CVSS: -EPSS: %CPEs: -EXPL: 0CVE-2025-2439
https://notcve.org/view.php?id=CVE-2025-2439
03 Apr 2025 — Affected versions of this package are vulnerable to Out-of-bounds Read by missing validation of a metadata string’s size and a metadata array’s length in a GGUF file uploaded to the server. This can cause the server to crash (Denial-of-Serivce DoS) or read sensitive data from the process memory. •
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0CVE-2025-2784 – Libsoup: heap buffer over-read in `skip_insignificant_space` when sniffing content
https://notcve.org/view.php?id=CVE-2025-2784
03 Apr 2025 — Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server. It was discovered that libsoup could be made to read out of bounds. An attacker could possibly use this issue to cause applications using libsoup to crash, resulting in a denial of service. ... An attacker could possibly use this issue to cause applications using libsoup to crash, resulting in a denial of service. • https://access.redhat.com/security/cve/CVE-2025-2784 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2704 – Ubuntu Security Notice USN-7411-1
https://notcve.org/view.php?id=CVE-2025-2704
02 Apr 2025 — OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase It was discovered that OpenVPN incorrectly handled certain malformed packets. A remote attacker could possibly use this issue to cause OpenVPN to crash, resulting in a denial of service. • https://community.openvpn.net/openvpn/wiki/CVE-2025-2704 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-20139
https://notcve.org/view.php?id=CVE-2025-20139
02 Apr 2025 — A vulnerability in chat messaging features of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied input to chat entry points. ... A successful exploit could allow the attacker to cause the application to stop responding, resulting in a DoS condition. The application may not recover on its... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-dos-tC6m9GZ8 • CWE-185: Incorrect Regular Expression •
CVSS: 7.7EPSS: 0%CPEs: 14EXPL: 0CVE-2025-20212
https://notcve.org/view.php?id=CVE-2025-20212
02 Apr 2025 — A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series devices could allow an authenticated, remote attacker to cause a denial of service (DoS) condition in the Cisco AnyConnect service on an affected device. ... A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN sessions and forcing remote users to initiat... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-vNRpDvfb • CWE-457: Use of Uninitialized Variable •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-21994 – ksmbd: fix incorrect validation for num_aces field of smb_acl
https://notcve.org/view.php?id=CVE-2025-21994
02 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix incorrect validation for num_aces field of smb_acl parse_dcal() validate num_aces to allocate posix_ace_state_array. In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix incorrect validation for num_aces field of smb_acl parse_dcal() validate num_aces to allocate posix_ace_state_array. if (num_aces > ULONG_MAX / sizeof(struct smb_ace *)) It is an incorrect validation that we can create an a... • https://git.kernel.org/stable/c/0626e6641f6b467447c81dd7678a69c66f7746cf •
CVSS: 6.8EPSS: 0%CPEs: 10EXPL: 0CVE-2024-50385
https://notcve.org/view.php?id=CVE-2024-50385
02 Apr 2025 — A denial of service vulnerability exists in the NetX Component HTTP server functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. • https://talosintelligence.com/vulnerability_reports/TALOS-2024-2097 • CWE-459: Incomplete Cleanup •
CVSS: 6.8EPSS: 0%CPEs: 10EXPL: 0CVE-2024-50384
https://notcve.org/view.php?id=CVE-2024-50384
02 Apr 2025 — A denial of service vulnerability exists in the NetX Component HTTP server functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. • https://talosintelligence.com/vulnerability_reports/TALOS-2024-2097 • CWE-459: Incomplete Cleanup •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2024-50595
https://notcve.org/view.php?id=CVE-2024-50595
02 Apr 2025 — An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted series of network requests can lead to denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability.This vulnerability affects the NetX Duo Component HTTP Server implementation which can be found in x-cube-azrtos-f7\Middlewares\ST\netxduo\addons\http\nxd_http_server.c • https://talosintelligence.com/vulnerability_reports/TALOS-2024-2102 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2024-50594
https://notcve.org/view.php?id=CVE-2024-50594
02 Apr 2025 — An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted series of network requests can lead to denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability.This vulnerability affects the NetX Duo Web Component HTTP Server implementation which can be found in x-cube-azrtos-f7\Middlewares\ST\netxduo\addons\web\nx_web_http_server.c • https://talosintelligence.com/vulnerability_reports/TALOS-2024-2102 • CWE-191: Integer Underflow (Wrap or Wraparound) •