6583 matches found
Roundcube Webmail -- Multiple vulnerabilities
The Roundcube Webmail project reports: See link for details. No CVE numbers available at the moment...
Gitlab -- vulnerabilities
Gitlab reports: Cross-site Scripting issue in Analytics dashboard chart rendering impacts GitLab EE Cross-site Scripting issue in global search impacts GitLab CE/EE Cross-site Scripting issue in Duo Agent output rendering impacts GitLab EE Cross-site Scripting issue in Analytics Dashboard impacts...
chromium -- security fixes
Chrome Releases reports: This update includes multiple security fixes: Critical: CVE-2026-5858: Heap buffer overflow in WebML. CVE-2026-5859: Integer overflow in WebML. High: CVE-2026-5860: Use after free in WebRTC. CVE-2026-5861: Use after free in V8. CVE-2026-5862: Inappropriate implementation ...
mod_http2 -- Multiple vulnerabilities
The modhttp2 project reports: a client can increase memory consumption for a HTTP/2 connection via repeated request header names,leading to denial of service certain proxy configurations whith modproxyhttp2 as the backend, an assertion can be triggered by certain requests, leading to denial of...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 4 security fixes: 415810136 High CVE-2025-4664: Insufficient policy enforcement in Loader. Source: X post from @slonser on 2025-05-05 412578726 High CVE-2025-4609: Incorrect handle provided in unspecified circumstances in Mojo. Reported by Micky on...
electron{33,34} -- Incorrect handle provided in unspecified circumstances in Mojo
Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2025-2783...
cacti -- Multiple vulnerabilities
Cacti repo reports: security GHSA-c5j8-jxj3-hh36: Authenticated RCE via multi-line SNMP responses security GHSA-f9c7-7rc3-574c: SQL Injection vulnerability when using tree rules through Automation API security GHSA-fh3x-69rr-qqpp: SQL Injection vulnerability when request automation devices securi...
gstreamer1-plugins-jpeg -- NULL-pointer dereferences in JPEG decoder
The GStreamer Security Center reports: Insufficient error handling in the JPEG decoder that can lead to NULL-pointer dereferences, and that can cause crashes for certain input files...
gstreamer1-plugins -- multiple vulnerabilities
The GStreamer Security Center reports: 3 security bugs. CVE-2024-47542: ID3v2 parser out-of-bounds read and NULL-pointer dereference CVE-2024-47600: Out-of-bounds read in gst-discoverer-1.0 commandline tool CVE-2024-47541: Out-of-bounds write in SSA subtitle parser...
gstreamer1-plugins-good -- multiple vulnerabilities
The GStreamer Security Center reports: 20 security bugs. CVE-2024-47537: Integer overflow in MP4/MOV sample table parser leading to out-of-bounds writes CVE-2024-47598: MP4/MOV sample table parser out-of-bounds read CVE-2024-47539: MP4/MOV Closed Caption handling out-of-bounds write CVE-2024-4754...
gstreamer1-rtsp-server -- Potential Denial-of-Service (DoS) with specially crafted client requests
Qingpeng Du reports: A series of specially crafted client requests during streaming setup post client authentication, if any can cause the RTSP server library to abort, if it has been compiled with assertions enabled...
qt5-webengine -- Multiple vulnerabilities
Backports for 15 security bugs in Chromium: CVE-2024-4761: Out of bounds write in V8 CVE-2024-5158: Type confusion in V8 CVE-2024-7532: Out of bounds memory access in ANGLE CVE-2024-7965: Inappropriate implementation in V8 CVE-2024-7967: Heap buffer overflow in Fonts CVE-2024-7971: Type confusion...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 6 security fixes: 344608204 High CVE-2024-6100: Type Confusion in V8. Reported by Seunghyun Lee @0x10n participating in SSD Secure Disclosure's TyphoonPWN 2024 on 2024-06-04 343748812 High CVE-2024-6101: Inappropriate implementation in WebAssembly...
mozilla firefox -- protocol information guessing
[email protected] reports: By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12...
traefik -- Unexpected behavior with IPv4-mapped IPv6 addresses
The traefik authors report: There is a vulnerability in Go managing various Is methods IsPrivate, IsLoopback, etc for IPv4-mapped IPv6 addresses. They didn't work as expected returning false for addresses which would return true in their traditional IPv4 forms...
minio -- unintentional information disclosure
Minio security advisory GHSA-95fr-cm4m-q5p9 reports: when used with anonymous requests by sending a random object name requests you can figure out if the object exists or not on the server on a specific bucket and also gain access to some amount of information...
python -- several vulnerabilities
Hugo van Kemenade reports: Python 3.14.2 and 3.13.11 are now available ... and come with some bonus security fixes. gh-142145: Remove quadratic behavior in node ID cache clearing CVE-2025-12084 gh-119451: Fix a potential denial of service in http.client only in 3.13; CVE-2025-13836 gh-119452: Fix...
cyrus-imapd -- unbounded memory allocation
Cyrus IMAP 3.8.3 Release Notes states: Fixed CVE-2024-34055: Cyrus-IMAP through 3.8.2 and 3.10.0-beta2 allow authenticated attackers to cause unbounded memory allocation by sending many LITERALs in a single command. The IMAP protocol allows for command arguments to be LITERALs of negotiated lengt...
electron{27,28} -- Out of bounds memory access in V8
Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2024-2173...
openexr -- Heap Overflow in Scanline Deep Data Parsing
Austin Hackers Anonymous report: Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEXR image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. ... it is...
libcue -- out-of-bounds array access
The libcue team reports: There is a vulnerability to out-of-bounds array access...
Privilege Escalation from technician to super-admin in GLPI
[email protected] reports: GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A user with write access to another user can make requests to chan...
Users login enumeration by unauthenticated user in GLPI
[email protected] reports: GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An unauthenticated user can enumerate users logins. Users are...
FreeBSD -- Network authentication attack via pam_krb5
Problem Description: The problem detailed in FreeBSD-SA-23:04.pamkrb5 persisted following the patch for that advisory. Impact: The impact described in FreeBSD-SA-23:04.pamkrb5 persists...
jenkins -- Stored XSS vulnerability
Jenkins Security Advisory: Description High SECURITY-3188 / CVE-2023-39151 Stored XSS vulnerability...
libsndfile_project -- Integer overflow in dataend calculation
[email protected] reports: Multiple signed integers overflow in function aureadheader in src/au.c and in functions mat4open and mat4readheader in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified impacts...
virtualbox-ose -- multiple vulnerabilities
[email protected] reports: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure...
GLPI vulnerable to SQL injection via inventory agent request
[email protected] reports: GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.8, GLPI inventory endpoint can be used to drive a SQL injection attack. By default, GLPI inventory endpoint requires no authentication. Version...
h2o -- Malformed HTTP/1.1 causes Out-of-Memory Denial of Service
Elijah Glover reports: Malformed HTTP/1.1 requests can crash worker processes. occasionally locking up child workers and causing denial of service, and an outage dropping any open connections...
FreeBSD -- GELI silently omits the keyfile if read from stdin
Problem Description: When GELI reads a key file from a standard input, it doesn't store it anywhere. If the user tries to initialize multiple providers at once, for the second and subsequent devices the standard input stream will be already empty. In this case, GELI silently uses a NULL key as th...
Grafana -- Privilege escalation
Grafana Labs reports: Grafana admins can invite other members to the organization they are an admin for. When admins add members to the organization, non existing users get an email invite, existing members are added directly to the organization. When an invite link is sent, it allows users to si...
FreeBSD -- AIO credential reference count leak
Problem Description: The aioaqueue function, used by the liolistio system call, fails to release a reference to a credential in an error case. Impact: An attacker may cause the reference count to overflow, leading to a use after free UAF...
rainloop -- cross-site-scripting (XSS) vulnerability
Simon Scannell reports: The code vulnerability can be easily exploited by an attacker by sending a malicious email to a victim that uses RainLoop as a mail client. When the email is viewed by the victim, the attacker gains full control over the session of the victim and can steal any of their...
typo3 -- XSS vulnerability in svg-sanitize
The TYPO3 project reports: The SVG sanitizer library enshrined/svg-sanitize before version 0.15.0 did not remove HTML elements wrapped in a CDATA section. As a result, SVG content embedded in HTML fetched as text/html was susceptible to cross-site scripting. Plain SVG files fetched as image/svg+x...
ipython -- Execution with Unnecessary Privileges
IPython project reports: IPython 8.0.1, 7.31.1 and 5.11 are security releases that change some default values in order to prevent potential Execution with Unnecessary Privileges...
uriparser -- Multiple vulnerabilities
Upstream project reports: Fix a bug affecting both uriNormalizeSyntax and uriMakeOwner functions where the text range in .hostText would not be duped using malloc but remain unchanged and hence "not owned" for URIs with an IPv4 or IPv6 address hostname; depending on how an application uses...
py39-rencode -- infinite loop that could lead to Denial of Service
NIST reports: The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding such as via ;\x2f\x7f, enabling a remote attack that consumes CPU and memory...
Pillow -- Regular Expression Denial of Service (ReDoS)
GitHub Advisory Database reports: Uncontrolled Resource Consumption in pillow. The package pillow from 0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service ReDoS via the getrgb function. References: https://nvd.nist.gov/vuln/detail/CVE-2021-23437...
minio -- MITM attack
minio developer report: This is a security issue because it enables MITM modification of request bodies that are meant to have integrity guaranteed by chunk signatures. In a PUT request using aws-chunked encoding, MinIO ordinarily verifies signatures at the end of a chunk. This check can be skipp...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Improper Certificate Validation for Fortinet OTP Denial of Service Attack on gitlab-shell Resource exhaustion due to pending jobs Confidential issue titles were exposed Improper access control allowed demoted project members to access authored merge requests Improper access contro...
asterisk -- Remote crash possible when negotiating T.38
The Asterisk project reports: When re-negotiating for T.38 if the initial remote response was delayed just enough Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream then Asterisk would crash...
gitea -- multiple vulnerabilities
The Gitea Team reports for release 1.13.2: Prevent panic on fuzzer provided string Add secure/httpOnly attributes to the lang cookie...
nomad -- multiple vulnerabilities
The HashiCorp team reports: artifact: Fixed a bug where interpolation can be used in the artifact destination field to write artifact payloads outside the allocation directory. template: Fixed a bug where interpolation can be used in the template source and destination fields to read or write fil...
Okular -- Local binary execution via action links
Albert Astals Cid: Okular can be tricked into executing local binaries via specially crafted PDF files. This binary execution can require almost no user interaction. No parameters can be passed to those local binaries. We have not been able to identify any binary that will cause actual damage, be...
Gitlab -- Vulnerability
Gitlab reports: Email Confirmation not Required on Sign-up...
FreeBSD -- kernel stack data disclosure
Problem Description: Due to incorrect initialization of a stack data structure, up to 20 bytes of kernel data stored previously stored on the stack will be exposed to a crashing user process. Impact: Sensitive kernel data may be disclosed...
FreeBSD -- Insufficient cryptodev MAC key length check
Problem Description: Requests to create cryptography sessions using a MAC did not validate the user-supplied MAC key length. The cryptodev module allocates a buffer whose size is this user-suppled length. Impact: An unprivileged process can trigger a kernel panic...
libntlm -- buffer overflow vulnerability
NVD reports: Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request...
libgcrypt -- ECDSA timing attack
GnuPG reports: Mitigate an ECDSA timing attack...
CUPS -- multiple vulnerabilities
Apple reports: CVE-2019-8696 and CVE-2019-8675: SNMP buffer overflows. IPP buffer overflow. Memory disclosure in the scheduler. DoS issues in the scheduler...