msmtp -- certificate-verification issue

msmtp developers report: In msmtp 1.8.2, when tlstrustfile has its default configuration, certificate-verification results are not properly checked...

kf5-kauth -- Insecure handling of arguments in helpers

Albert Astals Cid reports: KAuth allows to pass parameters with arbitrary types to helpers running as root over DBus. Certain types can cause crashes and trigger decoding arbitrary images with dynamically loaded plugin...

webkit-gtk -- Multiple vulnerabilities

The Webkitgtk project reports: CVE-2019-6212 - Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-6215 - Processing maliciously crafted web content may lead to arbitrary code...

unit -- heap memory buffer overflow

unit security problems: CVE-2019-7401: a head memory buffer overflow might have been caused in the router process by a specially crafted request, potentially resulting in a segmentation fault or other unspecified behavior...

curl -- multiple vulnerabilities

curl security problems: CVE-2018-16890: NTLM type-2 out-of-bounds buffer read libcurl contains a heap buffer out-of-bounds read flaw. The function handling incoming NTLM type-2 messages lib/vauth/ntlm.c:ntlmdecodetype2target does not validate incoming data correctly and is subject to an integer...

libexif -- privilege escalation

Mitre reports: In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation...

py39-sqlalchemy12 -- multiple SQL Injection vulnerabilities

21k reports: SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the orderby parameter. nosecurity reports: SQLAlchemy 1.2.17 has SQL Injection when the groupby parameter can be controlled...

py39-sqlalchemy10 -- multiple SQL Injection vulnerabilities

21k reports: SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the orderby parameter. nosecurity reports: SQLAlchemy 1.2.17 has SQL Injection when the groupby parameter can be controlled...

py39-sqlalchemy11 -- multiple SQL Injection vulnerabilities

21k reports: SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the orderby parameter. nosecurity reports: SQLAlchemy 1.2.17 has SQL Injection when the groupby parameter can be controlled...

dovecot -- Buffer overflow reading extension header

Aki Tuomi reports: Vulnerability Details: When reading FTS or POP3-UIDL header from dovecot index, the input buffer size is not bound, and data is copied to target structure causing stack overflow. Risk: This can be used for local root privilege escalation or executing arbitrary code in dovecot...

Gitlab -- Multiple vulnerabilities

Gitlab reports: Leak of Confidential Issue and Merge Request Titles Persistent XSS in User Status...

FreeBSD -- File description reference count leak

Problem Description: FreeBSD 12.0 attempts to handle the case where the receiving process does not provide a sufficiently large buffer for an incoming control message containing rights. In particular, to avoid leaking the corresponding descriptors into the receiving process' descriptor table, the...

FreeBSD -- System call kernel data register leak

Problem Description: The callee-save registers are used by kernel and for some of them %r8, %r10, and for non-PTI configurations, %r9 the content is not sanitized before return from syscalls, potentially leaking sensitive information. Impact: Typically an address of some kernel data structure use...

rssh - multiple vulnerabilities

NVD reports: rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp...

slixmpp -- improper access control

NVD reports: slixmpp version before commit 7cd73b594e8122dddf847953fcfc85ab4d316416 contains an incorrect Access Control vulnerability in XEP-0223 plugin Persistent Storage of Private Data via PubSub options profile, used for the configuration of default access model that can result in all of the...

payara -- multiple vulnerabilities

Payara Releases reports: The following is a list of tracked Common Vulnerabilities and Exposures that have been reported and analyzed, which can or have impacted Payara Server across releases: CVE-2018-14721 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct...

gitea -- multiple vulnerabilities

Gitea Team reports: Disable redirect for i18n Only allow local login if password is non-empty Fix go-get URL generation...

Gitlab -- Multiple vulnerabilities

Gitlab reports: Remote Command Execution via GitLab Pages Covert Redirect to Steal GitHub/Bitbucket Tokens Remote Mirror Branches Leaked by Git Transfer Refs Denial of Service with Markdown Guests Can View List of Group Merge Requests Guest Can View Merge Request Titles via System Notes Persisten...

buildbot -- CRLF injection in Buildbot login and logout redirect code

A CRLF can be injected in Location header of /auth/login and /auth/logout This is due to lack of input validation in the buildbot redirection code. It was not found a way to impact Buildbot product own security through this vulnerability, but it could be used to compromise other sites hosted on t...

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2018-18500: Use-after-free parsing HTML5 stream CVE-2018-18503: Memory corruption with Audio Buffer CVE-2018-18504: Memory corruption and out-of-bounds read of texture client buffer CVE-2018-18505: Privilege escalation through IPC channel messages CVE-2018-18506:...

turnserver -- multiple vulnerabilities

Mihály Mészáros reports: We made 4.5.1.0 release public today that fixes many vulnerabilities. It fix the following vulnerabilities: CVE-2018-4056 CVE-2018-4058 CVE-2018-4059 They will be exposed very soon...

asterisk -- Remote crash vulnerability with SDP protocol violation

The Asterisk project reports: When Asterisk makes an outgoing call, a very specific SDP protocol violation by the remote party can cause Asterisk to crash...

www/mod_dav_svn -- Malicious SVN clients can crash mod_dav_svn.

Subversion project reports: Malicious SVN clients can trigger a crash in moddavsvn by omitting the root path from a recursive directory listing request...

vlc -- Buffer overflow vulnerability

zhangyang reports: The ReadFrame function in the avi.c file uses a variable iwidthbytes, which is obtained directly from the file. It is a signed integer. It does not do a strict check before the memory operationmemmove, memcpy, which may cause a buffer overflow...

gitea -- multiple vulnerabilities

Gitea Team reports: Do not display the raw OpenID error in the UI When redirecting clean the path to avoid redirecting to external site Prevent DeleteFilePost doing arbitrary deletion...

typo3 -- multiple vulnerabilities

Typo3 news: Please read the corresponding Security Advisories for details...

Apache -- vulnerability

The Apache httpd Project reports: SECURITY: CVE-2018-17199 modsession: modsessioncookie does not respect expiry time allowing sessions to be reused. SECURITY: CVE-2019-0190 modssl: Fix infinite loop triggered by a client-initiated renegotiation in TLSv1.2 or earlier with OpenSSL 1.1.1 and later. ...

powerdns-recursor -- multiple vulnerabilities

PowerDNS Team reports: CVE-2019-3806: An issue has been found in PowerDNS Recursor where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua. When the recursor is configured to run with...

phpMyAdmin -- File disclosure and SQL injection

The phpMyAdmin development team reports: Summary Arbitrary file read vulnerability Description When AllowArbitraryServer configuration set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. phpMyadmin attempts to block...

drupal -- Drupal core - Arbitrary PHP code execution

Drupal Security Team reports: A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code core, contrib, and custom may be performing file operations on insufficiently validated user input, thereb...

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description High SECURITY-868 Administrators could persist access to Jenkins using crafted 'Remember me' cookie Medium SECURITY-901 Deleting a user in an external security realm did not invalidate their session or 'Remember me' cookie...

mail/dovecot -- Suitable client certificate can be used to login as other user

Aki Tuomi Open-Xchange Oy reports: Normally Dovecot is configured to authenticate imap/pop3/managesieve/submission clients using regular username/password combination. Some installations have also required clients to present a trusted SSL certificate on top of that. It's also possible to configur...

Gitlab -- Arbitrary repo read in Gitlab project import

Gitlab reports: Arbitrary repo read in Gitlab project import...

MySQL -- multiple vulnerabilities

Oracle reports: Please reference CVE/URL list for details Not all listed CVE's are present in all versions/flavors...

Python -- NULL pointer dereference vulnerability

Python Changelog: bpo-35746: CVE-2019-5010 Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL distribution points with empty DP or URI correctly. A malicious or buggy certificate can result into segfault. Vulnerability TALOS-2018-0758 reported by Colin Read and Nicolas Ede...

ntp -- Crafted null dereference attack from a trusted source with an authenticated mode 6 packet

Network Time Foundation reports: A crafted malicious authenticated mode 6 ntpq packet from a permitted network address can trigger a NULL pointer dereference, crashing ntpd. Note that for this attack to work, the sending system must be on an address that the target's ntpd accepts mode 6 packets...

Helm -- client unpacking chart that contains malicious content

Helm security notice A specially crafted chart may be able to unpack content into locations on the filesystem outside of the chart's path, potentially overwriting existing files...

py-matrix-synapse -- undisclosed vulnerability

Matrix developers report: The matrix team announces the availablility of synapse security releases 0.34.0.1 and 0.34.1.1, fixing CVE-2019-5885...

irssi -- Use after free

Irssi reports: Use after free when hidden lines were expired from the scroll buffer. It may affect the stability of Irssi. CWE-417, CWE-825...

libzmq4 -- Remote Code Execution Vulnerability

A vulnerability has been found that would allow attackers to direct a peer to jump to and execute from an address indicated by the attacker. This issue has been present since v4.2.0. Older releases are not affected. NOTE: The attacker needs to know in advance valid addresses in the peer's memory ...

gitea -- insufficient privilege check

The Gitea project reports: Security Prevent DeleteFilePost doing arbitrary deletion...

Django -- Content spoofing possibility in the default 404 page

Django security releases issued reports: An attacker could craft a malicious URL that could make spoofed content appear on the default page generated by the django.views.defaults.pagenotfound view...

p5-Email-Address-List -- DDoS related vulnerability

Best PRactical Solutions reports: 0.06 2019-01-02 - Changes to address CVE-2018-18898 which could allow DDoS-type attacks. Thanks to Lukas Kramer for reporting the issue and Alex Vandiver for contributing fixes. - Fix pathological backtracking for unkown regex - Fix pathological backtracking in...

uriparser -- Out-of-bounds read

Upstream project reports: Out-of-bounds read in uriParseEx for incomplete URIs with IPv6 addresses with embedded IPv4 address, e.g. "//::44.1"; mitigated if passed parameter afterLast points to readable memory containing a '\0' byte...

rdesktop - critical - Remote Code Execution

Fix memory corruption in processbitmapdata - CVE-2018-8794 Fix remote code execution in processbitmapdata - CVE-2018-8795 Fix remote code execution in processplane - CVE-2018-8797 Fix Denial of Service in mcsrecvconnectresponse - CVE-2018-20175 Fix Denial of Service in mcsparsedomainparams -...

Gitlab -- Multiple vulnerabilities

Gitlab reports: Source code disclosure merge request diff Todos improper access control URL rel attribute not set Persistent XSS Autocompletion SSRF repository mirroring CI job token LFS error message disclosure Secret CI variable exposure Guest user CI job disclosure Persistent XSS label referen...

wget -- security flaw in caching credentials passed as a part of the URL

Gynvael Coldwind reports: setfilemetadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information e.g., credentials contained in the UR...

Gitlab -- Arbitrary File read in Gitlab project import

Gitlab reports: Arbitrary File read in Gitlab project import...

gitea -- privilege escalation, XSS

The Gitea project reports: Security Sanitize uploaded file names HTMLEncode user added text...

shibboleth-sp -- crashes on malformed date/time content

The Shibboleth Consortium reports: SAML messages, assertions, and metadata all commonly contain date/time information in a standard XML format. Invalid formatted data in such fields cause an exception of a type that was not handled properly in the V3 software and causes a crash usually to the shi...