Mozilla -- use-after-free while parsing JSON

[email protected] reports: Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free...

electron32 -- Type Confusion in V8

Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2024-12053...

redis,valkey -- Remote code execution valnerability

Redis core team reports: An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting...

redis,valkey -- Denial-of-service valnerability due to malformed ACL selectors

Redis core team reports: An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service.The problem exists in Redis 7.0.0 or newer...

webmin -- CGI Command Injection Remote Code Execution

Webmin reports: A less-privileged Webmin user can execute commands as root via a vulnerability in the shell autocomplete feature...

Vaultwarden -- Admin organization permissions

The Vaultwarden project reports: Admins from any organization were able to modify or delete groups in any other organization if they know the group's uuid...

Apache Tomcat -- RCE due to TOCTOU issue in JSP compilation

[email protected] reports: Time-of-check Time-of-use TOCTOU Race Condition The mitigation for CVE-2024-50379 was incomplete. Users running Tomcat on a case insensitive file system with the default servlet write enabled readonly initialisation parameter set to the non-default value of false may...

kanboard -- Insufficient session invalidation

[email protected] reports: Kanboard is project management software that focuses on the Kanban methodology. In affected versions sessions are still usable even though their lifetime has exceeded. Kanboard implements a cutom session handler app/Core/Session/SessionHandler.php, to store...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 3 security fixes: 382291459 High CVE-2024-12692: Type Confusion in V8. Reported by Seunghyun Lee @0x10n on 2024-12-05 382190919 High CVE-2024-12693: Out of bounds memory access in V8. Reported by 303f06e3 on 2024-12-04 368222741 High CVE-2024-12694: U...

age -- age vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution

Filippo Valsorda reports: A plugin name containing a path separator may allow an attacker to execute an arbitrary binary. Such a plugin name can be provided to the age CLI through an attacker-controlled recipient or identity string, or to the plugin.NewIdentity, plugin.NewIdentityWithoutData, or...

www/varnish7 -- client-side desync vulnerability

The Varnish Development Team reports: A client-side desync vulnerability can be triggered in Varnish Cache and Varnish Enterprise. This vulnerability can be triggered under specific circumstances involving malformed HTTP/1 requests...

zeek -- potential DoS vulnerability

Tim Wojtulewicz of Corelight reports: Large QUIC packets can cause Zeek to overflow memory and potentially crash. Due to the possibility of receiving these packets from remote hosts, this is a DoS risk...

forgejo -- multiple vulnerabilities

Problem Description: When Forgejo is configured to run the internal ssh server with server.STARTSSHSERVER=true, it was possible for a registered user to impersonate another user. The rootless container image uses the internal ssh server by default and was vulnerable. A Forgejo instance running fr...

gitea -- Fix misuse of PublicKeyCallback

Problem Description: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto...

forgejo -- unauthorized user impersonation

Problem Description: When Forgejo is configured to run the internal ssh server with server.STARTSSHSERVER=true, it was possible for a registered user to impersonate another user. The rootless container image uses the internal ssh server by default and was vulnerable. A Forgejo instance running fr...

forgejo -- multiple vulnerabilities

Problem Description: It was possible to use a token sent via email for secondary email validation to reset the password instead. In other words, a token sent for a given action registration, password reset or secondary email validation could be used to perform a different action. It is no longer...

Gitlab -- Vulnerabilities

Gitlab reports: Injection of Network Error Logging NEL headers in kubernetes proxy response could lead to ATO abusing OAuth flows Denial of Service by repeatedly sending unauthenticated requests for diff-files CIJOBTOKEN could be used to obtain GitLab session Open redirect in releases API...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 3 security fixes: 381696874 High CVE-2024-12381: Type Confusion in V8. Reported by Seunghyun Lee @0x10n on 2024-12-02 379516109 High CVE-2024-12382: Use after free in Translate. Reported by lime@limeSec from TIANGONG Team of Legendsec at QI-ANXIN Grou...

gstreamer1-plugins-ogg -- Out-of-bounds write in Ogg demuxer

The GStreamer Security Center reports: An out-of-bounds write in the Ogg demuxer that can cause crashes for certain input files...

gstreamer1-plugins-gdkpixbuf -- NULL-pointer dereference

The GStreamer Security Center reports: A NULL-pointer dereference in the gdk-pixbuf decoder that can cause crashes for certain input files...

gstreamer1-plugins-good -- multiple vulnerabilities

The GStreamer Security Center reports: 20 security bugs. CVE-2024-47537: Integer overflow in MP4/MOV sample table parser leading to out-of-bounds writes CVE-2024-47598: MP4/MOV sample table parser out-of-bounds read CVE-2024-47539: MP4/MOV Closed Caption handling out-of-bounds write CVE-2024-4754...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 4 security fixes: 379009132 High CVE-2024-12053: Type Confusion in V8. Reported by gal1ium and chluo on 2024-11-14...

gstreamer1-plugins-opus -- Stack buffer-overflow in Opus decoder

The GStreamer Security Center reports: Stack buffer-overflow in Opus decoder that can cause crashes for certain input files...

gstreamer1-plugins-jpeg -- NULL-pointer dereferences in JPEG decoder

The GStreamer Security Center reports: Insufficient error handling in the JPEG decoder that can lead to NULL-pointer dereferences, and that can cause crashes for certain input files...

py-matrix-synapse -- multiple vulnerabilities in versions prior to 1.120.1

element-hq/synapse developers report: The 1.120.1 release fixes multiple security vulnerabilities, some affecting all prior versions of Synapse. Server administrators are encouraged to update Synapse as soon as possible. We are not aware of these vulnerabilities being exploited in the wild...

gstreamer1-plugins-vorbis -- Stack buffer-overflow in Vorbis decoder

The GStreamer Security Center reports: Stack buffer-overflow in Vorbis decoder that can cause crashes for certain input files...

gstreamer1-plugins -- multiple vulnerabilities

The GStreamer Security Center reports: 3 security bugs. CVE-2024-47542: ID3v2 parser out-of-bounds read and NULL-pointer dereference CVE-2024-47600: Out-of-bounds read in gst-discoverer-1.0 commandline tool CVE-2024-47541: Out-of-bounds write in SSA subtitle parser...

asterisk - path traversal

[email protected] reports: An issue in the actionlistcategories function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to execute a path traversal...

liboqs -- Correctness error in HQC decapsulation

The Open Quantum Safe project reports: A correctness error has been identified in the reference implementation of the HQC key encapsulation mechanism. Due to an indexing error, part of the secret key is incorrectly treated as non-secret data. This results in an incorrect shared secret value being...

qt6-webengine -- Multiple vulnerabilities

Qt qtwebengine-chromium repo reports: Backports for 5 security bugs in Chromium: CVE-2024-11110: Inappropriate implementation in Blink CVE-2024-11112: Use after free in Media CVE-2024-11114: Inappropriate implementation in Views CVE-2024-11116: Inappropriate implementation in Paint CVE-2024-11117...

Emacs -- Shell injection vulnerability

Problem Description: An Emacs user who chooses to invoke elisp-completion-at-point for code completion on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. This unsafe expansion also occurs if a user chooses to enable...

zabbix -- SQL injection in user.get API

[email protected] reports: A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.g...

jenkins -- Denial of service vulnerability in bundled json-lib

Jenkins Security Advisory: Description High SECURITY-3463 / CVE-2024-47855 Denial of service vulnerability in bundled json-lib...

gitea -- multiple vulnerabilities

Problem Description: Fix delete branch perm checking Upgrade crypto library...

electron33 -- Inappropriate implementation in Extensions

Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2024-11110...

Mozilla -- null pointer dereference

[email protected] reports: A null pointer dereference may have inadvertently occurred in pk12util, and specifically in the SECASN1DecodeItemUtil function, when handling malformed or improperly formatted input files...

firefox -- multiple vulnerabilities

[email protected] reports: CVE-2024-11692: An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. CVE-2024-11696: The application failed to account for exceptions thrown by the loadManifestFromFile method...

mozilla -- double free error

[email protected] reports: A double-free issue could have occurred in secpkcs7decoderstartdecrypt when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption...

Gitlab -- vulnerabilities

Gitlab reports: Privilege Escalation via LFS Tokens DoS through uncontrolled resource consumption when viewing a maliciously crafted cargo.toml file Unintended Access to Usage Data via Scoped Tokens Gitlab DOS via Harbor registry integration Resource exhaustion and denial of service with testrepo...

keycloak -- Multiple security fixes

Keycloak reports: This update includes 5 security fixes: CVE-2024-10451: Sensitive Data Exposure in Keycloak Build Process CVE-2024-10270: Potential Denial of Service CVE-2024-10492: Keycloak path trasversal CVE-2024-9666: Keycloak proxy header handling Denial-of-Service DoS vulnerability...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 3 security fixes: 377384894 High CVE-2024-11395: Type Confusion in V8. Reported by Anonymous on 2024-11-05...

gitea -- multiple vulnerabilities

Problem Description: Fix basic auth with webauthn Refactor internal routers partial backport, auth token const time comparing...

gogs -- Multiple vulnerabilities

[email protected] reports: CVE-2024-44625: Directory Traversal via the editFilePost function of internal/route/repo/editor.go. CVE-2024-39933: Gogs allows argument injection during the tagging of a new release. CVE-2024-39932: Gogs allows argument injection during the previewing of changes...

electron31 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-10827. Security: backported fix for CVE-2024-11110...

mongodb -- Buffer over-reads in MongoDB Server

[email protected] reports: An authorized user may trigger crashes or receive the contents of buffer over-reads of Server memory by issuing specially crafted requests that construct malformed BSON in the MongoDB Server...

PostgreSQL -- PL/Perl environment variable changes execute arbitrary code

PostgreSQL project reports: Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables e.g. PATH. That often suffices to enable arbitrary code execution, even if the attacker lacks a database server...

PostgreSQL -- libpq retains an error message from man-in-the-middle

PostgreSQL project reports: Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or...

PostgreSQL -- PostgreSQL row security below e.g. subqueries disregards user ID changes

PostgreSQL project reports: Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery...

PostgreSQL -- SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID

PostgreSQL project reports: Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when...

Gitlab -- vulnerabilities

Gitlab reports: Unauthorized access to Kubernetes cluster agent Device OAuth flow allows for cross window forgery Denial of Service by importing malicious crafted FogBugz import payload Stored XSS through javascript URL in Analytics dashboards HTML injection in vulnerability Code flow could lead ...