Mail Index

• Thread Index

• [FD] Apple’s A17 Pro Chip: Critical Flaw Causes Dual Subsystem Failure & Forensic Log Loss
  • From: Joseph Goydish II via Fulldisclosure
• [FD] Asterisk Security Release 18.26.4
  • From: Asterisk Development Team via Fulldisclosure
• [FD] Asterisk Security Release 21.10.2
  • From: Asterisk Development Team via Fulldisclosure
• [FD] Asterisk Security Release 20.15.2
  • From: Asterisk Development Team via Fulldisclosure
• [FD] Asterisk Security Release 22.5.2
  • From: Asterisk Development Team via Fulldisclosure
• [FD] Certified Asterisk Security Release certified-18.9-cert17
  • From: George Joseph via Fulldisclosure
• [FD] (iOS 18.6.2) Improper Input Validation in Siri Shortcuts and Shared Web Credentials
  • From: josephgoyd via Fulldisclosure
• [FD] [Zero-Day] AppleMediaServices Fail-Open Auth Bypass (All Platforms)
  • From: josephgoyd via Fulldisclosure
• [FD] Host Header Injection - silverstripecmsv6.0.0
  • From: Andrey Stoykov
• [FD] CSV Injection - silverstripecmsv6.0.0
  • From: Andrey Stoykov
• [FD] APPLE-SA-08-20-2025-1 iOS 18.6.2 and iPadOS 18.6.2
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-08-20-2025-2 iPadOS 17.7.10
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-08-20-2025-3 macOS Sequoia 15.6.1
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-08-20-2025-4 macOS Sonoma 14.7.8
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-08-20-2025-5 macOS Ventura 13.7.8
  • From: Apple Product Security via Fulldisclosure
• [FD] CVE-2024-45438 - SpamTitan Unauthenticated User Creation
  • From: Seralys Research Team via Fulldisclosure
• [FD] libheif v1.21.0 Heap Buffer Overflow in Chunk::Chunk
  • From: Ron E
• [FD] libheif 1.21.0 Use-After-Free / Dangling shared_ptr in Track Chunk Handling
  • From: Ron E
• [FD] libheif v1.21.0 Out-of-Bounds Read in Box_stts::get_sample_duration
  • From: Ron E
• [FD] libheif v1.21.0 Out-of-Bounds Read in FullBox::get_flags
  • From: Ron E
• [FD] libheif v1.21.0 Null Pointer Dereference in Box_hdlr::get_handler_type
  • From: Ron E
• [FD] libheif v1.21.0 Null Pointer Dereference in std::vector<unsigned>::empty
  • From: Ron E
• [FD] libheif v1.21.0 Integer Overflow in Y4M Loader leading to Uncontrolled Memory Allocation
  • From: Ron E
• [FD] DjVuLibre 3.5.29 IW44EncodeCodec Integer Overflow (Negative Left Shift in IW44Image::Map::Encode)
  • From: Ron E
• [FD] DjVuLibre 3.5.29 ZPCodec Unsigned Integer Overflow in Arithmetic Encoding
  • From: Ron E
• [FD] FFmpeg 7.0+ Heap Use-After-Free in FFmpeg HLS Demuxer (libavformat/utils.c)
  • From: Ron E
• [FD] FFmpeg 7.0+ Integer Overflow in FFmpeg yuvcmp Tool Leads to Out-of-Bounds Allocation
  • From: Ron E
• [FD] FFmpeg 7.0+ Type Confusion in FFmpeg Function Pointer Calls (libavformat/utils.c)
  • From: Ron E
• [FD] FFmpeg 7.0+ NULL Pointer Dereference in FFmpeg String Handling (avstring.c)
  • From: Ron E
• [FD] FFmpeg 7.0+ LADSPA Filter Arbitrary Shared Object Loading via Unsanitized Environment Variables
  • From: Ron E
• [FD] FFmpeg 7.0+ Integer Overflow in UDP Protocol Handler (fifo_size option)
  • From: Ron E
• [FD] FFmpeg 7.0+ Integer Overflow in DSCP Option Handling of FFmpeg UDP Protocol
  • From: Ron E
• [FD] FFmpeg 7.0+ Integer Overflow in FFmpeg cache: Protocol (CacheEntry::size)
  • From: Ron E
• [FD] SEC Consult SA-20250908-0 :: NFC Card Vulnerability Exploitation Leading to Free Top-Up in KioSoft "Stored Value" Unattended Payment Solution (Mifare)
  • From: SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] Submission of Critical Firmware Parameters – PCIe HCA Cards
  • From: Taylor Newsome
• [FD] Critical Security Report – Remote Code Execution via Persistent Discord WebRTC Automation
  • From: Taylor Newsome
• [FD] Defense in depth -- the Microsoft way (part 92): more stupid blunders of Windows' File Explorer
  • From: Stefan Kanthak via Fulldisclosure
• Re: [FD] Apple’s A17 Pro Chip: Critical Flaw Causes Dual Subsystem Failure & Forensic Log Loss
  • From: Matthew Fernandez
• [FD] User Enumeration in IServ Schoolserver Web Login
  • From: naphthalin via Fulldisclosure
• Re: [FD] Apple’s A17 Pro Chip: Critical Flaw Causes Dual Subsystem Failure & Forensic Log Loss
  • From: josephgoyd via Fulldisclosure
• [FD] SEC Consult SA-20250911-0 :: Unauthenticated SQL Injection Vulnerability in Shibboleth Service Provider (SP) (ODBC interface)
  • From: SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] libicns v0.8.1 Heap Buffer Overflow in libicns ICNS Parsing (icns2png)
  • From: Ron E
• [FD] libicns v0.8.1 Signed Integer Overflow in libicns during .icns file parsing
  • From: Ron E
• [FD] libicns v0.8.1 Out-of-Bounds Read in libicns icns_family.c when parsing malformed .icns files
  • From: Ron E
• [FD] gbsplay 0.0.100-18 Heap Buffer Overflow in update_status_on_subsong_change in gbsplay
  • From: Ron E
• [FD] libvips v8.18.0 Function Pointer Type Confusion in libvips Callback Dispatch
  • From: Ron E
• [FD] CHMLIB 0.40a Integer Overflow in LZX Decompression of CHMLib
  • From: Ron E
• [FD] CHMLib 0.40a Integer Overflow in _unmarshal_int32 / _unmarshal_uint32 During CHM Header Parsing
  • From: Ron E
• [FD] libwmf v0.2.13 Integer Overflow in libwmf Left-Shift Operations (wmf.c, fig.c, svg.c)
  • From: Ron E
• [FD] APPLE-SA-09-15-2025-1 iOS 26 and iPadOS 26
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-09-15-2025-2 iOS 18.7 and iPadOS 18.7
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-09-15-2025-3 iOS 16.7.12 and iPadOS 16.7.12
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-09-15-2025-4 iOS 15.8.5 and iPadOS 15.8.5
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-09-15-2025-5 macOS Tahoe 26
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-09-15-2025-6 macOS Sequoia 15.7
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-09-15-2025-7 macOS Sonoma 14.8
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-09-15-2025-8 tvOS 26
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-09-15-2025-9 watchOS 26
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-09-15-2025-10 visionOS 26
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-09-15-2025-11 Safari 26
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-09-15-2025-12 Xcode 26
  • From: Apple Product Security via Fulldisclosure
• [FD] [CFP] Burning River Cyber Con '25 - Cleveland, OH
  • From: Burning River Cyber Con via Fulldisclosure
• [FD] Current Password not Required When Changing Password - flatpressv1.4.1
  • From: Andrey Stoykov
• [FD] Stored HTML Injection - flatpressv1.4.1
  • From: Andrey Stoykov
• [FD] libelf 0.8.12 Stack-based buffer overflow in gmo2msg (libelf) via unbounded sprintf of lang argument
  • From: Ron E
• [FD] Defense in depth -- the Microsoft way (part 93): SRP/SAFER whitelisting goes black on Windows 11
  • From: Stefan Kanthak via Fulldisclosure
• [FD] Defense in depth -- the Microsoft way (part 94): BACKDOOR planted in AppLocker
  • From: Stefan Kanthak via Fulldisclosure
• [FD] Defense in depth -- the Microsoft way (part 94): BACKDOOR planted in AppLocker
  • From: Stefan Kanthak via Fulldisclosure
• [FD] xpra server information disclosure
  • From: Antoine Martin via Fulldisclosure
• [FD] CyberDanube Security Research 20250909-0 | Cross-Site Scripting in Schneider ATV 630
  • From: Thomas Weber | CyberDanube via Fulldisclosure
• [FD] CyberDanube Security Research 20250919-0 | Multiple Vulnerabilities in Novakon P series
  • From: Thomas Weber | CyberDanube via Fulldisclosure
• [FD] SEC Consult SA-20250923-0 :: Missing Certificate Validation leading to RCE in CleverControl employee monitoring software #CVE-2025-10548
  • From: SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] SEC Consult SA-20250925-0 :: Multiple Vulnerabilities in iMonitorSoft EAM employee monitoring #CVE-2025-10540 #CVE-2025-10541 #CVE-2025-10542
  • From: SEC Consult Vulnerability Lab via Fulldisclosure