6578 matches found
Mongodb -- Use-after-free in the MongoDB
[email protected] reports: An authorized user may crash the MongoDB server by causing buffer over-read. This can be done by issuing a DDL operation while queries are being issued, under some conditions...
OpenVPN -- avoid buffer overread parsing routes or endpoints
Mikhail Khachaiants reports: socket: reject mismatched address family in getaddrgeneric. Add a family check to prevent copying address data of the wrong type, which could cause buffer over-read when parsing routes or endpoints...
minio -- Privilege Escalation via Session Policy Bypass in Service Accounts and STS
mino reports: A privilege escalation vulnerability allows service accounts and STS Security Token Service accounts with restricted session policies to bypass their inline policy restrictions when performing "own" account operations, specifically when creating new service accounts for the same use...
Hidden/Protected custom variables are prone to filter enumeration
Icinga reports: An authorized user with access to Icinga DB Web, can use a custom variable in a filter that is either protected by icingadb/protect/variables or hidden by icingadb/denylist/variables, to guess values assigned to it...
powerdns-recursor -- cache pollution
PowerDNS Team reports: It has been brought to our attention that the Recursor does not apply strict enough validation of received delegation information. The malicious delegation information can be sent by an attacker spoofing packets...
Mozilla -- Memory safety bugs
[email protected] reports: Memory safety bugs. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...
Mozilla -- Memory safety bugs
[email protected] reports: Memory safety bug. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code...
Mozilla -- Out-of-bounds reads and writes
[email protected] reports: A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures...
Mozilla -- Use-after-free
[email protected] reports: Use-after-free in MediaTrackGraphImpl::GetInstance...
Mozilla -- Memory safety bugs
[email protected] reports: Memory safety bugs. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 1 security fix: 447192722 High CVE-2025-11756: Use after free in Safe Browsing. Reported by asnine on 2025-09-25...
Mozilla -- Memory disclosure
[email protected] reports: A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process...
Mozilla -- XSS in sites without content-type header
[email protected] reports: A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files without a...
Mozilla -- JavaScript Object property overriding
[email protected] reports: There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable...
zeek -- information leak vulnerability
Tim Wojtulewicz of Corelight reports: The KRB analyzer can leak information about hosts in analyzed traffic via external DNS lookups...
Mailpit -- Performance information disclosure
Ralph Slooten Mailpit developer reports: An HTTP endpoint was found which exposed expvar runtime information memory usage, goroutine counts, GC behavior, uptime and potential runtime flags due to the Prometheus client library dependency...
py-social-auth-app-django -- Unsafe account association
Michal ÄŒihaÅ™ reports: Upon authentication, the user could be associated by e-mail even if the associatebyemail pipeline was not included. This could lead to account compromise when a third-party authentication service does not validate provided e-mail addresses or doesn't require unique e-mail...
Gitlab -- vulnerabilities
Gitlab reports: Incorrect authorization issue in GraphQL mutations impacts GitLab EE Denial of Service issue in GraphQL blob type impacts GitLab CE/EE Missing authorization issue in manual jobs impacts GitLab CE/EE Denial of Service issue in webhook endpoints impacts GitLab CE/EE...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 3 security fixes: 443196747 High CVE-2025-11458: Heap buffer overflow in Sync. Reported by raven at KunLun lab on 2025-09-05 446722008 High CVE-2025-11460: Use after free in Storage. Reported by Sombra on 2025-09-23 441917796 Medium CVE-2025-11211: Ou...
redis,valkey -- Out of bound read due to a bug in LUA
redis reports: An authenticated user may use a specially crafted LUA script to read out-of-bound data or crash the server and subsequent denial of service. The problem exists in all versions of Redis with Lua scripting An additional workaround to mitigate the problem without patching the...
redis,valkey -- Running Lua function as a different user
redis reports: An authenticated user may use a specially crafted Lua script to manipulate different LUA objects and potentially run their own code in the context of another user The problem exists in all versions of Redis with Lua scripting. An additional workaround to mitigate the problem withou...
redis,valkey -- Lua Use-After-Free may lead to remote code execution
redis reports: An authenticated user may use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. An additional workaround to mitigate the problem...
redis,valkey -- Lua library commands may lead to integer overflow and potential RCE
redis reports: An authenticated user may use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with Lua scripting. An additional workaround to mitigate the problem without patching the redis-server...
fetchmail -- potential crash when authenticating to SMTP server
Matthias Andree reports: fetchmail's SMTP client, when configured to authenticate, is susceptible to a protocol violation where, when a trusted but malicious or malfunctioning SMTP server responds to an authentication request with a "334" code but without a following blank on the line, it will...
LibreSSL -- overwrite and -read vulnerability
The LibreSSL project reports: An incorrect length check can result in a 4-byte overwrite and an 8-byte overread...
Vulnerability found in Expat
Expat 2.8.1 was released yesterday. The key motivation for cutting a release and doing so now was: Fixing vulnerability CVE-2026-45186 that allows easy denial of service. See also https://github.com/libexpat/libexpat/pull/1216...
Django -- multiple vulnerabilities
Django reports: CVE-2025-59681: Potential SQL injection in QuerySet.annotate, alias, aggregate, and extra on MySQL and MariaDB. CVE-2025-59682: Potential partial directory-traversal via archive.extract...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 21 security fixes: 442444724 High CVE-2025-11205: Heap buffer overflow in WebGPU. Reported by Atte Kettunen of OUSPG on 2025-09-02 444755026 High CVE-2025-11206: Heap buffer overflow in Video. Reported by Elias Hohl on 2025-09-12 428189824 Medium...
Firefox -- Sandbox escape due to integer overflow
https://bugzilla.mozilla.org/showbug.cgi?id=1987246 reports: Sandbox escape due to integer overflow in the Graphics: Canvas2D component...
Firefox -- Sandbox escape
[email protected] reports: Sandbox excape due to integer overflow in the Graphics: Canvas2D component...
Firefox -- JIT miscompilation in the JavaScript Engine
[email protected] reports: JIT miscompilation in the JavaScript Engine: JIT component...
OpenSSL -- multiple vulnerabilities
The OpenSSL project reports reports: Out-of-bounds read & write in RFC 3211 KEK Unwrap Timing side-channel in SM2 algorithm on 64-bit ARM Fix Out-of-bounds read in HTTP client noproxy handling...
qt6-webengine -- Multiple vulnerabilities
Qt qtwebengine-chromium repo reports: Backports for 9 security bugs in Chromium: CVE-2025-9866: Determine whether to bypass redirect checks per request CVE-2025-10200: Use after free in Serviceworker CVE-2025-10201: Inappropriate implementation in Mojo CVE-2025-10500: Use after free in Dawn...
Gitlab -- Vulnerabilities
Gitlab reports: Denial of Service issue when uploading specifically crafted JSON files impacts GitLab CE/EE Denial of Service issue bypassing query complexity limits impacts GitLab CE/EE Information disclosure issue in virtual registery configuration for low privileged users impacts GitLab CE/EE...
openvpn-devel -- script injection vulnerability from trusted but malicious server
Gert Doering reports: Notable changes beta1 - beta2 are: ... add proper input sanitation to DNS strings to prevent an attack coming from a trusted-but-malicous OpenVPN server CVE: 2025-10680, affects unixoid systems with --dns-updown scripts and windows using the built-in powershell call Lev...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 4 security fixes: 430336833 High CVE-2025-10890: Side-channel information leakage in V8. Reported by Mate Marjanović SharpEdged on 2025-07-09 443765373 High CVE-2025-10891: Integer overflow in V8. Reported by Google Big Sleep on 2025-09-09 444048019...
dnsdist -- Denial of service via crafted DoH exchange
[email protected] reports: In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 4 security fixes: 445380761 High CVE-2025-10585: Type Confusion in V8. Reported by Google Threat Analysis Group on 2025-09-16 435875050 High CVE-2025-10500: Use after free in Dawn. Reported by Giunash Gyujeong Jin on 2025-08-03 440737137 High...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory: Description High SECURITY-3618 / CVE-2025-5115 HTTP/2 denial of service vulnerability in bundled Jetty Medium SECURITY-3594 / CVE-2025-59474 Missing permission check allows obtaining agent names Medium SECURITY-3625 / CVE-2025-59475 Missing permission check in...
expat -- dynamic memory allocations issue
expat security advisory: libexpat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing...
Mozilla -- Memory safety bugs
[email protected] reports: Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...
Mozilla -- integer overflow
[email protected] reports: Integer overflow in the SVG component...
Mozilla -- Incorrect boundary conditions
[email protected] reports: The vulnerability has been assessed to have moderate impact on affected systems, potentially allowing attackers to exploit incorrect boundary conditions in the JavaScript Garbage Collection component. In Thunderbird specifically, these flaws cannot be exploited throu...
Mozilla -- Sandbox escape due to use-after-free
[email protected] reports: Sandbox escape due to use-after-free...
Firefox -- Mitigation bypass
https://bugzilla.mozilla.org/showbug.cgi?id=1978453 reports: Mitigation bypass in the Web Compatibility: Tooling component...
Firefox -- Same-origin policy bypass
https://bugzilla.mozilla.org/showbug.cgi?id=1970490 reports: Same-origin policy bypass in the Layout component...
Mozilla -- Information disclosure
[email protected] reports: This vulnerability affects Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3...
Mozilla -- spoofing
[email protected] reports: Spoofing issue in the Site Permission component...
Mozilla -- mitigation bypass vulnerability
[email protected] reports: The vulnerability has been rated as having moderate impact, affecting both confidentiality and integrity with low severity, while having no impact on availability. For Thunderbird specifically, the vulnerability cannot be exploited through email as scripting is...
Firefox -- Integer overflow in the SVG component
https://bugzilla.mozilla.org/showbug.cgi?id=1980788 reports: Integer overflow in the SVG component...