4078 matches found
firefox: thunderbird: Privilege escalation in the Netmonitor component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the Netmonitor component...
HDF5: HDF5 Metadata Attribute Decoder H5MM_strndup heap-based overflow
A vulnerability was found in HDF5. This issue affects the function H5MMstrndup of the component Metadata Attribute Decoder. Manipulation leads to a heap-based buffer overflow...
GHSA-VC5P-V9HR-52MJ vulnerabilities
Vulnerabilities for packages: zipkin, apache-tika-fips, sonarqube, opensearch, apache-hop-fips, spark-fips, camunda-zeebe, kafka-bridge-fips, tritonserver-backend-vllm-cuda-12.9, wso2is, py3-vllm-cuda-12.4, apache-pulsar, commercial-elasticsearch, nuxeo, confluent-kafka-jre-bcfips, infinispan,...
CVE-2025-65082 affecting package httpd for versions less than 2.4.66-1
CVE-2025-65082 affecting package httpd for versions less than 2.4.66-1. An upgraded version of the package is available that resolves this issue...
CVE-2025-65637 affecting package moby-buildx for versions less than 0.7.1-27
CVE-2025-65637 affecting package moby-buildx for versions less than 0.7.1-27. A patched version of the package is available...
CVE-2025-65637 affecting package cni-plugins for versions less than 1.3.0-10
CVE-2025-65637 affecting package cni-plugins for versions less than 1.3.0-10. A patched version of the package is available...
ROS-20251219-7303
A vulnerability in the MongoDB database management system server is related to the use of assert or a similar operator. Exploitation of the vulnerability could allow a remote attacker to affect the availability of protected information...
ROS-20251219-7304
Vulnerability in mongodb-org related to flaws in authorization procedure. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...
ROS-20251219-7301
Vulnerability in nomad related to incorrect link definition before accessing a file. Exploitation of the vulnerability could allow an attacker to escalate his privileges...
CVE-2025-14861
Memory safety bugs present in Firefox 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 146.0.1...
CVE-2025-14860
Use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 146.0.1...
CVE-2025-14861
Memory safety bugs present in Firefox 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 146.0.1...
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
A flaw was found in WebKitGTK. Processing malicious web content can cause a buffer overflow due to improper bounds checking and result in an unexpected process crash...
SUSE CVE-2025-68146
filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use TOCTOU race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows lock file creation...
CVE-2025-43541
A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected Safari crash...
GHSA-R6J8-C6R2-37RR vulnerabilities
Vulnerabilities for packages: kubernetes-csi-driver-nfs-fips, cephcsi-fips, kapp-fips, longhorn-manager-fips, longhorn-share-manager, longhorn-share-manager-fips, kubernetes-csi-driver-nfs, node-feature-discovery, calico, rancher-support-bundle-kit, azuredisk-csi-fips, calico-fips,...
webkit: WebKitGTK: Remote user-assisted information disclosure via file drag-and-drop
A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information disclosure that can reveal any file the user is permitted to read via abusing the file drag-and-drop mechanism where WebKitGTK does not verify that drag operations originate from outside the browser...
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
A flaw was found in WebKitGTK. Processing malicious web content can cause a buffer overflow due to improper bounds checking and result in an unexpected process crash...
webkit: WebKitGTK: Remote user-assisted information disclosure via file drag-and-drop
A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information disclosure that can reveal any file the user is permitted to read via abusing the file drag-and-drop mechanism where WebKitGTK does not verify that drag operations originate from outside the browser...
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...