14 matches found
CVE-2025-53901
Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4, 33.0.2, and 34.0.2, a bug in Wasmtime's implementation of the WASIp1 set of import functions can lead to a WebAssembly guest inducing a panic in the host embedder. The specific bug is triggered by calling pathopen after calling...
CVE-2025-21718
In the Linux kernel, the following vulnerability has been resolved: net: rose: fix timer races against user threads Rose timers only acquire the socket spinlock, without checking if the socket is owned by one user thread. Add a check and rearm the timers if needed. BUG: KASAN: slab-use-after-free...
CVE-2023-29583
yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parseexpr5 at /nasm/nasm-parse.c. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code...
Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 108 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 108.0.5359.71 Mac/linux and 108.0.5359.71/72 Windows contains a number of fixes and improvements -- a list of changes is...
CVE-2022-35252
creationtimestamp| type| source ---|---|--- 2022-09-23 18:19:32+00:00| seen| https://t.me/cibsecurity/50340 2024-12-12 08:18:34+00:00| seen| https://daniel.haxx.se/blog/2024/12/12/a-twenty-five-years-old-curl-bug/...
CVE-2022-34037
An out-of-bounds read in the rewrite function at /modules/caddyhttp/rewrite/rewrite.go in Caddy v2.5.1 allows attackers to cause a Denial of Service DoS via a crafted URI. Note: This has been disputed as a bug, not a security vulnerability, in the Caddy web server that emerged when an...
sysstat security update
11.7.3-5 - Rebuild 11.7.3-4 - Package onboarded to gating 11.7.3-3 - Fix memory corruption bug due to integer overflow 1790608...
Chrome for Android Update
Hi, everyone! We've just released Chrome 86 86.0.4240.99 for Android: it'll become available on Google Play over the next few weeks. This release includes Security, stability and performance improvements. You can see a full list of the changes in the Git log. If you find a new issue, please let u...
http-parser security and bug fix update
2.8.0-5 - Resolves: rhbz1686488: 'make test' fails with stringop-overflow error 2.8.0-4 - Resolves: rhbz1666382: CVE-2018-12121 http-parser: nodejs: Denial of Service with large HTTP headers rhel-8 2.8.0-3 - spec: make the check phase conditional...
bugzilla -- information leak
A Bugzilla Security Advisory reports: When a bug is in a group, none of its information other than its status and resolution should be visible to users outside that group. It was discovered that as of 3.3.2, Bugzilla was showing the alias of the bug a very short string used as a shortcut for...
Real security information is hard to come by
Before you read this, I recommend you type "man memfrob" and "man strfry" on your nearest Linux system. I had no idea Linux libC had so many inside jokes. I think it says a lot about the character of the system. In other news, Real was finally told about my HelixServer remote, after a copy of...
CVE-2002-1115
CVE-2002-1115 affects Mantis ≤ 0.17.4a; the issue is improper access control in bug viewing pages, allowing remote attackers to view private bugs by altering f_id on pages bug_update_advanced_page.php, bug_update_page.php, view_bug_advanced_page.php, or view_bug_page.php. Impact is exposure of pr...
nfsd.linux.txt
Hi, this is voice of lam3rZ .pl -- Introduction - After reading lcamtuf's posts I decided write this one. Few months ago one of my friends - digit - found bug in linux nfsd daemon. I made example sploit about IV 1999. Now in distributions is new nfsd and nowhere was information about security...
insmod.linux.txt
Date: Tue, 30 Mar 1999 22:08:13 -0500 From: Brian Szymanski To: [email protected] Subject: linux insmod bug/security vulnerability Howdy all, Recently I discovered a bug in insmod that would require a lot of time and luck to exploit, but is nonetheless important for systems wanting rock-solid...