6767 matches found
CVE-2025-1933
On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type. This vulnerability affects Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8...
CVE-2025-1933
On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8...
Linux Distros Unpatched Vulnerability : CVE-2017-5967
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The time subsystem in the Linux kernel through 4.9.9, when CONFIGTIMERSTATS is enabled, allows local users to discover real PID values as distinguished from PID...
Linux Distros Unpatched Vulnerability : CVE-2020-14304
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A memory disclosure flaw was found in the Linux kernel's ethernet drivers, in the way it read data from the EEPROM of the device. This flaw allows a local user ...
Linux Distros Unpatched Vulnerability : CVE-2016-2085
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The evmverifyhmac function in security/integrity/evm/evmmain.c in the Linux kernel before 4.5 does not properly copy data, which makes it easier for local users...
PT-2025-9658 · Mozilla +10 · Firefox +10
Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 136 Firefox ESR versions prior to 115.21 Firefox ESR versions prior to 128.8 Description: The issue arises when the JIT compiles WASM i32 return values on 64-bit CPUs, potentially picking up bits from leftover memory...
CSV Injection
Overview Affected versions of this package are vulnerable to CSV Injection in the ServiceDBStore when exporting a CSV. Remediation Upgrade org.apache.ranger:security-admin-web to version 2.6.0 or higher. References - Apache Jira Issues - GitHub Commit - GitHub Commit - OSS Security Advisory -...
CVE-2025-27371
In certain IETF OAuth 2.0-related specifications, when the JSON Web Token Profile for OAuth 2.0 Client Authentication mechanism is used, there are ambiguities in the audience values of JWTs sent to authorization servers. The affected RFCs may include RFC 7523, and also RFC 7521, RFC 7522, RFC 910...
CVE-2025-27371
In certain IETF OAuth 2.0-related specifications, when the JSON Web Token Profile for OAuth 2.0 Client Authentication mechanism is used, there are ambiguities in the audience values of JWTs sent to authorization servers. The affected RFCs may include RFC 7523, and also RFC 7521, RFC 7522, RFC 910...
Apache Ranger 安全漏洞
Apache Ranger is a set of architectures from the Apache USA Foundation that implement comprehensive security measures for Hadoop clusters. The product provides centralized security policy management for core enterprise security requirements such as authorization, billing, and data protection. A...
Incorta 安全漏洞
Incorta is an enterprise-grade data analytics and business intelligence platform from Incorta USA that rapidly enables data insights and decision support. A security vulnerability exists in Incorta version 2023.4.3, which stems from improper handling of the Service Name parameter in the Edit...
WordPress plugin Nokri 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
CLSA-2025-1740740956 flatpak: Fix of CVE-2023-28101
CVE-2023-28101: fix issue of hiding elevated permissions by setting crafted values containing non-printable control characters...
SUSE CVE-2025-21707
In the Linux kernel, the following vulnerability has been resolved: mptcp: consolidate suboption status MPTCP maintains the received sub-options status is the bitmask carrying the received suboptions and in several bitfields carrying per suboption additional info. Zeroing the bitmask before parsi...
SUSE CVE-2025-27219
In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when...
CVE-2025-21787 team: better TEAM_OPTION_TYPE_STRING validation
In the Linux kernel, the following vulnerability has been resolved: team: better TEAMOPTIONTYPESTRING validation syzbot reported following splat 1 Make sure user-provided data contains one nul byte. 1 BUG: KMSAN: uninit-value in stringnocheck lib/vsprintf.c:633 inline BUG: KMSAN: uninit-value in...
DEBIAN-CVE-2025-21707
In the Linux kernel, the following vulnerability has been resolved: mptcp: consolidate suboption status MPTCP maintains the received sub-options status is the bitmask carrying the received suboptions and in several bitfields carrying per suboption additional info. Zeroing the bitmask before parsi...
Important: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.15.1 security update
An update is now available for Red Hat OpenShift GitOps v1.15.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
DEBIAN-CVE-2022-49325
In the Linux kernel, the following vulnerability has been resolved: tcp: add accessors to read/set tp-sndcwnd We had various bugs over the years with code breaking the assumption that tp-sndcwnd is greater than zero. Lately, syzbot reported the WARNONONCE!tp-priorcwnd added in commit 8b8a321ff72c...
UBUNTU-CVE-2022-49325
In the Linux kernel, the following vulnerability has been resolved: tcp: add accessors to read/set tp-sndcwnd We had various bugs over the years with code breaking the assumption that tp-sndcwnd is greater than zero. Lately, syzbot reported the WARNONONCE!tp-priorcwnd added in commit 8b8a321ff72c...