Lucene search
K

23147 matches found

CNNVD
CNNVD
added 2025/03/19 12:0 a.m.2 views

WhatsApp 安全漏洞

WhatsApp is a suite of mobile applications from WhatsApp, an American company that uses the Internet to transmit text messages. The application uses contact information in a smartphone to find contacts using the software to transmit text, images, and more. A security vulnerability exists in...

3.5CVSS6.4AI score0.00236EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/03/19 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-30259

The WhatsApp cloud service before late 2024 did not block certain crafted PDF content that can defeat a sandbox protection mechanism and consequently allow remote access to messaging applications by third parties, as exploited in the wild in 2024 for installation of Android malware associated...

3.5CVSS5.8AI score0.00236EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/03/18 7:49 p.m.2 views

jinja2: Jinja sandbox breakout through attr filter selecting format method

A flaw was found in Jinja. In affected versions, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker who controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content o...

8.8CVSS7.6AI score0.00465EPSS
Exploits0References6
OSV
OSV
added 2025/03/17 8:16 p.m.4 views

RLSA-2024:9827 Moderate: libvpx security update

The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Security Fixes: libvpx: Integer overflow in vpximgalloc CVE-2024-5197 For more details about the security issues, including the...

7.1CVSS6.9AI score0.00814EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2025/03/17 2:17 p.m.1 views

SUSE CVE-2025-2309

A vulnerability has been found in HDF5 1.14.6 and classified as critical. This vulnerability affects the function H5Tbitcopy of the component Type Conversion Logic. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclos...

7.8CVSS5.3AI score0.00324EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2025/03/17 2:17 p.m.3 views

SUSE CVE-2025-2310

A vulnerability was found in HDF5 1.14.6 and classified as critical. This issue affects the function H5MMstrndup of the component Metadata Attribute Decoder. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and...

7.8CVSS5.2AI score0.00361EPSS
Exploits1References3
Packet Storm News
Packet Storm News
added 2025/03/17 12:0 a.m.9 views

Linux FUSE Use-After-Free

FUSE in Linux allows use-after reads of write buffers, allowing theft of partial /etc/shadow hashes...

7.8CVSS5.5AI score0.01179EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2025/03/17 12:0 a.m.4 views

Creating Scripts to Identify Vulnerable POP Servers

This whitepaper covers how to create Nmap scripts to identify banners and versions of POP servers. It also covers methods to mitigate the public visibility of banners and version information on POP servers. Written in Portuguese...

6.7AI score
Exploits0
Fedora
Fedora
added 2025/03/15 12:50 a.m.22 views

[SECURITY] Fedora 42 Update: OpenImageIO-2.5.16.0-6.fc42

OpenImageIO is a library for reading and writing images, and a bunch of relat ed classes, utilities, and applications. Main features include: - Extremely simple but powerful ImageInput and ImageOutput APIs for reading a nd writing 2D images that is format agnostic. - Format plugins for TIFF,...

8.1CVSS7.4AI score0.01692EPSS
Exploits2
OSV
OSV
added 2025/03/14 9:15 p.m.5 views

DEBIAN-CVE-2025-2310

A vulnerability was found in HDF5 1.14.6 and classified as critical. This issue affects the function H5MMstrndup of the component Metadata Attribute Decoder. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and...

7.8CVSS5.3AI score0.00361EPSS
Exploits1References1
OSV
OSV
added 2025/03/14 9:15 p.m.10 views

AZL-58825 CVE-2025-2310 affecting package hdf5 for versions less than 1.14.6-1

A vulnerability was found in HDF5 1.14.6 and classified as critical. This issue affects the function H5MMstrndup of the component Metadata Attribute Decoder. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and...

7.8CVSS5.9AI score0.00361EPSS
Exploits1References1
OSV
OSV
added 2025/03/14 9:15 p.m.2 views

DEBIAN-CVE-2025-2308

A vulnerability, which was classified as critical, was found in HDF5 1.14.6. This affects the function H5Zscaleoffsetdecompressonebyte of the component Scale-Offset Filter. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed...

7.8CVSS5AI score0.00364EPSS
Exploits1References1
OSV
OSV
added 2025/03/14 9:15 p.m.2 views

UBUNTU-CVE-2025-2310

A vulnerability was found in HDF5 1.14.6 and classified as critical. This issue affects the function H5MMstrndup of the component Metadata Attribute Decoder. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and...

7.8CVSS5.6AI score0.00361EPSS
Exploits1References7
Snyk
Snyk
added 2025/03/14 7:56 p.m.3 views

Deserialization of Untrusted Data

Overview qiskit-terra is a Software for developing quantum computing programs Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the qiskit.qpy.load function. An attacker can execute arbitrary code by crafting a malicious QPY file and loading it via this...

9.8CVSS7.8AI score0.00741EPSS
Exploits0References2
OSV
OSV
added 2025/03/14 7:56 p.m.4 views

GHSA-6M2C-76FF-6VRF Qiskit allows arbitrary code execution decoding QPY format versions < 13

Impact A maliciously crafted QPY file can potentially execute arbitrary-code embedded in the payload without privilege escalation when deserializing QPY formats 13. A python process calling Qiskit's qiskit.qpy.load function could potentially execute any arbitrary Python code embedded in the corre...

9.8CVSS6AI score0.00741EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/03/14 3:32 p.m.9 views

Duplicate Advisory: Qiskit allows arbitrary code execution decoding QPY format versions < 13

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6m2c-76ff-6vrf. This link is maintained to preserve external references. Original Description A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege...

9.8CVSS7.6AI score0.00741EPSS
Exploits0References3Affected Software1
SUSE CVE
SUSE CVE
added 2025/03/14 2:45 p.m.3 views

SUSE CVE-2025-24855

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal...

7.8CVSS7.5AI score0.00324EPSS
Exploits1References12
ATTACKERKB
ATTACKERKB
added 2025/03/14 1:15 p.m.1 views

CVE-2025-2000

A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats 13. A python process calling Qiskit 0.18.0 through 1.4.1's qiskit.qpy.load function could potentially execute any arbitrary Python code embedded...

9.8CVSS6AI score0.00741EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/03/14 2:15 a.m.1 views

ALPINE-CVE-2025-24855

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal...

7.8CVSS7.4AI score0.00324EPSS
Exploits1References1
OSV
OSV
added 2025/03/14 2:15 a.m.0 views

UBUNTU-CVE-2025-24855

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal...

7.8CVSS6.9AI score0.00324EPSS
Exploits1References4
Rows per page
Query Builder