asterisk -- PJSIP endpoint presence disclosure when using ACL

The Asterisk project reports: When endpoint specific ACL rules block a SIP request they respond with a 403 forbidden. However, if an endpoint is not identified then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot b...

sinatra -- XSS vulnerability

Sinatra blog: Sinatra had a critical vulnerability since v2.0.0. The purpose of this release is to fix CVE-2018-11627. The vulnerability is that XSS can be executed by using illegal parameters...

gnupg -- unsanitized output (CVE-2018-12020)

GnuPG reports: GnuPG did not sanitize input file names, which may then be output to the terminal. This could allow terminal control sequences or fake status messages to be injected into the output...

Flash Player -- multiple vulnerabilities

Adobe reports: This update resolves a type confusion vulnerability that could lead to arbitrary code execution CVE-2018-4945. This update resolves an integer overflow vulnerability that could lead to information disclosure CVE-2018-5000. This update resolves an out-of-bounds read vulnerability th...

chromium -- Incorrect handling of CSP header

Google Chrome Releases reports: 1 security fix contributed by external researchers: 845961 High CVE-2018-6148: Incorrect handling of CSP header. Reported by Michal Bentkowski on 2018-05-23...

vlc -- Use after free vulnerability

Mitre reports: VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions...

firefox -- Heap buffer overflow rasterizing paths in SVG with Skia

The Mozilla Foundation reports: A heap buffer overflow can occur in the Skia library when rasterizing paths using a maliciously crafted SVG file with anti-aliasing turned off. This results in a potentially exploitable crash...

couchdb -- administrator privilege escalation

Apache CouchDB PMC reports: Database Administrator could achieve privilege escalation to the account that CouchDB runs under, by abusing insufficient validation in the HTTP API, escaping security controls implemented in previous releases...

h2o -- heap buffer overflow during logging

Marlies Ruck reports: Fix heap buffer overflow while trying to emit access log - see references for full details. CVE-2018-0608: Buffer overflow in H2O version 2.2.4 and earlier allows remote attackers to execute arbitrary code or cause a denial of service DoS via unspecified vectors...

slurm -- insecure handling of user_name and gid fields

SchedMD reports: Insecure handling of username and gid fields CVE-2018-10995 While fixes are only available for the supported 17.02 and 17.11 releases, it is believed that similar vulnerabilities do affect past versions as well. The only resolution is to upgrade Slurm to a fixed release...

Libgit2 -- Fixing insufficient validation of submodule names

The Git community reports: Insufficient validation of submodule names...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 34 security fixes in this release, including: 835639 High CVE-2018-6123: Use after free in Blink. Reported by Looben Yang on 2018-04-22 840320 High CVE-2018-6124: Type confusion in Blink. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2018-05-07 818592 High...

bro -- multiple memory allocation issues

Corelight reports: Bro 2.5.4 primarily fixes security issues Multiple fixes and improvements to BinPAC generated code related to array parsing, with potential impact to all Bro's BinPAC-generated analyzers in the form of buffer over-reads or other invalid memory accesses depending on whether a...

Gitlab -- multiple vulnerabilities

GitLab reports: Removing public deploy keys regression Users can update their password without entering current password Persistent XSS - Selecting users as allowed merge request approvers Persistent XSS - Multiple locations of user selection drop downs include directive in .gitlab-ci.yml allows...

Git -- Fix memory out-of-bounds and remote code execution vulnerabilities (CVE-2018-11233 and CVE-2018-11235)

The Git community reports: In affected versions of Git, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory. In affected versions of Git, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machin...

taglib -- heap-based buffer over-read via a crafted audio file

Webin security lab - dbapp security Ltd reports: The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure heap-based buffer over-read via a crafted audio file...

lizard -- Negative size passed to memcpy resulting in memory corruption

[email protected] reports: In Lizard v1.0 and LZ5 v2.0 the prior release, before the product was renamed, there is an unchecked buffer size during a memcpy in the LizarddecompressLIZv1 function lib/lizarddecompressliz.h. Remote attackers can leverage this vulnerability to cause a denial of service vi...

BIND -- multiple vulnerabilities

ISC reports: An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession. A problem with the implementation of the new serve-stale feature in BIND 9.12 can lea...

cURL -- multiple vulnerabilities

cURL security problems: CVE-2018-1000300: FTP shutdown response buffer overflow curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies. When doing FTP transfers, curl keeps a spare "closure handle" around internally that will be us...

strongswan -- Fix Denial-of-Service Vulnerability strongSwan (CVE-2018-10811, CVE-2018-5388)

strongSwan security team reports: A denial-of-service vulnerability in the IKEv2 key derivation was fixed if the openssl plugin is used in FIPS mode and HMAC-MD5 is negotiated as PRF which is not FIPS-compliant. So this should only affect very specific setups, but in such configurations all...

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2018-5183: Backport critical security fixes in Skia CVE-2018-5154: Use-after-free with SVG animations and clip paths CVE-2018-5155: Use-after-free with SVG animations and text paths CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files...

wavpack -- multiple vulnerabilities

Sebastian Ramacher reports: A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file. The...

jenkins -- multiple vulnerabilities

Jenkins developers report: The agent to master security subsystem ensures that the Jenkins master is protected from maliciously configured agents. A path traversal vulnerability allowed agents to escape whitelisted directories to read and write to files they should not be able to access. Black Du...

Flash Player -- arbitrary code execution

Adobe reports: This update resolves a type confusion vulnerability that could lead to arbitrary code execution CVE-2018-4944...

FreeBSD -- Mishandling of x86 debug exceptions

Problem Description: The MOV SS and POP SS instructions inhibit debug exceptions until the instruction boundary following the next instruction. If that instruction is a system call or similar instruction that transfers control to the operating system, the debug exception will be handled in the...

KWallet-PAM -- Access to privileged files

The KDE Community reports: kwallet-pam was doing file writing and permission changing as root that with correct timing and use of carefully crafted symbolic links could allow a non privileged user to become the owner of any file on the system...

p7zip -- usage of uninitialized memory

NVD reports: Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service segmentation fault or execute arbitrary code via a crafted RAR archive...

python 2.7 -- multiple vulnerabilities

python release notes: Multiple vulnerabilities has been fixed in this release. Please refer to the CVE list for details...

gitea -- TOTP passcode reuse

The Gitea project reports: TOTP passcodes can be reused...

Gitlab -- multiple vulnerabilities

GitLab reports: Persistent XSS in Move Issue using project namespace Download Archive allowing unauthorized private repo access Mattermost Updates...

lrzsz -- Integer overflow in zmodem, crash and information leak

[email protected] reports: Lrzsz has an integer overflow vulernability in the src/zm.c:zsdata function. An attacker could exploit this with the sz command to cause a crash or potentially leak information to the receiving server...

wget -- cookie injection vulnerability

Harry Sintonen of F-Secure Corporation reports: GNU Wget is susceptible to a malicious web server injecting arbitrary cookies to the cookie jar file...

drupal -- Drupal Core - Multiple Vulnerabilities

Drupal Security Team reports: A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to...

quassel -- multiple vulnerabilities

Gentoo reports: quasselcore: corruption of heap metadata caused by qdatastream leading to preauth remote code execution. Severity: high, by default the server port is publicly open and the address can be requested using the /WHOIS command of IRC protocol. Description: In Qdatastream protocol each...

drupal -- Drupal core - Moderately critical

The Drupal security team reports: CKEditor, a third-party JavaScript library included in Drupal core, has fixed a cross-site scripting XSS vulnerability. The vulnerability stemmed from the fact that it was possible to execute XSS inside CKEditor when using the image2 plugin which Drupal 8 core al...

phpmyadmin -- CSRF vulnerability allowing arbitrary SQL execution

The phpMyAdmin development team reports: Summary CSRF vulnerability allowing arbitrary SQL execution Description By deceiving a user to click on a crafted URL, it is possible for an attacker to execute arbitrary SQL commands. Severity We consider this vulnerability to be critical...

MySQL -- multiple vulnerabilities

Oracle reports: MySQL Multiple Flaws Let Remote Authenticated Users Access and Modify Data, Remote and Local Users Deny Service, and Local Users Access Data and Gain Elevated Privileges A local user can exploit a flaw in the Replication component to gain elevated privileges CVE-2018-2755. A remot...

patch -- multiple vulnerabilities

NVD reports: An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuitdifftype function in pch.c, aka a "mangled rename" issue. A double free exists in the anotherhunk function in pch...

OpenSSL -- Cache timing vulnerability

The OpenSSL project reports: The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 4 security fixes in this release: 835887 Critical: Chain leading to sandbox escape. Reported by Anonymous on 2018-04-23 836858 High CVE-2018-6121: Privilege Escalation in extensions 836141 High CVE-2018-6122: Type confusion in V8 833721 High CVE-2018-6120: Heap...

perl -- multiple vulnerabilities

perldelta: CVE-2018-6797: heap-buffer-overflow WRITE of size 1 in Sregatom regcomp.c A crafted regular expression could cause a heap buffer write overflow, with control over the bytes written. perl 132227 CVE-2018-6798: Heap-buffer-overflow in Perlbytedumpstring utf8.c Matching a crafted locale...

chromium -- vulnerability

Google Chrome Releases reports: 3 security fixes in this release: 831963 Critical CVE-2018-6118: Use after free in Media Cache. Reported by Ned Williamson on 2018-04-12 837635 Various fixes from internal audits, fuzzing and other initiatives...

roundcube -- IMAP command injection vulnerability

Upstream reports: This update primarily fixes a recently discovered IMAP-cmd-injection vulnerability caused by insufficient input validation within the archive plugin. Details about the vulnerability are published under CVE-2018-9846...

jenkins -- multiple vulnerabilities

Jenkins developers report: The Jenkins CLI sent different error responses for commands with view and agent arguments depending on the existence of the specified views or agents to unauthorized users. This allowed attackers to determine whether views or agents with specified names exist. The Jenki...

Flash Player -- multiple vulnerabilities

Adobe reports: This update resolves a use-after-free vulnerability that could lead to remote code execution CVE-2018-4932. This update resolves out-of-bounds read vulnerabilities that could lead to information disclosure CVE-2018-4933, CVE-2018-4934. This update resolves out-of-bounds write...

nghttp2 -- Denial of service due to NULL pointer dereference

nghttp2 blog: If ALTSVC frame is received by libnghttp2 and it is larger than it can accept, the pointer field which points to ALTSVC frame payload is left NULL. Later libnghttp2 attempts to access another field through the pointer, and gets segmentation fault. ALTSVC frame is defined by RFC 7838...

FreeBSD -- ipsec crash or denial of service

Problem Description: The length field of the option header does not count the size of the option header itself. This causes a problem when the length is zero, the count is then incremented by zero, which causes an infinite loop. In addition there are pointer/offset mistakes in the handling of IPv...

FreeBSD -- vt console memory disclosure

Problem Description: Insufficient validation of user-provided font parameters can result in an integer overflow, leading to the use of arbitrary kernel memory as glyph data. Characters that reference this data can be displayed on the screen, effectively disclosing kernel memory. Impact:...

Gitlab -- multiple vulnerabilities

GitLab reports: Confidential issue comments in Slack, Mattermost, and webhook integrations. Persistent XSS in milestones data-milestone-id. Persistent XSS in filename of merge request...

wordpress -- multiple issues

wordpress developers reports: Don't treat localhost as same host by default. Use safe redirects when redirecting the login page if SSL is forced. Make sure the version string is correctly escaped for use in generator tags...