6775 matches found
Denial of Service (DoS)
Overview pytorch-lightning is a lightweight PyTorch wrapper for ML researchers. Scale your models. Write less boilerplate. Affected versions of this package are vulnerable to Denial of Service DoS through the /api/v1/state endpoint of LightningApp. An attacker can cause the server to shut down by...
In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when parsing extremely large cookies.
...
UBUNTU-CVE-2025-0495
Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry...
CVE-2025-0495
Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry...
An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow.
...
CVE-2025-1528
CVE-2025-1528 affects WordPress Plug-in: Search & Filter Pro up to version 2.5.19, due to missing capability check in get_meta_values, allowing authenticated users with Subscriber+ to read arbitrary post Meta. Public references indicate a security release addressing this in 2.5.20. Affected produ...
Updated opensc packages fix security vulnerabilities
Heap buffer overflow in openpgp driver when generating key. CVE-2024-8443 Usage of uninitialized values in libopensc and pkcs15init. CVE-2024-45615 Uninitialized values after incorrect check or usage of apdu response values in libopensc. CVE-2024-45616 Uninitialized values after incorrect or...
MGASA-2025-0096 Updated opensc packages fix security vulnerabilities
Heap buffer overflow in openpgp driver when generating key. CVE-2024-8443 Usage of uninitialized values in libopensc and pkcs15init. CVE-2024-45615 Uninitialized values after incorrect check or usage of apdu response values in libopensc. CVE-2024-45616 Uninitialized values after incorrect or...
firefox: JIT corruption of WASM i32 return values on 64-bit CPUs
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type...
The vulnerability of the MFlash secure data exchange platform lies in the lack of mechanisms for neutralizing elements related to CSV files, allowing attackers to execute arbitrary commands.
The vulnerability of the MFlash secure messaging platform is related to the lack of mechanisms for neutralizing elements related to CSV files. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
Information Disclosure
Jenkins is vulnerable to information disclosure. The vulnerability is due to improper redaction of encrypted secret values in config.xml when accessed via REST API or CLI, allowing attackers with View/Read permission to retrieve sensitive information...
Log Injection
Rack is vulnerable to log injection. The vulnerability is due to the Rack::Sendfile middleware logging unsanitized header values from the X-Sendfile-Type header, allowing an attacker to inject escape sequences into logs...
firefox: JIT corruption of WASM i32 return values on 64-bit CPUs
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type...
The vulnerability of the KWHotel software for hotel management lies in the lack of a mechanism to neutralize elements in the CSV file, allowing a hacker to trigger a service failure.
The vulnerability of the KWHotel hotel management software is related to the lack of mechanisms for neutralizing elements in the CSV file. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
CVE-2025-21843 drm/panthor: avoid garbage value in panthor_ioctl_dev_query()
In the Linux kernel, the following vulnerability has been resolved: drm/panthor: avoid garbage value in panthorioctldevquery 'prioritiesinfo' is uninitialized, and the uninitialized value is copied to user object when calling PANTHORUOBJSET. Using memset to initialize 'prioritiesinfo' to avoid th...
CVE-2025-20908
Use of insufficiently random values in Auracast prior to SMR Mar-2025 Release 1 allows adjacent attackers to access Auracast broadcasting...
SAMSUNG Mobile devices 安全漏洞
SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices, which stems from insufficient random values and could lead to an adjacent attacker accessin...
CVE-2025-27371
In certain IETF OAuth 2.0-related specifications, when the JSON Web Token Profile for OAuth 2.0 Client Authentication mechanism is used, there are ambiguities in the audience values of JWTs sent to authorization servers. The affected RFCs may include RFC 7523, and also RFC 7521, RFC 7522, RFC 910...
Linux Distros Unpatched Vulnerability : CVE-2022-41716
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid...
Linux Distros Unpatched Vulnerability : CVE-2024-26638
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: nbd: always initialize struct msghdr completely syzbot complains that msg-msggetinq value ca...