electron{26,27} -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-0224. Security: backported fix for CVE-2024-0225. Security: backported fix for CVE-2024-0223. Security: backported fix for CVE-2024-0222...

Django -- multiple vulnerabilities

Django reports: CVE-2024-24680:Potential denial-of-service in intcomma template filter...

OpenSSL -- Vector register corruption on PowerPC

The OpenSSL Team reports: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions...

chromium -- security fix

Chrome Releases reports: This update includes 1 security fix: 1513379 High CVE-2024-0333: Insufficient data validation in Extensions. Reported by Malcolm Stagg @malcolmst of SODIUM-24, LLC on 2023-12-20...

qt5-webengine -- Multiple vulnerabilities

Qt qtwebengine-chromium repo reports: Backports for 8 security bugs in Chromium: 1505053 High CVE-2023-6345: Integer overflow in Skia 1501326 High CVE-2023-6702: Type Confusion in V8 1513170 High CVE-2023-7024: Heap buffer overflow in WebRTC 1501798 High CVE-2024-0222: Use after free in ANGLE...

qt6-webengine -- Multiple vulnerabilities

Qt qtwebengine-chromium repo reports: Backports for 15 security bugs in Chromium: 1505053 High CVE-2023-6345: Integer overflow in Skia 1500856 High CVE-2023-6346: Use after free in WebAudio 1494461 High CVE-2023-6347: Use after free in Mojo 1501326 High CVE-2023-6702: Type Confusion in V8 1502102...

electron26 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-6704. Security: backported fix for CVE-2023-6705. Security: backported fix for CVE-2023-6703. Security: backported fix for CVE-2023-6702...

electron27 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-6706. Security: backported fix for CVE-2023-6705. Security: backported fix for CVE-2023-6703. Security: backported fix for CVE-2023-6702. Security: backported fix for CVE-2023-6704...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 6 security fixes: 1501798 High CVE-2024-0222: Use after free in ANGLE. Reported by Toan suto Pham of Qrious Secure on 2023-11-13 1505009 High CVE-2024-0223: Heap buffer overflow in ANGLE. Reported by Toan suto Pham and Tri Dang of Qrious Secure on...

p5-Spreadsheet-ParseExcel -- Remote Code Execution Vulnerability

Spreadsheet-ParseExcel reports: Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution ACE vulnerability due to passing unvalidated input from a file into a string-type eval "eval". Specifically, the...

electron{26,27} -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-6508. Security: backported fix for CVE-2023-7024...

chromium -- security fix

Chrome Releases reports: This update includes 1 security fix: 1513170 High CVE-2023-7024: Heap buffer overflow in WebRTC. Reported by Clément Lecigne and Vlad Stolyarov of Google's Threat Analysis Group on 2023-12-19...

gitea -- Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin

The Gitea team reports: Update golang.org/x/crypto...

FreeBSD -- Prefix Truncation Attack in the SSH protocol

Problem Description: The SSH protocol executes an initial handshake between the server and the client. This protocol handshake includes the possibility of several extensions allowing different options to be selected. Validation of the packets in the handshake is done through sequence numbers...

QtNetwork -- potential buffer overflow

Andy Shaw reports: A potential integer overflow has been discovered in Qt's HTTP2 implementation. If the HTTP2 implementation receives more than 4GiB in total headers, or more than 2GiB for any given header pair, then the internal buffers may overflow...

GLPI -- multiple vulnerabilities

GLPI team reports: GLPI 10.0.11 Changelog SECURITY - moderate Authenticated SQL Injection CVE-2023-43813 SECURITY - high SQL injection through inventory agent request CVE-2023-46727 SECURITY - high Remote code execution from LDAP server configuration form on PHP 7.4 CVE-2023-46726...

Gitlab -- vulnerabilities

Gitlab reports: Smartcard authentication allows impersonation of arbitrary user using user's public certificate When subgroup is allowed to merge or push to protected branches, subgroup members with the Developer role may gain the ability to push or merge The GitLab web interface does not ensure...

xorg-server -- Multiple vulnerabilities

The X.Org project reports: CVE-2023-6377/ZDI-CAN-22412/ZDI-CAN-22413: X.Org server: Out-of-bounds memory write in XKB button actions A device has XKB button actions for each button on the device. When a logical device switch happens e.g. moving from a touchpad to a mouse, the server re-calculates...

FreeBSD -- NFS client data corruption and kernel memory disclosure

Problem Description: In FreeBSD 13.2 and 14.0, the NFS client was optimized to improve the performance of IOAPPEND writes, that is, writes which add data to the end of a file and so extend its size. This uncovered an old bug in some routines which copy userspace data into the kernel. The bug also...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 9 security fixes: 1501326 High CVE-2023-6702: Type Confusion in V8. Reported by Zhiyi Zhang and Zhunki from Codesafe Team of Legendsec at Qi'anxin Group on 2023-11-10 1502102 High CVE-2023-6703: Use after free in Blink. Reported by Cassidy...

electron25 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-6350. Security: backported fix for CVE-2023-6351...

FreeBSD -- TCP spoofing vulnerability in pf(4)

Problem Description: As part of its stateful TCP connection tracking implementation, pf performs sequence number validation on inbound packets. This makes it difficult for a would-be attacker to spoof the sender and inject packets into a TCP stream, since crafted packets must contain sequence...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 10 security fixes: 1497984 High CVE-2023-6508: Use after free in Media Stream. Reported by Cassidy Kim@cassidy6564 on 2023-10-31 1494565 High CVE-2023-6509: Use after free in Side Panel Search. Reported by Khalil Zhani on 2023-10-21 1480152 Medium...

electron25 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-6345. Security: backported fix for CVE-2023-6346. Security: backported fix for CVE-2023-6347...

Gitlab -- Vulnerabilities

Gitlab reports: XSS and ReDoS in Markdown via Banzai pipeline of Jira Members with admingroupmember custom permission can add members with higher role Release Description visible in public projects despite release set as project members only through atom response Manipulate the repository content...

electron26 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-6345. Security: backported fix for CVE-2023-6346. Security: backported fix for CVE-2023-6347. Security: backported fix for CVE-2023-6350...

slurm-wlm -- Several security issues

Slurm releases notes: Description CVE-2023-49933 through CVE-2023-49938 Slurm versions 23.11.1, 23.02.7, 22.05.11 are now available and address a number of recently-discovered security issues. They've been assigned CVE-2023-49933 through CVE-2023-49938...

rclone -- Multiple vulnerabilities

Multiple vulnerabilities in ssh and golang CVE-2023-45286: HTTP request body disclosure in go-resty disclosure across requests. CVE-2023-48795: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 7 security fixes: 1491459 High CVE-2023-6348: Type Confusion in Spellcheck. Reported by Mark Brand of Google Project Zero on 2023-10-10 1494461 High CVE-2023-6347: Use after free in Mojo. Reported by Leecraso and Guang Gong of 360 Vulnerability Resear...

electron{25,26} -- use after free in Garbage Collection

Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2023-5997...

strongSwan -- vulnerability in charon-tkm

strongSwan reports: A vulnerability in charon-tkm related to processing DH public values was discovered in strongSwan that can result in a buffer overflow and potentially remote code execution. All versions since 5.3.0 are affected...

electron{25,26} -- use after free in WebAudio

Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2023-5996...

TinyMCE -- mXSS in multiple plugins

TinyMCE reports: Special characters in unescaped text nodes can trigger mXSS when using TinyMCE undo/redo, getContentAPI, resetContentAPI, and Autosave plugin...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 4 security fixes: 1497997 High CVE-2023-5997: Use after free in Garbage Collection. Reported by Anonymous on 2023-10-31 1499298 High CVE-2023-6112: Use after free in Navigation. Reported by Sergei Glazunov of Google Project Zero on 2023-11-04...

typo3 -- Multiple vulnerabilities

[email protected] reports: Weak Authentication in Session Handling in typo3/cms-core: In typo3 installations there are always at least two different sites. Eg. first.example.org and second.example.com. In affected versions a session cookie generated for the first site can be reused o...

MariaDB -- Denial-of-Service vulnerability

The MariaDB project reports: Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete...

varnish -- HTTP/2 Rapid Reset Attack

Varnish Cache Project reports: A denial of service attack can be performed on Varnish Cache servers that have the HTTP/2 protocol turned on. An attacker can create a large volume of streams and immediately reset them without ever reaching the maximum number of concurrent streams allowed for the...

Grafana -- Email verification is not required after email change

Grafana Labs reports: The vulnerability impacts instances where Grafana basic authentication is enabled. Grafana has a verifyemailenabled configuration option. When this option is enabled, users are required to confirm their email addresses before the sign-up process is complete. However, the ema...

postgresql-server -- Buffer overrun from integer overflow in array modification

PostgreSQL Project reports: While modifying certain SQL array values, missing overflow checks let authenticated database users write arbitrary bytes to a memory area that facilitates arbitrary code execution. Missing overflow checks also let authenticated database users read a wide area of server...

postgresql-server -- Memory disclosure in aggregate function calls

PostgreSQL Project reports: Certain aggregate function calls receiving "unknown"-type arguments could disclose bytes of server memory from the end of the "unknown"-type value to the next zero byte. One typically gets an "unknown"-type value via a string literal having no type designation. We have...

postgresql-server -- Role pg_cancel_backend can signal certain superuser processes

PostgreSQL Project reports: Documentation says the pgcancelbackend role cannot signal "a backend owned by a superuser". On the contrary, it can signal background workers, including the logical replication launcher. It can signal autovacuum workers and the autovacuum launcher. Signaling autovacuum...

OpenSSL -- DoS in DH generation

The OpenSSL project reports: Excessive time spent in DH check / generation with large Q parameter value low. Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow...

electron{25,26} -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-5849. Security: backported fix for CVE-2023-5482...

FreeBSD -- libc stdio buffer overflow

Problem Description: For line-buffered streams the sflush function did not correctly update the FILE object's write space member when the write2 system call returns an error. Impact: Depending on the nature of an application that calls libc's stdio functions and the presence of errors returned fr...

FreeBSD -- Incorrect libcap_net limitation list manipulation

Problem Description: Casper services allow limiting operations that a process can perform. Each service maintains a specific list of permitted operations. Certain operations can be further restricted, such as specifying which domain names can be resolved. During the verification of limits, the...

chromium -- security update

Chrome Releases reports: This update includes 1 security fix: 1497859 High CVE-2023-5996: Use after free in WebAudio. Reported by Huang Xilin of Ant Group Light-Year Security Lab via Tianfu Cup 2023 on 2023-10-30...

phpmyfaq -- multiple vulnerabilities

phpmyfaq developers report: XSS Insufficient session expiration...

Gitlab -- Vulnerabilities

Gitlab reports: Disclosure of CI/CD variables using Custom project templates GitLab omnibus DoS crash via OOM with CI Catalogs Parsing gitlab-ci.yml with large string via timeout input leads to Denial of Service DoS - Blocking FIFO files in Tar archives Titles exposed by service-desk template...

chromium -- multiple vulnerabilities

Chrome Releases reports: This update includes 15 security fixes: 1492698 High CVE-2023-5480: Inappropriate implementation in Payments. Reported by Vsevolod Kokorin Slonser of Solidlab on 2023-10-14 1492381 High CVE-2023-5482: Insufficient data validation in USB. Reported by DarkNavy on 2023-10-13...

zeek -- potential DoS vulnerabilities

Tim Wojtulewicz of Corelight reports: A specially-crafted SSL packet could cause Zeek to leak memory and potentially crash. A specially-crafted series of FTP packets could cause Zeek to log entries for requests that have already been completed, using resources unnecessarily and potentially causin...