TencentOS Server 4: gimp (TSSA-2025:0601)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0601 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

TencentOS Server 4: gdk-pixbuf2 (TSSA-2025:0706)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0706 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 4: LibRaw (TSSA-2025:0399)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0399 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

CVE-2025-63371

Milos Paripovic OneCommander 3.102.0.0 is vulnerable to Directory Traversal. The vulnerability resides in the ZIP file processing component, specifically in the functionality responsible for extracting and handling ZIP archive contents...

CVE-2025-55179

Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device. We have not seen...

Denial Of Service (DoS)

ImageMagick is vulnerable to Denial of Service DoS. The vulnerability is due to unsigned integer underflow and division-by-zero conditions in the CLAHEImage function when tile width or height is zero, which allows an attacker to trigger out-of-bounds memory access or application crashes by...

CVE-2025-63371

CVE-2025-63371 affects OneCommander 3.102.0.0. The vulnerability stems from the ZIP file processing component during extraction, enabling potential directory traversal via ZIP archive contents. Public documents consistently describe the flaw, but do not provide a confirmed fix version or remediat...

CVE-2025-63371

Milos Paripovic OneCommander 3.102.0.0 is vulnerable to Directory Traversal. The vulnerability resides in the ZIP file processing component, specifically in the functionality responsible for extracting and handling ZIP archive contents...

PT-2025-47535

Name of the Vulnerable Software and Affected Versions OneCommander version 3.102.0.0 Description OneCommander version 3.102.0.0 contains a flaw in the ZIP file processing component. This issue relates to how the software handles ZIP archive contents during extraction, potentially allowing for...

CVE-2025-55179

Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device. We have not seen...

CVE-2025-55179

Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device. We have not seen...

CVE-2025-55179

WhatsApp family apps (iOS and Mac) are affected by incomplete validation of rich response messages that could allow processing of media content from an arbitrary URL on another user’s device. Affected versions: iOS WhatsApp pre-2.25.23.73, iOS WhatsApp Business pre-2.25.23.82, and Mac WhatsApp pr...

Siemens SIPROTEC 5 Allocation of Resources Without Limits or Throttling (CVE-2025-40570)

Affected devices do not properly limit the bandwidth for incoming network packets over their local USB port. This could allow an attacker with physical access to send specially crafted packets with high bandwidth to the affected devices thus forcing them to exhaust their memory and stop respondin...

Mozilla Thunderbird < 52.7

The version of Thunderbird installed on the remote Windows host is prior to 52.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-09 advisory. - Mozilla developers Jet Villegas and Randell Jesup reported memory safety bugs present in Firefox ESR 52.6 and...

Mozilla Firefox < 51.0

The version of Firefox installed on the remote Windows host is prior to 51.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-01 advisory. - A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the...

openSUSE 15 Security Update : libxml2 (SUSE-SU-2025:4115-1)

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4115-1 advisory. - CVE-2025-9714: Fixed inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c bsc1249076 - CVE-2025-8732: Fixed infinite recursion...

Siemens SCALANCE and RUGGEDCOM Devices NULL Pointer Dereference (CVE-2024-36901)

ipv6: prevent NULL dereference in ip6output According to syzbot, there is a chance that ip6dstidev returns NULL in ip6output. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

EUVD-2025-197847

Kernel or driver software installed on a Guest VM may post improper commands to the GPU Firmware to exploit a TOCTOU race condition and trigger a read and/or write of data outside the allotted memory escaping the virtual machine...

CVE-2025-58407

Kernel or driver software installed on a Guest VM may post improper commands to the GPU Firmware to exploit a TOCTOU race condition and trigger a read and/or write of data outside the allotted memory escaping the virtual machine...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection in the CLI, via the -c/--cmd option. The processing of commandline options in src/bin.mts calls the foregroundChild on them, which defaults to setting shell: true. An attacker who can control the filenames being matche...