Lucene search
K

6765 matches found

OSV
OSV
added 2025/04/21 12:15 a.m.8 views

CVE-2025-43963

In LibRaw before 0.21.4, phaseonecorrect in decoders/loadmfbacks.cpp allows out-of-buffer access because splitcol and splitrow values are not checked in 0x041f tag processing...

9.1CVSS6.8AI score
Exploits0References4
OSV
OSV
added 2025/04/21 12:15 a.m.5 views

AZL-61780 CVE-2025-43962 affecting package LibRaw 0.21.3-1

In LibRaw before 0.21.4, phaseonecorrect in decoders/loadmfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations...

9.1CVSS5.8AI score0.00367EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/20 12:0 a.m.12 views

CVE-2025-43963

In LibRaw before 0.21.4, phaseonecorrect in decoders/loadmfbacks.cpp allows out-of-buffer access because splitcol and splitrow values are not checked in 0x041f tag processing...

2.9CVSS0.00367EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2025/04/20 12:0 a.m.9 views

CVE-2025-43964

In LibRaw before 0.21.4, tag 0x412 processing in phaseonecorrect in decoders/loadmfbacks.cpp does not enforce minimum w0 and w1 values...

9.8CVSS6.1AI score0.00347EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/04/20 12:0 a.m.6 views

CVE-2025-43963

In LibRaw before 0.21.4, phaseonecorrect in decoders/loadmfbacks.cpp allows out-of-buffer access because splitcol and splitrow values are not checked in 0x041f tag processing...

2.9CVSS6.9AI score0.00367EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/04/20 12:0 a.m.8 views

CVE-2025-43964

In LibRaw before 0.21.4, tag 0x412 processing in phaseonecorrect in decoders/loadmfbacks.cpp does not enforce minimum w0 and w1 values...

2.9CVSS7AI score0.00347EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2025/04/19 12:0 a.m.6 views

Do You Really Need Public Data? Surrogate Public Data for Differential Privacy on Tabular Data

Differentially private DP machine learning often relies on the availability of public data for tasks like privacy-utility trade-off estimation, hyperparameter tuning, and pretraining. While public data assumptions may be reasonable in text and image domains, they are less likely to hold for tabul...

6.8AI score
Exploits0
OSV
OSV
added 2025/04/17 7:25 a.m.3 views

CLSA-2025-1744874696 Fix CVE(s): CVE-2024-7592

SECURITY UPDATE: Quadratic complexity, resulting in excess CPU while parsing - debian/patches/CVE-2024-7592.patch: fix quadratic complexity in parsing "-quoted cookie values with backslashes - CVE-2024-7592...

7.5CVSS5.7AI score0.02303EPSS
Exploits1References1
OSV
OSV
added 2025/04/16 6:16 p.m.5 views

AZL-60557 CVE-2025-22872 affecting package docker-compose for versions less than 2.27.0-5

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

6.5CVSS6.6AI score0.0045EPSS
Exploits0References1
OSV
OSV
added 2025/04/16 6:16 p.m.8 views

AZL-60486 CVE-2025-22872 affecting package containerd2 for versions less than 2.0.0-9

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

6.5CVSS6.6AI score0.0045EPSS
Exploits0References1
OSV
OSV
added 2025/04/16 6:16 p.m.10 views

CVE-2025-22872

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

6.6AI score
Exploits0References5
OSV
OSV
added 2025/04/16 6:16 p.m.8 views

AZL-60528 CVE-2025-22872 affecting package cert-manager for versions less than 1.12.15-4

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

6.5CVSS6.6AI score0.0045EPSS
Exploits0References1
OSV
OSV
added 2025/04/16 6:16 p.m.6 views

AZL-60545 CVE-2025-22872 affecting package cf-cli for versions less than 8.7.11-3

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

6.5CVSS6.6AI score0.0045EPSS
Exploits0References1
OSV
OSV
added 2025/04/16 6:16 p.m.6 views

AZL-60479 CVE-2025-22872 affecting package influxdb for versions less than 2.7.5-5

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

6.5CVSS6.6AI score0.0045EPSS
Exploits0References1
OSV
OSV
added 2025/04/16 3:16 p.m.7 views

AZL-62788 CVE-2025-23131 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: dlm: prevent NPD when writing a positive value to eventdone douevent returns the value written to eventdone. In case it is a positive value, newlockspace would undo all the work, and lockspace would not be set. dlmnewlockspace,...

5.5CVSS5.8AI score0.00131EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/16 2:12 p.m.1 views

CVE-2025-22080 fs/ntfs3: Prevent integer overflow in hdr_first_de()

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Prevent integer overflow in hdrfirstde The "deoff" and "used" variables come from the disk so they both need to check. The problem is that on 32bit systems if they're both greater than UINTMAX - 16 then the check does...

7.8AI score0.00165EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/04/16 12:0 a.m.2 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a null pointer dereference that may result when dlm handles positive eventdone values...

5.5CVSS6.5AI score0.00131EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:28 a.m.21 views

Security Bulletin: IBM PowerHA SystemMirror for IBM i is vulnerable to multiple vulnerabilities in the PowerHA Web Interface [CVE-2024-55897, CVE-2024-55896]

Summary The IBM PowerHA SystemMirror for IBM i Web Interface is vulnerable to obtaining cookie values CVE-2024-55897 and hijacking the clicking action of users CVE-2024-55896 as described in the vulnerability details section. The PowerHA Web Interface allows easy management of PowerHA operations...

5.4CVSS5.1AI score0.00215EPSS
Exploits0Affected Software2
OSV
OSV
added 2025/04/14 9:37 a.m.5 views

CLSA-2025-1744623473 python3.11: Fix of CVE-2024-7592

CVE-2024-7592: fix quadratic complexity in parsing "-quoted cookie values with backslashes...

7.5CVSS6.7AI score0.02303EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/04/14 6:40 a.m.25 views

CVE-2025-3418

The WPC Admin Columns plugin for WordPress is vulnerable to privilege escalation in versions 2.0.6 to 2.1.0. This is due to the plugin not properly restricting user meta values that can be updated through the ajaxeditsave function. This makes it possible for authenticated attackers, with...

8.8CVSS7.2AI score0.00338EPSS
Exploits0References1
Rows per page
Query Builder