Grafana -- OAuth Account Takeover

Grafana Labs reports: It is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP to take over an existing Grafana account under some conditions...

cURL -- Multiple vulnerabilities

The cURL project reports: CVE-2022-32205: Set-Cookie denial of service CVE-2022-32206: HTTP compression denial of service CVE-2022-32207: Unpreserved file permissions CVE-2022-32208: FTP-KRB bad message verification...

Grafana -- Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins

Grafana Labs reports: On June 26 a security researcher contacted Grafana Labs to disclose a vulnerability with the GitLab data source plugin that could leak the API key to GitLab. After further analysis the vulnerability impacts data source and plugin proxy endpoints with authentication tokens bu...

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description High SECURITY-2781 / CVE-2022-34170 SECURITY-2779, CVE-2022-34171 SECURITY-2761, CVE-2022-34172 SECURITY-2776, CVE-2022-34173 SECURITY-2780 Multiple XSS vulnerabilities Medium SECURITY-2566 / CVE-2022-34174 Observable timing discrepancy allows determining...

Tomcat -- XSS in examples web application

Apache Tomcat reports: The Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability...

OpenSSL -- Command injection vulnerability

The OpenSSL project reports: Circumstances where the crehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review...

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 14 security fixes, including: 1335458 Critical CVE-2022-2156: Use after free in Base. Reported by Mark Brand of Google Project Zero on 2022-06-11 1327312 High CVE-2022-2157: Use after free in Interest groups. Reported by Nan Wang@eternalsakura13 and...

Django -- multiple vulnerabilities

The Django Project reports: CVE-2022-34265: Potential SQL injection via Trunckind and Extractlookupname arguments...

Grafana -- Stored XSS

Grafana Labs reports: An attacker can exploit this vulnerability to escalate privilege from editor to admin by tricking an authenticated admin to click on a link. Note: Grafana Alerting is activated by default in Grafana 9.0...

Tor - Unspecified high severity vulnerability

Tor organization reports: TROVE-2022-001...

XFCE -- Allows executing malicious .desktop files pointing to remote code

XFCE Project reports: Prevent executing possibly malicious .desktop files from online sources ftp://, http:// etc...

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 7 security fixes, including: 1326210 High CVE-2022-2007: Use after free in WebGPU. Reported by David Manouchehri on 2022-05-17 1317673 High CVE-2022-2008: Out of bounds memory access in WebGL. Reported by khangkito - Tran Van Khang VinCSS on 2022-04-...

git -- Multiple vulnerabilities

This release contains 2 security fixes: CVE-2022-39253 When relying on the --local clone optimization, Git dereferences symbolic links in the source repository before creating hardlinks or copies of the dereferenced link in the destination repository. This can lead to surprising behavior where...

Python -- multiple vulnerabilities

Python reports: gh-103142: The version of OpenSSL used in Windows and Mac installers has been upgraded to 1.1.1u to address CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464, as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 fixed previously in 1.1.1t gh-101727. gh-102153:...

Apache httpd -- Multiple vulnerabilities

The Apache httpd project reports: CVE-2022-31813: modproxy X-Forwarded-For dropped by hop-by-hop mechanism. Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded- headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP...

libspf2 -- Integer Underflow Remote Code Execution

Trendmicro ZDI reports: Integer Underflow Remote Code Execution Vulnerability The specific flaw exists within the parsing of SPF macros. When parsing SPF macros, the process does not properly validate user-supplied data, which can result in an integer underflow before writing to memory. An attack...

webtrees -- vulnerability

Webtrees reports: GEDCOM imports containing errors and HTML displayed unescaped...

go -- multiple vulnerabilities

The Go project reports: crypto/rand: rand.Read hangs with extremely large buffers On Windows, rand.Read will hang indefinitely if passed a buffer larger than 1 32 - 1 bytes. crypto/tls: session tickets lack random ticketageadd Session tickets generated by crypto/tls did not contain a randomly...

zeek -- potential DoS vulnerabilty

Tim Wojtulewicz of Corelight reports: Fix potential hang in the DNS analyzer when receiving a specially-crafted packet. Due to the possibility of this happening with packets received from the network, this is a potential DoS vulnerability...

Gitlab -- multiple vulnerabilities

Gitlab reports: Account take over via SCIM email change Stored XSS in Jira integration Quick action commands susceptible to XSS IP allowlist bypass when using Trigger tokens IP allowlist bypass when using Project Deploy Tokens Improper authorization in the Interactive Web Terminal Subgroup member...

re2c -- uncontrolled recursion

re2c reports: re2c before 2.0 has uncontrolled recursion that causes stack consumption in findfixedtags...

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 32 security fixes, including: 1324864 Critical CVE-2022-1853: Use after free in Indexed DB. Reported by Anonymous on 2022-05-12 1320024 High CVE-2022-1854: Use after free in ANGLE. Reported by SeongHwan Park SeHwa on 2022-04-27 1228661 High...

halibut -- Segmentation fault, denial of service or possibly other unspecified impact via a crafted text document

[email protected] reports: CVE-2021-42612: A use after free in cleanupindex in index.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have other unspecified impact via a crafted text document. CVE-2021-42613: A double free in cleanupindex in index.c in Halibut 1.2 allows ...

MariaDB -- Multiple vulnerabilities

The MariaDB project reports: MariaDB fixed 23 vulnerabilities across all supported versions...

py-cinder -- data leak

Duncan Thomas reports: The 1 GlusterFS and 2 Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header...

mediawiki -- multiple vulnerabilities

Mediawiki reports: T308471 Username is not escaped in the "welcomeuser" message. T308473 Username not escaped in the contributions-title message. T309377, CVE-2022-29248 Update "guzzlehttp/guzzle" to version 6.5.6. T311384, CVE-2022-27776 Update "guzzlehttp/guzzle" to 6.5.8/7.4.5...

PostgreSQL Server -- execute arbitrary SQL code as DBA user

The PostgreSQL project reports: Confine additional operations within "security restricted operation" sandboxes. Autovacuum, CLUSTER, CREATE INDEX, REINDEX, REFRESH MATERIALIZED VIEW, and pgamcheck activated the "security restricted operation" protection mechanism too late, or even not at all in...

curl -- Multiple vulnerabilities

The curl project reports: CVE-2022-27778: curl removes wrong file on error CVE-2022-27779: cookie for trailing dot TLD CVE-2022-27780: percent-encoded path separator in URL host CVE-2022-27781: CERTINFO never-ending busy-loop CVE-2022-27782: TLS and SSH connection too eager reuse CVE-2022-30115:...

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 13 security fixes, including: 1316990 High CVE-2022-1633: Use after free in Sharesheet. Reported by Khalil Zhani on 2022-04-18 1314908 High CVE-2022-1634: Use after free in Browser UI. Reported by Khalil Zhani on 2022-04-09 1319797 High CVE-2022-1635...

rsyslog8 -- heap buffer overflow on receiving TCP syslog

Rainer Gerhards reports: Modules for TCP syslog reception have a heap buffer overflow when octet-counted framing is used. The attacker can corrupt heap values, leading to data integrity issues and availability impact. Remote code execution is unlikely to happen but not impossible...

clamav -- Multiple vulnerabilities

The ClamAV project reports: Fixed a possible double-free vulnerability in the OLE2 file parser. Issue affects versions 0.104.0 through 0.104.2. Issue identified by OSS-Fuzz. Fixed a possible infinite loop vulnerability in the CHM file parser. Issue affects versions 0.104.0 through 0.104.2 and LTS...

OpenSSL -- Multiple vulnerabilities

The OpenSSL project reports: The crehash script allows command injection CVE-2022-1292 Moderate The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On...

py-httpx -- input validation vulnerability

lebr0nli reports: Encode OSS httpx =1.0.0.beta0 is affected by improper input validation in httpx.URL, httpx.Client and some functions using httpx.URL.copywith...

cURL -- Multiple vulnerabilities

The cURL project reports: OAUTH2 bearer bypass in connection re-use CVE-2022-22576 Credential leak on redirect CVE-2022-27774 Bad local IPv6 connection reuse CVE-2022-27775 Auth/cookie leak on redirect CVE-2022-27776...

redis -- Multiple vulnerabilities

Aviv Yahav reports: CVE-2022-24735 By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis can inject Lua code that will execute with the potentially higher privileges of another Redis user. CVE-2022-24736 An attacker attempting to load a specially craft...

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 30 security fixes, including: 1313905 High CVE-2022-1477: Use after free in Vulkan. Reported by SeongHwan Park SeHwa on 2022-04-06 1299261 High CVE-2022-1478: Use after free in SwiftShader. Reported by SeongHwan Park SeHwa on 2022-02-20 1305190 High...

Rails -- XSS vulnerabilities

Ruby on Rails blog: This is an announcement to let you know that Rails 7.0.2.4, 6.1.5.1, 6.0.4.8, and 5.2.7.1 have been released! These are security releases so please update as soon as you can. Once again we've made these releases based on the last release tag, so hopefully upgrading will go...

eb -- Potential buffer overrun vulnerability

Kazuhiro Ito reports: Potential buffer overrun vulnerability is found in eb/multiplex.c...

gitea -- Escape git fetch remote

The Gitea team reports: Escape git fetch remote in services/migrations/giteauploader.go...

zeek -- potential DoS vulnerabilty

Tim Wojtulewicz of Corelight reports: Fix potential unbounded state growth in the FTP analyzer when receiving a specially-crafted stream of commands. This may lead to a buffer overflow and cause Zeek to crash. Due to the possibility of this happening with packets received from the network, this i...

rainloop -- cross-site-scripting (XSS) vulnerability

Simon Scannell reports: The code vulnerability can be easily exploited by an attacker by sending a malicious email to a victim that uses RainLoop as a mail client. When the email is viewed by the victim, the attacker gains full control over the session of the victim and can steal any of their...

squid -- Exposure of sensitive information in cache manager

Mikhail Evdokimov aka konata reports: Due to inconsistent handling of internal URIs Squid is vulnerable to Exposure of Sensitive Information about clients using the proxy. This problem allows a trusted client to directly access cache manager information bypassing the manager ACL protection. The...

MySQL -- Multiple vulnerabilities

Oracle reports: The 2022 April Critical Patch Update contains 43 new security patches for Oracle MySQL. 11 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials...

Asterisk -- multiple vulnerabilities

The Asterisk project reports: AST-2022-001 - When using STIR/SHAKEN, its possible to download files that are not certificates. These files could be much larger than what you would expect to download. AST-2022-002 - When using STIR/SHAKEN, its possible to send arbitrary requests like GET to...

Asterisk -- func_odbc: Possible SQL Injection

The Asterisk project reports: Some databases can use backslashes to escape certain characters, such as backticks. If input is provided to funcodbc which includes backslashes it is possible for funcodbc to construct a broken SQL query and the SQL query to fail...

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 2 security fixes, including: 1315901 High CVE-2022-1364: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group on 2022-0-13...

Composer -- Command injection vulnerability

Composer developers reports: The Composer method VcsDriver::getFileContent with user-controlled $file or $identifier arguments is susceptible to an argument injection vulnerability. It can be leveraged to gain arbitrary command execution if the Mercurial or the Git driver are used...

go -- syscall.Faccessat checks wrong group on Linux

The Go project reports: When called with a non-zero flags parameter, the syscall.Faccessat function could incorrectly report that a file is accessible. This bug only occurs on Linux systems...

Ruby -- Buffer overrun in String-to-Float conversion

piao reports: Due to a bug in an internal function that converts a String to a Float, some convertion methods like KernelFloat and Stringtof could cause buffer over-read. A typical consequence is a process termination due to segmentation fault, but in a limited circumstances, it may be exploitabl...

gogs -- XSS in issue attachments

The gogs project reports: Repository issues page allows HTML attachments with arbitrary JS code...