K000156725: Multiple ImageMagick vulnerabilities

Security Advisory Description CVE-2020-25663 A call to ConformPixelInfo in the SetImageAlphaChannel routine of /MagickCore/channel.c caused a subsequent heap-use-after-free or heap-buffer-overflow READ when GetPixelRed or GetPixelBlue was called. This could occur if an attacker is able to submit ...

K000156721: Multiple ImageMagick vulnerabilities

Security Advisory Description CVE-2020-27752 A flaw was found in ImageMagick in MagickCore/quantum-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger a heap buffer overflow. This would most likely lead to an impact to application availability, but cou...

K000156693: Multiple ImageMagick vulnerabilities

Security Advisory Description CVE-2016-7101 The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service out-of-bounds read via a large row value in an sgi file. CVE-2016-7513 Off-by-one error in magick/cache.c in ImageMagick allows remote attackers to cause a...

GO-2025-3938 Coder vulnerable to privilege escalation could lead to a cross workspace compromise in github.com/coder/coder

Coder vulnerable to privilege escalation could lead to a cross workspace compromise in github.com/coder/coder...

GO-2025-3921 Coder accepts an APIKey beyond the linked OIDC expiry if there is no refresh token in github.com/coder/coder

Coder accepts an APIKey beyond the linked OIDC expiry if there is no refresh token in github.com/coder/coder...

CVE-2025-58437

Coder allows organizations to provision remote development environments via Terraform. In versions 2.22.0 through 2.24.3, 2.25.0 and 2.25.1, Coder can be compromised through insecure session handling in prebuilt workspaces. Coder automatically generates a session token for a user when a workspace...

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration via insecure session handling in prebuilt workspaces. An attacker can gain unauthorized access to other users' workspaces by reusing unexpired session tokens exposed through...

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration via insecure session handling in prebuilt workspaces. An attacker can gain unauthorized access to other users' workspaces by reusing unexpired session tokens exposed through...

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration via insecure session handling in prebuilt workspaces. An attacker can gain unauthorized access to other users' workspaces by reusing unexpired session tokens exposed through...

CVE-2025-58437 Coder's privilege escalation vulnerability could lead to a cross workspace compromise

Coder allows organizations to provision remote development environments via Terraform. In versions 2.22.0 through 2.24.3, 2.25.0 and 2.25.1, Coder can be compromised through insecure session handling in prebuilt workspaces. Coder automatically generates a session token for a user when a workspace...

CVE-2025-58437

Coder versions 2.22.0–2.24.3, 2.25.0–2.25.1 are affected by insecure session handling in prebuilt workspaces, exposing a session token via coder_workspace_owner.session_token. In prebuilt workspaces, the prebuilds system user initially owns the workspace; when a workspace is claimed, a new sessio...

Coder 代码问题漏洞

Coder is an application from Coder Inc. that allows for the setup of development environments in public or private cloud infrastructures. A code issue vulnerability exists in Coder versions 2.24.3 and earlier and 2.25.0 through 2.25.1, which stems from mishandling of sessions and could lead to...

GHSA-J6XF-JWRJ-V5QP Coder vulnerable to privilege escalation could lead to a cross workspace compromise

Summary Insecure session handling opened room for a privilege escalation scenario in which prebuilt workspaces could be compromised by abusing a shared system identity. Details Coder automatically generates a session token for a user when a workspace is started. It is automatically exposed via...

Malicious code in @zalastax/nolb-coder (npm)

The package @zalastax/nolb-coder was found to contain malicious code...

MAL-2025-43168 Malicious code in @zalastax/nolb-coder (npm)

The package @zalastax/nolb-coder was found to contain malicious code...

PT-2025-36355

Name of the Vulnerable Software and Affected Versions Coder versions 2.22.0 through 2.24.3 Coder versions 2.25.0 and 2.25.1 Description Coder allows organizations to provision remote development environments via Terraform. In affected versions, Coder can be compromised through insecure session...

PT-2025-36626

Summary Insecure session handling opened room for a privilege escalation scenario in which prebuilt workspaces could be compromised by abusing a shared system identity. Details Coder automatically generates a session token for a user when a workspace is started. It is automatically exposed via...

Linux Distros Unpatched Vulnerability : CVE-2018-19888

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An invalid memory address dereference was discovered in the huffcode function libfaac/huff2.c in Freeware Advanced Audio Coder FAAC 1.29.9.2. The vulnerability...

Use of a Key Past its Expiration Date

Overview Affected versions of this package are vulnerable to Use of a Key Past its Expiration Date due to improper enforcement of OIDC token expiry in the authentication process when no refresh token is provided. An attacker can maintain unauthorized access to the service by continuously using a...

Linux Distros Unpatched Vulnerability : CVE-2023-34151

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to sizet in svg, mvg and other coders recurring...