Full Disclosure: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

39 messages starting Sep 08 25 and ending Sep 08 25
Date index | Thread index | Author index

Andrey Stoykov

CSV Injection - silverstripecmsv6.0.0 Andrey Stoykov (Sep 08)
Host Header Injection - silverstripecmsv6.0.0 Andrey Stoykov (Sep 08)

Apple Product Security via Fulldisclosure

APPLE-SA-08-20-2025-4 macOS Sonoma 14.7.8 Apple Product Security via Fulldisclosure (Sep 08)
APPLE-SA-08-20-2025-5 macOS Ventura 13.7.8 Apple Product Security via Fulldisclosure (Sep 08)
APPLE-SA-08-20-2025-3 macOS Sequoia 15.6.1 Apple Product Security via Fulldisclosure (Sep 08)
APPLE-SA-08-20-2025-2 iPadOS 17.7.10 Apple Product Security via Fulldisclosure (Sep 08)
APPLE-SA-08-20-2025-1 iOS 18.6.2 and iPadOS 18.6.2 Apple Product Security via Fulldisclosure (Sep 08)

Asterisk Development Team via Fulldisclosure

Asterisk Security Release 20.15.2 Asterisk Development Team via Fulldisclosure (Sep 08)
Asterisk Security Release 22.5.2 Asterisk Development Team via Fulldisclosure (Sep 08)
Asterisk Security Release 18.26.4 Asterisk Development Team via Fulldisclosure (Sep 08)
Asterisk Security Release 21.10.2 Asterisk Development Team via Fulldisclosure (Sep 08)

George Joseph via Fulldisclosure

Certified Asterisk Security Release certified-18.9-cert17 George Joseph via Fulldisclosure (Sep 08)

Joseph Goydish II via Fulldisclosure

Apple’s A17 Pro Chip: Critical Flaw Causes Dual Subsystem Failure & Forensic Log Loss Joseph Goydish II via Fulldisclosure (Sep 08)

josephgoyd via Fulldisclosure

(iOS 18.6.2) Improper Input Validation in Siri Shortcuts and Shared Web Credentials josephgoyd via Fulldisclosure (Sep 08)
[Zero-Day] AppleMediaServices Fail-Open Auth Bypass (All Platforms) josephgoyd via Fulldisclosure (Sep 08)

Matthew Fernandez

Re: Apple’s A17 Pro Chip: Critical Flaw Causes Dual Subsystem Failure & Forensic Log Loss Matthew Fernandez (Sep 10)

naphthalin via Fulldisclosure

User Enumeration in IServ Schoolserver Web Login naphthalin via Fulldisclosure (Sep 10)

Ron E

libheif v1.21.0 Heap Buffer Overflow in Chunk::Chunk Ron E (Sep 08)
FFmpeg 7.0+ LADSPA Filter Arbitrary Shared Object Loading via Unsanitized Environment Variables Ron E (Sep 08)
FFmpeg 7.0+ Heap Use-After-Free in FFmpeg HLS Demuxer (libavformat/utils.c) Ron E (Sep 08)
DjVuLibre 3.5.29 IW44EncodeCodec Integer Overflow (Negative Left Shift in IW44Image::Map::Encode) Ron E (Sep 08)
FFmpeg 7.0+ Integer Overflow in FFmpeg cache: Protocol (CacheEntry::size) Ron E (Sep 08)
libheif v1.21.0 Out-of-Bounds Read in Box_stts::get_sample_duration Ron E (Sep 08)
libheif v1.21.0 Out-of-Bounds Read in FullBox::get_flags Ron E (Sep 08)
DjVuLibre 3.5.29 ZPCodec Unsigned Integer Overflow in Arithmetic Encoding Ron E (Sep 08)
libheif v1.21.0 Null Pointer Dereference in std::vector<unsigned>::empty Ron E (Sep 08)
libheif v1.21.0 Integer Overflow in Y4M Loader leading to Uncontrolled Memory Allocation Ron E (Sep 08)
libheif 1.21.0 Use-After-Free / Dangling shared_ptr in Track Chunk Handling Ron E (Sep 08)
FFmpeg 7.0+ Type Confusion in FFmpeg Function Pointer Calls (libavformat/utils.c) Ron E (Sep 08)
libheif v1.21.0 Null Pointer Dereference in Box_hdlr::get_handler_type Ron E (Sep 08)
FFmpeg 7.0+ Integer Overflow in DSCP Option Handling of FFmpeg UDP Protocol Ron E (Sep 08)
FFmpeg 7.0+ Integer Overflow in FFmpeg yuvcmp Tool Leads to Out-of-Bounds Allocation Ron E (Sep 08)
FFmpeg 7.0+ NULL Pointer Dereference in FFmpeg String Handling (avstring.c) Ron E (Sep 08)
FFmpeg 7.0+ Integer Overflow in UDP Protocol Handler (fifo_size option) Ron E (Sep 08)

SEC Consult Vulnerability Lab via Fulldisclosure

SEC Consult SA-20250908-0 :: NFC Card Vulnerability Exploitation Leading to Free Top-Up in KioSoft "Stored Value" Unattended Payment Solution (Mifare) SEC Consult Vulnerability Lab via Fulldisclosure (Sep 08)

Seralys Research Team via Fulldisclosure

CVE-2024-45438 - SpamTitan Unauthenticated User Creation Seralys Research Team via Fulldisclosure (Sep 08)

Stefan Kanthak via Fulldisclosure

Defense in depth -- the Microsoft way (part 92): more stupid blunders of Windows' File Explorer Stefan Kanthak via Fulldisclosure (Sep 08)

Taylor Newsome

Critical Security Report – Remote Code Execution via Persistent Discord WebRTC Automation Taylor Newsome (Sep 08)
Submission of Critical Firmware Parameters – PCIe HCA Cards Taylor Newsome (Sep 08)

Previous period

Next period