Lucene search
K

246 matches found

Cvelist
Cvelist
added 2025/09/12 5:10 a.m.8 views

CVE-2025-9086 Out of bounds read for cookie path

A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname, but using clear text HTTP using the same cookie set 3. The same cookie name is set - but with just a slash as path path="/",. Since this site is not...

0.01301EPSS
Exploits1References3
SUSE Linux
SUSE Linux
added 2025/09/10 12:34 p.m.2 views

Security update for the Linux Kernel (Live Patch 61 for SLE 12 SP5)

This update for the Linux Kernel 4.12.14-122231 fixes several issues. The following security issues were fixed: CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF bsc1237930. CVE-2025-38000: schhfsc: Fix qlen accounting bug when using peek in hfscenqueue bsc1245775. CVE-2024-47674: mm: avo...

8.5CVSS7.7AI score0.00265EPSS
Exploits0References20
curl security advisories
curl security advisories
added 2025/09/10 8:0 a.m.8 views

Out of bounds read for cookie path

A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname, but using clear text HTTP using the same cookie set 3. The same cookie name is set - but with only a slash as path path="/". Since this site is not...

7.5CVSS6.5AI score0.01301EPSS
Exploits1References1Affected Software2
Ubuntu
Ubuntu
added 2025/09/08 2:23 p.m.4 views

USN-7740-1: LibEtPan vulnerability

It was discovered that LibEtPan incorrectly handled memory when parsing IMAP STATUS responses. A remote attacker could possibly use this issue to cause LibEtPan to crash, resulting in a denial of service...

5.5CVSS5.7AI score0.00542EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2025/09/07 8:4 a.m.4 views

comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl()

...

5.5CVSS6.8AI score0.00162EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2018-4315

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows,...

8.8CVSS7.7AI score0.09388EPSS
Exploits2References2
Ubuntu
Ubuntu
added 2025/08/25 12:14 p.m.5 views

USN-7715-1: nginx vulnerability

It was discovered that the nginx ngxmailsmtpmodule module incorrectly handled certain memory operations when doing SMTP authentication. This could possibly result in sensitive information being sent to the authentication server...

6.3CVSS5.2AI score0.00371EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/24 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2023-6873

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory safety bugs present in Firefox 120. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could ha...

8.8CVSS8.6AI score0.00846EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/21 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2018-1000039

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Artifex MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or caus...

7.8CVSS7.4AI score0.01848EPSS
Exploits1References2
OSV
OSV
added 2025/08/19 11:32 a.m.10 views

CLSA-2025-1755603149 Fix of 5 CVEs

OpenJDK 8u462 release - CVE-2025-30749: Java 2D heap corruption, code execution/DoS - CVE-2025-30754: JSSE TLS handshake flaw, weakened encryption - CVE-2025-30761: nashorn sandbox bypass, code execution - CVE-2025-50059: HTTP client header bug, data leak - CVE-2025-50106: Glyph rendering memory...

8.6CVSS7.2AI score0.01058EPSS
Exploits1References1
Kaspersky
Kaspersky
added 2025/08/19 12:0 a.m.7 views

KLA86785 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, cause denial of service. Below is a complete list of vulnerabilities: 1. Memory corruption vulnerability in the GMP process can be...

9.8CVSS8.9AI score0.0053EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/08/18 3:10 p.m.8 views

IdMap from_iter may lead to uninitialized memory being freed on drop

Due to a flaw in the constructor idmap::IdMap::fromiter, ill-formed objects may be created in which the amount of actually initialized memory is less than what is expected by the fields of IdMap. Specifically, the field ids is initialized based on the capacity of the vector values, which is...

7.2AI score
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2018-6129

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds array access in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially perform out of bounds memory access via a...

6.5CVSS7.4AI score0.02746EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/15 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2023-1999

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode function and loop through to free best.bw and assign best =...

7.5CVSS6.7AI score0.00952EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/15 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2021-23979

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mozilla developers reported memory safety bugs present in Firefox 85. Some of these bugs showed evidence of memory corruption and we presume that with enough...

8.8CVSS8.5AI score0.00925EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/15 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2022-38478

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. Some of these bugs showed evidenc...

8.8CVSS7.8AI score0.00905EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/15 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2025-21888

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA/mlx5: Fix a WARN during deregmr for DM type Memory regions MR of type DM device memory do not have an associated umem. In the mlx5ibderegmr -...

5.5CVSS6.7AI score0.00177EPSS
Exploits0References4
OSV
OSV
added 2025/08/14 6:35 a.m.7 views

USN-7696-1 libssh vulnerabilities

Ronald Crane discovered that libssh incorrectly handled certain base64 conversions. An attacker could use this issue to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2025-4877 Ronald Crane discovered that libssh incorrectly handled the...

8.1CVSS7AI score0.02394EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/12 12:0 a.m.3 views

RHEL 9 : kernel (RHSA-2025:13602)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:13602 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: crypto: algifhash - fix doubl...

7.8CVSS6.9AI score0.00175EPSS
Exploits0References7
NVD
NVD
added 2025/08/11 11:15 p.m.3 views

CVE-2025-55159

slab is a pre-allocated storage for a uniform data type. In version 0.4.10, the getdisjointmut method incorrectly checked if indices were within the slab's capacity instead of its length, allowing access to uninitialized memory. This could lead to undefined behavior or potential crashes. This has...

5.1CVSS0.00156EPSS
Exploits0References3
Rows per page
Query Builder