6581 matches found
openexr, ilmbase -- security fixes related to reading corrupted input files
Cary Phillips reports: Patch release with various bug/sanitizer/security fixes, primarily related to reading corrupted input files...
asterisk -- An unsuspecting user could crash Asterisk with multiple hold/unhold requests
The Asterisk project reports: Due to a signedness comparison mismatch, an authenticated WebRTC client could cause a stack overflow and Asterisk crash by sending multiple hold/unhold requests in quick succession...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Improper Certificate Validation for Fortinet OTP Denial of Service Attack on gitlab-shell Resource exhaustion due to pending jobs Confidential issue titles were exposed Improper access control allowed demoted project members to access authored merge requests Improper access contro...
Rails -- multiple vulnerabilities
Ruby on Rails blog: Rails version 5.2.4.5, 6.0.3.5 and 6.1.2.1 have been released! Those version are security releases and addresses two issues: CVE-2021-22880: Possible DoS Vulnerability in Active Record PostgreSQL adapter. CVE-2021-22881: Possible Open Redirect in Host Authorization Middleware...
zeek -- Remote crash vulnerability
Jon Siwek of Corelight reports: Fix ASCII Input reader's treatment of input files containing null-bytes. An input file containing null-bytes could lead to a buffer-over-read, crash Zeek, and be exploited to cause Denial of Service...
Carrierwave -- Multiple vulnerabilities
Community reports: Fix Code Injection vulnerability in CarrierWave::RMagick Fix SSRF vulnerability in the remote file download feature...
asterisk -- Remote Crash Vulnerability in PJSIP channel driver
The Asterisk project reports: Given a scenario where an outgoing call is placed from Asterisk to a remote SIP server it is possible for a crash to occur...
jasper -- multiple vulnerabilities
JasPer Releases: - Fix memory-related bugs in the JPEG-2000 codec resulting from attempting to decode invalid code streams. 264, 265 This fix is associated with CVE-2021-26926 and CVE-2021-26927. - Fix wrong return value under some compilers 260 - Fix CVE-2021-3272 heap buffer overflow in jp2deco...
asterisk -- Remote crash possible when negotiating T.38
The Asterisk project reports: When re-negotiating for T.38 if the initial remote response was delayed just enough Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream then Asterisk would crash...
chromium -- heap buffer overflow in V8
Chrome Releases reports: 1170176 High CVE-2021-21148: Heap buffer overflow in V8. Reported by Mattias Buelens on 2021-01-24. Google is aware of reports that an exploit for CVE-2021-21148 exists in the wild...
www/chromium -- multiple vulnerabilities
Chrome Releases reports: This update include 6 security fixes: 1169317 Critical CVE-2021-21142: Use after free in Payments. Reported by Khalil Zhani on 2021-01-21 1163504 High CVE-2021-21143: Heap buffer overflow in Extensions. Reported by Allen Parker and Alex Morgan of MU on 2021-01-06 1163845...
oauth2-proxy -- domain whitelist could be used as redirect
The oauth2-proxy Team reports: In OAuth2 Proxy before version 7.0.0, for users that use the whitelist domain feature, a domain that ended in a similar way to the intended domain could have been allowed as a redirect...
Gitlab -- Multiple vulnerabilities
Gitlab reports: Stored XSS in merge request Stored XSS in epic's pages Sensitive GraphQL variables exposed in structured log Guest user can see tag names in private projects Information disclosure via error message DNS rebinding protection bypass Validate existence of private project...
h2o -- uninitialised memory access in HTTP3
Emil Lerner reports: When receiving QUIC frames in certain order, HTTP/3 server-side implementation of h2o can be misguided to treat uninitialized memory as HTTP/3 frames that have been received. When h2o is used as a reverse proxy, an attacker can abuse this vulnerability to send internal state ...
mod_dav_svn -- server crash
Subversion project reports: Subversion's modauthzsvn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL...
FreeBSD -- Uninitialized kernel stack leaks in several file systems
Problem Description: Several file systems were not properly initializing the doff field of the dirent structures returned by VOPREADDIR. In particular, tmpfs5, smbfs5, autofs5 and mqueuefs5 were failing to do so. As a result, eight uninitialized kernel stack bytes may be leaked to userspace by...
minio -- Server Side Request Forgery
Minio developers report: Thanks to @phith0n from our community upon a code review, discovered an SSRF Server Side Request Forgery in our Browser API implementation. We have not observed this report/attack in the wild or reported elsewhere in the community at large. All users are advised to upgrad...
FreeBSD -- Xen guests can triger backend Out Of Memory
Problem Description: Some OSes including Linux, FreeBSD, and NetBSD are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbound, a guest may be able to trigger a OOM in the backend...
jenkins -- Arbitrary file read vulnerability in workspace browsers
Jenkins Security Advisory: Description Medium SECURITY-2197 / CVE-2021-21615 Arbitrary file read vulnerability in workspace browsers...
sudo -- Multiple vulnerabilities
Todd C. Miller reports: When invoked as sudoedit, the same set of command line options are now accepted as for sudo -e. The -H and -P options are now rejected for sudoedit and sudo -e which matches the sudo 1.7 behavior. This is part of the fix for CVE-2021-3156. Fixed a potential buffer overflow...
All versions of Apache OpenOffice through 4.1.9 can open non-http(s) hyperlinks. If the link is specifically crafted this could lead to untrusted code execution.
The Apache Openofffice project reports: The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non-https hyperlinks. The problem has existed since about 2006 and the issue is also in 4.1.9. If the link is specifically crafted this could lead to untrusted code...
pngcheck -- Buffer-overrun vulnerability
The libpng project reports: pngcheck versions 3.0.0 and earlier have a pair of buffer-overrun bugs related to the sPLT and PPLT chunks the latter is a MNG-only chunk, but it gets noticed even in PNG files if the -s option is used. Both bugs are fixed in version 3.0.1, released on 24 January 2021...
MySQL -- Multiple vulnerabilities
Oracle reports: This Critical Patch Update contains 34 new security patches for Oracle MySQL Server and 4 for MySQL Client. The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle MySQL is 6.8...
nokogiri -- Security vulnerability
Nokogiri reports: In Nokogiri versions = 1.11.0.rc3, XML Schemas parsed by Nokogiri::XML::Schema were trusted by default, allowing external resources to be accessed over the network, potentially enabling XXE or SSRF attacks...
python -- Information disclosure via pydoc -p: /getfile?key=path allows to read arbitrary file on the filesystem
David Schwörer reports: Remove the getfile feature of the pydoc module which could be abused to read arbitrary files on the disk directory traversal vulnerability. Moreover, even source code of Python modules can contain sensitive data like passwords...
pysaml2 -- multiple vulnerabilities
pysaml2 Releases: Fix processing of invalid SAML XML documents - CVE-2021-21238 Fix unspecified xmlsec1 key-type preference - CVE-2021-21239...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 36 security fixes, including: 1137179 Critical CVE-2021-21117: Insufficient policy enforcement in Cryptohome. Reported by Rory McNamara on 2020-10-10 1161357 High CVE-2021-21118: Insufficient data validation in V8. Reported by Tyler Nighswander...
mutt -- denial of service
Tavis Ormandy reports: rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service mailbox unavailability by sending email messages with sequences of semicolon characters in RFC822 address fields aka terminators of empty groups. A small email message from the attacker can...
Gitlab -- vulnerability
The GitLab Team reports: Ability to steal a user's API access token through GitLab Pages...
cloud-init -- Wrong access permissions of authorized keys
cloud-init reports: cloud-init release 20.4.1 is now available. This is a hotfix release, that contains a single patch to address a security issue in cloud-init 20.4. Briefly, for users who provide more than one unique SSH key to cloud-init and have a shared AuthorizedKeysFile configured in...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory: Description Medium SECURITY-1452 / CVE-2021-21602 Arbitrary file read vulnerability in workspace browsers High SECURITY-1889 / CVE-2021-21603 XSS vulnerability in notification bar High SECURITY-1923 / CVE-2021-21604 Improper handling of REST API XML deserialization erro...
go -- cmd/go: packages using cgo can cause arbitrary code execution at build time; crypto/elliptic: incorrect operations on the P-224 curve
The Go project reports: The go command may execute arbitrary code at build time when cgo is in use on Windows. This may occur when running "go get", or any other command that builds code. Only users who build untrusted code and don't execute it are affected. In addition to Windows users, this can...
sudo -- Potential information leak in sudoedit
Todd C. Miller reports: A potential information leak in sudoedit that could be used to test for the existence of directories not normally accessible to the user in certain circumstances. When creating a new file, sudoedit checks to make sure the parent directory of the new file exists before...
gitea -- multiple vulnerabilities
The Gitea Team reports for release 1.13.2: Prevent panic on fuzzer provided string Add secure/httpOnly attributes to the lang cookie...
Gitlab -- multiple vulnerabilities
Gitlab reports: Ability to steal a user's API access token through GitLab Pages Prometheus denial of service via HTTP request with custom method Unauthorized user is able to access private repository information under specific conditions Regular expression denial of service in NuGet API Regular...
gitea -- multiple vulnerabilities
The Gitea Team reports for release 1.13.3: Turn default hash password algorithm back to pbkdf2 from argon2 until we find a better one The Gitea Team reports for release 1.13.4: Fix issue popups...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release includes 16 security fixes, including: 1148749 High CVE-2021-21106: Use after free in autofill. Reported by Weipeng Jiang @Krace from Codesafe Team of Legendsec at Qi'anxin Group on 2020-11-13 1153595 High CVE-2021-21107: Use after free in drag and drop...
asterisk -- Remote crash in res_pjsip_diversion
The Asterisk project reports: If a registered user is tricked into dialing a malicious number that sends lots of 181 responses to Asterisk, each one will cause a 181 to be sent back to the original caller with an increasing number of entries in the "Supported" header. Eventually the number of...
Node.js -- January 2021 Security Releases
Node.js reports: use-after-free in TLSWrap High CVE-2020-8265 Affected Node.js versions are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first...
Security Vulnerability found in ExifTool
Debian Security Advisory reports: A vulnerability was discovered in libimage-exiftool-perl, a library and program to read and write meta information in multimedia files, which may result in execution of arbitrary code if a malformed DjVu file is processed...
CairoSVG -- Regular Expression Denial of Service vulnerability
CairoSVG security advisories: When processing SVG files, the python package CairoSVG uses two regular expressions which are vulnerable to Regular Expression Denial of Service REDoS. If an attacker provides a malicious SVG, it can make cairosvg get stuck processing the file for a very long time...
wavpack -- integer overflow in pack_utils.c
The wavpack project reports: src/packutils.c - issue 91: fix integer overflows resulting in buffer overruns CVE-2020-35738 - sanitize configuration parameters better improves clarity and aids debugging...
nexus2-oss -- Apache ActiveMQ JMX vulnerability
Sonatype reports: CVE-2020-13920: Apache ActiveMQ JMX is vulnerable to a MITM attack...
cacti -- SQL Injection was possible due to incorrect validation order
Cati team reports: Due to a lack of validation, datadebug.php can be the source of a SQL injection...
phpmyfaq -- XSS vulnerability
phpmyfaq developers report: phpMyFAQ does not implement sufficient checks to avoid XSS injection for displaying tags...
ImageMagick6 -- multiple vulnerabilities
CVE reports: Several vulnerabilities have been discovered in ImageMagick: CVE-2021-20309: A flaw was found in ImageMagick in versions before 6.9.12, where a division by zero in WaveImage of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an...
vault -- User Enumeration via LDAP auth
Vault developers report: Vault allowed enumeration of users via the LDAP auth method. This vulnerability, was fixed in Vault 1.6.1 and 1.5.6. An external party reported that they were able to enumerate LDAP users via error messages returned by Vault’s LDAP auth method...
gitea -- multiple vulnerabilities
The Gitea Team reports for release 1.13.1: Hide private participation in Orgs Fix escaping issue in diff...
p11-kit -- Multiple vulnerabilities
The p11-glue project reports: CVE-2020-29363: Out-of-bounds write in p11rpcbuffergetbytearrayvalue functionA heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the remote entity supplies a serialized byte array in...
postsrsd -- Denial of service vulnerability
postsrsd developer reports: PostSRSd could be tricked into consuming a lot of CPU time with an SRS address that has an excessively long time stamp tag...