Lucene search
K

17055 matches found

OSV
OSV
added 2025/11/21 2:31 p.m.8 views

SUSE-SU-2025:4159-1 Security update for tomcat

This update for tomcat fixes the following issues: Update to Tomcat 9.0.111: - CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT is enabled bsc1252753 - CVE-2025-55754: Fixed improper neutralization of escape, meta, or control sequences vulnerability bsc1252905 -...

9.6CVSS9.5AI score0.66535EPSS
Exploits4References7
RedHat Linux
RedHat Linux
added 2025/11/20 7:57 a.m.3 views

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

7.5CVSS6.6AI score0.00526EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2025/11/20 7:57 a.m.4 views

runc: container escape with malicious config due to /dev/console mount and related races

A flaw was found in runc. CVE-2025-52565 is very similar in concept and application toCVE-2025-31133, except that it exploits a flaw in /dev/console bind-mounts. When creating the /dev/console bind-mount to /dev/pts/$n, if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount...

8.4CVSS5.7AI score0.00526EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2025/11/20 7:57 a.m.6 views

runc: container escape via 'masked path' abuse due to mount race conditions

A flaw was found in runc. This flaw exploits an issue with how masked paths are implementedin runc. When masking files, runc will bind-mount the container's /dev/null inode on top of the file. However, if an attacker can replace /dev/null with a symlink to some other procfs file, runc will instea...

7.8CVSS5.8AI score0.00673EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.9 views

AlmaLinux 8 : container-tools:rhel8 (ALSA-2025:21232)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:21232 advisory. runc: container escape via 'masked path' abuse due to mount race conditions CVE-2025-31133 runc: container escape with malicious config due to /dev/conso...

8.4CVSS7AI score0.00673EPSS
Exploits4References5
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.7 views

TencentOS Server 4: mozjs (TSSA-2025:0366)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0366 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

9.1CVSS7.9AI score0.00538EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.2 views

Google Chrome < 88.0.4324.104 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 88.0.4324.104. It is, therefore, affected by multiple vulnerabilities as referenced in the 202101stable-channel-update-for-desktop19 advisory. - Inappropriate implementation in DevTools in Google Chrome prior to...

9.6CVSS7.9AI score0.23406EPSS
Exploits4References53
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.2 views

TencentOS Server 3: thunderbird (TSSA-2025:0447)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0447 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

9.1CVSS7.9AI score0.00538EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.3 views

Google Chrome < 83.0.4103.88 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 83.0.4103.88. It is, therefore, affected by multiple vulnerabilities as referenced in the 202006stable-channel-update-for-desktop advisory. - Use after free in payments in Google Chrome on MacOS prior to 83.0.4103.97...

9.6CVSS7.6AI score0.01682EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.3 views

Google Chrome < 88.0.4324.104 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 88.0.4324.104. It is, therefore, affected by multiple vulnerabilities as referenced in the 202101stable-channel-update-for-desktop19 advisory. - Inappropriate implementation in DevTools in Google Chrome prior to...

9.6CVSS7.9AI score0.23406EPSS
Exploits4References53
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.3 views

TencentOS Server 3: firefox (TSSA-2025:0446)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0446 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

9.1CVSS7.9AI score0.00538EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.3 views

TencentOS Server 3: tracker-miners (TSSA-2023:0320)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0320 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

7.7CVSS7.3AI score0.00867EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.8 views

TencentOS Server 4: thunderbird (TSSA-2025:0395)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0395 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

9.1CVSS8AI score0.23357EPSS
Exploits2References27
RedhatCVE
RedhatCVE
added 2025/11/19 8:53 a.m.2 views

CVE-2024-7017

Inappropriate implementation in DevTools in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.8CVSS7AI score0.00176EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/11/19 8:18 a.m.2 views

CVE-2025-13097

Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS7AI score0.00144EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2025/11/19 12:0 a.m.5 views

AlmaLinux 9 : runc (ALSA-2025:20957)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2025:20957 advisory. runc: container escape via 'masked path' abuse due to mount race conditions CVE-2025-31133 runc: container escape with malicious config due to /dev/conso...

8.4CVSS7AI score0.00673EPSS
Exploits4References5
Tenable Nessus
Tenable Nessus
added 2025/11/19 12:0 a.m.3 views

AlmaLinux 9 : podman (ALSA-2025:21702)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:21702 advisory. runc: container escape and denial of service due to arbitrary write gadgets and procfs write redirects CVE-2025-52881 Tenable has extracted the preceding...

7.5CVSS7.1AI score0.00526EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/11/19 12:0 a.m.3 views

RHEL 9 : kernel (RHSA-2025:21760)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21760 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: ALSA: usb-audio: Validate UAC...

7.8CVSS7AI score0.00331EPSS
Exploits0References21
NVD
NVD
added 2025/11/18 7:15 p.m.2 views

CVE-2025-63693

The comment editing template dzz/comment/template/editform.htm in DzzOffice 2.3.x lacks adequate security escaping for user-controllable data in multiple contexts, including HTML and JavaScript strings. This allows low-privilege attackers to construct comment content or request parameters and...

5.4CVSS0.00151EPSS
Exploits1References2
OSV
OSV
added 2025/11/18 7:15 p.m.4 views

CVE-2025-63693

The comment editing template dzz/comment/template/editform.htm in DzzOffice 2.3.x lacks adequate security escaping for user-controllable data in multiple contexts, including HTML and JavaScript strings. This allows low-privilege attackers to construct comment content or request parameters and...

5.4CVSS7.3AI score
Exploits0References2
Rows per page
Query Builder