn't store it anywhere. If the user tries to initialize multiple providers at once, for the second and subsequent devices the standard input stream will be already empty. In this case, GELI silently uses a NULL key as th...
Grafana -- Privilege escalation
Grafana Labs reports: Grafana admins can invite other members to the organization they are an admin for. When admins add members to the organization, non existing users get an email invite, existing members are added directly to the organization. When an invite link is sent, it allows users to si...
FreeBSD -- AIO credential reference count leak
Problem Description: The aioaqueue function, used by the liolistio system call, fails to release a reference to a credential in an error case. Impact: An attacker may cause the reference count to overflow, leading to a use after free UAF...
rainloop -- cross-site-scripting (XSS) vulnerability
Simon Scannell reports: The code vulnerability can be easily exploited by an attacker by sending a malicious email to a victim that uses RainLoop as a mail client. When the email is viewed by the victim, the attacker gains full control over the session of the victim and can steal any of their...
typo3 -- XSS vulnerability in svg-sanitize
The TYPO3 project reports: The SVG sanitizer library enshrined/svg-sanitize before version 0.15.0 did not remove HTML elements wrapped in a CDATA section. As a result, SVG content embedded in HTML fetched as text/html was susceptible to cross-site scripting. Plain SVG files fetched as image/svg+x...
py-treq -- sensitive information leak vulnerability
Treq's request methods treq.get, treq.post, HTTPClient.request, HTTPClient.get, etc. accept cookies as a dictionary. Such cookies are not bound to a single domain, and are therefore sent to every domain "supercookies". This can potentially cause sensitive information to leak upon an HTTP redirect...
ipython -- Execution with Unnecessary Privileges
IPython project reports: IPython 8.0.1, 7.31.1 and 5.11 are security releases that change some default values in order to prevent potential Execution with Unnecessary Privileges...
uriparser -- Multiple vulnerabilities
Upstream project reports: Fix a bug affecting both uriNormalizeSyntax and uriMakeOwner functions where the text range in .hostText would not be duped using malloc but remain unchanged and hence "not owned" for URIs with an IPv4 or IPv6 address hostname; depending on how an application uses...
py39-rencode -- infinite loop that could lead to Denial of Service
NIST reports: The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding such as via ;\x2f\x7f, enabling a remote attack that consumes CPU and memory...