867 matches found
CVE-2025-66511 Nextcloud Calendar app used predictable proposal participant tokens
Nextcloud Calendar is a calendar app for Nextcloud. Prior to 6.0.3, the Calendar app generates participant tokens for meeting proposals using a hash function, allowing an attacker to compute valid participant tokens, which allowed them to request details and submit dates in meeting proposals. The...
CVE-2025-66511
The CVE-2025-66511 issue affects Nextcloud Calendar prior to version 6.0.3. It stems from insecure generation of meeting proposal participant tokens (not purely random; based on a hash function), which enables an attacker to compute valid tokens and abuse them to view details and submit dates in ...
PT-2025-49266
Nextcloud Calendar is a calendar app for Nextcloud. Prior to 6.0.3, the Calendar app generates participant tokens for meeting proposals using a hash function, allowing an attacker to compute valid participant tokens, which allowed them to request details and submit dates in meeting proposals. The...
libsoup: Out-of-Bounds Read in Cookie Date Handling of libsoup HTTP Library
A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw could result in...
libsoup: Out-of-Bounds Read in Cookie Date Handling of libsoup HTTP Library
A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw could result in...
libsoup: Out-of-Bounds Read in Cookie Date Handling of libsoup HTTP Library
A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw could result in...
libsoup: Out-of-Bounds Read in Cookie Date Handling of libsoup HTTP Library
A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw could result in...
Malicious Package
Overview SqlDbRepository is a malicious package. This package contains malicious code that injects time-delayed destructive payloads into database operations and target industrial control systems. Published under the NuGet alias shanhai666 together with 8 other malicious packages between 2023 and...
Hidden Logic Bombs in Malware-Laced NuGet Packages Set to Detonate Years After Installation
A set of nine malicious NuGet packages has been identified as capable of dropping time-delayed payloads to sabotage database operations and corrupt industrial control systems. According to software supply chain security company Socket, the packages were published in 2023 and 2024 by a user named...
Oracle Linux 10 : libsoup3 (ELSA-2025-19720)
The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-19720 advisory. - Revert 'Fix handling of invalid dates in cookie expires attribute CVE-2025-11021' - Fix handling of invalid dates in cookie expires attribute CVE-2025-11021...
libsoup: Out-of-Bounds Read in Cookie Date Handling of libsoup HTTP Library
A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw could result in...
Security update for libsoup
This update for libsoup fixes the following issues: CVE-2025-11021: Ignore invalid date when processing cookies to prevent out-of-bounds read bsc1250562. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
SUSE-SU-2025:20937-1 Security update for libsoup
This update for libsoup fixes the following issues: - CVE-2025-11021: Ignore invalid date when processing cookies to prevent out-of-bounds read bsc1250562...
CVE-2025-25252
creationtimestamp| type| source ---|---|--- 2025-11-03 08:54:03+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/58082 2025-11-22 10:11:00+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/60472...
Security update for libsoup
This update for libsoup fixes the following issues: CVE-2025-11021: Ignore invalid date when processing cookies to prevent out-of-bounds read bsc1250562. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
SUSE SLES15 Security Update : libsoup (SUSE-SU-2025:3752-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:3752-1 advisory. - CVE-2025-11021: Ignored invalid date when processing cookies to prevent out-of-bounds read bsc1250562. Tenable has extracted the preceding...
Security update for libsoup
This update for libsoup fixes the following issues: CVE-2025-11021: Ignored invalid date when processing cookies to prevent out-of-bounds read bsc1250562. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for libsoup
This update for libsoup fixes the following issues: CVE-2025-11021: Ignored invalid date when processing cookies to prevent out-of-bounds read bsc1250562. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
SUSE-SU-2025:3752-1 Security update for libsoup
This update for libsoup fixes the following issues: - CVE-2025-11021: Ignored invalid date when processing cookies to prevent out-of-bounds read bsc1250562...
PT-2025-43454
In multiple locations, there is a possible background activity launch due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...