6945 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-47183
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In GStreamer through 1.26.1, the isomp4 plugin's qtdemuxparsetree function may read past the end of a heap buffer while parsing an MP4 file, leading to...
ROS-20250822-07
Vulnerability of parse.ParseUnverified function of golang-jwt web token library of Go programming language is related to uncontrolled resource consumption. Go programming language is related to uncontrolled resource consumption. Exploitation of the vulnerability allows an attacker acting remotely...
ROS-20250822-08
Vulnerability of parse.ParseUnverified function of golang-jwt web token library of Go programming language is related to uncontrolled resource consumption. Go programming language is related to uncontrolled resource consumption. Exploitation of the vulnerability allows an attacker acting remotely...
SUSE CVE-2025-50946
OS Command Injection in Olivetin 2025.4.22 Custom Themes via the ParseRequestURI function in service/internal/executor/arguments.go...
TencentOS Server 4: mod_security (TSSA-2025:0553)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0553 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
curl: Curl parse_connect_to_string Heap-Overread Leading to Denial of Service via CURLOPT_CONNECT_TO
Summary: A heap-buffer-overread occurs in Curl's parseconnecttostring function when using the CURLOPTCONNECTTO option with crafted input. This can lead to a segmentation fault and crash of the application, resulting in a denial-of-service. The issue is triggered by malformed host strings containi...
Linux Distros Unpatched Vulnerability : CVE-2025-52891
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.8 to before 2.9.11, an empty XML ta...
Linux Distros Unpatched Vulnerability : CVE-2022-21222
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expression in the reattr...
Linux Distros Unpatched Vulnerability : CVE-2022-50012
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - powerpc/64: Init jump labels before parseearlyparam On 64-bit, calling jumplabelinit in setupfeaturekeys is too late because static keys may be used in...
Update Rollup 3 for System Center 2022 Operations Manager
Update Rollup 3 for System Center 2022 Operations Manager Introduction This article describes the new features and issues that are fixed in System Center Operations Manager 2022 Update Rollup 3. This article also contains the installation instructions for this update. Issues that are fixed...
Linux Distros Unpatched Vulnerability : CVE-2018-11210
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::Parse function in libtinyxml2.so. NOTE: The tinyxml2 developers have determined that the...
Linux Distros Unpatched Vulnerability : CVE-2023-29582
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parseexpr1 at /nasm/nasm-parse.c. Note: This has been disputed by third parties...
Linux Distros Unpatched Vulnerability : CVE-2010-3704
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics...
Linux Distros Unpatched Vulnerability : CVE-2025-38471
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: tls: always refresh the queue when reading sock After recent changes in net-next TCP compact...
Linux Distros Unpatched Vulnerability : CVE-2018-17846
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The html package aka x/net/html through 2018-09-25 in Go mishandles , leading to an infinite loop during an html.Parse call because inSelectIM and...
Linux Distros Unpatched Vulnerability : CVE-2018-17419
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in setTA in scanrr.go in the Miek Gieben DNS library before 1.0.10 for Go. A dns.ParseZone parsing error causes a segmentation violation...
Linux Distros Unpatched Vulnerability : CVE-2022-47086
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GPAC MP4Box v2.1-DEV-rev574-g9d5bb184b contains a segmentation violation via the function gfsmloadinitswf at scenemanager/swfparse.c CVE-2022-47086 Note that...
Linux Distros Unpatched Vulnerability : CVE-2018-5295
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PoDoFo 0.9.5, there is an integer overflow in the PdfXRefStreamParserObject::ParseStream function base/PdfXRefStreamParserObject.cpp. Remote attackers could...
OESA-2025-1996 python-werkzeug security update
A comprehensive WSGI web application library Security Fixes: Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal...
Linux Distros Unpatched Vulnerability : CVE-2021-47257
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: ieee802154: fix null deref in parse dev addr Fix a logic error that could result in a null deref if the user sets the mode incorrectly for the given addr...