CVE-2025-66624

CVE-2025-66624 affects the BACnet Protocol Stack prior to 1.5.0.rc2. The npdu_is_expected_reply function indexes APDU bytes (request_pdu[offset+2/3/5] and reply_pdu[offset+1/2/4]) without validating existence, allowing out-of-bounds reads in tiny PDUs. This can cause an immediate crash (DoS) on A...

CVE-2025-66624 BACnet-stack MS/TP reply matcher OOB read

BACnet Protocol Stack library provides a BACnet application layer, network layer and media access MAC layer communications services. Prior to 1.5.0.rc2, The npduisexpectedreply function in src/bacnet/npdu.c indexes requestpduoffset+2/3/5 and replypduoffset+1/2/4 without verifying that those APDU...

MGASA-2025-0255 Updated sope packages fix security vulnerability

It was discovered that sope, the set of Objective-C frameworks powering SOGo, contains a DoS bug which could cause a crash CVE-2025-53603...

mysql: InnoDB unspecified vulnerability (CPU Jul 2025)

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

Linux Distros Unpatched Vulnerability : CVE-2022-21554

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is Prior to 6.1.36. Easily...

CVE-2023-21899

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...

CVE-2024-21165

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Pluggable Auth. Supported versions that are affected are 8.0.37 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successfu...

mysql: Server: Stored Procedure unspecified vulnerability (CPU Oct 2022)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Stored Procedure. Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

XWorm Trojan 2.1 NULL Pointer Dereference

Exploit Author: TOUHAMI KASBAOUI Vendor Homepage: https://blog.cyble.com/2022/08/19/evilcoder-project-selling-multiple-dangerous-tools-online/ Software Link: N/A Version: 2.1 Tested on: Windows 10 CVE : N/A ================================================================== THE BUG : NULL pointer...

Denial Of Service (DoS)

vim is vulnerable to denial of service. The vulnerability exists due to a heap-based Buffer Overflow allowing an attacker to crash the system...

CVE-2021-2171

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MyS...

SUSE-SU-2015:2338-1 Security update for xen

This update fixes the following security issues: - bsc955399 - Fix xm migrate --logprogress. Due to logic error progress was not logged when requested. - bsc956832 - CVE-2015-8345: xen: qemu: net: eepro100: infinite loop in processing command block list - bsc956592 - xen: virtual PMU is unsupport...

libraw / libKDCraw DoS

Crash on raw images parsing...

RealVNC DOS Crash PoC-vulnerability warning-the black bar safety net

ealVNC Windows Client 4.1.2 Remote DOS Crash PoC !/ usr/bin/php ? php RealVNC Windows Client DoS AppName: vncviewer.exe AppVer: 4.1.2.0 ModName: vncviewer.exe ModVer: 4.1.2.0 Offset: 000229e0 function vncear $port = "5 9 0 0"; $ser = socketcreateAFINET, SOCKSTREAM, SOLTCP;...

Ethereal: Multiple vulnerabilities

Background Ethereal is a feature rich network protocol analyzer. Description There are multiple vulnerabilities in versions of Ethereal earlier than 0.10.8, including: Bug in DICOM dissection discovered by Bing could make Ethereal crash CAN 2004-1139. An invalid RTP timestamp could make Ethereal...