479 matches found
CVE-2020-5830
Symantec Endpoint Protection Manager SEPM, prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program...
CVE-2020-27949
This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may cause unexpected changes in memory belonging to processes traced by DTrace...
CVE-2019-12410
While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitialized memory...
CVE-2025-37938 tracing: Verify event formats that have "%*p.."
In the Linux kernel, the following vulnerability has been resolved: tracing: Verify event formats that have "%p.." The trace event verifier checks the formats of trace events to make sure that they do not point at memory that is not in the trace event itself or in data that will never be freed. I...
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2025-1493)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS Virtualization 2.12.1 : openssl (EulerOS-SA-2025-1550)
According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to...
EulerOS Virtualization 2.12.0 : openssl (EulerOS-SA-2025-1565)
According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to...
Alibaba Cloud Linux 3 : 0144: httpd:2.4 (ALINUX3-SA-2023:0144)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2023:0144 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2006-20001: A carefully crafted If:...
Alibaba Cloud Linux 3 : 0176: samba (ALINUX3-SA-2022:0176)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0176 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2016-2124: A flaw was found in the way...
Alibaba Cloud Linux 3 : 0155: curl (ALINUX3-SA-2022:0155)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0155 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-32206: curl 7.84.0 supports chain...
IBM DB2 Multiple Vulnerabilities (7232529, 7232528) (Windows)
According to its self-reported version number, IBM Db2 on Windows may be affected by multiple vulnerabilites: - IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server under specific configurations could allow an authenticated user to cause a denial of service due to insufficient release ...
SUSE-SU-2025:1504-1 Security update for libsoup
This update for libsoup fixes the following issues: - CVE-2025-2784: Fixed heap buffer over-read in skipinsignificantspace when sniffing conten bsc1240750 - CVE-2025-32050: Fixed integer overflow in appendparamquoted bsc1240752 - CVE-2025-32051: Fixed segmentation fault when parsing malformed dat...
RockyLinux 8 : thunderbird (RLSA-2025:2900)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:2900 advisory. firefox: thunderbird: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8 CVE-2025-1938 firefox:...
USN-7484-1 openjdk-24 vulnerabilities
Alicja Kario discovered that the JSSE component of OpenJDK 24 incorrectly handled RSA padding. An Attacker could possibly use this issue to obtain sensitive information. CVE-2025-21587 It was discovered that the Compiler component of OpenJDK 24 incorrectly handled compiler transformations. An...
CVE-2022-49770
CVE-2022-49770 is a Linux kernel vulnerability affecting the ceph component where, if the decoding of snaps fails, the first_realm and realm may reference the same snaprealm memory. This can cause the same memory to be released twice, leading to use-after-free or related instability (BUG_ON). The...
CVE-2022-49770 ceph: avoid putting the realm twice when decoding snaps fails
In the Linux kernel, the following vulnerability has been resolved: ceph: avoid putting the realm twice when decoding snaps fails When decoding the snaps fails it maybe leaving the 'firstrealm' and 'realm' pointing to the same snaprealm memory. And then it'll put it twice and could cause random...
CVE-2022-49770 ceph: avoid putting the realm twice when decoding snaps fails
In the Linux kernel, the following vulnerability has been resolved: ceph: avoid putting the realm twice when decoding snaps fails When decoding the snaps fails it maybe leaving the 'firstrealm' and 'realm' pointing to the same snaprealm memory. And then it'll put it twice and could cause random...
Amazon Linux 2 : docker (ALASECS-2025-054)
The version of docker installed on the remote host is prior to 25.0.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2025-054 advisory. An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing...
USN-7467-2 libxml2 vulnerabilities
USN-7467-1 fixed several vulnerabilities in libxml2. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that the libxml2 Python bindings incorrectly handled certain return values. An attacker could possibly use thi...
USN-7444-1: Synapse vulnerabilities
It was discovered that Synapse network policies could be bypassed via specially crafted URLs. An attacker could possibly use this issue to bypass authentication mechanisms. CVE-2023-32683 It was discovered that Synapse exposed cached device information. An attacker could possibly use this issue t...