OpenSSL -- Multiple vulnerabilities

The OpenSSL project reports: Possible denial of service in X.509 name checks Moderate severity Applications performing certificate name checks e.g., TLS clients checking server certificates may attempt to read an invalid memory address resulting in abnormal termination of the application process...

forgejo -- multiple vulnerabilities

Problem Description: Replace v-html with v-text in search inputbox Upgrade webpack to v5.94.0 as a precaution to mitigate CVE-2024-43788, although we were not yet able to confirm that this can be exploited in Forgejo...

firefox -- multiple vulnerabilities

[email protected] reports: This entry contains 8 vulnerabilities: CVE-2024-8381: A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the with environment. CVE-2024-8382: Internal browser event interfaces were exposed to web...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 4 security fixes: 357391257 High CVE-2024-8362: Use after free in WebAudio. Reported by Cassidy Kim@cassidy6564 on 2024-08-05 358485426 High CVE-2024-7970: Out of bounds write in V8. Reported by Cassidy Kim@cassidy6564 on 2024-08-09...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 4 security fixes: 351865302 High CVE-2024-7969: Type Confusion in V8. Reported by CFF of Topsec Alpha Team on 2024-07-09 360265320 High CVE-2024-8193: Heap buffer overflow in Skia. Reported by Renan Rios @hyhy100 on 2024-08-16 360533914 High...

forgejo -- The scope of application tokens was not verified when writing containers or Conan packages.

The forgejo team reports: The scope of application tokens was not verified when writing containers or Conan packages. This is of no consequence when the user associated with the application token does not have write access to packages. If the user has write access to packages, such a token can be...

binutils -- Multiple vulnerabilities

[email protected] reports PR/281070: A new version of devel/binutils has been released fixing CVE-2023-1972, CVE-2023-25585, CVE-2023-25586, and CVE-2023-25588...

Gitlab -- vulnerabilities

Gitlab reports: The GitLab Web Interface Does Not Guarantee Information Integrity When Downloading Source Code from Releases Denial of Service by importing maliciously crafted GitHub repository Prompt injection in "Resolve Vulnerabilty" results in arbitrary command execution in victim's pipeline ...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 38 security fixes: 358296941 High CVE-2024-7964: Use after free in Passwords. Reported by Anonymous on 2024-08-08 356196918 High CVE-2024-7965: Inappropriate implementation in V8. Reported by TheDog on 2024-07-30 355465305 High CVE-2024-7966: Out of...

frr - BGP

[email protected] reports: An issue was discovered in FRRouting FRR. bgpattrencap in bgpd/bgpattr.c does not check the actual remaining stream length before taking the TLV value...

electron{29,30} -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-6776. Security: backported fix for CVE-2024-6778. Security: backported fix for CVE-2024-6777. Security: backported fix for CVE-2024-6773. Security: backported fix for CVE-2024-6774...

electron31 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-6989. Security: backported fix for CVE-2024-6991...

nginx -- Vulnerability in the ngx_http_mp4_module

The nginx development team reports: This update fixes the buffer overread vulnerability in the ngxhttpmp4module...

Dovecot -- DoS

Dovecot reports: A DoS is possible with a large number of address headers or abnormally large email headers...

Intel CPUs -- multiple vulnerabilities

Intel reports: A potential security vulnerability in SMI Transfer monitor STM may allow escalation of privilege. Intel has released microcode updates to mitigate this potential vulnerability. A potential security vulnerability in some 3rd Generation Intel Xeon Scalable Processors may allow denial...

Vaultwarden -- Multiple vulnerabilities

The Vaultwarden Team reports: This release has several CVE Reports fixed and we recommend everybody to update to the latest version as soon as possible...

OpenHAB CometVisu addon -- Multiple vulnerabilities

OpenHAB reports: This patch release addresses the following security advisories: SSRF/XSS CometVisu - GHSA-v7gr-mqpj-wwh3 Sensitive information disclosure CometVisu - GHSA-3g4c-hjhr-73rj RCE through path traversal CometVisu - GHSA-f729-58x4-gqgf Path traversal CometVisu - GHSA-pcwp-26pw-j98w All ...

AMD CPUs -- Guest Memory Vulnerabilities

AMD reports: Researchers from IOActive have reported that it may be possible for an attacker with ring 0 access to modify the configuration of System Management Mode SMM even when SMM Lock is enabled. Improper validation in a model specific register MSR could allow a malicious program with ring0...

PostgreSQL -- Prevent unauthorized code execution during pg_dump

PostgreSQL project reports: An attacker able to create and drop non-temporary objects could inject SQL code that would be executed by a concurrent pgdump session with the privileges of the role running pgdump which is often a superuser. The attack involves replacing a sequence or similar object...

FreeBSD -- NFS client accepts file names containing path separators

Problem Description: When mounting a remote filesystem using NFS, the kernel did not sanitize remotely provided filenames for the path separator character, "/". This allows readdir3 and related functions to return filesystem entries with names containing additional path components. Impact: The la...

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description Critical SECURITY-3430 / CVE-2024-43044 Arbitrary file read vulnerability through agent connections can lead to RCE Description Medium SECURITY-3349 / CVE-2024-43045 Missing permission check allows accessing other users' "My Views"...

FreeBSD -- pf incorrectly matches different ICMPv6 states in the state table

Problem Description: In ICMPv6 Neighbor Discovery ND, the ID is always 0. When pf is configured to allow ND and block incoming Echo Requests, a crafted Echo Request packet after a Neighbor Solicitation NS can trigger an Echo Reply. The packet has to come from the same host as the NS and have a ze...

Gitlab -- Vulnerabilities

Gitlab reports: Privilege Escalation via LFS Tokens Granting Unrestricted Repository Access Cross project access of Security policy bot Advanced search ReDOS in highlight for code results Denial of Service via banzai pipeline Denial of service using adoc files ReDoS in RefMatcher when matching...

FreeBSD -- ktrace(2) fails to detach when executing a setuid binary

Problem Description: A logic bug in the code which disables kernel tracing for setuid programs meant that tracing was not disabled when it should have, allowing unprivileged users to trace and inspect the behavior of setuid programs. Impact: The bug may be used by an unprivileged user to read the...

firefox -- multiple vulnerabilities

[email protected] reports: CVE-2024-7531: Calling PK11Encrypt in NSS using CKMCHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the...

firefox -- multiple vulnerabilities

[email protected] reports: This update includes 3 CVEs: The contextual menu for links could provide an opportunity for cross-site scripting attacks. Long pressing on a download link could potentially provide a means for cross-site scripting. Long pressing on a download link could potentially...

firefox -- multiple vulnerabilities

[email protected] reports: Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack...

mozilla products -- spoofing attack

[email protected] reports: Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1...

OpenSSH -- Pre-authentication async signal safety issue

The FreeBSD Project reports: A signal handler in sshd8 may call a logging function that is not async- signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds 120 by default. This signal handler executes in the context of the sshd8's...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 5 security fixes: 350528343 Critical CVE-2024-7532: Out of bounds memory access in ANGLE. Reported by wgslfuzz on 2024-07-02 353552540 High CVE-2024-7533: Use after free in Sharing. Reported by lime@limeSec from TIANGONG Team of Legendsec at QI-ANXIN...

qt5-webengine -- Multiple vulnerabilities

Backports for 6 security bugs in Chromium: CVE-2024-5496: Use after free in Media Session CVE-2024-5846: Use after free in PDFium CVE-2024-6291: Use after free in Swiftshader CVE-2024-6989: Use after free in Loader CVE-2024-6996: Race in Frames CVE-2024-7536: Use after free in WebAudio...

Roundcube -- Multiple vulnerabilities

The Roundcube project reports: XSS vulnerability in post-processing of sanitized HTML content CVE-2024-42009 XSS vulnerability in serving of attachments other than HTML or SVG CVE-2024-42008 information leak access to remote content via insufficient CSS filtering CVE-2024-42010...

Django -- multiple vulnerabilities

Django reports: CVE-2024-41989: Memory exhaustion in django.utils.numberformat.floatformat. CVE-2024-41990: Potential denial-of-service in django.utils.html.urlize. CVE-2024-41991: Potential denial-of-service vulnerability in django.utils.html.urlize and AdminURLFieldWidget. CVE-2024-42005:...

soft-serve -- Remote code execution vulnerability

soft-serve team reports: Arbitrary code execution by crafting git ssh requests It is possible for a user who can commit files to a repository hosted by Soft Serve to execute arbitrary code via environment manipulation and Git...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 3 security fixes: 353034820 Critical CVE-2024-6990: Uninitialized Use in Dawn. Reported by gelatin dessert on 2024-07-15 352872238 High CVE-2024-7255: Out of bounds read in WebTransport. Reported by Marten Richter on 2024-07-13 354748060 High...

Mailpit -- Content Security Policy XSS

Mailpit developer reports: A vulnerability was discovered which allowed a bad actor with SMTP access to Mailpit to bypass the Content Security Policy headers using a series of crafted HTML messages which could result in a stored XSS attack via the web UI...

Gitlab -- Vulnerabilities

Gitlab reports: XSS via the Maven Dependency Proxy Project level analytics settings leaked in DOM Reports can access and download job artifacts despite use of settings to prevent it Direct Transfer - Authorised project/group exports are accessible to other users Bypassing tag check and branch che...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 22 security fixes: 349198731 High CVE-2024-6988: Use after free in Downloads. Reported by lime@limeSec from TIANGONG Team of Legendsec at QI-ANXIN Group on 2024-06-25 349342289 High CVE-2024-6989: Use after free in Loader. Reported by Anonymous on...

electron29 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-6291. Security: backported fix for CVE-2024-6293. Security: backported fix for CVE-2024-6290. Security: backported fix for CVE-2024-6292...

Apache httpd -- Source code disclosure with handlers configured via AddType

The Apache httpd project reports: source code disclosure with handlers configured via AddType CVE-2024-40725 Important: A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar...

MySQL -- Multiple vulnerabilities

Oracle reports: 36 new security patches for Oracle MySQL. 11 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle MySQL is 9.8...

electron29 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-6291. Security: backported fix for CVE-2024-6293. Security: backported fix for CVE-2024-6290. Security: backported fix for CVE-2024-6292...

Gitlab -- vulnerabilities

Gitlab reports: An attacker can run pipeline jobs as an arbitrary user Developer user with admincomplianceframework permission can change group URL Admin push rules custom role allows creation of project level deploy token Package registry vulnerable to manifest confusion User with admingroupmemb...

electron30 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-5493. Security: backported fix for CVE-2024-5831. Security: backported fix for CVE-2024-5832. Security: backported fix for CVE-2024-6100. Security: backported fix for CVE-2024-6101...

Apache httpd -- source code disclosure

The Apache httpd project reports: isource code disclosure with handlers configured via AddType CVE-2024-39884 Important. A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under so...

znc -- remote code execution vulnerability

Mitre reports: In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK...

traefik -- Bypassing IP allow-lists via HTTP/3 early data requests

The traefik authors report: There is a vulnerability in Traefik that allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses...

go -- net/http: denial of service due to improper 100-continue handling

The Go project reports: net/http: denial of service due to improper 100-continue handling The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational 200 or higher status. This mishandling could leave a clien...

Django -- multiple vulnerabilities

Django reports: CVE-2024-38875: Potential denial-of-service in django.utils.html.urlize. CVE-2024-39329: Username enumeration through timing difference for users with unusable passwords. CVE-2024-39330: Potential directory-traversal in django.core.files.storage.Storage.save. CVE-2024-39614:...

Apache httpd -- Multiple vulnerabilities

The Apache httpd project reports: DoS by Null pointer in websocket over HTTP/2 CVE-2024-36387 Low. Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance. Proxy encoding problem...