Lucene search
K

249 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 2:25 a.m.6 views

CVE-2023-45825

ydb-go-sdk is a pure Go native and database/sql driver for the YDB platform. Since ydb-go-sdk v3.48.6 if you use a custom credentials object implementation of interface Credentials it may leak into logs. This happens because this object could be serialized into an error message using...

5.5CVSS6.2AI score0.00219EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/05/06 3:7 a.m.4 views

SUSE CVE-2022-49786

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: properly pin the parent in blkcgcssonline blkcgcssonline is supposed to pin the blkcg of the parent, but 397c9f46ee4d refactored things and along the way, changed it to pin the css instead. This results in extra pins,...

3.3CVSS6.3AI score0.0014EPSS
Exploits0References6
CVE
CVE
added 2025/05/01 1:7 p.m.84 views

CVE-2025-37762

CVE-2025-37762 affects the Linux kernel DRM virtio, where prepare_fb() error handling missed dmabuf unpinning, causing resource leaks on error paths. The vulnerability is fixed by correcting error handling in prepare_fb(), as noted in multiple sources (e.g., Astra Linux advisory citing the same d...

5.5CVSS6.5AI score0.0014EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:18 a.m.27 views

Security Bulletin: IBM Integration Bus for z/OS is vulnerable to memory leaking, segmentation fault or heap-use-after-free due to Eclipse Mosquitto (CVE-2024-8376)

Summary IBM Integration Bus for z/OS is vulnerable to memory leaking, segmentation fault or heap-use-after-free due to Eclipse Mosquitto. Vulnerability Details CVEID:CVE-2024-8376 DESCRIPTION: In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault o...

7.5CVSS7.4AI score0.00748EPSS
Exploits0Affected Software1
Schneier on Security
Schneier on Security
added 2025/04/09 11:2 a.m.16 views

How to Leak to a Journalist

Neiman Lab has some good advice on how to leak a story to a journalist...

7.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/03/06 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2024-8376

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of...

7.5CVSS8AI score0.00748EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2022-49263

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: brcmfmac: pcie: Release firmwares in the brcmfpciesetup error path This avoids leaking memor...

5.5CVSS6.1AI score0.00253EPSS
Exploits0References3
CVE
CVE
added 2025/02/26 2:12 a.m.87 views

CVE-2022-49436

CVE-2022-49436 affects the Linux kernel (powerpc/papr_scm) due to leaking nvdimm_events_map elements and mismatched stat_id handling (NULL termination vs 8-byte identifiers). The fix allocates space for stat_id entries in papr_scm_priv.nvdimm_events_map to prevent leaks and reconcile string sizin...

5.5CVSS6.5AI score0.00209EPSS
Exploits0References2Affected Software1
Debian
Debian
added 2024/11/12 8:1 a.m.18 views

[BSA-120] Security Update for mosquitto

Philippe Coval uploaded new packages for mosquitto which fixed the following security problems: CVE-2024-8376 In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT",...

7.5CVSS7AI score0.00748EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/11/01 11:20 p.m.4 views

Malicious code in creative_design_client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 15b9d3a4ef8f0a22d5ff21957427271795b4aa88024b5746a06181ae5918235a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2024/10/11 5:58 p.m.18 views

CVE-2024-8376

A flaw was found in Eclipse Mosquitto. A remote attacker may be able to trigger memory leakage, segmentation fault, or a heap-use-after-free condition by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE", and "PUBLISH" packets...

7.5CVSS6.3AI score0.00748EPSS
Exploits0References10
NVD
NVD
added 2024/10/11 4:15 p.m.23 views

CVE-2024-8376

In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets...

7.5CVSS0.00748EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2024/10/11 3:18 p.m.14 views

CVE-2024-8376

In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets...

7.5CVSS8.1AI score0.00748EPSS
Exploits0
OSV
OSV
added 2024/10/11 3:18 p.m.32 views

CVE-2024-8376 Memory leak

In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets...

7.2CVSS7AI score0.00748EPSS
Exploits0References11
CVE
CVE
added 2024/10/11 3:18 p.m.145 views

CVE-2024-8376

CVE-2024-8376 affects Eclipse Mosquitto up to version 2.0.18a, where an attacker can trigger memory leaking, segmentation fault or heap-use-after-free by sending crafted sequences of MQTT packets (CONNECT, DISCONNECT, SUBSCRIBE, UNSUBSCRIBE, PUBLISH). Public documents consistently cite these symp...

7.5CVSS7.5AI score0.00748EPSS
Exploits0References8Affected Software1
AlpineLinux
AlpineLinux
added 2024/10/11 3:18 p.m.20 views

CVE-2024-8376

In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets...

7.5CVSS7AI score0.00748EPSS
Exploits0References7
OSV
OSV
added 2024/10/09 8:29 p.m.6 views

GO-2024-3182 OpenTofu potential leaking of secret variable values when using static evaluation in v1.8 in github.com/opentofu/opentofu

OpenTofu potential leaking of secret variable values when using static evaluation in v1.8 in github.com/opentofu/opentofu...

7.1AI score
Exploits0References1
OSV
OSV
added 2024/10/08 10:21 p.m.2 views

GHSA-9722-9J67-VJCR Improper Authorization in Select Permissions

Due to the order in which permissions were processed, some statements, filters and computations could lead to leaking field values or record contents to users without the required permissions. This behavior could be triggered in different scenarios: - When performing a SELECT operation on a table...

7.1CVSS6.8AI score
Exploits0References13
Github Security Blog
Github Security Blog
added 2024/10/08 10:21 p.m.13 views

Improper Authorization in Select Permissions

Due to the order in which permissions were processed, some statements, filters and computations could lead to leaking field values or record contents to users without the required permissions. This behavior could be triggered in different scenarios: - When performing a SELECT operation on a table...

6.8AI score
Exploits0References13Affected Software2
OSV
OSV
added 2024/10/03 4:51 p.m.5 views

GHSA-WPR2-J6GR-PJW9 OpenTofu potential leaking of secret variable values when using static evaluation in v1.8

Impact Users who have opted into static evaluation of module sources, versions, and backend configurations may be at risk of exposing sensitive variables and locals. This is a workflow that should not be possible and explicitly show errors. Workarounds Check that you are not using sensitive...

6.3CVSS7AI score
Exploits0References3
Rows per page
Query Builder