CVE-2025-52986

A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows a local, low privileged user to cause an impact to the availability of the device. When RIB sharding is enabled and a user executes one of...

About Elevation of Privilege – Windows SMB Client (CVE-2025-33073) vulnerability

About Elevation of Privilege - Windows SMB Client CVE-2025-33073 vulnerability. A vulnerability from the June Microsoft Patch Tuesday allows an attacker to execute a malicious script, forcing the victim's host to connect to the attacker's SMB server and authenticate, resulting in gaining SYSTEM...

PHP 安全漏洞

PHP is a scripting language for PHP that is executed server-side. A security vulnerability exists in PHP versions prior to 8.1.33, 8.2.29, 8.3.23, and 8.4.10, which stems from a vulnerability that could result in a null pointer dereference when parsing XML data, affecting server availability...

CVE-2025-52986

A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows a local, low privileged user to cause an impact to the availability of the device. When RIB sharding is enabled and a user executes one of...

CVE-2025-52986

A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows a local, low privileged user to cause an impact to the availability of the device. When RIB sharding is enabled and a user executes one of...

CVE-2025-52984

A NULL Pointer Dereference vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause impact to the availability of the device. When static route points to a reject next hop and a gNMI query is...

CGA-HC35-7QMM-F7G5

Bulletin has no description...

CVE-2025-52984 Junos OS and Junos OS Evolved: When a static route points to a reject next-hop and a gNMI query for this route is processed, RPD crashes

A NULL Pointer Dereference vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause impact to the availability of the device. When static route points to a reject next hop and a gNMI query is...

CVE-2025-52984 Junos OS and Junos OS Evolved: When a static route points to a reject next-hop and a gNMI query for this route is processed, RPD crashes

A NULL Pointer Dereference vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause impact to the availability of the device. When static route points to a reject next hop and a gNMI query is...

OESA-2025-1808 libssh security update

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...

OESA-2025-1804 libssh security update

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...

OESA-2025-1755 mod_security security update

Security Fixes: A vulnerability was found in OWASP ModSecurity 2.9.8/2.9.10 and classified as critical.Using CWE to declare the problem leads to CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary...

OESA-2025-1750 mod_security security update

Security Fixes: A vulnerability was found in OWASP ModSecurity up to 2.9.9. It has been declared as critical.The manipulation of the argument sanitiseArg/sanitizeArg with an unknown input leads to a unknown weakness. The CWE definition for the vulnerability is CWE-1050. The product has a loop bod...

Juniper Networks Junos OS和Juniper Networks Junos OS Evolved 代码问题漏洞

Juniper Networks Junos OS and Juniper Networks Junos OS Evolved are both products of Juniper Networks, Inc.Juniper Networks Junos OS is a network operating system dedicated to the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. Juniper...

Juniper Networks Junos OS和Juniper Networks Junos OS Evolved 安全漏洞

Juniper Networks Junos OS and Juniper Networks Junos OS Evolved are both products of Juniper Networks, Inc.Juniper Networks Junos OS is a network operating system dedicated to the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. Juniper...

CVE-2025-23166 affecting package nodejs for versions less than 20.14.0-9

CVE-2025-23166 affecting package nodejs for versions less than 20.14.0-9. A patched version of the package is available...

CVE-2025-42970

SAPCAR improperly sanitizes the file paths while extracting SAPCAR archives. Due to this, an attacker could craft a malicious SAPCAR archive containing directory traversal sequences. When a high privileged victim extracts this malicious archive, it is then processed by SAPCAR on their system,...

CVE-2025-42967

SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vulnerability. This allows an attacker with user level privileges to create a new report with his own code potentially gaining full control of the affected SAP system causing high impact on confidentiality, integrity, an...

CVE-2025-42966

SAP NetWeaver XML Data Archiving Service allows an authenticated attacker with administrative privileges to exploit an insecure Java deserialization vulnerability by sending a specially crafted serialized Java object. This could lead to high impact on confidentiality, integrity, and availability ...

CVE-2025-42952

SAP Business Warehouse and SAP Plug-In Basis allows an authenticated attacker to add fields to arbitrary SAP database tables and/or structures, potentially rendering the system unusable. On successful exploitation, an attacker can render the system unusable by triggering short dumps on login. Thi...