800 matches found
RHEL 9 : Red Hat JBoss Enterprise Application Platform 8.1.3 (RHSA-2026:0384)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0384 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release o...
CVE-2023-31914
Jerryscript 3.0 commit 05dbbd1 was discovered to contain out-of-memory issue in malloc...
CVE-2018-4421
A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.1...
CVE-2022-26722
A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain root privileges...
Security Bulletin: Security vulnerabilities have been found in IBM Verify Identity Access Digital Credentials (CVE-2025-56200, CVE-2025-64118, CVE-2025-59343)
Summary Security vulnerabilities have been addressed in IBM Verify Identity Access Digital Credentials Vulnerability Details CVEID:CVE-2025-56200 DESCRIPTION: A URL validation bypass vulnerability exists in validator.js through version 13.15.15. The isURL function uses '://' as a delimiter to par...
SUSE CVE-2025-69228
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a request to be crafted in such a way that an AIOHTTP server's memory fills up uncontrollably during processing. If an application includes a handler that uses the Request.post method, ...
Amazon Linux 2 : containerd, --advisory ALAS2NITRO-ENCLAVES-2025-083 (ALASNITRO-ENCLAVES-2025-083)
The version of containerd installed on the remote host is prior to 2.1.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2025-083 advisory. SSH Agent servers do not validate the size of messages when processing new identity requests, which may...
Amazon Linux 2 : containerd, --advisory ALAS2DOCKER-2025-093 (ALASDOCKER-2025-093)
The version of containerd installed on the remote host is prior to 2.1.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2025-093 advisory. SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the...
CVE-2025-66023
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. Versions prior to 0.24.5 have a Heap-Use-After-Free UAF vulnerability within the MQTT bridge client component implemented via the underlying NanoNNG library. The vulnerability is triggered when NanoMQ acts as a bridge connecting ...
PT-2026-24126
Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-16 ImageMagick versions prior to 6.9.13-41 Description ImageMagick is software for editing and manipulating digital images. A heap use-after-free issue exists in ImageMagick’s MSL decoder. By crafting a...
EulerOS Virtualization 2.13.0 : expat (EulerOS-SA-2025-2608)
According to the versions of the expat package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted fo...
Important: Red Hat Security Advisory: webkit2gtk3 security update
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
Linux Distros Unpatched Vulnerability : CVE-2025-68376
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - coresight: ETR: Fix ETR buffer use-after-free issue When ETR is enabled as CSMODESYSFS, if the buffer size is changed and enabled again, currently sysfsbuf will...
openSUSE 16 Security Update : chromium (openSUSE-SU-2025:20178-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025:20178-1 advisory. Changes in chromium: Chromium 143.0.7499.146 boo1255115: CVE-2025-14765: Use after free in WebGPU CVE-2025-14766: Out of bounds read and write i...
SUSE SLES12: libjavascriptcoregtk-4_0-18 / libwebkit2gtk-4_0-37 / etc (SUSE-SU-2025:4423-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4423-1 advisory. Update to version 2.50.3. Security issues fixed: - CVE-2025-13502: processing of maliciously crafted payloads by the GLib remote inspector serv...
RHEL 9 : webkit2gtk3 (RHSA-2025:23700)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:23700 advisory. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: webkitgtk: Use-after-free...
OESA-2025-2833 ImageMagick security update
Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...
CVE-2025-66033
Okta Java Management SDK facilitates interactions with the Okta management API. In versions 21.0.0 through 24.0.0, specific multithreaded implementations may encounter memory issues as threads are not properly cleaned up after requests are completed. Over time, this can degrade performance and...
MGASA-2025-0324 Updated python3 packages fix security vulnerabilities
Excessive read buffering DoS in http.client. CVE-2025-13836 Out-of-memory when loading Plist. CVE-2025-13837 Quadratic complexity in node ID cache clearing. CVE-2025-12084...
GHSA-F83F-XPX7-FFPW Fulcio allocates excessive memory during token parsing
Function identity.extractIssuerURL currently splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request with an invalid OIDC identity token in the payload containing many period characters, a call to extractIssuerURL incurs...