6538 matches found
Ruby -- Double free in Regexp compilation
piao reports: Due to a bug in the Regexp compilation process, creating a Regexp object with a crafted source string could cause the same memory to be freed twice. This is known as a "double free" vulnerability. Note that, in general, it is considered unsafe to create and use a Regexp object...
Subversion -- Multiple vulnerabilities in server code
Subversion project reports: Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization authz rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also...
go -- multiple vulnerabilities
The Go project reports: encoding/pem: fix stack overflow in Decode. A large more than 5 MB PEM input can cause a stack overflow in Decode, leading the program to crash. crypto/elliptic: tolerate all oversized scalars in generic P-256. A crafted scalar input longer than 32 bytes can cause...
MinIO -- unprivileged users can create service accounts for admin users
MinIO reports: A security issue was found where an unprivileged user is able to create service accounts for root or other admin users and then is able to assume their access policies via the generated credentials...
Nextcloud Calendar -- SMTP Command Injection
reports: SMTP Command Injection in Appointment Emails via Newlines: as newlines and special characters are not sanitized in the email value in the JSON request, a malicious attacker can inject newlines to break out of the RCPT TO: SMTP command and begin injecting arbitrary SMTP commands...
Chromium -- mulitple vulnerabilities
Chrome Releases reports: This release contains 11 security fixes, including: 1285234 High CVE-2022-1305: Use after free in storage. Reported by Anonymous on 2022-01-07 1299287 High CVE-2022-1306: Inappropriate implementation in compositing. Reported by Sven Dysthe on 2022-02-21 1301873 High...
zgrep -- arbitrary file write
RedHat reports: An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to...
FreeBSD -- Bhyve e82545 device emulation out-of-bounds write
Problem Description: The e1000 network adapters permit a variety of modifications to an Ethernet packet when it is being transmitted. These include the insertion of IP and TCP checksums, insertion of an Ethernet VLAN header, and TCP segmentation offload "TSO". The e1000 device model uses an...
FreeBSD -- Potential jail escape vulnerabilities in netmap
Problem Description: The total size of the user-provided nmreq to nmreqcopyin was first computed and then trusted during the copyin. This time-of-check to time-of-use bug could lead to kernel memory corruption. CVE-2022-23084 A user-provided integer option was passed to nmreqcopyin without checki...
FreeBSD -- zlib compression out-of-bounds write
Problem Description: Certain inputs can cause zlib's compression routine to overwrite an internal buffer with compressed data. This issue may require the use of uncommon or non-default compression parameters. Impact: The out-of-bounds write may result in memory corruption and an application crash...
FreeBSD -- mpr/mps/mpt driver ioctl heap out-of-bounds write
Problem Description: Handlers for CFGPAGE read / write ioctls in the mpr, mps, and mpt drivers allocated a buffer of a caller-specified size, but copied to it a fixed size header. Other heap content would be overwritten if the specified size was too small. Impact: Users with access to the mpr, mp...
FreeBSD -- 802.11 heap buffer overflow
Problem Description: The 802.11 beacon handling routine failed to validate the length of an IEEE 802.11s Mesh ID before copying it to a heap-allocated buffer. Impact: While a FreeBSD Wi-Fi client is in scanning mode i.e., not associated with a SSID a malicious beacon frame may overwrite kernel...
chromium -- Type confusion in V8
Chrome Releases reports: This release includes one security fix: 1311641 High CVE-2022-1232: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2022-03-30...
mutt -- mutt_decode_uuencoded() can read past the of the input line
Tavis Ormandy reports: muttdecodeuuencoded, the line length is read from the untrusted uuencoded part without validation. This could result in including private memory in message parts, for example fragments of other messages, passphrases or keys in replys...
Django -- multiple vulnerabilities
Django Release reports: CVE-2022-28346: Potential SQL injection in QuerySet.annotate, aggregate, and extra. CVE-2022-28347: Potential SQL injection via QuerySet.explainoptions on PostgreSQL...
Gitlab -- multiple vulnerabilities
Gitlab reports: Static passwords inadvertently set during OmniAuth-based registration Stored XSS in notes Stored XSS on Multi-word milestone reference Denial of service caused by a specially crafted RDoc file GitLab Pages access tokens can be reused on multiple domains GitLab Pages uses default...
dnsmasq -- heap use-after-free in dhcp6_no_relay
Petr Menšík reports: Possible vulnerability ... found in latest dnsmasq. It was found with help of oss-fuzz Google project by me and short after that independently also by Richard Johnson of Trellix Threat Labs. It is affected only by DHCPv6 requests, which could be crafted to modify already free...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 28 security fixes, including: 1292261 High CVE-2022-1125: Use after free in Portals. Reported by Khalil Zhani on 2022-01-29 1291891 High CVE-2022-1127: Use after free in QR Code Generator. Reported by anonymous on 2022-01-28 1301920 High CVE-2022-112...
chromium -- V8 type confusion
Chrome Releases reports: This release contains 1 security fix: 1309225 High CVE-2022-1096: Type Confusion in V8. Reported by anonymous on 2022-03-23 Google is aware that an exploit for CVE-2022-1096 exists in the wild...
powerdns-recursor -- denial of service
PowerDNS Team reports: PowerDNS Security Advisory 2022-01: incomplete validation of incoming IXFR transfer in Authoritative Server and Recursor...
powerdns -- denial of service
PowerDNS Team reports: PowerDNS Security Advisory 2022-01: incomplete validation of incoming IXFR transfer in Authoritative Server and Recursor...
e2fsprogs -- out-of-bounds read/write vulnerability
Nils Bars reports: During the processing of a specially fuzzed disk image, an out-of-bounds write is triggered and causes a segmentation fault SIGSEGV...
gitea -- Open Redirect on login
Andrew Thornton reports: When a location containing backslashes is presented, the existing protections against open redirect are bypassed, because browsers will convert adjacent forward and backslashes within the location to double forward slashes...
mitmproxy -- Insufficient Protection against HTTP Request Smuggling
Zeyu Zhang reports: In mitmproxy 7.0.4 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of another request/response's HTTP message body...
py-nicotine-plus -- Denial of service vulnerability
ztauras reports: Denial of service DoS vulnerability in Nicotine+ starting with version 3.0.3 and prior to version 3.2.1 allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character...
OpenSSL -- Infinite loop in BN_mod_sqrt parsing certificates
The OpenSSL project reports: Infinite loop in BNmodsqrt reachable when parsing certificates High The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that...
FreeBSD-kernel -- Multiple WiFi issues
Problem Description: The paper "Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation" reported a number of security vulnerabilities in the 802.11 specification related to frame aggregation and fragmentation. Additionally, FreeBSD 12.x missed length validation of SSIDs an...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 11 security fixes, including: 1299422 Critical CVE-2022-0971: Use after free in Blink Layout. Reported by Sergei Glazunov of Google Project Zero on 2022-02-21 1301320 High CVE-2022-0972: Use after free in Extensions. Reported by Sergei Glazunov of...
Apache httpd -- Multiple vulnerabilities
The Apache httpd project reports: modlua: Use of uninitialized value of in r:parsebody moderate CVE-2022-22719A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. HTTP request smuggling vulnerability important CVE-2022-22720 httpd fails...
Weechat -- Possible man-in-the-middle attack in TLS connection to servers
The Weechat project reports: After changing the options weechat.network.gnutlscasystem or weechat.network.gnutlscauser, the TLS verification function is lost. Consequently, any connection to a server with TLS is made without verifying the certificate, which could lead to a man-in-the-middle attac...
wordpress -- multiple issues
wordpress developers reports: This security and maintenance release features 1 bug fix in addition to 3 security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated. The security team would li...
kafka -- Denial Of Service vulnerability
NIST reports: jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects...
openvpn -- Potential authentication by-pass with multiple deferred authentication plug-ins
David Sommerseth reports: OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials...
py-httpie -- exposure of sensitive information vulnerabilities
Glyph reports: HTTPie is a command-line HTTP client. HTTPie has the practical concept of sessions, which help users to persistently store some of the state that belongs to the outgoing requests and incoming responses on the disk for further usage. Before 3.1.0, HTTPie didn't distinguish between...
gitea -- Improper/incorrect authorization
Youssef Rebahi-Gilbert reports: When Gitea is built and configured for PAM authentication it skips checking authorization completely. Therefore expired accounts and accounts with expired passwords can still login...
asterisk -- multiple vulnerabilities
The Asterisk project reports: AST-2022-004 - The header length on incoming STUN messages that contain an ERROR-CODE attribute is not properly checked. This can result in an integer underflow. Note, this requires ICE or WebRTC support to be in use with a malicious remote party. AST-2022-005 - When...
py-Scrapy -- exposure of sensitive information vulnerability
ranjit-git reports: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1...
py-Scrapy -- cookie injection vulnerability
Responses from domain names whose public domain name suffix contains 1 or more periods e.g. responses from example.co.uk, given its public domain name suffix is co.uk are able to set cookies that are included in requests to any other domain sharing the same domain name suffix...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 28 security fixes, including: 1289383 High CVE-2022-0789: Heap buffer overflow in ANGLE. Reported by SeongHwan Park SeHwa on 2022-01-21 1274077 High CVE-2022-0790: Use after free in Cast UI. Reported by Anonymous on 2021-11-26 1278322 High...
Apache OpenOffice -- master password vulnerabilities
The Apache Openoffice project reports: Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where the required initialization...
Gitlab -- multiple vulnerabilities
Gitlab reports: Runner registration token disclosure through Quick Actions Unprivileged users can add other users to groups through an API endpoint Inaccurate display of Snippet contents can be potentially misleading to users Environment variables can be leaked via the sendmail delivery method...
typo3 -- XSS vulnerability in svg-sanitize
The TYPO3 project reports: The SVG sanitizer library enshrined/svg-sanitize before version 0.15.0 did not remove HTML elements wrapped in a CDATA section. As a result, SVG content embedded in HTML fetched as text/html was susceptible to cross-site scripting. Plain SVG files fetched as image/svg+x...
seatd-launch -- remove files with escalated privileges with SUID
Kenny Levinsen reports: seatd-launch could use a user-specified socket path instead of the internally generated socket path, and would unlink the socket path before use to guard against collision with leftover sockets. This meant that a caller could freely control what file path would be unlinked...
flac -- fix encoder bug
The FLAC 1.3.4 release reports: Fix 12 decoder bugs found by oss-fuzz. Fix encoder bug CVE-2021-0561...
Qt5 -- QProcess unexpected search path
The Qt Company reports: Recently, the Qt Project's security team was made aware of an issue regarding QProcess and determined it to be a security issue on Unix-based platforms only. We do not believe this to be a considerable risk for applications as the likelihood of it being triggered is minima...
gitea -- password hash quality
The Gitea team reports: This PR refactors and improves the password hashing code within gitea and makes it possible for server administrators to set the password hashing parameters. In addition it takes the opportunity to adjust the settings for pbkdf2 in order to make the hashing a little...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 11 security fixes, including: 1290008 High CVE-2022-0603: Use after free in File Manager. Reported by Chaoyuan Peng @ret2happy on 2022-01-22 1273397 High CVE-2022-0604: Heap buffer overflow in Tab Groups. Reported by Krace on 2021-11-24 1286940 High...
MariaDB -- Multiple vulnerabilities
MariaDB reports: MariaDB reports 5 vulnerabilities in supported versions resulting from fuzzing tests...
zsh -- Arbitrary command execution vulnerability
Marc Cornellà reports: Some prompt expansion sequences, such as %F, support 'arguments' which are themselves expanded in case they contain colour values, etc. This additional expansion would trigger PROMPTSUBST evaluation, if enabled. This could be abused to execute code the user didn't expect...
cassandra3 -- arbitrary code execution
Marcus Eriksson reports: When running Apache Cassandra with the following configuration: enableuserdefinedfunctions: true enablescripteduserdefinedfunctions: true enableuserdefinedfunctionsthreads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need...