Lucene search
K

23141 matches found

OSV
OSV
added 2025/05/09 12:43 p.m.4 views

OESA-2025-1498 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

7.5CVSS6.9AI score0.00485EPSS
Exploits0References3
OSV
OSV
added 2025/05/08 12:35 p.m.3 views

USN-7504-1 libreoffice vulnerability

Juraj Šarinay discovered that LibreOffice incorrectly handled verifying PDF signatures. A remote attacker could possibly use this issue to generate PDF files that appear to have a valid signature...

5.5CVSS5.9AI score0.00096EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/05/08 11:39 a.m.2 views

SUSE CVE-2025-47256

Libxmp through 4.6.2 has a stack-based buffer overflow in depackpha in loaders/prowizard/pha.c via a malformed Pha format tracker module in a .mod file...

5.6CVSS7.5AI score0.00247EPSS
Exploits1References4
GithubExploit
GithubExploit
added 2025/05/08 12:57 a.m.113 views

Exploit for Unrestricted Upload of File with Dangerous Type in Sap Netweaver

SAP CVE-2025-31324 Check Overview This template is designe...

10CVSS7.8AI score0.99359EPSS
Exploits18
Packet Storm News
Packet Storm News
added 2025/05/08 12:0 a.m.2 views

Economic Security of Multiple Shared Security Protocols

Whitepaper called Economic Security Of Multiple Shared Security Protocols...

7AI score
Exploits0
OSV
OSV
added 2025/05/07 7:16 p.m.8 views

CVE-2025-45388

Wagtail CMS 6.4.1 is vulnerable to a Stored Cross-Site Scripting XSS in the document upload functionality. Attackers can inject malicious code inside a PDF file. When a user clicks the document in the CMS interface, the payload executes. NOTE: this is disputed by the Supplier because "It has been...

6.1CVSS5.8AI score0.00253EPSS
Exploits0References5
OSV
OSV
added 2025/05/07 7:13 p.m.5 views

RLSA-2024:6197 Moderate: ghostscript security update

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fixes: ghostscript: format string injection leads to shell command execution SAFER bypass...

6.8CVSS7.2AI score0.27992EPSS
Exploits6References4
Rockylinux
Rockylinux
added 2025/05/07 7:11 p.m.6 views

vorbis-tools security update

An update is available for vorbis-tools. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The vorbis-tools packages provide an encoder, a decoder, a playback tool...

7.8CVSS7.2AI score0.00448EPSS
Exploits1
OSV
OSV
added 2025/05/07 7:11 p.m.4 views

RLSA-2024:3095 Moderate: vorbis-tools security update

The vorbis-tools packages provide an encoder, a decoder, a playback tool, and a comment editor for Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format. Security Fixes: vorbis-tools: Buffer Overflow vulnerability CVE-2023-43361...

7.3CVSS7.8AI score0.00448EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2025/05/07 9:46 a.m.8 views

Moderate: Red Hat Security Advisory: libtiff security update

An update for libtiff is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

8.8CVSS6.9AI score0.10639EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2025/05/07 12:0 a.m.1 views

Configure the Remote Log Server

rsyslog can send local logs to a remote log server for unified storage. This facilitates centralized log management, prevents local logs from occupying too much drive space and being tampered with. If remote log storage is not configured, rsyslog logs are stored in local files. As far as the...

6.6AI score
Exploits0References3
OpenVAS
OpenVAS
added 2025/05/07 12:0 a.m.3 views

Configure Audit Rules for User Information Changes

Generally, for deployed services, users and user groups do not change. Passwords, however, are changed periodically but not frequently due to validity periods. It is recommended that key authentication and authorization data be audited and monitored so that changes can be traced. Performing attac...

6.9AI score
Exploits0References2
OpenVAS
OpenVAS
added 2025/05/07 12:0 a.m.2 views

Record System Authentication-related Events in Logs

System authentication-related events must be recorded to help analyze users SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

6.9AI score
Exploits0References4
OpenVAS
OpenVAS
added 2025/05/07 12:0 a.m.3 views

Ensure That the Group Names Are Unique

The user group names in /etc/group must be unique. If user group names in /etc/group are duplicate, only the GID of the first user group in /etc/group is valid. If the administrator runs commands such as useradd or groupadd to add users or user groups, duplicate user group names typically do not...

7AI score
Exploits0References4
OpenVAS
OpenVAS
added 2025/05/07 12:0 a.m.2 views

Configure the Default Policies of iptables to DROP Properly

Generally, iptables policies can be configured in allowlist or blocklist mode. You are advised to configure iptables policies in allowlist mode. Connections that do not comply with the rules in the allowlist are prohibited. Therefore, you can configure the DROP or REJECT policy for the INPUT,...

6.9AI score
Exploits0References2
OpenVAS
OpenVAS
added 2025/05/07 12:0 a.m.2 views

Ensure That Mounting for Unnecessary File System Is Removed

Linux supports multiple file systems through kernel objects loaded to the kernel. As a universal OS platform, openEuler provides various kernel object files in the /lib/modules/kernel version/kernel/fs/ directory to support different file systems. You can run the insmod or modprobe command to loa...

7.1AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/05/07 12:0 a.m.12 views

RockyLinux 9 : ghostscript (RLSA-2024:6197)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:6197 advisory. ghostscript: format string injection leads to shell command execution SAFER bypass CVE-2024-29510 ghostscript: path traversal and command execution due t...

6.3CVSS7.3AI score0.27992EPSS
Exploits6References7
OSV
OSV
added 2025/05/07 12:0 a.m.10 views

ALSA-2025:4658 Moderate: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: Heap-based buffer overflow in tools/pal2rgb.c can lead to denial of service CVE-2017-17095 For more details about the security issues, including the impact, a CVSS...

8.8CVSS7.1AI score0.10639EPSS
Exploits1References4
AlmaLinux
AlmaLinux
added 2025/05/07 12:0 a.m.15 views

Moderate: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: Heap-based buffer overflow in tools/pal2rgb.c can lead to denial of service CVE-2017-17095 For more details about the security issues, including the impact, a CVSS...

8.8CVSS8.9AI score0.10639EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2025/05/06 8:31 p.m.4 views

jinja2: Jinja has a sandbox breakout through indirect reference to format method

A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...

7.8CVSS7.5AI score0.005EPSS
Exploits0References7
Rows per page
Query Builder