9558 matches found
D-Link DIR-816L Command Injection Vulnerability
The D-Link DIR-816L is a wireless router from China's AUO D-Link. A command injection vulnerability exists in the D-Link DIR-816L 2.06B01 and earlier versions, which stems from the lxmldbcsystem function in the environment variable handling component failing to properly filter construct command...
CVE-2025-47281 Kyverno's Improper JMESPath Variable Evaluation Leads to Denial of Service
Kyverno is a policy engine designed for cloud native platform engineering teams. In versions 1.14.1 and below, a Denial of Service DoS vulnerability exists due to improper handling of JMESPath variable substitutions. Attackers with permissions to create or update Kyverno policies can craft...
CVE-2025-42947
CVE-2025-42947 concerns SAP FICA ODN framework. The vulnerability allows a high-privileged user to inject a value into a local variable, which can be executed by the application, potentially altering behavior. Impact is described as high integrity impact, low availability impact, and no confident...
SAP FICA ODN framework 代码注入漏洞
SAP FICA ODN framework is a component for generating official credential numbers from SAP, Germany. A code injection vulnerability exists in the SAP FICA ODN framework that originates from an elevated privilege user being able to inject the value of a local variable, potentially leading to...
DEBIAN-CVE-2025-4878
A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption...
CVE-2025-4878
A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption...
CVE-2025-4878
A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption...
AZL-65646 CVE-2025-4878 affecting package libssh for versions less than 0.10.6-3
A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption...
AZL-65643 CVE-2025-4878 affecting package libssh for versions less than 0.10.6-3
A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption...
Kyverno's Improper JMESPath Variable Evaluation Lead to Denial of Service
Summary A Denial of Service DoS vulnerability exists in Kyverno due to improper handling of JMESPath variable substitutions. Attackers with permissions to create or update Kyverno policies can craft expressions using the @ variable combined with a pipe and an invalid JMESPath function e.g., @ |...
CVE-2025-4878
A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption...
CVE-2025-4878
A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption...
CVE-2025-4878
CVE-2025-4878 affects libssh. The vulnerability is due to an uninitialized variable in privatekey_from_file() that can be triggered when the filename does not exist, potentially causing signing failures, use-after-free, or memory corruption. Public sources in connected documents confirm this issu...
CVE-2025-4878
A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption...
CVE-2025-4878 Libssh: use of uninitialized variable in privatekey_from_file()
A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption...
CVE-2025-4878 Libssh: use of uninitialized variable in privatekey_from_file()
A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption...
(0Day) Ashlar-Vellum Graphite VC6 File Parsing Uninitialized Variable Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing...
(0Day) Ashlar-Vellum Graphite VC6 File Parsing Uninitialized Variable Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing...
PT-2025-30438 · Kyverno · Kyverno
Name of the Vulnerable Software and Affected Versions: Kyverno versions 1.14.1 and below Description: Kyverno is susceptible to a Denial of Service DoS vulnerability stemming from improper handling of JMESPath variable substitutions. Attackers possessing permissions to create or update Kyverno...
PT-2025-30465
Name of the Vulnerable Software and Affected Versions: Ashlar-Vellum Cobalt affected versions not specified Description: A remote code execution issue exists due to an uninitialized variable during AR file parsing. Recommendations: At the moment, there is no information about a newer version that...