CVE-2025-14551

In Ubuntu, Subiquity version 24.04.4 is described across multiple sources as capable of leaking sensitive user credentials (e.g., plaintext Wi‑Fi passwords) into crash-report logs when a bug report is submitted to Launchpad during installation failures. The issue affects the Subiquity installer o...

CVE-2025-15480

In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, ubuntu-desktop-provision could include the user's password hash in the attached logs...

Minor update (5) for Vivaldi Desktop Browser 7.7

Download Vivaldi The following improvements were made since the fourth 7.7 minor update: Upgraded to 142.0.7444.237 ESR Incl. CVE-2025-14174 CrashAd Blocker API cleanup VB-122877 CrashBookmarks Observer list cleanup VB-122145 CrashmacOS Accessing tabs after they have been hibernated VB-109565...

Canonical apport 安全漏洞

Canonical apport is an open source crash reporting tool from Canonical. A security vulnerability exists in Canonical apport that stems from improper group ownership settings when the crash reporting tool creates crash files, which could lead to the disclosure of crash information...

[SECURITY] Fedora 41 Update: abrt-2.17.8-1.fc41

abrt is a tool to help users to detect defects in applications and to create a bug report with all information needed by maintainer to fix it. It uses plugin system to extend its functionality...

EUVD-2015-1970

Malware in sbrugna...

EUVD-2017-6857

Malware in sbrugna...

EUVD-2020-27943

Malware in sbrugna...

New Linux Vulnerabilities

They're interesting: Tracked as CVE-2025-5054 and CVE-2025-4598, both vulnerabilities are race condition bugs that could enable a local attacker to obtain access to access sensitive information. Tools like Apport and systemd-coredump are designed to handle crash reporting and core dumps in Linux...

Linux Crash Reporting Flaws (CVE-2025-5054, 4598) Expose Password Hashes

Qualys details CVE-2025-5054 and CVE-2025-4598, critical vulnerabilities affecting Linux crash reporting tools like Apport and systemd-coredump. Learn how…...

CVE-2023-28117

Sentry SDK is the official Python SDK for Sentry, real-time crash reporting software. When using the Django integration of versions prior to 1.14.0 of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitiv...

openSUSE 15 Security Update : chromium (openSUSE-SU-2023:0068-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0068-1 advisory. - Use after free in Swiftshader in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a...

Chromium: CVE-2023-1217 Stack buffer overflow in Crash reporting

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Google Chrome Crash reporting component buffer overflow vulnerability

Google Chrome is a web browser from Google, Inc. A buffer overflow vulnerability exists in versions prior to Google Chrome 111.0.5563.64, which stems from a boundary error in the Crash reporting component when handling untrusted input. A remote attacker could exploit this vulnerability to obtain...

KLA48544 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, gain privileges, spoof user interface, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Policy enforcement...

Google Chrome Security Updates (stable-channel-update-for-desktop-2023-03) - Linux

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

DEBIAN-CVE-2023-1217

Stack buffer overflow in Crash reporting in Google Chrome on Windows prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

CVE-2023-1217

Stack buffer overflow in Crash reporting in Google Chrome on Windows prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser from Google, Inc. A buffer overflow vulnerability exists in versions prior to Google Chrome 111.0.5563.64, which stems from a boundary error in the Crash reporting component when handling untrusted input. A remote attacker could exploit this vulnerability to obtain...

SUSE CVE-2017-10708

An issue was discovered in Apport through 2.20.x. In apport/report.py, Apport sets the ExecutablePath field and it then uses the path to run package specific hooks without protecting against path traversal. This allows remote attackers to execute arbitrary code via a crafted .crash file...