Lucene search
+L

329 matches found

Tenable Nessus
Tenable Nessus
added 2025/11/10 12:0 a.m.5 views

AlmaLinux 9 : runc (ALSA-2025:19927)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2025:19927 advisory. runc: container escape via 'masked path' abuse due to mount race conditions CVE-2025-31133 runc: container escape with malicious config due to /dev/conso...

8.4CVSS6.9AI score0.0067EPSS
Exploits4References5
Mageia
Mageia
added 2025/11/09 7:52 a.m.15 views

Updated opencontainers-runc packages fix security vulnerabilities

The way masked paths are implemented in runc can be exploited to cause the host system to crash or halt CVE-2025-31133 and a flaw in /dev/console bind-mounts can lead to container escape CVE-2025-52565. Also, arbitrary write gadgets and procfs write redirects could be used to engineer container...

8.4CVSS7AI score0.0067EPSS
Exploits4References4
Cvelist
Cvelist
added 2025/11/07 6:4 p.m.10 views

CVE-2025-12829

An uninitialized stack read issue exists in Amazon Ion-C versions v1.1.4 that may allow a threat actor to craft data and serialize it to Ion text in such a way that sensitive data in memory could be exposed through UTF-8 escape sequences. To mitigate this issue, users should upgrade to version...

6.9CVSS0.00147EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/07 6:4 p.m.5 views

EUVD-2025-38328

An uninitialized stack read issue exists in Amazon Ion-C versions v1.1.4 that may allow a threat actor to craft data and serialize it to Ion text in such a way that sensitive data in memory could be exposed through UTF-8 escape sequences. To mitigate this issue, users should upgrade to version...

6.9CVSS6.2AI score0.00147EPSS
Exploits0References3
CVE
CVE
added 2025/11/07 6:4 p.m.15 views

CVE-2025-12829

An uninitialized stack read in Amazon Ion-C versions

6.9CVSS6.3AI score0.00147EPSS
Exploits0References3
OSV
OSV
added 2025/11/07 6:4 p.m.7 views

CVE-2025-12829

An uninitialized stack read issue exists in Amazon Ion-C versions v1.1.4 that may allow a threat actor to craft data and serialize it to Ion text in such a way that sensitive data in memory could be exposed through UTF-8 escape sequences. To mitigate this issue, users should upgrade to version...

6.9CVSS6.7AI score0.00147EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/11/07 12:0 a.m.8 views

PT-2025-45475

Name of the Vulnerable Software and Affected Versions Amazon Ion-C versions prior to 1.1.4 Description An uninitialized stack read issue exists that may allow an attacker to craft data and serialize it to Ion text. This could expose sensitive data in memory through UTF-8 escape sequences...

6.9CVSS6.5AI score0.00147EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/11/07 12:0 a.m.4 views

Amazon Ion C 安全漏洞

Amazon Ion C is an amazon-ion open source C implementation of Amazon Ion. A security vulnerability exists in versions prior to Amazon Ion C v1.1.4, which stems from an uninitialized stack read issue that could cause UTF-8 escape sequences to expose sensitive data in memory...

6.9CVSS6.5AI score0.00147EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/11/04 8:15 a.m.6 views

git: Git does not sanitize URLs when asking for credentials interactively

A flaw was found in Git. This vulnerability occurs when Git requests credentials via a terminal prompt, for example, without the use of a credential helper. During this process, Git displays the host name for which the credentials are needed, but any URL-encoded parts are decoded and displayed...

4.7CVSS7.2AI score0.00654EPSS
Exploits0References7
Snyk
Snyk
added 2025/10/16 7:51 a.m.2 views

Malicious Package

Overview ddok-escapes is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References3
OSV
OSV
added 2025/10/10 5:50 a.m.5 views

RLSA-2025:16108 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: thunderbird: Sandbox escape due to use-after-free in the Graphics: Canvas2D component CVE-2025-10527 firefox: thunderbird: Incorrect boundary conditions in the...

7.5CVSS7.5AI score0.00687EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/10/09 12:0 a.m.5 views

AlmaLinux 10 : thunderbird (ALSA-2025:16157)

The remote AlmaLinux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2025:16157 advisory. firefox: thunderbird: Sandbox escape due to use-after-free in the Graphics: Canvas2D component CVE-2025-10527 firefox: thunderbird: Incorrect boundary...

8.8CVSS7.2AI score0.00687EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2025/10/08 11:30 p.m.4 views

SUSE CVE-2023-53677

In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix memory leaks in i915 selftests This patch fixes memory leaks on error escapes in function fakegetpages cherry picked from commit 8bfbdadce85c4c51689da10f39c805a7106d4567...

2.3CVSS6.6AI score0.00119EPSS
Exploits0References3
CVE
CVE
added 2025/10/07 3:21 p.m.21 views

CVE-2023-53677

CVE-2023-53677 is associated with a Linux kernel issue in the drm/i915 area. The affected component is the i915 selftests code path, where the patch fixes memory leaks on error escapes in function fake_get_pages (cherry-picked from a kernel commit). The vulnerability was resolved in the kernel, a...

5.5CVSS6.2AI score0.00119EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2010-4625

Malware in sbrugna...

9.8CVSS9.2AI score0.01315EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-7695

Malware in sbrugna...

5.5CVSS5.3AI score0.00313EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-3572

Malware in sbrugna...

9.8CVSS9.5AI score0.01589EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/10/06 1:30 a.m.10 views

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

8.8CVSS6.9AI score0.00687EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/10/06 1:30 a.m.5 views

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

8.8CVSS6.9AI score0.00687EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/10/06 12:0 a.m.2 views

RHEL 8 : thunderbird (RHSA-2025:17341)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:17341 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Sandbox escape due to use-after-free i...

8.8CVSS7.2AI score0.00687EPSS
Exploits0References16
Rows per page
Query Builder