libxml2 -- Possible denial of service

Daniel Veillard reports: A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service...

Prometheus -- arbitrary redirects

Prometheus reports: Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an attacker to craft an...

gitea -- multiple vulnerabilities

The Gitea Team reports for release 1.14.5: Hide mirror passwords on repo settings page 16022 16355 Update bluemonday to v1.0.15 16379 16380...

gitea -- multiple vulnerabilities

The Gitea Team reports for release 1.14.3: Encrypt migration credentials at rest 15895 16187 Only check access tokens if they are likely to be tokens 16164 16171 Add missing SameSite settings for the ilikegitea cookie 16037 16039 Fix setting of SameSite on cookies 15989 15991...

PostgreSQL -- Memory disclosure in partitioned-table UPDATE ... RETURNING

The PostgreSQL project reports: Using an UPDATE ... RETURNING on a purpose-crafted partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can create prerequisite objects and complete this attack at will. A user lacki...

PostgreSQL server -- two security issues

The PostgreSQL project reports: Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an attacker can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can crea...

py-flask-caching -- remote code execution or local privilege escalation vulnerabilities

subnix reports: The Flask-Caching extension through 2.0.2 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage e.g., filesystem, Memcached, Redis, etc., they can construct a crafted payloa...

Prosody -- multiple vulnerabilities

The Prosody security advisory 2021-05-12 reports: This advisory details 5 new security vulnerabilities discovered in the Prosody.im XMPP server software. All issues are fixed in the 0.11.9 release default configuration. CVE-2021-32918: DoS via insufficient memory consumption controls...

libX11 -- Arbitrary code execution

The X.org project reports: XLookupColor and other X libraries function lack proper validation of the length of their string parameters. If those parameters can be controlled by an external application for instance a color name that can be emitted via a terminal control sequence it can lead to the...

py-matrix-synapse -- malicious push rules may be used for a denial of service attack.

Matrix developers report: "Push rules" can specify conditions under which they will match, including eventmatch, which matches event content against a pattern including wildcards. Certain patterns can cause very poor performance in the matching engine, leading to a denial-of-service when processi...

RabbitMQ -- Denial of Service in AMQP1.0 plugin

Pivotal.io reports: All versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint...

RabbitMQ -- Denial of Service via improper input validation

Jonathon Knudsen of Synopsys Cybersecurity Research Center reports: All versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious client can exploit the vulnerability by sending malicious AMQP...

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 19 security fixes, including: 1180126 High CVE-2021-30506: Incorrect security UI in Web App Installs. Reported by @retsew0x01 on 2021-02-19 1178202 High CVE-2021-30507: Inappropriate implementation in Offline. Reported by Alison Huffman, Microsoft...

tomcat -- HTTP request smuggling in multiple versions

Bahruz Jabiyev, Steven Sprecher and Kaan Onarlioglu of NEU seclab reports: Apache Tomcat did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: Tomcat incorrectly ignored...

asterisk -- pjproject/pjsip: crash when SSL socket destroyed during handshake

The Asterisk project reports: Depending on the timing, it's possible for Asterisk to crash when using a TLS connection if the underlying socket parent/listener gets destroyed during the handshake...

cyrus-imapd -- Remote authenticated users could bypass intended access restrictions on certain server annotations.

Cyrus IMAP 3.4.1 Release Notes states: Fixed CVE-2021-32056: Remote authenticated users could bypass intended access restrictions on certain server annotations. Additionally, a long-standing bug in replication did not allow server annotations to be replicated. Combining these two bugs, a remote...

Rails -- multiple vulnerabilities

Ruby on Rails blog: Rails versions 6.1.3.2, 6.0.3.7, and 5.2.6 have been released! These releases contain important security fixes. Here is a list of the issues fixed: CVE-2021-22885: Possible Information Disclosure / Unintended Method Execution in Action Pack CVE-2021-22902: Possible Denial of...

py-impacket -- multiple path traversal vulnerabilities

asolino reports: Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achieve arbitrary code...

readstat -- Heap buffer overflow in readstat_convert

Google reports: A heap buffer overflow exists in readstatconvert...

libpano13 -- arbitrary memory access through format string vulnerability

libpano13 developers reports: Fix crash and security issue caused by malformed filename prefix...

Apache OpenOffice -- multiple vulnerabilities.

The Apache Openoffice project reports: Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A careful...

redis -- multiple vulnerabilities

Redis project reports: Vulnerability in the STRALGO LCS command An integer overflow bug in Redis version 6.0 or newer could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. Vulnerability in the COPY command for large intsets An...

wayland -- integer overflow

Tobias Stoeckmann reports: The libXcursor fix for CVE-2013-2003 has never been imported into wayland, leaving it vulnerable to it...

RDoc -- command injection vulnerability

Alexandr Savca reports: RDoc used to call Kernelopen to open a local file. If a Ruby project has a file whose name starts with | and ends with tags, the command following the pipe character is executed. A malicious Ruby project could exploit it to run an arbitrary command execution against a user...

go -- multiple vulnerabilities

The Go project reports: The SetString and UnmarshalText methods of math/big.Rat may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents. ReverseProxy in net/http/httputil could be made to forward certain hop-by-hop headers, including Connection. In case the...

zeek -- several potential DoS vulnerabilities

Tim Wojtulewicz of Corelight reports: Fix potential Undefined Behavior in decodenetbiosname and decodenetbiosnametype BIFs. The latter has a possibility of a remote heap-buffer-overread, making this a potential DoS vulnerability. Add some extra length checking when parsing mobile ipv6 packets. Du...

samba -- negative idmap cache entries vulnerability

The Samba Team reports: CVE-2021-20254: Negative idmap cache entries can cause incorrect group entries in the Samba file server process token...

gitea -- multiple vulnerabilities

The Gitea Team reports for release 1.15.0: Encrypt LDAP bind password in db with SECRETKEY 15547 Remove random password in Dockerfiles 15362 Upgrade to the latest version of golang-jwt and increase minimum go to 1.15 16590 16606 Correctly create of git-daemon-export-ok files 16508 16514 Don't sho...

md4c -- DoS attack

[email protected] reports: mdanalyzeline in md4c.c in md4c 0.4.7 allows attackers to trigger use of uninitialized memory, and cause a denial of service via a malformed Markdown document...

mantis -- multiple vulnerabilities

Mantis 2.25.1 and 2.25.2 releases report: Security and maintenance release, PHPMailer update to 6.5.0 0028552: XSS in managecustomfieldeditpage.php CVE-2021-33557 0028821: Update PHPMailer to 6.5.0 CVE-2021-3603, CVE-2020-36326...

Gitlab -- Vulnerabilities

Gitlab reports: Read API scoped tokens can execute mutations Pull mirror credentials were exposed Denial of Service when querying repository branches API Non-owners can set systemnotetimestamp when creating / updating issues DeployToken will impersonate a User with the same ID when using Dependen...

sympa -- Inappropriate use of the cookie parameter can be a security threat. This parameter may also not provide sufficient security.

Earlier versions of Sympa require a parameter named cookie in sympa.conf configuration file. This parameter was used to make some identifiers generated by the system unpredictable. For example, it was used as following: To be used as a salt to encrypt passwords stored in the database by the RC4...

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 9 security fixes, including: 1199345 High CVE-2021-21227: Insufficient data validation in V8. Reported by Gengming Liu of Singular Security Lab on 2021-04-15 1175058 High CVE-2021-21232: Use after free in Dev Tools. Reported by Abdulrahman Alqabandi,...

Exiv2 -- Multiple vulnerabilities

Exiv2 teams reports: Multiple vulnerabilities covering buffer overflows, out-of-bounds, read of uninitialized memory and denial of serivce. The heap overflow is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to ga...

sbibboleth-sp -- denial of service vulnerability

Shibboleth project reports: Session recovery feature contains a null pointer deference. The cookie-based session recovery feature added in V3.0 contains a flaw that is exploitable on systems not using the feature if a specially crafted cookie is supplied. This manifests as a crash in the shibd...

go -- net/http: ReadRequest can stack overflow due to recursion with very large headers

The Go project reports: http.ReadRequest can stack overflow due to recursion when given a request with a very large header 8-10MB depending on the architecture. A http.Server which overrides the default max header of 1MB by setting Server.MaxHeaderBytes to a much larger value could also be...

Django -- multiple vulnerabilities

Django Release reports: CVE-2021-31542:Potential directory-traversal via uploaded files. MultiPartParser, UploadedFile, and FieldFile allowed directory-traversal via uploaded files with suitably crafted file names...

drupal7 -- fix possible CSS

Drupal Security team reports: Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. Not all sites and users are affected, but configuration changes to prevent the exploit might be impractical and will vary between sites. Therefore, we recommend...

jenkins -- Denial of service vulnerability in bundled Jetty

Jenkins Security Advisory: Description High JENKINS-65280 / CVE-2021-28165 Denial of service vulnerability in bundled Jetty...

MySQL -- Multiple vulnerabilities

Oracle reports: This Critical Patch Update contains 49 new security patches for Oracle MySQL. 10 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabiliti...

chromium -- multiple vulnerabilities

Chrome Reelases reports: This release includes 7 security fixes, including: 1194046 High CVE-2021-21222: Heap buffer overflow in V8. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2021-03-30 1195308 High CVE-2021-21223: Integer overflow in Mojo. Reported by Guang Gong of Alpha Lab, Qihoo 360 o...

Consul -- Multiple vulnerabilities

Hashicorp reports: Add content-type headers to raw KV responses to prevent XSS attacks CVE-2020-25864. audit-logging: Parse endpoint URL to prevent requests from bypassing the audit log CVE-2021-28156...

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 37 security fixes, including: 1025683 High CVE-2021-21201: Use after free in permissions. Reported by Gengming Liu, Jianyu Chen at Tencent Keen Security Lab on 2019-11-18 1188889 High CVE-2021-21202: Use after free in extensions. Reported by David...

Gitlab -- Vulnerabilities

GitLab Team reports: Remote code execution when uploading specially crafted image files Update Rexml...

asterisk -- Remote crash when using IAX2 channel driver

The Asterisk project reports: If the IAX2 channel driver receives a packet that contains an unsupported media format it can cause a crash to occur in Asterisk...

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains two security fixes: 1196781 High CVE-2021-21206: Use after free in Blink. Reported by Anonymous on 2021-04-07 1196683 High CVE-2021-21220: Insufficient validation of untrusted input in V8 for x8664. Reported by Bruno Keith @bkth and Niklas Baumstark...

xorg-server -- Input validation failures in X server XInput extension

X.Org server security reports for release 1.20.11: Fix XChangeFeedbackControl request underflow...

mosquitto -- NULL pointer dereference

Roger Light reports: If an authenticated client connected with MQTT v5 sent a malformed CONNACK message to the broker a NULL pointer dereference occurred, most likely resulting in a segfault. Note: a CVE is referenced in the github commit but it appears to be for a python-bleach vulnerability so ...

tomcat -- JNDI Realm Authentication Weakness in multiple versions

ilja.farber reports: Queries made by the JNDI Realm did not always correctly escape parameters. Parameter values could be sourced from user provided data eg user names as well as configuration data provided by an administrator. In limited circumstances it was possible for users to authenticate...

opengrok -- Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise OpenGrok.

Bobby Rauch of Accenture reports: I ended up finding OpenGrok, and after careful testing, discovered that OpenGrok insecurely deserializes XML input, which can lead to Remote Code Execution. This vulnerability was found in all versions of OpenGrok 1.6.8 and was reported to Oracle. The vulnerabili...