nexus2-oss -- NXRM2 Directory Traversal vulnerability

Sonatype reports: CVE-2020-15012: NXRM2 Directory Traversal vulnerability...

chromium -- multiple vulnerabilities

Chrome Releases reports: This update includes 2 security fixes, including: 1092308 High CVE-2020-6509: Use after free in extensions. Reported by Anonymous on 2020-06-08...

chocolate-doom -- Arbitrary code execution

Michal Dardas from LogicalTrust reports: The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled numplayers value, leading to a buffer overflow. A malicious user can overwrite the server's stack...

net/rsync -- multiple zlib issues

rsync developers reports: Various zlib fixes, including security fixes for CVE-2016-9843, CVE-2016-9842, CVE-2016-9841, and CVE-2016-9840...

Several issues in Lynis

lynis update: This release resolves two security issues CVE-2020-13882 - Discovered by Sander Bos, code submission by Katarina Durechova CVE-2019-13033 - Discovered by Sander Bos...

Rails -- permission vulnerability

Ruby on Rails blog: Rails 6.0.3.2 has been released! This version of Rails contains an important security patch, and you should upgrade! The release contains only one patch that addresses CVE-2020-8185...

Python -- multiple vulnerabilities

Python reports: bpo-29778: Ensure python3.dll is loaded from correct locations when Python is embedded CVE-2020-15523. bpo-41004: CVE-2020-14422: The hash methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This...

drupal -- Multiple Vulnerabilities

Drupal Security Team reports: The Drupal core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities...

BIND -- Remote Denial of Service vulnerability

ISC reports: The asterisk character "" is allowed in DNS zone files, where it is most commonly present as a wildcard at a terminal node of the Domain Name System graph. However, the RFCs do not require and BIND does not enforce that an asterisk character be present only at a terminal node. A...

BIND -- Remote Denial of Service vulnerability

ISC reports: An assertion check in BIND that is meant to prevent going beyond the end of a buffer when processing incoming data can be incorrectly triggered by a large response during zone transfer...

Machine-in-the-middle response injection attack when using STARTTLS with IMAP, POP3, and SMTP

mutt 1.14.4 updates: CVE-2020-14954 - Machine-in-the-middle response injection attack when using STARTTLS with IMAP, POP3, and SMTP...

IMAP fcc/postpone machine-in-the-middle attack

mutt 1.14.3 updates: CVE-2020-14093 - IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response...

py39-cinder -- insecure-credentials flaw

OpenStack project reports: An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder 16.x.x versions before openstack-cinder 16.1.0. When using openstack-cind...

Anydesk -- Multiple Vulnerabilities

Anydesk reports: AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution...

Intel CPU issues

Intel reports: Intel CPUs suffer Special Register Buffer Data Sampling vulnerability...

Flash Player -- arbitrary code execution

Adobe reports: This update resolves a use-after-free vulnerability that could lead to arbitrary code execution CVE-2020-9633...

LibreOffice Security Advisory

LibreOffice reports: Two flaws were found in LibreOffice: CVE-2020-12802: remote graphics contained in docx format retrieved in 'stealth mode' CVE-2020-12803: XForms submissions could overwrite local files...

libadplug -- Various vulnerabilities

Malvineous on Github reports: This release fixes the following security issues: buffer overflow in .bmf buffer overflow in .dtm buffer overflow in .mkj buffer overflow in .a2m buffer overflow in .rad buffer overflow in .mtk double free and OOB reads in .u6m...

upnp -- denial of service (crash)

CVE mitre reports: Portable UPnP SDK aka libupnp 1.12.1 and earlier allows remote attackers to cause a denial of service crash via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/servicetable/servicetable.c...

Nextcloud -- Password share by mail not hashed

The Nextcloud project reports: NC-SA-2020-026 low: Password of share by mail is not hashed when given on the create share call A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call...

Gitlab -- Multiple Vulnerabilities

Gitlab reports: CI Token Access Control...

mozjpeg -- heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file

NIST reports: Heap-based buffer over-read in getrgbrow in rdppm.c via a malformed PPM input file...

GnuTLS -- flaw in TLS session ticket key construction

The GnuTLS project reports: It was found that GnuTLS 3.6.4 introduced a regression in the TLS protocol implementation. This caused the TLS server to not securely construct a session ticket encryption key considering the application supplied secret, allowing a MitM attacker to bypass authenticatio...

chromium -- multiple vulnerabilities

Chrome Releases reports: This update includes 5 security fixes. Below, we highlight fixes that were contributed by external researchers. 1082105 High CVE-2020-6493: Use after free in WebAuthentication. Reported by Anonymous on 2020-05-13 1083972 High CVE-2020-6494: Incorrect security UI in...

FreeBSD -- USB HID descriptor parsing error

Problem Description: If the push/pop level of the USB HID state is not restored within the processing of the same HID item, an invalid memory location may be used for subsequent HID item processing. Impact: An attacker with physical access to a USB port may be able to use a specially crafted USB...

libjpeg-turbo -- Issue in the PPM reader causing a buffer overrun in cjpeg, TJBench, or the tjLoadImage() function.

libjpeg-turbo releases reports: This release fixes the following security issue: Heap-based buffer over-read in getrgbrow in rdppm.c via a malformed PPM input file...

nghttp2 -- DoS vulnerability

nghttp2 security advisories: The overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes 2400 individual settings entries over and over again. The attack causes the CPU...

websocket-extensions -- ReDoS vulnerability

Changelog: Remove a ReDoS vulnerability in the header parser CVE-2020-7663...

xrdp -- Local users can perform a buffer overflow attack against the xrdp-sesman service and then inpersonate it

Ashley Newson reports: The xrdp-sesman service can be crashed by connecting over port 3350 and supplying a malicious payload. Once the xrdp-sesman process is dead, an unprivileged attacker on the server could then proceed to start their own imposter sesman service listening on port 3350...

znc -- Authenticated users can trigger an application crash

Mitre reports: ZNC 1.8.0 up to 1.8.1-rc1 allows attackers to trigger an application crash with a NULL pointer dereference if echo-message is not enabled and there is no network...

Node.js -- June 2020 Security Releases

Node.js reports: Updates are now available for all supported Node.js release lines for the following issues. TLS session reuse can lead to host certificate verification bypass High CVE-2020-8172 The 'session' event could be emitted before the 'secureConnect' event. It should not be, because the...

Django -- multiple vulnerabilities

Django security release reports: CVE-2020-13254: Potential data leakage via malformed memcached keys In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage. In order to avoid this vulnerability,...

Gitlab -- Multiple Vulnerabilities

Gitlab reports: User Email Verification Bypass OAuth Flow Missing Email Verification Checks Notification Email Verification Bypass Undisclosed Vulnerability on a Third-Party Rendering Engine Group Sign-Up Restriction Bypass Mirror Project Owner Impersonation Missing Permission Check on Fork...

vlc heap-based buffer overflow

Thomas Guillem reports: A heap-based buffer overflow in the hxxxAnnexBtoxVC function in modules/packetizer/hxxxnal.c in VideoLAN VLC media player before 3.0.11 allows remote attackers to cause a denial of service application crash or execute arbitrary code via a crafted H.264 Annex-B video .avi f...

ceph14 -- HTTP header injection via CORS ExposeHeader tag

Red Hat bugzilla reports: A flaw was found in the Red Hat Ceph Storage RadosGW Ceph Object Gateway. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection ...

several security issues in sqlite3

sqlite3 update: Various security issues could be used by an attacker to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2020-11655: SQLite through 3.31.1 allows attackers to cause a denial of service segmentation fault via a malformed window-functi...

sympa - Security flaws in setuid wrappers

A vulnerability has been discovered in Sympa web interface by which attacker can execute arbitrary code with root privileges. Sympa uses two sorts of setuid wrappers: FastCGI wrappers newaliases wrapper The FastCGI wrappers wwsympa-wrapper.fcgi and sympasoapserver-wrapper.fcgi were used to make t...

security/trousers -- several vulnerabilities

the TrouSerS project reports reports: If the tcsd daemon is started with root privileges, it fails to drop the root gid after it is no longer needed. If the tcsd daemon is started with root privileges, the tss user has read and write access to the /etc/tcsd.conf file. If the tcsd daemon is starte...

drupal -- Multiple Vulnerabilities

Drupal Security Team reports: The jQuery project released version 3.5.0, and as part of that, disclosed two security vulnerabilities that affect all prior versions. As mentioned in the jQuery blog, both are: ... Security issues in jQuerys DOM manipulation methods, as in .html, .append, and the...

unbound -- mutliple vulnerabilities

NLNetLabs reports: This release fixes CVE-2020-12662 and CVE-2020-12663. Bug Fixes: CVE-2020-12662 Unbound can be tricked into amplifying an incoming query into a large number of queries directed to a target. CVE-2020-12663 Malformed answers from upstream name servers can be used to make Unbound...

powerdns-recursor -- multiple vulnerabilities

PowerDNS Team reports: CVE-2020-10995: An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafted reply by an authoritative name server to amplify the resulting traffic between...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: This release includes 38 security fixes, including CVEs CVE-2020-6465 through CVE-2020-6491...

Rails -- multiple vulnerabilities

Ruby on Rails blog: Hi everyone! Rails 5.2.4.3 and 6.0.3.1 have been released! These releases contain important security fixes, so please upgrade when you can. Both releases contain the following fixes: CVE-2020-8162: Circumvention of file size limits in ActiveStorage CVE-2020-8164: Possible Stro...

libexif -- multiple vulnerabilities

Release notes: Lots of fixes exposed by fuzzers like AFL, ClusterFuzz, OSSFuzz and others: CVE-2016-6328: fixed integer overflow when parsing maker notes CVE-2017-7544: fixed buffer overread CVE-2018-20030: Fix for recursion DoS CVE-2019-9278: replaced integer overflow checks the compiler could...

OpenEXR/ilmbase 2.5.2 -- patch release with various bug/security fixes

Cary Phillips reports: openexr 2.5.2 is a patch release with various bug/security and build/install fixes: Invalid input could cause a heap-use-after-free error in DeepScanLineInputFile::DeepScanLineInputFile Invalid chunkCount attributes could cause heap buffer overflow in getChunkOffsetTableSiz...

Sane -- Multiple Vulnerabilities

The Sane Project reports: epson2: fixes CVE-2020-12867 GHSL-2020-075 and several memory management issues found while addressing that CVE epsonds: addresses out-of-bound memory access issues to fix CVE-2020-12862 GHSL-2020-082 and CVE-2020-12863 GHSL-2020-083, addresses a buffer overflow fixing...

Rails -- remote code execution vulnerability

Ruby on Rails blog: Due to an unfortunate oversight, Rails 4.2.11.2 has a missing constant error. To address this Rails 4.2.11.3 has been released. The original announcement for CVE-2020-8163 has a follow-up message with an updated patch if you’re unable to use the gems...

Ansible -- Insecure Temporary File

NVD reports: An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running becomeuser from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems...

Apache Ant leaks sensitive information via the java.io.tmpdir

Apache reports: Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back...

FreeBSD -- Insufficient packet length validation in libalias

Problem Description: libalias3 packet handlers do not properly validate the packet length before accessing the protocol headers. As a result, if a libalias3 module does not properly validate the packet length before accessing the protocol header, it is possible for an out of bound read or write...