6585 matches found
cacti -- SQL injection
Fernando Quintero reports that Cacti 0.8.5a suffers from a SQL injection attack where an attacker can change the password for any Cacti user. This attack is not possible if the PHP option magicquotesgpc is set to On, which is the default for PHP in FreeBSD...
leafnode denial-of-service triggered by article request
The leafnode NNTP server may go into an unterminated loop with 100% CPU use when an article is requested by Message-ID that has been crossposted to several news groups when one of the group names is the prefix of another group name that the article was cross-posted to. Found by Jan Knutar...
pine remotely exploitable buffer overflow in newmail.c
Kris Kennaway reports a remotely exploitable buffer overflow in newmail.c. Mike Silbersack submitted the fix...
jellyfin -- multiple vulnerabilities
The Jellyfin project reports: Jellyfin Server 10.11.10 fixes three security vulnerabilities: GHSA-f47c-m7gr-q92j: details pending disclosure GHSA-jg92-mrxq-vv75: details pending disclosure GHSA-wwwm-px48-fpvq: details pending disclosure...
Mozilla -- javascript content execution
[email protected] reports: A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape...
Jinja2 -- Sandbox breakout through attr filter selecting format method
[email protected] reports: Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the...
electron32 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-12693. Security: backported fix for CVE-2024-12694. Security: backported fix for CVE-2024-12695. Security: backported fix for CVE-2025-0434. Security: backported fix for CVE-2025-043...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 16 security fixes: 374627491 High CVE-2025-0434: Out of bounds memory access in V8. Reported by ddme on 2024-10-21 379652406 High CVE-2025-0435: Inappropriate implementation in Navigation. Reported by Alesandro Ortiz on 2024-11-18 382786791 High...
Emacs -- Shell injection vulnerability
Problem Description: An Emacs user who chooses to invoke elisp-completion-at-point for code completion on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. This unsafe expansion also occurs if a user chooses to enable...
Unbound -- Denial of service attack
NLnet labs report: A vulnerability has been discovered in Unbound when handling replies with very large RRsets that Unbound needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to...
FreeBSD -- bhyve(8) privileged guest escape via TPM device passthrough
Problem Description: bhyve can be configured to provide access to the host's TPM device, where it passes the communication through an emulated device provided to the guest. This may be performed on the command-line by starting bhyve with the -l tpm,passthru,/dev/tpmX parameters. The MMIO handler...
frr - BGP
[email protected] reports: An issue was discovered in FRRouting FRR. bgpattrencap in bgpd/bgpattr.c does not check the actual remaining stream length before taking the TLV value...
sqlite -- use-after-free bug in jsonparseaddnodearray
[email protected] reports: A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading t...
Grafana -- Email verification is not required after email change
Grafana Labs reports: The vulnerability impacts instances where Grafana basic authentication is enabled. Grafana has a verifyemailenabled configuration option. When this option is enabled, users are required to confirm their email addresses before the sign-up process is complete. However, the ema...
phpmyfaq -- multiple vulnerabilities
phpmyfaq developers report: XSS Insufficient session expiration...
GLPI vulnerable to unauthenticated access to Dashboard data
[email protected] reports: GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a file allows an unauthenticated user to be able to access dashboards data. Version 10.0.8 contains a patch for this...
Gitlab -- Vulnerability
Gitlab reports: Smuggling code changes via merge requests with refs/replace...
rxvt-unicode is vulnerable to a remote code execution
Marc Lehmann reports: The biggest issue is resolving CVE-2022-4170, which allows command execution inside urxvt from within the terminal that means anything that can output text in the terminal can start commands in the context of the urxvt process, even remotely...
varnish -- HTTP/2 Request Forgery Vulnerability
Varnish Cache Project reports: A request forgery attack can be performed on Varnish Cache servers that have the HTTP/2 protocol turned on. An attacker may introduce characters through the HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server t...
powerdns-recursor -- denial of service
PowerDNS Team reports: PowerDNS Security Advisory 2022-02: incomplete exception handling related to protobuf message generation...
py-nicotine-plus -- Denial of service vulnerability
ztauras reports: Denial of service DoS vulnerability in Nicotine+ starting with version 3.0.3 and prior to version 3.2.1 allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character...
wayland -- integer overflow
Tobias Stoeckmann reports: The libXcursor fix for CVE-2013-2003 has never been imported into wayland, leaving it vulnerable to it...
drupal7 -- fix possible CSS
Drupal Security team reports: Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. Not all sites and users are affected, but configuration changes to prevent the exploit might be impractical and will vary between sites. Therefore, we recommend...
LibreSSL -- use-after-free
OpenBSD reports: A TLS client using session resumption may cause a use-after-free...
phpldapadmin -- XSS vulnerability
[email protected] reports: An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via getrequest in lib/function.php...
asterisk -- Remote crash in res_pjsip_session
The Asterisk project reports: Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending upon some off nominal circumstances, and timing it...
jupyter notebook -- open redirect vulnerability
Jupyter reports: 6.1.5 is a security release, fixing one vulnerability: Fix open redirect vulnerability GHSA-c7vm-f5p4-8fqh CVE to be assigned...
powerdns -- Various issues in GSS-TSIG support
PowerDNS developers report: A remote, unauthenticated attacker can trigger a race condition leading to a crash, or possibly arbitrary code execution, by sending crafted queries with a GSS-TSIG signature. A remote, unauthenticated attacker can cause a denial of service by sending crafted queries...
phpmyadmin -- multiple vulnerabilities
the phpmyadmin team reports: This security fix is part of an ongoing effort to improve the security of the Designer feature and is designated PMASA-2019-5. There is also an improvement for how we sanitize git version information shown on the home page...
FreeBSD -- Reference count overflow in mqueue filesystem 32-bit compat
Problem Description: System calls operating on file descriptors obtain a reference to relevant struct file which due to a programming error was not always put back, which in turn could be used to overflow the counter of affected struct file. Impact: A local user can use this flaw to obtain access...
py-matrix-synapse -- multiple vulnerabilities
Matrix developers report: The matrix team releases Synapse 1.2.1 as a critical security update. It contains patches relating to redactions and event federation: Prevent an attack where a federated server could send redactions for arbitrary events in v1 and v2 rooms. Prevent a denial-of-service...
FreeBSD -- iconv buffer overflow
Problem Description: With certain inputs, iconv may write beyond the end of the output buffer. Impact: Depending on the way in which iconv is used, an attacker may be able to create a denial of service, provoke incorrect program behavior, or induce a remote code execution. iconv is a libc library...
znc -- privilege escalation
Mitre reports: Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-admin users to escalate privileges and execute arbitrary code by loading a module with a crafted name...
msmtp -- certificate-verification issue
msmtp developers report: In msmtp 1.8.2, when tlstrustfile has its default configuration, certificate-verification results are not properly checked...
gitea -- multiple vulnerabilities
Gitea Team reports: Disable redirect for i18n Only allow local login if password is non-empty Fix go-get URL generation...
drupal -- Drupal core - Arbitrary PHP code execution
Drupal Security Team reports: A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code core, contrib, and custom may be performing file operations on insufficiently validated user input, thereb...
Helm -- client unpacking chart that contains malicious content
Helm security notice A specially crafted chart may be able to unpack content into locations on the filesystem outside of the chart's path, potentially overwriting existing files...
Plex Media Server -- Information Disclosure Vulnerability
Chris reports: The XML parsing engine for Plex Media Server's SSDP/UPNP functionality is vulnerable to an XML External Entity Processing XXE attack. Unauthenticated attackers on the same LAN can use this vulnerability to: Access arbitrary files from the filesystem with the same permission as the...
uwsgi -- a stack-based buffer overflow
Uwsgi developers report: It was discovered that the uwsgiexpandpath function in utils.c in Unbit uWSGI, an application container server, has a stack-based buffer overflow via a large directory length that can cause a denial-of-service application crash or stack corruption...
asterisk -- Remote Crash Vulnerability in RTCP Stack
The Asterisk project reports: If a compound RTCP packet is received containing more than one report for example a Receiver Report and a Sender Report the RTCP stack will incorrectly store report information outside of allocated memory potentially causing a crash...
libXcursor -- integer overflow that can lead to heap buffer overflow
The freedesktop.org project reports: It is possible to trigger heap overflows due to an integer overflow while parsing images and a signedness issue while parsing comments. The integer overflow occurs because the chosen limit 0x10000 for dimensions is too large for 32 bit systems, because each...
shadowsocks-libev -- command injection via shell metacharacters
MITRE reports: Improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic...
aacplusenc -- denial of service
Gentoo developers report: DeleteBitBuffer in libbitbuf/bitbuffer.c in mp4tools aacplusenc 0.17.5 allows remote attackers to cause a denial of service invalid memory write, SEGV on unknown address 0x000000000030, and application crash or possibly have unspecified other impact via a crafted .wav...
ledger -- multiple vulnerabilities
Talos reports: An exploitable buffer overflow vulnerability exists in the tag parsing functionality of Ledger-CLI 3.1.1. A specially crafted journal file can cause an integer underflow resulting in code execution. An attacker can construct a malicious journal file to trigger this vulnerability. A...
h2o -- DoS in workers
Frederik Deweerdt reports: Multiple Denial-of-Service vulnerabilities exist in h2o workers - see references for full details. CVE-2017-10868: Worker processes may crash when receiving a request with invalid framing. CVE-2017-10869: The stack may overflow when proxying huge requests...
tnef -- Invalid read and write operations, controlled by an attacker
[email protected] reports: CVE-2017-6307: An issue was discovered in tnef before 1.4.13. Two OOB Writes have been identified in src/mapiattr.c:mapiattrread. These might lead to invalid read and write operations, controlled by an attacker. CVE-2017-6308: An issue was discovered in tnef before 1.4.13...
kde-runtime -- kdesu: displayed command truncated by unicode string terminator
Albert Aastals Cid reports: A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user...
codeigniter -- multiple vulnerabilities
The CodeIgniter changelog reports: Fixed an SQL injection in the ‘odbc’ database driver. Updated setrealpath Path Helper function to filter-out php:// wrapper inputs...
icingaweb2 -- remote code execution
Eric Lippmann reports: Possibility of remote code execution via the remote command transport...
FreeBSD -- Incorrect argument handling in sendmsg(2)
Problem Description: Incorrect argument handling in the socket code allows malicious local user to overwrite large portion of the kernel memory. Impact: Malicious local user may crash kernel or execute arbitrary code in the kernel, potentially gaining superuser privileges...