6579 matches found
Gitlab -- vulnerabilities
Gitlab reports: SAML authentication bypass...
SnappyMail -- multiple mXSS in HTML sanitizer
Oskar reports: SnappyMail uses the cleanHtml function to cleanup HTML and CSS in emails. Research discovered that the function has a few bugs which cause an mXSS exploit. Because the function allowed too many invalid HTML elements, it was possible with incorrect markup to trick the browser to "fi...
Gitlab -- vulnerabilities
Gitlab reports: Execute environment stop actions as the owner of the stop action job Prevent code injection in Product Analytics funnels YAML SSRF via Dependency Proxy Denial of Service via sending a large glmsource parameter CIJOBTOKEN can be used to obtain GitLab session token Variables from...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 4 security fixes: 361461526 High CVE-2024-8636: Heap buffer overflow in Skia. Reported by Renan Rios @hyhy100 on 2024-08-22 361784548 High CVE-2024-8637: Use after free in Media Router. Reported by lime@limeSec from TIANGONG Team of Legendsec at...
Intel CPUs -- multiple vulnerabilities
Intel reports: A potential security vulnerability in the Running Average Power Limit RAPL interface for some Intel Processors may allow information disclosure. Intel has released firmware updates to mitigate this potential vulnerability. A potential security vulnerability in some Intel Processors...
mongodb -- MongoDB Server access to non-initialized memory
[email protected] reports: MongoDB Server may access non-initialized region of memory leading to unexpected behaviour when zero arguments are called in internal aggregation stage...
Intel CPUs -- multiple vulnerabilities
Intel reports: A potential security vulnerability in some 4th and 5th Generation Intel Xeon Processors may allow denial of service. Intel released microcode updates to mitigate this potential vulnerability. Potential security vulnerabilities in some Intel Xeon processors using Intel Software Guar...
netatalk3 -- multiple WolfSSL vulnerabilities
Netatalk release reports: WolfSSL 5.7.0 included in netatalk includes multiple security vulnerabilities...
firefox -- Potential memory corruption and exploitable crash
[email protected] reports: An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash...
clamav -- Multiple vulnerabilities
The ClamAV project reports: CVE-2024-20505 A vulnerability in the PDF parsing module of Clam AntiVirus ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to an out of bounds read. An attacker could...
FreeBSD -- Multiple vulnerabilities in libnv
Problem Description: CVE-2024-45287 is a vulnerability that affects both the kernel and userland. A malicious value of size in a structure of packed libnv can cause an integer overflow, leading to the allocation of a smaller buffer than required for the parsed data. CVE-2024-45288 is a...
FreeBSD -- umtx Kernel panic or Use-After-Free
Problem Description: Concurrent removals of such a mapping by using the UMTXSHMDESTROY sub-request of UMTXOPSHM can lead to decreasing the reference count of the object representing the mapping too many times, causing it to be freed too early. Impact: A malicious code exercizing the UMTXSHMDESTRO...
FreeBSD -- bhyve(8) privileged guest escape via USB controller
Problem Description: bhyve can be configured to emulate devices on a virtual USB controller XHCI, such as USB tablet devices. An insufficient boundary validation in the USB code could lead to an out-of-bounds write on the heap, with data controlled by the caller. Impact: A malicious, privileged...
FreeBSD -- bhyve(8) privileged guest escape via TPM device passthrough
Problem Description: bhyve can be configured to provide access to the host's TPM device, where it passes the communication through an emulated device provided to the guest. This may be performed on the command-line by starting bhyve with the -l tpm,passthru,/dev/tpmX parameters. The MMIO handler...
FreeBSD -- Multiple issues in ctl(4) CAM Target Layer
Problem Description: Several vulnerabilities were found in the ctl subsystem. The function ctlwritebuffer incorrectly set a flag which resulted in a kernel Use-After-Free when a command finished processing CVE-2024-45063. The ctlwritebuffer and ctlreadbuffer functions allocated memory to be...
OpenSSL -- Multiple vulnerabilities
The OpenSSL project reports: Possible denial of service in X.509 name checks Moderate severity Applications performing certificate name checks e.g., TLS clients checking server certificates may attempt to read an invalid memory address resulting in abnormal termination of the application process...
forgejo -- multiple vulnerabilities
Problem Description: Replace v-html with v-text in search inputbox Upgrade webpack to v5.94.0 as a precaution to mitigate CVE-2024-43788, although we were not yet able to confirm that this can be exploited in Forgejo...
gitea -- multiple issues
Problem Description: Replace v-html with v-text in search inputbox Fix nuget/conan/container packages upload bugs...
firefox -- multiple vulnerabilities
[email protected] reports: This entry contains 8 vulnerabilities: CVE-2024-8381: A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the with environment. CVE-2024-8382: Internal browser event interfaces were exposed to web...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 4 security fixes: 357391257 High CVE-2024-8362: Use after free in WebAudio. Reported by Cassidy Kim@cassidy6564 on 2024-08-05 358485426 High CVE-2024-7970: Out of bounds write in V8. Reported by Cassidy Kim@cassidy6564 on 2024-08-09...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 4 security fixes: 351865302 High CVE-2024-7969: Type Confusion in V8. Reported by CFF of Topsec Alpha Team on 2024-07-09 360265320 High CVE-2024-8193: Heap buffer overflow in Skia. Reported by Renan Rios @hyhy100 on 2024-08-16 360533914 High...
forgejo -- The scope of application tokens was not verified when writing containers or Conan packages.
The forgejo team reports: The scope of application tokens was not verified when writing containers or Conan packages. This is of no consequence when the user associated with the application token does not have write access to packages. If the user has write access to packages, such a token can be...
binutils -- Multiple vulnerabilities
[email protected] reports PR/281070: A new version of devel/binutils has been released fixing CVE-2023-1972, CVE-2023-25585, CVE-2023-25586, and CVE-2023-25588...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 38 security fixes: 358296941 High CVE-2024-7964: Use after free in Passwords. Reported by Anonymous on 2024-08-08 356196918 High CVE-2024-7965: Inappropriate implementation in V8. Reported by TheDog on 2024-07-30 355465305 High CVE-2024-7966: Out of...
Gitlab -- vulnerabilities
Gitlab reports: The GitLab Web Interface Does Not Guarantee Information Integrity When Downloading Source Code from Releases Denial of Service by importing maliciously crafted GitHub repository Prompt injection in "Resolve Vulnerabilty" results in arbitrary command execution in victim's pipeline ...
frr - BGP
[email protected] reports: An issue was discovered in FRRouting FRR. bgpattrencap in bgpd/bgpattr.c does not check the actual remaining stream length before taking the TLV value...
electron{29,30} -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-6776. Security: backported fix for CVE-2024-6778. Security: backported fix for CVE-2024-6777. Security: backported fix for CVE-2024-6773. Security: backported fix for CVE-2024-6774...
electron31 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-6989. Security: backported fix for CVE-2024-6991...
nginx -- Vulnerability in the ngx_http_mp4_module
The nginx development team reports: This update fixes the buffer overread vulnerability in the ngxhttpmp4module...
Dovecot -- DoS
Dovecot reports: A DoS is possible with a large number of address headers or abnormally large email headers...
Intel CPUs -- multiple vulnerabilities
Intel reports: A potential security vulnerability in SMI Transfer monitor STM may allow escalation of privilege. Intel has released microcode updates to mitigate this potential vulnerability. A potential security vulnerability in some 3rd Generation Intel Xeon Scalable Processors may allow denial...
Vaultwarden -- Multiple vulnerabilities
The Vaultwarden Team reports: This release has several CVE Reports fixed and we recommend everybody to update to the latest version as soon as possible...
OpenHAB CometVisu addon -- Multiple vulnerabilities
OpenHAB reports: This patch release addresses the following security advisories: SSRF/XSS CometVisu - GHSA-v7gr-mqpj-wwh3 Sensitive information disclosure CometVisu - GHSA-3g4c-hjhr-73rj RCE through path traversal CometVisu - GHSA-f729-58x4-gqgf Path traversal CometVisu - GHSA-pcwp-26pw-j98w All ...
AMD CPUs -- Guest Memory Vulnerabilities
AMD reports: Researchers from IOActive have reported that it may be possible for an attacker with ring 0 access to modify the configuration of System Management Mode SMM even when SMM Lock is enabled. Improper validation in a model specific register MSR could allow a malicious program with ring0...
PostgreSQL -- Prevent unauthorized code execution during pg_dump
PostgreSQL project reports: An attacker able to create and drop non-temporary objects could inject SQL code that would be executed by a concurrent pgdump session with the privileges of the role running pgdump which is often a superuser. The attack involves replacing a sequence or similar object...
Gitlab -- Vulnerabilities
Gitlab reports: Privilege Escalation via LFS Tokens Granting Unrestricted Repository Access Cross project access of Security policy bot Advanced search ReDOS in highlight for code results Denial of Service via banzai pipeline Denial of service using adoc files ReDoS in RefMatcher when matching...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory: Description Critical SECURITY-3430 / CVE-2024-43044 Arbitrary file read vulnerability through agent connections can lead to RCE Description Medium SECURITY-3349 / CVE-2024-43045 Missing permission check allows accessing other users' "My Views"...
FreeBSD -- ktrace(2) fails to detach when executing a setuid binary
Problem Description: A logic bug in the code which disables kernel tracing for setuid programs meant that tracing was not disabled when it should have, allowing unprivileged users to trace and inspect the behavior of setuid programs. Impact: The bug may be used by an unprivileged user to read the...
FreeBSD -- pf incorrectly matches different ICMPv6 states in the state table
Problem Description: In ICMPv6 Neighbor Discovery ND, the ID is always 0. When pf is configured to allow ND and block incoming Echo Requests, a crafted Echo Request packet after a Neighbor Solicitation NS can trigger an Echo Reply. The packet has to come from the same host as the NS and have a ze...
FreeBSD -- NFS client accepts file names containing path separators
Problem Description: When mounting a remote filesystem using NFS, the kernel did not sanitize remotely provided filenames for the path separator character, "/". This allows readdir3 and related functions to return filesystem entries with names containing additional path components. Impact: The la...
firefox -- multiple vulnerabilities
[email protected] reports: Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 5 security fixes: 350528343 Critical CVE-2024-7532: Out of bounds memory access in ANGLE. Reported by wgslfuzz on 2024-07-02 353552540 High CVE-2024-7533: Use after free in Sharing. Reported by lime@limeSec from TIANGONG Team of Legendsec at QI-ANXIN...
OpenSSH -- Pre-authentication async signal safety issue
The FreeBSD Project reports: A signal handler in sshd8 may call a logging function that is not async- signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds 120 by default. This signal handler executes in the context of the sshd8's...
firefox -- multiple vulnerabilities
[email protected] reports: This update includes 3 CVEs: The contextual menu for links could provide an opportunity for cross-site scripting attacks. Long pressing on a download link could potentially provide a means for cross-site scripting. Long pressing on a download link could potentially...
mozilla products -- spoofing attack
[email protected] reports: Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1...
firefox -- multiple vulnerabilities
[email protected] reports: CVE-2024-7531: Calling PK11Encrypt in NSS using CKMCHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the...
qt5-webengine -- Multiple vulnerabilities
Backports for 6 security bugs in Chromium: CVE-2024-5496: Use after free in Media Session CVE-2024-5846: Use after free in PDFium CVE-2024-6291: Use after free in Swiftshader CVE-2024-6989: Use after free in Loader CVE-2024-6996: Race in Frames CVE-2024-7536: Use after free in WebAudio...
Roundcube -- Multiple vulnerabilities
The Roundcube project reports: XSS vulnerability in post-processing of sanitized HTML content CVE-2024-42009 XSS vulnerability in serving of attachments other than HTML or SVG CVE-2024-42008 information leak access to remote content via insufficient CSS filtering CVE-2024-42010...
soft-serve -- Remote code execution vulnerability
soft-serve team reports: Arbitrary code execution by crafting git ssh requests It is possible for a user who can commit files to a repository hosted by Soft Serve to execute arbitrary code via environment manipulation and Git...
Django -- multiple vulnerabilities
Django reports: CVE-2024-41989: Memory exhaustion in django.utils.numberformat.floatformat. CVE-2024-41990: Potential denial-of-service in django.utils.html.urlize. CVE-2024-41991: Potential denial-of-service vulnerability in django.utils.html.urlize and AdminURLFieldWidget. CVE-2024-42005:...