Search

Search Results (364887 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-23340 3 Linux, Microsoft, Nvidia 3 Linux Kernel, Windows, Cuda Toolkit 2025-11-03 3.3 Low
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A successful exploit of this vulnerability may lead to a partial denial of service.
CVE-2025-23338 3 Linux, Microsoft, Nvidia 3 Linux Kernel, Windows, Cuda Toolkit 2025-11-03 3.3 Low
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm where a user may cause an out-of-bounds write by running nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may lead to denial of service.
CVE-2025-23271 3 Linux, Microsoft, Nvidia 3 Linux Kernel, Windows, Cuda Toolkit 2025-11-03 3.3 Low
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A successful exploit of this vulnerability may lead to a partial denial of service.
CVE-2025-20128 2 Cisco, Clamav 3 Secure Endpoint, Secure Endpoint Private Cloud, Clamav 2025-11-03 5.3 Medium
A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software. For a description of this vulnerability, see the . Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
CVE-2025-10199 2 Lizardbyte, Microsoft 2 Sunshine, Windows 2025-11-03 7.8 High
A local privilege escalation vulnerability exists in Sunshine for Windows (version v2025.122.141614 and likely prior versions) due to an unquoted service path.
CVE-2024-45797 1 Oisf 1 Libhtp 2025-11-03 7.5 High
LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization, possibly leading to extreme slowdowns. This issue is addressed in 0.5.49.
CVE-2024-25178 1 Luajit 1 Luajit 2025-11-03 9.1 Critical
LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an out-of-bounds read in the stack-overflow handler in lj_state.c.
CVE-2024-25177 1 Luajit 1 Luajit 2025-11-03 7.5 High
LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an unsinking of IR_FSTORE for NULL metatable, which leads to Denial of Service (DoS).
CVE-2024-25176 1 Luajit 1 Luajit 2025-11-03 9.8 Critical
LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240626 have a stack-buffer-overflow in lj_strfmt_wfnum in lj_strfmt_num.c.
CVE-2024-23837 2 Fedoraproject, Oisf 2 Fedora, Libhtp 2025-11-03 7.5 High
LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46.
CVE-2024-13978 1 Libtiff 1 Libtiff 2025-11-03 2.5 Low
A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as problematic. Affected by this vulnerability is the function t2p_read_tiff_init of the file tools/tiff2pdf.c of the component fax2ps. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. The patch is named 2ebfffb0e8836bfb1cd7d85c059cd285c59761a4. It is recommended to apply a patch to fix this issue.
CVE-2023-46728 2 Redhat, Squid-cache 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more 2025-11-03 7.5 High
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests.
CVE-2023-28997 1 Nextcloud 1 Desktop 2025-11-03 6.7 Medium
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can recover and modify the contents of end-to-end encrypted files. Users should upgrade the Nextcloud Desktop client to 3.6.5 to receive a patch. No known workarounds are available.
CVE-2022-3650 1 Redhat 2 Ceph, Ceph Storage 2025-11-03 7.8 High
A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information.
CVE-2022-39334 1 Nextcloud 1 Desktop 2025-11-03 3.9 Low
Nextcloud also ships a CLI utility called nextcloudcmd which is sometimes used for automated scripting and headless servers. Versions of nextcloudcmd prior to 3.6.1 would incorrectly trust invalid TLS certificates, which may enable a Man-in-the-middle attack that exposes sensitive data or credentials to a network attacker. This affects the CLI only. It does not affect the standard GUI desktop Nextcloud clients, and it does not affect the Nextcloud server.
CVE-2022-39333 1 Nextcloud 1 Desktop 2025-11-03 4.6 Medium
Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue.
CVE-2022-39332 1 Nextcloud 1 Desktop 2025-11-03 4.6 Medium
Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application via user status and information. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue.
CVE-2022-39331 1 Nextcloud 1 Desktop 2025-11-03 4.6 Medium
Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application in the notifications. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue.
CVE-2021-3979 2 Fedoraproject, Redhat 8 Fedora, Ceph Storage, Ceph Storage For Ibm Z Systems and 5 more 2025-11-03 6.5 Medium
A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks.
CVE-2021-27138 1 Denx 1 U-boot 2025-11-03 7.8 High
The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of unit addresses in a FIT.