8490 matches found
PT-2025-53072
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue within the net/mlx5e component. The problem stems from an incorrect encap attribute being used during invalidation, specifically in the mlx5e invalidat...
PT-2025-53221
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the drm/amdkfd subsystem. A kernel warning can occur during topology setup due to incorrect initialization of the p2plink attribute before creating th...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an uninitialized attribute that could result in a kernel warning...
PT-2025-52960
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A reference leak exists in the RDMA/core component of the Linux kernel. Specifically, if the creation of an AH acknowledgement header request fails, the sgid attr is not released, leadin...
Stack-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow in the parsing of attribute names. An attacker can execute arbitrary code in the context of the current user by enticing a user to open a malicious file or visit a malicious page that triggers the vulnerable...
CVE-2025-14936
NSF Unidata NetCDF-C Attribute Name Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required to exploit this vulnerability in that the targe...
DEBIAN-CVE-2025-14936
NSF Unidata NetCDF-C Attribute Name Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required to exploit this vulnerability in that the targe...
CVE-2025-14936
NSF Unidata NetCDF-C Attribute Name Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required to exploit this vulnerability in that the targe...
CVE-2025-14936
NSF Unidata NetCDF-C Attribute Name Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required to exploit this vulnerability in that the targe...
UBUNTU-CVE-2025-14936
NSF Unidata NetCDF-C Attribute Name Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required to exploit this vulnerability in that the targe...
CVE-2025-14936
The CVE-2025-14936 entry concerns NSF Unidata NetCDF-C. Affected component: NetCDF-C attribute name parsing. Root cause: lack of proper validation for the length of user-supplied data when copying into a fixed-length stack-based buffer, producing a stack-based buffer overflow. Impact: remote code...
CVE-2025-14936 NSF Unidata NetCDF-C Attribute Name Stack-based Buffer Overflow Remote Code Execution Vulnerability
NSF Unidata NetCDF-C Attribute Name Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required to exploit this vulnerability in that the targe...
CVE-2025-14936 NSF Unidata NetCDF-C Attribute Name Stack-based Buffer Overflow Remote Code Execution Vulnerability
NSF Unidata NetCDF-C Attribute Name Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required to exploit this vulnerability in that the targe...
CVE-2025-14936
NSF Unidata NetCDF-C Attribute Name Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required to exploit this vulnerability in that the targe...
NSF Unidata NetCDF-C 安全漏洞
NSF Unidata NetCDF-C is a tool for processing NetCDF files from NSF Unidata, USA. A security vulnerability exists in NSF Unidata NetCDF-C that stems from a lack of validation of the length of user-supplied data when parsing attribute names, which could lead to a stack buffer overflow and remote...
CVE-2025-68457
Orejime is a consent manager that focuses on accessibility. On HTML elements handled by Orejime prior to version 2.3.2, one could run malicious code by embedding javascript: code within data attributes. When consenting to the related purpose, Orejime would turn data attributes into unprefixed one...
EUVD-2025-204591
Tuta Mail has DOM attribute and CSS injection in its Contact Viewer feature...
Orejime has executable code in HTML attributes
Impact On HTML elements handled by Orejime, one could run malicious code by embedding javascript: code within data attributes. When consenting to the related purpose, Orejime would turn data attributes into unprefixed ones i.e. data-href into href, thus executing the code. This shouldn't have any...
Cross-site Scripting (XSS)
Overview orejime is an A lightweight and accessible consent manager Affected versions of this package are vulnerable to Cross-site Scripting XSS via the process that transforms data-href attributes into href attributes. An attacker can execute arbitrary JavaScript code by injecting malicious HTML...
CVE-2025-68457
CVE-2025-68457 affects Orejime prior to version 2.3.2. The issue arises when HTML elements managed by Orejime contain embedded javascript: code within data attributes. During consent related processing, Orejime converts data attributes (e.g., data-href) into unprefixed attributes (e.g., href), al...