Lucene search
K

9100 matches found

Cvelist
Cvelist
added 2025/05/01 12:0 a.m.15 views

CVE-2025-46632

Initialization vector IV reuse in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an attacker to discern information about or more easily decrypt encrypted messages between client and server...

0.00266EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/05/01 12:0 a.m.2 views

PT-2025-18434

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the version containing the fix for the double free issue in cpumf pmu event init Description A double free issue was found in the Linux kernel's PMU event initialization functions, specifically in cpumf pmu event...

5.9AI score
Exploits0References14
Positive Technologies
Positive Technologies
added 2025/05/01 12:0 a.m.5 views

PT-2025-18647 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A NULL pointer problem in the free mr init function has been resolved. The issue occurs in a concurrent scenario, resulting in a NULL pointer dereference at virtual address...

5.5CVSS5.1AI score0.0013EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2025/05/01 12:0 a.m.6 views

PT-2025-18706 · Tenda · Tenda Rx2 Pro

Name of the Vulnerable Software and Affected Versions: Tenda RX2 Pro version 16.03.30.14 Description: The issue concerns the reuse of the initialization vector IV in the web management portal, which may allow an attacker to discern information or more easily decrypt encrypted messages between the...

6.5CVSS6.1AI score0.00266EPSS
Exploits1References7
CVE
CVE
added 2025/05/01 12:0 a.m.65 views

CVE-2025-46632

CVE-2025-46632 affects Tenda RX2 Pro (firmware 16.03.30.14). The issue is IV reuse in the web management portal, enabling an attacker to discern information about, or more easily decrypt, messages between client and server. The exploitation details are not provided in the documents, but the CVSS ...

6.5CVSS6.4AI score0.00266EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/05/01 12:0 a.m.7 views

PT-2025-18562

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A issue in the Linux kernel has been resolved, specifically in the j1939 module. The problem was related to the lack of initialization of the CAN header. The read access to canxl...

8.8CVSS7.4AI score0.0129EPSS
Exploits3References1113
Amazon
Amazon
added 2025/04/30 12:0 a.m.15 views

Medium: qt

Issue Overview: In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont munitsPerEm initialization is mishandled. CVE-2023-32573 Affected Packages: qt Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ secti...

6.5CVSS6.8AI score0.00877EPSS
Exploits0
Redos
Redos
added 2025/04/30 12:0 a.m.49 views

ROS-20250430-05

Vulnerability of Erlang programming language OTP library set is related to improper packet handling SFTP. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. denial of service Vulnerability of SSH protocol implementation from Erlang/OTP library...

10CVSS8.2AI score0.97673EPSS
Exploits36
BDU FSTEC
BDU FSTEC
added 2025/04/28 12:0 a.m.3 views

The vulnerability of the `ocfs2_global_read_info()` function in the `/fs/ocfs2/quota_local.c` module of the Linux kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the ocfs2globalreadinfo function in the /fs/ocfs2/quotalocal.c module of the Linux kernel is related to incorrect resource initialization. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected...

7.8CVSS7.2AI score0.00268EPSS
Exploits0References28Affected Software6
Snyk
Snyk
added 2025/04/25 6:30 a.m.3 views

Insecure Default Initialization of Resource

Overview Affected versions of this package are vulnerable to Insecure Default Initialization of Resource due to the misconfiguration of the ReadOnlyPort setting. An attacker can gain unauthorized access to exposed credentials by connecting to the open port without authentication. Remediation...

6.9CVSS7AI score0.00379EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/04/24 12:0 a.m.5 views

The vulnerability of the integrated development environment for software, JetBrains RubyMine, arises from insecure resource initialization, allowing attackers to exploit it to disclose protected information.

The vulnerability of the integrated development environment for software, JetBrains RubyMine, is related to the insecure initialization of resources. Exploiting this vulnerability can allow a malicious actor to disclose protected information...

8.3CVSS5.4AI score0.00205EPSS
Exploits0References2Affected Software1
SUSE CVE
SUSE CVE
added 2025/04/23 2:38 a.m.6 views

SUSE CVE-2025-22110

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkqueue: Initialize ctx to avoid memory allocation error It is possible that ctx in nfqnlbuildpacketmessage could be used before it is properly initialize, which is only initialized by nfqnlgetsksecctx. This pat...

5.5CVSS6.4AI score0.0014EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/04/23 2:38 a.m.4 views

SUSE CVE-2025-22119

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: init wiphywork before allocating rfkill fails syzbort reported a uninitialize wiphyworklock in cfg80211devfree. 1 After rfkill allocation fails, the wiphy release process will be performed, which will cause...

7.1CVSS7.6AI score0.00157EPSS
Exploits0References19
BDU FSTEC
BDU FSTEC
added 2025/04/23 12:0 a.m.6 views

The vulnerability of software for discrete event simulation and automation in Rockwell Automation Arena, related to errors during initialization of variables, allows a perpetrator to execute arbitrary code.

The vulnerability of the software for discrete event simulation and automation in Rockwell Automation Arena is related to errors during initialization of variables. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created DOE file...

7.8CVSS6AI score0.00271EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/04/23 12:0 a.m.5 views

The vulnerability of software for discrete event simulation and automation in Rockwell Automation Arena, related to errors during initialization of variables, allows a perpetrator to execute arbitrary code.

The vulnerability of the software for discrete event simulation and automation in Rockwell Automation Arena is related to errors during initialization of variables. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created DOE file...

7.8CVSS7AI score0.00273EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/04/23 12:0 a.m.5 views

The vulnerability of software for discrete event simulation and automation in Rockwell Automation Arena, related to errors during initialization of variables, allows a perpetrator to execute arbitrary code.

The vulnerability of the software for discrete event simulation and automation in Rockwell Automation Arena is related to errors during initialization of variables. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created DOE file...

7.8CVSS7AI score0.00273EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/04/19 12:0 a.m.6 views

The vulnerability of the hclge_ptp_get_cycle() function in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the hclgeptpgetcycle function in the Linux operating system is related to incorrect initialization of resources. Exploiting this vulnerability can allow an attacker to cause a service failure...

4.6CVSS6.5AI score0.00176EPSS
Exploits0References16Affected Software7
OSV
OSV
added 2025/04/18 7:1 a.m.14 views

CVE-2025-39728 clk: samsung: Fix UBSAN panic in samsung_clk_init()

In the Linux kernel, the following vulnerability has been resolved: clk: samsung: Fix UBSAN panic in samsungclkinit With UBSANARRAYBOUNDS=y, I'm hitting the below panic due to dereferencing ctx-clkdata.hws before setting ctx-clkdata.num = nrclks. Move that up to fix the crash. UBSAN: array index...

5.5CVSS6.1AI score0.00214EPSS
Exploits0References13
Vulnrichment
Vulnrichment
added 2025/04/18 7:1 a.m.2 views

CVE-2025-39728 clk: samsung: Fix UBSAN panic in samsung_clk_init()

In the Linux kernel, the following vulnerability has been resolved: clk: samsung: Fix UBSAN panic in samsungclkinit With UBSANARRAYBOUNDS=y, I'm hitting the below panic due to dereferencing ctx-clkdata.hws before setting ctx-clkdata.num = nrclks. Move that up to fix the crash. UBSAN: array index...

7.5AI score0.00214EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2025/04/18 1:30 a.m.2 views

SUSE CVE-2024-58096

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: add srng-lock for ath11khalsrng in monitor mode ath11khalsrng should be used with srng-lock to protect srng data. For ath11kdprxmondestprocess and ath11kdpfullmonprocessrx, they use ath11khalsrng for many times but...

6.1CVSS7.7AI score0.00167EPSS
Exploits0References16
Rows per page
Query Builder