6578 matches found
electron31 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-10231. Security: backported fix for CVE-2024-10229. Security: backported fix for CVE-2024-10487...
icinga2 -- TLS Certificate Validation Bypass
The Icinga project reports: Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate validation in all Icinga 2 versions starting from 2.4.0 was flawed, allowing an attacker to...
Vaultwarden -- Multiple vulnerabilities
The Vaultwarden project reports: This release further fixed some CVE Reports reported by a third party security auditor and we recommend everybody to update to the latest version as soon as possible...
Vaultwarden -- Multiple vulnerabilities
The Vaultwarden project reports: This release has fixed some CVE Reports reported by a third party security auditor and we recommend everybody to update to the latest version as soon as possible...
electron32 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-10230. Security: backported fix for CVE-2024-10231. Security: backported fix for CVE-2024-10229. Security: backported fix for CVE-2024-10487...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 2 security fixes: 370217726 High CVE-2024-10826: Use after free in Family Experiences. Reported by Anonymous on 2024-09-29 375065084 High CVE-2024-10827: Use after free in Serial. Reported by Anonymous on 2024-10-23...
FreeBSD -- Certificate revocation list fetch(1) option fails
Problem Description: The fetch3 library uses environment variables for passing certain information, including the revocation file pathname. The environment variable name used by fetch1 to pass the filename to the library was incorrect, in effect ignoring the option. Impact: Fetch would still...
xorg server -- _XkbSetCompatMap vulnerability
The X.Org project reports: CVE-2024-9632: Heap buffer Heap-based buffer overflow privilege escalation in XkbSetCompatMap The XkbSetCompatMap function attempts to resize the syminterpret buffer. However, It didn't update its size properly. It updated numsi only, without updating sizesi. This may...
FreeBSD -- Multiple issues in the bhyve hypervisor
Problem Description: Several vulnerabilities were found in the bhyve hypervisor's device models. The NVMe driver function nvmeopcgetlogpage is vulnerable to a buffer over- read from a guest-controlled value. CVE-2024-51562 The virtiovqrecordon function is subject to a time-of-check to time-of-use...
gstreamer1-rtsp-server -- Potential Denial-of-Service (DoS) with specially crafted client requests
Qingpeng Du reports: A series of specially crafted client requests during streaming setup post client authentication, if any can cause the RTSP server library to abort, if it has been compiled with assertions enabled...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 2 security fixes: 375123371 Critical CVE-2024-10487: Out of bounds write in Dawn. Reported by Apple Security Engineering and Architecture SEAR on 2024-10-23 374310077 High CVE-2024-10488: Use after free in WebRTC. Reported by Cassidy Kim@cassidy6564 o...
FreeBSD -- Unbounded allocation in ctl(4) CAM Target Layer
Problem Description: The command ctlpersistentreserveout allows the caller to specify an arbitrary size which will be passed to the kernel's memory allocator. Impact: A malicious guest could cause a Denial of Service DoS on the host...
git -- multiple vulnerabilities
Git development team reports: CVE-2024-50349: Printing unsanitized URLs when asking for credentials made the user susceptible to crafted URLs e.g. in recursive clones that mislead the user into typing in passwords for trusted sites that would then be sent to untrusted sites instead. CVE-2024-5200...
forgejo -- multiple vulnerabilities
Problem Description: Forgejo generates a token which is used to authenticate web endpoints that are only meant to be used internally, for instance when the SSH daemon is used to push a commit with Git. The verification of this token was not done in constant time and was susceptible to timing...
openvpn -- too long a username or password from a client can confuse openvpn servers
Frank Lichtenheld reports: OpenVPN v2.6.13 ... improve server-side handling of clients sending usernames or passwords longer than USERPASSLEN - this would not result in a crash, buffer overflow or other security issues, but the server would then misparse incoming IV variables and produce misleadi...
qt5-webengine -- Use after free in Serial
Qt qtwebengine-chromium repo reports: Backports for 1 security bug in Chromium: CVE-2024-10827: Use after free in Serial...
electron31 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-9121. Security: backported fix for CVE-2024-9122. Security: backported fix for CVE-2024-7025. Security: backported fix for CVE-2024-9369. Security: backported fix for CVE-2024-7965...
electron32 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-7966. Security: backported fix for CVE-2024-9370...
Gitlab -- vulnerabilities
Gitlab reports: HTML injection in Global Search may lead to XSS DoS via XML manifest file import...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 3 security fixes: 371011220 High CVE-2024-10229: Inappropriate implementation in Extensions. Reported by Vsevolod Kokorin Slonser of Solidlab on 2024-10-02 371565065 High CVE-2024-10230: Type Confusion in V8. Reported by Seunghyun Lee @0x10n on...
electron{31,32} -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-9602. Security: backported fix for CVE-2024-9603...
OpenSSL -- OOB memory access vulnerability
The OpenSSL project reports: Low-level invalid GF2^m parameters lead to OOB memory access CVE-2024-9143 Low Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes...
element-web -- Potential exposure of access token via authenticated media
Element team reports: Element Web versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally, involving malicious widgets, but other vectors...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 17 security fixes: 367755363 High CVE-2024-9954: Use after free in AI. Reported by DarkNavy on 2024-09-18 370133761 Medium CVE-2024-9955: Use after free in Web Authentication. Reported by anonymous on 2024-09-29 370482421 Medium CVE-2024-9956:...
librewolf -- Undefined behavior in selection node cache
[email protected] reports: When manipulating the selection node cache, an attacker may have been able to cause unexpected behavior, potentially leading to an exploitable crash. This vulnerability affects Firefox 131.0.3...
Gitlab -- vulnerabilities
Gitlab reports: Run pipelines on arbitrary branches An attacker can impersonate arbitrary user SSRF in Analytics Dashboard Viewing diffs of MR with conflicts can be slow HTMLi in OAuth page Deploy Keys can push changes to an archived repository Guests can disclose project templates GitLab instanc...
firefox -- use-after-free code execution
[email protected] reports: An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild...
vscode -- Visual Studio Code for Linux Remote Code Execution Vulnerability
VSCode developers report: Visual Studio Code for Linux Remote Code Execution Vulnerability A remote code execution vulnerability exists in VS Code 1.94.0 and earlier versions in the elevated save flow...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 3 security fixes: 368241697 High CVE-2024-9602: Type Confusion in V8. Reported by Seunghyun Lee @0x10n on 2024-09-20 367818758 High CVE-2024-9603: Type Confusion in V8. Reported by @WeShotTheMoon and @Nguyen Hoang Thach of starlabs on 2024-09-18...
gitea -- token missing access control for packages
Problem Description: Fix bug when a token is given public only...
zeek -- potential DoS vulnerability
Tim Wojtulewicz of Corelight reports: Adding to the POP3 hardening in 7.0.2, the parser now simply discards too many pending commands, rather than any attempting to process them. Further, invalid server responses do not result in command completion anymore. Processing out-of-order commands or...
powerdns-recursor -- denial of service
PowerDNS Team reports: PowerDNS Security Advisory 2024-04: Crafted responses can lead to a denial of service due to cache inefficiencies in the Recursor...
Unbound -- Denial of service attack
NLnet labs report: A vulnerability has been discovered in Unbound when handling replies with very large RRsets that Unbound needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to...
oauth2-proxy -- multiple vulnerabilities
The oauth2-proxy project reports: Vulnerabilities have been addressed: CVE-2024-24786 CVE-2024-24791 CVE-2024-24790 CVE-2024-24784 CVE-2024-28180 CVE-2023-45288...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory: Description Medium SECURITY-3451 / CVE-2024-47803 Exposure of multi-line secrets through error messages in Jenkins Description Medium SECURITY-3448 / CVE-2024-47804 Item creation restriction bypass vulnerability in Jenkins...
redis,valkey -- Multiple vulnerabilities
Redis core team reports: CVE-2024-31449 Lua library commands may lead to stack overflow and potential RCE. CVE-2024-31227 Potential Denial-of-service due to malformed ACL selectors. CVE-2024-31228 Potential Denial-of-service due to unbounded pattern matching...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 4 security fixes: 367764861 High CVE-2024-7025: Integer overflow in Layout. Reported by Tashita Software Security on 2024-09-18 368208152 High CVE-2024-9369: Insufficient data validation in Mojo. Reported by Xiantong Hou and Pisanbao of Wuheng Lab on...
firefox -- multiple vulnerabilities
[email protected] reports: CVE-2024-9392: A compromised content process could have allowed for the arbitrary loading of cross-origin pages. CVE-2024-9396: It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could lead to...
keycloak -- Missing server identity checks when sending mails via SMTPS
Red Hat reports: A vulnerability was found in Apache Sling Commons Messaging Mailangus-mail, which provides a simple interface for sending emails via SMTPS in OSGi, does not offer an option to enable server identity checks, leaving connections vulnerable to "man-in-the-middle" attacks and can all...
cups-filters -- remote code execution
OpenPrinting reports: Due to the service binding to :631 INADDRANY , multiple bugs in cups-browsed can be exploited in sequence to introduce a malicious printer to the system. This chain of exploits ultimately enables an attacker to execute arbitrary commands remotely on the target machine withou...
qt6-webengine -- Multiple vulnerabilities
Qt qtwebengine-chromium repo reports: Backports for 16 security bugs in Chromium: CVE-2024-9120: Use after free in Dawn CVE-2024-9122: Type Confusion in V8 CVE-2024-9123: Integer overflow in Skia CVE-2024-9369: Insufficient data validation in Mojo CVE-2024-9602: Type confusion in V8 CVE-2024-9603...
php -- Multiple vulnerabilities
php.net reports: CVE-2024-8926: CGI: Fixed bug GHSA-9pqp-7h25-4f32 Bypass of CVE-2024-4577, Parameter Injection Vulnerability. CVE-2024-8927: CGI: Fixed bug GHSA-94p6-54jq-9mwp cgi.forceredirect configuration is bypassable due to the environment variable collision. CVE-2024-9026: FPM: Fixed bug...
Gitlab -- vulnerabilities
Gitlab reports: Maintainer can leak Dependency Proxy password by changing Dependency Proxy URL via crafted POST request AI feature reads unsanitized content, allowing for attacker to hide prompt injection Project reference can be exposed in system notes...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 5 security fixes: 365254285 High CVE-2024-9120: Use after free in Dawn. Reported by Anonymous on 2024-09-08 363538434 High CVE-2024-9121: Inappropriate implementation in V8. Reported by Tashita Software Security on 2024-09-01 365802567 High...
zeek -- potential DoS vulnerability
Tim Wojtulewicz of Corelight reports: The POP3 parser has been hardened to avoid unbounded state growth in the face of one-sided traffic capture or when enabled for non-POP3 traffic...
expat -- multiple vulnerabilities
libexpat reports: CVE-2024-45490: Calling function XMLParseBuffer with len 0 without noticing and then calling XMLGetBuffer will have XMLParseBuffer fail to recognize the problem and XMLGetBuffer corrupt memory. With the fix, XMLParseBuffer now complains with error XMLERRORINVALIDARGUMENT just li...
FreeBSD -- bhyve(8) out-of-bounds read access via XHCI emulation
Problem Description: bhyve can be configured to emulate devices on a virtual USB controller XHCI, such as USB tablet devices. An insufficient boundary validation in the USB code could lead to an out-of-bounds read on the heap, which could potentially lead to an arbitrary write and remote code...
FreeBSD -- Integer overflow in libnv
Problem Description: A malicious value of size in a structure of packed libnv can cause an integer overflow, leading to the allocation of a smaller buffer than required for the parsed data. The introduced check was incorrect, as it took into account the size of the pointer, not the structure. Thi...
qt5-webengine -- Multiple vulnerabilities
Backports for 15 security bugs in Chromium: CVE-2024-4761: Out of bounds write in V8 CVE-2024-5158: Type confusion in V8 CVE-2024-7532: Out of bounds memory access in ANGLE CVE-2024-7965: Inappropriate implementation in V8 CVE-2024-7967: Heap buffer overflow in Fonts CVE-2024-7971: Type confusion...
Gitlab -- vulnerabilities
Gitlab reports: SAML authentication bypass...