FreeBSD -- bootpd buffer overflow

Problem Description: Due to insufficient validation of network-provided data it may be possible for a malicious attacker to craft a bootp packet which could cause a stack buffer overflow. Impact: It is possible that the buffer overflow could lead to a Denial of Service or remote code execution...

botan2 -- Side channel during ECC key generation

botan2 developers reports: A timing side channel during ECC key generation could leak information about the high bits of the secret scalar. Such information allows an attacker to perform a brute force attack on the key somewhat more efficiently than they would otherwise. Found by Ján Jančár using...

wordpress -- multiple issues

wordpress developers reports: WordPress versions 5.0 and earlier are affected by the following bugs, which are fixed in version 5.0.1. Updated versions of WordPress 4.9 and older releases are also available, for users who have not yet updated to 5.0. Karim El Ouerghemmi discovered that authors...

Gitlab -- Arbitrary File read in GitLab project import with Git LFS

Gitlab reports: Arbitrary File read in GitLab project import with Git LFS...

chromium -- Use after free in PDFium

Google Chrome Releases reports: 1 security fix contributed by external researches: High CVE-2018-17481: Use after free in PDFium...

urllib3 -- multiple vulnerabilities

NIST reports: by search in the range 2018/01/01 - 2019/11/10: urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect i.e., a redirect that differs in host, port, or scheme. This can allow for credentials in the Authorization header to be...

typo3 -- multiple vulnerabilities

Typo3 core team reports: CKEditor 4.11 fixes an XSS vulnerability in the HTML parser reported by maxarr. The vulnerability stemmed from the fact that it was possible to execute XSS inside the CKEditor source area after persuading the victim to: i switch CKEditor to source mode, then ii paste a...

phpMyAdmin -- multiple vulnerabilities

The phpMyAdmin development team reports: Summary Local file inclusion through transformation feature Description A flaw has been found where an attacker can exploit phpMyAdmin to leak the contents of a local file. The attacker must have access to the phpMyAdmin Configuration Storage tables,...

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2018-12407: Buffer overflow with ANGLE library when using VertexBuffer11 module CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 CVE-2018-18492: Use-after-free with select element CVE-2018-18493: Buffer overflow in...

Gitlab -- Multiple vulnerabilities

Gitlab reports: Directory Traversal in Templates API...

Flash Player -- multiple vulnerabilities

Adobe reports: This update resolves a use-after-free vulnerability that could lead to arbitrary code execution CVE-2018-15982. This update resolves an insecure library loading vulnerability that could lead to privilege escalation CVE-2018-15983...

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description Critical SECURITY-595 Code execution through crafted URLs Medium SECURITY-904 Forced migration of user records Medium SECURITY-1072 Workspace browser allowed accessing files outside the workspace Medium SECURITY-1193 Potential denial of service through cron...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 43 security fixes in this release, including: High CVE-2018-17480: Out of bounds write in V8 High CVE-2018-17481: Use after free in PDFium High CVE-2018-18335: Heap buffer overflow in Skia High CVE-2018-18336: Use after free in PDFium High CVE-2018-18337: Use after...

FreeBSD -- Insufficient bounds checking in bhyve(8) device model

Problem Description: Insufficient bounds checking in one of the device models provided by bhyve8 can permit a guest operating system to overwrite memory in the bhyve8 processing possibly permitting arbitary code execution. Impact: A guest OS using a firmware image can cause the bhyve process to...

joomla3 -- vulnerabilitiesw

JSST reports: Inadequate escaping in modbanners leads to a stored XSS vulnerability. Inadequate escaping in comcontact leads to a stored XSS vulnerability Inadequate checks at the Global Configuration Text Filter settings allowed a stored XSS. Inadequate checks at the Global Configuration helpurl...

bro -- "Magellan" remote code execution vulnerability in bundled sqlite

Bro Network security Monitor reports: Bro 2.6.1 updates the embedded SQLite to version 3.26.0 to address the "Magellan" remote code execution vulnerability. The stock Bro configuration/scripts don't use SQLite by default, but custom user scripts/packages may...

couchdb -- administrator privilege escalation

Apache CouchDB PMC reports: Database Administrator could achieve privilege escalation to the account that CouchDB runs under, by abusing insufficient validation in the HTTP API, escaping security controls implemented in previous releases...

Gitlab -- Multiple vulnerabilities

Gitlab reports: View Names of Private Groups Persistent XSS in Environments SSRF in Prometheus integration Unauthorized Promotion of Milestones Exposure of Confidential Issue Title Persisent XSS in Markdown Fields via Mermaid Script Persistent XSS in Markdown Fields via Unrecognized HTML Tags...

Mbed TLS -- Local timing attack on RSA decryption

Janos Follath reports: An attacker who can run code on the same machine that is performing an RSA decryption can potentially recover the plaintext through a Bleichenbacher-like oracle...

messagelib -- HTML email can open browser window automatically

Albert Astals Cid reports: messagelib is the library used by KMail to display emails. messagelib by default displays emails as plain text, but gives the user an option to "Prefer HTML to plain text" in the settings and if that option is not enabled there is way to enable HTML display when an emai...

node.js -- multiple vulnerabilities

Node.js reports: Updates are now available for all active Node.js release lines. These include fixes for the vulnerabilities identified in the initial announcement. They also include upgrades of Node.js 6 and 8 to OpenSSL 1.0.2q, and upgrades of Node.js 10 and 11 to OpenSSL 1.1.0j. We recommend...

FreeBSD -- Multiple vulnerabilities in NFS server code

Problem Description: Insufficient and improper checking in the NFS server code could cause a denial of service or possibly remote code execution via a specially crafted network packet. Impact: A remote attacker could cause the NFS server to crash, resulting in a denial of service, or possibly...

Rails -- Active Job vulnerability

Ruby on Rails blog: Rails 4.2.11, 5.0.7.1, 5.1.6.1 and 5.2.1.1 have been released! These contain the following important security fixes, and it is recommended that users upgrade as soon as possible CVE-2018-16476 Broken Access Control vulnerability in Active Job: Carefully crafted user input can...

powerdns-recursor -- Crafted query can cause a denial of service

powerdns Team reports: CVE-2018-16855: An issue has been found in PowerDNS Recursor where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash. When the PowerDNS Recursor is run...

Flash Player -- arbitrary code execution

Adobe reports: This update resolves a type confusion vulnerability that could lead to arbitrary code execution CVE-2018-15981...

Gitlab -- Multiple vulnerabilities

Gitlab reports: Persistent XSS Autocompletion Unauthorized service template creation...

phpmailer -- Multiple vulnerability

The PHPMailer Team reports: CVE-2018-19296:Fix potential object injection vulnerability...

Flash Player -- information disclosure

Adobe reports: This update resolves a out-of-bounds vulnerability that could lead to information disclosure CVE-2018-15978...

kio-extras -- HTML Thumbnailer automatic remote file access

Albert Astals Cid reports: Various KDE applications share a plugin system to create thumbnails of various file types for displaying in file managers, file dialogs, etc. kio-extras contains a thumbnailer plugin for HTML files. The HTML thumbnailer was incorrectly accessing some content of remote...

OpenSSL -- timing vulnerability

The OpenSSL project reports: Microarchitecture timing vulnerability in ECC scalar multiplication. Severity: Low OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been shown to be vulnerable to a microarchitecture timing side channel attack. An attacker with sufficient access to...

netatalk3 -- remote code execution vulnerability

NIST reports: Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsiopensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution...

PostgreSQL -- SQL injection in pg_upgrade and pg_dump

The PostgreSQL project reports: CVE-2018-16850: SQL injection in pgupgrade and pgdump, via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can run arbitrary SQL statements with superuser privileges when a superuser runs pgupgrade on the database or during a...

NGINX -- Multiple vulnerabilities

NGINX Team reports: Two security issues were identified in nginx HTTP/2 implementation, which might cause excessive memory consumption CVE-2018-16843 and CPU usage CVE-2018-16844. The issues affect nginx compiled with the ngxhttpv2module not compiled by default if the "http2" option of the "liste...

powerdns-recursor -- Multiple vulnerabilities

powerdns Team reports: CVE-2018-10851: An issue has been found in PowerDNS Recursor allowing a malicious authoritative server to cause a memory leak by sending specially crafted records. The issue is due to the fact that some memory is allocated before the parsing and is not always properly...

powerdns -- Multiple vulnerabilities

PowerDNS Team reports: CVE-2018-10851: An issue has been found in PowerDNS Authoritative Server allowing an authorized user to cause a memory leak by inserting a specially crafted record in a zone under their control, then sending a DNS query for that record. The issue is due to the fact that som...

moodle -- Login CSRF vulnerability

moodle reports: The login form is not protected by a token to prevent login cross-site request forgery...

Gitlab -- SSRF in Kubernetes integration

The GitLab Team reports: SSRF in Kubernetes integration...

curl -- multiple vulnerabilities

curl security problems: CVE-2018-16839: SASL password overflow via integer overflow libcurl contains a buffer overrun in the SASL authentication code. The internal function Curlauthcreateplainmessage fails to correctly verify that the passed in lengths for name and password aren't too long, then...

Loofah -- XSS vulnerability

GitHub issue: This issue has been created for public disclosure of an XSS vulnerability that was responsibly reported independently by Shubham Pathak and @yasinS Yasin Soliman. In the Loofah gem, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is...

Gitlab -- multiple vulnerabilities

Gitlab reports: RCE in Gitlab Wiki API SSRF in Hipchat integration Cleartext storage of personal access tokens Information exposure through stack trace error message Persistent XSS autocomplete Information exposure in stored browser history Information exposure when replying to issues through ema...

OpenSSL -- Multiple vulnerabilities in 1.1 branch

The OpenSSL project reports: Timing vulnerability in ECDSA signature generation CVE-2018-0735: The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key Low. Timing...

uriparser -- Multiple vulnerabilities

The upstream project reports: Fixed: Out-of-bounds write in uriComposeQuery and uriComposeQueryEx Commit 864f5d4c127def386dd5cc926ad96934b297f04e Thanks to Google Autofuzz team for the report! Fixed: Detect integer overflow in uriComposeQuery and uriComposeQueryEx Commit...

mini_httpd -- disclose arbitrary files is some circumstances

Jef Poskanzer reports: Prior versions allowed remote users to read arbitrary files in some circumstances...

gitea -- remote code exeution

The Gitea project reports: This release contains critical security fix for vulnerability that could potentially allow for authorized users to do remote code execution...

salt -- multiple vulnerabilities

SaltStack reports: Remote command execution and incorrect access control when using salt-api. Directory traversal vulnerability when using salt-api. Allows an attacker to determine what files exist on a server when querying /run or /events...

php-imap -- imap_open allows to run arbitrary shell commands via mailbox parameter

The PHP team reports: imapopen allows to run arbitrary shell commands via mailbox parameter...

asterisk -- Remote crash vulnerability DNS SRV and NAPTR lookups

The Asterisk project reports: There is a buffer overflow vulnerability in dnssrv and dnsnaptr functions of Asterisk that allows an attacker to crash Asterisk via a specially crafted DNS SRV or NAPTR response. The attackers request causes Asterisk to segfault and crash...

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2018-12391: HTTP Live Stream audio data is accessible cross-origin CVE-2018-12392: Crash with nested event loops CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript CVE-2018-12395: WebExtension bypass of domain restrictions through...

rpm4 -- regression in -setperms, -setugids and -restore

rpm4 reports: Regression in -setperms, -setugids and -restore Note that this update can not automatically fix possible damage done by using -setperms, -setugids or -restore with rpm 4.14.2, it merely fixes the functionlity itself. Any damage needs to be investigated and fixed manually, such as...

matomo -- XSS vulnerability

Matomo reports: Several XSS issues have been fixed thanks to the great work of security researchers who responsible disclosed issues to us...