CVSS: 7.1EPSS: 44%CPEs: 27EXPL: 2CVE-2025-26465 – Openssh: machine-in-the-middle attack if verifyhostkeydns is enabled
https://notcve.org/view.php?id=CVE-2025-26465
18 Feb 2025 — A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high. It was discovered that the OpenSSH client incorrectly handled ... • https://github.com/rxerium/CVE-2025-26465 • CWE-390: Detection of Error Condition Without Action •
CVSS: 10.0EPSS: 0%CPEs: 30EXPL: 0CVE-2025-1244 – Emacs: shell injection vulnerability in gnu emacs via custom "man" uri scheme
https://notcve.org/view.php?id=CVE-2025-1244
12 Feb 2025 — A flaw was found in the Emacs text editor. Improper handling of custom "man" URI schemes allows attackers to execute arbitrary shell commands by tricking users into visiting a specially crafted website or an HTTP URL with a redirect. A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a ... • https://access.redhat.com/security/cve/CVE-2025-1244 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2025-24970 – SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine
https://notcve.org/view.php?id=CVE-2025-24970
10 Feb 2025 — Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead to a native crash. Version 4.1.118.Final contains a patch. As workaround its possible to either disable the usage of the native SSLEngine or change the code manually. A flaw was found in Netty's SslHandler. • https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4 • CWE-20: Improper Input Validation •
CVSS: 4.9EPSS: 0%CPEs: 9EXPL: 0CVE-2024-0131
https://notcve.org/view.php?id=CVE-2024-0131
02 Feb 2025 — NVIDIA GPU kernel driver for Windows and Linux contains a vulnerability where a potential user-mode attacker could read a buffer with an incorrect length. A successful exploit of this vulnerability might lead to denial of service. • https://nvidia.custhelp.com/app/answers/detail/a_id/5614 • CWE-805: Buffer Access with Incorrect Length Value •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2024-53869
https://notcve.org/view.php?id=CVE-2024-53869
28 Jan 2025 — NVIDIA Unified Memory driver for Linux contains a vulnerability where an attacker could leak uninitialized memory. A successful exploit of this vulnerability might lead to information disclosure. • https://nvidia.custhelp.com/app/answers/detail/a_id/5614 • CWE-459: Incomplete Cleanup •
CVSS: 3.3EPSS: 0%CPEs: 11EXPL: 0CVE-2024-0149
https://notcve.org/view.php?id=CVE-2024-0149
28 Jan 2025 — NVIDIA GPU Display Driver for Linux contains a vulnerability which could allow an attacker unauthorized access to files. A successful exploit of this vulnerability might lead to limited information disclosure. • https://nvidia.custhelp.com/app/answers/detail/a_id/5614 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2024-0147
https://notcve.org/view.php?id=CVE-2024-0147
28 Jan 2025 — NVIDIA GPU display driver for Windows and Linux contains a vulnerability where referencing memory after it has been freed can lead to denial of service or data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5614 • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 11EXPL: 0CVE-2024-0150
https://notcve.org/view.php?id=CVE-2024-0150
28 Jan 2025 — NVIDIA GPU display driver for Windows and Linux contains a vulnerability where data is written past the end or before the beginning of a buffer. A successful exploit of this vulnerability might lead to information disclosure, denial of service, or data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5614 • CWE-787: Out-of-bounds Write •
CVSS: 8.6EPSS: 0%CPEs: 27EXPL: 0CVE-2024-11218 – Podman: buildah: container breakout by using --jobs=2 and a race condition when building a malicious containerfile
https://notcve.org/view.php?id=CVE-2024-11218
22 Jan 2025 — A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host. An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and R... • https://access.redhat.com/security/cve/CVE-2024-11218 • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 24EXPL: 0CVE-2024-27856 – Apple WebKit WebCore ContainerNode Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-27856
15 Jan 2025 — The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, iOS 16.7.8 and iPadOS 16.7.8, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, tvOS 17.5, visionOS 1.2. Processing a file may lead to unexpected app termination or arbitrary code execution. A flaw was found in WebKitGTK. Processing malicious web content can cause unexpected app termination or arbitrary code execution due to improper checks. • https://support.apple.com/en-us/120896 • CWE-94: Improper Control of Generation of Code ('Code Injection') •