1048 matches found
Linux Distros Unpatched Vulnerability : CVE-2023-4130
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: fix wrong next length validation of ea buffer in smb2setea There are multiple smb2eainfo buffers in FILEFULLEAINFORMATION request from client. ksmbd find...
The Biosig Project libbiosig Nex parsing out-of-bounds read vulnerability
Talos Vulnerability Report TALOS-2025-2238 The Biosig Project libbiosig Nex parsing out-of-bounds read vulnerability August 25, 2025 CVE Number CVE-2025-52461 SUMMARY An out-of-bounds read vulnerability exists in the Nex parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branc...
CVE-2023-4130
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix wrong next length validation of ea buffer in smb2setea There are multiple smb2eainfo buffers in FILEFULLEAINFORMATION request from client. ksmbd find next smb2eainfo using -NextEntryOffset of current smb2eainfo. ksmbd...
CVE-2023-4130 ksmbd: fix wrong next length validation of ea buffer in smb2_set_ea()
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix wrong next length validation of ea buffer in smb2setea There are multiple smb2eainfo buffers in FILEFULLEAINFORMATION request from client. ksmbd find next smb2eainfo using -NextEntryOffset of current smb2eainfo. ksmbd...
Description of the security update for SharePoint Server 2019 Language Pack: July 8, 2025 (KB5002739)
Description of the security update for SharePoint Server 2019 Language Pack: July 8, 2025 KB5002739 Summary This security update resolves a Microsoft Word remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures...
HDF5 安全漏洞
HDF5 is a data management suite developed by The HDF Group for storing and managing large-scale scientific data. A buffer overflow vulnerability exists in HDF5 1.14.6 and earlier versions, which stems from improper handling of the H5Ofsinfoencode function in the /src/H5Ofsinfo.c file. An attacker...
CVE-2024-0191
A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/uploads/. The manipulation leads to file and directory information exposure. It is possible to launch the attack remotely. The exploit...
CVE-2019-10319
A missing permission check in Jenkins PAM Authentication Plugin 1.5 and earlier, except 1.4.1 in PamSecurityRealm.DescriptorImpldoTest allowed users with Overall/Read permission to obtain limited information about the file /etc/shadow and the user Jenkins is running as...
The vulnerability of the Git-based software platform for collaborative code development on GitLab, related to the leakage of file and directory information, allows a hacker to exploit the access token in the logs.
The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to the leakage of information about files and directories. Exploiting this vulnerability can allow a malicious actor to gain access to tokens recorded in logs...
CVE-2024-7043
An improper access control vulnerability in open-webui/open-webui v0.3.8 allows attackers to view and delete any files. The application does not verify whether the attacker is an administrator, allowing the attacker to directly call the GET /api/v1/files/ interface to retrieve information on all...
February 11, 2025—Hotpatch KB5052106 (OS Build 20348.3148)
None None...
Description of the security update for the remote code execution vulnerability in Visual Studio 2015 Update 3: February 11, 2025 (KB5049688)
Description of the security update for the remote code execution vulnerability in Visual Studio 2015 Update 3: February 11, 2025 KB5049688 Applies to: All Visual Studio 2015 Update 3 editions except Integrated Shell and Build Tools. Summary A remote code execution vulnerability exists in Microsof...
The vulnerability of the Adobe Document Service component in the SAP NetWeaver AS for Java software for creating and deploying web applications allows a perpetrator to compromise the confidentiality of protected information.
The vulnerability of the Adobe Document Service component in SAP NetWeaver AS for Java software for creating and deploying web applications is related to the leakage of file and directory information. Exploiting this vulnerability can allow an attacker to compromise the confidentiality of protect...
Description of the security update for Word 2016: November 12, 2024 (KB5002619)
Description of the security update for Word 2016: November 12, 2024 KB5002619 Summary This security update resolves a Microsoft Word security feature bypass vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2024-49033. Note: To apply this...
Description of the security update for SharePoint Server Subscription Edition: November 12, 2024 (KB5002651)
Description of the security update for SharePoint Server Subscription Edition: November 12, 2024 KB5002651 Summary This security update for SharePoint Server provides defense-in-depth updates to help improve security-related features. To learn more about the updates, see Microsoft Advisory...
A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.
...
October 8, 2024—KB5044288 (OS Build 25398.1189)
October 8, 2024—KB5044288 OS Build 25398.1189 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server, version 23H2, see its update history page. Improvements This security update...
Description of the security update for Excel 2016: October 8, 2024 (KB5002643)
Description of the security update for Excel 2016: October 8, 2024 KB5002643 Summary This security update resolves a Microsoft Excel remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2024-43504. Note: To apply...
CVE-2024-42406
Mattermost CVE-2024-42406 affects Mattermost Server versions 9.11.x <= 9.11.0, 9.10.x <= 9.10.1, 9.9.x <= 9.9.2 and 9.5.x
PT-2024-29929 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.5.x through 9.5.8 Mattermost versions 9.9.x through 9.9.2 Mattermost versions 9.10.x through 9.10.1 Mattermost versions 9.11.x through 9.11.0 Description: The issue allows an attacker to retrieve post and file informatio...