Lucene search
K

784 matches found

Vulnrichment
Vulnrichment
added 2025/08/11 12:21 p.m.2 views

CVE-2025-8672 TCC Bypass via Inherited Permissions in Bundled Interpreter in GIMP.app

MacOS version of GIMP bundles a Python interpreter that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the application...

4.8CVSS7.3AI score0.003EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/07 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-32989

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency CT Signed Certificate Timestamp SCT extension during X.5...

5.3CVSS5.8AI score0.01179EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/02 12:0 a.m.3 views

PT-2025-31774 · Undefined · Undefined

hey @Microsoft when Defender started scanning for non-malicious documents like pandemic compliance forms, it crossed from security into behavioral monitoring. Microsoft's transparency failures around this documented in CVE-2020-16883 validated many professionals' concerns...

7AI score
Exploits0References1
OSV
OSV
added 2025/08/01 2:44 p.m.3 views

SUSE-SU-2025:02592-1 Security update for cosign

This update for cosign fixes the following issues: Update to version 2.5.3 jscSLE-23879: - CVE-2025-46569: Fixed OPA server Data API HTTP path injection of Rego bsc1246725 Changelog: Update to 2.5.3: - Add signing-config create command 4280 - Allow multiple services to be specified for trusted-ro...

7.4CVSS5.8AI score0.0036EPSS
Exploits0References3
GoogleProjectZero
GoogleProjectZero
added 2025/07/29 12:0 a.m.6 views

Policy and Disclosure: 2025 Edition

Posted by Tim Willis, Google Project Zero In 2021, we updated our vulnerability disclosure policy to the current "90+30" model. Our goals were to drive faster yet thorough patch development, and improve patch adoption. While we’ve seen progress, a significant challenge remains: the time it takes...

7.1AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2025/07/28 4:0 p.m.24 views

Sploitlight: Analyzing a Spotlight-based macOS TCC vulnerability

Microsoft Threat Intelligence has discovered a macOS vulnerability that could allow attackers to steal private data of files normally protected by Transparency, Consent, and Control TCC, such as files in the Downloads folder, as well as caches utilized by Apple Intelligence. While similar to prio...

7CVSS7.2AI score0.13453EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/07/25 12:0 a.m.2 views

CBL Mariner 2.0 Security Update: gnutls (CVE-2025-32989)

The version of gnutls installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-32989 advisory. - A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency CT...

5.3CVSS6.4AI score0.01179EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2025/07/24 12:0 a.m.4 views

Information Security Based on LLM Approaches: a Review

Information security is facing increasingly severe challenges, and traditional protection means are difficult to cope with complex and changing threats. In recent years, as an emerging intelligent technology, large language models LLMs have shown a broad application prospect in the field of...

6.9AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2025/07/17 4:0 p.m.13 views

Transparency on Microsoft Defender for Office 365 email security effectiveness

In today’s world, cyberattackers are relentless. They are often well-resourced, highly sophisticated, and constantly innovating, which means the effectiveness of cybersecurity solutions must be continuously evaluated, not assumed. Yet, despite the critical role email security plays in protecting...

7.1AI score
Exploits0
OSV
OSV
added 2025/07/17 9:4 a.m.1 views

SUSE-SU-2025:02340-1 Security update for gnutls

This update for gnutls fixes the following issues: - CVE-2025-6395: Fix NULL pointer dereference when 2nd Client Hello omits PSK bsc1246299 - CVE-2025-32988: Fix double-free due to incorrect ownership handling in the export logic of SAN entries containing an otherName bsc1246232 - CVE-2025-32989:...

8.2CVSS6.8AI score0.01185EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2025/07/16 12:0 a.m.7 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.04 : GnuTLS vulnerabilities (USN-7635-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7635-1 advisory. It was discovered that GnuTLS incorrectly handled exporting Subject Alternative Name SAN entries containing an otherName. A remote...

8.2CVSS7.2AI score0.01185EPSS
Exploits0References5
Ubuntu
Ubuntu
added 2025/07/14 12:23 p.m.7 views

USN-7635-1: GnuTLS vulnerabilities

It was discovered that GnuTLS incorrectly handled exporting Subject Alternative Name SAN entries containing an otherName. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2025-32988 It was discovered that...

8.2CVSS7.2AI score0.01185EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2025/07/14 12:0 a.m.4 views

"Is It Always Watching? Is It Always Listening?" Exploring Contextual Privacy and Security Concerns toward Domestic Social Robots

Equipped with artificial intelligence AI and advanced sensing capabilities, social robots are gaining interest among consumers in the United States. These robots seem like a natural evolution of traditional smart home devices. However, their extensive data collection capabilities, anthropomorphic...

7AI score
Exploits0
SUSE CVE
SUSE CVE
added 2025/07/10 11:26 p.m.2 views

SUSE CVE-2025-32989

A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency CT Signed Certificate Timestamp SCT extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension OID...

6.5CVSS6.4AI score0.01179EPSS
Exploits0References9
OSV
OSV
added 2025/07/10 8:15 a.m.2 views

DEBIAN-CVE-2025-32989

A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency CT Signed Certificate Timestamp SCT extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension OID...

5.3CVSS6.8AI score0.01179EPSS
Exploits0References1
OSV
OSV
added 2025/07/10 8:15 a.m.7 views

AZL-65103 CVE-2025-32989 affecting package gnutls for versions less than 3.8.3-6

A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency CT Signed Certificate Timestamp SCT extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension OID...

5.3CVSS6.8AI score0.01179EPSS
Exploits0References1
OSV
OSV
added 2025/07/10 8:15 a.m.4 views

ALPINE-CVE-2025-32989

A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency CT Signed Certificate Timestamp SCT extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension OID...

5.3CVSS6.3AI score0.01179EPSS
Exploits0References1
OSV
OSV
added 2025/07/10 8:15 a.m.11 views

AZL-65088 CVE-2025-32989 affecting package gnutls for versions less than 3.7.11-4

A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency CT Signed Certificate Timestamp SCT extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension OID...

5.3CVSS6.8AI score0.01179EPSS
Exploits0References1
OSV
OSV
added 2025/07/10 8:15 a.m.5 views

CVE-2025-32989

A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency CT Signed Certificate Timestamp SCT extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension OID...

5.3CVSS5.5AI score0.01179EPSS
Exploits0References10
NVD
NVD
added 2025/07/10 8:15 a.m.6 views

CVE-2025-32989

A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency CT Signed Certificate Timestamp SCT extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension OID...

5.3CVSS0.01179EPSS
Exploits0References13
Rows per page
Query Builder