CVE-2025-47291

CVE-2025-47291 concerns containerd’s CRI: versions 2.0.1–2.0.4 do not place usernamespaced containers under the Kubernetes cgroup hierarchy, which may cause Kubernetes limits to not be honored and could lead to node denial of service. The issue is fixed in containerd 2.0.5+ and 2.1.0+. Remediatio...

Cisco Webex Services Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. These vulnerabilities are due to improper filtering of user-supplied input. An attacker could exploit these vulnerabilities by persuading a user to follow a...

PT-2025-20856 · Siemens · User Management +4

Name of the Vulnerable Software and Affected Versions: SIMATIC PCS neo versions 4.1 through 5.0 SINEC NMS affected versions not specified SINEMA Remote Connect affected versions not specified Totally Integrated Automation Portal TIA Portal versions 17 through 20 User Management Component UMC...

Important: libsoup3

Issue Overview: A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. CVE-2025-329...

PT-2025-23533 · Unknown +4 · Modsecurity +4

Name of the Vulnerable Software and Affected Versions: ModSecurity versions prior to 2.9.10 Description: The issue is a denial of service vulnerability. It affects the sanitiseArg and its alias sanitizeArg action, which is vulnerable to adding an excessive number of arguments, leading to denial o...

PT-2025-17667 · Sonicwall · Sonicos

Name of the Vulnerable Software and Affected Versions: SonicOS versions 7.1.1-7040 Description: A Null Pointer Dereference vulnerability in the SonicOS SSLVPN Virtual office interface allows a remote, unauthenticated attacker to crash the firewall, potentially leading to a Denial-of-Service DoS...

Important: docker

Issue Overview: An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. CVE-2025-22868 SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or no...

CVE-2025-22459

Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to intercept limited traffic between clients and servers...

RHEL 7 : openstack-cinder, openstack-glance, and openstack-nova update (Moderate) (RHSA-2016:2991)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:2991 advisory. OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute...

Advisory ROSA-SA-2025-2782

Software: c-ares 1.13.0 OS: ROSA Virtualization 3.0 packageevrstring: c-ares-1.13.0-11.rv30 CVE-ID: CVE-2024-25629 BDU-ID: 2024-01708 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the aresreadline function of the C-ares asynchronous DNS query library is related to an operation exceeding buffer...

NodeBB < 2.8.11 DoS Vulnerability

NodeBB is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodebb:nodebb";...

Advisory ROSA-SA-2025-2628

Software: libvncserver 0.9.13 OS: ROSA-CHROME packageevrstring: libvncserver-0.9.13-2 CVE-ID: CVE-2020-29260 BDU-ID: 2024-06666 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the rfbClientCleanup function of the libvncclient component of the libvncclient cross-platform LibVNCServer library is relat...

Advisory ROSA-SA-2025-2613

software: avahi 0.8 WASP: ROSA-CHROME packageevrstring: avahi-0.8-12.git35bb1b.3 CVE-ID: CVE-2021-3468 BDU-ID: 2022-05709 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the clientwork function of the Avahi LAN service discovery system is related to the execution of a loop with an unreachable exi...

Wireshark 3.6.x < 3.6.14, 4.x < 4.0.6 Multiple Vulnerabilities (Jan 2025) - Mac OS X

Wireshark is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wireshark:wireshark"; ifdescripti...

Advisory ROSA-SA-2024-2542

Software: vorbis-tools 1.4.2 OS: ROSA-CHROME packageevrstring: vorbis-tools-1.4.2-3 CVE-ID: CVE-2023-43361 BDU-ID: 2024-02625 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Vorbis-tools package is related to the ability to write beyond buffer boundaries in memory when converting wav files to og...

PT-2024-9587

Name of the Vulnerable Software and Affected Versions GStreamer versions prior to 1.24.10 Description A null pointer dereference issue has been identified in the parse lrc function within gstsubparse.c. This function calls strchr to find the character '' in the string line. If the string line doe...

PT-2024-9618 · Gstreamer +7 · Gstreamer +7

Name of the Vulnerable Software and Affected Versions: GStreamer versions prior to 1.24.10 Description: The issue is related to an out-of-bounds OOB read vulnerability in the gst avi subtitle parse gab2 chunk function within gstavisubtitle.c. This function reads the name length value directly fro...

PT-2024-9620

Name of the Vulnerable Software and Affected Versions GStreamer versions prior to 1.24.10 Description The issue is related to a null dereference vulnerability in the function qtdemux parse sbgp in qtdemux.c. This vulnerability can be exploited by a remote attacker to cause a denial of service...

Service Update 1.32 for Microsoft Dynamics CRM (on-premises) 9.1

Service Update 1.32 for Microsoft Dynamics CRM on-premises 9.1 Introduction Service Update 9.1.32 for Microsoft Dynamics CRM on-premises 9.1 is now available. This article describes the hotfixes and updates that are included in Service Update 9.1.32.05 More information Update package| Version...

CVE-2024-29827

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code...