6580 matches found
chromium -- multiple vulnerabilities
Chrome Releases reports: This update includes 26 security fixes: 1448548 High CVE-2023-2312: Use after free in Offline. Reported by avaue at S.S.L. on 2023-05-24 1458303 High CVE-2023-4349: Use after free in Device Trust Connectors. Reported by Weipeng Jiang @Krace of VRI on 2023-06-27 1454817 Hi...
clamav -- Possible denial of service vulnerability in the HFS+ file parser
Steve Smith reports: There is a possible denial of service vulnerability in the HFS+ file parser...
postgresql-server -- MERGE fails to enforce UPDATE or SELECT row security policies
PostgreSQL Project reports PostgreSQL 15 introduced the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some row that INSERT policies do not forbid, a user could store such rows. Subsequent consequences...
postgresql-server -- Extension script @substitutions@ within quoting allow SQL injection
PostgreSQL Project reports An extension script is vulnerable if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". No bundled extension is vulnerable. Vulnerable uses do appear in a documentation example and in non-bundled extensions. Hence,...
libqb -- Buffer overflow
[email protected] reports: logblackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the header size is not considered...
krb5 -- Double-free in KDC TGS processing
The MIT krb5 Team reports: When issuing a ticket for a TGS renew or validate request, copy only the server field from the outer part of the header ticket to the new ticket. Copying the whole structure causes the encpart pointer to be aliased to the header ticket until krb5encrypttktpart is called...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update includes 17 security fixes: 1466183 High CVE-2023-4068: Type Confusion in V8. Reported by Jerry on 2023-07-20 1465326 High CVE-2023-4069: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2023-07-17 1462951 High CVE-2023-4070: Type Confusi...
electron{22,23,24,25} -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-3732. Security: backported fix for CVE-2023-3728. Security: backported fix for CVE-2023-3730...
FreeBSD -- Potential remote code execution via ssh-agent forwarding
Problem Description: The server may cause ssh-agent to load shared libraries other than those required for PKCS11 support. These shared libraries may have side effects that occur on load and unload dlopen and dlclose. Impact: An attacker with access to a server that accepts a forwarded ssh-agent...
Gitlab -- Vulnerabilities
Gitlab reports: ReDoS via ProjectReferenceFilter in any Markdown fields ReDoS via AutolinkFilter in any Markdown fields Regex DoS in Harbor Registry search Arbitrary read of files owned by the "git" user via malicious tar.gz file upload using GitLab export functionality Stored XSS in Web IDE Beta...
FreeBSD -- Network authentication attack via pam_krb5
Problem Description: The problem detailed in FreeBSD-SA-23:04.pamkrb5 persisted following the patch for that advisory. Impact: The impact described in FreeBSD-SA-23:04.pamkrb5 persists...
FreeBSD -- bhyve privileged guest escape via fwctl
Problem Description: The fwctl driver implements a state machine which is executed when the guest accesses certain x86 I/O ports. The interface lets the guest copy a string into a buffer resident in the bhyve process' memory. A bug in the state machine implementation can result in a buffer...
FreeBSD -- Remote denial of service in IPv6 fragment reassembly
Problem Description: Each fragment of an IPv6 packet contains a fragment header which specifies the offset of the fragment relative to the original packet, and each fragment specifies its length in the IPv6 header. When reassembling the packet, the kernel calculates the complete IPv6 payload...
OpenSSL -- Excessive time spent checking DH q parameter value
The OpenSSL project reports: Checking excessively long DH keys or parameters may be very slow severity: Low...
jenkins -- Stored XSS vulnerability
Jenkins Security Advisory: Description High SECURITY-3188 / CVE-2023-39151 Stored XSS vulnerability...
typo3 -- multiple vulnerabilities
TYPO3 reports: TYPO3-CORE-SA-2023-002: By-passing Cross-Site Scripting Protection in HTML Sanitizer TYPO3-CORE-SA-2023-003: Information Disclosure due to Out-of-scope Site Resolution TYPO3-CORE-SA-2023-004: Cross-Site Scripting in CKEditor4 WordCount Plugin...
OpenSSH -- remote code execution via a forwarded agent socket
OpenSSH project reports: Fix CVE-2023-38408 - a condition where specific libaries loaded via ssh-agent1's PKCS11 support could be abused to achieve remote code execution via a forwarded agent socket if the following conditions are met: Exploitation requires the presence of specific libraries on t...
samba -- multiple vulnerabilities
The Samba Team reports: CVE-2023-34967: Samba Spotlight mdssvc RPC Request Type Confusion DoS Vulnerability When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where keys are character strings and values can be any of the supported types in the...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update includes 20 security fixes: 1454086 High CVE-2023-3727: Use after free in WebRTC. Reported by Cassidy Kim@cassidy6564 on 2023-06-12 1457421 High CVE-2023-3728: Use after free in WebRTC. Reported by Zhenghang Xiao @Kipreyyy on 2023-06-23 1453465 High...
libsndfile_project -- Integer overflow in dataend calculation
[email protected] reports: Multiple signed integers overflow in function aureadheader in src/au.c and in functions mat4open and mat4readheader in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified impacts...
virtualbox-ose -- multiple vulnerabilities
[email protected] reports: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via RDP t...
virtualbox-ose -- multiple vulnerabilities
[email protected] reports: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructur...
virtualbox-ose -- multiple vulnerabilities
[email protected] reports: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure...
element-web -- Cross site scripting in Export Chat feature
Matrix Developers reports: The Export Chat feature includes certain attacker-controlled elements in the generated document without sufficient escaping, leading to stored XSS...
MySQL -- Multiple vulnerabilities
Oracle reports: This Critical Patch Update contains 24 new security patches for Oracle MySQL. 11 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials...
phpmyfaq -- multiple vulnerabilities
phpmyfaq developers report: Cross Site Scripting vulnerability CSV injection vulnerability...
OpenSSL -- AES-SIV implementation ignores empty associated data entries
The OpenSSL project reports: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence...
GLPI vulnerable to SQL injection via dashboard administration
[email protected] reports: GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An administrator can trigger SQL injection via dashboards administration. This vulnerability has been patched in...
electron22 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-3422. Security: backported fix for CVE-2023-3421. Security: backported fix for CVE-2023-3420...
redis -- heap overflow in COMMAND GETKEYS and ACL evaluation
Redis core team reports: Extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Specifically: using COMMAND GETKEYS and validation of key names in ACL...
redis -- Heap overflow in the cjson and cmsgpack libraries
Redis core team reports: A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson and cmsgpack libraries, and result in heap corruption and potentially remote code execution...
GLPI vulnerable to unauthorized access to KnowbaseItem data
[email protected] reports: GLPI is a free asset and IT management software package. Versions of the software starting with 9.2.0 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user, allows access to the view all KnowbaseItems. Version...
GLPI vulnerable to SQL injection through Computer Virtual Machine information
[email protected] reports: GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.8, Computer Virtual Machine form and GLPI inventory request can be used to perform a SQL injection attack. Version 10.0.8 has a patch for this issue...
GLPI vulnerable to unauthorized access to User data
[email protected] reports: GLPI is a free asset and IT management software package. Versions of the software starting with 0.68 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user. This allows access to the list of all users and their...
GLPI vulnerable to SQL injection via inventory agent request
[email protected] reports: GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.8, GLPI inventory endpoint can be used to drive a SQL injection attack. By default, GLPI inventory endpoint requires no authentication. Version...
GLPI vulnerable to unauthenticated access to Dashboard data
[email protected] reports: GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a file allows an unauthenticated user to be able to access dashboards data. Version 10.0.8 contains a patch for this...
GLPI vulnerable to unauthorized access to Dashboard data
[email protected] reports: GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a on a file accessible by an authenticated user or not for certain actions, allows a threat actor to interact, modif...
GLPI vulnerable to reflected XSS in search pages
[email protected] reports: GLPI is a free asset and IT management software package. Starting in version 9.4.0 and prior to version 10.0.8, a malicious link can be crafted by an unauthenticated user that can exploit a reflected XSS in case any authenticated user opens the crafted link...
electron{23,24} -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-3422. Security: backported fix for CVE-2023-3421. Security: backported fix for CVE-2023-3420...
Gitlab -- Vulnerabilities
Gitlab reports: A user can change the name and path of some public GitLab groups...
Django -- multiple vulnerabilities
Django reports: CVE-2023-36053: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator...
SoftEtherVPN -- multiple vulnerabilities
Daiyuu Nobori reports: The SoftEther VPN project received a high level code review and technical assistance from Cisco Systems, Inc. of the United States from April to June 2023 to fix several vulnerabilities in the SoftEther VPN code. The risk of exploitation of any of the fixed vulnerabilities ...
Gitlab -- Vulnerabilities
Gitlab reports: ReDoS via EpicReferenceFilter in any Markdown fields New commits to private projects visible in forks created while project was public New commits to private projects visible in forks created while project was public Maintainer can leak masked webhook secrets by manipulating URL...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update includes 4 security fixes: 1452137 High CVE-2023-3420: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2023-06-07 1447568 High CVE-2023-3421: Use after free in Media. Reported by Piotr Bania of Cisco Talos on 2023-05-22 1450397 High...
electron{23,24} -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-3215. Security: backported fix for CVE-2023-3216...
Grafana -- Account takeover / authentication bypass
Grafana Labs reports: Grafana validates Azure Active Directory accounts based on the email claim. On Azure AD, the profile email field is not unique across Azure AD tenants. This can enable a Grafana account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant...
electron22 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-3215. Security: backported fix for CVE-2023-3216. Security: backported fix for CVE-2023-0698. Security: backported fix for CVE-2023-0932...
FreeBSD -- ssh-add does not honor per-hop destination constraints
Problem Description: When using ssh-add1 to add smartcard keys to ssh-agent1 with per-hop destination constraints, a logic error prevented the constraints from being sent to the agent resulting in keys being added to the agent without constraints. Impact: A malicious server could leverage the key...
FreeBSD -- Network authentication attack via pam_krb5
Problem Description: pamkrb5 authenticates the user by essentially running kinit1 with the password, getting a ticket-granting ticket' tgt from the Kerberos KDC Key Distribution Center over the network, as a way to verify the password. Normally, the system running the pamkrb5 module will also hav...
gitea -- Disallow dangerous URL schemes
The Gitea team reports: Disallow javascript, vbscript and data data uri images still work url schemes even if all other schemes are allowed...