6578 matches found
Firefox -- Mitigation bypass
https://bugzilla.mozilla.org/showbug.cgi?id=1978453 reports: Mitigation bypass in the Web Compatibility: Tooling component...
Firefox -- Sandbox escape due to undefined behavior
https://bugzilla.mozilla.org/showbug.cgi?id=1986185 reports: Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component...
Mozilla -- Information disclosure
[email protected] reports: This vulnerability affects Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3...
Mozilla -- integer overflow
[email protected] reports: Integer overflow in the SVG component...
Mozilla -- Incorrect boundary conditions
[email protected] reports: The vulnerability has been assessed to have moderate impact on affected systems, potentially allowing attackers to exploit incorrect boundary conditions in the JavaScript Garbage Collection component. In Thunderbird specifically, these flaws cannot be exploited throu...
unit-java -- security vulnerability
F5 reports: When NGINX Unit with the Java Language Module is in use, undisclosed requests can lead to an infinite loop and cause an increase in CPU resource utilization...
CUPS -- multiple vulnerabilities
OpenPrinting reports: When the AuthType is set to anything but Basic, if the request contains an Authorization: Basic ... header, the password is not checked. An unsafe deserialization and validation of printer attributes, causes null dereference in libcups library...
cups -- security vulnerabilities
OpenPrinting reports: When the AuthType is set to anything but Basic, if the request contains an Authorization: Basic ... header, the password is not checked. An unsafe deserialization and validation of printer attributes, causes null dereference in libcups library...
Gitlab -- Vulnerabilities
Gitlab reports: Denial of Service issue in SAML Responses impacts GitLab CE/EE Server-Side Request Forgery issue in Webhook custom header impacts GitLab CE/EE Denial of Service issue in User-Controllable Fields impacts GitLab CE/EE Denial of Service issue in endpoint file upload impacts GitLab...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 2 security fixes: 440454442 Critical CVE-2025-10200: Use after free in Serviceworker. Reported by Looben Yang on 2025-08-22 439305148 High CVE-2025-10201: Inappropriate implementation in Mojo. Reported by Sahan Fernando & Anon on 2025-08-18...
mongodb -- MongoDB may be susceptible to Invariant Failure in Transactions due Upsert Operation
[email protected] reports: MongoDB Server may allow upsert operations retried within a transaction to violate unique index constraints, potentially causing an invariant failure and server crash during commit. This issue may be triggered by improper WriteUnitOfWork state management...
mongodb -- Malformed $group Query May Cause MongoDB Server to Crash
[email protected] reports: An authorized user can cause a crash in the MongoDB Server through a specially crafted $group query. This vulnerability is related to the incorrect handling of certain accumulator functions when additional parameters are specified within the $group operation. This...
mongodb -- MongoDB Server router will crash when incorrect lsid is set on a sharded query
[email protected] reports: An improper setting of the lsid field on any sharded query can cause a crash in MongoDB routers. This issue occurs when a generic argument lsid is provided in a case when it is not applicable...
Shibboleth Service Provider -- SQL injection vulnerability in ODBC plugin
Internet2 reports: The Shibboleth Service Provider includes a storage API usable for a number of different use cases such as the session cache, replay cache, and relay state management. An ODBC extension plugin is provided with some distributions of the software notably on Windows. A SQL injectio...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 6 security fixes: 434513380 High CVE-2025-9864: Use after free in V8. Reported by Pavel Kuzmin of Yandex Security Team on 2025-07-28 437147699 Medium CVE-2025-9865: Inappropriate implementation in Toolbar. Reported by Khalil Zhani on 2025-08-07...
Django -- multiple vulnerabilities
Django reports: CVE-2025-57833: Potential SQL injection in FilteredRelation column aliases...
exiv2 -- Out-of-bounds read in Exiv2::EpsImage::writeMetadata()
Kevin Backhouse reports: An out-of-bounds read was found in Exiv2 versions v0.28.5 and earlier. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The out-of-bounds read is triggered when Exiv2 is used to write metadata into ...
exiv2 -- Denial-of-service
Kevin Backhouse reports: A denial-of-service was found in Exiv2 version v0.28.5: a quadratic algorithm in the ICC profile parsing code in jpegBase::readMetadata can cause Exiv2 to run for a long time. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying th...
libudisks -- Udisks: out-of-bounds read in udisks daemon
[email protected] reports: A flaw was found in the Udisks daemon, where it allows unprivileged users to create loop devices using the D-BUS system. This is achieved via the loop device handler, which handles requests sent through the D-BUS interface. As two of the parameters of this handle, it...
PCRE2: heap-buffer-overflow read in match_ref due to missing boundary restoration in SCS
[email protected] reports: The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exists in the PCRE2 regular expression matching engine, specifically within the handling of the scs:...
Gitlab -- vulnerabilities
Gitlab reports: Allocation of Resources Without Limits issue in import function impacts GitLab CE/EE Missing authentication issue in GraphQL endpoint impacts GitLab CE/EE Allocation of Resources Without Limits issue in GraphQL impacts GitLab CE/EE Code injection issue in GitLab repositories impac...
ISC KEA -- kea-dhcp4 aborts if client sends a broadcast request with particular options
Internet Systems Consortium, Inc. reports: We corrected an issue in kea-dhcp4 that caused the server to abort if a client sent a broadcast request with particular options, and Kea failed to find an appropriate subnet for that client. This addresses CVE-2025-40779 4055, 4048...
Mozilla -- memory corruption in GMP
[email protected] reports: An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process...
Mozilla -- Denial-of-service due to out-of-memory
https://bugzilla.mozilla.org/showbug.cgi?id=1975837 reports: Denial-of-service due to out-of-memory in the Graphics: WebRender component...
Mozilla -- Same-origin policy bypass
[email protected] reports: 'Same-origin policy bypass in the Graphics: Canvas2D component.'...
Mozilla -- memory safety bugs
[email protected] reports: Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort som...
Mozilla -- DoS in WebRender
[email protected] reports: 'Denial-of-service due to out-of-memory in the Graphics: WebRender component.'...
Mozilla -- Uninitialized memory
[email protected] reports: Uninitialized memory in the JavaScript Engine component...
Mozilla -- Same-origin policy bypass in the Graphics: Canvas2D component
https://bugzilla.mozilla.org/showbug.cgi?id=1979782 reports: Same-origin policy bypass in the Graphics: Canvas2D component...
Mozilla -- memory safety bugs
[email protected] reports: Memory safety bugs present in Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...
Firefox -- Spoofing in the Address Bar
[email protected] reports: Spoofing issue in the Address Bar component...
nginx -- worker process memory disclosure
F5 reports: NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This...
www/varnish7 -- Denial of Service in HTTP/2
Varnish Development Team reports: A denial of service attack can be performed on Varnish Cache servers that have the HTTP/2 protocol turned on. An attacker can create a large number of streams and immediately reset them without ever reaching the maximum number of concurrent streams allowed for th...
Gitlab -- vulnerabilities
Gitlab reports: Cross-site scripting issue in blob viewer impacts GitLab CE/EE Cross-site scripting issue in labels impacts GitLab CE/EE Cross-site scripting issue in Workitem impacts GitLab CE/EE Improper Handling of Permissions issue in project API impacts GitLab CE/EE Incorrect Privilege...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 6 security fixes: 432035817 High CVE-2025-8879: Heap buffer overflow in libaom. Reported by Anonymous on 2025-07-15 433533359 High CVE-2025-8880: Race in V8. Reported by Seunghyun Lee @0x10n on 2025-07-23 435139154 High CVE-2025-8901: Out of bounds...
p5-Catalyst-Authentication-Credential-HTTP -- Insecure source of randomness
perl-catalyst project reports: Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. Data::UUID does not use a strong cryptographic source for generating UUIDs. Data::UUID returns v3 UUIDs, which are generated from known...
PostgreSQL -- vulnerabilities
PostgreSQL project reports: Tighten security checks in planner estimation functions. Prevent pgdump scripts from being used to attack the user running the restore. Convert newlines to spaces in names included in comments in pgdump output...
FreeBSD -- Integer overflow in libarchive leading to double free
Problem Description: An integer overflow in the archivereadformatrarseekdata function may lead to a double free problem. Impact: Exploiting a double free vulnerability can cause memory corruption. This in turn could enable a threat actor to execute arbitrary code. It might also result in denial o...
quiche -- Infinite loop triggered by connection ID retirement
Quiche Releases reports: This update includes 1 security fix: High CVE-2025-7054: Infinite loop triggered by connection ID retirement. Reported by Catena cyber on 2025-08-07...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 12 security fixes: 414760982 Medium CVE-2025-8576: Use after free in Extensions. Reported by asnine on 2025-04-30 384050903 Medium CVE-2025-8577: Inappropriate implementation in Picture In Picture. Reported by Umar Farooq on 2024-12-14 423387026 Mediu...
Vieb -- Remote Code Execution via Visiting Untrusted URLs
Zhengyu Liu, Jianjia Yu, Jelmer van Arnhem report: We discovered a remote code execution RCE vulnerability in the latest release of the Vieb browser v12.3.0. By luring a user to visit a malicious website, an attacker can achieve arbitrary code execution on the victim’s machine...
SQLite -- integer overflow in key info allocation
[email protected] reports: An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to execute arbitrary SQL statements to cause a denial of service or disclose sensitive information from process memory v...
gdk-pixbuf2 -- a heap buffer overflow
[email protected] reports: A flaw exists in gdk-pixbuf within the gdkpixbufjpegimageloadincrement function io-jpeg.c and in glib’s gbase64encodestep glib/gbase64.c. When processing maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding, allowing out-of-bounds reads...
Apache httpd -- evaluation always true
The Apache httpd project reports: 'RewriteCond expr' always evaluates to true in 2.4.64...
Gitlab -- vulnerabilities
Gitlab reports: Cross-site scripting issue impacts Kubernetes Proxy in GitLab CE/EE Cross-site scripting issue impacts Kubernetes Proxy in GitLab CE/EE using CDNs Exposure of Sensitive Information to an Unauthorized Actor issue impacts GitLab CE/EE Improper Access Control issue impacts GitLab EE...
viewvc -- Arbitrary server filesystem content
cmpilato reports: The ViewVC standalone web server standalone.py is a script provided in the ViewVC distribution for the purposes of quickly testing a ViewVC configuration. This script can in particular configurations expose the contents of the host server's filesystem though a directory...
Mozilla -- cookie shadowing
[email protected] reports: Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the Secure attribute...
Mozilla -- Insufficient input escaping
[email protected] reports: Insufficient escaping in the Copy as cURL feature could potentially be used to trick a user into executing unexpected code...
Mozilla -- Incorrect computation of branch address
[email protected] reports: On arm64, a WASM brtable instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address...
Mozilla -- Memory safety bugs
[email protected] reports: Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort som...