6578 matches found
chromium -- multiple security fixes
Chrome Releases reports: This update includes 2 security fixes: 412057896 Medium CVE-2025-4372: Use after free in WebAudio. Reported by Huang Xilin of Ant Group Light-Year Security Lab on 2025-04-20...
Mozilla -- memory corruption
[email protected] reports: Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code...
Mozilla -- memory corruption
[email protected] reports: Memory safety bugs present in Firefox 137 and Thunderbird 137. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...
Mozilla -- XPath parsing undefined behavior
[email protected] reports: A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption...
Mozilla -- javascript content execution
[email protected] reports: A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 8 security fixes: 409911705 High CVE-2025-4096: Heap buffer overflow in HTML. Reported by Anonymous on 2025-04-11 409342999 Medium CVE-2025-4050: Out of bounds memory access in DevTools. Reported by Anonymous on 2025-04-09 404000989 Medium...
Mozilla -- control access bypass
[email protected] reports: Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowin...
Mozilla -- memory safety bugs
[email protected] reports: Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...
Mozilla -- insufficient character escaping
[email protected] reports: Due to insufficient escaping of special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system...
Mozilla -- Cross-Site Request Forgery
[email protected] reports: A security vulnerability in Thunderbird allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that had invoked the Storage Access API. This enabled potential Cross-Site Request Forgery attacks across origins...
Mozilla -- Information leak
[email protected] reports: An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges...
dnsdist -- Denial of service via crafted DoH exchange
[email protected] reports: When DNSdist is configured to provide DoH via the nghttp2provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access double-free and crash of DNSdist, causing a denial of service. The remedy is: upgrade t...
grafana -- XSS vulnerability
[email protected] reports: A cross-site scripting XSS vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does...
h11 accepts some malformed Chunked-Encoding bodies
h11 reports: h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since...
Gimp -- GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
[email protected] reports: GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the...
Gitlab -- Vulnerabilities
Gitlab reports: Cross Site Scripting XSS in Maven Dependency Proxy through CSP directives Cross Site Scripting XSS in Maven dependency proxy through cache headers Network Error Logging NEL Header Injection in Maven Dependency Proxy Allows Browser Activity Monitoring Denial of service DOS via issu...
Gimp -- GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability
[email protected] reports: GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target...
redis,valkey -- DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client
Axel Mierczuk reports: By default, the Redis configuration does not limit the output buffer of normal clients see client-output-buffer-limit. Therefore, the output buffer can grow unlimitedly over time. As a result, the service is exhausted and the memory is unavailable. When password...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 1 security fix...
ejabberd -- mod_muc_occupantid: Fix handling multiple occupant-id
ejabberd team reports: Fixed issue with handling of user provided occupant-id in messages and presences sent to muc room. Server was replacing just first instance of occupant-id with its own version, leaving other ones untouched. That would mean that depending on order in which clients send...
Erlang -- Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
[email protected] reports: Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution RCE. By exploiting a flaw in SSH protoc...
Grafana -- User deletion issue
Grafana Labs reports: On April 15, we discovered a vulnerability that stems from the user deletion logic associated with organization administrators. An organization admin could remove any user from the specific organization they manage. Additionally, they have the power to delete users entirely...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 2 security fixes: 409619251 Critical CVE-2025-3619: Heap buffer overflow in Codecs. Reported by Elias Hohl on 2025-04-09 405292639 High CVE-2025-3620: Use after free in USB. Reported by @retsew0x01 on 2025-03-21...
Firefox -- memory corruption due to race condition
[email protected] reports: A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable condition...
sqlite -- integer overflow
[email protected] reports: An integer overflow can be triggered in SQLites concatws function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffe...
Perl -- heap buffer overflow when transliterating non-ASCII bytes
9b29abf9-4ab0-4765-b253-1875cd9b441e reports: A heap buffer overflow vulnerability was discovered in Perl. When there are non-ASCII bytes in the left-hand-side of the tr operator, Sdotransinvmap can overflow the destination pointer d. $ perl -e '$ = "\xFF" x 1000000; tr/\xFF/\x100/;' Segmentation...
p5-Crypt-CBC -- Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Lib-Crypt-CBC project reports: Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable. In that case...
git -- multiple vulnerabilities
Git development team reports: CVE-2025-27613: Gitk: When a user clones an untrusted repository and runs Gitk without additional command arguments, any writable file can be created and truncated. The option "Support per-file encoding" must have been enabled. The operation "Show origin of this line...
SQLite -- application crash
[email protected] reports: In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3dbconfig in the C-language API can cause a denial of service application crash. An sznBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect...
libxslt -- multiple vulnerabilities
Alan Coopersmith reports: On 6/16/25 15:12, Alan Coopersmith wrote: BTW, users of libxml2 may also be using its sibling project, libxslt, which currently has no active maintainer, but has three unfixed security issues reported against it according to...
Gitlab -- Vulnerabilities
Gitlab reports: Denial of service via CI pipelines Unintentionally authorizing sensitive actions on users behalf IP Restriction Bypass through GraphQL Subscription Unauthorized users can list the number of confidential issues Debugging Information Disclosed...
libxml2 -- Out-of-bounds memory access
[email protected] reports: In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API Python bindings because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 2 security fixes: 405140652 High CVE-2025-3066: Use after free in Site Isolation. Reported by Sven Dysthe @svn-dys on 2025-03-21...
powerdns-recursor -- denial of service
PowerDNS Team reports: PowerDNS Security Advisory 2025-01: A crafted zone can lead to an illegal memory access in the Recursor...
sqlite -- integer overflow
[email protected] reports: In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concatws SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string e.g., 2MB or more, an integer overflow occurs in...
Grafana -- DingDing contact points exposed in Grafana Alerting
Grafana Labs reports: An incident occurred where the DingDing alerting integration URL was inadvertently exposed to viewers due to a setting oversight, which we learned about through a bug bounty report. The CVSS 3.0 score for this vulnerability is 4.3 Medium...
Grafana -- Bypass Viewer and Editor permissions
Grafana Labs reports: During the development of a new feature in Grafana 11.6.x, a security vulnerability was introduced that allows for Viewers and Editors to bypass dashboard-specific permissions. As a result, users with the Viewer role could view all the dashboards within their org and users...
Yelp -- arbitrary file read
[email protected] reports: A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment...
Yelp -- arbitrary file read
[email protected] reports: A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory: Description Medium SECURITY-3512 / CVE-2025-31720 Missing permission check allows retrieving agent configurations Description Medium SECURITY-3513 / CVE-2025-31721 Missing permission check allows retrieving secrets from agent configurations...
Mozilla -- stack memory read
[email protected] reports: An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function...
Mozilla -- Memory corruption
[email protected] reports: Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...
Mozilla -- URL spoofing attack
[email protected] reports: A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack...
Mozilla -- use-after-free error
[email protected] reports: JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free...
MongoDB -- crash due to improper validation of explain command
[email protected] reports: When run on commands with certain arguments set, explain may fail to validate these arguments before using them. This can lead to crashes in router servers. This affects MongoDB Server v5.0 prior to 5.0.31, MongoDB Server v6.0 prior to 6.0.20, MongoDB Server v7.0 prior to...
sudo -- privilege escalation vulnerability through host and chroot options
Todd C. Miller reports, crediting Rich Mirch from Stratascale Cyber Research Unit CRU: Sudo 1.9.17p1: Fixed CVE-2025-32462. Sudo's -h --host option could be specified when running a command or editing a file. This could enable a local privilege escalation attack if the sudoers file allows the use...
Mozilla -- memory corruption
[email protected] reports: Memory safety bugs present in Firefox 136 and Thunderbird 136. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...
Mozilla -- privilege escalation attack
[email protected] reports: Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 13 security fixes: 376491759 Medium CVE-2025-3067: Inappropriate implementation in Custom Tabs. Reported by Philipp Beer TU Wien on 2024-10-31 401823929 Medium CVE-2025-3068: Inappropriate implementation in Intents. Reported by Simon Rawet on 2025-03-...
MongoDB -- Malformed wire protocol messages may cause mongos to crash
[email protected] reports: Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31, MongoDB v6.0 versions prior to6.0.20 and MongoDB v7...