357 matches found
Mozilla Thunderbird: Multiple Vulnerabilities
Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...
Duplicate Advisory: @cloudflare/workers-oauth-provider missing validation of redirect_uri on authorize endpoint
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4pc9-x2fx-p7vj. This link is maintained to preserve external references. Original Description The OAuth implementation in workers-oauth-provider that is part of MCP framework...
PT-2025-17931 · Unknown · Filez Client
Name of the Vulnerable Software and Affected Versions: FileZ client affected versions not specified Description: An improper XML parsing issue was reported in the FileZ client, which could allow arbitrary file reads on the system if a crafted URL is visited by a local user. Recommendations: At th...
CVE-2025-21844
CVE-2025-21844 affects the Linux kernel SMB client path. The vulnerability could allow a NULL pointer dereference in the receive_encrypted_standard() path due to missing checks, which could crash the kernel. The fix adds checks for the next_buffer in receive_encrypted_standard() and validates the...
FreeBSD-SA-25:05.openssh
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-25:05.openssh Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities in OpenSSH Category: contrib Module: openssh Announced: 2025-02-21 Credits:...
RHEL 8 : libpq (RHSA-2025:1737)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1737 advisory. The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers. Security Fixes: postgresql:...
Debian dsa-5868 : openssh-client - security update
The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5868 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5868-1 [email protected] https://www.debian.org/security/...
K000139656: BIG-IP APM endpoint inspection vulnerability CVE-2025-23415
Security Advisory Description A missing integrity check vulnerability exists in BIG-IP APM access policy endpoint inspection that may allow an attacker to bypass endpoint inspection checks for VPN connections initiated through the BIG-IP APM browser network access VPN client for Windows, macOS, a...
MGASA-2025-0013 Updated openafs packages fix security vulnerabilities
A local user can bypass the OpenAFS PAG Process Authentication Group throttling mechanism in Unix client. CVE-2024-10394 An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash. CVE-2024-10396 A malicious server can crash the OpenAFS cac...
CVE-2025-22149 JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh
JWK Set JSON Web Key Set is a JWK and JWK Set Go implementation. Prior to 0.6.0, the project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use...
CVE-2024-47193
WithSecure Elements Agent for Mac before 24.3, MDR before 24.3, and Elements Client Security for Mac before 16.10 allow a remote Denial of Service...
PT-2024-32473 · Withsecure · Elements Client Security For Mac +2
Name of the Vulnerable Software and Affected Versions: WithSecure Elements Agent for Mac versions prior to 24.3 MDR versions prior to 24.3 Elements Client Security for Mac versions prior to 16.10 Description: The issue allows a remote Denial of Service. Recommendations: For WithSecure Elements...
CVE-2024-47193
WithSecure Elements Agent for Mac before 24.3, MDR before 24.3, and Elements Client Security for Mac before 16.10 allow a remote Denial of Service...
CVE-2024-47193
Affected software: WithSecure Elements Agent for Mac (before 24.3), WithSecure MDR (before 24.3), and Elements Client Security for Mac (before 16.10). Issue: remote Denial of Service caused by a condition in these products. Root cause is not explicitly stated in the provided documents. Impact: av...
CVE-2024-10977
CVE-2024-10977 affects PostgreSQL libpq by allowing a server to send an error message that, when the client is not trusting SSL/GSS settings, can reveal arbitrary non-NUL bytes to the client (e.g., psql). Affected products/versions include PostgreSQL before the fixed point: 17.1 and older branche...
Xen 安全漏洞
Xen is an open source virtual machine monitor product from Xen Open Source. The product enables different and incompatible operating systems to run on the same computer and supports migration at runtime to ensure uptime and avoid downtime. A security vulnerability exists in versions of Xen prior ...
RHSA-2008:0264 Red Hat Security Advisory: Red Hat Network Satellite Server Solaris client security update
Bulletin has no description...
CVE-2024-27357
An issue was discovered in WithSecure Elements Agent through 23.x for macOS, WithSecure Elements Client Security through 23.x for macOS, and WithSecure MDR through 23.x for macOS. Local Privilege Escalation can occur during installations or updates by admins...
PT-2024-21845 · Withsecure · Withsecure Mdr +2
Name of the Vulnerable Software and Affected Versions: WithSecure Elements Agent versions through 23.x WithSecure Elements Client Security versions through 23.x WithSecure MDR versions through 23.x Description: An issue allows Local Privilege Escalation to occur during installations or updates by...
CVE-2024-27357
An issue was discovered in WithSecure Elements Agent through 23.x for macOS, WithSecure Elements Client Security through 23.x for macOS, and WithSecure MDR through 23.x for macOS. Local Privilege Escalation can occur during installations or updates by admins...