Lucene search
+L

451 matches found

redhatcve
redhatcve
added 2025/05/22 6:18 p.m.11 views

CVE-2021-21797

An exploitable double-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a reference to a timeout object to be stored in two different places. When closed, the document will result in the reference being released twice. This can lea...

8.8CVSS6.9AI score0.15046EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/21 6:31 p.m.11 views

CVE-2006-7186

cgi-lib/subs.pl in web-app.net WebAPP before 0.9.9.3.5 allows attackers to open list files in "profile and other functions," a different vulnerability than CVE-2005-0927...

10CVSS6.7AI score0.01647EPSS
Exploits0References1
osv
osv
added 2025/05/13 9:16 p.m.6 views

CVE-2025-43554

Substance3D - Modeler versions 1.21.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.3AI score0.00181EPSS
Exploits0References1
nvd
nvd
added 2025/04/08 7:15 p.m.13 views

CVE-2025-30302

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in tha...

5.5CVSS0.00219EPSS
Exploits0References1
osv
osv
added 2025/04/08 5:26 p.m.8 views

USN-7426-1 poppler vulnerabilities

It was discovered that poppler incorrectly handled memory when opening certain PDF files. An attacker could possibly use this issue to cause poppler to crash, resulting in a denial of service...

7.1CVSS7.3AI score0.00234EPSS
Exploits2References3
ptsecurity
ptsecurity
added 2025/04/08 12:0 a.m.2 views

PT-2025-15628 · Adobe · Framemaker

Name of the Vulnerable Software and Affected Versions: Adobe Framemaker versions 2020.8, 2022.6 and earlier Description: The issue is a NULL Pointer Dereference that could result in an application denial-of-service. An attacker could exploit this to crash the application, leading to a denial of...

5.5CVSS6AI score0.0019EPSS
Exploits0References6
redhat
redhat
added 2025/04/07 8:42 a.m.5 views

gimp: psp integer overflow RCE

A parsing vulnerability was found in the GNU Image Manipulation Program GIMP. This flaw allows an unauthenticated, remote attacker to trick a GIMP user into opening a malicious PSP file, possibly enabling the execution of unauthorized code within the GIMP process...

7.8CVSS6AI score0.93639EPSS
Exploits0References6
snyk
snyk
added 2025/03/12 7:29 p.m.2 views

Deserialization of Untrusted Data

Overview github.com/cosmos/ibc-go/modules/core/04-channel/keeper is an interblockchain communication protocol IBC implementation in Golang built as a SDK module. Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to inconsistencies in the deserialization...

9.6CVSS7AI score
Exploits0References4
snyk
snyk
added 2025/03/12 7:29 p.m.3 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to inconsistencies in the deserialization process of acknowledgments, leading to non-deterministic behavior that can halt a blockchain network. Note: This is only exploitable if the attacker has the...

9.6CVSS7AI score
Exploits0References4
snyk
snyk
added 2025/03/12 7:29 p.m.3 views

Deserialization of Untrusted Data

Overview github.com/cosmos/ibc-go/v10/modules/core/04-channel/keeper is an interblockchain communication protocol IBC implementation in Golang built as a SDK module. Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to inconsistencies in the deserialization...

9.6CVSS7AI score
Exploits0References4
snyk
snyk
added 2025/03/12 7:29 p.m.3 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to inconsistencies in the deserialization process of acknowledgments, leading to non-deterministic behavior that can halt a blockchain network. Note: This is only exploitable if the attacker has the...

9.6CVSS7AI score
Exploits0References4
nvd
nvd
added 2025/03/04 2:15 p.m.18 views

CVE-2025-27425

Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert first. This vulnerability was fixed in Firefox for iOS 136...

4.3CVSS0.00215EPSS
Exploits0References2
osv
osv
added 2025/02/28 5:46 p.m.19 views

GHSA-JG6F-48FF-5XRW IBC-Go has Non-deterministic JSON Unmarshalling of IBC Acknowledgement

Name: ASA-2025-004: Non-deterministic JSON Unmarshalling of IBC Acknowledgement can result in a chain halt Component: IBC-Go Criticality: Critical Considerable Impact; Almost Certain Likelihood per ACMv1.2 Affected versions: IBC-Go = v7; Earlier IBC-Go versions may also be affected. Affected user...

9.3CVSS7AI score
Exploits0References4
ptsecurity
ptsecurity
added 2025/02/28 12:0 a.m.7 views

PT-2025-9199 · Ibc-Go · Ibc-Go

Name of the Vulnerable Software and Affected Versions: IBC-Go versions 7 and later Description: An issue was discovered in IBC-Go's deserialization of acknowledgements, resulting in non-deterministic behavior that can halt a chain. Any user who can open an IBC channel can introduce this state to...

9.3CVSS7.2AI score
Exploits0References5
nessus
nessus
added 2025/02/15 12:0 a.m.11 views

Fedora 40 : libheif (2025-666aaa6a0d)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-666aaa6a0d advisory. Latest upstream release. It adds support for tiles and fixes reading images generated by iOS 18+. See https://github.com/strukturag/libheif/releases for more...

8.1CVSS7.8AI score0.00825EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2025/02/12 1:27 p.m.1 views

CVE-2025-21695 platform/x86: dell-uart-backlight: fix serdev race

In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-uart-backlight: fix serdev race The delluartblserdevprobe function calls devmserdevdeviceopen before setting the client ops via serdevdevicesetclientops. This ordering can trigger a NULL pointer dereference in...

6AI score0.00175EPSS
Exploits0References2
osv
osv
added 2025/01/14 7:15 p.m.3 views

CVE-2025-21132

Substance3D - Stager versions 3.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.3AI score0.00212EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/01/07 12:0 a.m.4 views

LibreOffice 信息泄露漏洞

LibreOffice is an open source office software suite from The Document Foundation. An information disclosure vulnerability exists in LibreOffice versions prior to 24.8 through 24.8.4, which stems from improper exposure of environment variables and INI file values, which could result in sensitive...

6.7CVSS4.9AI score0.00538EPSS
Exploits0References3
nvd
nvd
added 2024/12/27 2:15 p.m.13 views

CVE-2024-53173

In the Linux kernel, the following vulnerability has been resolved: NFSv4.0: Fix a use-after-free problem in the asynchronous open Yang Erkun reports that when two threads are opening files at the same time, and are forced to abort before a reply is seen, then the call to nfsreleaseseqid in...

7.8CVSS0.00262EPSS
Exploits0References11
osv
osv
added 2024/12/19 12:15 a.m.3 views

CVE-2022-44520

Acrobat Reader DC version 22.001.20085 and earlier, 20.005.3031x and earlier and 17.012.30205 and earlier are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a...

7.8CVSS6.3AI score0.00351EPSS
Exploits0References1
Rows per page
Query Builder