chromium -- use after free in MediaStream

Chrome Releases reports: This update includes 1 security fix: 1472492 High CVE-2023-4572: Use after free in MediaStream. Reported by fwnfwn@fwnfwn on 2023-08-12...

electron25 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-4071. Security: backported fix for CVE-2023-4070. Security: backported fix for CVE-2023-4075. Security: backported fix for CVE-2023-4076. Security: backported fix for CVE-2023-4074...

electron{22,24} -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-4355. Security: backported fix for CVE-2023-4354. Security: backported fix for CVE-2023-4353. Security: backported fix for CVE-2023-4352. Security: backported fix for CVE-2023-4351...

Python -- multiple vulnerabilities

Python reports: gh-108310: Fixed an issue where instances of ssl.SSLSocket were vulnerable to a bypass of the TLS handshake and included protections like certificate verification and treating sent unencrypted data as if it were post-handshake TLS encrypted data...

chromium -- multiple vulnerabilities

Chrome Releases reports: This update includes 5 security fixes: 1469542 High CVE-2023-4430: Use after free in Vulkan. Reported by Cassidy Kim@cassidy6564 on 2023-08-02 1469754 High CVE-2023-4429: Use after free in Loader. Reported by Anonymous on 2023-08-03 1470477 High CVE-2023-4428: Out of boun...

hwloc2 -- Denial of service or other unspecified impacts

[email protected] reports: An issue was discovered in open-mpi hwloc 2.1.0 allows attackers to cause a denial of service or other unspecified impacts via glibc-cpuset in topology-linux.c...

www/varnish-libvmod-digest -- base64 decoding vulnerability

varnish developers report: Common usage of vmod-digest is for basic HTTP authentication, in which case it may be possible for an attacker to circumvent the authentication check. If the decoded result string is somehow being made visible to the attacker for example the result of the decoding is...

clamav -- Possible denial of service vulnerability in the AutoIt file parser

The ClamAV project reports: There is a possible denial of service vulnerability in the AutoIt file parser...

chromium -- multiple vulnerabilities

Chrome Releases reports: This update includes 26 security fixes: 1448548 High CVE-2023-2312: Use after free in Offline. Reported by avaue at S.S.L. on 2023-05-24 1458303 High CVE-2023-4349: Use after free in Device Trust Connectors. Reported by Weipeng Jiang @Krace of VRI on 2023-06-27 1454817 Hi...

clamav -- Possible denial of service vulnerability in the HFS+ file parser

Steve Smith reports: There is a possible denial of service vulnerability in the HFS+ file parser...

postgresql-server -- Extension script @substitutions@ within quoting allow SQL injection

PostgreSQL Project reports An extension script is vulnerable if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". No bundled extension is vulnerable. Vulnerable uses do appear in a documentation example and in non-bundled extensions. Hence,...

postgresql-server -- MERGE fails to enforce UPDATE or SELECT row security policies

PostgreSQL Project reports PostgreSQL 15 introduced the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some row that INSERT policies do not forbid, a user could store such rows. Subsequent consequences...

libqb -- Buffer overflow

[email protected] reports: logblackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the header size is not considered...

krb5 -- Double-free in KDC TGS processing

The MIT krb5 Team reports: When issuing a ticket for a TGS renew or validate request, copy only the server field from the outer part of the header ticket to the new ticket. Copying the whole structure causes the encpart pointer to be aliased to the header ticket until krb5encrypttktpart is called...

electron{22,23,24,25} -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-3732. Security: backported fix for CVE-2023-3728. Security: backported fix for CVE-2023-3730...

chromium -- multiple vulnerabilities

Chrome Releases reports: This update includes 17 security fixes: 1466183 High CVE-2023-4068: Type Confusion in V8. Reported by Jerry on 2023-07-20 1465326 High CVE-2023-4069: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2023-07-17 1462951 High CVE-2023-4070: Type Confusi...

FreeBSD -- Network authentication attack via pam_krb5

Problem Description: The problem detailed in FreeBSD-SA-23:04.pamkrb5 persisted following the patch for that advisory. Impact: The impact described in FreeBSD-SA-23:04.pamkrb5 persists...

FreeBSD -- bhyve privileged guest escape via fwctl

Problem Description: The fwctl driver implements a state machine which is executed when the guest accesses certain x86 I/O ports. The interface lets the guest copy a string into a buffer resident in the bhyve process' memory. A bug in the state machine implementation can result in a buffer...

FreeBSD -- Remote denial of service in IPv6 fragment reassembly

Problem Description: Each fragment of an IPv6 packet contains a fragment header which specifies the offset of the fragment relative to the original packet, and each fragment specifies its length in the IPv6 header. When reassembling the packet, the kernel calculates the complete IPv6 payload...

FreeBSD -- Potential remote code execution via ssh-agent forwarding

Problem Description: The server may cause ssh-agent to load shared libraries other than those required for PKCS11 support. These shared libraries may have side effects that occur on load and unload dlopen and dlclose. Impact: An attacker with access to a server that accepts a forwarded ssh-agent...

Gitlab -- Vulnerabilities

Gitlab reports: ReDoS via ProjectReferenceFilter in any Markdown fields ReDoS via AutolinkFilter in any Markdown fields Regex DoS in Harbor Registry search Arbitrary read of files owned by the "git" user via malicious tar.gz file upload using GitLab export functionality Stored XSS in Web IDE Beta...

OpenSSL -- Excessive time spent checking DH q parameter value

The OpenSSL project reports: Checking excessively long DH keys or parameters may be very slow severity: Low...

jenkins -- Stored XSS vulnerability

Jenkins Security Advisory: Description High SECURITY-3188 / CVE-2023-39151 Stored XSS vulnerability...

typo3 -- multiple vulnerabilities

TYPO3 reports: TYPO3-CORE-SA-2023-002: By-passing Cross-Site Scripting Protection in HTML Sanitizer TYPO3-CORE-SA-2023-003: Information Disclosure due to Out-of-scope Site Resolution TYPO3-CORE-SA-2023-004: Cross-Site Scripting in CKEditor4 WordCount Plugin...

chromium -- multiple vulnerabilities

Chrome Releases reports: This update includes 20 security fixes: 1454086 High CVE-2023-3727: Use after free in WebRTC. Reported by Cassidy Kim@cassidy6564 on 2023-06-12 1457421 High CVE-2023-3728: Use after free in WebRTC. Reported by Zhenghang Xiao @Kipreyyy on 2023-06-23 1453465 High...

samba -- multiple vulnerabilities

The Samba Team reports: CVE-2023-34967: Samba Spotlight mdssvc RPC Request Type Confusion DoS Vulnerability When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where keys are character strings and values can be any of the supported types in the...

OpenSSH -- remote code execution via a forwarded agent socket

OpenSSH project reports: Fix CVE-2023-38408 - a condition where specific libaries loaded via ssh-agent1's PKCS11 support could be abused to achieve remote code execution via a forwarded agent socket if the following conditions are met: Exploitation requires the presence of specific libraries on t...

libsndfile_project -- Integer overflow in dataend calculation

[email protected] reports: Multiple signed integers overflow in function aureadheader in src/au.c and in functions mat4open and mat4readheader in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified impacts...

virtualbox-ose -- multiple vulnerabilities

[email protected] reports: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via RDP t...

element-web -- Cross site scripting in Export Chat feature

Matrix Developers reports: The Export Chat feature includes certain attacker-controlled elements in the generated document without sufficient escaping, leading to stored XSS...

MySQL -- Multiple vulnerabilities

Oracle reports: This Critical Patch Update contains 24 new security patches for Oracle MySQL. 11 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials...

virtualbox-ose -- multiple vulnerabilities

[email protected] reports: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructur...

virtualbox-ose -- multiple vulnerabilities

[email protected] reports: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure...

phpmyfaq -- multiple vulnerabilities

phpmyfaq developers report: Cross Site Scripting vulnerability CSV injection vulnerability...

OpenSSL -- AES-SIV implementation ignores empty associated data entries

The OpenSSL project reports: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence...

GLPI vulnerable to SQL injection via dashboard administration

[email protected] reports: GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An administrator can trigger SQL injection via dashboards administration. This vulnerability has been patched in...

electron22 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-3422. Security: backported fix for CVE-2023-3421. Security: backported fix for CVE-2023-3420...

redis -- heap overflow in COMMAND GETKEYS and ACL evaluation

Redis core team reports: Extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Specifically: using COMMAND GETKEYS and validation of key names in ACL...

redis -- Heap overflow in the cjson and cmsgpack libraries

Redis core team reports: A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson and cmsgpack libraries, and result in heap corruption and potentially remote code execution...

Gitlab -- Vulnerabilities

Gitlab reports: A user can change the name and path of some public GitLab groups...

electron{23,24} -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-3422. Security: backported fix for CVE-2023-3421. Security: backported fix for CVE-2023-3420...

GLPI vulnerable to unauthorized access to User data

[email protected] reports: GLPI is a free asset and IT management software package. Versions of the software starting with 0.68 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user. This allows access to the list of all users and their...

GLPI vulnerable to reflected XSS in search pages

[email protected] reports: GLPI is a free asset and IT management software package. Starting in version 9.4.0 and prior to version 10.0.8, a malicious link can be crafted by an unauthenticated user that can exploit a reflected XSS in case any authenticated user opens the crafted link...

GLPI vulnerable to unauthorized access to Dashboard data

[email protected] reports: GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a on a file accessible by an authenticated user or not for certain actions, allows a threat actor to interact, modif...

GLPI vulnerable to unauthenticated access to Dashboard data

[email protected] reports: GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a file allows an unauthenticated user to be able to access dashboards data. Version 10.0.8 contains a patch for this...

GLPI vulnerable to SQL injection via inventory agent request

[email protected] reports: GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.8, GLPI inventory endpoint can be used to drive a SQL injection attack. By default, GLPI inventory endpoint requires no authentication. Version...

GLPI vulnerable to unauthorized access to KnowbaseItem data

[email protected] reports: GLPI is a free asset and IT management software package. Versions of the software starting with 9.2.0 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user, allows access to the view all KnowbaseItems. Version...

GLPI vulnerable to SQL injection through Computer Virtual Machine information

[email protected] reports: GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.8, Computer Virtual Machine form and GLPI inventory request can be used to perform a SQL injection attack. Version 10.0.8 has a patch for this issue...

Django -- multiple vulnerabilities

Django reports: CVE-2023-36053: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator...

SoftEtherVPN -- multiple vulnerabilities

Daiyuu Nobori reports: The SoftEther VPN project received a high level code review and technical assistance from Cisco Systems, Inc. of the United States from April to June 2023 to fix several vulnerabilities in the SoftEther VPN code. The risk of exploitation of any of the fixed vulnerabilities ...