element-web -- matrix-react-sdk vulnerable to HTML injection in search results via plaintext message highlighting

Matrix developers report: matrix-react-sdk is a react-based SDK for inserting a Matrix chat/VoIP client into a web page. Prior to version 3.71.0, plain text messages containing HTML tags are rendered as HTML in the search results. To exploit this, an attacker needs to trick a user into searching...

jellyfin -- Multiple vulnerabilities

[email protected] reports: Jellyfin is a free-software media system. Versions starting with 10.8.0 and prior to 10.8.10 and prior have a directory traversal vulnerability inside the ClientLogController, specifically /ClientLog/Document. When combined with a cross-site scripting...

phpmyfaq -- multiple vulnerabilities

phpmyfaq developers report: XSS email address manipulation...

mediawiki -- multiple vulnerabilities

Mediawiki reports: T335203, CVE-2023-29197 Upgrade guzzlehttp/psr7 to = 1.9.1/2.4.5. T335612, CVE-2023-36674 Manualthumb bypasses badFile lookup. T332889, CVE-2023-36675 XSS in BlockLogFormatter due to unsafe message use...

chromium -- multiple vulnerabilities

Chrome Releases reports: This update includes 8 security fixes: 1429197 High CVE-2023-2133: Out of bounds memory access in Service Worker API. Reported by Rong Jian of VRI on 2023-03-30 1429201 High CVE-2023-2134: Out of bounds memory access in Service Worker API. Reported by Rong Jian of VRI on...

Grafana -- Critical vulnerability in golang

Grafana Labs reports: An issue in how go handles backticks with Javascript can lead to an injection of arbitrary code into go templates. While Grafana Labs software contains potentially vulnerable versions of go, we have not identified any exploitable use cases at this time. The CVSS score for th...

MySQL -- Multiple vulnerabilities

Oracle reports: This Critical Patch Update contains 34 new security patches, plus additional third party patches noted below, for Oracle MySQL. 11 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials...

redis -- HINCRBYFLOAT can be used to crash a redis-server process

Redis core team reports: Authenticated users can use the HINCRBYFLOAT command to create an invalid hash field that may later crash Redis on access...

chromium -- multiple vulnerabilities

Chrome Releases reports: This update includes 2 security fixes: 1432210 High CVE-2023-2033: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group on 2023-04-11...

zeek -- potential DoS vulnerabilities

Tim Wojtulewicz of Corelight reports: Receiving DNS responses from async DNS requests via A specially-crafted stream of FTP packets containing a command reply with many intermediate lines can cause Zeek to spend a large amount of time processing data. A specially-crafted set of packets containing...

libxml2 -- multiple vulnerabilities

The libxml2 project reports: Hashing of empty dict strings isn't deterministic Fix null deref in xmlSchemaFixupComplexType...

chromium -- multiple vulnerabilities

Chrome Releases reports: This update includes 16 security fixes: 1414018 High CVE-2023-1810: Heap buffer overflow in Visuals. Reported by Weipeng Jiang @Krace of VRI on 2023-02-08 1420510 High CVE-2023-1811: Use after free in Frames. Reported by Thomas Orlita on 2023-03-01 1418224 Medium...

go -- multiple vulnerabilities

The Go project reports: go/parser: infinite loop in parsing Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow. html/template: backticks not treated as string delimiters Templates di...

py-wagtail -- DoS vulnerability

A memory exhaustion bug exists in Wagtail's handling of uploaded images and documents. For both images and documents, files are loaded into memory during upload for additional processing. A user with access to upload images or documents through the Wagtail admin interface could upload a file so...

py39-configobj -- vulnerable to Regular Expression Denial of Service

DarkTinia reports: All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate function, using .+?.. Note: This is only exploitable in the case of a developer, putting the offending value in a server side configuration file...

Configobj -- Regular Expression Denial of Service attack

[email protected] reports: All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate function, using .+?..Note: This is only exploitable in the case of a developer putting the offending value in a server side configuration file...

py-wagtail -- stored XSS vulnerability

A stored cross-site scripting XSS vulnerability exists on ModelAdmin views within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could potentially craft pages and documents that, when viewed by a user with higher privileges, could perform action...

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Cross-site scripting in "Maximum page reached" page Private project guests can read new changes using a fork Mirror repository error reveals password in Settings UI DOS and high resource consumption of Prometheus server through abuse of Prometheus integration proxy endpoint...

rubygem-time -- ReDoS vulnerability

oooooooq reports: The Time parser mishandles invalid strings that have specific characters. It causes an increase in execution time for parsing strings to Time objects...

samba -- multiple vulnerabilities

The Samba Team reports: An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory. The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset...

xorg-server -- Overlay Window Use-After-Free

The X.Org project reports: ZDI-CAN-19866/CVE-2023-1393: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability If a client explicitly destroys the compositor overlay window aka COW, the Xserver would leave a dangling pointer to that window in the CompScreen structure,...

powerdns-recursor -- denial of service

PowerDNS Team reports: PowerDNS Security Advisory 2023-02: Deterred spoofing attempts can lead to authoritative servers being marked unavailable...

OpenSSL -- Multiple vulnerabilities

The OpenSSL project reports: Severity: low Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. The function X509VERIFYPARAMadd0policy is documented to implicitly enable the certificate policy check...

rubygem-uri -- ReDoS vulnerability

Dominic Couture reports: A ReDoS issue was discovered in the URI component. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects...

Matrix clients -- Prototype pollution in matrix-js-sdk

Matrix developers report: Today we are issuing security releases of matrix-js-sdk and matrix-react-sdk to patch a pair of High severity vulnerabilities CVE-2023-28427 / GHSA-mwq8-fjpf-c2gr for matrix-js-sdk and CVE-2023-28103 / GHSA-6g43-88cp-w5gv for matrix-react-sdk. The issues involve prototyp...

py39-redis -- can send response data to the client of an unrelated request

drago-balto reports: redis-py through 4.5.3 and 4.4.3 leaves a connection open after canceling an async Redis command at an inopportune time in the case of a non-pipeline operation, and can send response data to the client of an unrelated request. NOTE: this issue exists because of an incomplete...

py39-redis -- can send response data to the client of an unrelated request

drago-balto reports: redis-py before 4.5.3, as used in ChatGPT and other products, leaves a connection open after canceling an async Redis command at an inopportune time in the case of a pipeline operation, and can send response data to the client of an unrelated request in an off-by-one manner...

ghostscript -- exploitable buffer overflow in (T)BCP in PS interpreter

[email protected] reports: In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less...

OpenSSL -- Excessive Resource Usage Verifying X.509 Policy Constraints

The OpenSSL project reports: Severity: Low A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious...

dino -- Insufficient message sender validation in Dino

Dino team reports: Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the personal bookmark store via a crafted message. The attacker can change the display of group chats or force a victim to join a group chat; the victim may then be tricked into disclosing...

tailscale -- security vulnerability in Tailscale SSH

Tailscale team reports: A vulnerability identified in the implementation of Tailscale SSH in FreeBSD allowed commands to be run with a higher privilege group ID than that specified by Tailscale SSH access rules...

py39-sentry-sdk -- sensitive cookies leak

Tom Wolters reports: When using the Django integration of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitive cookies could then be used by someone with access to your Sentry issues to impersonate or...

chromium -- multiple vulnerabilities

Chrome Releases reports: This update includes 8 security fixes: 1421773 High CVE-2023-1528: Use after free in Passwords. Reported by Wan Choi of Seoul National University on 2023-03-07 1419718 High CVE-2023-1529: Out of bounds memory access in WebHID. Reported by anonymous on 2023-02-27 1419831...

curl -- multiple vulnerabilities

Wei Chong Tan, Harry Sintonen, and Hiroki Kurosawa reports: This update fixes 4 security vulnerabilities: Medium CVE-2023-28319: UAF in SSH sha256 fingerprint check. Reported by Wei Chong Tan on 2023-03-21 Low CVE-2023-28320: siglongjmp race condition. Reported by Harry Sintonen on 2023-04-02 Low...

curl -- multiple vulnerabilities

Harry Sintonen reports: CVE-2023-27533 curl supports communicating using the TELNET protocol and as a part of this it offers users to pass on user name and "telnet options" for the server negotiation. Due to lack of proper input scrubbing and without it being the documented functionality, curl...

glpi -- multiple vulnerabilities

glpi Project reports: Multiple vulnerabilities found and fixed in this version: High CVE-2023-28849: SQL injection and Stored XSS via inventory agent request. High CVE-2023-28632: Account takeover by authenticated user. High CVE-2023-28838: SQL injection through dynamic reports. Moderate...

phpmyfaq -- multiple vulnerabilities

phpmyfaq developers report: XSS weak passwords privilege escalation Captcha bypass...

redis -- specially crafted MSETNX command can lead to denial-of-service

Yupeng Yang reports: Authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process...

Grafana -- Stored XSS in Graphite FunctionDescription tooltip

Grafana Labs reports: When a user adds a Graphite data source, they can then use the data source in a dashboard. This capability contains a feature to use Functions. Once a function is selected, a small tooltip appears when hovering over the name of the function. This tooltip allows you to delete...

rack -- possible denial of service vulnerability in header parsing

oooooooq reports: Carefully crafted input can cause header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse headers using Rack virtually all Rails applications are impacted...

Intel CPUs -- multiple vulnerabilities

Intel reports: 2024.1 IPU - Intel Processor Bus Lock Advisory A potential security vulnerability in the bus lock regulator mechanism for some Intel Processors may allow denial of service. Intel is releasing firmware updates to mitigate this potential vulnerability. 2024.1 IPU - Intel Processor...

traefik -- Use of vulnerable Go modules net/http, net/textproto

The Go project reports: HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially...

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description High SECURITY-3037 / CVE-2023-27898 XSS vulnerability in plugin manager Medium SECURITY-3030 / CVE-2023-24998 upstream issue, CVE-2023-27900 MultipartFormDataParser, CVE-2023-27901 StaplerRequest DoS vulnerability in bundled Apache Commons FileUpload library...

chromium -- multiple vulnerabilities

Chrome Releases reports: This update includes 40 security fixes: 1411210 High CVE-2023-1213: Use after free in Swiftshader. Reported by Jaehun Jeong@n3sk of Theori on 2023-01-30 1412487 High CVE-2023-1214: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2023-02-03 1417176...

Apache httpd -- Multiple vulnerabilities

The Apache httpd project reports: CVE-2023-27522: Apache HTTP Server: modproxyuwsgi HTTP response splitting cve.mitre.org. HTTP Response Smuggling vulnerability in Apache HTTP Server via modproxyuwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the...

py39-OWSLib -- arbitrary file read vulnerability

Jorge Rosillo reports: OWSLib's XML parser which supports both lxml and xml.etree does not disable entity resolution for lxml, and could lead to arbitrary file reads from an attacker-controlled XML payload. This affects all XML parsing in the codebase...

rack -- possible DoS vulnerability in multipart MIME parsing

Aaron Patterson reports: The Multipart MIME parsing code in Rack limits the number of file parts, but does not limit the total number of parts that can be uploaded. Carefully crafted requests can abuse this and cause multipart parsing to take longer than expected...

strongSwan -- certificate verification vulnerability

strongSwan reports: A vulnerability related to certificate verification in TLS-based EAP methods was discovered in strongSwan that results in a denial of service but possibly even remote code execution. Versions 5.9.8 and 5.9.9 may be affected...

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Stored XSS via Kroki diagram Prometheus integration Google IAP details are not hidden, may leak account details from instance/group/project settings Improper validation of SSO and SCIM tokens while managing groups Maintainer can leak Datadog API key by changing Datadog site...

piwigo -- SQL injection

Piwigo reports: Piwigo is affected by multiple SQL injection issues...