cyrus-imapd -- unbounded memory allocation

Cyrus IMAP 3.8.3 Release Notes states: Fixed CVE-2024-34055: Cyrus-IMAP through 3.8.2 and 3.10.0-beta2 allow authenticated attackers to cause unbounded memory allocation by sending many LITERALs in a single command. The IMAP protocol allows for command arguments to be LITERALs of negotiated lengt...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 2 security fixes: 335003891 High CVE-2024-4331: Use after free in Picture In Picture. Reported by Zhenghang Xiao @Kipreyyy on 2024-04-16 333508731 High CVE-2024-4368: Use after free in Dawn. Reported by wgslfuzz on 2024-04-09...

hcode -- buffer overflow in mail.c

The openSUSE project reports: The problematic function in question is putSDN in mail.c. The static variable cp is used as an index for a fixed-sized buffer ibuf. There is a range check: if cp = HDRBUFLEN ... but under certain circumstances, cp can be incremented beyond the buffer size, leading to...

R -- arbitrary code execution vulnerability

HiddenLayer Research reports: Deserialization of untrusted data can occur in the R statistical programming language, enabling a maliciously crafted RDS R Data Serialization formatted file or R package to run arbitrary code on an end user's system...

go -- net: malformed DNS message can cause infinite loop

The Go project reports: net: malformed DNS message can cause infinite loop A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop...

powerdns-recursor -- denial of service

PowerDNS Team reports: PowerDNS Security Advisory 2024-02: if recursive forwarding is configured, crafted responses can lead to a denial of service in Recursor...

Gitlab -- vulnerabilities

Gitlab reports: GitLab account takeover, under certain conditions, when using Bitbucket as an OAuth provider Path Traversal leads to DoS and Restricted File Read Unauthenticated ReDoS in FileFinder when using wildcard filters in project file search Personal Access Token scopes not honoured by...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 4 security fixes: 332546345 Critical CVE-2024-4058: Type Confusion in ANGLE. Reported by Toan suto Pham and Bao zx Pham of Qrious Secure on 2024-04-02 333182464 High CVE-2024-4059: Out of bounds read in V8 API. Reported by Eirik on 2024-04-08 33342062...

py-social-auth-app-django -- Improper Handling of Case Sensitivity

GitHub Advisory Database: Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This...

py-matrix-synapse -- weakness in auth chain indexing allows DoS

Matrix developers report: Weakness in auth chain indexing allows DoS from remote room members through disk fill and high CPU usage. High severity...

ruby -- Arbitrary memory address read vulnerability with Regex search

sp2ip reports: If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings...

exiv2 -- Out-of-bounds read in AsfVideo::streamProperties

Kevin Backhouse reports: An out-of-bounds read was found in Exiv2 version v0.28.2. The vulnerability is in the parser for the ASF video format, which was a new feature in v0.28.0, so Exiv2 versions before v0.28 are not affected. The out-of-bounds read is triggered when Exiv2 is used to read the...

clamav -- Possible crash in the HTML file parser that could cause a denial-of-service (DoS) condition

Błażej Pawłowski reports: A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this...

jenkins -- Terrapin SSH vulnerability in Jenkins CLI client

Jenkins Security Advisory: Description Medium SECURITY-3386 / CVE-2023-48795 Terrapin SSH vulnerability in Jenkins CLI client...

electron{27,28,29} -- multiple vulnerabilities

Electron develpers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-3515. Security: backported fix for CVE-2024-3516. Security: backported fix for CVE-2024-3157. Security: backported fix for CVE-2024-1580...

qt5-webengine -- Multiple vulnerabilities

Backports for 2 security bugs in Chromium: CVE-2024-3157: Out of bounds write in Compositing CVE-2024-3516: Heap buffer overflow in ANGLE...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 23 security fixes: 331358160 High CVE-2024-3832: Object corruption in V8. Reported by Man Yue Mo of GitHub Security Lab on 2024-03-27 331383939 High CVE-2024-3833: Object corruption in WebAssembly. Reported by Man Yue Mo of GitHub Security Lab on...

php -- Multiple vulnerabilities

This update includes 3 security fixes: High CVE-2024-1874: Command injection via array-ish $command parameter of procopen even if bypassshell option enabled on Windows High CVE-2024-1874: Command injection via array-ish $command parameter of procopen even if bypassshell option enabled on Windows...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 3 security fixes: 331237485 High CVE-2024-3157: Out of bounds write in Compositing. Reported by DarkNavy on 2024-03-26 328859176 High CVE-2024-3516: Heap buffer overflow in ANGLE. Reported by Bao zx Pham and Toan suto Pham of Qrious Secure on 2024-03-...

electron{27,28} -- Out of bounds memory access in V8

Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2024-3159...

Gitlab -- Patch Release: 16.10.2, 16.9.4, 16.8.6

Gitlab reports: Stored XSS injected in diff viewer Stored XSS via autocomplete results Redos on Integrations Chat Messages Redos During Parse Junit Test Report...

wordpress -- XSS

The Wordpress team reports: A cross-site scripting XSS vulnerability affecting the Avatar block type...

OpenSSL -- Unbounded memory growth with session handling in TLSv1.3

The OpenSSL project reports: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions...

frr - Multiple vulnerabilities

[email protected] reports: In FRRouting FRR through 9.1, there are multiples vulnerabilities. CVE-2024-31950: buffer overflow and daemon crash in ospfteparseri for OSPF LSA packets CVE-2024-31951: buffer overflow and daemon crash in ospfteparseextlink for OSPF LSA packets...

forgejo -- multiple issues

The forgejo team reports: CVE-2024-24789: The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the...

forgejo -- HTTP/2 CONTINUATION flood in net/http

[email protected] reports: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's heade...

Request Tracker -- information exposure vulnerability

Request Tracker reports: CVE-2024-3262 describes previously viewed pages being stored in the browser cache, which is the typical default behavior of most browsers to enable the "back" button. Someone who gains access to a host computer could potentially view ticket data using the back button, eve...

Apache httpd -- multiple vulnerabilities

The Apache httpd project reports: HTTP/2 DoS by memory exhaustion on endless continuation frames HTTP Response Splitting in multiple modules...

GLPI -- multiple vulnerabilities

GLPI team reports: GLPI 10.0.15 Changelog SECURITY - high Authenticated SQL injection from map search CVE-2024-31456 SECURITY - high Account takeover via SQL Injection in saved searches feature CVE-2024-29889...

electron{27,28} -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-2885. Security: backported fix for CVE-2024-2883. Security: backported fix for CVE-2024-2887. Security: backported fix for CVE-2024-2886...

go -- http2: close connections when receiving too many headers

The Go project reports: http2: close connections when receiving too many headers Maintaining HPACK state requires that we parse and process all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, we don't allocate memory to store the excess headers but...

xorg server -- Multiple vulnerabilities

The X.Org project reports: CVE-2024-31080: Heap buffer overread/data leakage in ProcXIGetSelectedEvents The ProcXIGetSelectedEvents function uses the byte-swapped length of the return data for the amount of data to return to the client, if the client has a different endianness than the X server...

qt6-webengine -- Multiple vulnerabilities

Qt qtwebengine-chromium repo reports: Backports for 16 security bugs in Chromium: CVE-2024-2625: Object lifecycle issue in V8 CVE-2024-2626: Out of bounds read in Swiftshader CVE-2024-2885: Use after free in Dawn CVE-2024-2887: Type Confusion in WebAssembly CVE-2024-3157: Out of bounds write in...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 3 security fixes: 329130358 High CVE-2024-3156: Inappropriate implementation in V8. Reported by Zhenghang Xiao @Kipreyyy on 2024-03-12 329965696 High CVE-2024-3158: Use after free in Bookmarks. Reported by undoingfish on 2024-03-17 330760873 High...

PuTTY and embedders (f.i., filezilla) -- biased RNG with NIST P521/ecdsa-sha2-nistp521 signatures permits recovering private key

Simon Tatham reports: ECDSA signatures using 521-bit keys the NIST P521 curve, otherwise known as ecdsa-sha2-nistp521 were generated with biased random numbers. This permits an attacker in possession of a few dozen signatures to RECOVER THE PRIVATE KEY. Any 521-bit ECDSA private key that PuTTY or...

electron{27,28} -- Object lifecycle issue in V8

Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2024-2625...

Gitlab -- vulnerabilities

Gitlab reports: Stored-XSS injected in Wiki page via Banzai pipeline DOS using crafted emojis...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 7 security fixes: 327807820 Critical CVE-2024-2883: Use after free in ANGLE. Reported by Cassidy Kim@cassidy6564 on 2024-03-03 328958020 High CVE-2024-2885: Use after free in Dawn. Reported by wgslfuzz on 2024-03-11 330575496 High CVE-2024-2886: Use...

phpmyfaq -- multiple vulnerabilities

phpMyFAQ team reports: The phpMyFAQ Team has learned of multiple security issues that'd been discovered in phpMyFAQ 3.2.5 and earlier. phpMyFAQ contains cross-site scripting XSS, SQL injection and bypass vulnerabilities...

emacs -- multiple vulnerabilities

GNU Emacs developers report: Emacs 29.3 is an emergency bugfix release intended to fix several security vulnerabilities. Arbitrary Lisp code is no longer evaluated as part of turning on Org mode. This is for security reasons, to avoid evaluating malicious Lisp code. New buffer-local variable...

jose -- DoS vulnerability

[email protected] reports: latchset jose through version 11 allows attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value...

jenkins -- HTTP/2 denial of service vulnerability in bundled Jetty

Jenkins Security Advisory: Description High SECURITY-3379 / CVE-2024-22201 HTTP/2 denial of service vulnerability in bundled Jetty...

security/shibboleth-idp -- CAS service SSRF

Shibboleth Developers report: The Identity Provider's CAS support relies on a function in the Spring Framework to parse CAS service URLs and append the ticket parameter...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 12 security fixes: 327740539 High CVE-2024-2625: Object lifecycle issue in V8. Reported by Ganjiang Zhou@refrainareu of ChaMd5-H1 team on 2024-03-01 40945098 Medium CVE-2024-2626: Out of bounds read in Swiftshader. Reported by Cassidy Kim@cassidy6564 ...

mediawiki -- multiple vulnerabilities

Mediawiki reports: T355538, CVE-2024-PENDING SECURITY: XSS in edit summary parser. T357760, CVE-2024-PENDING SECURITY: Denial of service vector via GET request to Special:MovePage on pages with thousands of subpages...

amavisd-new -- multipart boundary confusion

The Amavis project reports: Emails which consist of multiple parts Content-Type: multipart/ incorporate boundary information stating at which point one part ends and the next part begins. A boundary is announced by an Content-Type header's boundary parameter. To our current knowledge, RFC2046 and...

electron{27,28} -- Out of bounds memory access in V8

Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2024-2173...

GLPI -- multiple vulnerabilities

GLPI team reports: GLPI 10.0.13 Changelog SECURITY - high SQL Injection in through the search engine CVE-2024-27096 SECURITY - moderate Blind SSRF using Arbitrary Object Instantiation CVE-2024-27098 SECURITY - moderate Stored XSS in dashboards CVE-2024-27104 SECURITY - moderate Reflected XSS in...

quiche -- Multiple Vulnerabilities

Quiche Releases reports: This release includes 2 security fixes: CVE-2024-1410: Unbounded storage of information related to connection ID retirement, in quiche. Reported by Marten Seeman @marten-seeman CVE-2024-1765: Unlimited resource allocation by QUIC CRYPTO frames flooding in quiche. Reported...

databases/mongodb* -- Improper Certificate Validation

MongoDB, Inc. reports: A security vulnerability was found where a server process running MongoDB 3.2.6 or later will allow incoming connections to skip peer certificate validation if the server process was started with TLS enabled net.tls.mode set to allowTLS, preferTLS, or requireTLS and without...