Monthly
Heap-based buffer overflow in LibRaw's HuffTable::initval function allows unauthenticated remote attackers to achieve arbitrary code execution via malformed image files. Affects LibRaw commits 0b56545 and d20315b with CVSS 9.8 critical severity. Attack requires no user interaction beyond processing a malicious file. No public exploit identified at time of analysis, though technical details from Cisco Talos suggest proof-of-concept exists. EPSS data not available, but the combination of network-accessible attack vector, low complexity, and no authentication barrier represents significant risk for applications processing untrusted image files.
NVIDIA SNAP-4 Container contains a buffer size calculation vulnerability in its configuration interface that allows an authenticated attacker on the same virtualized environment to trigger a denial of service condition. An attacker with local VM access and low-level privileges can send specially crafted configuration payloads that cause incorrect buffer size calculations, resulting in crashes of the SNAP storage service and loss of storage availability to the host. There is currently no evidence of active exploitation or public proof-of-concept code, and the SSVC framework indicates no known exploitation has occurred, though the vulnerability is automatable in principle.
Denial of service in Cisco ASA and FTD devices processing GCM-encrypted IKEv2 IPsec traffic results from inadequate memory allocation, allowing authenticated remote attackers to trigger device reloads by sending specially crafted encrypted packets. An attacker with valid VPN credentials can exploit this vulnerability to render affected firewalls unavailable. No patch is currently available.
Buffer overflow in ovpn‑dco‑win version 2.8.0 allows local attackers to cause a system crash by sending too large packets to the remote peer when the AEAD tag appears at the end of the encrypted packet
Db2 Merge Backup versions up to 12.1.0.0 is affected by incorrect calculation of buffer size (CVSS 6.5).
Buffer size miscalculation in Eclipse OMR port library since 0.2.0. An API function returning processor feature names has incorrect size allocation. Patch available.
openCryptoki is a PKCS#11 library and tools for Linux and AIX. [CVSS 6.6 MEDIUM]
AIS-catcher is a multi-platform AIS receiver. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
A vulnerability has been identified in the GRUB (Grand Unified Bootloader) component. Rated medium severity (CVSS 4.8), this vulnerability is no authentication required. No vendor patch available.
Memory corruption while processing a GP command response. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.
Heap-based buffer overflow in LibRaw's HuffTable::initval function allows unauthenticated remote attackers to achieve arbitrary code execution via malformed image files. Affects LibRaw commits 0b56545 and d20315b with CVSS 9.8 critical severity. Attack requires no user interaction beyond processing a malicious file. No public exploit identified at time of analysis, though technical details from Cisco Talos suggest proof-of-concept exists. EPSS data not available, but the combination of network-accessible attack vector, low complexity, and no authentication barrier represents significant risk for applications processing untrusted image files.
NVIDIA SNAP-4 Container contains a buffer size calculation vulnerability in its configuration interface that allows an authenticated attacker on the same virtualized environment to trigger a denial of service condition. An attacker with local VM access and low-level privileges can send specially crafted configuration payloads that cause incorrect buffer size calculations, resulting in crashes of the SNAP storage service and loss of storage availability to the host. There is currently no evidence of active exploitation or public proof-of-concept code, and the SSVC framework indicates no known exploitation has occurred, though the vulnerability is automatable in principle.
Denial of service in Cisco ASA and FTD devices processing GCM-encrypted IKEv2 IPsec traffic results from inadequate memory allocation, allowing authenticated remote attackers to trigger device reloads by sending specially crafted encrypted packets. An attacker with valid VPN credentials can exploit this vulnerability to render affected firewalls unavailable. No patch is currently available.
Buffer overflow in ovpn‑dco‑win version 2.8.0 allows local attackers to cause a system crash by sending too large packets to the remote peer when the AEAD tag appears at the end of the encrypted packet
Db2 Merge Backup versions up to 12.1.0.0 is affected by incorrect calculation of buffer size (CVSS 6.5).
Buffer size miscalculation in Eclipse OMR port library since 0.2.0. An API function returning processor feature names has incorrect size allocation. Patch available.
openCryptoki is a PKCS#11 library and tools for Linux and AIX. [CVSS 6.6 MEDIUM]
AIS-catcher is a multi-platform AIS receiver. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
A vulnerability has been identified in the GRUB (Grand Unified Bootloader) component. Rated medium severity (CVSS 4.8), this vulnerability is no authentication required. No vendor patch available.
Memory corruption while processing a GP command response. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.