6581 matches found
clamav -- Multiple vulnerabilities
Simon Scannell reports: CVE-2023-20032 Fixed a possible remote code execution vulnerability in the HFS+ file parser. CVE-2023-20052 Fixed a possible remote information leak vulnerability in the DMG file parser...
curl -- multiple vulnerabilities
Harry Sintonen and Patrick Monnerat report: CVE-2023-23914 A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead...
git -- "git apply" overwriting paths outside the working tree
git team reports: By feeding a crafted input to "git apply", a path outside the working tree can be overwritten as the user who is running "git apply"...
git -- Local clone-based data exfiltration with non-local transports
git team reports: Using a specially-crafted repository, Git can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source $GITDIR/objects directory contains symbolic links c.f., CVE-2022-39253, the objects directory...
go -- multiple vulnerabilities
The Go project reports: path/filepath: path traversal in filepath.Clean on Windows On Windows, the filepath.Clean function could transform an invalid path such as a/../c:/b into the valid path c:\b. This transformation of a relative if invalid path into an absolute path could enable a directory...
phpmyfaq -- multiple vulnerabilities
phpmyfaq developers report: a bypass to flood admin with FAQ proposals stored XSS in questions stored HTML injections weak passwords...
GnuTLS -- timing sidechannel in RSA decryption
The GnuTLS project reports: A vulnerability was found that the response times to malformed RSA ciphertexts in ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding. Only TLS ciphertext processing is affected...
PostgreSQL server -- Client memory disclosure when connecting, with Kerberos, to modified server.
PostgreSQL Project reports: A modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. When a libpq client application has a Kerberos credential cache and doesn't explicitly disable option gssencmode, a server can cause libpq to...
py-cryptography -- includes a vulnerable copy of OpenSSL
pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 0.8.1-39.0.0 are vulnerable to a security issue. More details about the vulnerabilities themselves can be found in https://www.openssl.org/news/secadv/20221213.txt and...
LibreSSL -- Arbitrary memory read
The OpenBSD project reports: A malicious certificate revocation list or timestamp response token would allow an attacker to read arbitrary memory...
FreeBSD -- GELI silently omits the keyfile if read from stdin
Problem Description: When GELI reads a key file from a standard input, it doesn't store it anywhere. If the user tries to initialize multiple providers at once, for the second and subsequent devices the standard input stream will be already empty. In this case, GELI silently uses a NULL key as th...
xorg-server -- Security issue in the X server
The X.org project reports: CVE-2023-0494/ZDI-CAN-19596: X.Org Server DeepCopyPointerClasses use-after-free A dangling pointer in DeepCopyPointerClasses can be exploited by ProcXkbSetDeviceInfo and ProcXkbGetDeviceInfo to read/write into freed memory...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 15 security fixes, including: 1402270 High CVE-2023-0696: Type Confusion in V8. Reported by Haein Lee at KAIST Hacking Lab on 2022-12-18 1341541 High CVE-2023-0697: Inappropriate implementation in Full screen mode. Reported by Ahmed ElMasry on...
py-cryptography -- allows programmers to misuse an API
alex reports: Previously, Cipher.updateinto would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects such as bytes to be mutated, thus violating fundamental rules of Python. This is a soundness bug -- it allows...
OpenSSL -- Multiple vulnerabilities
The OpenSSL project reports: X.400 address type confusion in X.509 GeneralName CVE-2023-0286 High: There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for...
phpMyAdmin -- XSS vulnerability in drag-and-drop upload
phpMyAdmin Team reports: PMASA-2023-1 XSS vulnerability in drag-and-drop upload...
zeek -- potential DoS vulnerabilities
Tim Wojtulewicz of Corelight reports: A missing field in the SMB FSControl script-land record could cause a heap buffer overflow when receiving packets containing those header types. Receiving a series of packets that start with HTTP/1.0 and then switch to HTTP/0.9 could cause Zeek to spend a lar...
Django -- multiple vulnerabilities
Django reports: CVE-2023-23969: Potential denial-of-service via Accept-Language headers...
Django -- multiple vulnerabilities
Django reports: CVE-2023-24580: Potential denial-of-service vulnerability in file uploads...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Denial of Service via arbitrarily large Issue descriptions CSRF via file upload allows an attacker to take over a repository Sidekiq background job DoS by uploading malicious CI job artifact zips Sidekiq background job DoS by uploading a malicious Helm package...
Grafana -- Stored XSS in TraceView panel
Grafana Labs reports: During an internal audit of Grafana on January 30, a member of the engineering team found a stored XSS vulnerability affecting the TraceView panel. The stored XSS vulnerability was possible because the value of a span’s attributes/resources were not properly sanitized, and...
libde256 -- multiple vulnerabilities
Libde265 developer reports: This release fixes the known CVEs below. Many of them are actually caused by the same underlying issues that manifest in different ways...
py-cinder -- unauthorized data access
Utkarsh Gupta reports: An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specif...
Grafana -- Stored XSS in geomap panel plugin via attribution
Grafana Labs reports: During an internal audit of Grafana on January 25, a member of the security team found a stored XSS vulnerability affecting the core geomap plugin. The stored XSS vulnerability was possible because map attributions weren’t properly sanitized, allowing arbitrary JavaScript to...
Grafana -- Spoofing originalUrl of snapshots
Grafana Labs reports: A third-party penetration test of Grafana found a vulnerability in the snapshot functionality. The value of the originalUrl parameter is automatically generated. The purpose of the presented originalUrl parameter is to provide a user who views the snapshot with the possibili...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 6 security fixes, including: 1376354 High CVE-2023-0471: Use after free in WebTransport. Reported by chichoo Kimchichoo and Cassidy Kim@cassidy6564 on 2022-10-19 1405256 High CVE-2023-0472: Use after free in WebRTC. Reported by Cassidy Kim@cassidy656...
MySQL -- Multiple vulnerabilities
Oracle reports: This Critical Patch Update contains 37 new security patches for Oracle MySQL. 8 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network withouti requiring user credentials...
powerdns-recursor -- denial of service
PowerDNS Team reports: PowerDNS Security Advisory 2023-01: unbounded recursion results in program termination...
libXpm -- Issues handling XPM files
The X.Org project reports: CVE-2022-46285: Infinite loop on unclosed comments When reading XPM images from a file with libXpm 3.5.14 or older, if a comment in the file is not closed i.e. a C-style comment starts with "/" and is missing the closing "/", the ParseComment function will loop forever...
rack -- Multiple vulnerabilities
Aaron Patterson reports: CVE-2022-44570 Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests such as streaming applications, or...
git -- Heap overflow in `git archive`, `git log --format` leading to RCE
The git team reports: git log has the ability to display commits using an arbitrary format with its --format specifiers. This functionality is also exposed to git archive via the export-subst gitattribute. When processing the padding operators e.g., %, %, or % , an integer overflow can occur in...
Apache httpd -- Multiple vulnerabilities
The Apache httpd project reports: moddav out of bounds read, or write of zero byte CVE-2006-20001 moderate modproxyajp Possible request smuggling CVE-2022-36760 moderate modproxy prior to 2.4.55 allows a backend to trigger HTTP response splitting CVE-2022-37436 moderate...
git -- gitattributes parsing integer overflow
git team reports: gitattributes are used to define unique attributes corresponding to paths in your repository. These attributes are defined by .gitattributes files within your repository. The parser used to read these files has multiple integer overflows, which can occur when parsing either a...
redis -- multiple vulnerabilities
The Redis core team reports: CVE-2022-35977 Integer overflow in the Redis SETRANGE and SORT/SORTRO commands can drive Redis to OOM panic. CVE-2023-22458 Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER commands can lead to denial-of-service...
Spotipy -- Path traversal vulnerability
Stéphane Bruckert If a malicious URI is passed to the library, the library can be tricked into performing an operation on a different API endpoint than intended...
phpmyfaq -- multiple vulnerabilities
phpmyfaq developers report: phpMyFAQ does not implement sufficient checks to avoid a stored XSS in "Add new question" phpMyFAQ does not implement sufficient checks to avoid a stored XSS in admin user page phpMyFAQ does not implement sufficient checks to avoid a stored XSS in FAQ comments phpMyFAQ...
net/eternalterminal -- Multiple vulnerabilities
Mitre reports: etserver and etclient have predictable logfile names in /tmp and they are world-readable logfiles...
security/tor -- SOCKS4(a) inversion bug
The Tor Project reports: TROVE-2022-002: The SafeSocks option for SOCKS4a is inverted leading to SOCKS4 going through This is a report from hackerone: We have classified this as medium considering that tor was not defending in-depth for dangerous SOCKS request and so any user relying on SafeSocks...
cassandra3 -- multiple vulnerabilities
Cassandra tema reports: This release contains 6 security fixes including CVE-2022-24823: When Netty's multipart decoders are used local information disclosure can occur via the local system temporary directory CVE-2020-7238: Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles...
net/krill -- DoS vulnerability
MITRE reports: NLnet Labs Krill supports direct access to the RRDP repository content through its built-in web server at the "/rrdp" endpoint. Prior to 0.12.1 a direct query for any existing directory under "/rrdp/", rather than an RRDP file such as "/rrdp/notification.xml" as would be expected,...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 17 security fixes, including: 1353208 High CVE-2023-0128: Use after free in Overview Mode. Reported by Khalil Zhani on 2022-08-16 1382033 High CVE-2023-0129: Heap buffer overflow in Network Service. Reported by asnine on 2022-11-07 1370028 Medium...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Race condition on gitlab.com enables verified email forgery and third-party account hijacking DOS and high resource consumption of Prometheus server through abuse of Grafana integration proxy endpoint Maintainer can leak sentry token by changing the configured URL Maintainer can...
mantis -- multiple vulnerabilities
Mantis 2.25.6 release reports: Security and maintenance release 0031086: Private issue summary disclosure CVE-2023-22476 0030772: Update bundled moment.js to 2.29.4 CVE-2022-31129 0030791: Allow adding relation type noopener/noreferrer to outgoing links...
devel/viewvc-devel is vulnerable to cross-site scripting
C. Michael Pilato reports: security fix: escape revision view copy paths 311 CVE-2023-22464 security fix: escape revision view changed paths 311 CVE-2023-22456...
Grafana -- Stored XSS in text panel plugin
Grafana Labs reports: During an internal audit of Grafana on January 1, a member of the security team found a stored XSS vulnerability affecting the core text plugin. The stored XSS vulnerability requires several user interactions in order to be fully exploited. The vulnerability was possible due...
py-slixmpp -- incomplete SSL certificate validation
Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp...
Slixmpp -- Lack of SSL Certificate hostname validation in XMLStream
NIST reports: Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp...
freerdp -- multiple vulnerabilities
FreeRDP reports: GHSA-5w4j-mrrh-jjrm: Out of bound read in zgfx decoder. GHSA-99cm-4gw7-c8jh: Undefined behaviour in zgfx decoder. GHSA-387j-8j96-7q35: Division by zero in urbdrc channel. GHSA-mvxm-wfj2-5fvh: Missing length validation in urbdrc channel. GHSA-qfq2-82qr-7f4j: Heap buffer overflow i...
py27-setuptools44 -- denial of service vulnerability
SCH227 reports: Python Packaging Authority PyPA's setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page du...
py39-setuptools -- denial of service vulnerability
SCH227 reports: Python Packaging Authority PyPA's setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page du...