6580 matches found
Account takeover via SQL Injection in UI layout preferences in GLPI
[email protected] reports: GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. UI layout preferences management can be hijacked to lead to SQL...
glpi-project -- SQL injection in ITIL actors in GLPI
[email protected] reports: GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The ITIL actors input field from the Ticket form can be used to...
Privilege Escalation from technician to super-admin in GLPI
[email protected] reports: GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A user with write access to another user can make requests to chan...
Account takeover via Kanban feature in GLPI
[email protected] reports: GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A logged user from any profile can hijack the Kanban feature to...
Account takeover through API in GLPI
[email protected] reports: GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user that have read access on users resource can steal...
Users login enumeration by unauthenticated user in GLPI
[email protected] reports: GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An unauthenticated user can enumerate users logins. Users are...
Sensitive fields enumeration through API in GLPI
[email protected] reports: GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user can enumerate sensitive fields values on resources on...
File deletion through document upload process in GLPI
[email protected] reports: GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The document upload process can be diverted to delete some files...
Unallowed PHP script execution in GLPI
From the GLPI 10.0.10 Changelog: You will find below security issues fixed in this bugfixes version: SECURITY - Critical Unallowed PHP script execution CVE-2023-42802. The mentioned CVE is invalid...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update includes 10 security fixes: 1486441 High CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx. Reported by Clément Lecigne of Google's Threat Analysis Group on 2023-09-25 1478889 High CVE-2023-5186: Use after free in Passwords. Reported by pwn2car on...
xrdp -- unchecked access to font glyph info
xrdp team reports: Access to the font glyphs in xrdppainter.c is not bounds-checked. Since some of this data is controllable by the user, this can result in an out-of-bounds read within the xrdp executable. The vulnerability allows an out-of-bounds read within a potentially privileged process. On...
Mailpit affected by vulnerability in included go markdown module
Mailpit author reports: Update Go modules to address CVE-2023-42821 go markdown module DoS...
11/libX11 multiple vulnerabilities
The X.Org project reports: CVE-2023-43785: out-of-bounds memory access in XkbReadKeySyms When libX11 is processing the reply from the X server to the XkbGetMap request, if it detected the number of symbols in the new map was less than the size of the buffer it had allocated, it always added room...
x11/libXpm multiple vulnerabilities
The X.Org project reports: CVE-2023-43788: Out of bounds read in XpmCreateXpmImageFromBuffer An out-of-bounds read is located in ParseComment when reading from a memory buffer instead of a file, as it continued to look for the closing comment marker past the end of the buffer. CVE-2023-43789: Out...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory: Description Medium SECURITY-3261 / CVE-2023-43494 Builds can be filtered by values of sensitive build variables High SECURITY-3245 / CVE-2023-43495 Stored XSS vulnerability High SECURITY-3072 / CVE-2023-43496 Temporary plugin file created with insecure permissions Low...
Gitlab -- vulnerability
Gitlab reports: Attacker can abuse scan execution policies to run pipelines as another user...
vorbistools -- heap buffer overflow in oggenc
Frank-Z7 reports: Heap buffer overflow when vorbis-tools/oggenc converts WAV files to Ogg files...
Roundcube -- XSS vulnerability
The Roundcube webmail project reports: cross-site scripting XSS vulnerability in handling of linkrefs in plain text messages...
routinator -- Possible path traversal when storing RRDP responses
[email protected] reports: NLnet Labs Routinator 0.9.0 up to and including 0.12.1 contains a possible path traversal vulnerability in the optional, off-by-default keep-rrdp-responses feature that allows users to store the content of responses received for RRDP requests. The location of these store...
curl -- HTTP headers eat all memory
selmelc on hackerone reports: When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit in how many or how large headers it would accept in a response, allowing a malicious server to stre...
electron{24,25} -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-4763. Security: backported fix for CVE-2023-4762. Security: backported fix for CVE-2023-4761. Security: backported fix for CVE-2023-4863...
electron22 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-4572. Security: backported fix for CVE-2023-4762. Security: backported fix for CVE-2023-4863...
graphics/webp heap buffer overflow
Google Chrome reports: Heap buffer overflow in WebP ... allowed a remote attacker to perform an out of bounds memory write...
vscode -- VS Code Remote Code Execution Vulnerability
VSCode developers report: Visual Studio Code Remote Code Execution Vulnerability A remote code execution vulnerability exists in VS Code 1.82.0 and earlier versions that working in a maliciously crafted package.json can result in executing commands locally. This scenario would require the attacke...
zeek -- potential DoS vulnerabilities
Tim Wojtulewicz of Corelight reports: File extraction limits were not correctly enforced for files containing large amounts of missing bytes. Sessions are sometimes not cleaned up completely within Zeek during shutdown, potentially causing a crash when using the -B dpd flag for debug logging. A...
libwebp heap buffer overflow
[email protected] reports: Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: Critical The Tor browser is based on Firefox and GeckoView and uses al...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update includes 16 security fixes: 1479274 Critical CVE-2023-4863: Heap buffer overflow in WebP. Reported by Apple Security Engineering and Architecture SEAR and The Citizen Lab at The University of Torontoʼs Munk School on 2023-09-06 1430867 Medium CVE-2023-4900:...
FreeBSD -- Wi-Fi encryption bypass
Problem Description: The net80211 subsystem would fallback to the multicast key for unicast traffic in the event the unicast key was removed. This would result in buffered unicast traffic being exposed to any stations with access to the multicast key. Impact: As described in the "Framing Frames:...
go -- multiple vulnerabilities
The Go project reports: cmd/go: go.mod toolchain directive allows arbitrary execution The go.mod toolchain directive, introduced in Go 1.21, could be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to...
FreeBSD -- pf incorrectly handles multiple IPv6 fragment headers
Problem Description: With a 'scrub fragment reassemble' rule, a packet containing multiple IPv6 fragment headers would be reassembled, and then immediately processed. That is, a packet with multiple fragment extension headers would not be recognized as the correct ultimate payload. Instead a pack...
redis -- Possible bypassing ACL configuration
yangbodong22011 reports: Redis does not correctly identify keys accessed by SORTRO and, as a result, may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update includes 4 security fixes: 1476403 High CVE-2023-4761: Out of bounds memory access in FedCM. Reported by DarkNavy on 2023-08-28 1473247 High CVE-2023-4762: Type Confusion in V8. Reported by Rong Jian of VRI on 2023-08-16 1469928 High CVE-2023-4763: Use after...
mediawiki -- multiple vulnerabilities
Mediawikwi reports: T264765, CVE-2023-PENDING SECURITY: Users without correct permission are incorrectly shown MediaWiki:Missing-revision-permission. T333050, CVE-2023-PENDING SECURITY: Fix infinite loop for self-redirects with variants conversion. T340217, CVE-2023-PENDING SECURITY: Vector 2022:...
Django -- multiple vulnerabilities
Django reports: CVE-2023-41164: Potential denial of service vulnerability in django.utils.encoding.uritoiri...
Gitlab -- Vulnerabilities
Gitlab reports: Privilege escalation of "external user" to internal access through group service account Maintainer can leak sentry token by changing the configured URL fix bypass Google Cloud Logging private key showed in plain text in GitLab UI leaking to other group owners Information disclosu...
electron24 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-4427. Security: backported fix for CVE-2023-4428. Security: backported fix for CVE-2023-4430. Security: backported fix for CVE-2023-4572...
gitea -- missing permission checks
The Gitea team reports: Fix missing check Do some missing checks By crafting an API request, attackers can access the contents of issues even though the logged-in user does not have access rights to these issues...
electron22 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-4427. Security: backported fix for CVE-2023-4428...
electron25 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-4427. Security: backported fix for CVE-2023-4428. Security: backported fix for CVE-2023-4429. Security: backported fix for CVE-2023-4430. Security: backported fix for CVE-2023-4572...
xrdp -- Improper handling of session establishment errors allows bypassing OS-level session restrictions
xrdp team reports: In versions prior to 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The authstartsession function can return non-zero 1 value on, e.g., PAM error which may result in session restrictions such as max concurrent sessions p...
gitea -- block user account creation from blocked email domains
The Gitea team reports: check blocklist for emails when adding them to account...
openvpn -- 2.6.0...2.6.6 --fragment option division by zero crash, and TLS data leak
The OpenVPN community project team reports: CVE-2023-46849 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly restore "--fragment" configuration in some circumstances, leading to a division by zero when "--fragment" is used. On platforms where division by zero is fatal, this will cause an OpenV...
chromium -- use after free in MediaStream
Chrome Releases reports: This update includes 1 security fix: 1472492 High CVE-2023-4572: Use after free in MediaStream. Reported by fwnfwn@fwnfwn on 2023-08-12...
electron{22,24} -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-4355. Security: backported fix for CVE-2023-4354. Security: backported fix for CVE-2023-4353. Security: backported fix for CVE-2023-4352. Security: backported fix for CVE-2023-4351...
electron25 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-4071. Security: backported fix for CVE-2023-4070. Security: backported fix for CVE-2023-4075. Security: backported fix for CVE-2023-4076. Security: backported fix for CVE-2023-4074...
hwloc2 -- Denial of service or other unspecified impacts
[email protected] reports: An issue was discovered in open-mpi hwloc 2.1.0 allows attackers to cause a denial of service or other unspecified impacts via glibc-cpuset in topology-linux.c...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update includes 5 security fixes: 1469542 High CVE-2023-4430: Use after free in Vulkan. Reported by Cassidy Kim@cassidy6564 on 2023-08-02 1469754 High CVE-2023-4429: Use after free in Loader. Reported by Anonymous on 2023-08-03 1470477 High CVE-2023-4428: Out of boun...
Python -- multiple vulnerabilities
Python reports: gh-108310: Fixed an issue where instances of ssl.SSLSocket were vulnerable to a bypass of the TLS handshake and included protections like certificate verification and treating sent unencrypted data as if it were post-handshake TLS encrypted data...
www/varnish-libvmod-digest -- base64 decoding vulnerability
varnish developers report: Common usage of vmod-digest is for basic HTTP authentication, in which case it may be possible for an attacker to circumvent the authentication check. If the decoded result string is somehow being made visible to the attacker for example the result of the decoding is...
clamav -- Possible denial of service vulnerability in the AutoIt file parser
The ClamAV project reports: There is a possible denial of service vulnerability in the AutoIt file parser...