CVE-2025-6188

CVE-2025-6188 affects Arista EOS: specially crafted UDP packets with source port 3503 may be accepted, potentially causing unexpected behavior in UDP services without authentication. Affected EOS releases include 4.30.x, 4.31.x, 4.32.x, 4.33.x, and 4.34.x train lines (exact sub-releases listed in...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2024-36028: mm/hugetlb: fix DEBUGLOCKSWARNON1 when dissolvefreehugetlbfolio bsc1225707. CVE-2024-36348, CVE-2024-36349, CVE-2024-36350, CVE-2024-36357:...

Linux Distros Unpatched Vulnerability : CVE-2016-4570

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service stack consumption via crafted...

CVE-2022-45133

Mahara 21.10 before 21.10.6, 22.04 before 22.04.4, and 22.10 before 22.10.1 allows unsafe font upload for skins. A particularly structured XML file could allow one to traverse the server to obtain access to secure files or cause code execution based on the payload...

CVE-2025-47184

An XML external entities XXE injection vulnerability in the /init API endpoint in Exagid EX10 before 6.4.0 P20, 7.0.1 P12, and 7.2.0 P08 allows an authenticated, unprivileged attacker to achieve information disclosure and privilege escalation via a crafted ISys XML message...

CVE-2022-45134

Mahara 21.10 < 21.10.6, 22.04 < 22.04.4, and 22.10

Linux Distros Unpatched Vulnerability : CVE-2017-14687

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to Data from Faultin...

CVE-2025-47184

An XML external entities XXE injection vulnerability in the /init API endpoint in Exagid EX10 before 6.4.0 P20, 7.0.1 P12, and 7.2.0 P08 allows an authenticated, unprivileged attacker to achieve information disclosure and privilege escalation via a crafted ISys XML message...

ROS-20250821-02

A vulnerability in the BinaryStreamDriver component of the Java library for converting objects to XML or JSON XStream format is related to a buffer overflow on the stack from a manipulated binary input stream. Exploitation of the vulnerability could allow an attacker acting remotely to perform a...

Linux Distros Unpatched Vulnerability : CVE-2019-5427

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - c3p0 version 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion wh...

Linux Distros Unpatched Vulnerability : CVE-2022-24763

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PJSIP is a free and open source multimedia communication library written in the C language. Versions 2.12 and prior contain a denial-of-service vulnerability th...

Linux Distros Unpatched Vulnerability : CVE-2018-20843

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM an...

SUSE CVE-2025-38585

In the Linux kernel, the following vulnerability has been resolved: staging: media: atomisp: Fix stack buffer overflow in gmingetvarint When gmingetconfigvar calls efi.getvariable and the EFI variable is larger than the expected buffer size, two behaviors combine to create a stack buffer overflow...

UBUNTU-CVE-2025-38585

In the Linux kernel, the following vulnerability has been resolved: staging: media: atomisp: Fix stack buffer overflow in gmingetvarint When gmingetconfigvar calls efi.getvariable and the EFI variable is larger than the expected buffer size, two behaviors combine to create a stack buffer overflow...

CVE-2025-38585 staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int()

In the Linux kernel, the following vulnerability has been resolved: staging: media: atomisp: Fix stack buffer overflow in gmingetvarint When gmingetconfigvar calls efi.getvariable and the EFI variable is larger than the expected buffer size, two behaviors combine to create a stack buffer overflow...

CVE-2025-38585

CVE-2025-38585 concerns Linux kernel staging/atomisp: a stack buffer overflow in gmin_get_var_int() triggered when gmin_get_config_var() calls EFI get_variable() with a larger-than-expected EFI variable. The bug stems from two issues: (1) gmin_get_config_var() returning a stale error code on EFI ...

CVE-2025-4044

Improper Restriction of XML External Entity Reference in various Lexmark printer drivers for Windows allows attacker to disclose sensitive information to an arbitrary URL...

Lexmark Universal Print Driver 安全漏洞

Lexmark Universal Print Driver is a printer driver from Lexmark USA. A security vulnerability exists in Lexmark Universal Print Driver that originates from an improperly restricted XML external entity reference, which could lead to the disclosure of sensitive information...

PT-2025-34271 · Undefined · Undefined

CVE-2025-55153 - Apache HTTP Server XML Entity Injection CVE ID : CVE-2025-55153 Published : Aug. 19, 2025, 6:15 p.m. | 1 hour, 59 minutes ago Description : Rejected reason: This CVE is a duplicate of another CVE. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected...

Linux Distros Unpatched Vulnerability : CVE-2015-1283

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple integer overflows in the XMLGetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote...