6581 matches found
gitea -- Disallow dangerous URL schemes
The Gitea team reports: Disallow javascript, vbscript and data data uri images still work url schemes even if all other schemes are allowed...
libX11 -- Sub-object overflows
The X.Org project reports: Buffer overflows in InitExt.c in libX11 prior to 1.8.6 CVE-2023-3138 The functions in src/InitExt.c in libX11 prior to 1.8.6 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, usi...
jenkins -- CSRF protection bypass vulnerability
Jenkins Security Advisory: Description High SECURITY-3135 / CVE-2023-35141 CSRF protection bypass vulnerability...
electron23 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-2724. Security: backported fix for CVE-2023-2725. Security: backported fix for CVE-2023-2721. Security: backported fix for CVE-2023-3079. Security: backported fix for CVE-2023-2933...
electron24 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-3079. Security: backported fix for CVE-2023-2933. Security: backported fix for CVE-2023-2932. Security: backported fix for CVE-2023-2931. Security: backported fix for CVE-2023-2936...
electron22 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-2724. Security: backported fix for CVE-2023-2723. Security: backported fix for CVE-2023-2725. Security: backported fix for CVE-2023-2721. Security: backported fix for CVE-2023-3079...
Borg (Backup) -- flaw in cryptographic authentication scheme in Borg allowed an attacker to fake archives and indirectly cause backup data loss.
Thomas Waldmann reports: A flaw in the cryptographic authentication scheme in Borg allowed an attacker to fake archives and potentially indirectly cause backup data loss in the repository. The attack requires an attacker to be able to insert files with no additional headers into backups gain writ...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update includes 5 security fixes: 1450568 Critical CVE-2023-3214: Use after free in Autofill payments. Reported by Rong Jian of VRI on 2023-06-01 1446274 High CVE-2023-3215: Use after free in WebRTC. Reported by asnine on 2023-05-17 1450114 High CVE-2023-3216: Type...
vscode -- VS Code Information Disclosure Vulnerability
VSCode developers reports: VS Code Information Disclosure Vulnerability A information disclosure vulnerability exists in VS Code 1.79.0 and earlier versions on Windows when file system operations are performed on malicious UNC paths. Examples include reading or resolving metadata of such paths. A...
xmltooling -- remote resource access
Shibboleth consortium reports: An updated version of the XMLTooling library that is part of the OpenSAML and Shibboleth Service Provider software is now available which corrects a server-side request forgery SSRF vulnerability. Including certain legal but "malicious in intent" content in the...
acme.sh -- closes potential remote vuln
Neil Pang reports: HiCA was injecting arbitrary code/commands into the certificate obtaining process and acme.sh is running them on the client machine...
gitea -- multiple issues
The Gitea team reports: Test if container blob is accessible before mounting. Set type="password" on all authtoken fields Seen when migrating from other hosting platforms. Prevents exposing the token to screen capture/cameras/eyeballs. Prevents the browser from saving the value in its autocomplet...
gitea -- avoid open HTTP redirects
The Gitea team reports: If redirectto parameter has set value starting with \example.com redirect will be created with header Location: /\example.com that will redirect to example.com domain...
gitea -- information disclosure
The Gitea team reports: Fix API leaking Usermail if not logged in The API should only return the real Mail of a User, if the caller is logged in. The check do to this don't work. This PR fixes this. This not really a security issue, but can lead to Spam...
Grafana -- Broken access control: viewer can send test alerts
Grafana Labs reports: Grafana can allow an attacker in the Viewer role to send alerts by API Alert - Test. This option, however, is not available in the user panel UI for the Viewer role. The CVSS score for this vulnerability is 4.1 Medium CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N...
Grafana -- Grafana DS proxy race condition
Grafana Labs reports: We have discovered a vulnerability with Grafana’s data source query endpoints that could end up crashing a Grafana instance. If you have public dashboards PD enabled, we are scoring this as a CVSS 7.5 High. If you have disabled PD, this vulnerability is still a risk, but...
Gitlab -- Vulnerability
Gitlab reports: Stored-XSS with CSP-bypass in Merge requests ReDoS via FrontMatterFilter in any Markdown fields ReDoS via InlineDiffFilter in any Markdown fields ReDoS via DollarMathPostFilter in Markdown fields DoS via malicious test report artifacts Restricted IP addresses can clone repositorie...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update includes 2 security fixes: 1450481 High CVE-2023-3079: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group on 2023-06-01...
Kanboard -- Multiple vulnerabilities
Kanboard is project management software that focuses on the Kanban methodology. The last update includes 4 vulnerabilities: [email protected] reports: Missing access control in internal task links feature Stored Cross site scripting in the Task External Link Functionality in Kanboard...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update includes 16 security fixes: 1410191 High CVE-2023-2929: Out of bounds write in Swiftshader. Reported by Jaehun Jeong@n3sk of Theori on 2023-01-25 1443401 High CVE-2023-2930: Use after free in Extensions. Reported by asnine on 2023-05-08 1444238 High...
OpenSSL -- Possible DoS translating ASN.1 identifiers
The OpenSSL project reports: Severity: Moderate. Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow...
Kanboard -- Clipboard based cross-site scripting (blocked with default CSP) in Kanboard
[email protected] reports: Kanboard is project management software that focuses on the Kanban methodology. Due to improper handling of elements under the contentEditable element, maliciously crafted clipboard content can inject arbitrary HTML tags into the DOM. A low-privileged...
OpenEXR -- heap buffer overflow in internal_huf_decompress
oss-fuzz reports: heap buffer overflow in internalhufdecompress. Cary Phillips reports: v3.1.9 - Patch release that addresses ... also OSS-fuzz 59382 Heap-buffer-overflow in internalhufdecompress Kimball Thurston reports: Fix scenario where malformed dwa file could read past end of buffer - fixes...
Openfire administration console authentication bypass
[email protected] reports: Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configure...
zeek -- potential DoS vulnerabilities
Tim Wojtulewicz of Corelight reports: A specially-crafted series of FTP packets with a CMD command with a large path followed by a very large number of replies could cause Zeek to spend a long time processing the data. A specially-crafted with a truncated header can cause Zeek to overflow memory...
phpmyfaq -- multiple vulnerabilities
phpmyfaq developers report: Multiple XSS vulnerabilities...
electron -- vulnerability
Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2023-29469...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update includes 12 security fixes: 1444360 Critical CVE-2023-2721: Use after free in Navigation. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2023-05-10 1400905 High CVE-2023-2722: Use after free in Autofill UI. Reported by Rong Jian of VRI on 2022-12-14 1435166...
postgresql-server -- CREATE SCHEMA ... schema elements defeats protective search_path changes
PostgreSQL Project reports This enabled an attacker having database-level CREATE privilege to execute arbitrary code as the bootstrap superuser. Database owners have that right by default, and explicit grants may extend it to other users...
postgresql-server -- Row security policies disregard user ID changes after inlining
PostgreSQL Project reports While CVE-2016-2193 fixed most interaction between row security and user ID changes, it missed a scenario involving function inlining. This leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned...
MariaDB -- Nullpointer dereference
The MariaDB project reports: MariaDB Server is vulnerable to Denial of Service. It is possible for function spiderdbmbase::printwarnings to dereference a null pointer...
Gitlab -- Vulnerability
Gitlab reports: Smuggling code changes via merge requests with refs/replace...
vscode -- Visual Studio Code Information Disclosure Vulnerability
[email protected] reports: Visual Studio Code Information Disclosure Vulnerability A information disclosure vulnerability exists in VS Code 1.78.0 and earlier versions on Windows when file system operations are performed on malicious UNC paths. Examples include reading or resolving metadata of...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Malicious Runner Attachment via GraphQL...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update includes 15 security fixes: 1423304 Medium CVE-2023-2459: Inappropriate implementation in Prompts. Reported by Rong Jian of VRI on 2023-03-10 1419732 Medium CVE-2023-2460: Insufficient validation of untrusted input in Extensions. Reported by Martin Bajanik,...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Privilege escalation for external users when OIDC is enabled under certain conditions Account takeover through open redirect for Group SAML accounts Users on banned IP addresses can still commit to projects User with developer role group can modify Protected branches setting on...
couchdb -- information sharing via couchjs processes
Nick Vatamane reports: Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using various design document functions...
Django -- multiple vulnerabilities
Django reports: CVE-2023-31047: Potential bypass of validation when uploading multiple files using one form field...
go -- multiple vulnerabilities
The Go project reports: crypto/tls: restrict RSA keys in certificates to = 8192 bits Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. Limit this by restricting the size of RSA keys transmitted during handshakes to = 8192...
h2o -- Malformed HTTP/1.1 causes Out-of-Memory Denial of Service
Elijah Glover reports: Malformed HTTP/1.1 requests can crash worker processes. occasionally locking up child workers and causing denial of service, and an outage dropping any open connections...
cloud-init -- sensitive data exposure in cloud-init logs
[email protected] reports: Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege...
Grafana -- Exposure of sensitive information to an unauthorized actor
Grafana Labs reports: When setting up Grafana, there is an option to enable JWT authentication. Enabling this will allow users to authenticate towards the Grafana instance with a special header default X-JWT-Assertion . In Grafana, there is an additional way to authenticate using JWT called URL...
git -- Multiple vulnerabilities
git developers reports: This update includes 2 security fixes: CVE-2023-25652: By feeding specially crafted input to git apply --reject, a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunks from the given patch CVE-2023-29007: A...
element-web -- matrix-react-sdk vulnerable to HTML injection in search results via plaintext message highlighting
Matrix developers report: matrix-react-sdk is a react-based SDK for inserting a Matrix chat/VoIP client into a web page. Prior to version 3.71.0, plain text messages containing HTML tags are rendered as HTML in the search results. To exploit this, an attacker needs to trick a user into searching...
jellyfin -- Multiple vulnerabilities
[email protected] reports: Jellyfin is a free-software media system. Versions starting with 10.8.0 and prior to 10.8.10 and prior have a directory traversal vulnerability inside the ClientLogController, specifically /ClientLog/Document. When combined with a cross-site scripting...
phpmyfaq -- multiple vulnerabilities
phpmyfaq developers report: XSS email address manipulation...
mediawiki -- multiple vulnerabilities
Mediawiki reports: T335203, CVE-2023-29197 Upgrade guzzlehttp/psr7 to = 1.9.1/2.4.5. T335612, CVE-2023-36674 Manualthumb bypasses badFile lookup. T332889, CVE-2023-36675 XSS in BlockLogFormatter due to unsafe message use...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update includes 8 security fixes: 1429197 High CVE-2023-2133: Out of bounds memory access in Service Worker API. Reported by Rong Jian of VRI on 2023-03-30 1429201 High CVE-2023-2134: Out of bounds memory access in Service Worker API. Reported by Rong Jian of VRI on...
Grafana -- Critical vulnerability in golang
Grafana Labs reports: An issue in how go handles backticks with Javascript can lead to an injection of arbitrary code into go templates. While Grafana Labs software contains potentially vulnerable versions of go, we have not identified any exploitable use cases at this time. The CVSS score for th...
MySQL -- Multiple vulnerabilities
Oracle reports: This Critical Patch Update contains 34 new security patches, plus additional third party patches noted below, for Oracle MySQL. 11 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials...