Lucene search
K

800 matches found

OSV
OSV
added 2025/12/05 11:13 a.m.4 views

BIT-PYTHON-MIN-2025-13837 Out-of-memory when loading Plist

When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues...

5.5CVSS6.9AI score0.00193EPSS
Exploits0References10
CVE
CVE
added 2025/12/04 10:4 p.m.47 views

CVE-2025-66506

CVE-2025-66506 affects Fulcio prior to 1.8.3. The identity.extractIssuerURL function splits the untrusted OIDC identity token on periods, which can incur O(n) memory allocations when receiving tokens with many dots. This could lead to resource consumption under malicious input. The issue is fixed...

7.5CVSS6.6AI score0.00191EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2025/12/04 6:3 p.m.7 views

Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.11 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0 for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

6.8CVSS6.9AI score0.0104EPSS
Exploits1References15
Tenable Nessus
Tenable Nessus
added 2025/12/04 12:0 a.m.4 views

RHEL 9 : Red Hat JBoss Enterprise Application Platform 8.0.11 (RHSA-2025:22775)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:22775 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release ...

7.5CVSS7.1AI score0.01256EPSS
Exploits1References20
OpenVAS
OpenVAS
added 2025/12/04 12:0 a.m.2 views

Ubuntu: Security Advisory (USN-7908-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6.8AI score0.00307EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2025/12/03 9:2 a.m.18 views

virt:rhel and virt-devel:rhel security, bug fix, and enhancement update

An update is available for netcf, perl-Sys-Virt, module.libvirt-dbus, module.nbdkit, swtpm, nbdkit, module.libguestfs, module.sgabios, module.swtpm, libtpms, libvirt-python, hivex, sgabios, libvirt-dbus, module.libiscsi, libguestfs, module.virt-v2v, supermin, module.perl-Sys-Virt, module.libnbd,...

7.8CVSS7.8AI score0.05552EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/11/25 12:0 a.m.5 views

SUSE SLED15: grub2 / grub2-arm64-efi / grub2-arm64-efi-debug / etc (SUSE-SU-2025:4196-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4196-1 advisory. - CVE-2025-54770: Fixed missing unregister call for netsetvlan command may lead to use-after-fre...

7.8CVSS6.2AI score0.0019EPSS
Exploits0References23
OSV
OSV
added 2025/11/24 10:54 a.m.3 views

SUSE-SU-2025:4196-1 Security update for grub2

This update for grub2 fixes the following issues: - CVE-2025-54770: Fixed missing unregister call for netsetvlan command may lead to use-after-free bsc1252930 - CVE-2025-54771: Fixed rubfileclose does not properly controls the fs refcount bsc1252931 - CVE-2025-61661: Fixed out-of-bounds write in...

7.8CVSS5.9AI score0.0019EPSS
Exploits0References17
Tenable Nessus
Tenable Nessus
added 2025/11/22 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-43432

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1,...

4.3CVSS6.6AI score0.00775EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.5 views

TencentOS Server 4: skopeo (TSSA-2025:0725)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0725 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

6.8CVSS6.9AI score0.0056EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.4 views

TencentOS Server 3: gimp:2.8 (TSSA-2025:0473)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0473 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

8.8CVSS8AI score0.10561EPSS
Exploits0References4
OSV
OSV
added 2025/11/18 7:15 p.m.4 views

DEBIAN-CVE-2025-61664

A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory Use After Free issue, occurs because the normalexit command is not properly unregistered when its related module is unloaded. An attacker can exploit this condition by invoking the command after...

4.9CVSS5.4AI score0.00121EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/18 6:20 p.m.12 views

CVE-2025-61664 Grub2: missing unregister call for normal_exit command may lead to use-after-free

A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory Use After Free issue, occurs because the normalexit command is not properly unregistered when its related module is unloaded. An attacker can exploit this condition by invoking the command after...

4.9CVSS0.00121EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/11/17 12:0 a.m.5 views

RHEL 10 : kernel (RHSA-2025:21492)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21492 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: crypto: pcrypt - Call crypto...

5.5CVSS6.9AI score0.00185EPSS
Exploits0References7
OSV
OSV
added 2025/11/14 2:45 p.m.12 views

HSEC-2025-0003 Use after free in multithreaded lzma (.xz) decoder

Use after free in multithreaded lzma .xz decoder In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash CVE-2025-31115. The effects include heap use after free and writing to an address based on the null pointer plus ...

8.7CVSS7.5AI score0.00642EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2025/11/12 12:0 a.m.2 views

Huawei EulerOS: Security Advisory for gdb (EulerOS-SA-2025-2321)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS5.6AI score0.0059EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/11/10 12:0 a.m.3 views

AlmaLinux 10 : expat (ALSA-2025:19403)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:19403 advisory. expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing CVE-2025-59375 Tenable h...

7.5CVSS6.3AI score0.01279EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/11/10 12:0 a.m.2 views

RHEL 8 / 9 : Satellite 6.16.5.5 Async Update (Important) (RHSA-2025:19855)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:19855 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessi...

8CVSS7.3AI score0.00591EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2025/11/05 12:0 a.m.8 views

Amazon Linux 2 : webkitgtk4, --advisory ALAS2-2025-3059 (ALAS-2025-3059)

The version of webkitgtk4 installed on the remote host is prior to 2.48.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3059 advisory. The issue was addressed with improved memory handling. This issue is fixed in Safari 26, visionOS 26, watchOS 26, macO...

9.8CVSS6.9AI score0.00952EPSS
Exploits0References12
Amazon
Amazon
added 2025/11/05 12:0 a.m.4 views

Important: webkitgtk4

Issue Overview: The issue was addressed with improved memory handling. This issue is fixed in Safari 26, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to an unexpected Safari crash. CVE-2025-43272 A correctness issue was address...

9.8CVSS6.4AI score0.00952EPSS
Exploits0
Rows per page
Query Builder