6580 matches found
typo3 -- Multiple vulnerabilities
[email protected] reports: Weak Authentication in Session Handling in typo3/cms-core: In typo3 installations there are always at least two different sites. Eg. first.example.org and second.example.com. In affected versions a session cookie generated for the first site can be reused o...
varnish -- HTTP/2 Rapid Reset Attack
Varnish Cache Project reports: A denial of service attack can be performed on Varnish Cache servers that have the HTTP/2 protocol turned on. An attacker can create a large volume of streams and immediately reset them without ever reaching the maximum number of concurrent streams allowed for the...
MariaDB -- Denial-of-Service vulnerability
The MariaDB project reports: Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete...
Grafana -- Email verification is not required after email change
Grafana Labs reports: The vulnerability impacts instances where Grafana basic authentication is enabled. Grafana has a verifyemailenabled configuration option. When this option is enabled, users are required to confirm their email addresses before the sign-up process is complete. However, the ema...
postgresql-server -- Memory disclosure in aggregate function calls
PostgreSQL Project reports: Certain aggregate function calls receiving "unknown"-type arguments could disclose bytes of server memory from the end of the "unknown"-type value to the next zero byte. One typically gets an "unknown"-type value via a string literal having no type designation. We have...
postgresql-server -- Buffer overrun from integer overflow in array modification
PostgreSQL Project reports: While modifying certain SQL array values, missing overflow checks let authenticated database users write arbitrary bytes to a memory area that facilitates arbitrary code execution. Missing overflow checks also let authenticated database users read a wide area of server...
postgresql-server -- Role pg_cancel_backend can signal certain superuser processes
PostgreSQL Project reports: Documentation says the pgcancelbackend role cannot signal "a backend owned by a superuser". On the contrary, it can signal background workers, including the logical replication launcher. It can signal autovacuum workers and the autovacuum launcher. Signaling autovacuum...
electron{25,26} -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-5849. Security: backported fix for CVE-2023-5482...
FreeBSD -- libc stdio buffer overflow
Problem Description: For line-buffered streams the sflush function did not correctly update the FILE object's write space member when the write2 system call returns an error. Impact: Depending on the nature of an application that calls libc's stdio functions and the presence of errors returned fr...
FreeBSD -- Incorrect libcap_net limitation list manipulation
Problem Description: Casper services allow limiting operations that a process can perform. Each service maintains a specific list of permitted operations. Certain operations can be further restricted, such as specifying which domain names can be resolved. During the verification of limits, the...
OpenSSL -- DoS in DH generation
The OpenSSL project reports: Excessive time spent in DH check / generation with large Q parameter value low. Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow...
chromium -- security update
Chrome Releases reports: This update includes 1 security fix: 1497859 High CVE-2023-5996: Use after free in WebAudio. Reported by Huang Xilin of Ant Group Light-Year Security Lab via Tianfu Cup 2023 on 2023-10-30...
phpmyfaq -- multiple vulnerabilities
phpmyfaq developers report: XSS Insufficient session expiration...
Gitlab -- Vulnerabilities
Gitlab reports: Disclosure of CI/CD variables using Custom project templates GitLab omnibus DoS crash via OOM with CI Catalogs Parsing gitlab-ci.yml with large string via timeout input leads to Denial of Service DoS - Blocking FIFO files in Tar archives Titles exposed by service-desk template...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update includes 15 security fixes: 1492698 High CVE-2023-5480: Inappropriate implementation in Payments. Reported by Vsevolod Kokorin Slonser of Solidlab on 2023-10-14 1492381 High CVE-2023-5482: Insufficient data validation in USB. Reported by DarkNavy on 2023-10-13...
zeek -- potential DoS vulnerabilities
Tim Wojtulewicz of Corelight reports: A specially-crafted SSL packet could cause Zeek to leak memory and potentially crash. A specially-crafted series of FTP packets could cause Zeek to log entries for requests that have already been completed, using resources unnecessarily and potentially causin...
openexr -- Heap Overflow in Scanline Deep Data Parsing
Austin Hackers Anonymous report: Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEXR image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. ... it is...
open-vm-tools -- Multiple vulnerabilities
VMware reports: This update includes 2 security fixes: High CVE-2023-34058: SAML token signature bypass vulnerability High CVE-2023-34059: File descriptor hijack vulnerability in the vmware-user-suid-wrapper...
xorg-server -- Multiple vulnerabilities
The X.Org project reports: ZDI-CAN-22153/CVE-2023-5367: X.Org server: OOB write in XIChangeDeviceProperty/RRChangeOutputProperty When prepending values to an existing property an invalid offset calculation causes the existing values to be appended at the wrong offset. The resulting memcpy would...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update includes 2 security fixes: 1491296 High CVE-2023-5472: Use after free in Profiles. Reported by @18æ¥¼æ¢¦æƒ³æ”¹é€ å®¶ on 2023-10-10...
OpenSSL -- potential loss of confidentiality
The OpenSSL team reports: Moderate severity: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers...
squid -- Multiple vulnerabilities
The squid-cache project reports: Denial of Service in FTP Request/Response smuggling in HTTP/1.1 and ICAP Denial of Service in HTTP Digest Authentication...
sdl2_sound -- multiple vulnerabilities
GitHub Security Lab reports: stbimage.h and stbvorbis libraries contain several memory access violations of different severity Wild address read in stbigifloadnext GHSL-2023-145. Multi-byte read heap buffer overflow in stbiverticalflip GHSL-2023-146. Disclosure of uninitialized memory in...
Apache httpd -- Multiple vulnerabilities
The Apache httpd project reports: CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST CVE-2023-43622: Apache HTTP Server: DoS in HTTP/2 with initial windows size 0 CVE-2023-31122: modmacro buffer over-read...
Request Tracker -- multiple vulnerabilities
Request Tracker reports: CVE-2023-41259 SECURITY: RT is vulnerable to unvalidated email headers in incoming email and the mail-gateway REST interface. CVE-2023-41260 SECURITY: RT is vulnerable to information leakage via response messages returned from requests sent via the mail-gateway REST...
electron{25,26} -- Use after free in Site Isolation
Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2023-5218...
redis -- Possible bypassing Unix socket permissions
Redis core team reports: The wrong order of listen2 and chmod2 calls creates a race condition that can be used by another process to bypass desired Unix socket permissions on startup...
jenkins -- HTTP/2 denial of service vulnerability in bundled Jetty
Jenkins Security Advisory: Description High SECURITY-3291 / CVE-2023-36478, CVE-2023-44487 HTTP/2 denial of service vulnerability in bundled Jetty...
MySQL -- Multiple vulnerabilities
Oracle reports: This Critical Patch Update contains 37 new security patches, plus additional third party patches noted below, for Oracle MySQL. 9 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials...
nebula -- security fix for terrapin vulnerability
Upstream reports: Security fix: Update golang.org/x/crypto, which includes a fix for CVE-2023-48795...
putty -- add protocol extension against 'Terrapin attack'
Simon Tatham reports: PuTTY version 0.80 contains one security fix ... for a newly discovered security issue known as the 'Terrapin' attack, also numbered CVE-2023-48795. The issue affects widely-used OpenSSH extensions to the SSH protocol: the ChaCha20+Poly1305 cipher system, and...
Roundcube -- XSS vulnerability in SVG
The Roundcube project reports: cross-site scripting XSS vulnerability in handling of SVG in HTML messages...
mantis -- multiple vulnerabilities
Mantis 2.25.8 release reports: Security and maintenance release 0032432: Update guzzlehttp/psr7 to 1.9.1 CVE-2023-29197 0032981: Information Leakage on DokuWiki Integration CVE-2023-44394...
apache -- Apache ZooKeeper: Authorization bypass in SASL Quorum Peer Authentication
[email protected] reports: Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper quorum.auth.enableSasl=true, the authorization is done by verifying that the instance part in SASL authentication ID is liste...
electron25 -- Use after free in extensions vulnerability
Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2023-5187...
traefik -- Resource exhaustion by malicious HTTP/2 client
The traefik authors report: There is a vulnerability in GO managing HTTP/2 requests, which impacts Traefik. This vulnerability could be exploited to cause a denial of service...
h2o -- HTTP/2 Rapid Reset attack vulnerability
Kazuo Okuhu reports: H2O is vulnerable to the HTTP/2 Rapid Reset attack. An attacker might be able to consume more than adequate amount of processing power of h2o and the backend servers by mounting the attack...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update includes 20 security fixes: 1487110 Critical CVE-2023-5218: Use after free in Site Isolation. Reported by @18æ¥¼æ¢¦æƒ³æ”¹é€ å®¶ on 2023-09-27 1062251 Medium CVE-2023-5487: Inappropriate implementation in Fullscreen. Reported by Anonymous on 2020-03-17 1414936 Medium...
libcue -- out-of-bounds array access
The libcue team reports: There is a vulnerability to out-of-bounds array access...
FreeBSD -- copy_file_range insufficient capability rights check
Problem Description: The syscall checked only for the CAPREAD and CAPWRITE capabilities on the input and output file descriptors, respectively. Using an offset is logically equivalent to seeking, and the syscall must additionally require the CAPSEEK capability. Impact: A sandboxed process with on...
FreeBSD -- msdosfs data disclosure
Problem Description: In certain cases using the truncate or ftruncate system call to extend a file size populates the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes. Impact: A user with write access to files on a msdosfs file system may ...
FreeBSD -- arm64 boot CPUs may lack speculative execution protections
Problem Description: On CPU 0 the check for the SMCCC workaround is called before SMCCC support has been initialized. Impact: No speculative execution workarounds are installed on CPU 0...
chromium -- type confusion in v8
Chrome Releases reports: This update includes 1 security fix: 1485829 High CVE-2023-5346: Type Confusion in V8. Reported by Amit Kumar on 2023-09-22...
Django -- multiple vulnerabilities
Django reports: CVE-2023-43665: Denial-of-service possibility in django.utils.text.Truncator...
PptiPNG -- Global-buffer-overflow
Frank-Z7 reports: Running optipng with the "-zm 3 -zc 1 -zw 256 -snip -out" configuration options enabled raises a global-buffer-overflow bug, which could allow a remote attacker to conduct a denial-of-service attack or other unspecified effect on a crafted file...
curl -- SOCKS5 heap buffer overflow
The curl team reports: This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the hostname to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that hostname can be is 255...
Remote Code Execution via web-accessible composer
Composer project reports: Description: Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be impacted if PHP also has registerargcargv enabled in php.ini. Workaround: Make sure registerargcargv is disabled in php.ini, and...
electron{22,24,25} -- Heap buffer overflow in vp8 encoding in libvpx
Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2023-5217...
Gitlab -- vulnerabilities
Attacker can add other projects policy bot as member to their own project and use that bot to trigger pipelines in victims project Group import allows impersonation of users in CI pipelines Developers can bypass code owners approval by changing a MR's base branch Leaking source code of restricted...
Phishing through a login page malicious URL in GLPI
[email protected] reports: GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The lack of path filtering on the GLPI URL may allow an attacker t...