6582 matches found
OpenSSL -- Command injection vulnerability
The OpenSSL project reports: Circumstances where the crehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review...
Django -- multiple vulnerabilities
The Django Project reports: CVE-2022-34265: Potential SQL injection via Trunckind and Extractlookupname arguments...
Grafana -- Stored XSS
Grafana Labs reports: An attacker can exploit this vulnerability to escalate privilege from editor to admin by tricking an authenticated admin to click on a link. Note: Grafana Alerting is activated by default in Grafana 9.0...
Tor - Unspecified high severity vulnerability
Tor organization reports: TROVE-2022-001...
XFCE -- Allows executing malicious .desktop files pointing to remote code
XFCE Project reports: Prevent executing possibly malicious .desktop files from online sources ftp://, http:// etc...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 7 security fixes, including: 1326210 High CVE-2022-2007: Use after free in WebGPU. Reported by David Manouchehri on 2022-05-17 1317673 High CVE-2022-2008: Out of bounds memory access in WebGL. Reported by khangkito - Tran Van Khang VinCSS on 2022-04-...
git -- Multiple vulnerabilities
This release contains 2 security fixes: CVE-2022-39253 When relying on the --local clone optimization, Git dereferences symbolic links in the source repository before creating hardlinks or copies of the dereferenced link in the destination repository. This can lead to surprising behavior where...
Apache httpd -- Multiple vulnerabilities
The Apache httpd project reports: CVE-2022-31813: modproxy X-Forwarded-For dropped by hop-by-hop mechanism. Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded- headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP...
Python -- multiple vulnerabilities
Python reports: gh-103142: The version of OpenSSL used in Windows and Mac installers has been upgraded to 1.1.1u to address CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464, as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 fixed previously in 1.1.1t gh-101727. gh-102153:...
libspf2 -- Integer Underflow Remote Code Execution
Trendmicro ZDI reports: Integer Underflow Remote Code Execution Vulnerability The specific flaw exists within the parsing of SPF macros. When parsing SPF macros, the process does not properly validate user-supplied data, which can result in an integer underflow before writing to memory. An attack...
webtrees -- vulnerability
Webtrees reports: GEDCOM imports containing errors and HTML displayed unescaped...
go -- multiple vulnerabilities
The Go project reports: crypto/rand: rand.Read hangs with extremely large buffers On Windows, rand.Read will hang indefinitely if passed a buffer larger than 1 32 - 1 bytes. crypto/tls: session tickets lack random ticketageadd Session tickets generated by crypto/tls did not contain a randomly...
zeek -- potential DoS vulnerabilty
Tim Wojtulewicz of Corelight reports: Fix potential hang in the DNS analyzer when receiving a specially-crafted packet. Due to the possibility of this happening with packets received from the network, this is a potential DoS vulnerability...
Gitlab -- multiple vulnerabilities
Gitlab reports: Account take over via SCIM email change Stored XSS in Jira integration Quick action commands susceptible to XSS IP allowlist bypass when using Trigger tokens IP allowlist bypass when using Project Deploy Tokens Improper authorization in the Interactive Web Terminal Subgroup member...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 32 security fixes, including: 1324864 Critical CVE-2022-1853: Use after free in Indexed DB. Reported by Anonymous on 2022-05-12 1320024 High CVE-2022-1854: Use after free in ANGLE. Reported by SeongHwan Park SeHwa on 2022-04-27 1228661 High...
re2c -- uncontrolled recursion
re2c reports: re2c before 2.0 has uncontrolled recursion that causes stack consumption in findfixedtags...
halibut -- Segmentation fault, denial of service or possibly other unspecified impact via a crafted text document
[email protected] reports: CVE-2021-42612: A use after free in cleanupindex in index.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have other unspecified impact via a crafted text document. CVE-2021-42613: A double free in cleanupindex in index.c in Halibut 1.2 allows ...
MariaDB -- Multiple vulnerabilities
The MariaDB project reports: MariaDB fixed 23 vulnerabilities across all supported versions...
py-cinder -- data leak
Duncan Thomas reports: The 1 GlusterFS and 2 Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header...
mediawiki -- multiple vulnerabilities
Mediawiki reports: T308471 Username is not escaped in the "welcomeuser" message. T308473 Username not escaped in the contributions-title message. T309377, CVE-2022-29248 Update "guzzlehttp/guzzle" to version 6.5.6. T311384, CVE-2022-27776 Update "guzzlehttp/guzzle" to 6.5.8/7.4.5...
curl -- Multiple vulnerabilities
The curl project reports: CVE-2022-27778: curl removes wrong file on error CVE-2022-27779: cookie for trailing dot TLD CVE-2022-27780: percent-encoded path separator in URL host CVE-2022-27781: CERTINFO never-ending busy-loop CVE-2022-27782: TLS and SSH connection too eager reuse CVE-2022-30115:...
PostgreSQL Server -- execute arbitrary SQL code as DBA user
The PostgreSQL project reports: Confine additional operations within "security restricted operation" sandboxes. Autovacuum, CLUSTER, CREATE INDEX, REINDEX, REFRESH MATERIALIZED VIEW, and pgamcheck activated the "security restricted operation" protection mechanism too late, or even not at all in...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 13 security fixes, including: 1316990 High CVE-2022-1633: Use after free in Sharesheet. Reported by Khalil Zhani on 2022-04-18 1314908 High CVE-2022-1634: Use after free in Browser UI. Reported by Khalil Zhani on 2022-04-09 1319797 High CVE-2022-1635...
rsyslog8 -- heap buffer overflow on receiving TCP syslog
Rainer Gerhards reports: Modules for TCP syslog reception have a heap buffer overflow when octet-counted framing is used. The attacker can corrupt heap values, leading to data integrity issues and availability impact. Remote code execution is unlikely to happen but not impossible...
clamav -- Multiple vulnerabilities
The ClamAV project reports: Fixed a possible double-free vulnerability in the OLE2 file parser. Issue affects versions 0.104.0 through 0.104.2. Issue identified by OSS-Fuzz. Fixed a possible infinite loop vulnerability in the CHM file parser. Issue affects versions 0.104.0 through 0.104.2 and LTS...
OpenSSL -- Multiple vulnerabilities
The OpenSSL project reports: The crehash script allows command injection CVE-2022-1292 Moderate The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On...
py-httpx -- input validation vulnerability
lebr0nli reports: Encode OSS httpx =1.0.0.beta0 is affected by improper input validation in httpx.URL, httpx.Client and some functions using httpx.URL.copywith...
cURL -- Multiple vulnerabilities
The cURL project reports: OAUTH2 bearer bypass in connection re-use CVE-2022-22576 Credential leak on redirect CVE-2022-27774 Bad local IPv6 connection reuse CVE-2022-27775 Auth/cookie leak on redirect CVE-2022-27776...
redis -- Multiple vulnerabilities
Aviv Yahav reports: CVE-2022-24735 By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis can inject Lua code that will execute with the potentially higher privileges of another Redis user. CVE-2022-24736 An attacker attempting to load a specially craft...
Rails -- XSS vulnerabilities
Ruby on Rails blog: This is an announcement to let you know that Rails 7.0.2.4, 6.1.5.1, 6.0.4.8, and 5.2.7.1 have been released! These are security releases so please update as soon as you can. Once again we've made these releases based on the last release tag, so hopefully upgrading will go...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 30 security fixes, including: 1313905 High CVE-2022-1477: Use after free in Vulkan. Reported by SeongHwan Park SeHwa on 2022-04-06 1299261 High CVE-2022-1478: Use after free in SwiftShader. Reported by SeongHwan Park SeHwa on 2022-02-20 1305190 High...
gitea -- Escape git fetch remote
The Gitea team reports: Escape git fetch remote in services/migrations/giteauploader.go...
eb -- Potential buffer overrun vulnerability
Kazuhiro Ito reports: Potential buffer overrun vulnerability is found in eb/multiplex.c...
zeek -- potential DoS vulnerabilty
Tim Wojtulewicz of Corelight reports: Fix potential unbounded state growth in the FTP analyzer when receiving a specially-crafted stream of commands. This may lead to a buffer overflow and cause Zeek to crash. Due to the possibility of this happening with packets received from the network, this i...
rainloop -- cross-site-scripting (XSS) vulnerability
Simon Scannell reports: The code vulnerability can be easily exploited by an attacker by sending a malicious email to a victim that uses RainLoop as a mail client. When the email is viewed by the victim, the attacker gains full control over the session of the victim and can steal any of their...
squid -- Exposure of sensitive information in cache manager
Mikhail Evdokimov aka konata reports: Due to inconsistent handling of internal URIs Squid is vulnerable to Exposure of Sensitive Information about clients using the proxy. This problem allows a trusted client to directly access cache manager information bypassing the manager ACL protection. The...
MySQL -- Multiple vulnerabilities
Oracle reports: The 2022 April Critical Patch Update contains 43 new security patches for Oracle MySQL. 11 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials...
Asterisk -- multiple vulnerabilities
The Asterisk project reports: AST-2022-001 - When using STIR/SHAKEN, its possible to download files that are not certificates. These files could be much larger than what you would expect to download. AST-2022-002 - When using STIR/SHAKEN, its possible to send arbitrary requests like GET to...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 2 security fixes, including: 1315901 High CVE-2022-1364: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group on 2022-0-13...
Asterisk -- func_odbc: Possible SQL Injection
The Asterisk project reports: Some databases can use backslashes to escape certain characters, such as backticks. If input is provided to funcodbc which includes backslashes it is possible for funcodbc to construct a broken SQL query and the SQL query to fail...
Composer -- Command injection vulnerability
Composer developers reports: The Composer method VcsDriver::getFileContent with user-controlled $file or $identifier arguments is susceptible to an argument injection vulnerability. It can be leveraged to gain arbitrary command execution if the Mercurial or the Git driver are used...
gogs -- XSS in issue attachments
The gogs project reports: Repository issues page allows HTML attachments with arbitrary JS code...
Subversion -- Multiple vulnerabilities in server code
Subversion project reports: Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization authz rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also...
go -- syscall.Faccessat checks wrong group on Linux
The Go project reports: When called with a non-zero flags parameter, the syscall.Faccessat function could incorrectly report that a file is accessible. This bug only occurs on Linux systems...
go -- multiple vulnerabilities
The Go project reports: encoding/pem: fix stack overflow in Decode. A large more than 5 MB PEM input can cause a stack overflow in Decode, leading the program to crash. crypto/elliptic: tolerate all oversized scalars in generic P-256. A crafted scalar input longer than 32 bytes can cause...
Ruby -- Buffer overrun in String-to-Float conversion
piao reports: Due to a bug in an internal function that converts a String to a Float, some convertion methods like KernelFloat and Stringtof could cause buffer over-read. A typical consequence is a process termination due to segmentation fault, but in a limited circumstances, it may be exploitabl...
Ruby -- Double free in Regexp compilation
piao reports: Due to a bug in the Regexp compilation process, creating a Regexp object with a crafted source string could cause the same memory to be freed twice. This is known as a "double free" vulnerability. Note that, in general, it is considered unsafe to create and use a Regexp object...
Nextcloud Calendar -- SMTP Command Injection
reports: SMTP Command Injection in Appointment Emails via Newlines: as newlines and special characters are not sanitized in the email value in the JSON request, a malicious attacker can inject newlines to break out of the RCPT TO: SMTP command and begin injecting arbitrary SMTP commands...
Chromium -- mulitple vulnerabilities
Chrome Releases reports: This release contains 11 security fixes, including: 1285234 High CVE-2022-1305: Use after free in storage. Reported by Anonymous on 2022-01-07 1299287 High CVE-2022-1306: Inappropriate implementation in compositing. Reported by Sven Dysthe on 2022-02-21 1301873 High...
MinIO -- unprivileged users can create service accounts for admin users
MinIO reports: A security issue was found where an unprivileged user is able to create service accounts for root or other admin users and then is able to assume their access policies via the generated credentials...