519 matches found
CVE-2025-36123
CVE-2025-36123 affects IBM Db2 for Linux, UNIX and Windows (including DB2 Connect Server) 11.5.0–11.5.9 and 12.1.0–12.1.3. The vulnerability stems from improper allocation of system resources, enabling a local user to cause a denial of service when copying large tables that contain XML data. Impa...
MiracleLinux 9 : postgresql:16 (AXSA:2026-063:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-063:01 advisory. postgresql: CREATE STATISTICS does not check for schema CREATE privilege CVE-2025-12817 postgresql: libpq undersizes allocations, via integer...
MiracleLinux 8 : libwebp-1.0.0-5.el8 (AXSA:2021-2754:03)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2754:03 advisory. libwebp: out-of-bounds read in WebPMuxCreateInternal CVE-2018-25009 libwebp: out-of-bounds read in ApplyFilter CVE-2018-25010 libwebp: out-of-bounds...
AlmaLinux 9 : postgresql:15 (ALSA-2026:0492)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:0492 advisory. postgresql: CREATE STATISTICS does not check for schema CREATE privilege CVE-2025-12817 postgresql: libpq undersizes allocations, via integer wraparound...
postgresql:13 security update
An update is available for pgrepack, module.postgresql, module.pgaudit, postgresql, postgres-decoderbufs, module.pgrepack, module.postgres-decoderbufs, pgaudit. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
MiracleLinux 9 : grafana-10.2.6-11.el9_6 (AXSA:2025-10478:10)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10478:10 advisory. golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing CVE-2025-30204 Tenable has extracted the preceding description block directl...
MiracleLinux 8 : osbuild-composer-101-3.el8_10.ML.1 (AXSA:2025-9957:03)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9957:03 advisory. golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing CVE-2025-30204 Tenable has extracted the preceding description block directly...
Important: Red Hat Security Advisory: podman security update
An update for podman is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
CVE-2023-50433
marshall in dhcppacket.c in simple-dhcp-server through ec976d2 allows remote attackers to cause a denial of service by sending a malicious DHCP packet. The crash is caused by a type confusion bug that results in a large memory allocation; when this memory allocation fails the DHCP server will cra...
CVE-2019-11938
Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebo...
CVE-2021-27417
eCosCentric eCosPro RTOS Versions 2.0.1 through 4.5.3 are vulnerable to integer wraparound in function calloc an implementation of malloc. The unverified memory assignment can lead to arbitrary memory allocation, resulting in a heap-based buffer overflow...
CVE-2023-25568
Boxo, formerly known as go-libipfs, is a library for building IPFS applications and implementations. In versions 0.4.0 and 0.5.0, if an attacker is able allocate arbitrary many bytes in the Bitswap server, those allocations are lasting even if the connection is closed. This affects users acceptin...
RHEL 9 : postgresql (RHSA-2026:0263)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0263 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: CREATE STATISTICS does not check fo...
CVE-2025-1992
IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user in federation environment, to cause a denial of service due to insufficient release of allocated memory after usage...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993077)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993077 advisory. In the Linux kernel, the following vulnerability has been resolved: bnxten: Avoid order-5 memory allocation for TPA data The driver needs to keep track of all the...
RHEL 8 : expat (RHSA-2025:22842)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:22842 advisory. Expat is a C library for parsing XML documents. Security Fixes: expat: internal entity expansion CVE-2013-0340 expat: integer overflow in t...
RHEL 9 : expat (RHSA-2025:22033)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:22033 advisory. Expat is a C library for parsing XML documents. Security Fixes: libexpat: expat: Improper Restriction of XML Entity Expansion Depth in...
Important: Red Hat Security Advisory: expat security update
An update for expat is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
NVIDIA GPU Display Driver 代码问题漏洞
NVIDIA GPU Display Driver is a display driver from NVIDIA Corporation. A code issue vulnerability exists in NVIDIA GPU Display Driver, which originates in the kernel driver where a user can dereference a null pointer by allocating specific memory resources, potentially resulting in a denial of...
OESA-2025-2455 expat security update
expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat in Expat before version 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document...