6578 matches found
Mozilla -- HTTP Basic Authentication credentials leak
[email protected] reports: The username:password part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials...
Mozilla -- Ignored paths while checking navigations
[email protected] reports: Thunderbird ignored paths when checking the validity of navigations in a frame...
Mozilla -- nullptr dereference
[email protected] reports: The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref...
Mozilla -- XSLT document CSP bypass
[email protected] reports: XSLT document loading did not correctly propagate the source document which bypassed its CSP...
Mozilla -- 'javascript:' URLs execution
[email protected] reports: Thunderbird executed javascript: URLs when used in object and embed tags...
Mozilla -- Memory safety bugs
[email protected] reports: Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...
Mozilla -- Persisted search terms in the URL bar
[email protected] reports: In some cases search terms persisted in the URL bar even after navigating away from the search page...
Mozilla -- CORS circumvention
[email protected] reports: Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding...
Mozilla -- IonMonkey-JIT bad stack write
[email protected] reports: On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits...
Mozilla -- Multiple vulnerabilities
[email protected] reports: Memory safety bugs present in Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Focus incorrectly truncated URLs towards the...
Mozilla -- Memory safety bugs
[email protected] reports: Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could hav...
powerdns-recursor -- cache pollution
PowerDNS Team reports: An attacker spoofing answers to ECS enabled requests sent out by the Recursor has a chance of success higher than non-ECS enabled queries. The updated version include various mitigations against spoofing attempts of ECS enabled queries by chaining ECS enabled requests and...
libwasmtime -- host panic with fd_renumber WASIp1 function
WasmTime development team reports: A bug in Wasmtime's implementation of the WASIp1 set of import functions can lead to a WebAssembly guest inducing a panic in the host embedder...
7-Zip -- Multi-byte write heap buffer overflow in NCompress::NRar5::CDecoder
[email protected] reports: 7-Zip is a file archiver with a high compression ratio. Zeroes written outside heap buffer in RAR5 handler may lead to memory corruption and denial of service in versions of 7-Zip prior to 25.0.0. Version 25.0.0 contains a fix for the issue...
goldendict -- dangerous method exposed
[email protected] reports: GoldenDict 1.5.0 and 1.5.1 has an exposed dangerous method that allows reading and modifying files when a user adds a crafted dictionary and then searches for any term included in that dictionary...
p5-Authen-SASL -- Insecure source of randomness
p5-Authen-SASL project reports: Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce client nonce is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and...
unbound -- Cache poisoning via the ECS-enabled Rebirthday Attack
[email protected] reports: A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet ECS. Unbound is also vulnerable when compiled with ECS support, i.e., '--enable-subnet', AND configured to send ECS information...
SQLite < 3.50.3 -- CWE-190 Integer Overflow or Wraparound in FTS5 module
https://github.com/google/security-research/security/advisories/GHSA-v2c8-vqqp-hv3g reports: An integer overflow exists in the FTS5 https://sqlite.org/fts5.html extension. It occurs when the size of an array of tombstone pointers is calculated and truncated into a 32-bit integer. A pointer to...
sqlite -- Integer Truncation on SQLite
[email protected] reports: There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue...
qt6-base -- DoS in QColorTransferGenericFunction
Andy Shaw reports: When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when passing a specifically crafted ICC profile to QColorSpace::fromICCProfile...
liboqs -- Secret-dependent branching in HQC
The OpenQuantumSafe project reports: Secret-dependent branching in HQC reference implementation when compiled with Clang 17-20 for optimizations above -O0...
Apache httpd -- Multiple vulnerabilities
The Apache httpd project reports: moderate: Apache HTTP Server: HTTP response splitting CVE-2024-42516 low: Apache HTTP Server: SSRF with modheaders setting Content-Type header CVE-2024-43204 moderate: Apache HTTP Server: SSRF on Windows due to UNC paths CVE-2024-43394 low: Apache HTTP Server:...
Apache Tomcat -- Multiple Vulnerabilities
[email protected] reports: A race condition on connection close could trigger a JVM crash when using the APR/Native connector leading to a DoS. This was particularly noticeable with client initiated closes of HTTP/2 connections. An uncontrolled resource consumption vulnerability if an HTTP/2...
mod_http2 -- Multiple vulnerabilities
The modhttp2 project reports: a client can increase memory consumption for a HTTP/2 connection via repeated request header names,leading to denial of service certain proxy configurations whith modproxyhttp2 as the backend, an assertion can be triggered by certain requests, leading to denial of...
Gitlab -- vulnerabilities
Gitlab reports: Cross-site scripting issue impacts GitLab CE/EE Improper authorization issue impacts GitLab CE/EE Improper authorization issue impacts GitLab EE Improper authorization issue impacts GitLab EE...
GnuTLS -- multiple vulnerabilities
Daiki Ueno reports: libgnutls: Fix heap read buffer overrun in parsing X.509 SCTS timestamps Spotted by oss-fuzz and reported by OpenAI Security Research Team, and fix developed by Andrew Hamilton. GNUTLS-SA-2025-07-07-1, CVSS: medium CVE-2025-32989 libgnutls: Fix double-free upon error when...
rubygem-resolv -- Possible denial of service
Manu reports: The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process...
mongodb -- Certain Queries May Cause MongoDB Server to Crash
[email protected] reports: An authorized user can issue queries with duplicate id fields, that leads to unexpected behavior in MongoDB Server, which may result to crash. This issue can only be triggered by authorized users and cause Denial of Service. This issue affects MongoDB Server v8.1 version...
MongoDB -- Incorrect Handling of incomplete data may prevent mongoS from Accepting New Connections
[email protected] reports: MongoDB Server's mongos component can become unresponsive to new connections due to incorrect handling of incomplete data. This affects MongoDB when configured with load balancer support. Required Configuration: This affects MongoDB sharded clusters when configured with...
MongoDB -- may be susceptible to privilege escalation due to $mergeCursors stage
[email protected] reports: An unauthorized user may leverage a specially crafted aggregation pipeline to access data without proper authorization due to improper handling of the $mergeCursors stage in MongoDB Server. This may lead to access to data without further authorisation...
MongoDB -- Incomplete Redaction of Sensitive Information in MongoDB Server Logs
[email protected] reports: An issue has been identified in MongoDB Server where unredacted queries may inadvertently appear in server logs when certain error conditions are encountered...
MongoDB -- may be susceptible to DoS due to Accumulated Memory Allocation
[email protected] reports: MongoDB Server may be susceptible to disruption caused by high memory usage, potentially leading to server crash. This condition is linked to inefficiencies in memory management related to internal operations. In scenarios where certain internal processes persist longer...
redis,valkey -- DoS Vulnerability due to bad connection error handling
@julienperriercornet reports: An unauthenticated connection can cause repeated IP protocol errors, leading to client starvation and, ultimately, a denial of service...
redis,valkey -- Out of bounds write in hyperloglog commands leads to RCE
Seunghyun Lee reports: An authenticated user may use a specially crafted string to trigger a stack/heap out of bounds write on hyperloglog operations, potentially leading to remote code execution...
FreeBSD -- Use-after-free in multi-threaded xz decoder
Problem Description: A worker thread could free its input buffer after decoding, while the main thread might still be writing to it. This leads to an use-after-free condition on heap memory. Impact: An attacker may use specifically crafted .xz file to cause multi-threaded xz decoder to crash, or...
ModSecurity -- empty XML tag causes segmentation fault
[email protected] reports: ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.8 to before 2.9.11, an empty XML tag can cause a segmentation fault. If SecParseXmlIntoArgs is set to On or OnlyArgs, and the reques...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 1 security fix: 427663123 High CVE-2025-6554: Type Confusion in V8...
podman -- TLS connection used to pull VM images was not validated
RedHat, Inc. reports: A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack...
MongoDB -- Race condition in privilege cache invalidation cycle
NVD reports: Under certain conditions, an authenticated user request may execute with stale privileges following an intentional change by an authorized administrator...
MongoDB -- Running certain aggregation operations with the SBE engine may lead to unexpected behavior
[email protected] reports: An authenticated user may trigger a use after free that may result in MongoDB Server crash and other unexpected behavior, even if the user does not have authorization to shut down a server. The crash is triggered on affected versions by issuing an aggregation framework...
MongoDB -- Pre-authentication Denial of Service Stack Overflow Vulnerability in JSON Parsing via Excessive Recursion in MongoDB
[email protected] reports: MongoDB Server may be susceptible to stack overflow due to JSON parsing mechanism, where specifically crafted JSON inputs may induce unwarranted levels of recursion, resulting in excessive stack space consumption. Such inputs can lead to a stack overflow that causes the...
gstreamer1-plugins-bad -- stack buffer overflow in H.266 video parser
GStreamer Security Center reports: It is possible for a malicious third party to trigger a buffer overflow that can result in a crash of the application and possibly also allow code execution through stack manipulation...
MongoDB -- Pre-Authentication Denial of Service Vulnerability in MongoDB Server's OIDC Authentication
NVD reports: The MongoDB Server is susceptible to a denial of service vulnerability due to improper handling of specific date values in JSON input when using OIDC authentication. This can be reproduced using the mongo shell to send a malicious JSON payload leading to an invariant failure and serv...
kanboard -- Password Reset Poisoning via Host Header Injection
GitHub Security Advisories reports: Kanboard allows password reset emails to be sent with URLs derived from the unvalidated Host header when the applicationurl configuration is unset default behavior. This allows an attacker to craft a malicious password reset link that leaks the token to an...
Gitlab -- Vulnerabilities
Gitlab reports: Denial of Service impacts GitLab CE/EE Missing Authentication issue impacts GitLab CE/EE Improper access control issue impacts GitLab CE/EE Elevation of Privilege impacts GitLab CE/EE Improper access control issue impacts GitLab EE...
Mozilla -- exploitable crash
[email protected] reports: A use-after-free in FontFaceSet resulted in a potentially exploitable crash...
firefox -- multiple vulnerabilities
[email protected] reports: An attacker was able to bypass the connect-src directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. When Multi-Account Containers was enabled, DNS requests could have bypass...
Mozilla -- persistent UUID that identifies browser
[email protected] reports: An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability affects Firefox 140, Firefox E...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 11 security fixes: 407328533 Medium CVE-2025-6555: Use after free in Animation. Reported by Lyra Rebane rebane2001 on 2025-03-30 40062462 Low CVE-2025-6556: Insufficient policy enforcement in Loader. Reported by Shaheen Fazim on 2023-01-02 406631048 L...
firefox -- multiple vulnerabilities
[email protected] reports: Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an embed tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. When a file download is...