devel/viewvc-devel is vulnerable to cross-site scripting

C. Michael Pilato reports: security fix: escape revision view copy paths 311 CVE-2023-22464 security fix: escape revision view changed paths 311 CVE-2023-22456...

Grafana -- Stored XSS in text panel plugin

Grafana Labs reports: During an internal audit of Grafana on January 1, a member of the security team found a stored XSS vulnerability affecting the core text plugin. The stored XSS vulnerability requires several user interactions in order to be fully exploited. The vulnerability was possible due...

Slixmpp -- Lack of SSL Certificate hostname validation in XMLStream

NIST reports: Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp...

py-slixmpp -- incomplete SSL certificate validation

Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp...

freerdp -- multiple vulnerabilities

FreeRDP reports: GHSA-5w4j-mrrh-jjrm: Out of bound read in zgfx decoder. GHSA-99cm-4gw7-c8jh: Undefined behaviour in zgfx decoder. GHSA-387j-8j96-7q35: Division by zero in urbdrc channel. GHSA-mvxm-wfj2-5fvh: Missing length validation in urbdrc channel. GHSA-qfq2-82qr-7f4j: Heap buffer overflow i...

py39-setuptools58 -- denial of service vulnerability

SCH227 reports: Python Packaging Authority PyPA's setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page du...

py39-setuptools -- denial of service vulnerability

SCH227 reports: Python Packaging Authority PyPA's setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page du...

py27-setuptools44 -- denial of service vulnerability

SCH227 reports: Python Packaging Authority PyPA's setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page du...

Grafana -- Stored XSS in ResourcePicker component

Grafana Labs reports: On 2022-12-16 during an internal audit of Grafana, a member of the security team found a stored XSS vulnerability affecting the core plugin GeoMap. The stored XSS vulnerability was possible due to SVG-files weren't properly sanitized and allowed arbitrary JavaScript to be...

py-django-photologue -- XSS vulnerability

domiee13 reports: A vulnerability was found in django-photologue up to 3.15.1 and classified as problematic. Affected by this issue is some unknown functionality of the file photologue/templates/photologue/photodetail.html of the component Default Template Handler. The manipulation of the argumen...

xorg-server -- Multiple security issues in X server extensions

The X.org project reports: CVE-2022-46340/ZDI-CAN-19265: X.Org Server XTestSwapFakeInput stack overflow The swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. Th...

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 8 security fixes, including: 1383991 High CVE-2022-4436: Use after free in Blink Media. Reported by Anonymous on 2022-11-15 1394692 High CVE-2022-4437: Use after free in Mojo IPC. Reported by koocola@alocook and Guang Gong of 360 Vulnerability Resear...

typo3 -- multiple vulnerabilities

TYPO3 reports: TYPO3-CORE-SA-2022-012: Denial of Service in Page Error Handling. TYPO3-CORE-SA-2022-013: Weak Authentication in Frontend Login. TYPO3-CORE-SA-2022-014: Insufficient Session Expiration after Password Reset. TYPO3-CORE-SA-2022-015: Arbitrary Code Execution via Form Framework...

www/awstats -- Partial absolute pathname

MITRE reports: It seems 90 is not completely fixed in 7.8. that is, even after CVE-2017-1000501 and CVE-2020-29600 are fixed. In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname omitting the initial /etc, even though it was intended to only read a file in the...

phpmyfaq -- multiple vulnerabilities

phpmyfaq developers report: an authenticated SQL injection when adding categories in the admin backend a stored cross-site scripting vulnerability in the category name a stored cross-site scripting vulnerability in the admin logging a stored cross-site scripting vulnerability in the FAQ title a...

routinator -- multiple vulnerabilities

NLnet Labs report: This release fixes two issues in Routinator that can be exploited remotely by rogue RPKI CAs and repositories. We therefore advise all users of Routinator to upgrade to this release at their earliest convenience. The first issue, CVE-2022-39915, can lead to Routinator crashing...

traefik -- multiple vulnerabilities

The Traefik project reports: This update is recommended for all traefik users and provides following important security fixes: CVE-2022-23469: Authorization header displayed in the debug logs CVE-2022-46153: Routes exposed with an empty TLSOption in traefik...

emacs -- multiple vulnerabilities

Xi Lu reports: CVE-2022-48337 GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u ...

net-mgmt/cacti is vulnerable to remote command injection

cacti team reports: A command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device...

rxvt-unicode is vulnerable to a remote code execution

Marc Lehmann reports: The biggest issue is resolving CVE-2022-4170, which allows command execution inside urxvt from within the terminal that means anything that can output text in the terminal can start commands in the context of the urxvt process, even remotely...

chromium -- Type confusion in V8

Chrome Releases reports: This release contains 1 security fix: 1394403 High CVE-2022-4262: Type Confusion in V8. Reported by Clement Lecigne of Google's Threat Analysis Group on 2022-11-29 Google is aware that an exploit for CVE-2022-4262 exists in the wild...

xrdp -- multiple vulnerabilities

xrdp project reports: This update is recommended for all xrdp users and provides following important security fixes: CVE-2022-23468 CVE-2022-23477 CVE-2022-23478 CVE-2022-23479 CVE-2022-23480 CVE-2022-23481 CVE-2022-23483 CVE-2022-23482 CVE-2022-23484 CVE-2022-23493 These security issues are...

Asterisk -- multiple vulnerabilities

The Asterisk project reports: AST-2022-007: Remote Crash Vulnerability in H323 channel add on AST-2022-008: Use after free in respjsippubsub.c AST-2022-009: GetConfig AMI Action can read files outside of Asterisk directory...

mediawiki -- multiple vulnerabilities

Mediawikwi reports: T322637, CVE-2022-PENDING SECURITY: Make sqlite DB files not world readable...

netdata -- multiple vulnerabilities with streaming

Netdata reports: GHSA-xg38-3vmw-2978: Netdata Streaming Alert Command Injection GHSA-jx85-39cw-66f2: Netdata Streaming Authentication Bypass...

Gitlab -- Multiple Vulnerabilities

Gitlab reports: DAST API scanner exposes Authorization headers in vulnerabilities Group IP allow-list not fully respected by the Package Registry Deploy keys and tokens may bypass External Authorization service if it is enabled Repository import still allows to import 40 hexadecimal branches...

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 28 security fixes, including: 1379054 High CVE-2022-4174: Type Confusion in V8. Reported by Zhenghang Xiao @Kipreyyy on 2022-10-27 1381401 High CVE-2022-4175: Use after free in Camera Capture. Reported by Leecraso and Guang Gong of 360 Alpha Lab on...

FreeBSD -- Stack overflow in ping(8)

Problem Description: ping reads raw IP packets from the network to process responses in the prpack function. As part of processing a response ping has to reconstruct the IP header, the ICMP header and if present a "quoted packet," which represents the packet that generated an ICMP error. The quot...

emacs -- arbitary shell command execution vulnerability of ctags

lu4nx reports: GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags " command suggeste...

prometheus2 -- basic authentication bypass

Prometheus team reports: Prometheus and its exporters can be secured by a web.yml file that specifies usernames and hashed passwords for basic authentication. Passwords are hashed with bcrypt, which means that even if you have access to the hash, it is very hard to find the original password back...

zeek -- potential DoS vulnerabilities

Tim Wojtulewicz of Corelight reports: A specially-crafted series of HTTP 0.9 packets can cause Zeek to spend large amounts of time processing the packets. A specially-crafted FTP packet can cause Zeek to spend large amounts of time processing the command. A specially-crafted IPv6 packet can cause...

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 1 security fix: 1392715 High CVE-2022-4135: Heap buffer overflow in GPU. Reported by Clement Lecigne of Google's Threat Analysis Group on 2022-11-22 Google is aware that an exploit for CVE-2022-4135 exists in the wild...

qpress -- directory traversal

[email protected] reports: qpress before PierreLvx/qpress 20220819 and before version 11.3, as used in Percona XtraBackup and other products, allows directory traversal via ../ in a .qp file...

rubygem-cgi -- HTTP response splitting vulnerability

Hiroshi Tokumaru reports: If an application that generates HTTP responses using the cgi gem with untrusted user input, an attacker can exploit it to inject a malicious HTTP response header and/or body. Also, the contents for a CGI::Cookie object were not checked properly. If an application create...

py-tensorflow -- denial of service vulnerability

Kang Hong Jin, Neophytos Christou, 刘力源 and Pattarakrit Rattankul report: Another instance of CVE-2022-35935, where SobolSample is vulnerable to a denial of service via assumed scalar inputs, was found and fixed. Pattarakrit Rattankul reports: Another instance of CVE-2022-35991, where...

py-tflite -- buffer overflow vulnerability

Thibaut Goetghebuer-Planchon reports: The reference kernel of the CONV3DTRANSPOSE TensorFlow Lite operator wrongly increments the dataptr when adding the bias to the result. Instead of dataptr += numchannels; it should be dataptr += outputnumchannels; as if the number of input channels is differe...

tailscale -- Security vulnerability in the client

Tailscale team reports: A vulnerability identified in the Tailscale client allows a malicious website to access the peer API, which can then be used to access Tailscale environment variables...

FreeBSD -- Multiple vulnerabilities in Heimdal

Problem Description: Multiple security vulnerabilities have been discovered in the Heimdal implementation of the Kerberos 5 network authentication protocols and KDC. CVE-2022-42898 PAC parse integer overflows CVE-2022-3437 Overflows and non-constant time leaks in DES,3 and arcfour CVE-2021-44758...

ffmpeg -- multiple vulnerabilities

NVD reports: An issue was discovered in the FFmpeg package, where vp3decodeframe in libavcodec/vp3.c lacks check of the return value of avmalloc and will cause a null pointer dereference, impacting availability. A null pointer dereference issue was discovered in 'FFmpeg' in decodemainheader...

py-WsgiDAV -- XSS vulnerability

Implementations using this library with directory browsing enabled may be susceptible to Cross Site Scripting XSS attacks...

py-pymatgen -- regular expression denial of service

An exponential ReDoS Regular Expression Denial of Service can be triggered in the pymatgen PyPI package, when an attacker is able to supply arbitrary input to the GaussianInput.fromstring method...

zeek -- potential DoS vulnerabilities

Tim Wojtulewicz of Corelight reports: Fix an issue where a specially-crafted FTP packet can cause Zeek to spend large amounts of time attempting to search for valid commands in the data stream. Fix a possible overflow in the Zeek dictionary code that may lead to a memory leak. Fix an issue where ...

Grafana -- Privilege escalation

Grafana Labs reports: Internal security audit identified a race condition in the Grafana codebase, which allowed an unauthenticated user to query an arbitrary endpoint in Grafana. A race condition in the HTTP context creation could make a HTTP request being assigned the authentication/authorizati...

varnish -- HTTP/2 Request Forgery Vulnerability

Varnish Cache Project reports: A request forgery attack can be performed on Varnish Cache servers that have the HTTP/2 protocol turned on. An attacker may introduce characters through the HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server t...

varnish -- Request Smuggling Vulnerability

Varnish Cache Project reports: A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-by-hop, preventing the Varnish Cache servers from forwarding critical headers to the backend. Among the headers that can be filtered this way are bot...

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 10 security fixes, including: 1377816 High CVE-2022-3885: Use after free in V8. Reported by gzobqq@ on 2022-10-24 1372999 High CVE-2022-3886: Use after free in Speech Recognition. Reported by anonymous on 2022-10-10 1372695 High CVE-2022-3887: Use...

sudo -- Potential out-of-bounds write for small passwords

CVE.org reports: Sudo 1.8.0 through 1.9.12, with the crypt password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to sudo by entering a password of seven...

krb5 -- Integer overflow vulnerabilities in PAC parsing

MITKRB5-SA-2022-001 Vulnerabilities in PAC parsing: Due to an integer overflow vulnerabilities in PAC parsing An authenticated attacker may be able to cause a KDC or kadmind process to crash by reading beyond the bounds of allocated memory, creating a denial of service. On 32-bit platforms an...

py39-py -- Regular expression Denial of Service vulnerability

SCH227 reports: The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled...

Gitlab -- Multiple vulnerabilities

Gitlab reports: DAST analyzer sends custom request headers with every request Stored-XSS with CSP-bypass via scoped labels' color Maintainer can leak Datadog API key by changing integration URL Uncontrolled resource consumption when parsing URLs Issue HTTP requests when users view an OpenAPI...