Puma PROXY Protocol v1 Parser Allows Remote Memory Exhaustion

Impact PROXY protocol support for Puma was added in version 5.5.0. When PROXY protocol v1 support is enabled, Puma reads incoming bytes into an internal buffer. It waits for "\r\n" to determine whether a PROXY v1 line is present. If an attacker opens a TCP connection and continuously sends bytes...

CVE-2026-33724 n8n's Source Control SSH Configuration Uses StrictHostKeyChecking=no

n8n is an open source workflow automation platform. Prior to version 2.5.0, when the Source Control feature is configured to use SSH, the SSH command used for git operations explicitly disabled host key verification. A network attacker positioned between the n8n instance and the remote Git server...

CVE-2026-27799

A flaw was found in ImageMagick, a software suite used for editing and manipulating digital images. This vulnerability, a heap buffer over-read, exists within the component that handles DJVU image files. A local attacker could exploit this by processing a specially crafted DJVU image, leading to ...

PT-2025-13389 · Ibm · Ibm Cloud Pak System

Name of the Vulnerable Software and Affected Versions: IBM Cloud Pak System versions 2.3.3.0 through 2.3.4.1 Description: The issue could allow a user with access to the network to obtain sensitive information from CLI arguments. Recommendations: For versions 2.3.3.0 through 2.3.4.1, consider...

PT-2025-4236

Name of the Vulnerable Software and Affected Versions MySQL Server versions 8.4.3 and prior MySQL Server versions 9.1.0 and prior Description The issue allows a high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks can result in...

PT-2024-3760

Name of the Vulnerable Software and Affected Versions Veeam Backup Enterprise Manager affected versions not specified Description Veeam Backup Enterprise Manager has a flaw that allows unauthenticated users to log in as any user to the enterprise manager web interface. The vulnerability resides i...

PT-2024-2687 · Zoom · Zoom Desktop Client For Windows +2

Name of the Vulnerable Software and Affected Versions: Zoom Desktop Client for Windows affected versions not specified Zoom VDI Client for Windows affected versions not specified Zoom Meeting SDK for Windows affected versions not specified Description: The issue is related to improper input...

PT-2024-1337 · Oracle +8 · Mysql Server +7

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.35 and prior MySQL Server versions 8.2.0 and prior Description: The issue is related to insufficient input validation in the Server: RAPID component of Oracle MySQL Server. It allows a low-privileged attacker with...

PT-2023-25670 · Kratos · Kratos Ngc Indoor Unit

Name of the Vulnerable Software and Affected Versions: Kratos NGC Indoor Unit IDU versions prior to 11.4 Description: The issue allows remote attackers to obtain arbitrary control of the IDU/ODU system due to missing authentication for a critical function. Attackers with layer-3 network access to...

PT-2022-3739 · Oracle · Mysql Cluster

Name of the Vulnerable Software and Affected Versions: MySQL Cluster versions 8.0.29 and prior Description: The issue is related to insufficient input validation in the MySQL Cluster product, which can be exploited by a remote attacker to cause a denial of service. This can result in the ability ...

PT-2020-11849 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 11.0.1 Description: A resource exhaustion issue was addressed with improved input validation. An attacker in a privileged network position may be able to perform denial of service. Recommendations: For versions prior t...

PT-2020-13350 · D Link · D-Link Dsp-W215

Name of the Vulnerable Software and Affected Versions: D-Link DSP-W215 version 1.26b03 Description: The issue concerns the transmission of an obfuscated hash by the device, which can be intercepted and decoded by a network sniffer. Recommendations: For D-Link DSP-W215 version 1.26b03, consider...

PT-2020-6939 · Unknown +4 · Sane-Backends +4

Name of the Vulnerable Software and Affected Versions: SANE Backends versions prior to 1.0.30 Description: The issue is related to a NULL pointer dereference error in the SANE Backends implementation. This can be exploited by a malicious device connected to the same local network as the victim,...

PT-2019-3697 · Mysql Server +6 · Mysql Server +6

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.17 and prior Description: The issue is related to insufficient access control in the MySQL Server product, specifically in the Server: Security: Encryption component. It allows a high-privileged attacker with network...

PT-2022-5171 · Oracle +6 · Mysql Server +5

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 5.7.39 and prior MySQL Server versions 8.0.16 and prior Description: The issue exists due to insufficient input validation in the MySQL Server component, specifically in the Security: Privileges subcomponent. This allows...

PT-2018-3897 · Oracle +1 · Mysql Server

Name of the Vulnerable Software and Affected Versions: Oracle MySQL Server versions 8.0.11 and prior Description: The issue is related to inadequate access control in the Server: Replication component of Oracle MySQL Server. This can be exploited by a remote attacker to cause a denial of service...

SOL02201365 - SLOTH: TLS 1.2 handshake vulnerability CVE-2015-7575

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

Bomgar Remote Support Portal deserializes untrusted data

Overview Bomgar Remote Support version 14.3.1 and possibly earlier versions deserialize untrusted data without sufficient validation, allowing an attacker to potentially execute arbitrary PHP code. Description CWE-502: Deserialization of Untrusted Data Bomgar Remote Support version 14.3.1 and...

Packeteer PacketShaper Web Management Denial of Service

Packeteer PacketShaper Web Management Denial of Service Critical: Less critical Impact: DoS Where: Local network Product: Packeteer PacketShaper http://www.packetshaper.com/ Packeteer PacketShaper is susceptible to a denial of service vulnerability in the web management interface. Requesting a...

Oracle9i Database contains remotely exploitable buffer overflow in "ORACLE.EXE"

Overview A remotely exploitable buffer overflow vulnerability exists in Oracle9i Database. Description A buffer overflow vulnerability exists on all platforms in the following versions of Oracle9i Database: Oracle9i Database Release 2 9i Release 1 8i 8.1.7 8.0.6 The buffer overflow exists in a...