Full Disclosure Mailing List

A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.

List Archives

Latest Posts

Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlib Ron E (Sep 30)
A denial-of-service vulnerability exists in Samtools and the underlying
HTSlib when processing BED files containing extremely large interval
values. The bed_index_core() function in bedidx.c uses the interval end
coordinate to calculate allocation size without sufficient validation. By
supplying a BED record with a crafted end coordinate (e.g., near 2^61), an
attacker can trigger uncontrolled memory allocation requests via
hts_resize_array_()....

Samtools v1.22.1 Improper Handling of Excessive Histogram Bin Counts in Samtools Coverage Leads to Stack Overflow Ron E (Sep 30)
In the samtools coverage subcommand, the -w / --n-bins option allows the
user to specify how many “bins” to produce in the coverage histogram. The
code computes: stats[tid].bin_width = (stats[tid].end - stats[tid].beg) /
n_bins; When the number of bins (n_bins) is extremely large relative to the
region length (end - beg), this integer division can yield zero, or lead to
unexpected behavior in subsequent arithmetic. Later in print_hist(),...

libgeotiff 1.7.4 Heap Buffer Overflow in geotifcp (libgeotiff) During 8-to-4 Bit Downsample with Odd Image Width Ron E (Sep 30)
A heap buffer overflow vulnerability exists in the geotifcp utility,
distributed as part of libgeotiff. The flaw occurs in the function
cpContig2ContigByRow_8_to_4 when processing TIFF images with an odd
ImageWidth and using the -d option (downsampling from 8-bit to 4-bit).
During conversion, the function iterates over pixels in pairs and always
accesses buf_in[i_in+1]. When the width is odd, the last iteration
dereferences one byte past the...

APPLE-SA-09-29-2025-6 visionOS 26.0.1 Apple Product Security via Fulldisclosure (Sep 30)
APPLE-SA-09-29-2025-6 visionOS 26.0.1

visionOS 26.0.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125338.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

FontParser
Available for: Apple Vision Pro
Impact: Processing a maliciously crafted font may lead to unexpected app
termination...

APPLE-SA-09-29-2025-5 macOS Sonoma 14.8.1 Apple Product Security via Fulldisclosure (Sep 30)
APPLE-SA-09-29-2025-5 macOS Sonoma 14.8.1

macOS Sonoma 14.8.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125330.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

FontParser
Available for: macOS Sonoma
Impact: Processing a maliciously crafted font may lead to unexpected app...

APPLE-SA-09-29-2025-4 macOS Sequoia 15.7.1 Apple Product Security via Fulldisclosure (Sep 30)
APPLE-SA-09-29-2025-4 macOS Sequoia 15.7.1

macOS Sequoia 15.7.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125329.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

FontParser
Available for: macOS Sequoia
Impact: Processing a maliciously crafted font may lead to unexpected app...

APPLE-SA-09-29-2025-3 macOS Tahoe 26.0.1 Apple Product Security via Fulldisclosure (Sep 30)
APPLE-SA-09-29-2025-3 macOS Tahoe 26.0.1

macOS Tahoe 26.0.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125328.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

FontParser
Available for: macOS Tahoe
Impact: Processing a maliciously crafted font may lead to unexpected app
termination...

APPLE-SA-09-29-2025-2 iOS 18.7.1 and iPadOS 18.7.1 Apple Product Security via Fulldisclosure (Sep 30)
APPLE-SA-09-29-2025-2 iOS 18.7.1 and iPadOS 18.7.1

iOS 18.7.1 and iPadOS 18.7.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125327.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

FontParser
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and...

APPLE-SA-09-29-2025-1 iOS 26.0.1 and iPadOS 26.0.1 Apple Product Security via Fulldisclosure (Sep 30)
APPLE-SA-09-29-2025-1 iOS 26.0.1 and iPadOS 26.0.1

iOS 26.0.1 and iPadOS 26.0.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125326.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

FontParser
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation
and later, iPad Pro...

SEC Consult SA-20250925-0 :: Multiple Vulnerabilities in iMonitorSoft EAM employee monitoring #CVE-2025-10540 #CVE-2025-10541 #CVE-2025-10542 SEC Consult Vulnerability Lab via Fulldisclosure (Sep 25)
SEC Consult Vulnerability Lab Security Advisory < 20250925-0 >
=======================================================================
title: Multiple Vulnerabilities
product: iMonitorSoft EAM
vulnerable version: iMonitor EAM 9.6394
fixed version: -
CVE number: CVE-2025-10540, CVE-2025-10541, CVE-2025-10542
impact: Critical
homepage:...

SEC Consult SA-20250923-0 :: Missing Certificate Validation leading to RCE in CleverControl employee monitoring software #CVE-2025-10548 SEC Consult Vulnerability Lab via Fulldisclosure (Sep 25)
SEC Consult Vulnerability Lab Security Advisory < 20250923-0 >
=======================================================================
title: Missing Certificate Validation leading to RCE
product: CleverControl employee monitoring software
vulnerable version: 11.5.1041.6
fixed version: -
CVE number: CVE-2025-10548
impact: high
homepage: https://clevercontrol.com...

CyberDanube Security Research 20250919-0 | Multiple Vulnerabilities in Novakon P series Thomas Weber | CyberDanube via Fulldisclosure (Sep 25)
CyberDanube Security Research 20250919-0
-------------------------------------------------------------------------------
title| Multiple Vulnerabilities in Novakon HMI Series
product| Novakon Touch Screen HMI P Series
vulnerable version| P - V2001.A.c518o2
fixed version| -
CVE number| CVE-2025-9962, CVE-2025-9963, CVE-2025-9964,
| CVE-2025-9965, CVE-2025-9966...

CyberDanube Security Research 20250909-0 | Cross-Site Scripting in Schneider ATV 630 Thomas Weber | CyberDanube via Fulldisclosure (Sep 25)
CyberDanube Security Research 20250909-0
-------------------------------------------------------------------------------
title| Reflected XSS
product| ATV 630
vulnerable version| "see Vulnerable versions"
fixed version| none
CVE number| CVE-2025-7746
impact| Medium
homepage| https://www.se.com/
found| 2025-03-11
by| T....

xpra server information disclosure Antoine Martin via Fulldisclosure (Sep 25)
1) About Xpra
Xpra is known as "screen for X11".
https://xpra.org/
"Xpra forwards and synchronizes many extra desktop features, which
allows remote applications to integrate transparently into the client's
desktop environment: audio input and output, printers, clipboard, system
trays, notifications, webcams, etc."

2) Vulnerability
Using the server's "control" subsystem, a client can enable sensitive...

Defense in depth -- the Microsoft way (part 94): BACKDOOR planted in AppLocker Stefan Kanthak via Fulldisclosure (Sep 22)
Hi @ll,

since several years Microsoft installs the DLLs domain_actions.dll
and well_known_domains.dll as part of their Edge browser as well as
Windows' WebView component into each and every user profile,
UNPROTECTED against tampering.

On Windows 11 24H2 their paths are currently
"%LOCALAPPDATA%\Microsoft\Edge\User Data\Domain Actions\3.0.0.16\domain_actions.dll"
"%LOCALAPPDATA%\Microsoft\Edge\User Data\Domain...

More Lists

Dozens of other network security lists are archived at SecLists.Org.