py-mysql-connector-python -- Vulnerability in the MySQL Connectors product of Oracle MySQL

Oracle reports: Vulnerability in the MySQL Connectors product of Oracle MySQL component: Connector/Python. Supported versions that are affected are 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 2 security fixes: 384844003 Medium CVE-2025-0762: Use after free in DevTools. Reported by Sakana.S on 2024-12-18...

dendrite -- Server-side request forgery vulnerability

Dendrite team reports: This is a security release, gomatrixserverlib was vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 16 security fixes: 374627491 High CVE-2025-0434: Out of bounds memory access in V8. Reported by ddme on 2024-10-21 379652406 High CVE-2025-0435: Inappropriate implementation in Navigation. Reported by Alesandro Ortiz on 2024-11-18 382786791 High...

electron31 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-12053. Security: backported fix for CVE-2024-12693. Security: backported fix for CVE-2024-12694...

oauth2-proxy -- Non-linear parsing of case-insensitive content

Golang reports: This update include security fixes: CVE-2024-45338: Non-linear parsing of case-insensitive content...

rsync -- Multiple security fixes

rsync reports: This update includes multiple security fixes: CVE-2024-12084: Heap Buffer Overflow in Checksum Parsing CVE-2024-12085: Info Leak via uninitialized Stack contents defeats ASLR CVE-2024-12086: Server leaks arbitrary client files CVE-2024-12087: Server can make client write files...

keycloak -- Multiple security fixes

Keycloak reports: This update includes 2 security fixes: CVE-2024-11734: Unrestricted admin use of system and environment variables CVE-2024-11736: Denial of Service in Keycloak Server via Security Headers...

fcgi -- Heap-based buffer overflow via crafted nameLen/valueLen in ReadParams

[email protected] reports: FastCGI fcgi2 aka fcgi 2.x through 2.4.4 has an integer overflow and resultant heap-based buffer overflow via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c...

qt6-webengine -- Multiple vulnerabilities

Qt qtwebengine-chromium repo reports: Backports for 9 security bugs in Chromium: CVE-2024-12693: Out of bounds memory access in V8 CVE-2024-12694: Use after free in Compositing CVE-2025-0436: Integer overflow in Skia CVE-2025-0437: Out of bounds read in Metrics CVE-2025-0438: Stack buffer overflo...

Gitlab -- Vulnerabilities

Gitlab reports: Possible access token exposure in GitLab logs Cyclic reference of epics leads resource exhaustion Unauthorized user can manipulate status of issues in public projects Instance SAML does not respect externalprovider configuration...

Mozilla -- use-after-free while parsing JSON

[email protected] reports: Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free...

Mozilla -- DoS via segmentation fault

[email protected] reports: When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash...

Mozilla -- redirection to insecure site

[email protected] reports: When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site...

Mozilla -- use-after-free after failed memory allocation

[email protected] reports: Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash...

Mozilla -- Memory corruption bug

[email protected] reports: Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

Mozilla -- Memory safety bugs

[email protected] reports: Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been...

Mozilla -- privilege escalation attack

[email protected] reports: The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks...

Mozilla -- Memory safety bugs

[email protected] reports: Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

firefox -- authentication bypass

[email protected] reports: Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed...

go -- multiple vulnerabilities

The Go project reports: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. net/http: sensitive headers incorrectly sent after...

electron32 -- Type Confusion in V8

Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2024-12053...

redis,valkey -- Remote code execution valnerability

Redis core team reports: An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting...

redis,valkey -- Denial-of-service valnerability due to malformed ACL selectors

Redis core team reports: An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service.The problem exists in Redis 7.0.0 or newer...

webmin -- CGI Command Injection Remote Code Execution

Webmin reports: A less-privileged Webmin user can execute commands as root via a vulnerability in the shell autocomplete feature...

Apache Tomcat -- RCE due to TOCTOU issue in JSP compilation

[email protected] reports: Time-of-check Time-of-use TOCTOU Race Condition The mitigation for CVE-2024-50379 was incomplete. Users running Tomcat on a case insensitive file system with the default servlet write enabled readonly initialisation parameter set to the non-default value of false may...

Vaultwarden -- Admin organization permissions

The Vaultwarden project reports: Admins from any organization were able to modify or delete groups in any other organization if they know the group's uuid...

kanboard -- Insufficient session invalidation

[email protected] reports: Kanboard is project management software that focuses on the Kanban methodology. In affected versions sessions are still usable even though their lifetime has exceeded. Kanboard implements a cutom session handler app/Core/Session/SessionHandler.php, to store...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 3 security fixes: 382291459 High CVE-2024-12692: Type Confusion in V8. Reported by Seunghyun Lee @0x10n on 2024-12-05 382190919 High CVE-2024-12693: Out of bounds memory access in V8. Reported by 303f06e3 on 2024-12-04 368222741 High CVE-2024-12694: U...

age -- age vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution

Filippo Valsorda reports: A plugin name containing a path separator may allow an attacker to execute an arbitrary binary. Such a plugin name can be provided to the age CLI through an attacker-controlled recipient or identity string, or to the plugin.NewIdentity, plugin.NewIdentityWithoutData, or...

www/varnish7 -- client-side desync vulnerability

The Varnish Development Team reports: A client-side desync vulnerability can be triggered in Varnish Cache and Varnish Enterprise. This vulnerability can be triggered under specific circumstances involving malformed HTTP/1 requests...

zeek -- potential DoS vulnerability

Tim Wojtulewicz of Corelight reports: Large QUIC packets can cause Zeek to overflow memory and potentially crash. Due to the possibility of receiving these packets from remote hosts, this is a DoS risk...

forgejo -- multiple vulnerabilities

Problem Description: When Forgejo is configured to run the internal ssh server with server.STARTSSHSERVER=true, it was possible for a registered user to impersonate another user. The rootless container image uses the internal ssh server by default and was vulnerable. A Forgejo instance running fr...

forgejo -- multiple vulnerabilities

Problem Description: It was possible to use a token sent via email for secondary email validation to reset the password instead. In other words, a token sent for a given action registration, password reset or secondary email validation could be used to perform a different action. It is no longer...

gitea -- Fix misuse of PublicKeyCallback

Problem Description: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto...

forgejo -- unauthorized user impersonation

Problem Description: When Forgejo is configured to run the internal ssh server with server.STARTSSHSERVER=true, it was possible for a registered user to impersonate another user. The rootless container image uses the internal ssh server by default and was vulnerable. A Forgejo instance running fr...

Gitlab -- Vulnerabilities

Gitlab reports: Injection of Network Error Logging NEL headers in kubernetes proxy response could lead to ATO abusing OAuth flows Denial of Service by repeatedly sending unauthenticated requests for diff-files CIJOBTOKEN could be used to obtain GitLab session Open redirect in releases API...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 3 security fixes: 381696874 High CVE-2024-12381: Type Confusion in V8. Reported by Seunghyun Lee @0x10n on 2024-12-02 379516109 High CVE-2024-12382: Use after free in Translate. Reported by lime@limeSec from TIANGONG Team of Legendsec at QI-ANXIN Grou...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 4 security fixes: 379009132 High CVE-2024-12053: Type Confusion in V8. Reported by gal1ium and chluo on 2024-11-14...

py-matrix-synapse -- multiple vulnerabilities in versions prior to 1.120.1

element-hq/synapse developers report: The 1.120.1 release fixes multiple security vulnerabilities, some affecting all prior versions of Synapse. Server administrators are encouraged to update Synapse as soon as possible. We are not aware of these vulnerabilities being exploited in the wild...

gstreamer1-plugins-vorbis -- Stack buffer-overflow in Vorbis decoder

The GStreamer Security Center reports: Stack buffer-overflow in Vorbis decoder that can cause crashes for certain input files...

gstreamer1-plugins-opus -- Stack buffer-overflow in Opus decoder

The GStreamer Security Center reports: Stack buffer-overflow in Opus decoder that can cause crashes for certain input files...

gstreamer1-plugins -- multiple vulnerabilities

The GStreamer Security Center reports: 3 security bugs. CVE-2024-47542: ID3v2 parser out-of-bounds read and NULL-pointer dereference CVE-2024-47600: Out-of-bounds read in gst-discoverer-1.0 commandline tool CVE-2024-47541: Out-of-bounds write in SSA subtitle parser...

gstreamer1-plugins-gdkpixbuf -- NULL-pointer dereference

The GStreamer Security Center reports: A NULL-pointer dereference in the gdk-pixbuf decoder that can cause crashes for certain input files...

gstreamer1-plugins-good -- multiple vulnerabilities

The GStreamer Security Center reports: 20 security bugs. CVE-2024-47537: Integer overflow in MP4/MOV sample table parser leading to out-of-bounds writes CVE-2024-47598: MP4/MOV sample table parser out-of-bounds read CVE-2024-47539: MP4/MOV Closed Caption handling out-of-bounds write CVE-2024-4754...

gstreamer1-plugins-ogg -- Out-of-bounds write in Ogg demuxer

The GStreamer Security Center reports: An out-of-bounds write in the Ogg demuxer that can cause crashes for certain input files...

gstreamer1-plugins-jpeg -- NULL-pointer dereferences in JPEG decoder

The GStreamer Security Center reports: Insufficient error handling in the JPEG decoder that can lead to NULL-pointer dereferences, and that can cause crashes for certain input files...

asterisk - path traversal

[email protected] reports: An issue in the actionlistcategories function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to execute a path traversal...

liboqs -- Correctness error in HQC decapsulation

The Open Quantum Safe project reports: A correctness error has been identified in the reference implementation of the HQC key encapsulation mechanism. Due to an indexing error, part of the secret key is incorrectly treated as non-secret data. This results in an incorrect shared secret value being...

qt6-webengine -- Multiple vulnerabilities

Qt qtwebengine-chromium repo reports: Backports for 5 security bugs in Chromium: CVE-2024-11110: Inappropriate implementation in Blink CVE-2024-11112: Use after free in Media CVE-2024-11114: Inappropriate implementation in Views CVE-2024-11116: Inappropriate implementation in Paint CVE-2024-11117...