PT-2025-5717 · Cisco · Cisco Ios Xe +2

Name of the Vulnerable Software and Affected Versions: Cisco IOS Software affected versions not specified Cisco IOS XE Software affected versions not specified Cisco IOS XR Software affected versions not specified Description: A vulnerability in the SNMP subsystem could allow an authenticated,...

MariaDB 10.5.0 < 10.5.28

The version of MariaDB installed on the remote host is prior to 10.5.28. It is, therefore, affected by a vulnerability as referenced in the 10.5.28 advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.40 and prior,...

CVE-2024-22052

A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure 9.x, 22.x and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack...

CLSA-2025-1738693764 squid: Fix of CVE-2024-25111

CVE-2024-25111: Fix uncontrolled recursion bug in HTTP Chunked decoder to prevent DoS attack...

Fedora 41 : phpMyAdmin (2025-4b8ab3834c)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-4b8ab3834c advisory. phpMyAdmin 5.2.2 is released Welcome to the release of phpMyAdmin version 5.2.2, the I should have released this sooner release. This is primarily a...

Fedora 40 : phpMyAdmin (2025-c17ef0f176)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-c17ef0f176 advisory. phpMyAdmin 5.2.2 is released Welcome to the release of phpMyAdmin version 5.2.2, the I should have released this sooner release. This is primarily a...

GHSA-9M5P-C77C-F9J7 DoS in Cilium agent DNS proxy from crafted DNS responses

Impact In a Kubernetes cluster where Cilium is configured to proxy DNS traffic, an attacker can crash Cilium agents by sending a crafted DNS response to workloads from outside the cluster. For traffic that is allowed but without using DNS-based policy, the dataplane will continue to pass traffic ...

CVE-2025-21523

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...

UBUNTU-CVE-2025-21492

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.36 and prior and 8.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2025-21492

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.36 and prior and 8.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

BIT-PYTHON-MIN-2022-48564

readints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format...

CVE-2024-4227 gSOAP: Vulnerable to specially crafted unencrypted SDC messages

In Genivia gSOAP with a specific configuration an unauthenticated remote attacker can generate a high CPU load when forcing to parse an XML having duplicate ID attributes which can lead to a DoS...

CVE-2024-4227

CVE-2024-4227 affects Genivia gSOAP. A specific configuration allows an unauthenticated remote attacker to cause high CPU load by forcing the XML parser to process duplicate ID attributes, leading to a DoS. The vulnerability is tied to the gSOAP XML parsing behavior; impact is denial of service w...

BIT-PHP-MIN-2024-2757 PHP mb_encode_mimeheader runs endlessly for some inputs

In PHP 8.3. before 8.3.5, function mbencodemimeheader runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function...

CVE-2024-53685

In the Linux kernel, the following vulnerability has been resolved: ceph: give up on paths longer than PATHMAX If the full path to be built by cephmdscbuildpath happens to be longer than PATHMAX, then this function will enter an endless retry loop, effectively blocking the whole task. Most of the...

CVE-2024-56332 Next.js Vulnerable to Denial of Service (DoS) with Server Actions

Next.js is a React framework for building full-stack web applications. Starting in version 13.0.0 and prior to versions 13.5.8, 14.2.21, and 15.1.2, Next.js is vulnerable to a Denial of Service DoS attack that allows attackers to construct requests that leaves requests to Server Actions hanging...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : mozjs78 (SUSE-SU-2024:4412-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:4412-1 advisory. - CVE-2024-50602: Fixed DoS via XMLResumeParser bsc1232599 Tenable has extracted the preceding descriptio...

SUSE-SU-2024:4411-1 Security update for mozjs115

This update for mozjs115 fixes the following issues: - CVE-2024-11498: Fixed resource exhaustion via Stack overflow in libjxl bsc1233786 - CVE-2024-11403: Fixed out of Bounds Memory Read/Write in libjxl bsc1233766 - CVE-2024-50602: Fixed DoS via XMLResumeParser in libexpat bsc1232602...

Updated tomcat packages fix security vulnerabilities

RCE due to TOCTOU issue in JSP compilation. CVE-2024-50379 DoS in examples web application. CVE-2024-54677...

CVE-2024-54682

Mattermost versions 10.1.x = 10.1.2, 10.0.x = 10.0.2, 9.11.x = 9.11.4, 9.5.x = 9.5.12 fail to limit the file size for slack import file uploads which allows a user to cause a DoS via zip bomb by importing data in a team they are a team admin...