800 matches found
BIT-PYTHON-MIN-2025-13837 Out-of-memory when loading Plist
When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues...
CVE-2025-66506
CVE-2025-66506 affects Fulcio prior to 1.8.3. The identity.extractIssuerURL function splits the untrusted OIDC identity token on periods, which can incur O(n) memory allocations when receiving tokens with many dots. This could lead to resource consumption under malicious input. The issue is fixed...
Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.11 security update
A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0 for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
RHEL 9 : Red Hat JBoss Enterprise Application Platform 8.0.11 (RHSA-2025:22775)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:22775 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release ...
Ubuntu: Security Advisory (USN-7908-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
virt:rhel and virt-devel:rhel security, bug fix, and enhancement update
An update is available for netcf, perl-Sys-Virt, module.libvirt-dbus, module.nbdkit, swtpm, nbdkit, module.libguestfs, module.sgabios, module.swtpm, libtpms, libvirt-python, hivex, sgabios, libvirt-dbus, module.libiscsi, libguestfs, module.virt-v2v, supermin, module.perl-Sys-Virt, module.libnbd,...
SUSE SLED15: grub2 / grub2-arm64-efi / grub2-arm64-efi-debug / etc (SUSE-SU-2025:4196-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4196-1 advisory. - CVE-2025-54770: Fixed missing unregister call for netsetvlan command may lead to use-after-fre...
SUSE-SU-2025:4196-1 Security update for grub2
This update for grub2 fixes the following issues: - CVE-2025-54770: Fixed missing unregister call for netsetvlan command may lead to use-after-free bsc1252930 - CVE-2025-54771: Fixed rubfileclose does not properly controls the fs refcount bsc1252931 - CVE-2025-61661: Fixed out-of-bounds write in...
Linux Distros Unpatched Vulnerability : CVE-2025-43432
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1,...
TencentOS Server 4: skopeo (TSSA-2025:0725)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0725 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
TencentOS Server 3: gimp:2.8 (TSSA-2025:0473)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0473 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
DEBIAN-CVE-2025-61664
A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory Use After Free issue, occurs because the normalexit command is not properly unregistered when its related module is unloaded. An attacker can exploit this condition by invoking the command after...
CVE-2025-61664 Grub2: missing unregister call for normal_exit command may lead to use-after-free
A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory Use After Free issue, occurs because the normalexit command is not properly unregistered when its related module is unloaded. An attacker can exploit this condition by invoking the command after...
RHEL 10 : kernel (RHSA-2025:21492)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21492 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: crypto: pcrypt - Call crypto...
HSEC-2025-0003 Use after free in multithreaded lzma (.xz) decoder
Use after free in multithreaded lzma .xz decoder In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash CVE-2025-31115. The effects include heap use after free and writing to an address based on the null pointer plus ...
Huawei EulerOS: Security Advisory for gdb (EulerOS-SA-2025-2321)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
AlmaLinux 10 : expat (ALSA-2025:19403)
The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:19403 advisory. expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing CVE-2025-59375 Tenable h...
RHEL 8 / 9 : Satellite 6.16.5.5 Async Update (Important) (RHSA-2025:19855)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:19855 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessi...
Amazon Linux 2 : webkitgtk4, --advisory ALAS2-2025-3059 (ALAS-2025-3059)
The version of webkitgtk4 installed on the remote host is prior to 2.48.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3059 advisory. The issue was addressed with improved memory handling. This issue is fixed in Safari 26, visionOS 26, watchOS 26, macO...
Important: webkitgtk4
Issue Overview: The issue was addressed with improved memory handling. This issue is fixed in Safari 26, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to an unexpected Safari crash. CVE-2025-43272 A correctness issue was address...