7028 matches found
CVE-2025-13507
Inconsistent object size validation in time series processing logic may result in later processing of oversized BSON documents leading to an assert failing and process termination. This issue impacts MongoDB Server v7.0 versions prior to 7.0.26, v8.0 versions prior to 8.0.16 and MongoDB server v8...
CVE-2025-13507
Inconsistent object size validation in time series processing logic may result in later processing of oversized BSON documents leading to an assert failing and process termination. This issue impacts MongoDB Server v7.0 versions prior to 7.0.26, v8.0 versions prior to 8.0.16 and MongoDB server v8...
UBUNTU-CVE-2025-13507
Inconsistent object size validation in time series processing logic may result in later processing of oversized BSON documents leading to an assert failing and process termination. This issue impacts MongoDB Server v7.0 versions prior to 7.0.26, v8.0 versions prior to 8.0.16 and MongoDB server v8...
CVE-2025-13507
The CVE-2025-13507 entry describes an issue in MongoDB Server: inconsistent object size validation in the time series processing path can cause oversized BSON documents to be processed later, triggering an assertion and process termination. Affected versions are MongoDB Server v7.0 before 7.0.26,...
Time-series operations may cause internal BSON size limit to be exceed
Inconsistent object size validation in time series processing logic may result in later processing of oversized BSON documents leading to an assert failing and process termination. This issue impacts MongoDB Server v7.0 versions prior to 7.0.26, v8.0 versions prior to 8.0.16 and MongoDB server v8...
PT-2025-47989
Name of the Vulnerable Software and Affected Versions MongoDB Server versions prior to 7.0.26 MongoDB Server versions prior to 8.0.16 MongoDB Server versions prior to 8.2.1 Description An issue exists in the time series processing logic where inconsistent object size validation can lead to the...
CLSA-2025-1764028726 iperf3: Fix of 2 CVEs
CVE-2025-54349: fix off-by-one error and heap-based buffer overflow in iperfauth.c - CVE-2025-54350: prevent crash due to assertion failures on malformed authentication attempt in iperfauth.c...
RockyLinux 10 : kea (RLSA-2025:21038)
The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:21038 advisory. kea: Invalid characters cause assert CVE-2025-11232 Tenable has extracted the preceding description block directly from the RockyLinux security advisory. Note...
TencentOS Server 4: cairo (TSSA-2025:0708)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0708 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
TencentOS Server 3: redis:6 (TSSA-2025:0105)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0105 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
USN-7872-1 lasso vulnerabilities
It was discovered that Lasso incorrectly handled certain malformed SAML responses. A remote attacker could possibly use this issue to cause Lasso to crash, resulting in a denial of service. CVE-2025-46404 It was discovered that Lasso incorrectly handled certain malformed SAML assertion responses....
Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-56705)
media: atomisp: In iacss3astatisticsallocate, there is no check on the allocation result of the rgbydata memory. If rgbydata is not successfully allocated, it may trigger the asserthoststats-rgbydata assertion in iacsss3ahmemdecode. This plugin only works with Tenable.ot. Please visit...
lasso: Type confusion in Entr'ouvert Lasso
A type confusion vulnerability exists in the lassonodeimplinitfromxml functionality of Entr'ouvert Lasso 2.8.2 and prior. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability...
lasso: Type confusion in Entr'ouvert Lasso
A type confusion vulnerability exists in the lassonodeimplinitfromxml functionality of Entr'ouvert Lasso 2.8.2 and prior. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability...
lasso: Type confusion in Entr'ouvert Lasso
A type confusion vulnerability exists in the lassonodeimplinitfromxml functionality of Entr'ouvert Lasso 2.8.2 and prior. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability...
lasso: Type confusion in Entr'ouvert Lasso
A type confusion vulnerability exists in the lassonodeimplinitfromxml functionality of Entr'ouvert Lasso 2.8.2 and prior. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability...
lasso: Type confusion in Entr'ouvert Lasso
A type confusion vulnerability exists in the lassonodeimplinitfromxml functionality of Entr'ouvert Lasso 2.8.2 and prior. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability...
OESA-2025-2684 python-ldap security update
python-ldap: python-ldap provides an object-oriented API to access LDAP directory servers from Python programs. Mainly it wraps the OpenLDAP 2.x libs for that purpose. Additionally the package contains modules for other LDAP-related stuff e.g. processing LDIF, LDAPURLs, LDAPv3 schema, LDAPv3...
TencentOS Server 4: lasso (TSSA-2025:0862)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0862 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
Siemens SIMATIC S7-1500 Reachable Assertion (CVE-2020-25710)
A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23. The highest threat from this vulnerability is to system availability. This plugin only works with Tenable.ot. Plea...