6583 matches found
cacti -- multiple vulnerabilities
The Cacti developers reports: When guest users have access to realtime graphs, remote code could be executed CVE-2020-8813. Lack of escaping on some pages can lead to XSS exposure CVE-2020-7106. Remote Code Execution due to input validation failure in Performance Boost Debug Log CVE-2020-7237...
Django -- potential SQL injection vulnerability
MITRE CVE reports: Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter. By passing a suitabl...
InspIRCd websocket module double free vulnerability
The InspIRCd development team reports: The websocket module before v3.8.1 contains a double free vulnerability. When combined with a HTTP reverse proxy this vulnerability can be used by any user who is GKZ-lined to remotely crash an InspIRCd server...
tauthon -- Regular Expression Denial of Service
The :class:urllib.request.AbstractBasicAuthHandler class of the :mod:urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Path Traversal to Arbitrary File Read User Permissions Not Validated in ProjectExportWorker XSS Vulnerability in File API Package and File Disclosure through GitLab Workhorse XSS Vulnerability in Create Groups Issue and Merge Request Activity Counts Exposed Email Confirmation Bypa...
sudo -- Potential bypass of Runas user restrictions
Todd C. Miller reports: Sudo's pwfeedback option can be used to provide visual feedback when the user is inputting their password. For each key press, an asterisk is printed. This option was added in response to user confusion over how the standard Password: prompt disables the echoing of key...
spamassassin -- Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings
the Apache Spamassassin project reports: nefarious rule configuration .cf files can be configured to run system commands similar to CVE-2018-11805. This issue is less stealthy and attempts to exploit the issue will throw warnings...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory: Description High SECURITY-1682 / CVE-2020-2099 Inbound TCP Agent Protocol/3 authentication bypass Medium SECURITY-1641 / CVE-2020-2100 Jenkins vulnerable to UDP amplification reflection attack Medium SECURITY-1659 / CVE-2020-2101 Non-constant time comparison of inbound...
FreeBSD -- kernel stack data disclosure
Problem Description: Due to incorrect initialization of a stack data structure, up to 20 bytes of kernel data stored previously stored on the stack will be exposed to a crashing user process. Impact: Sensitive kernel data may be disclosed...
MariaDB -- Vulnerability in C API
MariaDB reports: Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client...
OpenSMTPd -- critical LPE / RCE vulnerability
OpenSMTPD developers report: An incorrect check allows an attacker to trick mbox delivery into executing arbitrary commands as root and lmtp delivery into executing arbitrary commands as an unprivileged user...
pkg -- vulnerability in libfetch
A programming error allows an attacker who can specify a URL with a username and/or password components to overflow libfetch3 buffers...
FreeBSD -- Missing IPsec anti-replay window check
Problem Description: A missing check means that an attacker can reinject an old packet and it will be accepted and processed by the IPsec endpoint. Impact: The impact depends on the higher-level protocols in use over IPsec. For example, an attacker who can capture and inject packets could cause a...
FreeBSD -- libfetch buffer overflow
Problem Description: A programming error allows an attacker who can specify a URL with a username and/or password components to overflow libfetch3 buffers. Impact: An attacker in control of the URL to be fetched possibly via HTTP redirect may cause a heap buffer overflow, resulting in program...
spamassassin -- Nefarious rule configuration files can run system commands
The Apache SpamAssassin project reports: A nefarious rule configuration .cf files can be configured to run system commands. This issue is less stealthy and attempts to exploit the issue will throw warnings. Thanks to Damian Lukowski at credativ for reporting the issue ethically. With this bug...
Client/server denial of service when handling AES-CTR ciphers
The libssh team reports originally reported by Yasheng Yang from Google: A malicious client or server could crash the counterpart implemented with libssh AES-CTR ciphers are used and don't get fully initialized. It will crash when it tries to cleanup the AES-CTR ciphers when closing the connectio...
webkit-gtk3 -- Multiple vulnerabilities
The WebKitGTK project reports multiple vulnerabilities...
libxml -- multiple vulnerabilities
CVE mitre reports: CVE-2019-20388 xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. CVE-2020-7595 xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. CVE-2020-24977 GNOME project libxml2...
FreeBSD -- Insufficient cryptodev MAC key length check
Problem Description: Requests to create cryptography sessions using a MAC did not validate the user-supplied MAC key length. The cryptodev module allocates a buffer whose size is this user-suppled length. Impact: An unprivileged process can trigger a kernel panic...
FreeBSD -- Use after free in cryptodev module
Problem Description: A race condition permitted a data structure in the kernel to be used after it was freed by the cryptodev module. Impact: An unprivileged process can overwrite arbitrary kernel memory...
x11/cde -- Local privilege escalation via CDE dtsession
Marco Ivaldi marco.ivaldi mediaservice net reports: A buffer overflow in the CheckMonitor function in the Common Desktop Environment 2.3.1 and earlier and 1.6 and earlier, as distributed with Oracle Solaris 10 1/13 Update 11 and earlier, allows local users to gain root privileges via a long palet...
salt -- salt-api vulnerability
SaltStack reports: With the Salt NetAPI enabled in addition to having a SSH roster defined, unauthenticated access is possible when specifying the client as SSH. Additionally, when the rawshell option is specified any arbitrary command may be run on the Salt master when specifying SSH options...
dovecot -- multiple vulnerabilities
Aki Tuomi reports: lib-smtp doesn't handle truncated command parameters properly, resulting in infinite loop taking 100% CPU for the process. This happens for LMTP where it doesn't matter so much and also for submission-login where unauthenticated users can trigger it. Aki also reports: Snippet...
MySQL -- Multiple vulerabilities
Oracle reports: This Critical Patch Update contains 17 new security fixes for Oracle MySQL. 5 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials...
samba -- multiple vulnerabilities
The Samba Team reports: CVE-2019-14902 The implementation of ACL inheritance in the Samba AD DC was not complete, and so absent a 'full-sync' replication, ACLs could get out of sync between domain controllers. CVE-2019-14907 When processing untrusted string input Samba can read past the end of th...
drm graphics drivers -- potential information disclusure via local access
Intel reports: .A potential security vulnerability in IntelR Processor Graphics may allow information disclosure. Intel is releasing software updates to mitigate this potential vulnerability. Description: Insufficient control flow in certain data structures for some IntelR Processors with IntelR...
Payara -- path trasversal flaw via either loc/con parameters in Eclipse Mojarra
Payara Releases reports: The following is a list of tracked Common Vulnerabilities and Exposures that have been reported and analyzed, which can or have impacted Payara Server across releases: CVE-2020-6950 Eclipse Mojarra vulnerable to path trasversal flaw via either loc/con parameters...
Gitlab -- Private objects exposed through project import
Gitlab reports: Private objects exposed through project importi...
MongoDB -- Ensure RoleGraph can serialize authentication restrictions to BSON
reports: Improper serialization of MongoDB Server's internal authorization state permits a user with valid credentials to bypass IP source address protection mechanisms following administrative action. Credit Discovered by Tony Yesudas...
phpMyAdmin -- SQL injection
The phpMyAdmin development team reports: A SQL injection flaw has been discovered in the user accounts page...
glpi -- Public GLPIKEY can be used to decrypt any data
MITRE Corporation reports: GLPI before before version 9.4.6 has a vulnerability involving a default encryption key. GLPIKEY is public and is used on every instance. This means anyone can decrypt sensitive data stored using this key. It is possible to change the key before installing GLPI. But on...
Gitlab -- Multiple Vulnerabilities
The GitLab Team reports: Group Maintainers Can Update/Delete Group Runners Using API GraphQL Queries Can Hang the Application Unauthorized Users Have Access to Milestones of Releases Private Group Name Revealed Through Protected Tags API Users Can Publish Reviews on Locked Merge Requests DoS in t...
samba -- Unauthenticated domain takeover via netlogon
The Samba Team reports: An unauthenticated attacker on the network can gain administrator access by exploiting a netlogon protocol flaw...
Solr -- multiple vulnerabilities
Community reports: 8.1.1 and 8.2.0 users check ENABLEREMOTEJMXOPTS setting Apache Solr RCE vulnerability due to bad config default Apache Solr RCE through VelocityResponseWriter...
mybb -- multible vulnerabilities
mybb Team reports: High risk: Installer RCE on settings file write Medium risk: Arbitrary upload paths and Local File Inclusion RCE Medium risk: XSS via insufficient HTML sanitization of Blog feed and Extend data Low risk: Open redirect on login Low risk: SCEditor reflected XSS...
cyrus-sasl -- Fix off by one error
Cyrus SASL 2.1.x Release Notes New in 2.1.28 reports: Fix off by one error...
Pillow -- Multiple vulnerabilities
Pillow developers report: This release addresses several security problems, as well as addressing CVE-2019-19911. CVE-2019-19911 is regarding FPX images. If an image reports that it has a large number of bands, a large amount of resources will be used when trying to process the image. This is fix...
NPM -- Multiple vulnerabilities
NPM reports: Global nodemodules Binary Overwrite Symlink reference outside of nodemodules Arbitrary File Write...
e2fsprogs -- rehash.c/pass 3a mutate_name() code execution vulnerability
Lilith of Cisco Talos reports: A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger...
py-matrix-synapse -- multiple vulnerabilities
Matrix developers report: The synapse 1.7.1 release includes several security fixes as well as a fix to a bug exposed by the security fixes. All previous releases of Synapse are affected. Administrators are encouraged to upgrade as soon as possible. Fix a bug which could cause room events to be...
drupal -- Drupal Core - Multiple Vulnerabilities
Drupal Security Team reports: A visit to install.php can cause cached data to become corrupted. This could cause a site to be impaired until caches are rebuilt. Drupal 8 core's filesaveupload function does not strip the leading and trailing dot '.' from filenames, like Drupal 7 did. Users with th...
typo3 -- multiple vulnerabilities
Typo3 core team reports: It has been discovered that the output of field validation errors in the Form Framework is vulnerable to cross-site scripting. It has been discovered that t3:// URL handling and typolink functionality are vulnerable to cross-site scripting. Not only regular backend forms...
Template::Toolkit -- Directory traversal on write
Art Manion and Will Dormann report: By using an older and less-secure form of open, it is possible for untrusted template files to cause reads/writes outside of the template directories. This vulnerability is a component of the recent Citrix exploit...
wordpress -- multiple issues
wordpress developers reports: Four security issues affect WordPress versions 5.3 and earlier; version 5.3.1 fixes them, so youll want to upgrade. If you havent yet updated to 5.3, there are also updated versions of 5.2 and earlier that fix the security issues. -Props to Daniel Bachhuber for findi...
spamassassin -- multiple vulnerabilities
the Apache Spamassassin project reports: An input validation error of user-supplied input parsing multipart emails. Specially crafted emails can consume all resources on the system. A local user is able to execute arbitrary shell commands through specially crafted nefarious CF files...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Path traversal with potential remote code execution Disclosure of private code via Elasticsearch integration Update Git dependency...
NGINX -- HTTP request smuggling
NGINX Team reports: NGINX before 1.17.7, with certain errorpage configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer...
dovecot -- null pointer deref in notify with empty headers
Aki Tuomi reports Mail with group address as sender will cause a signal 11 crash in push notification drivers. Group address as recipient can cause crash in some drivers...
samba -- multiple vulnerabilities
The Samba Team reports: CVE-2019-14861: An authenticated user can crash the DCE/RPC DNS management server by creating records with matching the zone name. CVE-2019-14870: The DelegationNotAllowed Kerberos feature restriction was not being applied when processing protocol transition requests...
grub2-bhyve -- multiple privilege escalations
Reno Robert reports: FreeBSD uses a two-process model for running a VM. For booting non-FreeBSD guests, a modified grub-emu is used grub-bhyve. Grub-bhyve executes command from guest grub.cfg file. This is a security problem because grub was never written to handle inputs from OS as untrusted. In...