246 matches found
CVE-2025-9086 Out of bounds read for cookie path
A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname, but using clear text HTTP using the same cookie set 3. The same cookie name is set - but with just a slash as path path="/",. Since this site is not...
Security update for the Linux Kernel (Live Patch 61 for SLE 12 SP5)
This update for the Linux Kernel 4.12.14-122231 fixes several issues. The following security issues were fixed: CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF bsc1237930. CVE-2025-38000: schhfsc: Fix qlen accounting bug when using peek in hfscenqueue bsc1245775. CVE-2024-47674: mm: avo...
Out of bounds read for cookie path
A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname, but using clear text HTTP using the same cookie set 3. The same cookie name is set - but with only a slash as path path="/". Since this site is not...
USN-7740-1: LibEtPan vulnerability
It was discovered that LibEtPan incorrectly handled memory when parsing IMAP STATUS responses. A remote attacker could possibly use this issue to cause LibEtPan to crash, resulting in a denial of service...
comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl()
...
Linux Distros Unpatched Vulnerability : CVE-2018-4315
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows,...
USN-7715-1: nginx vulnerability
It was discovered that the nginx ngxmailsmtpmodule module incorrectly handled certain memory operations when doing SMTP authentication. This could possibly result in sensitive information being sent to the authentication server...
Linux Distros Unpatched Vulnerability : CVE-2023-6873
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory safety bugs present in Firefox 120. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could ha...
Linux Distros Unpatched Vulnerability : CVE-2018-1000039
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Artifex MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or caus...
CLSA-2025-1755603149 Fix of 5 CVEs
OpenJDK 8u462 release - CVE-2025-30749: Java 2D heap corruption, code execution/DoS - CVE-2025-30754: JSSE TLS handshake flaw, weakened encryption - CVE-2025-30761: nashorn sandbox bypass, code execution - CVE-2025-50059: HTTP client header bug, data leak - CVE-2025-50106: Glyph rendering memory...
KLA86785 Multiple vulnerabilities in Mozilla Thunderbird
Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, cause denial of service. Below is a complete list of vulnerabilities: 1. Memory corruption vulnerability in the GMP process can be...
IdMap from_iter may lead to uninitialized memory being freed on drop
Due to a flaw in the constructor idmap::IdMap::fromiter, ill-formed objects may be created in which the amount of actually initialized memory is less than what is expected by the fields of IdMap. Specifically, the field ids is initialized based on the capacity of the vector values, which is...
Linux Distros Unpatched Vulnerability : CVE-2018-6129
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds array access in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially perform out of bounds memory access via a...
Linux Distros Unpatched Vulnerability : CVE-2023-1999
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode function and loop through to free best.bw and assign best =...
Linux Distros Unpatched Vulnerability : CVE-2021-23979
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mozilla developers reported memory safety bugs present in Firefox 85. Some of these bugs showed evidence of memory corruption and we presume that with enough...
Linux Distros Unpatched Vulnerability : CVE-2022-38478
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. Some of these bugs showed evidenc...
Linux Distros Unpatched Vulnerability : CVE-2025-21888
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA/mlx5: Fix a WARN during deregmr for DM type Memory regions MR of type DM device memory do not have an associated umem. In the mlx5ibderegmr -...
USN-7696-1 libssh vulnerabilities
Ronald Crane discovered that libssh incorrectly handled certain base64 conversions. An attacker could use this issue to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2025-4877 Ronald Crane discovered that libssh incorrectly handled the...
RHEL 9 : kernel (RHSA-2025:13602)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:13602 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: crypto: algifhash - fix doubl...
CVE-2025-55159
slab is a pre-allocated storage for a uniform data type. In version 0.4.10, the getdisjointmut method incorrectly checked if indices were within the slab's capacity instead of its length, allowing access to uninitialized memory. This could lead to undefined behavior or potential crashes. This has...