1427 matches found
CVE-2025-9231
Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM platforms. Impact summary: A timing side-channel in SM2 signature computations on 64 bit ARM platforms could allow recovering the private...
GHSA-7VM2-J586-VCVC SurrealDB is Vulnerable to Unauthorized Data Exposure via LIVE Query Subscriptions
LIVE SELECT statements are used to capture changes to data within a table in real time. Documents included in WHERE conditions and DELETE notifications were not properly reduced to respect the querying user's security context. Instead the leaked documents reflect the context of the user triggerin...
SurrealDB is Vulnerable to Unauthorized Data Exposure via LIVE Query Subscriptions
LIVE SELECT statements are used to capture changes to data within a table in real time. Documents included in WHERE conditions and DELETE notifications were not properly reduced to respect the querying user's security context. Instead the leaked documents reflect the context of the user triggerin...
Linux Distros Unpatched Vulnerability : CVE-2010-2198
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deleti...
GHSA-8F93-J3FX-72F3 CRI-O has Potential High Memory Consumption from File Read
There's a vulnerability in the CRI-O application where when container is launched with securityContext.runAsUser specifying a non-existent user, CRI-O attempts to create the user, reading the container's entire /etc/passwd file into memory. If this file is excessively large, it can cause the a hi...
CVE-2024-12223
Prism Central versions prior to 2024.3.1 are vulnerable to a stored cross-site scripting attack via the Events component, allowing an attacker to hijack a victim user’s session and perform actions in their security context...
CVE-2024-12223 Stored Cross-site Scripting (XSS) in Nutanix Prism Central
Prism Central versions prior to 2024.3.1 are vulnerable to a stored cross-site scripting attack via the Events component, allowing an attacker to hijack a victim user’s session and perform actions in their security context...
Linux Distros Unpatched Vulnerability : CVE-2021-21334
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In containerd an industry-standard container runtime before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation through...
PT-2025-31455 · Absolute · Absolute Secure Access
Name of the Vulnerable Software and Affected Versions: Absolute Secure Access versions 12.01 through 13.55 Description: The management console of Absolute Secure Access is susceptible to an issue where attackers possessing administrative privileges can trigger the deserialization and execution of...
SUSE CVE-2025-38396
In the Linux kernel, the following vulnerability has been resolved: fs: export anoninodemakesecureinode and fix secretmem LSM bypass Export anoninodemakesecureinode to allow KVM guestmemfd to create anonymous inodes with proper security context. This replaces the current pattern of calling...
CVE-2024-49343
CVE-2024-49343 affects IBM Informix Dynamic Server (IDS) versions 12.10 and 14.10. The issue is an HTML injection vulnerability: a remote attacker can inject malicious HTML that is rendered in the victim’s browser within the hosting site’s security context. The provided documents do not describe ...
CVE-2025-38396
In the Linux kernel, the following vulnerability has been resolved: fs: export anoninodemakesecureinode and fix secretmem LSM bypass Export anoninodemakesecureinode to allow KVM guestmemfd to create anonymous inodes with proper security context. This replaces the current pattern of calling...
UBUNTU-CVE-2025-38396
In the Linux kernel, the following vulnerability has been resolved: fs: export anoninodemakesecureinode and fix secretmem LSM bypass Export anoninodemakesecureinode to allow KVM guestmemfd to create anonymous inodes with proper security context. This replaces the current pattern of calling...
CVE-2025-38396 fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass
In the Linux kernel, the following vulnerability has been resolved: fs: export anoninodemakesecureinode and fix secretmem LSM bypass Export anoninodemakesecureinode to allow KVM guestmemfd to create anonymous inodes with proper security context. This replaces the current pattern of calling...
CVE-2023-38007
CVE-2023-38007 affects IBM Cloud Pak System versions on Power (2.3.5.0; 2.3.3.7 with iFix1) and Intel (2.3.3.6 with iFix1/2; 2.3.4.0/2.3.4.1). Root cause is HTML injection (XSS) in the web UI, allowing a remote attacker to inject malicious HTML that runs in the browser within the hosting site's s...
Allocation of Resources Without Limits or Throttling
Overview github.com/cri-o/cri-o/server is an OCI-based implementation of Kubernetes Container Runtime Interface Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the handling of the /etc/passwd file. An attacker with minimal privileges to...
CVE-2024-41752
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...
CVE-2023-28650
An unauthenticated remote attacker could provide a malicious link and trick an unsuspecting user into clicking on it. If clicked, the attacker could execute the malicious JavaScript JS payload in the target’s security context...
CVE-2023-32332
IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-For...
CVE-2022-40160
DISPUTED This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. The CVE was then allocated by Google in breach of the CNA...