1462 matches found
CVE-2026-28815
A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, potentially causing a crash or memory disclosure depending on runtime protections. This issue is fixed in swift-crypto version 4.3.1...
CVE-2026-28815
CVE-2026-28815 concerns Swift Crypto’s X-Wing HPKE decapsulation path. The issue arises when an attacker-supplied encapsulatedKey is shorter than the required 1120 bytes; the implementation forwards the data to a C API without runtime length validation, enabling an out-of-bounds read in the decap...
CVE-2026-28815
A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, potentially causing a crash or memory disclosure depending on runtime protections. This issue is fixed in swift-crypto version 4.3.1...
PT-2026-29972
A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, potentially causing a crash or memory disclosure depending on runtime protections. This issue is fixed in swift-crypto version 4.3.1...
Swift Crypto 安全漏洞
Swift Crypto is an open-source cross-platform encryption library developed by Apple. Versions of Swift Crypto prior to 4.3.1 contained a security vulnerability. This vulnerability was caused by remote attackers who could provide short X-Wing HPKE encapsulation keys and trigger out-of-bound reads ...
XNUTest
xnutesting Research & Education Only — Proof-of-concept...
Improper Cleanup on Thrown Exception
Overview Affected versions of this package are vulnerable to Improper Cleanup on Thrown Exception when cleaning up tmp files. Temporary storage can be exhausted during the scanning process by an attacker providing large or highly compressed artifacts, leading to the accumulation of temporary file...
Exploit for CVE-2025-70342
CVE-2025-70342: Credential Interception via Named Pipe in eras...
leafkit 安全漏洞
Leafkit is an open-source application developed by Vapor. It uses Swift to create modular server-side software. Versions of Leafkit prior to 1.4.1 contained security vulnerabilities. These vulnerabilities stemmed from the fact that htmlEscaped only matched extended character clusters, which could...
GHSA-4HFH-FCH3-5Q7P Leaf-kit html escaping does not work on characters that are part of extended grapheme cluster
Summary htmlEscaped in leaf-kit will only escape html special characters if the extended grapheme clusters match, which allows bypassing escaping by using an extended grapheme cluster containing both the special html character and some additional characters. In the case of html attributes, this c...
Supply Chain Insecurity: Exposing Vulnerabilities in IOS Dependency Management Systems
Dependency management systems are a critical component in software development, enabling projects to incorporate existing functionality efficiently. However, misconfigurations and malicious actors in these systems pose severe security risks, leading to supply chain attacks. Despite the widespread...
[SECURITY] Fedora 42 Update: rclone-1.72.1-1.fc42
"rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Driv e, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files...
[SECURITY] Fedora 43 Update: rclone-1.72.1-1.fc43
"rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Driv e, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files...
Swift W3C TraceContext vulnerable to a malformed HTTP header causing a crash
Impact A denial-of-service vulnerability due to improper input validation allows a remote attacker to crash the service via a malformed HTTP header. Allows crashing the process with data coming from the network when used with, for example, an HTTP server. Most common way of using Swift W3C Trace...
Allocation of Resources Without Limits or Throttling
Overview swift-otel/swift-w3c-trace-context is a Micro-library exposing the W3C Trace-Context as a Swift struct Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper input validation. An attacker can cause a crash of the service b...
GHSA-MVPQ-2V8X-WW6G Swift W3C TraceContext vulnerable to a malformed HTTP header causing a crash
Impact A denial-of-service vulnerability due to improper input validation allows a remote attacker to crash the service via a malformed HTTP header. Allows crashing the process with data coming from the network when used with, for example, an HTTP server. Most common way of using Swift W3C Trace...
Swift W3C TraceContext vulnerable to a malformed HTTP header causing a crash
A denial-of-service vulnerability due to improper input validation allows a remote attacker to crash the service via a malformed HTTP header. Allows crashing the process with data coming from the network when used with, for example, an HTTP server. Most common way of using Swift W3C Trace Context...
Swift W3C TraceContext vulnerable to a malformed HTTP header causing a crash
A denial-of-service vulnerability due to improper input validation allows a remote attacker to crash the service via a malformed HTTP header. Allows crashing the process with data coming from the network when used with, for example, an HTTP server. Most common way of using Swift W3C Trace Context...
CVE-2026-23886
Swift W3C TraceContext is a Swift implementation of the W3C Trace Context standard, and Swift OTel is an OpenTelemetry Protocol OTLP backend for Swift Log, Swift Metrics, and Swift Distributed Tracing. Prior to Swift W3C TraceContext version 1.0.0-beta.5 and Swift OTel version 1.0.4, a...
CVE-2026-23886
Swift W3C TraceContext is a Swift implementation of the W3C Trace Context standard, and Swift OTel is an OpenTelemetry Protocol OTLP backend for Swift Log, Swift Metrics, and Swift Distributed Tracing. Prior to Swift W3C TraceContext version 1.0.0-beta.5 and Swift OTel version 1.0.4, a...