Gitlab -- Vulnerabilities

Gitlab reports: ReDoS via EpicReferenceFilter in any Markdown fields New commits to private projects visible in forks created while project was public New commits to private projects visible in forks created while project was public Maintainer can leak masked webhook secrets by manipulating URL...

chromium -- multiple vulnerabilities

Chrome Releases reports: This update includes 4 security fixes: 1452137 High CVE-2023-3420: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2023-06-07 1447568 High CVE-2023-3421: Use after free in Media. Reported by Piotr Bania of Cisco Talos on 2023-05-22 1450397 High...

electron{23,24} -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-3215. Security: backported fix for CVE-2023-3216...

electron22 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-3215. Security: backported fix for CVE-2023-3216. Security: backported fix for CVE-2023-0698. Security: backported fix for CVE-2023-0932...

Grafana -- Account takeover / authentication bypass

Grafana Labs reports: Grafana validates Azure Active Directory accounts based on the email claim. On Azure AD, the profile email field is not unique across Azure AD tenants. This can enable a Grafana account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant...

FreeBSD -- Network authentication attack via pam_krb5

Problem Description: pamkrb5 authenticates the user by essentially running kinit1 with the password, getting a ticket-granting ticket' tgt from the Kerberos KDC Key Distribution Center over the network, as a way to verify the password. Normally, the system running the pamkrb5 module will also hav...

FreeBSD -- ssh-add does not honor per-hop destination constraints

Problem Description: When using ssh-add1 to add smartcard keys to ssh-agent1 with per-hop destination constraints, a logic error prevented the constraints from being sent to the agent resulting in keys being added to the agent without constraints. Impact: A malicious server could leverage the key...

gitea -- Disallow dangerous URL schemes

The Gitea team reports: Disallow javascript, vbscript and data data uri images still work url schemes even if all other schemes are allowed...

libX11 -- Sub-object overflows

The X.Org project reports: Buffer overflows in InitExt.c in libX11 prior to 1.8.6 CVE-2023-3138 The functions in src/InitExt.c in libX11 prior to 1.8.6 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, usi...

electron23 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-2724. Security: backported fix for CVE-2023-2725. Security: backported fix for CVE-2023-2721. Security: backported fix for CVE-2023-3079. Security: backported fix for CVE-2023-2933...

electron22 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-2724. Security: backported fix for CVE-2023-2723. Security: backported fix for CVE-2023-2725. Security: backported fix for CVE-2023-2721. Security: backported fix for CVE-2023-3079...

electron24 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-3079. Security: backported fix for CVE-2023-2933. Security: backported fix for CVE-2023-2932. Security: backported fix for CVE-2023-2931. Security: backported fix for CVE-2023-2936...

jenkins -- CSRF protection bypass vulnerability

Jenkins Security Advisory: Description High SECURITY-3135 / CVE-2023-35141 CSRF protection bypass vulnerability...

chromium -- multiple vulnerabilities

Chrome Releases reports: This update includes 5 security fixes: 1450568 Critical CVE-2023-3214: Use after free in Autofill payments. Reported by Rong Jian of VRI on 2023-06-01 1446274 High CVE-2023-3215: Use after free in WebRTC. Reported by asnine on 2023-05-17 1450114 High CVE-2023-3216: Type...

Borg (Backup) -- flaw in cryptographic authentication scheme in Borg allowed an attacker to fake archives and indirectly cause backup data loss.

Thomas Waldmann reports: A flaw in the cryptographic authentication scheme in Borg allowed an attacker to fake archives and potentially indirectly cause backup data loss in the repository. The attack requires an attacker to be able to insert files with no additional headers into backups gain writ...

vscode -- VS Code Information Disclosure Vulnerability

VSCode developers reports: VS Code Information Disclosure Vulnerability A information disclosure vulnerability exists in VS Code 1.79.0 and earlier versions on Windows when file system operations are performed on malicious UNC paths. Examples include reading or resolving metadata of such paths. A...

xmltooling -- remote resource access

Shibboleth consortium reports: An updated version of the XMLTooling library that is part of the OpenSAML and Shibboleth Service Provider software is now available which corrects a server-side request forgery SSRF vulnerability. Including certain legal but "malicious in intent" content in the...

gitea -- avoid open HTTP redirects

The Gitea team reports: If redirectto parameter has set value starting with \example.com redirect will be created with header Location: /\example.com that will redirect to example.com domain...

gitea -- multiple issues

The Gitea team reports: Test if container blob is accessible before mounting. Set type="password" on all authtoken fields Seen when migrating from other hosting platforms. Prevents exposing the token to screen capture/cameras/eyeballs. Prevents the browser from saving the value in its autocomplet...

acme.sh -- closes potential remote vuln

Neil Pang reports: HiCA was injecting arbitrary code/commands into the certificate obtaining process and acme.sh is running them on the client machine...

gitea -- information disclosure

The Gitea team reports: Fix API leaking Usermail if not logged in The API should only return the real Mail of a User, if the caller is logged in. The check do to this don't work. This PR fixes this. This not really a security issue, but can lead to Spam...

Grafana -- Grafana DS proxy race condition

Grafana Labs reports: We have discovered a vulnerability with Grafana’s data source query endpoints that could end up crashing a Grafana instance. If you have public dashboards PD enabled, we are scoring this as a CVSS 7.5 High. If you have disabled PD, this vulnerability is still a risk, but...

Grafana -- Broken access control: viewer can send test alerts

Grafana Labs reports: Grafana can allow an attacker in the Viewer role to send alerts by API Alert - Test. This option, however, is not available in the user panel UI for the Viewer role. The CVSS score for this vulnerability is 4.1 Medium CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N...

Kanboard -- Multiple vulnerabilities

Kanboard is project management software that focuses on the Kanban methodology. The last update includes 4 vulnerabilities: [email protected] reports: Missing access control in internal task links feature Stored Cross site scripting in the Task External Link Functionality in Kanboard...

chromium -- multiple vulnerabilities

Chrome Releases reports: This update includes 2 security fixes: 1450481 High CVE-2023-3079: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group on 2023-06-01...

Gitlab -- Vulnerability

Gitlab reports: Stored-XSS with CSP-bypass in Merge requests ReDoS via FrontMatterFilter in any Markdown fields ReDoS via InlineDiffFilter in any Markdown fields ReDoS via DollarMathPostFilter in Markdown fields DoS via malicious test report artifacts Restricted IP addresses can clone repositorie...

chromium -- multiple vulnerabilities

Chrome Releases reports: This update includes 16 security fixes: 1410191 High CVE-2023-2929: Out of bounds write in Swiftshader. Reported by Jaehun Jeong@n3sk of Theori on 2023-01-25 1443401 High CVE-2023-2930: Use after free in Extensions. Reported by asnine on 2023-05-08 1444238 High...

OpenSSL -- Possible DoS translating ASN.1 identifiers

The OpenSSL project reports: Severity: Moderate. Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow...

Kanboard -- Clipboard based cross-site scripting (blocked with default CSP) in Kanboard

[email protected] reports: Kanboard is project management software that focuses on the Kanban methodology. Due to improper handling of elements under the contentEditable element, maliciously crafted clipboard content can inject arbitrary HTML tags into the DOM. A low-privileged...

OpenEXR -- heap buffer overflow in internal_huf_decompress

oss-fuzz reports: heap buffer overflow in internalhufdecompress. Cary Phillips reports: v3.1.9 - Patch release that addresses ... also OSS-fuzz 59382 Heap-buffer-overflow in internalhufdecompress Kimball Thurston reports: Fix scenario where malformed dwa file could read past end of buffer - fixes...

Openfire administration console authentication bypass

[email protected] reports: Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configure...

zeek -- potential DoS vulnerabilities

Tim Wojtulewicz of Corelight reports: A specially-crafted series of FTP packets with a CMD command with a large path followed by a very large number of replies could cause Zeek to spend a long time processing the data. A specially-crafted with a truncated header can cause Zeek to overflow memory...

phpmyfaq -- multiple vulnerabilities

phpmyfaq developers report: Multiple XSS vulnerabilities...

electron -- vulnerability

Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2023-29469...

chromium -- multiple vulnerabilities

Chrome Releases reports: This update includes 12 security fixes: 1444360 Critical CVE-2023-2721: Use after free in Navigation. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2023-05-10 1400905 High CVE-2023-2722: Use after free in Autofill UI. Reported by Rong Jian of VRI on 2022-12-14 1435166...

postgresql-server -- CREATE SCHEMA ... schema elements defeats protective search_path changes

PostgreSQL Project reports This enabled an attacker having database-level CREATE privilege to execute arbitrary code as the bootstrap superuser. Database owners have that right by default, and explicit grants may extend it to other users...

postgresql-server -- Row security policies disregard user ID changes after inlining

PostgreSQL Project reports While CVE-2016-2193 fixed most interaction between row security and user ID changes, it missed a scenario involving function inlining. This leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned...

MariaDB -- Nullpointer dereference

The MariaDB project reports: MariaDB Server is vulnerable to Denial of Service. It is possible for function spiderdbmbase::printwarnings to dereference a null pointer...

Gitlab -- Vulnerability

Gitlab reports: Smuggling code changes via merge requests with refs/replace...

vscode -- Visual Studio Code Information Disclosure Vulnerability

[email protected] reports: Visual Studio Code Information Disclosure Vulnerability A information disclosure vulnerability exists in VS Code 1.78.0 and earlier versions on Windows when file system operations are performed on malicious UNC paths. Examples include reading or resolving metadata of...

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Malicious Runner Attachment via GraphQL...

chromium -- multiple vulnerabilities

Chrome Releases reports: This update includes 15 security fixes: 1423304 Medium CVE-2023-2459: Inappropriate implementation in Prompts. Reported by Rong Jian of VRI on 2023-03-10 1419732 Medium CVE-2023-2460: Insufficient validation of untrusted input in Extensions. Reported by Martin Bajanik,...

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Privilege escalation for external users when OIDC is enabled under certain conditions Account takeover through open redirect for Group SAML accounts Users on banned IP addresses can still commit to projects User with developer role group can modify Protected branches setting on...

couchdb -- information sharing via couchjs processes

Nick Vatamane reports: Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using various design document functions...

Django -- multiple vulnerabilities

Django reports: CVE-2023-31047: Potential bypass of validation when uploading multiple files using one form field...

go -- multiple vulnerabilities

The Go project reports: crypto/tls: restrict RSA keys in certificates to = 8192 bits Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. Limit this by restricting the size of RSA keys transmitted during handshakes to = 8192...

h2o -- Malformed HTTP/1.1 causes Out-of-Memory Denial of Service

Elijah Glover reports: Malformed HTTP/1.1 requests can crash worker processes. occasionally locking up child workers and causing denial of service, and an outage dropping any open connections...

Grafana -- Exposure of sensitive information to an unauthorized actor

Grafana Labs reports: When setting up Grafana, there is an option to enable JWT authentication. Enabling this will allow users to authenticate towards the Grafana instance with a special header default X-JWT-Assertion . In Grafana, there is an additional way to authenticate using JWT called URL...

cloud-init -- sensitive data exposure in cloud-init logs

[email protected] reports: Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege...

git -- Multiple vulnerabilities

git developers reports: This update includes 2 security fixes: CVE-2023-25652: By feeding specially crafted input to git apply --reject, a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunks from the given patch CVE-2023-29007: A...