curl -- expired pointer dereference vulnerability

curl security problems: CVE-2020-8231: wrong connect-only connection An application that performs multiple requests with libcurl's multi API and sets the CURLOPTCONNECTONLY option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pi...

Python -- multiple vulnerabilities

Python reports: bpo-39603: Prevent http header injection by rejecting control characters in http.client.putrequest…. bpo-29778: Ensure python3.dll is loaded from correct locations when Python is embedded CVE-2020-15523. bpo-41004: CVE-2020-14422: The hash methods of ipaddress.IPv4Interface and...

chromium -- heap buffer overflow

Chrome Releases reports: This release contains one security fix: 1115345 High CVE-2020-6556: Heap buffer overflow in SwiftShader. Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2020-08-12...

mail/dovecot -- multiple vulnerabilities

Aki Tuomi reports: When imap hibernation is active, an attacker can cause Dovecot to discover file system directory structure and access other users' emails using specially crafted command. The attacker must have valid credentials to access the mail server. Mail delivery / parsing crashed when th...

jenkins -- Buffer corruption in bundled Jetty

Jenkins Security Advisory: Description Critical SECURITY-1983 / CVE-2019-17638 Buffer corruption in bundled Jetty...

sysutils/openzfs-kmod -- critical permissions issues

Andrew Walker reports: Issue 1: Users are always granted permissions to cd into a directory. The check for whether execute is present on directories is a de-facto no-op. This cannot be mitigated without upgrading. Even setting an explicit "deny - execute" NFSv4 ACE will be bypassed. Issue 2: All...

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description High SECURITY-1955 / CVE-2020-2229 Stored XSS vulnerability in help icons High SECURITY-1957 / CVE-2020-2230 Stored XSS vulnerability in project naming strategy High SECURITY-1960 / CVE-2020-2231 Stored XSS vulnerability in 'Trigger builds remotely'...

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 15 security fixes, including: 1107433 High CVE-2020-6542: Use after free in ANGLE. Reported by Piotr Bania of Cisco Talos on 2020-07-20 1104046 High CVE-2020-6543: Use after free in task scheduling. Reported by Looben Yang on 2020-07-10 1108497 High...

Apache httpd -- Multiple vulnerabilities

The Apache httpd projec reports: modhttp2: Important: Push Diary Crash on Specifically Crafted HTTP/2 Header CVE-2020-9490 A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards...

go -- encoding/binary: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs

The Go project reports: Certain invalid inputs to ReadUvarint or ReadVarint could cause those functions to read an unlimited number of bytes from the ByteReader argument before returning an error. This could lead to processing more input than expected when the caller is reading directly from the...

chrony <= 3.5.1 data corruption through symlink vulnerability writing the pidfile

Miroslav Lichvar reports: chrony-3.5.1 ... fixes a security issue in writing of the pidfile. When chronyd is configured to save the pidfile in a directory where the chrony user has write permissions e.g. /var/run/chrony - the default since chrony-3.4, an attacker that compromised the chrony user...

FreeBSD -- sendmsg(2) privilege escalation

Problem Description: When handling a 32-bit sendmsg2 call, the compat32 subsystem copies the control message to be transmitted if any into kernel memory, and adjusts alignment of control message headers. The code which performs this work contained a time-of-check to time-of-use TOCTOU vulnerabili...

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Arbitrary File Read when Moving an Issue Memory Exhaustion via Excessive Logging of Invite Email Error Denial of Service Through Project Import Feature User Controlled Git Configuration Settings Resulting in SSRF Stored XSS in Issue Reference Number Tooltip Stored XSS in Issues Li...

FreeBSD -- Potential memory corruption in USB network device drivers

Problem Description: A missing length validation code common to these three drivers means that a malicious USB device could write beyond the end of an allocated network packet buffer. Impact: An attacker with physical access to a USB port and the ability to bring a network interface up may be abl...

xorg-server -- Pixel Data Uninitialized Memory Information Disclosure

The X.org project reports: Allocation for pixmap data in AllocatePixmap does not initialize the memory in xserver, it leads to leak uninitialize heap memory to clients. When the X server runs with elevated privileges. This flaw can lead to ASLR bypass, which when combined with other flaws...

libX11 -- Heap corruption in the X input method client in libX11

The X.org project reports: The X Input Method XIM client implementation in libX11 has some integer overflows and signed/unsigned comparison issues that can lead to heap corruption when handling malformed messages from an input method...

ark -- directory traversal

KDE Project Security Advisory reports: KDE Project Security Advisory Title: Ark: maliciously crafted archive can install files outside the extraction directory. Risk Rating: Important CVE: CVE-2020-16116 Versions: ark Date: 30 July 2020 Overview A maliciously crafted archive with "../" in the fil...

zeek -- Various vulnerabilities

Jon Siwek of Corelight reports: This release fixes the following security issues: Fix potential DNS analyzer stack overflow Fix potential NetbiosSSN analyzer stack overflow...

Ghostscript -- SAFER Sandbox Breakout

NVD reports: A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32t...

typo3 -- multiple vulnerabilities

Typo3 Team reports: In case an attacker manages to generate a valid cryptographic message authentication code HMAC-SHA1 - either by using a different existing vulnerability or in case the internal encryptionKey was exposed - it is possible to retrieve arbitrary files of a TYPO3 installation. This...

jasper -- multiple vulnerabilities

JasPer NEWS: - Fix CVE-2018-9154 - Fix CVE-2018-19541 - Fix CVE-2016-9399, CVE-2017-13751 - Fix CVE-2018-19540 - Fix CVE-2018-9055 - Fix CVE-2017-13748 - Fix CVE-2017-5503, CVE-2017-5504, CVE-2017-5505 - Fix CVE-2018-9252 - Fix CVE-2018-19139 - Fix CVE-2018-19543, CVE-2017-9782 - Fix CVE-2018-205...

chromium -- multiple vulnerabilities

Chrome Releases reports: This update contains 8 security fixes, including: 1105318 High CVE-2020-6537: Type Confusion in V8. Reported by Alphalaab on 2020-07-14 1096677 High CVE-2020-6538: Inappropriate implementation in WebView. Reported by Yongke Wang@Rudykewang and Aryb1n@aryb1n of Tencent...

puppetdb -- Multiple vulnerabilities

Puppetlabs reports: In June 2020, jackson-databind published security updates addressing several CVEs. Previous releases of PuppetDB contain a vulnerable version of jackson.core:jackson-databind. PuppetDB 5.2.18 contains an updated version of jackson-databind that has patched the vulnerabilities...

snmptt -- malicious shell code

Snmptt reports: Fixed a security issue with EXEC / PREXEC / unknowntrapexec that could allow malicious shell code to be executed. Fixed a bug with EXEC / PREXEC / unknowntrapexec that caused commands to be run as root instead of the user defined in daemonuid...

PyYAML -- arbitrary code execution

A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the fullload method or with the FullLoader loader. Applications that use the library to process untrusted input may be...

Wagtail -- XSS vulnerability

GitHub Advisory Database: When a form page type is made available to Wagtail editors through the wagtail.contrib.forms app, and the page template is built using Django's standard form rendering helpers such as form.asp as directed in the documentation, any HTML tags used within a form field's hel...

clamav -- multiple vulnerabilities

Micah Snyder reports: CVE-2020-3350 Fixed a vulnerability a malicious user could exploit to replace a scan target's directory with a symlink to another path to trick clamscan, clamdscan, or clamonacc into removing or moving a different file such as a critical system file. The issue would affect...

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description High SECURITY-1868 / CVE-2020-2220 Stored XSS vulnerability in job build time trend High SECURITY-1901 / CVE-2020-2221 Stored XSS vulnerability in upstream cause High SECURITY-1902 / CVE-2020-2222 Stored XSS vulnerability in 'keep forever' badge icons High...

Cacti -- multiple vulnerabilities

Cacti developers reports: Multiple fixes for bundled jQuery to prevent code exec CVE-2020-11022, CVE-2020-11023. PHPMail contains a escaping bug CVE-2020-13625. SQL Injection via color.php in Cacti CVE-2020-14295...

VirtualBox -- Multiple vulnerabilities

Oracle reports: Vulnerabilities in VirtualBox core can allow users with logon access to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of these vulnerabilities can result in unauthorized access to critical data, access to all Oracle V...

chromium -- multiple vulnerabilities

Chrome Releases reports: This update contains 38 security fixes, including: 1103195 Critical CVE-2020-6510: Heap buffer overflow in background fetch. Reported by Leecraso and Guang Gong of 360 Alpha Lab working with 360 BugCloud on 2020-07-08 1074317 High CVE-2020-6511: Side-channel information...

ilmbase, openexr -- v2.5.3 is a patch release with various bug/security fixes

Cary Phillips reports: v2.5.3 - Patch release with various bug/security fixes ...: Various sanitizer/fuzz-identified issues related to handling of invalid input...

webkit2-gtk3 -- multible vulnerabilities

The WebKitGTK project reports vulnerabilities: CVE-2020-9802: Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2020-9803: Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2020-9805: Processing maliciously crafted web content...

FreeBSD -- posix_spawnp(3) buffer overflow

Problem Description: posixspawnp spawns a new thread with a limited stack allocated on the heap before delegating to execvp for the final execution within that thread. execvp would previously make unbounded allocations on the stack, directly proportional to the length of the user-controlled PATH...

FreeBSD -- IPv6 socket option race condition and use after free

Problem Description: The IPV62292PKTOPTIONS set handler was missing synchronization, so racing accesses could modify freed memory. Impact: A malicious user application could trigger memory corruption, leading to privilege escalation...

MySQL -- Multiple vulnerabilities

Oracle reports: This Critical Patch Update contains 40 new security patches for Oracle MySQL. 6 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabilitie...

php72 -- use of freed hash key

grigoritchy at gmail dot com reports: The pharparsezipfile function had use-after-free vulnerability because of mishandling of the actualalias variable...

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Workhorse bypass allows files in /tmp to be read via Maven Repository APIs...

Apache Tomcat -- Multiple Vulnerabilities

The Apache Software Foundation reports: An h2c direct connection did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service. The payload length in a WebSocket frame was n...

The Bouncy Castle Crypto APIs -- EC math vulnerability

The Bouncy Castle team reports:: Bouncy Castle BC Java before 1.66 has a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures...

py-matrix-synapse -- multiple vulnerabilities

Matrix developers report: Due to the two security issues highlighted below, server administrators are encouraged to update Synapse. We are not aware of these vulnerabilities being exploited in the wild. A malicious homeserver could force Synapse to reset the state in a room to a small subset of t...

samba -- Multiple Vulnerabilities

The Samba Team reports: Four vulnerabilities were fixed in samba: CVE-2020-10730: NULL pointer de-reference and use-after-free in Samba AD DC LDAP Server with ASQ, VLV and pagedresults CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume excessive CPU in the AD DC only...

Mbed TLS -- Side-channel attack on ECC key import and validation

Manuel Pégourié-Gonnard reports: The scalar multiplication function in Mbed TLS accepts a random number generator RNG as an optional argument and, if provided, uses it to protect against some attacks. It is the caller's responsibility to provide a RNG if protection against side-channel attacks is...

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Missing Permission Check on Time Tracking Cross-Site Scripting in PyPi Files API Insecure Authorization Check on Private Project Security Dashboard Cross-Site Scripting in References Cross-Site Scripting in Group Names Cross-Site Scripting in Blob Viewer Cross-Site Scripting in...

powerdns-recursor -- access restriction bypass

PowerDNS Team reports: CVE-2020-14196: An issue has been found in PowerDNS Recursor where the ACL applied to the internal web server via webserver-allow-from is not properly enforced, allowing a remote attacker to send HTTP queries to the internal web server, bypassing the restriction. In the...

coturn -- information leakage

Felix Dörre reports: The issue is that STUN/TURN response buffer is not initialized properly. CWE 665 This is a leak of information between different client connections. One client an attacker could use their connection to intelligently query coturn to get interesting bytes in the padding bytes...

Python -- multiple vulnerabilities

Python reports: bpo-41162:Audit hooks are now cleared later during finalization to avoid missing events. bpo-29778:Ensure python3.dll is loaded from correct locations when Python is embedded...

kramdown -- template option vulnerability

kramdown news: CVE-2020-14001 is addressed to avoid problems when using the ::options / extension together with the 'template' option...

PuTTY -- Release 0.74 fixes two security vulnerabilities

Simon Tatham reports: Release 0.74 fixes the following security issues: New configuration option to disable PuTTY's default policy of changing its host key algorithm preferences to prefer keys it already knows. There is a theoretical information leak in this policy. CVE-2020-14002 In some...

py-beaker -- arbitrary code execution vulnerability

matheusbrat reports: The Beaker library through 1.12.1 for Python is affected by deserialization of untrusted data, which could lead to arbitrary code execution...