py-gunicorn -- CWE-113 vulnerability

Everardo reports: gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in processheaders function in gunicorn/http/wsgi.py that can result in an attacker causing the server to return arbitrary HTTP headers...

ruby -- multiple vulnerabilities

Ruby news: CVE-2017-17742: HTTP response splitting in WEBrick If a script accepts an external input and outputs it without modification as a part of HTTP responses, an attacker can use newline characters to deceive the clients that the HTTP response header is stopped at there, and can inject fake...

OpenSSL -- multiple vulnerabilities

The OpenSSL project reports: Constructed ASN.1 types with a recursive definition could exceed the stack CVE-2018-0739 Constructed ASN.1 types with a recursive definition such as can be found in PKCS7 could eventually exceed the stack given malicious input with excessive recursion. This could resu...

mozilla -- use-after-free in compositor

The Mozilla Foundation reports: CVE-2018-5148: Use-after-free in compositor A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash...

apache -- multiple vulnerabilities

The Apache httpd reports: Out of bound write in modauthnzldap with AuthLDAPCharsetConfig enabled CVE-2017-15710 modsession: CGI-like applications that intend to read from modsession's 'SessionEnv ON' could be fooled into reading user-supplied data instead. CVE-2018-1283 modcachesocache: Fix reque...

rails-html-sanitizer -- possible XSS vulnerability

OSS-Security list: There is a possible XSS vulnerability in rails-html-sanitizer. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications. This issue is...

mbed TLS (PolarSSL) -- multiple vulnerabilities

Simon Butcher reports: Defend against Bellcore glitch attacks by verifying the results of RSA private key operations. Fix implementation of the truncated HMAC extension. The previous implementation allowed an offline 2^80 brute force attack on the HMAC key of a single, uninterrupted connection wi...

node.js -- multiple vulnerabilities

Node.js reports: Node.js Inspector DNS rebinding vulnerability CVE-2018-7160 Node.js 6.x and later include a debugger protocol also known as "inspector" that can be activated by the --inspect and related command line flags. This debugger service was vulnerable to a DNS rebinding attack which coul...

chromium -- vulnerability

Google Chrome Releases reports: 1 security fix in this release, including: 823553 Various fixes from internal audits, fuzzing and other initiatives...

Gitlab -- multiple vulnerabilities

GitLab reports: SSRF in services and web hooks There were multiple server-side request forgery issues in the Services feature. An attacker could make requests to servers within the same network of the GitLab instance. This could lead to information disclosure, authentication bypass, or potentiall...

Sanitize -- XSS vulnerability

Sanitize release: Fixed an HTML injection vulnerability that could allow XSS. When Sanitize = 2.9.2, a specially crafted HTML fragment can cause libxml2 to generate improperly escaped output, allowing non-whitelisted attributes to be used on whitelisted elements. Sanitize now performs additional...

Jupyter Notebook -- vulnerability

MITRE reports: In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous...

SQLite -- Corrupt DB can cause a NULL pointer dereference

MITRE reports: SQLite databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c...

SQLite -- Corrupt DB can cause a NULL pointer dereference

MITRE reports: SQLite databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c...

libvorbis -- multiple vulnerabilities

NVD reports: Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbisanalysisheaderout in info.c when vi-channels=0, a similar issue to Mozilla bug 550184. In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the...

mozilla -- multiple vulnerabilities

The Mozilla Foundation reports: CVE-2018-5146: Out of bounds memory write in libvorbis An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. CVE-2018-5147: Out of bounds memory write in libtremor The libtremor library has the same flaw as...

mybb -- multiple vulnerabilities

mybb Team reports: Medium risk: Tasks Local File Inclusion Medium risk: Forum Password Check Bypass Low risk: Admin Permissions Group Title XSS Low risk: Attachment types file extension XSS Low risk: Moderator Tools XSS Low risk: Security Questions XSS Low risk: Settings Management XSS Low risk:...

slurm-wlm -- SQL Injection attacks against SlurmDBD

SchedMD reports: Several issues were discovered with incomplete sanitization of user-provided text strings, which could potentially lead to SQL injection attacks against SlurmDBD itself. Such exploits could lead to a loss of accounting data, or escalation of user privileges on the cluster...

Loofah -- XSS vulnerability

GitHub issue: This issue has been created for public disclosure of an XSS / code injection vulnerability that was responsibly reported by the Shopify Application Security Team. Loofah allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML...

moodle -- multiple vulnerabilities

moodle reports: Unauthenticated users can trigger custom messages to admin via paypal enrol script. Suspended users with OAuth 2 authentication method can still log in to the site...

FreeBSD -- Speculative Execution Vulnerabilities

Problem Description: A number of issues relating to speculative execution were found last year and publicly announced January 3rd. Two of these, known as Meltdown and Spectre V2, are addressed here. CVE-2017-5754 Meltdown - ------------------------ This issue relies on an affected CPU speculative...

drupal -- Drupal Core - Multiple Vulnerabilities

Drupal Security Team reports: CVE-2018-7600: Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations...

Flash Player -- multiple vulnerabilities

Adobe reports: This update resolves a use-after-free vulnerability that could lead to remote code execution CVE-2018-4919. This update resolves a type confusion vulnerability that could lead to remote code execution CVE-2018-4920...

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList CVE-2018-5128: Use-after-free manipulating editor selection ranges CVE-2018-5129: Out-of-bounds write with malformed IPC messages CVE-2018-5130: Mismatched RTP payload type can trigger memory corruptio...

mailman -- hardening against malicious listowners injecting evil HTML scripts

Mark Sapiro reports: Existing protections against malicious listowners injecting evil scripts into listinfo pages have had a few more checks added. A few more error messages have had their values HTML escaped. The hash generated when SUBSCRIBEFORMSECRET is set could have been the same as one...

py-asyncssh -- Allows bypass of authentication

mitre.org Reports: The SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authentication is completed before processing other requests A customized SSH client can simply skip the authentication step...

FreeBSD -- ipsec validation and use-after-free

Problem Description: Due to a lack of strict checking, an attacker from a trusted host can send a specially constructed IP packet that may lead to a system crash. Additionally, a use-after-free vulnerability in the AH handling code could cause unpredictable results. Impact: Access to out of bound...

e2fsprogs -- potential buffer overrun bugs in the blkid library and in the fsck program

Theodore Y. Ts'o reports: Fixed some potential buffer overrun bugs in the blkid library and in the fsck program...

py-bleach -- unsanitized character entities

bleach developer reports: Attributes that have URI values weren't properly sanitized if the values contained character entities. Using character entities, it was possible to construct a URI value with a scheme that was not allowed that would slide through unsanitized. This security issue was...

PostgreSQL vulnerabilities

The PostgreSQL project reports: CVE-2018-1058: Uncontrolled search path element in pgdump and other client applications...

ntp -- multiple vulnerabilities

Network Time Foundation reports: The NTP Project at Network Time Foundation is releasing ntp-4.2.8p11. This release addresses five security issues in ntpd: LOW/MEDIUM: Sec 3012 / CVE-2016-1549 / VU961909: Sybil vulnerability: ephemeral association attack INFO/MEDIUM: Sec 3412 / CVE-2018-7182 /...

shibboleth-sp -- vulnerable to forged user attribute data

Shibboleth consortium reports: Shibboleth SP software vulnerable to additional data forgery flaws The XML processing performed by the Service Provider software has been found to be vulnerable to new flaws similar in nature to the one addressed in an advisory last month. These bugs involve the use...

payara -- Default typing issue in Jackson Databind

FasterXML jackson-databind before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper,...

tomcat -- Security constraints ignored or applied too late

The Apache Software Foundation reports: Security constraints defined by annotations of Servlets were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order...

wireshark -- multiple security issues

wireshark developers reports: wnpa-sec-2018-05. IEEE 802.11 dissector crash. CVE-2018-7335 wnpa-sec-2018-06. Large or infinite loops in multiple dissectors. CVE-2018-7321 through CVE-2018-7333 wnpa-sec-2018-07. UMTS MAC dissector crash. CVE-2018-7334 wnpa-sec-2018-08. DOCSIS dissector crash...

drupal -- Drupal Core - Multiple Vulnerabilities

Drupal Security Team reports: CVE-2017-6926: Comment reply form allows access to restricted content CVE-2017-6927: JavaScript cross-site scripting prevention is incomplete CVE-2017-6928: Private file access bypass - Moderately Critical CVE-2017-6929: jQuery vulnerability with untrusted domains -...

asterisk and pjsip -- multiple vulnerabilities

The Asterisk project reports: AST-2018-002 - By crafting an SDP message with an invalid media format description Asterisk crashes when using the pjsip channel driver because pjproject's sdp parsing algorithm fails to catch the invalid media format description. AST-2018-003 - By crafting an SDP...

phpMyAdmin -- self XSS in central columns feature

The phpMyAdmin team reports: Summary Self XSS in central columns feature Description A self-cross site scripting XSS vulnerability has been reported relating to the central columns feature. Severity We consider this vulnerability to be of moderate severity. Mitigation factor A valid token must be...

asterisk -- multiple vulnerabilities

The Asterisk project reports: AST-2018-004 - When processing a SUBSCRIBE request the respjsippubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed despite having a fixed limit of 32. If more than 32 Accep...

isc-dhcp -- Multiple vulnerabilities

ISC reports: Failure to properly bounds check a buffer used for processing DHCP options allows a malicious server or an entity masquerading as a server to cause a buffer overflow and resulting crash in dhclient by sending a response containing a specially constructed options section. A malicious...

Bugzilla security issues

Bugzilla Security Advisory A CSRF vulnerability in report.cgi would allow a third-party site to extract confidential information from a bug the victim had access to...

irssi -- multiple vulnerabilities

Irssi reports: Use after free when server is disconnected during netsplits. Found by Joseph Bisch. Use after free when SASL messages are received in unexpected order. Found by Joseph Bisch. Null pointer dereference when an “empty” nick has been observed by Irssi. Found by Joseph Bisch. When the...

bro -- integer overflow allows remote DOS

Philippe Antoine of Catena cyber: This is a security release that fixes an integer overflow in code generated by binpac. This issue can be used by remote attackers to crash Bro i.e. a DoS attack. There also is a possibility this can be exploited in other ways. CVE pending...

jenkins -- Path traversal vulnerability allows access to files outside plugin resources

Jenkins developers report: Jenkins did not properly prevent specifying relative paths that escape a base directory for URLs accessing plugin resource files. This allowed users with Overall/Read permission to download files from the Jenkins master they should not have access to...

bitmessage -- remote code execution vulnerability

Bitmessage developers report: A remote code execution vulnerability has been spotted in use against some users running PyBitmessage v0.6.2. The cause was identified and a fix has been added and released as 0.6.3.2. Will be updated if/when CVE will be available...

kamailio - buffer overflow

A specially crafted REGISTER message with a malformed branch or From tag triggers an off-by-one heap-based buffer overflow in the tmxcheckpretran function in modules/tmx/tmxpretran.c...

LibreOffice -- Remote arbitrary file disclosure vulnerability via WEBSERVICE formula

LibreOffice reports: LibreOffice Calc supports a WEBSERVICE function to obtain data by URL. Vulnerable versions of LibreOffice allow WEBSERVICE to take a local file URL e.g file:// which can be used to inject local files into the spreadsheet without warning the user. Subsequent formulas can opera...

GitLab -- multiple vulnerabilities

GitLab reports: SnippetFinder information disclosure The GitLab SnippetFinder component contained an information disclosure which allowed access to snippets restricted to Only team members or configured as disabled. The issue is now resolved in the latest version. LDAP API authorization issue An...

uwsgi -- a stack-based buffer overflow

Uwsgi developers report: It was discovered that the uwsgiexpandpath function in utils.c in Unbit uWSGI, an application container server, has a stack-based buffer overflow via a large directory length that can cause a denial-of-service application crash or stack corruption...

PostgreSQL vulnerabilities

The PostgreSQL project reports: CVE-2018-1052: Fix the processing of partition keys containing multiple expressions only for PostgreSQL-10.x CVE-2018-1053: Ensure that all temporary files made with "pgupgrade" are non-world-readable...