| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS. |
| A memory corruption issue was addressed with improved bounds checking. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS. |
| Astro is a web framework for content-driven websites. A bug in the build process allows any unauthenticated user to read parts of the server source code. During build, along with client assets such as css and font files, the sourcemap files **for the server code** are moved to a publicly-accessible folder. Any outside party can read them with an unauthorized HTTP GET request to the same server hosting the rest of the website. While some server files are hashed, making their access obscure, the files corresponding to the file system router (those in `src/pages`) are predictably named. For example. the sourcemap file for `src/pages/index.astro` gets named `dist/client/pages/index.astro.mjs.map`. This vulnerability is the root cause of issue #12703, which links to a simple stackblitz project demonstrating the vulnerability. Upon build, notice the contents of the `dist/client` (referred to as `config.build.client` in astro code) folder. All astro servers make the folder in question accessible to the public internet without any authentication. It contains `.map` files corresponding to the code that runs on the server. All **server-output** projects on Astro 5 versions **v5.0.3** through **v5.0.7**, that have **sourcemaps enabled**, either directly or through an add-on such as `sentry`, are affected. The fix for **server-output** projects was released in **astro@5.0.8**. Additionally, all **static-output** projects built using Astro 4 versions **4.16.17 or older**, or Astro 5 versions **5.0.8 or older**, that have **sourcemaps enabled** are also affected. The fix for **static-output** projects was released in **astro@5.0.9**, and backported to Astro v4 in **astro@4.16.18**. The immediate impact is limited to source code. Any secrets or environment variables are not exposed unless they are present verbatim in the source code. There is no immediate loss of integrity within the the vulnerable server. However, it is possible to subsequently discover another vulnerability via the revealed source code . There is no immediate impact to availability of the vulnerable server. However, the presence of an unsafe regular expression, for example, can quickly be exploited to subsequently compromise the availability. The fix for **server-output** projects was released in **astro@5.0.8**, and the fix for **static-output** projects was released in **astro@5.0.9** and backported to Astro v4 in **astro@4.16.18**. Users are advised to update immediately if they are using sourcemaps or an integration that enables sourcemaps. |
| In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting "checked"). This makes classic XXE attacks possible. |
| The gh package before 1.5.0 for R delivers an HTTP response in a data structure that includes the Authorization header from the corresponding HTTP request. |
| A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior, allowing an attacker to bypass cookie expiration logic, causing persistent or unintended cookie behavior. The issue stems from improper validation of large integer inputs during date arithmetic operations within the cookie parsing routines. |
| A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw could result in unintended disclosure of memory contents, potentially exposing sensitive information from the process using libsoup. |
| Not used |
| Not used |
| Not used |
| Not used |
| Not used |
| Not used |
| Not used |
| Not used |
| Not used |
| An issue in Gevent before version 23.9.0 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component. |
| A Server-Side Request Forgery (SSRF) in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe. Note: Some users have stated that Pandoc by default can retrieve and parse untrusted HTML content which can enable SSRF vulnerabilities. Using the ‘--sandbox’ option or ‘pandoc-server’ can mitigate such vulnerabilities. Using pandoc with an external ‘--pdf-engine’ can also enable SSRF vulnerabilities, such as CVE-2022-35583 in wkhtmltopdf. |
| Missing Authorization vulnerability in Jegstudio Gutenverse Form gutenverse-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse Form: from n/a through <= 2.2.0. |
| A SQL injection vulnerability exists in CSZ-CMS <=1.3.0 in the Form Builder view functionality. The vulnerability is located in the field parameter of the form viewing feature, allowing authenticated administrators to execute arbitrary SQL queries. |
