36999 matches found
The vulnerability of the Apache Tomcat application server arises from a lack of mechanisms for encoding or shielding output data. This allows attackers to influence the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the Apache Tomcat application server is related to the lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability allows a malicious actor to influence the confidentiality, integrity, and accessibility of the protected information...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to check for Supm extension availability, which could lead to a kernel crash...
CVE-2025-23165
A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding...
KLA83718 Multiple vulnerabilities in Mozilla Firefox
Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service. Below is a complete list of vulnerabilities: 1. Out of bounds memory read or write vulnerability can be exploited to cause denial of service. 2. Out of bounds memo...
KLA83716 Multiple vulnerabilities in Mozilla Firefox ESR
Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to cause denial of service. Below is a complete list of vulnerabilities: 1. Out of bounds memory read or write vulnerability can be exploited to cause denial of service. 2. Out of bounds...
EulerOS Virtualization 2.12.1 : python-requests (EulerOS-SA-2025-1558)
According to the versions of the python-requests package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An unclaimed Amazon S3 bucket, 'codeconf', is referenced in an audio file link within the .rst documentation file. This...
The vulnerability of the VLAN (Virtual Local Area Network) technology in the microprogramming-based industrial wireless switches ABB ARG600, ARP600, ARR600, and ARC600 allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the VLAN Virtual Local Area Network technology in the microprogramming-based industrial wireless switches ABB ARG600, ARP600, ARR600, and ARC600 is related to incorrect initialization of resources. Exploiting this vulnerability can allow an attacker to compromise the...
CVE-2025-47285
Vyper is the Pythonic Programming Language for the Ethereum Virtual Machine. In versions up to and including 0.4.2rc1, concat may skip evaluation of side effects when the length of an argument is zero. This is due to a fastpath in the implementation which skips evaluation of argument expressions...
CVE-2025-46399
In xfig diagramming tool, a segmentation fault in fig2dev allows memory corruption via local input manipulation at gengeitpspline function...
CVE-2025-30010
The Live Auction Cockpit in SAP Supplier Relationship Management SRM uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to craft a malicious link, which when clicked by a victim, redirects the browser to a malicious site. On successfu...
CVE-2025-43000
Under certain conditions Promotion Management Wizard PMW allows an attacker to access information which would otherwise be restricted.This has High impact on Confidentiality with Low impact on Integrity and Availability of the application...
CVE-2025-43010
SAP S/4HANA Cloud Private Edition or on Premise SCM Master Data Layer MDL allows an authenticated attacker with SAP standard authorization to execute a certain function module remotely and replace arbitrary ABAP programs, including SAP standard programs. This is due to lack of input validation an...
OPENSUSE-SU-2025:15092-1 pnpm-10.11.0-1.1 on GA media
These are all security issues fixed in the pnpm-10.11.0-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2025:15093-1 ucode-intel-20250512-1.1 on GA media
These are all security issues fixed in the ucode-intel-20250512-1.1 package on the GA media of openSUSE Tumbleweed...
CVE-2025-46836
net-tools is a collection of programs that form the base set of the NET-3 networking distribution for the Linux operating system. Inn versions up to and including 2.10, the Linux network utilities like ifconfig from the net-tools package do not properly validate the structure of /proc files when...
DoS (Denial of Service) Third-Party Dependency in Bitbucket Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 8.9.10, 8.13.6, 8.14.6, 8.15.0, 8.16.0, 8.17.0, 8.18.0, 8.19.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score ...
Alibaba Cloud Linux 3 : 0178: edk2 (ALINUX3-SA-2024:0178)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0178 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-45236: EDK2's Network Package is...
Alibaba Cloud Linux 3 : 0087: userspace graphics, xorg-x11, and mesa (ALINUX3-SA-2022:0087)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0087 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-14344: An integer overflow leadin...
Alibaba Cloud Linux 3 : 0002: libpq (ALINUX3-SA-2021:0002)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2021:0002 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-25694: A flaw was found in...
Security and Privacy Measurement on Chinese Consumer IoT Traffic Based on Device Lifecycle
In recent years, consumer Internet of Things IoT devices have become widely used in daily life. With the popularity of devices, related security and privacy risks arise at the same time as they collect user-related data and transmit it to various service providers. Although China accounts for a...