116578 matches found
cpython: Out-of-memory when loading Plist
A flaw was found in the plistlib module in the Python standard library. The amount of data to read from a Plist file is specified in the file itself. This issue allows a specially crafted Plist file to cause an application to allocate a large amount of memory, potentially resulting in allocations...
Important: Red Hat Security Advisory: python3.12 security update
An update for python3.12 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API
A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...
cpython: CPython: Logging Bypass in Legacy .pyc File Handling
A flaw was found in CPython. This vulnerability allows a local user with low privileges to bypass security auditing mechanisms. The issue occurs because the SourcelessFileLoader component, responsible for handling older Python compiled files .pyc, does not properly trigger system audit events. Th...
firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing
A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input 250 KiB can cause the parser to allocate hundreds of megabytes, leading to denial-of-service DoS through memory exhaustion...
python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules
A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...
python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API
A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...
Important: Red Hat Security Advisory: python3.9 security update
An update for python3.9 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
Important: Red Hat Security Advisory: freerdp security update
An update for freerdp is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...
freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. The gdisurfacebits function, which processes SURFACEBITSCOMMAND messages, does not properly validate image dimensions bmp.width and bmp.height provided by a malicious RDP server. This can lead to a heap buffer...
freerdp: FreeRDP: Denial of Service via use-after-free in AUDIN format renegotiation
A use after free flaw was found in FreeRDP. AUDIN format renegotiation frees the active format list while the capture thread continues using audin-format, leading to a use after free in audioformatcompatible. A malicious server can trigger a client‑side heap use after free causing a crash...
freerdp: FreeRDP: Denial of Service via FastGlyph parsing buffer overflow
A flaw was found in FreeRDP. A malicious server can exploit a vulnerability in FastGlyph parsing, which improperly trusts data length without sufficient validation. This can lead to a client-side global buffer overflow, resulting in a denial of service DoS due to a crash. For this vulnerability t...
freerdp: FreeRDP heap-use-after-free
A heap use after free flaw has been discovered in FreeRDP. A race in the serial channel IRP thread tracking allows a heap use‑after‑free when one thread removes an entry from serial-IrpThreads while another reads it...
freerdp: FreeRDP heap-buffer-overflow
A heap based buffer overflow has been discovered in FreeRDP. Prior to 3.20.1, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client when processing Audio Input AUDIN format lists. audinprocessformats reuses callback-formatscount across multiple MSGSNDINFORMATS PDUs...
freerdp: FreeRDP has a Heap-use-after-free in play_thread
A heap use after free has been discovered in FreeRDP. The RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsndtreatwave...
freerdp: FreeRDP has a heap-buffer-overflow in urb_select_interface
A heap buffer overflow has been discovered in FreeRDP. The URBDRC client uses server-supplied interface numbers as array indices without bounds checks, causing an out-of-bounds read in libusbudevselectinterface...
freerdp: FreeRDP has a Heap-use-after-free in urb_select_interface
A heap buffer use after free has been discovered in FreeRDP. urbselectinterface can free the device's MS config on error but later code still dereferences it, leading to a use after free in libusbudevselectinterface...
freerdp: FreeRDP has a heap-use-after-free in video_timer
A use after free flaw has been discovered in FreeRDP. The videotimer can send client notifications after the control channel is closed, dereferencing a freed callback and triggering a use after free. A malicious server can trigger a client‑side heap use after free causing a crash DoS...
freerdp: FreeRDP heap-buffer-overflow
A heap based buffer overflow has been discovered in FreeRDP. This heap-buffer-overflow occurs in drive read when a server-controlled read length is used to read file data into an IRP output stream buffer without a hard upper bound, allowing an oversized read to overwrite heap memory...
freerdp: FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2()
A null pointer dereference has been discovered in FreeRDP. A NULL pointer dereference vulnerability in rdpwritelogoninfov2 allows a malicious RDP server to crash FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with cbDomain=0 or cbUserName=0...
crypto/x509: Incorrect enforcement of email constraints in crypto/x509
A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly...
Important: Red Hat Security Advisory: rhc-worker-playbook security update
An update for rhc-worker-playbook is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
net/url: Incorrect parsing of IPv6 host literals in net/url
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...
Important: Red Hat Security Advisory: python3.11 security update
An update for python3.11 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules
A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...
python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API
A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...
firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume th...
firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Libraries component in NSS...
firefox: thunderbird: Other issue in the Storage: IndexedDB component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Other issue in the Storage: IndexedDB component...
firefox: thunderbird: Other issue in the Libraries component in NSS
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Other issue in the Libraries component in NSS...
firefox: thunderbird: Information disclosure in the Form Autofill component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure in the Form Autofill component...
firefox: thunderbird: Mitigation bypass in the File Handling component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the File Handling component...
firefox: thunderbird: Use-after-free in the JavaScript Engine component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the JavaScript Engine component...
firefox: thunderbird: Privilege escalation in the Graphics: WebRender component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the Graphics: WebRender component...
firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corrupti...
firefox: thunderbird: Incorrect boundary conditions in the WebRTC: Networking component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the WebRTC: Networking component...
firefox: thunderbird: Privilege escalation in the Debugger component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the Debugger component...
firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Libraries component in NSS...
firefox: thunderbird: Spoofing issue in the DOM: Core & HTML component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Spoofing issue in the DOM: Core & HTML component...
firefox: thunderbird: Privilege escalation in the Networking component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the Networking component...
firefox: thunderbird: Invalid pointer in the JavaScript: WebAssembly component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Invalid pointer in the JavaScript: WebAssembly component...
firefox: thunderbird: Incorrect boundary conditions in the WebRTC component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the WebRTC component...
firefox: thunderbird: Incorrect boundary conditions in the WebRTC component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the WebRTC component...
firefox: thunderbird: Information disclosure due to uninitialized memory in the Graphics: Canvas2D component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure due to uninitialized memory in the Graphics: Canvas2D component...
firefox: thunderbird: Use-after-free in the DOM: Core & HTML component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the DOM: Core & HTML component...
Important: Red Hat Security Advisory: firefox security update
An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
firefox: thunderbird: Mitigation bypass in the DOM: Security component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...
firefox: thunderbird: Incorrect boundary conditions in the DOM: Device Interfaces component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the DOM: Device Interfaces component...
firefox: thunderbird: Use-after-free in the Widget: Cocoa component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the Widget: Cocoa component...
firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Uninitialized memory in the Audio/Video: Web Codecs component...