Monthly
Improper handling of zero-length input in the libssh ssh_get_hexa() function enables remote denial of service against SSH daemons with GSSAPI authentication enabled and packet-level logging active (SSH_LOG_PACKET or higher verbosity). Unauthenticated remote attackers can trigger a per-connection daemon process crash by sending specially crafted GSSAPI authentication packets containing malformed OID data, affecting Red Hat Enterprise Linux versions 6 through 10 and OpenShift Container Platform 4. CVSS 6.5 (network-accessible, low complexity, partial integrity and availability impact); no public exploit code or active exploitation confirmed at time of analysis.
This vulnerability in Cisco IOS XE Software bootloader affects Catalyst 9200, ESS9300, IE9310/9320, and IE3500/3505 series switches, allowing authenticated local attackers with level-15 privileges or unauthenticated attackers with physical access to execute arbitrary code at boot time and bypass the chain of trust. An attacker can manipulate loaded binaries to circumvent integrity checks during boot, enabling execution of non-Cisco-signed images. While the CVSS score is 6.1 (Medium), Cisco assigned it a High Security Impact Rating due to the critical nature of breaking the secure boot mechanism, a foundational security control.
Vim versions prior to 9.2.0075 contain a heap buffer underflow in the tags file parser that triggers when processing malformed tag files with delimiters at line starts, potentially allowing local attackers with user interaction to read out-of-bounds memory and cause information disclosure or crashes. The vulnerability requires local file system access and user interaction to exploit, with a CVSS score of 5.3 indicating medium severity. A patch is available in Vim 9.2.0075 and later versions.
Improper input validation in the SMM communications buffer could allow a privileged attacker to perform an out of bounds read or write to SMRAM potentially resulting in loss of confidentiality or integrity.
A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. [CVSS 2.8 LOW]
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. Public exploit code available.
CVE-2025-61690 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation.
A remote code execution vulnerability in versions (CVSS 7.4). Risk factors: public PoC available. Vendor patch is available.
In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09741871; Issue ID: MSV-3317.
In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09752821; Issue ID: MSV-3342.
Improper handling of zero-length input in the libssh ssh_get_hexa() function enables remote denial of service against SSH daemons with GSSAPI authentication enabled and packet-level logging active (SSH_LOG_PACKET or higher verbosity). Unauthenticated remote attackers can trigger a per-connection daemon process crash by sending specially crafted GSSAPI authentication packets containing malformed OID data, affecting Red Hat Enterprise Linux versions 6 through 10 and OpenShift Container Platform 4. CVSS 6.5 (network-accessible, low complexity, partial integrity and availability impact); no public exploit code or active exploitation confirmed at time of analysis.
This vulnerability in Cisco IOS XE Software bootloader affects Catalyst 9200, ESS9300, IE9310/9320, and IE3500/3505 series switches, allowing authenticated local attackers with level-15 privileges or unauthenticated attackers with physical access to execute arbitrary code at boot time and bypass the chain of trust. An attacker can manipulate loaded binaries to circumvent integrity checks during boot, enabling execution of non-Cisco-signed images. While the CVSS score is 6.1 (Medium), Cisco assigned it a High Security Impact Rating due to the critical nature of breaking the secure boot mechanism, a foundational security control.
Vim versions prior to 9.2.0075 contain a heap buffer underflow in the tags file parser that triggers when processing malformed tag files with delimiters at line starts, potentially allowing local attackers with user interaction to read out-of-bounds memory and cause information disclosure or crashes. The vulnerability requires local file system access and user interaction to exploit, with a CVSS score of 5.3 indicating medium severity. A patch is available in Vim 9.2.0075 and later versions.
Improper input validation in the SMM communications buffer could allow a privileged attacker to perform an out of bounds read or write to SMRAM potentially resulting in loss of confidentiality or integrity.
A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. [CVSS 2.8 LOW]
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. Public exploit code available.
CVE-2025-61690 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation.
A remote code execution vulnerability in versions (CVSS 7.4). Risk factors: public PoC available. Vendor patch is available.
In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09741871; Issue ID: MSV-3317.
In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09752821; Issue ID: MSV-3342.