news.russia.network | Published Advisories

ZDI-25-417: Clam AntiVirus UDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Clam AntiVirus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 6.1. The following CVEs are assigned: CVE-2025-20234...

ПОДРОБНЕЕ

ZDI-25-416: ServiceStack FindType Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ServiceStack. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 8.1. The following CVEs are assigned: CVE-2025-6445...

ПОДРОБНЕЕ

ZDI-25-415: ServiceStack GetErrorResponse Improper Input Validation NTLM Relay Vulnerability

This vulnerability allows remote attackers to relay NTLM credentials on affected installations of ServiceStack. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 5.9. The following CVEs are assigned: CVE-2025-6444...

ПОДРОБНЕЕ

ZDI-25-414: Ruby WEBrick read_header HTTP Request Smuggling Vulnerability

This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assigned: CVE-2025-6442...

ПОДРОБНЕЕ