Lucene search
K

799 matches found

Rosalinux
Rosalinux
added 2025/02/24 12:28 p.m.14 views

Advisory ROSA-SA-2025-2710

Software: libxml2 2.9.7 OS: ROSA Virtualization 3.0 packageevrstring: libxml2-2.9.7-18.0.1 CVE-ID: CVE-2021-3518 BDU-ID: 2021-05283 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the xinclude.c component of the Libxml2 library is related to memory usage after it has been freed. Exploitation of th...

8.8CVSS7.4AI score0.0828EPSS
Exploits0
NVD
NVD
added 2025/02/19 11:15 p.m.11 views

CVE-2025-25942

An issue in Bento4 v1.6.0-641 allows an attacker to obtain sensitive information via the the mp4fragment tool when processing invalid files. Specifically, memory allocated in SampleArray::SampleArray in Mp4Fragment.cpp is not properly released...

6.5CVSS0.00351EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/02/19 12:0 a.m.6 views

CVE-2025-25942

An issue in Bento4 v1.6.0-641 allows an attacker to obtain sensitive information via the the mp4fragment tool when processing invalid files. Specifically, memory allocated in SampleArray::SampleArray in Mp4Fragment.cpp is not properly released...

6.3AI score0.00351EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2025/02/18 12:0 a.m.25 views

OpenBSD OpenSSH 9.5p1 - 9.9p1 DoS Vulnerability

OpenBSD OpenSSH is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

6.8CVSS6.5AI score0.38474EPSS
Exploits5References6
RedhatCVE
RedhatCVE
added 2025/02/14 11:3 a.m.9 views

CVE-2024-22393

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Pixel Flood Attack by uploading large pixel files will cause server out of memory. A logged-in user can cause such an attack by uploading an image when posting content...

9.1CVSS6.6AI score0.0248EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/02/13 12:0 a.m.5 views

PT-2025-6503 · Lexmark · Lexmark Devices

Name of the Vulnerable Software and Affected Versions: Lexmark devices affected versions not specified Description: A heap-based memory issue has been identified in the Postscript interpreter of various Lexmark devices. This issue can be leveraged by an attacker to execute arbitrary code...

7.3CVSS6.8AI score0.00397EPSS
Exploits0References8
NVD
NVD
added 2025/02/12 2:15 p.m.7 views

CVE-2025-21694

In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix softlockup in readvmcore part 2 Since commit 5cbcb62dddf5 "fs/proc: fix softlockup in readvmcore" the number of softlockups in readvmcore at kdump time have gone down, but they still happen sometimes. In a memory...

5.5CVSS0.00216EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2025/02/12 12:0 a.m.5 views

PT-2025-7066 · Node.Js +1 · Node.Js +1

Name of the Vulnerable Software and Affected Versions: parse-duraton versions prior to 2.1.3 Description: The issue is related to an event loop delay due to the CPU-bound operation of resolving the provided string, which can range from 0.5ms to 50ms per operation, depending on the size of the inp...

7.5CVSS6.6AI score0.00715EPSS
Exploits0References9
RustSec
RustSec
added 2025/02/10 12:0 p.m.15 views

totally-safe-transmute allows transmuting any type to any other type in safe Rust

This crate is a toy and should never be used. It showcases a known soundness issue https://github.com/rust-lang/rust/issues/32670 that will never get fixed. In short, Linux provides a file called /proc/self/mem which can be used by a program to modify its own memory. This library modifies an enum...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/02/10 12:0 a.m.9 views

Azure Linux 3.0 Security Update: cert-manager / containerized-data-importer / cri-o / dcos-cli / keda / kubernetes (CVE-2024-28180)

The version of cert-manager / containerized-data-importer / cri-o / dcos-cli / keda / kubernetes installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-28180 advisory. - Package jose aims to provide an...

4.3CVSS6.9AI score0.01956EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/02/10 12:0 a.m.8 views

Azure Linux 3.0 Security Update: kernel (CVE-2024-49983)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-49983 advisory. - In the Linux kernel, the following vulnerability has been resolved: ext4: drop ppath from...

7.8CVSS6.1AI score0.00249EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 12:31 p.m.10 views

CVE-2024-43410

Russh is a Rust SSH client & server library. Allocating an untrusted amount of memory allows any unauthenticated user to OOM a russh server. An SSH packet consists of a 4-byte big-endian length, followed by a byte stream of this length. After parsing and potentially decrypting the 4-byte length,...

7.5CVSS6.7AI score0.00912EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:34 a.m.5 views

CVE-2024-23835

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.3, excessive memory use during pgsql parsing could lead to OOM-related crashes. This vulnerability is patched in 7.0.3. As workaround, users can disable the...

7.5CVSS6.6AI score0.00927EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 6:57 a.m.8 views

CVE-2024-32663

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 and 6.0.19...

7.5CVSS6.6AI score0.00956EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/01/29 12:0 a.m.8 views

Vulnerability of components fs/ext4/inode.c and fs/ext4/super.c in the Linux operating system’s kernel, which allows a hacker to cause a service failure

The vulnerability in the fs/ext4/inode.c and fs/ext4/super.c components of the Linux operating system’s kernel relates to the use of memory after it is freed. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

5.5CVSS6.7AI score0.02081EPSS
Exploits1References13Affected Software3
OSV
OSV
added 2025/01/27 10:15 p.m.2 views

CVE-2025-24085

A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been...

10CVSS7.2AI score0.18668EPSS
Exploits6References20
Vulnrichment
Vulnrichment
added 2025/01/27 9:45 p.m.6 views

CVE-2025-24118

The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to cause unexpected system termination or write kernel memory...

8.2AI score0.03613EPSS
Exploits2References3
Ubuntu
Ubuntu
added 2025/01/27 7:4 p.m.24 views

USN-7179-4: Linux kernel (Xilinx ZynqMP) vulnerabilities

Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2020-12351 Andy Nguyen discovered that the...

8.8CVSS8.1AI score0.07693EPSS
Exploits7
Positive Technologies
Positive Technologies
added 2025/01/27 12:0 a.m.3 views

PT-2025-5319 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 15.3 Description: The issue was addressed with improved memory handling. An app may be able to cause unexpected system termination or corrupt kernel memory. Recommendations: For versions prior to 15.3, update to macOS...

5.5CVSS6.2AI score0.00204EPSS
Exploits0References8
OpenVAS
OpenVAS
added 2025/01/22 12:0 a.m.14 views

Ubuntu: Security Advisory (USN-7220-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS4.4AI score0.00367EPSS
Exploits0References2
Rows per page
Query Builder