The vulnerability of the Find My function in macOS and iPadOS systems allows a perpetrator to disclose protected information.

The vulnerability of the Find My function in macOS and iPadOS is related to insufficient protection of service data. Exploiting this vulnerability can allow attackers to disclose sensitive information...

CVE-2025-23279

Summary (CVE-2025-23279) NVIDIA .run Installer for Linux and Solaris contains a race condition that could allow privilege escalation. The issue is local-execution (AV:L, AC:H, PR:L) with high impact, potentially enabling code execution, privilege escalation, information disclosure, DoS, or data t...

The vulnerability of the WebContentFilter filter in macOS operating systems allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the WebContentFilter filter in macOS operating systems is related to insufficient protection of service data. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information...

SUSE CVE-2025-38304

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix NULL pointer deference on eirgetservicedata The len parameter is considered optional so it can be NULL so it cannot be used for skipping to next entry of EIRSERVICEDATA...

DEBIAN-CVE-2025-38304

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix NULL pointer deference on eirgetservicedata The len parameter is considered optional so it can be NULL so it cannot be used for skipping to next entry of EIRSERVICEDATA...

AZL-64949 CVE-2025-38304 affecting package kernel for versions less than 6.6.96.1-1

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix NULL pointer deference on eirgetservicedata The len parameter is considered optional so it can be NULL so it cannot be used for skipping to next entry of EIRSERVICEDATA...

UBUNTU-CVE-2025-38304

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix NULL pointer deference on eirgetservicedata The len parameter is considered optional so it can be NULL so it cannot be used for skipping to next entry of EIRSERVICEDATA...

CVE-2025-38304 Bluetooth: Fix NULL pointer deference on eir_get_service_data

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix NULL pointer deference on eirgetservicedata The len parameter is considered optional so it can be NULL so it cannot be used for skipping to next entry of EIRSERVICEDATA...

The vulnerability of the Windows Imaging Component (WIC) framework in Windows operating systems allows attackers to disclose protected information.

The vulnerability of the Windows Imaging Component WIC framework in Windows operating systems is related to insufficient protection of service data. Exploiting this vulnerability can allow attackers to disclose protected information...

The vulnerability in the WebCompat extension of Mozilla browsers, including Mozilla Firefox and Firefox ESR, allows attackers to disclose protected information.

The vulnerability of the WebCompat extension in Mozilla Firefox and Firefox ESR browsers is related to insufficient protection for service data. Exploiting this vulnerability can allow a malicious actor to disclose protected information remotely...

CVE-2025-5915 Libarchive: heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.c

A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber LZSS window. This means the library may attempt to read beyond the allocated memory buffer, which can...

CVE-2025-47711

There's a flaw in the nbdkit server when handling responses from its plugins regarding the status of data blocks. If a client makes a specific request for a very large data range, and a plugin responds with an even larger single block, the nbdkit server can encounter a critical internal error,...

PT-2025-29024

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A NULL pointer dereference issue was resolved in the Bluetooth stack within the Linux kernel, specifically in the eir get service data function. The len parameter within this function ...

The vulnerability of the OneDev collaborative development platform, related to insufficient protection of service data, allows a hacker to read arbitrary files.

The vulnerability of the OneDev collaborative development platform is related to insufficient protection for service data. Exploiting this vulnerability allows a remote attacker to read arbitrary files...

The vulnerability of the SolidWall WAF, related to insufficient protection of service data, allows attackers to gain unauthorized access to the protected information.

The vulnerability of the SolidWall WAF lies in the insufficient protection of operational data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the BFCache technology used by Google Chrome and Microsoft Edge browsers allows a hacker to gain unauthorized access to protected information.

The vulnerability of the BFCache technology used by Google Chrome and Microsoft Edge is related to insufficient protection of service data. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...

The vulnerability of the virtio-scsi, virtio-blk, and virtio-crypt components of the QEMU hardware emulation driver’s virtqueue_push() function allows a attacker to disclose sensitive information.

The vulnerability of the virtio-scsi, virtio-blk, and virtio-crypt components of the QEMU hardware emulation driver’s virtqueuepush function is related to insufficient protection of service data. Exploiting this vulnerability can allow an attacker to disclose protected information through the...

CVE-2022-21353

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogi...

CVE-2021-23009

On BIG-IP version 16.0.x before 16.0.1.1 and 15.1.x before 15.1.3, malformed HTTP/2 requests may cause an infinite loop which causes a Denial of Service for Data Plane traffic. TMM takes the configured HA action when the TMM process is aborted. There is no control plane exposure, this is a data...

CVE-2013-4839

Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1851...