electron31 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-9121. Security: backported fix for CVE-2024-9122. Security: backported fix for CVE-2024-7025. Security: backported fix for CVE-2024-9369. Security: backported fix for CVE-2024-7965...

qt5-webengine -- Use after free in Serial

Qt qtwebengine-chromium repo reports: Backports for 1 security bug in Chromium: CVE-2024-10827: Use after free in Serial...

electron32 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-7966. Security: backported fix for CVE-2024-9370...

Gitlab -- vulnerabilities

Gitlab reports: HTML injection in Global Search may lead to XSS DoS via XML manifest file import...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 3 security fixes: 371011220 High CVE-2024-10229: Inappropriate implementation in Extensions. Reported by Vsevolod Kokorin Slonser of Solidlab on 2024-10-02 371565065 High CVE-2024-10230: Type Confusion in V8. Reported by Seunghyun Lee @0x10n on...

OpenSSL -- OOB memory access vulnerability

The OpenSSL project reports: Low-level invalid GF2^m parameters lead to OOB memory access CVE-2024-9143 Low Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes...

electron{31,32} -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-9602. Security: backported fix for CVE-2024-9603...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 17 security fixes: 367755363 High CVE-2024-9954: Use after free in AI. Reported by DarkNavy on 2024-09-18 370133761 Medium CVE-2024-9955: Use after free in Web Authentication. Reported by anonymous on 2024-09-29 370482421 Medium CVE-2024-9956:...

element-web -- Potential exposure of access token via authenticated media

Element team reports: Element Web versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally, involving malicious widgets, but other vectors...

librewolf -- Undefined behavior in selection node cache

[email protected] reports: When manipulating the selection node cache, an attacker may have been able to cause unexpected behavior, potentially leading to an exploitable crash. This vulnerability affects Firefox 131.0.3...

firefox -- use-after-free code execution

[email protected] reports: An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild...

Gitlab -- vulnerabilities

Gitlab reports: Run pipelines on arbitrary branches An attacker can impersonate arbitrary user SSRF in Analytics Dashboard Viewing diffs of MR with conflicts can be slow HTMLi in OAuth page Deploy Keys can push changes to an archived repository Guests can disclose project templates GitLab instanc...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 3 security fixes: 368241697 High CVE-2024-9602: Type Confusion in V8. Reported by Seunghyun Lee @0x10n on 2024-09-20 367818758 High CVE-2024-9603: Type Confusion in V8. Reported by @WeShotTheMoon and @Nguyen Hoang Thach of starlabs on 2024-09-18...

vscode -- Visual Studio Code for Linux Remote Code Execution Vulnerability

VSCode developers report: Visual Studio Code for Linux Remote Code Execution Vulnerability A remote code execution vulnerability exists in VS Code 1.94.0 and earlier versions in the elevated save flow...

gitea -- token missing access control for packages

Problem Description: Fix bug when a token is given public only...

zeek -- potential DoS vulnerability

Tim Wojtulewicz of Corelight reports: Adding to the POP3 hardening in 7.0.2, the parser now simply discards too many pending commands, rather than any attempting to process them. Further, invalid server responses do not result in command completion anymore. Processing out-of-order commands or...

powerdns-recursor -- denial of service

PowerDNS Team reports: PowerDNS Security Advisory 2024-04: Crafted responses can lead to a denial of service due to cache inefficiencies in the Recursor...

Unbound -- Denial of service attack

NLnet labs report: A vulnerability has been discovered in Unbound when handling replies with very large RRsets that Unbound needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to...

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description Medium SECURITY-3451 / CVE-2024-47803 Exposure of multi-line secrets through error messages in Jenkins Description Medium SECURITY-3448 / CVE-2024-47804 Item creation restriction bypass vulnerability in Jenkins...

redis,valkey -- Multiple vulnerabilities

Redis core team reports: CVE-2024-31449 Lua library commands may lead to stack overflow and potential RCE. CVE-2024-31227 Potential Denial-of-service due to malformed ACL selectors. CVE-2024-31228 Potential Denial-of-service due to unbounded pattern matching...

oauth2-proxy -- multiple vulnerabilities

The oauth2-proxy project reports: Vulnerabilities have been addressed: CVE-2024-24786 CVE-2024-24791 CVE-2024-24790 CVE-2024-24784 CVE-2024-28180 CVE-2023-45288...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 4 security fixes: 367764861 High CVE-2024-7025: Integer overflow in Layout. Reported by Tashita Software Security on 2024-09-18 368208152 High CVE-2024-9369: Insufficient data validation in Mojo. Reported by Xiantong Hou and Pisanbao of Wuheng Lab on...

firefox -- multiple vulnerabilities

[email protected] reports: CVE-2024-9392: A compromised content process could have allowed for the arbitrary loading of cross-origin pages. CVE-2024-9396: It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could lead to...

keycloak -- Missing server identity checks when sending mails via SMTPS

Red Hat reports: A vulnerability was found in Apache Sling Commons Messaging Mailangus-mail, which provides a simple interface for sending emails via SMTPS in OSGi, does not offer an option to enable server identity checks, leaving connections vulnerable to "man-in-the-middle" attacks and can all...

cups-filters -- remote code execution

OpenPrinting reports: Due to the service binding to :631 INADDRANY , multiple bugs in cups-browsed can be exploited in sequence to introduce a malicious printer to the system. This chain of exploits ultimately enables an attacker to execute arbitrary commands remotely on the target machine withou...

qt6-webengine -- Multiple vulnerabilities

Qt qtwebengine-chromium repo reports: Backports for 16 security bugs in Chromium: CVE-2024-9120: Use after free in Dawn CVE-2024-9122: Type Confusion in V8 CVE-2024-9123: Integer overflow in Skia CVE-2024-9369: Insufficient data validation in Mojo CVE-2024-9602: Type confusion in V8 CVE-2024-9603...

php -- Multiple vulnerabilities

php.net reports: CVE-2024-8926: CGI: Fixed bug GHSA-9pqp-7h25-4f32 Bypass of CVE-2024-4577, Parameter Injection Vulnerability. CVE-2024-8927: CGI: Fixed bug GHSA-94p6-54jq-9mwp cgi.forceredirect configuration is bypassable due to the environment variable collision. CVE-2024-9026: FPM: Fixed bug...

Gitlab -- vulnerabilities

Gitlab reports: Maintainer can leak Dependency Proxy password by changing Dependency Proxy URL via crafted POST request AI feature reads unsanitized content, allowing for attacker to hide prompt injection Project reference can be exposed in system notes...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 5 security fixes: 365254285 High CVE-2024-9120: Use after free in Dawn. Reported by Anonymous on 2024-09-08 363538434 High CVE-2024-9121: Inappropriate implementation in V8. Reported by Tashita Software Security on 2024-09-01 365802567 High...

expat -- multiple vulnerabilities

libexpat reports: CVE-2024-45490: Calling function XMLParseBuffer with len 0 without noticing and then calling XMLGetBuffer will have XMLParseBuffer fail to recognize the problem and XMLGetBuffer corrupt memory. With the fix, XMLParseBuffer now complains with error XMLERRORINVALIDARGUMENT just li...

zeek -- potential DoS vulnerability

Tim Wojtulewicz of Corelight reports: The POP3 parser has been hardened to avoid unbounded state growth in the face of one-sided traffic capture or when enabled for non-POP3 traffic...

FreeBSD -- Integer overflow in libnv

Problem Description: A malicious value of size in a structure of packed libnv can cause an integer overflow, leading to the allocation of a smaller buffer than required for the parsed data. The introduced check was incorrect, as it took into account the size of the pointer, not the structure. Thi...

FreeBSD -- bhyve(8) out-of-bounds read access via XHCI emulation

Problem Description: bhyve can be configured to emulate devices on a virtual USB controller XHCI, such as USB tablet devices. An insufficient boundary validation in the USB code could lead to an out-of-bounds read on the heap, which could potentially lead to an arbitrary write and remote code...

qt5-webengine -- Multiple vulnerabilities

Backports for 15 security bugs in Chromium: CVE-2024-4761: Out of bounds write in V8 CVE-2024-5158: Type confusion in V8 CVE-2024-7532: Out of bounds memory access in ANGLE CVE-2024-7965: Inappropriate implementation in V8 CVE-2024-7967: Heap buffer overflow in Fonts CVE-2024-7971: Type confusion...

Gitlab -- vulnerabilities

Gitlab reports: SAML authentication bypass...

SnappyMail -- multiple mXSS in HTML sanitizer

Oskar reports: SnappyMail uses the cleanHtml function to cleanup HTML and CSS in emails. Research discovered that the function has a few bugs which cause an mXSS exploit. Because the function allowed too many invalid HTML elements, it was possible with incorrect markup to trick the browser to "fi...

Gitlab -- vulnerabilities

Gitlab reports: Execute environment stop actions as the owner of the stop action job Prevent code injection in Product Analytics funnels YAML SSRF via Dependency Proxy Denial of Service via sending a large glmsource parameter CIJOBTOKEN can be used to obtain GitLab session token Variables from...

mongodb -- MongoDB Server access to non-initialized memory

[email protected] reports: MongoDB Server may access non-initialized region of memory leading to unexpected behaviour when zero arguments are called in internal aggregation stage...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 4 security fixes: 361461526 High CVE-2024-8636: Heap buffer overflow in Skia. Reported by Renan Rios @hyhy100 on 2024-08-22 361784548 High CVE-2024-8637: Use after free in Media Router. Reported by lime@limeSec from TIANGONG Team of Legendsec at...

Intel CPUs -- multiple vulnerabilities

Intel reports: A potential security vulnerability in the Running Average Power Limit RAPL interface for some Intel Processors may allow information disclosure. Intel has released firmware updates to mitigate this potential vulnerability. A potential security vulnerability in some Intel Processors...

Intel CPUs -- multiple vulnerabilities

Intel reports: A potential security vulnerability in some 4th and 5th Generation Intel Xeon Processors may allow denial of service. Intel released microcode updates to mitigate this potential vulnerability. Potential security vulnerabilities in some Intel Xeon processors using Intel Software Guar...

netatalk3 -- multiple WolfSSL vulnerabilities

Netatalk release reports: WolfSSL 5.7.0 included in netatalk includes multiple security vulnerabilities...

firefox -- Potential memory corruption and exploitable crash

[email protected] reports: An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash...

clamav -- Multiple vulnerabilities

The ClamAV project reports: CVE-2024-20505 A vulnerability in the PDF parsing module of Clam AntiVirus ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to an out of bounds read. An attacker could...

FreeBSD -- bhyve(8) privileged guest escape via USB controller

Problem Description: bhyve can be configured to emulate devices on a virtual USB controller XHCI, such as USB tablet devices. An insufficient boundary validation in the USB code could lead to an out-of-bounds write on the heap, with data controlled by the caller. Impact: A malicious, privileged...

FreeBSD -- Multiple vulnerabilities in libnv

Problem Description: CVE-2024-45287 is a vulnerability that affects both the kernel and userland. A malicious value of size in a structure of packed libnv can cause an integer overflow, leading to the allocation of a smaller buffer than required for the parsed data. CVE-2024-45288 is a...

FreeBSD -- bhyve(8) privileged guest escape via TPM device passthrough

Problem Description: bhyve can be configured to provide access to the host's TPM device, where it passes the communication through an emulated device provided to the guest. This may be performed on the command-line by starting bhyve with the -l tpm,passthru,/dev/tpmX parameters. The MMIO handler...

FreeBSD -- Multiple issues in ctl(4) CAM Target Layer

Problem Description: Several vulnerabilities were found in the ctl subsystem. The function ctlwritebuffer incorrectly set a flag which resulted in a kernel Use-After-Free when a command finished processing CVE-2024-45063. The ctlwritebuffer and ctlreadbuffer functions allocated memory to be...

FreeBSD -- umtx Kernel panic or Use-After-Free

Problem Description: Concurrent removals of such a mapping by using the UMTXSHMDESTROY sub-request of UMTXOPSHM can lead to decreasing the reference count of the object representing the mapping too many times, causing it to be freed too early. Impact: A malicious code exercizing the UMTXSHMDESTRO...

gitea -- multiple issues

Problem Description: Replace v-html with v-text in search inputbox Fix nuget/conan/container packages upload bugs...