6 matches found
Updated golang packages fix security vulnerabilities
Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509. CVE-2025-61727 Excessive resource consumption when printing error string for host certificate validation in crypto/x509. CVE-2025-61729...
Excessive resource consumption when printing error string for host certificate validation in crypto/x509
...
kernel: wifi: iwlwifi: limit printed string from FW file
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: limit printed string from FW file There's no guarantee here that the file is always with a NUL-termination, so reading the string may read beyond the end of the TLV. If that's the last TLV in the file, it can perha...
UBUNTU-CVE-2025-21905
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: limit printed string from FW file There's no guarantee here that the file is always with a NUL-termination, so reading the string may read beyond the end of the TLV. If that's the last TLV in the file, it can perha...
USN-2914-1 openssl vulnerabilities
Yuval Yarom, Daniel Genkin, and Nadia Heninger discovered that OpenSSL was vulnerable to a side-channel attack on modular exponentiation. On certain CPUs, a local attacker could possibly use this issue to recover RSA keys. This flaw is known as CacheBleed. CVE-2016-0702 Adam Langley discovered th...
Vimeo: Application XSS filter function Bypass may allow Multiple stored XSS
Hi, As i analysed the application behavior and the security structure, i found out that the application is using "Greedy XSS Regex filter" against XSS and removes any the whole string from ''. So i tried some basic bypass which allowed me to insert tags and other characters into the string. Here ...