6579 matches found
Gitlab -- vulnerabilities
Gitlab reports: Stored-XSS injected in Wiki page via Banzai pipeline DOS using crafted emojis...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 7 security fixes: 327807820 Critical CVE-2024-2883: Use after free in ANGLE. Reported by Cassidy Kim@cassidy6564 on 2024-03-03 328958020 High CVE-2024-2885: Use after free in Dawn. Reported by wgslfuzz on 2024-03-11 330575496 High CVE-2024-2886: Use...
phpmyfaq -- multiple vulnerabilities
phpMyFAQ team reports: The phpMyFAQ Team has learned of multiple security issues that'd been discovered in phpMyFAQ 3.2.5 and earlier. phpMyFAQ contains cross-site scripting XSS, SQL injection and bypass vulnerabilities...
emacs -- multiple vulnerabilities
GNU Emacs developers report: Emacs 29.3 is an emergency bugfix release intended to fix several security vulnerabilities. Arbitrary Lisp code is no longer evaluated as part of turning on Org mode. This is for security reasons, to avoid evaluating malicious Lisp code. New buffer-local variable...
security/shibboleth-idp -- CAS service SSRF
Shibboleth Developers report: The Identity Provider's CAS support relies on a function in the Spring Framework to parse CAS service URLs and append the ticket parameter...
jenkins -- HTTP/2 denial of service vulnerability in bundled Jetty
Jenkins Security Advisory: Description High SECURITY-3379 / CVE-2024-22201 HTTP/2 denial of service vulnerability in bundled Jetty...
jose -- DoS vulnerability
[email protected] reports: latchset jose through version 11 allows attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 12 security fixes: 327740539 High CVE-2024-2625: Object lifecycle issue in V8. Reported by Ganjiang Zhou@refrainareu of ChaMd5-H1 team on 2024-03-01 40945098 Medium CVE-2024-2626: Out of bounds read in Swiftshader. Reported by Cassidy Kim@cassidy6564 ...
mediawiki -- multiple vulnerabilities
Mediawiki reports: T355538, CVE-2024-PENDING SECURITY: XSS in edit summary parser. T357760, CVE-2024-PENDING SECURITY: Denial of service vector via GET request to Special:MovePage on pages with thousands of subpages...
amavisd-new -- multipart boundary confusion
The Amavis project reports: Emails which consist of multiple parts Content-Type: multipart/ incorporate boundary information stating at which point one part ends and the next part begins. A boundary is announced by an Content-Type header's boundary parameter. To our current knowledge, RFC2046 and...
electron{27,28} -- Out of bounds memory access in V8
Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2024-2173...
GLPI -- multiple vulnerabilities
GLPI team reports: GLPI 10.0.13 Changelog SECURITY - high SQL Injection in through the search engine CVE-2024-27096 SECURITY - moderate Blind SSRF using Arbitrary Object Instantiation CVE-2024-27098 SECURITY - moderate Stored XSS in dashboards CVE-2024-27104 SECURITY - moderate Reflected XSS in...
quiche -- Multiple Vulnerabilities
Quiche Releases reports: This release includes 2 security fixes: CVE-2024-1410: Unbounded storage of information related to connection ID retirement, in quiche. Reported by Marten Seeman @marten-seeman CVE-2024-1765: Unlimited resource allocation by QUIC CRYPTO frames flooding in quiche. Reported...
databases/mongodb* -- Improper Certificate Validation
MongoDB, Inc. reports: A security vulnerability was found where a server process running MongoDB 3.2.6 or later will allow incoming connections to skip peer certificate validation if the server process was started with TLS enabled net.tls.mode set to allowTLS, preferTLS, or requireTLS and without...
Unbound -- Denial-of-Service vulnerability
NLNet Labs reports: Unbound 1.18.0 introduced a feature that removes EDE records from responses with size higher than the client's advertised buffer size. Before removing all the EDE records however, it would try to see if trimming the extra text fields on those records would result in an...
electron{27,28} -- vulnerability in libxml2
Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2024-25062...
Gitlab -- Vulnerabilities
Gitlab reports: Bypassing CODEOWNERS approval allowing to steal protected variables Guest with manage group access tokens can rotate and see group access token with owner permissions...
go -- multiple vulnerabilities
The Go project reports reports: crypto/x509: Verify panics on certificates with an unknown public key algorithm Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. net/http: memory exhaustion in...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 3 security fixes: 325893559 High CVE-2024-2173: Out of bounds memory access in V8. Reported by 5fceb6172bbf7e2c5a948183b53565b9 on 2024-02-19 325866363 High CVE-2024-2174: Inappropriate implementation in V8. Reported by 5f46f4ee2e17957ba7b39897fb376be...
electron{27,28} -- Use after free in Mojo
Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2024-1670...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 4 security fixes: 324596281 High CVE-2024-1938: Type Confusion in V8. Reported by 5f46f4ee2e17957ba7b39897fb376be8 on 2024-02-11 323694592 High CVE-2024-1939: Type Confusion in V8. Reported by Bohan Liu @P4nda20371774 of Tencent Security Xuanwu Lab on...
null -- Routinator terminates when RTR connection is reset too quickly after opening
[email protected] reports: Due to a mistake in error checking, Routinator will terminate when an incoming RTR connection is reset by the peer too quickly after opening...
Django -- multiple vulnerabilities
Django reports: CVE-2024-27351: Potential regular expression denial-of-service in django.utils.text.Truncator.words...
dns/c-ares -- malformatted file causes application crash
c-ares project reports: Reading malformatted /etc/resolv.conf, /etc/nsswitch.conf or the HOSTALIASES file could result in a crash...
gitea -- Fix XSS vulnerabilities
Problem Description: The Wiki page did not sanitize author name the reviewer name on a "dismiss review" comment is also affected the migration page has some spots...
electron27 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2024-1283. Security: backported fix for CVE-2024-1284...
Gitlab -- Vulnerabilities
Gitlab reports: Stored-XSS in user's profile page User with "admingroupmembers" permission can invite other groups to gain owner access ReDoS issue in the Codeowners reference extractor LDAP user can reset password using secondary email and login using direct authentication Bypassing group ip...
null -- null
[email protected] reports: On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAPNETBINDSERVICE. Due to a bug in the implementation of this exception, Node....
chromium -- multiple security fixes
Chrome Releases reports: This update includes 12 security fixes: 41495060 High CVE-2024-1669: Out of bounds memory access in Blink. Reported by Anonymous on 2024-01-26 41481374 High CVE-2024-1670: Use after free in Mojo. Reported by Cassidy Kim@cassidy6564 on 2023-12-06 41487933 Medium...
nginx-devel -- Multiple Vulnerabilities in HTTP/3
The nginx development team reports: When using HTTP/3 a segmentation fault might occur in a worker process while processing a specially crafted QUIC session...
powerdns-recursor -- Multiple Vulnerabilities
[email protected] reports: CVE-2023-50868: The Closest Encloser Proof aspect of the DNS protocol in RFC 5155 when RFC 9276 guidance is skipped allows remote attackers to cause a denial of service CPU consumption for SHA-1 computations via DNSSEC responses in a random subdomain attack, aka the "NSEC3"...
FreeBSD -- jail(2) information leak
Problem Description: The jail2 system call has not limited a visiblity of allocated TTYs the kern.ttys sysctl. This gives rise to an information leak about processes outside the current jail. Impact: Attacker can get information about TTYs allocated on the host or in other jails. Effectively, the...
NodeJS -- Vulnerabilities
Node.js reports: Code injection and privilege escalation through Linux capabilities- High http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- High Path traversal by monkey-patching Buffer internals- High setuid does not drop all privileges due to iouring - Hi...
FreeBSD -- bhyveload(8) host file access
Problem Description: bhyveload -h may be used to grant loader access to the directory tree on the host. Affected versions of bhyveload8 do not make any attempt to restrict loader's access to , allowing the loader to read any file the host user has access to. Impact: In the bhyveload8 model, the...
typo3-{11,12} -- multiple vulnerabilities
Typo3 developers reports: All versions are security releases and contain important security fixes - read the corresponding security advisories here: Path Traversal in TYPO3 File Abstraction Layer Storages CVE-2023-30451 Code Execution in TYPO3 Install Tool CVE-2024-22188 Information Disclosure of...
chromium -- security fix
Chrome Releases reports: This update includes 1 security fix...
Grafana -- Data source permission escalation
Grafana Labs reports: The vulnerability impacts Grafana Cloud and Grafana Enterprise instances, and it is exploitable if a user who should not be able to access all data sources is granted permissions to create a data source. By default, only organization Administrators are allowed to create a da...
postgresql-server -- non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL
PostgreSQL Project reports: One step of a concurrent refresh command was run under weak security restrictions. If a materialized view's owner could persuade a superuser or other high-privileged user to perform a concurrent refresh on that view, the view's owner could control code executed with th...
Composer -- Code execution and possible privilege escalation
Copmposer reports: Code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php. Several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions...
clamav -- Multiple vulnerabilities
The ClamAV project reports: CVE-2024-20290 A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during...
Gitlab -- vulnerabilities
Gitlab reports: Restrict group access token creation for custom roles Project maintainers can bypass group's scan result policy blockbranchmodification setting ReDoS in CI/CD Pipeline Editor while verifying Pipeline syntax Resource exhaustion using GraphQL vulnerabilitiesCountByDay...
Libgit2 -- multiple vulnerabilities
Git community reports: A bug in gitrevparsesingle is fixed that could have caused the function to enter an infinite loop given well-crafted inputs, potentially causing a Denial of Service attack in the calling application A bug in gitrevparsesingle is fixed that could have caused the function to...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 3 security fixes: 41494539 High CVE-2024-1284: Use after free in Mojo. Reported by Anonymous on 2024-01-25 41494860 High CVE-2024-1283: Heap buffer overflow in Skia. Reported by Jorge Buzeti @r3tr074 on 2024-01-25...
DNSSEC validators -- denial-of-service/CPU exhaustion from KeyTrap and NSEC3 vulnerabilities
Simon Kelley reports: If DNSSEC validation is enabled, then an attacker who can force a DNS server to validate a specially crafted signed domain can use a lot of CPU in the validator. This only affects dnsmasq installations with DNSSEC enabled. Stichting NLnet Labs reports: The KeyTrap...
phpmyfaq -- multiple vulnerabilities
phpMyFAQ team reports: phpMyFAQ doesn't implement sufficient checks to avoid XSS when storing on attachments filenames. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. phpMyFAQ's user removal...
GLPI -- multiple vulnerabilities
GLPI team reports: GLPI 10.0.12 Changelog SECURITY - moderate Reflected XSS in reports pages CVE-2024-23645 SECURITY - moderate LDAP Injection during authentication CVE-2023-51446...
curl -- OCSP verification bypass with TLS session reuse
Hiroki Kurosawa reports: curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...
electron{26,27,28} -- Use after free in Web Audio
Electron developers reports: This update fixes the following vulnerability: Security: backported fix for CVE-2024-0807...
minio -- privilege escalation via permissions inheritance
Minio security advisory GHSA-xx8w-mq23-29g4 ports: When someone creates an access key, it inherits the permissions of the parent key. Not only for s3: actions, but also admin: actions. Which means unless somewhere above in the access-key hierarchy, the admin rights are denied, access keys will be...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 4 security fixes: 1511567 High CVE-2024-1060: Use after free in Canvas. Reported by Anonymous on 2023-12-14 1514777 High CVE-2024-1059: Use after free in WebRTC. Reported by Cassidy Kim@cassidy6564 on 2023-12-29 1511085 High CVE-2024-1077: Use after...