PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation

Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13,...

Security update for postgresql17

This update for postgresql17 fixes the following issues: Upgrade to 17.5: CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation bsc1242931 Changelog: https://www.postgresql.org/docs/release/17.5/ Patch Instructions: To...

Security update for postgresql13

This update for postgresql13 fixes the following issues: Upgrade to 13.21: CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation bsc1242931 Changelog: https://www.postgresql.org/docs/release/13.21/ Patch Instructions: T...

Security update for postgresql14

This update for postgresql14 fixes the following issues: Upgrade to 14.18: CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation bsc1242931 Patch Instructions: To install this SUSE update use the SUSE recommended...

Cloudflare Public Bug Bounty: 💥💥Crash report -Cloudflare WARP doesn't verify text length in "Excluded Host" name input data💥💥

Vulnerability description not provided...

Important: thunderbird

Issue Overview: crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are...

CVE-2021-38497

Through use of reportValidity and window.open, a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox 93, Thunderbird 91.2, and Firefox ESR 91.2...

CVE-2021-38497

Through use of reportValidity and window.open, a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox 93, Thunderbird 91.2, and Firefox ESR 91.2...

CVE-2021-38497

Through use of reportValidity and window.open, a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox 93, Thunderbird 91.2, and Firefox ESR 91.2...

Mozilla Firefox Access Control Error Vulnerability (CNVD-2021-90094)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S. An access control error vulnerability exists in Mozilla Firefox. The vulnerability stems from the fact that plain text validation messages may be overwritten on another source through the use of the reportValidi...

Spoofing Attacks

Through use of reportValidity and window.open, a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks...

CVE-2021-38497

Through use of reportValidity and window.open, a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox 93, Thunderbird 91.2, and Firefox ESR 91.2...

The vulnerability of the Apache Struts software platform, which allows attackers to carry out XSS attacks

The vulnerability of the Apache Struts software platform exists due to the lack of text validation in the Locale object, which is constructed using I18NInterceptor. Exploiting this vulnerability allows a malicious actor to perform XSS attacks remotely...