OpenSSH -- Race condition resulting in potential remote code execution

The OpenSSH project reports: A race condition in sshd8 could allow remote code execution as root on non-OpenBSD systems...

electron29 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-5499. Security: backported fix for CVE-2024-5493. Security: backported fix for CVE-2024-5494. Security: backported fix for CVE-2024-5495. Security: backported fix for CVE-2024-5496...

security/openvpn-auth-ldap -- Fix buffer overflow in challenge/response

Graham Northup reports: A buffer overflow in extractopenvpncr allows attackers with a valid LDAP username and who can control the challenge/response password field to pass a string with more than 14 colons into this field and cause a buffer overflow...

Gitlab -- Vulnerabilities

Gitlab reports: Run pipelines as any user Stored XSS injected in imported project's commit notes CSRF on GraphQL API IntrospectionQuery Remove search results from public projects with unauthorized repos Cross window forgery in user application OAuth flow Project maintainers can bypass group's mer...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 5 security fixes: 342428008 High CVE-2024-6290: Use after free in Dawn. Reported by wgslfuzz on 2024-05-23 40942995 High CVE-2024-6291: Use after free in Swiftshader. Reported by Cassidy Kim@cassidy6564 on 2023-11-15 342545100 High CVE-2024-6292: Use...

emacs -- Arbitrary shell code evaluation vulnerability

GNU Emacs developers report: Emacs 29.4 is an emergency bugfix release intended to fix a security vulnerability. Arbitrary shell commands are no longer run when turning on Org mode in order to avoid running malicious code...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 6 security fixes: 344608204 High CVE-2024-6100: Type Confusion in V8. Reported by Seunghyun Lee @0x10n participating in SSD Secure Disclosure's TyphoonPWN 2024 on 2024-06-04 343748812 High CVE-2024-6101: Inappropriate implementation in WebAssembly...

netatalk3 -- Multiple vulnerabilities

[email protected] reports: This entry documents the following three vulnerabilities: Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuflen to '\0' in FPMapName in afpmapname in etc/afpd/directory.c. 2.4.1 and 3.1.19 are also fixed versions...

Gitlab -- Vulnerabilities

Gitlab reports: ReDoS in gomod dependency linker ReDoS in CI interpolation fix bypass ReDoS in Asana integration issue mapping when webhook is called XSS and content injection when viewing raw XHTML files on iOS devices Missing agentk request validation could cause KAS to panic...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 21 security fixes: 342456991 High CVE-2024-5830: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2024-05-24 339171223 High CVE-2024-5831: Use after free in Dawn. Reported by wgslfuzz on 2024-05-07 340196361 High CVE-2024-5832: U...

mozilla firefox -- protocol information guessing

[email protected] reports: By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12...

traefik -- Azure Identity Libraries Elevation of Privilege Vulnerability

The traefik authors report: There is a vulnerability in Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability...

firefox -- Multiple vulnerabilities

[email protected] reports: CVE-2024-5697: A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox. CVE-2024-5698: By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a text box ove...

Composer -- Multiple command injections via malicious git/hg branch names

Composer project reports: The status, reinstall and remove commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. The composer install command running inside a git/hg repository which has specially crafted bran...

kanboard -- Project Takeover via IDOR in ProjectPermissionController

[email protected] reports: Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser. The users permission to add users to a project only get checked on the URL parameter projectid. I...

traefik -- Unexpected behavior with IPv4-mapped IPv6 addresses

The traefik authors report: There is a vulnerability in Go managing various Is methods IsPrivate, IsLoopback, etc for IPv4-mapped IPv6 addresses. They didn't work as expected returning false for addresses which would return true in their traditional IPv4 forms...

go -- multiple vulnerabilities

The Go project reports: archive/zip: mishandling of corrupt central directory record The archive/zip package's handling of certain types of invalid zip files differed from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary...

GLPI -- multiple vulnerabilities

GLPI team reports: GLPI 10.0.16 Changelog SECURITY - high Account takeover via SQL Injection in AJAX scripts CVE-2024-37148 SECURITY - high Remote code execution through the plugin loader CVE-2024-37149 SECURITY - moderate Authenticated file upload to restricted tickets CVE-2024-37147...

plasma[56]-plasma-workspace -- Unauthorized users can access session manager

David Edmundson reports: KSmserver, KDE's XSMP manager, incorrectly allows connections via ICE based purely on the host, allowing all local connections. This allows another user on the same machine to gain access to the session manager. A well crafted client could use the session restore feature ...

qt6-webengine -- Multiple vulnerabilities

Qt qtwebengine-chromium repo reports: Backports for 7 security bugs in Chromium: CVE-2024-4948: Use after free in Dawn CVE-2024-5274: Type Confusion in V8 CVE-2024-5493: Heap buffer overflow in WebRTC CVE-2024-5494: Use after free in Dawn CVE-2024-5495: Use after free in Dawn CVE-2024-5496: Use...

qt5-webengine -- Multiple vulnerabilities

Backports for 5 security bugs in Chromium: CVE-2024-3837: Use after free in QUIC CVE-2024-3839: Out of bounds read in Fonts CVE-2024-3914: Use after free in V8 CVE-2024-4058: Type confusion in ANGLE CVE-2024-4558: Use after free in ANGLE...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 11 security fixes: 339877165 High CVE-2024-5493: Heap buffer overflow in WebRTC. Reported by Cassidy Kim@cassidy6564 on 2024-05-11 338071106 High CVE-2024-5494: Use after free in Dawn. Reported by wgslfuzz on 2024-05-01 338103465 High CVE-2024-5495: U...

nginx -- Multiple Vulnerabilities in HTTP/3

The nginx development team reports: This update fixes the following vulnerabilities: Stack overflow and use-after-free in HTTP/3 Buffer overwrite in HTTP/3 Memory disclosure in HTTP/3 NULL pointer dereference in HTTP/3...

minio -- unintentional information disclosure

Minio security advisory GHSA-95fr-cm4m-q5p9 reports: when used with anonymous requests by sending a random object name requests you can figure out if the object exists or not on the server on a specific bucket and also gain access to some amount of information...

OpenSSL -- Use after free vulnerability

The OpenSSL project reports: Use After Free with SSLfreebuffers low. Calling the OpenSSL API function SSLfreebuffers may cause memory to be accessed that was previously freed in some situations...

chromium -- security fix

Chrome Releases reports: This update includes 1 security fix: 341663589 High CVE-2024-5274: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group and Brendon Tiszka of Chrome Security on 2024-05-20...

python -- several vulnerabilities

Hugo van Kemenade reports: Python 3.14.2 and 3.13.11 are now available ... and come with some bonus security fixes. gh-142145: Remove quadratic behavior in node ID cache clearing CVE-2025-12084 gh-119451: Fix a potential denial of service in http.client only in 3.13; CVE-2025-13836 gh-119452: Fix...

electron29 -- use after free in Dawn

Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2024-4948...

electron28 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-4948. Security: backported fix for CVE-2024-3914. Security: backported fix for CVE-2024-4060. Security: backported fix for CVE-2024-4058. Security: backported fix for CVE-2024-4558...

Gitlab -- Vulnerabilities

Gitlab reports: 1-click account takeover via XSS in the code editor in gitlab.com A DOS vulnerability in the 'description' field of the runner CSRF via K8s cluster-integration Using Set Pipeline Status of a Commit API incorrectly create a new pipeline when SHA and pipelineid did not match Redos o...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 15 security fixes: 336012573 High CVE-2024-5157: Use after free in Scheduling. Reported by Looben Yang on 2024-04-21 338908243 High CVE-2024-5158: Type Confusion in V8. Reported by Zhenghang Xiao @Kipreyyy on 2024-05-06 335613092 High CVE-2024-5159:...

Roundcube -- Cross-site scripting vulnerabilities

The Roundcube project reports: cross-site scripting XSS vulnerability in handling SVG animate attributes. cross-site scripting XSS vulnerability in handling list columns from user preferences...

openvpn -- two security fixes

Gert Doering reports that OpenVPN 2.6.11 fixes two security bugs three on Windows: CVE-2024-5594: control channel: refuse control channel messages with nonprintable characters in them. Security scope: a malicious openvpn peer can send garbage to openvpn log, or cause high CPU load. Reynir Björnss...

OpenSSL -- Denial of Service vulnerability

The OpenSSL project reports: Excessive time spent checking DSA keys and parameters Low Checking excessively long DSA keys or parameters may be very slow...

electron29 -- setuid() does not affect libuv's internal io_uring

Electron developers report: This update fixes the following vulnerability: Backported fix for CVE-2024-22017...

Intel CPUs -- multiple vulnerabilities

Intel reports: Potential security vulnerabilities in some Intel Trust Domain Extensions TDX module software may allow escalation of privilege. Improper input validation in some Intel TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of...

Arti -- Security issues related to circuit construction

Tor Project reports: When building anonymizing circuits to or from an onion service with 'lite' vanguards the default enabled, the circuit manager code would build the circuits with one hop too few. When 'full' vanguards are enabled, some circuits are supposed to be built with an extra hop to...

dnsdist -- Transfer requests received over DoH can lead to a denial of service

PowerDNS Security Advisory reports: When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer AXFR or IXFR over DNS over...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 1 security fix: 339458194 High CVE-2024-4761: Out of bounds write in V8. Reported by Anonymous on 2024-05-09...

electron29 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-3914. Security: backported fix for CVE-2024-4558...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 1 security fix: 339266700 High CVE-2024-4671: Use after free in Visuals. Reported by Anonymous on 2024-05-07...

PostgreSQL server -- Potentially allowing authenicated database users to see data that they shouldn't.

PostgreSQL project reports: A security vulnerability was found in the system views pgstatsext and pgstatsextexprs, potentially allowing authenticated database users to see data they shouldn't. If this is of concern in your installation, run the SQL script...

QtNetworkAuth -- predictable seeding of PRNG in QAbstractOAuth

Andy Shaw reports: The OAuth1 implementation in QtNetworkAuth created nonces using a PRNG that was seeded with a predictable seed. This means that an attacker that can somehow control the time of the first OAuth1 flow of the process has a high chance of predicting the nonce used in said OAuth flo...

Gitlab -- vulnerabilities

Gitlab reports: ReDoS in branch search when using wildcards ReDoS in markdown render pipeline Redos on Discord integrations Redos on Google Chat Integration Denial of Service Attack via Pin Menu DoS by filtering tags and branches via the API MR approval via CSRF in SAML SSO Banned user from group...

tailscale -- Insufficient inbound packet filtering in subnet routers and exit nodes

Tailscale team reports: In Tailscale versions earlier than 1.66.0, exit nodes, subnet routers, and app connectors, could allow inbound connections to other tailnet nodes from their local area network LAN. This vulnerability only affects Linux exit nodes, subnet routers, and app connectors in...

Jinja2 -- Vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter

[email protected] reports: Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate...

electron29 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-4060. Security: backported fix for CVE-2024-4058...

qt6-base (core module) -- Invalid pointer in QStringConverter

Andy Shaw reports: QStringConverter has an invalid pointer being passed as a callback which can allow modification of the stack. Qt itself is not vulnerable to remote attack however an application using QStringDecoder either directly or indirectly can be vulnerable. This requires: the attacker be...

cyrus-imapd -- unbounded memory allocation

Cyrus IMAP 3.8.3 Release Notes states: Fixed CVE-2024-34055: Cyrus-IMAP through 3.8.2 and 3.10.0-beta2 allow authenticated attackers to cause unbounded memory allocation by sending many LITERALs in a single command. The IMAP protocol allows for command arguments to be LITERALs of negotiated lengt...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 2 security fixes: 335003891 High CVE-2024-4331: Use after free in Picture In Picture. Reported by Zhenghang Xiao @Kipreyyy on 2024-04-16 333508731 High CVE-2024-4368: Use after free in Dawn. Reported by wgslfuzz on 2024-04-09...