CVSS: 7.1EPSS: 44%CPEs: 27EXPL: 2CVE-2025-26465 – Openssh: machine-in-the-middle attack if verifyhostkeydns is enabled
https://notcve.org/view.php?id=CVE-2025-26465
18 Feb 2025 — A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high. It was discovered that the OpenSSH client incorrectly handled ... • https://github.com/rxerium/CVE-2025-26465 • CWE-390: Detection of Error Condition Without Action •
CVSS: 8.6EPSS: 0%CPEs: 30EXPL: 0CVE-2022-28693 – hw: cpu: Intel: information disclosure via local access
https://notcve.org/view.php?id=CVE-2022-28693
14 Feb 2025 — Unprotected alternative channel of return branch target prediction in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. A flaw was found in hw. The unprotected alternative channel of return branch target prediction in some Intel(R) Processors may allow an authorized user to enable information disclosure via local access. • https://intel.com/content/www/us/en/security-center/advisory/intel-sa-00707.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-420: Unprotected Alternate Channel •
CVSS: 10.0EPSS: 0%CPEs: 30EXPL: 0CVE-2025-1244 – Emacs: shell injection vulnerability in gnu emacs via custom "man" uri scheme
https://notcve.org/view.php?id=CVE-2025-1244
12 Feb 2025 — A flaw was found in the Emacs text editor. Improper handling of custom "man" URI schemes allows attackers to execute arbitrary shell commands by tricking users into visiting a specially crafted website or an HTTP URL with a redirect. A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a ... • https://access.redhat.com/security/cve/CVE-2025-1244 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2025-24970 – SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine
https://notcve.org/view.php?id=CVE-2025-24970
10 Feb 2025 — Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead to a native crash. Version 4.1.118.Final contains a patch. As workaround its possible to either disable the usage of the native SSLEngine or change the code manually. A flaw was found in Netty's SslHandler. • https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4 • CWE-20: Improper Input Validation •
CVSS: 4.9EPSS: 0%CPEs: 9EXPL: 0CVE-2024-0131
https://notcve.org/view.php?id=CVE-2024-0131
02 Feb 2025 — NVIDIA GPU kernel driver for Windows and Linux contains a vulnerability where a potential user-mode attacker could read a buffer with an incorrect length. A successful exploit of this vulnerability might lead to denial of service. • https://nvidia.custhelp.com/app/answers/detail/a_id/5614 • CWE-805: Buffer Access with Incorrect Length Value •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2024-53869
https://notcve.org/view.php?id=CVE-2024-53869
28 Jan 2025 — NVIDIA Unified Memory driver for Linux contains a vulnerability where an attacker could leak uninitialized memory. A successful exploit of this vulnerability might lead to information disclosure. • https://nvidia.custhelp.com/app/answers/detail/a_id/5614 • CWE-459: Incomplete Cleanup •
CVSS: 3.3EPSS: 0%CPEs: 11EXPL: 0CVE-2024-0149
https://notcve.org/view.php?id=CVE-2024-0149
28 Jan 2025 — NVIDIA GPU Display Driver for Linux contains a vulnerability which could allow an attacker unauthorized access to files. A successful exploit of this vulnerability might lead to limited information disclosure. • https://nvidia.custhelp.com/app/answers/detail/a_id/5614 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2024-0147
https://notcve.org/view.php?id=CVE-2024-0147
28 Jan 2025 — NVIDIA GPU display driver for Windows and Linux contains a vulnerability where referencing memory after it has been freed can lead to denial of service or data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5614 • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 11EXPL: 0CVE-2024-0150
https://notcve.org/view.php?id=CVE-2024-0150
28 Jan 2025 — NVIDIA GPU display driver for Windows and Linux contains a vulnerability where data is written past the end or before the beginning of a buffer. A successful exploit of this vulnerability might lead to information disclosure, denial of service, or data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5614 • CWE-787: Out-of-bounds Write •
CVSS: 8.6EPSS: 0%CPEs: 27EXPL: 0CVE-2024-11218 – Podman: buildah: container breakout by using --jobs=2 and a race condition when building a malicious containerfile
https://notcve.org/view.php?id=CVE-2024-11218
22 Jan 2025 — A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host. An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and R... • https://access.redhat.com/security/cve/CVE-2024-11218 • CWE-269: Improper Privilege Management •