405 matches found
EUVD-2021-7678
Malicious code in bioql PyPI...
EUVD-2022-3720
Malicious code in bioql PyPI...
Moderate: kernel-rt security update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: nfsd: don't ignore the return code of svcprocregister CVE-2025-22026 kernel: netsched: hfsc: Fix a UAF vulnerability in class...
SUSE-SU-2025:02993-1 Security update for jetty-minimal
This update for jetty-minimal fixes the following issues: Upgraded to version 9.4.58.v20250814: - CVE-2025-5115: Fixed MadeYouReset DoS attack via HTTP/2 protocol including DNS over HTTPS bsc1244252...
ntpd-rs 安全漏洞
ntpd-rs is a Project Pendulum open source tool for synchronizing computer clocks with the NTP and NTS protocols. A security vulnerability exists in ntpd-rs versions 1.2.0 through 1.6.1, which stems from allowing non-NTS traffic and could lead to a denial of service attack...
Security update for tomcat11
This update for tomcat11 fixes the following issues: Updated to Tomcat 11.0.9 - CVE-2025-52520: Fixed integer overflow can lead to DoS for some unlikely configurations of multipart upload bsc1246388 - CVE-2025-53506: Fixed uncontrolled resource HTTP/2 client consumption vulnerability bsc1246318...
PT-2025-34462 · Reolink · Reolink Smart 2K+ Plug-In Wi-Fi Video Doorbell
Name of the Vulnerable Software and Affected Versions: Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime version 3.0.0.4662 2503122283 Description: An incorrect access control issue exists in the RTMP server settings. This allows attackers to cause a Denial of Service DoS by initiating a...
Linux Distros Unpatched Vulnerability : CVE-2017-15407
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out-of-bounds Write in the QUIC networking stack in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to gain code execution via a malicious server...
EulerOS 2.0 SP13 : ppp (EulerOS-SA-2025-1983)
According to the versions of the ppp package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges.CVE-2024-58250 Tenable has extracted the preceding description block directly...
F5 Networks BIG-IP : HTTP/2 vulnerability (K000152001)
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.8 / 16.1.6.1 / 17.1.3 / 17.5.1.2. It is, therefore, affected by a vulnerability as referenced in the K000152001 advisory. An HTTP/2 implementation flaw allows a denial-of-service DoS that uses malformed HTTP/2...
CVE-2025-53778 Windows NTLM Elevation of Privilege Vulnerability
...
The vulnerability of the BCH Handler component in the End-of-Train and Head-of-Train protocols allows a attacker to trigger a service failure.
The vulnerability of the BCH Handler component in the End-of-Train and Head-of-Train protocols relates to the bypassing of authentication processes. Exploiting this vulnerability can allow a malicious actor to cause service failures...
CVE-2025-2818
A vulnerability was reported in version 1.0 of the Bluetooth Transmission Alliance protocol adopted by Motorola Smart Connect Android Application that could allow a nearby attacker within the Bluetooth interaction range to intercept files when transferred to a device not paired in Smart Connect...
CVE-2025-2818
A vulnerability was reported in version 1.0 of the Bluetooth Transmission Alliance protocol adopted by Motorola Smart Connect Android Application that could allow a nearby attacker within the Bluetooth interaction range to intercept files when transferred to a device not paired in Smart Connect...
CVE-2024-41169
The attacker can use the raft server protocol in an unauthenticated way. The attacker can see the server's resources, including directories and files. This issue affects Apache Zeppelin: from 0.10.1 up to 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue by removin...
CVE-2025-52984
A NULL Pointer Dereference vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause impact to the availability of the device. When static route points to a reject next hop and a gNMI query is...
CVE-2025-52471 ESP-NOW Integer Underflow Vulnerability Advisory
ESF-IDF is the Espressif Internet of Things IOT Development Framework. An integer underflow vulnerability has been identified in the ESP-NOW protocol implementation within the ESP Wi-Fi component of versions 5.4.1, 5.3.3, 5.2.5, and 5.1.6 of the ESP-IDF framework. This issue stems from insufficie...
Advisory ROSA-SA-2025-2895
Software: nginx 1.20.1 OS: rosa-server79 packageevrstring: nginx-1.20.1-22.res7.2 CVE-ID: CVE-2021-3618 BDU-ID: 2022-00351 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the vsftpd FTP server is related to a lack of protection for transmitted data. Exploitation of the vulnerability could allow an...
CVE-2025-5301 Reflected Cross-Site Scripting in ONLYOFFICE Docs (DocumentServer)
ONLYOFFICE Docs DocumentServer in versions equal and below 8.3.1 are affected by a reflected cross-site scripting XSS issue when opening files via the WOPI protocol. Attackers could inject malicious scripts via crafted HTTP POST requests, which are then reflected in the server's HTML response...
quic-go Has Panic in Path Probe Loss Recovery Handling
Impact The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to trigger a nil-pointer dereference by a malicious QUIC client. In order to do so, the attacker first sends valid QUIC packets from different remote addresses thereby triggering the newly adde...