CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3260 matches found

CNNVD•added 2025/02/26 12:0 a.m.•2 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel, which stems from the fact that LZ4decompresssafepartial can lead to out-of-bounds reads in extreme cases...

7.8CVSS6.3AI score0.00248EPSS

Exploits0References7

BDU FSTEC•added 2025/02/24 12:0 a.m.•5 views

The vulnerability of the netem component in the Linux operating system’s kernel allows a hacker to gain elevated privileges within the system.

The vulnerability of the netem component in the Linux operating system’s kernel is related to errors that occur after decompression. Exploiting this vulnerability can allow an attacker to gain elevated privileges within the system...

5.5CVSS6.7AI score0.00239EPSS

Exploits0References39Affected Software6

Tenable Nessus•added 2025/02/20 12:0 a.m.•16 views

Tenable Identity Exposure < 3.77.9 Multiple Vulnerabilities (TNS-2025-01)

The version of the Tenable Identity Exposure running on the remote host is prior to 3.77.9. It is, therefore, affected by multiple vulnerabilities according to advisory TNS-2025-01, including the following: - libcurl would wrongly close the same eventfd file descriptor twice when taking down a...

7.7CVSS7.1AI score0.01404EPSS

Exploits5References11

Tenable Nessus•added 2025/02/14 12:0 a.m.•15 views

CBL Mariner 2.0 Security Update: curl / mysql (CVE-2025-0725)

The version of curl / mysql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-0725 advisory. - When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with th...

7.3CVSS6.9AI score0.01168EPSS

Exploits1References2

CVE•added 2025/02/12 3:15 p.m.•66 views

CVE-2025-0332

CVE-2025-0332 affects Progress Telerik UI for WinForms. Prior to 2025 Q1 (2025.1.211), improper limitation of a target path enables path traversal when decompressing archive contents into a restricted directory. Impact involves potential exposure/manipulation of data (confidentiality, integrity, ...

9.8CVSS7.6AI score0.00374EPSS

Exploits0References1Affected Software1

Cvelist•added 2025/02/12 3:15 p.m.•13 views

CVE-2025-0332 Progress UI for WinForms decompression path traversal vulnerability

In Progress® Telerik® UI for WinForms, versions prior to 2025 Q1 2025.1.211, using the improper limitation of a target path can lead to decompressing an archive's content into a restricted directory...

7.8CVSS0.00374EPSS

Exploits0References1

AstraLinux•added 2025/02/11 7:35 a.m.•3 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: jffs2: Prevent rtime decompression memory corruption The rtime decompression routine does not fully check bounds during the entire decompression process. As a result, it may corrupt memory outside the decompression buffer if the...

7.8CVSS6.2AI score0.00217EPSS

Exploits0References3

OSV•added 2025/02/10 4:15 p.m.•5 views

DEBIAN-CVE-2025-21693

In the Linux kernel, the following vulnerability has been resolved: mm: zswap: properly synchronize freeing resources during CPU hotunplug In zswapcompress and zswapdecompress, the per-CPU acompctx of the current CPU at the beginning of the operation is retrieved and used throughout. However, sin...

7.8CVSS5.7AI score0.00191EPSS

Exploits0References1

Veracode•added 2025/02/10 10:48 a.m.•4 views

Buffer Overflow

libcurl.so is vulnerable to a Buffer Overflow. The vulnerability is due to an attacker-controlled integer overflow due to the use of zlib when performing automatic gzip decompression with the CURLOPTACCEPTENCODING option, leading to a potential buffer overflow...

7.3CVSS7.2AI score0.01168EPSS

Exploits1References10Affected Software2

RedhatCVE•added 2025/02/08 4:8 a.m.•15 views

CVE-2025-0725

A flaw was found in libcurl. This vulnerability allows an attacker to trigger a buffer overflow via an integer overflow in zlib 1.2.0.3 or older when libcurl performs automatic gzip decompression. Mitigation Mitigation for this issue is either not available or the currently available options do n...

4CVSS6.8AI score0.01168EPSS

Exploits1References6

RedHat Linux•added 2025/02/06 4:42 p.m.•5 views

bzip2: bzip2: Data integrity error when decompressing (with data integrity tests fail).

A data integrity error was found in the bzip2 User-space package functionality when decompressing. This issue occurs when a user decompresses a particular kind of .bz2 files. A local user could get unexpected results or corrupted data as result of decompressing these files...

9.8CVSS7.3AI score0.08042EPSS

Exploits0References4

SUSE CVE•added 2025/02/06 3:48 a.m.•2 views

SUSE CVE-2025-0725

When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the CURLOPTACCEPTENCODING option, using zlib 1.2.0.3 or older, an attacker-controlled integer overflow would make libcurl perform a buffer overflow...

4.3CVSS9.7AI score0.01168EPSS

Exploits1References8

OSV•added 2025/02/05 10:15 a.m.•9 views

AZL-56471 CVE-2025-0725 affecting package mysql for versions less than 8.0.40-4

7.3CVSS7.6AI score0.01168EPSS

Exploits1References1