CVE-2025-29625

Summary of CVE-2025-29625 (Astrolog v7.70) : A buffer overflow in the FileOpen function is triggered by an overly long environment variable, allowing attackers to execute arbitrary code or cause a DoS. The vulnerability is described as LOCAL with LOW privileges required and NO user interaction. P...

CVE-2025-22091

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix pagesize variable overflow Change all variables storing mlx5umemmkcfindbestpgsz result to unsigned long to support values larger than 31 and avoid overflow. For example: If we try to register 4GB of memory that is...

CVE-2025-22091 RDMA/mlx5: Fix page_size variable overflow

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix pagesize variable overflow Change all variables storing mlx5umemmkcfindbestpgsz result to unsigned long to support values larger than 31 and avoid overflow. For example: If we try to register 4GB of memory that is...

CVE-2025-22091 RDMA/mlx5: Fix page_size variable overflow

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix pagesize variable overflow Change all variables storing mlx5umemmkcfindbestpgsz result to unsigned long to support values larger than 31 and avoid overflow. For example: If we try to register 4GB of memory that is...

CLSA-2025-1744719966 Fix CVE(s): CVE-2020-10729

SECURITY UPDATE: insufficiently random password generation vulnerability - debian/patches/CVE-2020-10729.patch: Fix issue with caching Jinja2 expressions, only cache results of single variable names - CVE-2020-10729...

PT-2025-16380 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10 version V4.0si V16.03.10.20 Description: The issue concerns a Buffer Overflow in the AdvSetMacMtuWan function via the mac2 variable. Recommendations: For Tenda AC10 version V4.0si V16.03.10.20, as a temporary workaround, consider...

Advisory ROSA-SA-2025-2828

Software: postgresql14 14.16 OS: ROSA Virtualization 3.0 packageevrstring: postgresql14-14.16-1PGDG.rv30 CVE-ID: CVE-2024-10976 BDU-ID: 2024-09684 CVE-Crit: LOW CVE-DESC.: A vulnerability in the CREATE POLICY row-protected table security policy of the PostgreSQL database management system is...

Zoom Client for Meetings < 6.3.10 Insecure Default Variable Initialization Vulnerability (ZSB-25014)

The version of Zoom Client for Meetings installed on the remote host is prior to 6.3.10. It is, therefore, affected by a vulnerability as referenced in the ZSB-25014 advisory. - Insecure default variable initialization in some Zoom Workplace Apps for Windows may allow an authenticated user to...

SurrealDB has local file read of 2-column TSV files via analyzers

An authenticated system user at the root, namespace, or database levels can use the DEFINE ANALYZER statement to point to arbitrary file locations on the file system, and should the file be tab separated with two columns, the analyzer can be leveraged to exfiltrate the content. This issue was...

Dell Client Platform BIOS 安全漏洞

Dell Client Platform BIOS is a Client Platform BIOS from Dell USA. A security vulnerability exists in the Dell Client Platform BIOS that stems from a variable security version number, which could result in a BIOS upgrade denial...

CVE-2025-25013 Elastic Defend Insertion of Sensitive Information into Log Files

Improper restriction of environment variables in Elastic Defend can lead to exposure of sensitive information such as API keys and tokens via automatic transmission of unfiltered environment variables to the stack...

CVE-2025-27443

Insecure default variable initialization in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a loss of integrity via local access...

CVE-2025-27443 Zoom Workplace Apps for Windows - Insecure Default Variable Initialization

Insecure default variable initialization in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a loss of integrity via local access...

Environment Variable Exposure

Shescape is vulnerable to Environment Variable Exposure. The vulnerability is due to improper escaping of % characters in user input when using shell: 'cmd.exe' or shell: true, which allows an attacker to read environment variables through unintended variable substitution...

CVE-2025-32229

Missing Authorization vulnerability in Bowo Variable Inspector variable-inspector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Variable Inspector: from n/a through = 2.6.3...

RHEL 9 : freetype (RHSA-2025:3383)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:3383 advisory. FreeType is a free, high-quality, portable font engine that can open and manage font files. FreeType loads, hints, and renders individual glyphs...

RHEL 8 : freetype (RHSA-2025:3393)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:3393 advisory. FreeType is a free, high-quality, portable font engine that can open and manage font files. FreeType loads, hints, and renders individual glyphs...

RHEL 8 : freetype (RHSA-2025:3386)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:3386 advisory. FreeType is a free, high-quality, portable font engine that can open and manage font files. FreeType loads, hints, and renders individual glyphs...

CVE-2025-32229

Missing Authorization vulnerability in Bowo Variable Inspector variable-inspector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Variable Inspector: from n/a through = 2.6.3...

CVE-2025-32229 WordPress Variable Inspector plugin <= 2.6.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Bowo Variable Inspector variable-inspector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Variable Inspector: from n/a through = 2.6.3...