Linux Distros Unpatched Vulnerability : CVE-2020-10730

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4...

Linux Distros Unpatched Vulnerability : CVE-2020-10742

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS client to crash. In some cases, a reach out of the inde...

Linux Distros Unpatched Vulnerability : CVE-2021-20304

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in OpenEXR's hufDecode functionality. This flaw allows an attacker who can pass a crafted file to be processed by OpenEXR, to trigger an...

Linux Distros Unpatched Vulnerability : CVE-2021-20255

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller...

Linux Distros Unpatched Vulnerability : CVE-2020-14314

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken...

GHSA-VF6X-59HH-332F Formwork has a cross-site scripting (XSS) vulnerability in Site title

Summary The site title field at /panel/options/site/allows embedding JS tags, which can be used to attack all members of the system. This is a widespread attack and can cause significant damage if there is a considerable number of users. Impact The attack is widespread, leveraging what XSS can do...

K000149929: tcpdump vulnerability CVE-2020-8037

Security Advisory Description The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. CVE-2020-8037 Impact This flaw allows a remote attacker to send specially crafted packets that, when printed, can lead the application to allocate a large amount of memory,...

velocity: arbitrary code execution when attacker is able to modify templates

A flaw was found in velocity. An attacker, able to modify Velocity templates, may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. The highest threat from this vulnerability is to data confidentiality and integrity...

jackson-databind: Serialization gadgets in anteros-core

A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

velocity: arbitrary code execution when attacker is able to modify templates

A flaw was found in velocity. An attacker, able to modify Velocity templates, may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. The highest threat from this vulnerability is to data confidentiality and integrity...

KLA84647 DoS vulnerability in Wireshark

Denial of service vulnerability was found in Wireshark. Malicious users can exploit this vulnerability to cause denial of service. Original advisories wnpa-sec-2025-01 · Bundle Protocol and CBOR dissector crash Related products Wireshark CVE list CVE-2025-1492 critical Solution Update to the late...

CVE-2024-12054

ZF Roll Stability Support Plus RSSPlus is vulnerable to an authentication bypass vulnerability targeting deterministic RSSPlus SecurityAccess service seeds, which may allow an attacker to remotely proximal/adjacent with RF equipment or via pivot from J2497 telematics devices call diagnostic...

KLA80206 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service. Below is a complete list of vulnerabilities: 1. Out of bounds memory access in V8 can be exploited to cause denial of service. 2. Use after free in Navigation ca...

CVE-2024-12054

ZF Roll Stability Support Plus RSSPlus is vulnerable to an authentication bypass vulnerability targeting deterministic RSSPlus SecurityAccess service seeds, which may allow an attacker to remotely proximal/adjacent with RF equipment or via pivot from J2497 telematics devices call diagnostic...

CVE-2024-12054 ZF Roll Stability Support Plus (RSSPlus) Authentication Bypass By Primary Weakness

ZF Roll Stability Support Plus RSSPlus is vulnerable to an authentication bypass vulnerability targeting deterministic RSSPlus SecurityAccess service seeds, which may allow an attacker to remotely proximal/adjacent with RF equipment or via pivot from J2497 telematics devices call diagnostic...

CVE-2025-24031 PAM-PKCS#11 vulnerable to segmentation fault on ctrl-c/ctrl-d when asked for PIN

PAM-PKCS11 is a Linux-PAM login module that allows a X.509 certificate based user login. In versions 0.6.12 and prior, the pampkcs11 module segfaults when a user presses ctrl-c/ctrl-d when they are asked for a PIN. When a user enters no PIN at all, pamgetpwd will never initialize the password...

CVE-2022-1201

NULL Pointer Dereference in mrbvmexec with super in GitHub repository mruby/mruby prior to 3.2. This vulnerability is capable of making the mruby interpreter crash, thus affecting the availability of the system...

CVE-2022-36444

An issue was discovered in Atos Unify OpenScape SBC 9 and 10 before 10R2.2.1, Atos Unify OpenScape Branch 9 and 10 before version 10R2.1.1, and Atos Unify OpenScape BCF 10 before 10R9.12.1. A remote code execution vulnerability may allow an unauthenticated attacker with network access to the admi...