6578 matches found
traefik -- Bypassing security controls via special characters
The traefik project reports: There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a matcher based on the path; if the request path contains an encoded restricted...
xrdp -- remote code execution
Denis Skvortsov, Security Researcher at Kaspersky reports: xrdp before v0.10.5 contains an unauthenticated stack-based buffer overflow vulnerability. The issue stems from improper bounds checking when processing user domain information during the connection sequence. If exploited, the vulnerabili...
Apache httpd -- Multiple vulnerabilities
The Apache httpd project reports: See changelog or 2.4 vulnerabilities for details...
png -- Out-of-bounds read
https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f reports: Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the pngsRGBbase512 array when processing valid palette PNG images with partial transparency an...
xkbcomp -- Several vulnerabilities
X.Org reports: Multiple issues have been found in xkbcomp that have been previously been published as CVEs in libxbkcommon. libxkbcommon is to some degree a fork of xkbcomp and some of the code base is identical. These CVEs were published earlier as: CVE-2018-15853: Endless recursion in...
step-certificates -- Authorization Bypass in ACME and SCEP Provisioners
smallstep reports: An attacker can bypass authorization checks and force a Step CA ACME or SCEP provisioner to create certificates without completing certain protocol authorization checks...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 13 security fixes: 456547591 High CVE-2025-13630: Type Confusion in V8. Reported by Shreyas Penkar @streypaws on 2025-10-31 448113221 High CVE-2025-13631: Inappropriate implementation in Google Updater. Reported by Jota Domingos on 2025-09-29 43905824...
go -- excessive resource consumption
The Go project reports: Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided ...
Gitlab -- vulnerabilities
Gitlab reports: Race condition issue in CI/CD cache impacts GitLab CE/EE Denial of Service issue in JSON input validation middleware impacts GitLab CE/EE Authentication bypass issue in account registration impacts GitLab CE/EE Denial of Service issue in HTTP response processing impacts GitLab CE/...
spotipy -- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
https://github.com/spotipy-dev/spotipy/security/advisories/GHSA-r77h-rpp9-w2xm reports: Spotipy is a Python library for the Spotify Web API. Prior to version 2.25.2, there is a cross-site scripting XSS vulnerability in the OAuth callback server that allows for JavaScript injection through the...
MongoDB Server -- Improper Certificate Validation
https://jira.mongodb.org/browse/SERVER-105783 reports: Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a client certificate not aligning with the documented Extended Key Usage EKU requirements. A certificate that specifies extendedKeyUsage but is missing...
MongoDB -- Reachable Assertion
https://jira.mongodb.org/browse/SERVER-101180 reports: MongoDB Server may experience an invariant failure during batched delete operations when handling documents. The issue arises when the server mistakenly assumes the presence of multiple documents in a batch based solely on document size...
MongoDB -- Missing Authorization
https://jira.mongodb.org/browse/SERVER-103582 reports: A user with access to the cluster with a limited set of privilege actions may be able to terminate queries that are being executed by other users. This may cause a denial of service by preventing a fraction of queries from successfully...
MongoDB -- Improper Validation of Specified Quantity in Input
https://jira.mongodb.org/browse/SERVER-108565 reports: Inconsistent object size validation in time series processing logic may result in later processing of oversized BSON documents leading to an assert failing and process termination...
png -- Multiple vulnerabilities
https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g reports: LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow...
wolfssl -- multiple issues
wolfSSL blog reports: This release includes multiple fixes across TLS 1.2, TLS 1.3, X25519, XChaCha20-Poly1305, and PSK processing. Highlights include: A timing-side-channel issue in X25519 specifically affecting Xtensa-based ESP32 devices. Low-memory X25519 implementations are now the default fo...
GnuTLS -- Stack write buffer overflow
GnuTLS reports: When a PKCS11 token is initialized with gnutlspkcs11tokeninit function and it is passed a token label longer than 32 characters, it may write past the boundary of stack allocated memory...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 2 security fixes: 460017370 High CVE-2025-13223: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group on 2025-11-12 450328966 High CVE-2025-13224: Type Confusion in V8. Reported by Google Big Sleep on 2025-10-09...
PostgreSQL -- Multiple vulnerabilities
https://www.postgresql.org/support/security/CVE-2025-12818/ reports: Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This resul...
Gitlab -- vulnerabilities
Gitlab reports: Cross-site scripting issue in k8s proxy impacts GitLab CE/EE Incorrect Authorization issue in workflows impacts GitLab EE Information Disclosure issue in GraphQL subscriptions impacts GitLab CE/EE Information Disclosure issue in access control impacts GitLab CE/EE Prompt Injection...
lightdm-kde-greeter -- Privilege Escalation from lightdm Service User to root
SUSE Security Team reports: A Execution with Unnecessary Privileges vulnerability in lightdm-kde-greeter allows escalation from the service user to root. This issue affects lightdm-kde-greeter before 6.0.4...
sudo-rs -- Partial password reveal when password timeout occurs
Trifecta Tech Foundation reports: When typing partial passwords but not pressing return for a long time, a password timeout can occur. When this happens, the keys pressed are replayed onto the console...
sudo-rs -- Authenticating user not recorded properly in timestamp
Trifecta Tech Foundation reports: With Defaults targetpw or Defaults rootpw enabled, the password of the target account or root account instead of the invoking user is used for authentication. sudo-rs prior to 0.2.10 incorrectly recorded the invoking user’s UID instead of the authenticated-as...
libvirt -- Multiple vulnerabilities
The libvirt project reports: See changelog for details...
Mozilla -- Memory safety bugs
https://bugzilla.mozilla.org/buglist.cgi?bugid=1987237%2C1990079%2C1991715%2C1994994 reports: Memory safety bugs. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...
Firefox -- Multiple vulnerabilities
https://bugzilla.mozilla.org/showbug.cgi?id=1994441 reports: Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. Incorrect boundary conditions in the Graphics: WebGPU component. JIT miscompilation in the JavaScript Engine: JIT component. Sandbox escape due to...
firefox -- Use-after-free
https://bugzilla.mozilla.org/showbug.cgi?id=1995686 reports: Use-after-free in the WebRTC: Audio/Video component. Same-origin policy bypass in the DOM: Workers component. Mitigation bypass in the DOM: Security component. Same-origin policy bypass in the DOM: Notifications component. Incorrect...
chromium -- security fix
Chrome Releases reports: This update includes 1 security fix: 457351015 High CVE-2025-13042: Inappropriate implementation in V8. Reported by 303f06e3 on 2025-11-03...
pkcs11-helper -- deserialize buffer overflow
Alon Bar-Lev reports: util: fix deserialize buffer overflow. thanks to Aarnav Bos...
privatebin XSS
privatebin reports: Dragging a file whose filename contains HTML is reflected verbatim into the page via the drag-and-drop helper, so any user who drops a crafted file on PrivateBin will execute arbitrary JavaScript within their own session self-XSS. This allows an attacker who can entice a victi...
py-pdfminer.six -- Arbitrary Code Execution in pdfminer.six via Crafted PDF Input
Pieter Marsman reports: pdfminer.six will execute arbitrary code from a malicious pickle file if provided with a malicious PDF file. The CMapDB.loaddata function in pdfminer.six uses pickle.loads to deserialize pickle files. These pickle files are supposed to be part of the pdfminer.six...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 5 security fixes: 443906252 High CVE-2025-12725: Out of bounds write in WebGPU. Reported by Anonymous on 2025-09-09 447172715 High CVE-2025-12726: Inappropriate implementation in Views. Reported by Alesandro Ortiz on 2025-09-25 454485895 High...
redis -- Bug in XACKDEL may lead to stack overflow and potential RCE
Google Big Sleep reports: A user can run the XACKDEL command with multiple ID's and trigger a stack buffer overflow, which may potentially lead to remote code execution. The problem exists in Redis 8.2 or newer. The code doesn't handle the case where the number of ID's exceeds the...
MongoDB -- Improper Check for Unusual or Exceptional Conditions
https://jira.mongodb.org/browse/SERVER-101230 reports: The KMIP response parser built into mongo binaries is overly tolerant of certain malformed packets, and may parse them into invalid objects. Later reads of this object can result in read access violations...
Xorg -- multiple vulnerabilities
https://access.redhat.com/errata/RHSA-2025:19432 reports: CVE-2025-62229: A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 20 security fixes: 447613211 High CVE-2025-12428: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2025-09-26 450618029 High CVE-2025-12429: Inappropriate implementation in V8. Reported by Aorui Zhang on 2025-10-10 442860743 High...
OpenEXR < 3.4.3 -- multiple vulnerabilities
Cary Phillips reports: Patch release that addresses several bugs, primarily involving properly rejecting corrupt input data. He goes on to report various relevant items including heap buffer overflows, use-after-free, use of uninitialized memory and other bugs, several of them found by OSS-fuzz,...
ISC KEA -- Invalid characters cause assert
Internet Systems Consortium, Inc. reports: To trigger the issue, three configuration parameters must have specific settings: "hostname-char-set" must be left at the default setting, which is "^A-Za-z0-9.-"; "hostname-char-replacement" must be empty the default; and "ddns-qualifying-suffix" must N...
OpenJPH < 0.24.5 -- multiple vulnerabilities
Aous Naman reports several vulnerabilities fixed in OpenJPH versions up to 0.24.5 and credits Cary Phillips for reporting them from the OSS-fuzz project. 0.24.5 Addresses OpenEXR OSS-fuzz issue 5747129672073216 that can cause heap corruption. 0.24.4... we now check that the ATK marker segment...
Firefox -- use-after-free in the GPU or browser process
https://bugzilla.mozilla.org/showbug.cgi?id=1993113 reports: Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser process using WebGPU-related IPC calls. This may have been usable to escape the child process sandbox...
strongSwan -- Heap-based buffer overflow in eap-mschapv2 plugin due to improper handling of failure request packets
Xu Biang reports: The eap-mschapv2 plugin doesn't correctly check the length of an EAP-MSCHAPv2 Failure Request packet on the client, which can cause an integer underflow that leads to a crash and, depending on the compiler options, even a heap-based buffer overflow that's potentially exploitable...
OpenVPN -- HMAC verification on source IP address ineffective
Arne Schwabe reports: Fix memcmp check for the hmac verification in the 3way handshake being inverted This is a stupid mistake but causes all hmac cookies to be accepted, thus breaking source IP address validation. As a consequence, TLS sessions can be openend and state can be consumed in the...
SQLite -- Integer Overflow vulnerability
http://sqlite3.com reports: Integer Overflow vulnerability in SQLite SQLite3 v.3.50.0 allows a remote attacker to cause a denial of service via the setupLookaside function...
privatebin - Missing HTML sanitisation of attached filename in file size hint enabling persistent XSS
PrivateBin reports: We've identified an HTML injection/XSS vulnerability in the PrivateBin service that allows the injection of arbitrary HTML markup via the attached filename...
RT -- XSS via calendar invitations
Mateusz Szymaniec and CERT Polska Reports: RT is vulnerable to XSS via calendar invitations added to a ticket. Thanks to Mateusz Szymaniec and CERT Polska for reporting this finding...
RT -- CSV injection
Gareth Watkin-Jones from 4armed reports: RT is vulnerable to CSV injection via ticket values with special characters that are exported to a TSV from search results. Thanks to Gareth Watkin-Jones from 4armed for reporting this finding...
Gitlab -- vulnerabilities
Gitlab reports: Improper access control issue in runner API impacts GitLab EE Denial of service issue in event collection impacts GitLab CE/EE Denial of service issue in JSON validation impacts GitLab CE/EE Denial of service issue in upload impacts GitLab CE/EE Incorrect Authorization issue in...
FreeBSD -- SO_REUSEPORT_LB breaks connect(2) for UDP sockets
Problem Description: Connected sockets are not intended to belong to load-balancing groups. However, the kernel failed to check the connection state of sockets when adding them to load-balancing groups. Furthermore, when looking up the destination socket for an incoming packet, the kernel will...
unbound -- Possible domain hijacking via promiscuous records in the authority section
[email protected] reports: NLnet Labs Unbound up to and including version 1.24.0 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement positive DNS replies in the authority section can be used to trick resolvers to update their delegation information for the zone...
chromium -- security fix
Chrome Releases reports: This update includes 1 security fix: 452296415 High CVE-2025-12036: Inappropriate implementation in V8. Reported by Google Big Sleep on 2025-10-15...