DoS Vulnerability in TraceContextPropagator.Extract - OpenTelemetry.Api

Impact What kind of vulnerability is it? Who is impacted? A vulnerability in OpenTelemetry.Api package 1.10.0 to 1.11.1 could cause a Denial of Service DoS when a tracestate and traceparent header is received. These versions are used in OpenTelemetry .NET Automatic Instrumentation 1.10.0-beta.1 a...

The vulnerability of the Query Handler component of the IBM DB2 database management system and the IBM DB2 Connect Server automatic redirection server allows a perpetrator to cause service failures.

The vulnerability of the Query Handler component of the IBM DB2 database management system and the IBM DB2 Connect Server automatic redirection server is related to uncontrolled memory allocation. Exploiting this vulnerability could allow a malicious actor to cause service interruptions by using ...

CVE-2025-23879

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PillarDev Easy Automatic Newsletter Lite easy-automatic-newsletter allows Reflected XSS.This issue affects Easy Automatic Newsletter Lite: from n/a through = 3.2.0...

CVE-2025-23879 WordPress Easy Automatic Newsletter Lite Plugin <= 3.2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PillarDev Easy Automatic Newsletter Lite easy-automatic-newsletter allows Reflected XSS.This issue affects Easy Automatic Newsletter Lite: from n/a through = 3.2.0...

CVE-2025-23879

CVE-2025-23879 affects the WordPress plugin Easy Automatic Newsletter Lite (PillarDev)

Firefox 135.0.1 Download Stresser

Firefox version 135.0.1 appears to suffer from a download looping issue that allows a malicious site to constantly download files to a user's browser. Exploit Title: Firefox 135.0.1 bypass Download protections PoC Date: 2025-02-28 Exploit Author: Emiliano Febbi Vendor Homepage:...

SUSE CVE-2022-49508

In the Linux kernel, the following vulnerability has been resolved: HID: elan: Fix potential double free in elaninputconfigured 'input' is a managed resource allocated with devminputallocatedevice, so there is no need to call inputfreedevice explicitly or there will be a double free. According to...

CVE-2025-0889

Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows installed, via the manipulation of COM objects under certain circumstances where an EPM policy allows for automatic privilege elevation of a user process...

DEBIAN-CVE-2022-49403

In the Linux kernel, the following vulnerability has been resolved: lib/stringhelpers: fix not adding strarray to device's resource list Add allocated strarray to device's resource list. This is a must to automatically release strarray when the device disappears. Without this fix we have a memory...

UBUNTU-CVE-2022-49403

In the Linux kernel, the following vulnerability has been resolved: lib/stringhelpers: fix not adding strarray to device's resource list Add allocated strarray to device's resource list. This is a must to automatically release strarray when the device disappears. Without this fix we have a memory...

CVE-2022-49608 pinctrl: ralink: Check for null return of devm_kcalloc

In the Linux kernel, the following vulnerability has been resolved: pinctrl: ralink: Check for null return of devmkcalloc Because of the possible failure of the allocation, data-domains might be NULL pointer and will cause the dereference of the NULL pointer later. Therefore, it might be better t...

Fedora 41 : bootc (2025-bdb0ce9d97)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-bdb0ce9d97 advisory. Automatic update for bootc-1.1.5-1.fc41. Changelog for bootc Mon Feb 10 2025 Packit - 1.1.5-1 - Update to 1.1.5 upstream release Tenable has extracted the...

PT-2025-6811 · Sick · Sick Meac300-Fnade4

Name of the Vulnerable Software and Affected Versions: SICK MEAC300-FNADE4 all versions Description: The issue allows a standard user to execute commands with administrative privileges using the run as function to start MEAC applications. This is possible because administrator credentials were...

Security Updates for Microsoft Word Products C2R (February 2025)

The Microsoft Word Products are missing a security update. It is, therefore, affected by multiple remote code execution vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable,...

N-MDM - Security Advisory Ivanti Neurons for MDM (N-MDM)

Summary Ivanti has released updates for Ivanti Neurons for MDM N-MDM which addresses a medium severity vulnerability. We are not aware of any customers being exploited by this vulnerability at the time of disclosure. Vulnerability Details: Description | CVSS Score Severity | CVSS Vector | CWE...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: mm/slab: makefreekfree should accept error pointers. Currently, if an automatically freed allocation is an error pointer, it can lead to a crash. An example of this is in the function wm831x gpiodbgshow. c 171 char label freekfre...

KB5052109: Servicing stack update for Windows Server 2012: February 11, 2025

KB5052109: Servicing stack update for Windows Server 2012: February 11, 2025 End of support information Windows Server 2012 reached the end of support EOS on October 10, 2023.Extended Security Updates ESUs are available for purchase and will continue for three years, renewable on an annual basis,...

Buffer Overflow

libcurl.so is vulnerable to a Buffer Overflow. The vulnerability is due to an attacker-controlled integer overflow due to the use of zlib when performing automatic gzip decompression with the CURLOPTACCEPTENCODING option, leading to a potential buffer overflow...

CVE-2024-13614

Kaspersky has fixed a security issue in Kaspersky Anti-Virus SDK for Windows, Kaspersky Security for Virtualization Light Agent, Kaspersky Endpoint Security for Windows, Kaspersky Small Office Security, Kaspersky for Windows Standard, Plus, Premium, Kaspersky Free, Kaspersky Anti-Virus, Kaspersky...

CVE-2021-4380

The Pinterest Automatic plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the 'wppinterestautomaticparserequest' function and the 'processform.php' script in versions up to, and including, 1.14.3. This makes it possible for unauthenticated attackers to...