CVE-2025-2177

A vulnerability classified as critical was found in libzvbi up to 0.2.43. This vulnerability affects the function vbisearchnew of the file src/search.c. The manipulation of the argument patlen leads to integer overflow. The attack can be initiated remotely. The exploit has been disclosed to the...

Envoy Gateway Log Injection Vulnerability

Impact In all Envoy Gateway versions prior to 1.2.7 and 1.3.1 a default Envoy Proxy access log configuration is used. This format is vulnerable to log injection attacks. If the attacker uses a specially crafted user-agent which performs json injection, then he could add and overwrite fields to th...

CVE-2024-58060

In the Linux kernel, the following vulnerability has been resolved: bpf: Reject structops registration that uses module ptr and the module btfid is missing There is a UAF report in the bpfstructops when CONFIGMODULES=n. In particular, the report is on tcpcongestionops that has a "struct module...

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: prometheus-beat-exporter, flux, kube-oidc-proxy, kube-rbac-proxy-fips, buildkitd, nri-redis, protoc-gen-go-grpc, node-problem-detector, rabbitmq-cluster-operator, cert-exporter-fips, fuse-overlayfs-snapshotter, golangci-lint, fq, kube-bench, envoy-ratelimit-fips,...

SAP NetWeaver AS Java Multiple Vulnerabilities (Feb 2025)

SAP NetWeaver Application Server for Java is affected by multiple vulnerabilities, including the following: - The User Admin application of SAP NetWeaver AS for Java insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL. This resul...

Oracle Linux 8 : gcc (ELSA-2025-1301)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-1301 advisory. - Merge Oracle patches to 8.5.0-23. Oracle history: May-22-2024 Qing Zhao 8.5.0-22.0.1 - Merge Oracle patches to 8.5.0-22. Reviewed-by: Jose E. Marchesi...

CVE-2020-15208

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a DCHECK which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can...

Security Bulletin: TSSC/IMC is vulnerable to a Prefix truncation attack on Binary Packet Protocol

Summary TSSC/IMC is vulnerable to a Prefix truncation attack on Binary Packet Protocold. A patch has been provided that updates the libssh library. CVE-2023-48795. Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH...

Android Security Bulletin-February 2025Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2025-02-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Android partners are...

PT-2025-24329

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to July 2025 Patch Tuesday Description A remote code execution vulnerability exists in the Web Distributed Authoring and Versioning WebDAV component of Microsoft Windows. This flaw, tracked as CVE-2025-33053,...

GHSA-X52F-H5G4-8QV5 Marp Core allows XSS by improper neutralization of HTML sanitization

Marp Core @marp-team/marp-core from v3.0.2 to v3.9.0 and v4.0.0, are vulnerable to cross-site scripting XSS due to improper neutralization of HTML sanitization. Impact Marp Core includes an HTML sanitizer with allowlist support. In the affected versions, the built-in allowlist is enabled by...

CVE-2024-42448

creationtimestamp| type| source ---|---|--- 2024-12-03 21:45:08+00:00| seen| https://infosec.exchange/users/edwardk/statuses/113591078514826699 2024-12-04 04:34:00+00:00| seen| https://thehackernews.com/2024/12/veeam-issues-patch-for-critical-rce.html 2024-12-04 06:37:00+00:00| seen|...

Oracle Linux 9 : webkit2gtk3 (ELSA-2024-9144)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-9144 advisory. 2.44.3-2 - Add patch to fix WebAssembly Resolves: RHEL-32578 2.44.3-1 - Update to 2.44.3 Resolves: RHEL-32578 2.44.2-1 - Update to 2.44.2 Resolves:...

EulerOS 2.0 SP9 : vim (EulerOS-SA-2024-2841)

According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Vim is an open source command line text editor. Vim v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack...

PT-2024-10773 · Epson · Epson

Name of the Vulnerable Software and Affected Versions: Siime Eye version 14.1.00000001.3.330.0.0.3.14 Description: An issue was discovered in the software, where there is no CSRF protection. This issue affects multiple products, including Epson, Sannce, Svakom, and Tk-star. However, specific...

PT-2024-7642 · Unknown · Cyberpanel

Name of the Vulnerable Software and Affected Versions: CyberPanel versions prior to 1c0c6cb CyberPanel versions through 2.3.6 CyberPanel version 2.3.7 Description: The issue is related to incorrect default permissions in CyberPanel, allowing remote attackers to bypass authentication and execute...

Fortinet Warns of Critical Vulnerability in FortiManager Under Active Exploitation

Fortinet has confirmed details of a critical security flaw impacting FortiManager that has come under active exploitation in the wild. Tracked as CVE-2024-47575 CVSS score: 9.8, the vulnerability is also known as FortiJump and is rooted in the FortiGate to FortiManager FGFM protocol. "A missing...

PT-2025-18291 · Xwiki · Xwiki

Name of the Vulnerable Software and Affected Versions: XWiki versions 13.5-rc-1 through 15.10.12 XWiki versions 16.0.0-rc-1 through 16.4.3 XWiki versions 16.5.0-rc-1 through 16.7.x Description: The issue is related to an open redirect vulnerability in the HTML conversion request filter. This allo...

The vulnerability of the net/mlx5e component in the Linux operating system, which allows a hacker to cause a service failure.

The vulnerability of the net/mlx5e component in the Linux operating system is related to the assignment of null MAC during security patch updates. Exploiting this vulnerability can allow attackers to cause service failures...

CVE-2024-41013

In the Linux kernel, the following vulnerability has been resolved: xfs: don't walk off the end of a directory data block This adds sanity checks for xfsdir2dataunused and xfsdir2dataentry to make sure don't stray beyond valid memory region. Before patching, the loop simply checks that the start...