4752 matches found
UBUNTU-CVE-2025-21567
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server...
CVE-2025-21557
...
CVE-2025-21545
...
CVE-2025-21537
...
CVE-2025-21535
...
CVE-2025-21525
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DDL. Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromi...
Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers
New research has uncovered security vulnerabilities in multiple tunneling protocols that could allow attackers to perform a wide range of attacks. "Internet hosts that accept tunneling packets without verifying the sender's identity can be hijacked to perform anonymous attacks and provide access ...
USN-7166-4: Linux kernel (Xilinx ZynqMP) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - RISC-V architecture; - S390 architecture; - x86 architecture; - Block layer subsystem; - ACPI...
Mercedes-Benz Head Unit security research report
Introduction This report covers the research of the Mercedes-Benz Head Unit, which was made by our team. Mercedes-Benz's latest Head Unit infotainment system is called Mercedes-Benz User Experience MBUX. We performed analysis of the first generation MBUX. MBUX was previously analysed by KeenLab...
SUSE SLED15: bubblewrap / bubblewrap-zsh-completion / flatpak / flatpak-devel / etc (SUSE-SU-SUSE-RU-2025:0145-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-SUSE-RU-2025:0145-1 advisory. This update for bubblewrap, flatpak updates flatpak to 1.16.0. flatpak changes: - Update...
Insecure Implementation of Tunneling Protocols (GRE/IPIP/4in6/6in4)
Overview Tunnelling protocols are an essential part of the Internet and form much of the backbone that modern network infrastructure relies on today. One limitation of these protocols is that they do not authenticate and/or encrypt traffic. Though this limitation exists, IPsec can be implemented ...
CVE-2024-7595
An insecure configuration flaw was found in the GRE and GRE6 Protocols. When configured to not require authentication or filtering, this issue could allow a remote unauthenticated attacker to spoof packets or bypass access controls. Mitigation See references section for detailed guidance...
USN-7204-1 neomutt vulnerabilities
Jeriko One discovered that NeoMutt incorrectly handled certain IMAP and POP3 responses. An attacker could possibly use this issue to cause NeoMutt to crash, resulting in a denial of service, or the execution of arbitrary code. This issue only affected Ubuntu 18.04 LTS. CVE-2018-14349,...
CVE-2024-12084
A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths s2length in the code. When MAXDIGESTLEN exceeds the fixed SUMLENGTH 16 bytes, an attacker can write out of bounds in the sum2 buffer...
CVE-2025-23018
IPv4-in-IPv6 and IPv6-in-IPv6 tunneling RFC 2473 do not require the validation or verification of the source of a network packet, allowing an attacker to spoof and route arbitrary traffic via an exposed network interface. This is a similar issue to CVE-2020-10136...
CISA: Unattended vs. Suspicious Item Postcard
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: Introduction to Chemical Security at CISA
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: February 2015/1st Edition - Presidential Policy Directive 21 Implementation: an Interagency Security Committee White Paper
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA: Dow Incident and Crisis Management
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
K000149248: Java vulnerability CVE-2024-21210
Security Advisory Description Vulnerability in Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and 23. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...