Monthly
Denial of service in the Imager image-processing module for Perl (all versions before 1.033) allows remote attackers to crash a worker process by submitting an image whose EXIF IFD entry count is mishandled as a signed integer, triggering an near-address-space-sized memory allocation that fails and aborts the process. Any application that passes untrusted images through Imager's EXIF parsing is exposed. There is no public exploit identified at time of analysis, EPSS is low (0.18%, 8th percentile), and it is not listed in CISA KEV.
Integer overflow in RAUC versions prior to 1.15.2 allows signature bypass on 'plain' format bundles exceeding 2 GiB payload size, enabling attackers with bundle modification capability to alter unverified payload portions while retaining a valid signature. This affects embedded Linux systems relying on RAUC for secure firmware updates.
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where sign conversion issuescasting an unsigned primitive to signed may lead to denial of service or information. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
Besu is a Java-based Ethereum client. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Denial of service in the Imager image-processing module for Perl (all versions before 1.033) allows remote attackers to crash a worker process by submitting an image whose EXIF IFD entry count is mishandled as a signed integer, triggering an near-address-space-sized memory allocation that fails and aborts the process. Any application that passes untrusted images through Imager's EXIF parsing is exposed. There is no public exploit identified at time of analysis, EPSS is low (0.18%, 8th percentile), and it is not listed in CISA KEV.
Integer overflow in RAUC versions prior to 1.15.2 allows signature bypass on 'plain' format bundles exceeding 2 GiB payload size, enabling attackers with bundle modification capability to alter unverified payload portions while retaining a valid signature. This affects embedded Linux systems relying on RAUC for secure firmware updates.
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where sign conversion issuescasting an unsigned primitive to signed may lead to denial of service or information. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
Besu is a Java-based Ethereum client. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.