CVE-2025-69599

CVE-2025-69599 affects RayVentory Scan Engine (12.6 Update 8 and earlier). The root cause is privilege escalation when an attacker can influence the PATH environment variable, as described by multiple sources. Red Hat and related advisories corroborate that this condition enables elevated privile...

UBUNTU-CVE-2024-23077

DISPUTED JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBounds via the component /chart/plot/CompassPlot.java. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have...

UBUNTU-CVE-2024-23076

DISPUTED JFreeChart v1.5.4 was discovered to contain a NullPointerException via the component /labels/BubbleXYItemLabelGenerator.java. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may...

UBUNTU-CVE-2023-45931

DISPUTED Mesa 23.0.4 was discovered to contain a NULL pointer dereference in checkxshm for the haserror state. NOTE: this is disputed because there is no scenario in which the vulnerability was demonstrated...

CVE-2023-39017

Removed by vendor...

UBUNTU-CVE-2023-31972

DISPUTED yasm v1.3.0 was discovered to contain a use after free via the function ppgetline at /nasm/nasm-pp.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy...

AZL-35379 CVE-2023-30402 affecting package yasm 1.3.0-17

YASM v1.3.0 was discovered to contain a heap overflow via the function handledotlabel at /nasm/nasm-token.re. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code...

SUSE CVE-2014-2734

The openssl extension in Ruby 2.x does not properly maintain the state of process memory after a file is reopened, which allows remote attackers to spoof signatures within the context of a Ruby script that attempts signature verification after performing a certain sequence of filesystem operation...

CVE-2022-44117

Boa 0.94.14rc21 is vulnerable to SQL Injection via username. NOTE: the is disputed by multiple third parties because Boa does not ship with any support for SQL...

UBUNTU-CVE-2020-11441

DISPUTED phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences to be reflected on an error page. NOTE: the vendor states "I don't see anything specifically exploitable."...

PYSEC-2019-109

DISPUTED A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code...

UBUNTU-CVE-2018-13843

DISPUTED An issue has been found in HTSlib 1.8. It is a memory leak in bgzfgetline in bgzf.c. NOTE: the software maintainer's position is that the "failure to free memory" can be fixed in applications that use the HTSlib library such as test/testbgzf.c in the original report and is not a library...

PT-2006-2646 · Microsoft · Isa Server 2004 +1

Name of the Vulnerable Software and Affected Versions: Microsoft ISA Server 2004 Description: The issue allows remote attackers to bypass certain filtering rules, including ones for ICMP and TCP, via IPv6 packets. However, an established researcher has disputed this, stating that neither Microsof...