3660 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-63811
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in dvsekhvalnov jose2go 1.5.0 thru 1.7.0 allowing an attacker to cause a Denial- of-Service DoS via crafted JSON Web Encryption JWE toke...
adaptivewaf
Adaptive Web Application Firewall WAF - v1 Rule-Based A hob...
CVE-2025-22288
CVE-2025-22288 is a path traversal vulnerability in the WordPress Smush Image Compression and Optimization plugin (wp-smushit) by WPMU DEV. The issue is described as a directory traversal flaw allowing access via a path like '.../...//', affecting the Smush Image Compression and Optimization plug...
PT-2025-45187
Path Traversal: '.../...//' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Smush Image Compression and Optimization wp-smushit allows Path Traversal.This issue affects Smush Image Compression and Optimization: from n/a through = 3.17.0...
WordPress plugin Smush Image Compression and Optimization 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A security...
[SECURITY] Fedora 43 Update: rust-astral-tokio-tar-0.5.6-1.fc43
A Rust implementation of an async TAR file reader and writer. This library does not currently handle compression, but it is abstract over all I/O readers and writers. Additionally, great lengths are taken to ensure that the entire contents are never required to be entirely resident in memory all ...
TencentOS Server 4: lz4 (TSSA-2025:0847)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0847 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
[SECURITY] Fedora 42 Update: rust-astral-tokio-tar-0.5.6-1.fc42
A Rust implementation of an async TAR file reader and writer. This library does not currently handle compression, but it is abstract over all I/O readers and writers. Additionally, great lengths are taken to ensure that the entire contents are never required to be entirely resident in memory all ...
[SECURITY] Fedora 41 Update: rust-astral-tokio-tar-0.5.6-1.fc41
A Rust implementation of an async TAR file reader and writer. This library does not currently handle compression, but it is abstract over all I/O readers and writers. Additionally, great lengths are taken to ensure that the entire contents are never required to be entirely resident in memory all ...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Added more checks for DSC / HUBP ONO guarantees REASON For non-zero DSC instances, it is possible that the HUBP domain required to drive sequential ONO ASICs may not be met. This could cause the logic to enter an...
AZL-68991 CVE-2025-58183 affecting package buildah 1.18.0-29
tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a...
CVE-2025-40063 crypto: comp - Use same definition of context alloc and free ops
In the Linux kernel, the following vulnerability has been resolved: crypto: comp - Use same definition of context alloc and free ops In commit 42d9f6c77479 "crypto: acomp - Move scomp stream allocation code into acomp", the cryptoacompstreams struct was made to rely on having the allocctx and...
Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Use of Uninitialized Resource (CVE-2024-49900)
In the Linux kernel, the following vulnerability has been resolved: jfs: Fix uninit-value access of newea in eabuffer syzbot reports that lzo1x1docompress is using uninit-value: ===================================================== BUG: KMSAN: uninit-value in lzo1x1docompress+0x19f9/0x2510...
CVE-2025-62813
CVE-2025-62813 corresponds to a vulnerability in LZ4 processing of untrusted frames (CVE-2025-62813) that can cause a denial of service or other unspecified impact. Connected advisories show affected packages across Linux distributions: LZ4 (versions less than 1.9.4-2 on Amazon Linux 2/ALAS2 and ...
编号撤回
LZ4 is a lossless compression algorithm open-sourced by lz4. This CVE number has been withdrawn...
CVE-2025-55081
In Eclipse Foundation NextX Duo before 6.4.4, a module of ThreadX, the nxsecuretlsprocessclienthello function was missing length verification of certain SSL/TLS client hello message: the ciphersuite length and compression method length. In case of an attacker-crafted message with values outside o...
CVE-2025-55081
In Eclipse Foundation NextX Duo before 6.4.4, a module of ThreadX, the nxsecuretlsprocessclienthello function was missing length verification of certain SSL/TLS client hello message: the ciphersuite length and compression method length. In case of an attacker-crafted message with values outside o...
EUVD-2025-34608
In Eclipse Foundation NextX Duo before 6.4.4, a module of ThreadX, the nxsecuretlsprocessclienthello function was missing length verification of certain SSL/TLS client hello message: the ciphersuite length and compression method length. In case of an attacker-crafted message with values outside o...
CVE-2025-55081 Potential out of bound read in _nx_secure_tls_process_clienthello()
In Eclipse Foundation NextX Duo before 6.4.4, a module of ThreadX, the nxsecuretlsprocessclienthello function was missing length verification of certain SSL/TLS client hello message: the ciphersuite length and compression method length. In case of an attacker-crafted message with values outside o...
CVE-2025-55081
CVE-2025-55081 affects Eclipse Foundation NextX Duo (ThreadX module) prior to version 6.4.4. The vulnerability is in the _nx_secure_tls_process_clienthello() function, which omits length verification for certain SSL/TLS client_hello fields (ciphersuite length and compression method length). Attac...