Unbound -- Denial-of-Service vulnerability

NLNet Labs reports: Unbound 1.18.0 introduced a feature that removes EDE records from responses with size higher than the client's advertised buffer size. Before removing all the EDE records however, it would try to see if trimming the extra text fields on those records would result in an...

Gitlab -- Vulnerabilities

Gitlab reports: Bypassing CODEOWNERS approval allowing to steal protected variables Guest with manage group access tokens can rotate and see group access token with owner permissions...

electron{27,28} -- vulnerability in libxml2

Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2024-25062...

go -- multiple vulnerabilities

The Go project reports reports: crypto/x509: Verify panics on certificates with an unknown public key algorithm Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. net/http: memory exhaustion in...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 3 security fixes: 325893559 High CVE-2024-2173: Out of bounds memory access in V8. Reported by 5fceb6172bbf7e2c5a948183b53565b9 on 2024-02-19 325866363 High CVE-2024-2174: Inappropriate implementation in V8. Reported by 5f46f4ee2e17957ba7b39897fb376be...

electron{27,28} -- Use after free in Mojo

Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2024-1670...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 4 security fixes: 324596281 High CVE-2024-1938: Type Confusion in V8. Reported by 5f46f4ee2e17957ba7b39897fb376be8 on 2024-02-11 323694592 High CVE-2024-1939: Type Confusion in V8. Reported by Bohan Liu @P4nda20371774 of Tencent Security Xuanwu Lab on...

null -- Routinator terminates when RTR connection is reset too quickly after opening

[email protected] reports: Due to a mistake in error checking, Routinator will terminate when an incoming RTR connection is reset by the peer too quickly after opening...

Django -- multiple vulnerabilities

Django reports: CVE-2024-27351: Potential regular expression denial-of-service in django.utils.text.Truncator.words...

dns/c-ares -- malformatted file causes application crash

c-ares project reports: Reading malformatted /etc/resolv.conf, /etc/nsswitch.conf or the HOSTALIASES file could result in a crash...

gitea -- Fix XSS vulnerabilities

Problem Description: The Wiki page did not sanitize author name the reviewer name on a "dismiss review" comment is also affected the migration page has some spots...

electron27 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2024-1283. Security: backported fix for CVE-2024-1284...

Gitlab -- Vulnerabilities

Gitlab reports: Stored-XSS in user's profile page User with "admingroupmembers" permission can invite other groups to gain owner access ReDoS issue in the Codeowners reference extractor LDAP user can reset password using secondary email and login using direct authentication Bypassing group ip...

null -- null

[email protected] reports: On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAPNETBINDSERVICE. Due to a bug in the implementation of this exception, Node....

chromium -- multiple security fixes

Chrome Releases reports: This update includes 12 security fixes: 41495060 High CVE-2024-1669: Out of bounds memory access in Blink. Reported by Anonymous on 2024-01-26 41481374 High CVE-2024-1670: Use after free in Mojo. Reported by Cassidy Kim@cassidy6564 on 2023-12-06 41487933 Medium...

powerdns-recursor -- Multiple Vulnerabilities

[email protected] reports: CVE-2023-50868: The Closest Encloser Proof aspect of the DNS protocol in RFC 5155 when RFC 9276 guidance is skipped allows remote attackers to cause a denial of service CPU consumption for SHA-1 computations via DNSSEC responses in a random subdomain attack, aka the "NSEC3"...

FreeBSD -- bhyveload(8) host file access

Problem Description: bhyveload -h may be used to grant loader access to the directory tree on the host. Affected versions of bhyveload8 do not make any attempt to restrict loader's access to , allowing the loader to read any file the host user has access to. Impact: In the bhyveload8 model, the...

NodeJS -- Vulnerabilities

Node.js reports: Code injection and privilege escalation through Linux capabilities- High http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- High Path traversal by monkey-patching Buffer internals- High setuid does not drop all privileges due to iouring - Hi...

nginx-devel -- Multiple Vulnerabilities in HTTP/3

The nginx development team reports: When using HTTP/3 a segmentation fault might occur in a worker process while processing a specially crafted QUIC session...

FreeBSD -- jail(2) information leak

Problem Description: The jail2 system call has not limited a visiblity of allocated TTYs the kern.ttys sysctl. This gives rise to an information leak about processes outside the current jail. Impact: Attacker can get information about TTYs allocated on the host or in other jails. Effectively, the...

chromium -- security fix

Chrome Releases reports: This update includes 1 security fix...

typo3-{11,12} -- multiple vulnerabilities

Typo3 developers reports: All versions are security releases and contain important security fixes - read the corresponding security advisories here: Path Traversal in TYPO3 File Abstraction Layer Storages CVE-2023-30451 Code Execution in TYPO3 Install Tool CVE-2024-22188 Information Disclosure of...

Grafana -- Data source permission escalation

Grafana Labs reports: The vulnerability impacts Grafana Cloud and Grafana Enterprise instances, and it is exploitable if a user who should not be able to access all data sources is granted permissions to create a data source. By default, only organization Administrators are allowed to create a da...

Composer -- Code execution and possible privilege escalation

Copmposer reports: Code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php. Several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions...

postgresql-server -- non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL

PostgreSQL Project reports: One step of a concurrent refresh command was run under weak security restrictions. If a materialized view's owner could persuade a superuser or other high-privileged user to perform a concurrent refresh on that view, the view's owner could control code executed with th...

Gitlab -- vulnerabilities

Gitlab reports: Restrict group access token creation for custom roles Project maintainers can bypass group's scan result policy blockbranchmodification setting ReDoS in CI/CD Pipeline Editor while verifying Pipeline syntax Resource exhaustion using GraphQL vulnerabilitiesCountByDay...

clamav -- Multiple vulnerabilities

The ClamAV project reports: CVE-2024-20290 A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during...

DNSSEC validators -- denial-of-service/CPU exhaustion from KeyTrap and NSEC3 vulnerabilities

Simon Kelley reports: If DNSSEC validation is enabled, then an attacker who can force a DNS server to validate a specially crafted signed domain can use a lot of CPU in the validator. This only affects dnsmasq installations with DNSSEC enabled. Stichting NLnet Labs reports: The KeyTrap...

Libgit2 -- multiple vulnerabilities

Git community reports: A bug in gitrevparsesingle is fixed that could have caused the function to enter an infinite loop given well-crafted inputs, potentially causing a Denial of Service attack in the calling application A bug in gitrevparsesingle is fixed that could have caused the function to...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 3 security fixes: 41494539 High CVE-2024-1284: Use after free in Mojo. Reported by Anonymous on 2024-01-25 41494860 High CVE-2024-1283: Heap buffer overflow in Skia. Reported by Jorge Buzeti @r3tr074 on 2024-01-25...

phpmyfaq -- multiple vulnerabilities

phpMyFAQ team reports: phpMyFAQ doesn't implement sufficient checks to avoid XSS when storing on attachments filenames. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. phpMyFAQ's user removal...

GLPI -- multiple vulnerabilities

GLPI team reports: GLPI 10.0.12 Changelog SECURITY - moderate Reflected XSS in reports pages CVE-2024-23645 SECURITY - moderate LDAP Injection during authentication CVE-2023-51446...

electron{26,27,28} -- Use after free in Web Audio

Electron developers reports: This update fixes the following vulnerability: Security: backported fix for CVE-2024-0807...

minio -- privilege escalation via permissions inheritance

Minio security advisory GHSA-xx8w-mq23-29g4 ports: When someone creates an access key, it inherits the permissions of the parent key. Not only for s3: actions, but also admin: actions. Which means unless somewhere above in the access-key hierarchy, the admin rights are denied, access keys will be...

curl -- OCSP verification bypass with TLS session reuse

Hiroki Kurosawa reports: curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 4 security fixes: 1511567 High CVE-2024-1060: Use after free in Canvas. Reported by Anonymous on 2023-12-14 1514777 High CVE-2024-1059: Use after free in WebRTC. Reported by Cassidy Kim@cassidy6564 on 2023-12-29 1511085 High CVE-2024-1077: Use after...

OpenSSL -- Multiple vulnerabilities

The OpenSSL project reports: Excessive time spent checking invalid RSA public keys CVE-2023-6237 PKCS12 Decoding crashes CVE-2024-0727...

qt6-webengine -- Multiple vulnerabilities

Qt qtwebengine-chromium repo reports: Backports for 3 security bugs in Chromium: 1505080 High CVE-2024-0807: Use after free in WebAudio 1504936 Critical CVE-2024-0808: Integer underflow in WebUI 1496250 Medium CVE-2024-0810: Insufficient policy enforcement in DevTools...

Gitlab -- vulnerabilities

Gitlab reports: Arbitrary file write while creating workspace ReDoS in Cargo.toml blob viewer Arbitrary API PUT requests via HTML injection in user's name Disclosure of the public email in Tags RSS Feed Non-Member can update MR Assignees of owned MRs...

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description Critical SECURITY-3314 / CVE-2024-23897 Arbitrary file read vulnerability through the CLI can lead to RCE Description High SECURITY-3315 / CVE-2024-23898 Cross-site WebSocket hijacking vulnerability in the CLI...

gitea -- Prevent anonymous container access

Problem Description: Even with RequireSignInView enabled, anonymous users can use docker pull to fetch public images...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 17 security fixes: 1484394 High CVE-2024-0812: Inappropriate implementation in Accessibility. Reported by Anonymous on 2023-09-19 1504936 High CVE-2024-0808: Integer underflow in WebUI. Reported by Lyra Rebane rebane2001 on 2023-11-24 1496250 Medium...

zeek -- potential DoS vulnerability

Tim Wojtulewicz of Corelight reports: A specially-crafted series of packets containing nested MIME entities can cause Zeek to spend large amounts of time parsing the entities...

suricata -- multiple vulnerabilities

Suricata team reports: Multiple vulnerabilities fixed in the last release of suricata. No details have been disclosed yet...

electron26 -- Out of bounds memory access in V8

Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2024-0519...

electron{26,27} -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-0518. Security: backported fix for CVE-2024-0517...

xorg server -- Multiple vulnerabilities

The X.Org project reports: CVE-2023-6816: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255 but the X.Org Server was only...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 4 security fixes: 1515930 High CVE-2024-0517: Out of bounds write in V8. Reported by Toan suto Pham of Qrious Secure on 2024-01-06 1507412 High CVE-2024-0518: Type Confusion in V8. Reported by Ganjiang Zhou@refrainareu of ChaMd5-H1 team on 2023-12-03...

sqlite -- use-after-free bug in jsonparseaddnodearray

[email protected] reports: A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading t...

Gitlab -- vulnerabilities

Gitlab reports: Account Takeover via Password Reset without user interactions Attacker can abuse Slack/Mattermost integrations to execute slash commands as another user Bypass CODEOWNERS approval removal Workspaces able to be created under different root namespace Commit signature validation...