6538 matches found
MariaDB -- Multiple vulnerabilities
MariaDB reports: MariaDB reports 5 vulnerabilities in supported versions without further detailed information...
go -- multiple vulnerabilities
The Go project reports: crypto/elliptic: fix IsOnCurve for big.Int values that are not valid coordinates Some big.Int values that are not valid field elements negative or overflowing might cause Curve.IsOnCurve to incorrectly return true. Operating on those values may cause a panic or an invalid...
go -- multiple vulnerabilities
The Go project reports: regexp: stack exhaustion compiling deeply nested expressions On 64-bit platforms, an extremely deeply nested expression can cause regexp.Compile to cause goroutine stack exhaustion, forcing the program to exit. Note this applies to very large expressions, on the order of 2...
jenkins -- DoS vulnerability in bundled XStream library
Jenkins Security Advisory: Description Medium SECURITY-2602 / CVE-2021-43859 upstream issue, CVE-2022-0538 Jenkins-specific converters DoS vulnerability in bundled XStream library...
py-twisted -- cookie and authorization headers are leaked when following cross-origin redirects
Twisted developers report: Cookie and Authorization headers are leaked when following cross-origin redirects in twited.web.client.RedirectAgent and twisted.web.client.BrowserLikeRedirectAgent...
cyrus-sasl -- Escape password for SQL insert/update commands
Cyrus SASL 2.1.x Release Notes New in 2.1.28 reports: Escape password for SQL insert/update commands...
Gitlab -- multiple vulnerabilities
Gitlab reports: Arbitrary POST requests via special HTML attributes in Jupyter Notebooks DNS Rebinding vulnerability in Irker IRC Gateway integration Missing certificate validation for external CI services Blind SSRF Through Project Import Open redirect vulnerability in Jira Integration Issue lin...
py-treq -- sensitive information leak vulnerability
Treq's request methods treq.get, treq.post, HTTPClient.request, HTTPClient.get, etc. accept cookies as a dictionary. Such cookies are not bound to a single domain, and are therefore sent to every domain "supercookies". This can potentially cause sensitive information to leak upon an HTTP redirect...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 27 security fixes, including: 1284584 High CVE-2022-0452: Use after free in Safe Browsing. Reported by avaue at S.S.L. on 2022-01-05 1284916 High CVE-2022-0453: Use after free in Reader Mode. Reported by Rong Jian of VRI on 2022-01-06 1287962 High...
samba -- Multiple Vulnerabilities
The Samba Team reports: CVE-2021-43566: Malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. CVE-2021-44141: Information leak via symlinks of existance of files or directories outside of the...
OpenSSL -- BN_mod_exp incorrect results on MIPS
The OpenSSL project reports: BNmodexp may produce incorrect results on MIPS Moderate There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the...
polkit -- Local Privilege Escalation
Qualys reports: We discovered a Local Privilege Escalation from any user to root in polkit's pkexec, a SUID-root program that is installed by default on every major Linux distribution...
varnish -- Request Smuggling Vulnerability
Varnish Cache Project reports: A request smuggling attack can be performed on HTTP/1 connections on Varnish Cache servers. The smuggled request would be treated as an additional request by the Varnish server, go through normal VCL processing, and injected as a spurious response on the client...
Security Vulnerability found in ExifTool leading to RCE
Debian Security tracker reports: ExifTool.pm in ExifTool before 12.38 mishandles a file special characters check, leading to command injection...
xrdp -- privilege escalation
xrdp project reports: An integer underflow leading to a heap overflow in the sesman server allows any unauthenticated attacker which is accessible to a sesman server listens by default on localhost when installing xrdp, but can be remote if configured otherwise to execute code as root...
gitea -- information disclosure
The Gitea team reports: Prevent multiple To recipients: Change the mailer interface to prevent leaking of possible hidden email addresses when sending to multiple recipients...
mustache - Possible Remote Code Execution
huntr.dev reports: In Mustache.php v2.0.0 through v2.14.0, Sections tag can lead to arbitrary php code execution even if strictcallables is true when section value is controllable...
Rust -- Race condition enabling symlink following
The Rust Security Response WG was notified that the std::fs::removedirall standard library function is vulnerable to a race condition enabling symlink following CWE-363. An attacker could use this security issue to trick a privileged program into deleting files and directories the attacker couldn...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 26 security fixes, including: 1284367 Critical CVE-2022-0289: Use after free in Safe browsing. Reported by Sergei Glazunov of Google Project Zero on 2022-01-05 12601341260007 High CVE-2022-0290: Use after free in Site isolation. Reported by Brendon...
ipython -- Execution with Unnecessary Privileges
IPython project reports: IPython 8.0.1, 7.31.1 and 5.11 are security releases that change some default values in order to prevent potential Execution with Unnecessary Privileges...
MySQL -- Multiple vulnerabilities
Oracle reports: This Critical Patch Update contains 78 new security patches for Oracle MySQL. 3 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabilitie...
Grafana -- CSRF
Grafana Labs reports: On Jan. 18, security researchers @jub0bs and @abrahack contacted Grafana to disclose a CSRF vulnerability which allows anonymous attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users for example, Editors or...
Grafana -- Teams API IDOR
Grafana Labs reports: On Jan. 18, an external security researcher, Kürşad ALSAN from NSPECT.IO @nspectio on Twitter, contacted Grafana to disclose an IDOR Insecure Direct Object Reference vulnerability on Grafana Teams APIs. This vulnerability only impacts the following API endpoints:...
Grafana -- XSS
Grafana Labs reports: On Jan. 16, an external security researcher, Jasu Viding contacted Grafana to disclose an XSS vulnerability in the way that Grafana handles data sources. Should an existing data source connected to Grafana be compromised, it could be used to inappropriately gain access to...
aide -- heap-based buffer overflow
David Bouman reports: AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata such as XFS extended attributes or tmpfs ACLs, because of a heap-based buffer overflow. Aide uses a fixed size 16k bytes for the return buffer in encodebase64/decodebase64 functions. Th...
clamav -- invalid pointer read that may cause a crash
Laurent Delosieres reports: Fix for invalid pointer read that may cause a crash. This issue affects 0.104.1, 0.103.4 and prior when ClamAV is compiled with libjson-c and the CLSCANGENERALCOLLECTMETADATA scan option the clamscan --gen-json option is enabled...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory: Description Medium SECURITY-2558 / CVE-2022-20612 CSRF vulnerability in build triggers...
moonlight-embedded -- multiple vulnerabilities
The moonlight-embedded project reports: Moonlight Embedded v2.6.1 fixed CVE-2023-42799, CVE-2023-42800, and CVE-2023-42801...
FreeBSD -- vt console buffer overflow
Problem Description: Under certain conditions involving use of the highlight buffer while text is scrolling on the console, console data may overwrite data structures associated with the system console or other kernel memory. Impact: Users with access to the system console may be able to cause...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Arbitrary file read via group import feature Stored XSS in notes Lack of state parameter on GitHub import project OAuth Vulnerability related fields are available to unauthorized users on GraphQL API Deleting packages may cause table locks IP restriction bypass via GraphQL...
Prosody XMPP server advisory 2022-01-13
The Prosody teaM reports: It was discovered that an internal Prosody library to load XML based on does not properly restrict the XML features allowed in parsed XML data. Given suitable attacker input, this results in expansion of recursive entity references from DTDs CWE-776. In addition, dependi...
Node.js -- January 2022 Security Releases
Node.js reports: Improper handling of URI Subject Alternative Names MediumCVE-2021-44531 Accepting arbitrary Subject Alternative Name SAN types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js was accepting URI SAN...
uriparser -- Multiple vulnerabilities
Upstream project reports: Fix a bug affecting both uriNormalizeSyntax and uriMakeOwner functions where the text range in .hostText would not be duped using malloc but remain unchanged and hence "not owned" for URIs with an IPv4 or IPv6 address hostname; depending on how an application uses...
WordPress -- Multiple Vulnerabilities
The WordPress project reports: Issue with stored XSS through post slugs Issue with Object injection in some multisite installations SQL injection vulnerability in WPQuery SQL injection vulnerability in WPMetaQuery...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 37 security fixes, including: $TBD1275020 Critical CVE-2022-0096: Use after free in Storage. Reported by Yangkang @dnpushme of 360 ATA on 2021-11-30 1117173 High CVE-2022-0097: Inappropriate implementation in DevTools. Reported by David Erceg on...
Roundcube -- XSS vulnerability
The Roundcube project reports: Cross-site scripting XSS via HTML messages with malicious CSS content...
librecad -- out-of-bounds read in importshp plugin
Albin Eldstål-Ahrens reports: An out-of-bounds read on a heap buffer in the importshp plugin may allow an attacker to read sensitive data via a crafted DBF file...
minio -- User privilege escalation
minio developers report: AddUser API endpoint was exposed to a legacy behavior. i.e it accepts a "policy" field This API is mainly used to create a user or update a user's password. However, a malicious client can hand-craft an HTTP API call that allows for updating Policy for a user and gaining...
shells/fish -- arbitrary code execution via git
Peter Ammon reports: fish is a command line shell. fish version 3.1.0 through version 3.3.1 is vulnerable to arbitrary code execution. git repositories can contain per-repository configuration that change the behavior of git, including running arbitrary commands. When using the default...
py39-unicorn -- sandbox escape and arbitrary code execution vulnerability
jwang-a reports: An issue was discovered in splitregion in uc.c in Unicorn Engine before 2.0.0-rc5. It allows local attackers to escape the sandbox. An attacker must first obtain the ability to execute crafted code in the target sandbox in order to exploit this vulnerability. The specific flaw...
Apache httpd -- Multiple vulnerabilities
The Apache httpd project reports: moderate: Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlier CVE-2021-44224 A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer dereference or, for...
Django -- multiple vulnerabilities
Django Release reports: CVE-2021-45115: Denial-of-service possibility in UserAttributeSimilarityValidator. CVE-2021-45116: Potential information disclosure in dictsort template filter. CVE-2021-45452: Potential directory-traversal via Storage.save...
strongswan - Incorrect Handling of Early EAP-Success Messages
Strongswan Release Notes reports: Fixed a vulnerability in the EAP client implementation that was caused by incorrectly handling early EAP-Success messages. It may allow to bypass the client and in some scenarios even the server authentication, or could lead to a denial-of-service attack. This...
OpenSearch -- Log4Shell
OpenSearch reports: CVE-2021-45105 for Log4j was issued after the release of OpenSearch 1.2.2. This CVE advises upgrading to Log4j 2.17.0. While there has been no observed reproduction of the issue described in CVE-2021-45105 in OpenSearch, we have released OpenSearch 1.2.3 which updates Log4j to...
OpenSearch -- Log4Shell
OpenSearch reports: CVE-2021-45046 was issued shortly following the release of OpenSearch 1.2.1. This new CVE advises upgrading from Log4j 2.15.0 used in OpenSearch 1.2.1 to Log4j 2.16.0. Out of an abundance of caution, the team is releasing OpenSearch 1.2.2 which includes Log4j 2.16.0. While the...
OpenSSL -- Certificate validation issue
The OpenSSL project reports: Invalid handling of X509verifycert internal errors in libssl Moderate Internally libssl in OpenSSL calls X509verifycert on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error for...
Mbed TLS -- Potential double-free after an out of memory error
Manuel Pégourié-Gonnard reports: If mbedtlssslsetsession or mbedtlssslgetsession were to fail with MBEDTLSERRSSLALLOCFAILED in an out of memory condition, then calling mbedtlssslsessionfree and mbedtlssslfree in the usual manner would cause an internal session buffer to be freed twice, due to two...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 5 security fixes, including: 1263457 Critical CVE-2021-4098: Insufficient data validation in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2021-10-26 1270658 High CVE-2021-4099: Use after free in Swiftshader. Reported by Aki Helin of...
serviio -- affected by log4j vulnerability
Serviio reports: Serviio is affectred by the log4j vulnerability...
mediawiki -- multiple vulnerabilities
Mediawiki reports: T297543, CVE-2022-28202 Messages widthheight/widthheightpage/nbytes not escaped when used in galleries or Special:RevisionDelete. T297571, CVE-2022-28201 Title::newMainPage goes into an infinite recursion loop if it points to a local interwiki. T297731, CVE-2022-28203 Requestin...