Aggregator

CVE-2025-38648 | Linux Kernel up to 6.6.101/6.12.41/6.15.9/6.16.0 stm32_spi_probe null pointer dereference (Nessus ID 260282 / WID-SEC-2025-1898)

Vuldb Updates
1 month 3 weeks ago
A vulnerability marked as critical has been reported in Linux Kernel up to 6.6.101/6.12.41/6.15.9/6.16.0. Affected by this vulnerability is the function stm32_spi_probe. The manipulation leads to null pointer dereference. This vulnerability is documented as CVE-2025-38648. The attack requires being on the local network. There is not any exploit available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2025-38647 | Linux Kernel up to 6.16.0 wifi sar.c rtw89_set_sar_from_acpi assertion (WID-SEC-2025-1898)

Vuldb Updates
1 month 3 weeks ago
A vulnerability was found in Linux Kernel up to 6.16.0. It has been declared as critical. Affected by this issue is the function rtw89_set_sar_from_acpi of the file drivers/net/wireless/realtek/rtw89/sar.c of the component wifi. Executing a manipulation can lead to reachable assertion. The identification of this vulnerability is CVE-2025-38647. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-38646 | Linux Kernel up to 6.6.101/6.12.41/6.15.9/6.16.0 wifi rtw89_vif_rx_stats_iter null pointer dereference (Nessus ID 260274 / WID-SEC-2025-1898)

Vuldb Updates
1 month 3 weeks ago
A vulnerability classified as critical has been found in Linux Kernel up to 6.6.101/6.12.41/6.15.9/6.16.0. The impacted element is the function rtw89_vif_rx_stats_iter of the component wifi. Performing a manipulation results in null pointer dereference. This vulnerability is known as CVE-2025-38646. Access to the local network is required for this attack. No exploit is available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-38645 | Linux Kernel up to 6.1.147/6.6.101/6.12.41/6.15.9/6.16.0 mlx5_init_once allocation of resources (Nessus ID 266176 / WID-SEC-2025-1898)

Vuldb Updates
1 month 3 weeks ago
A vulnerability labeled as critical has been found in Linux Kernel up to 6.1.147/6.6.101/6.12.41/6.15.9/6.16.0. Affected is the function mlx5_init_once. Executing a manipulation can lead to allocation of resources. This vulnerability is registered as CVE-2025-38645. The attack requires access to the local network. No exploit is available. The affected component should be upgraded.
vuldb.com

CVE-2022-45188 | Netatalk up to 3.1.13 appl File afp_getappl heap-based overflow

Vuldb Updates
1 month 3 weeks ago
A vulnerability marked as critical has been reported in Netatalk up to 3.1.13. This vulnerability affects the function afp_getappl of the component appl File Handler. This manipulation causes heap-based buffer overflow. The identification of this vulnerability is CVE-2022-45188. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2022-43551 | cURL HSTS cleartext transmission (FEDORA-2022-d7ee33d4ad / Nessus ID 211153)

Vuldb Updates
1 month 3 weeks ago
A vulnerability labeled as problematic has been found in cURL. Affected is an unknown function of the component HSTS Handler. The manipulation results in cleartext transmission of sensitive information. This vulnerability is cataloged as CVE-2022-43551. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.
vuldb.com

CVE-2022-43551 | Apple macOS up to 13.2.1 curl cleartext transmission (HT213670 / Nessus ID 211153)

Vuldb Updates
1 month 3 weeks ago
A vulnerability labeled as problematic has been found in Apple macOS up to 13.2.1. This affects an unknown part of the component curl. Such manipulation leads to cleartext transmission of sensitive information. This vulnerability is uniquely identified as CVE-2022-43551. The attack can only be initiated within the local network. No exploit exists. The affected component should be upgraded.
vuldb.com

CVE-2022-43551 | Oracle MySQL Server up to 5.7.41/8.0.32 Packaging information disclosure (Nessus ID 211153)

Vuldb Updates
1 month 3 weeks ago
A vulnerability identified as critical has been detected in Oracle MySQL Server up to 5.7.41/8.0.32. Affected by this vulnerability is an unknown functionality of the component Packaging. The manipulation leads to information disclosure. This vulnerability is referenced as CVE-2022-43551. Remote exploitation of the attack is possible. No exploit is available.
vuldb.com

Survey: Most Security Incidents Involve Identity Attacks

Security Boulevard
1 month 3 weeks ago

A survey of 512 cybersecurity professionals finds 76% report that over half (54%) of the security incidents that occurred in the past 12 months involved some issue relating to identity management. Conducted by Permiso Security, a provider of an identity security platform, the survey also finds 95% are either very confident (52%) or somewhat confident..

The post Survey: Most Security Incidents Involve Identity Attacks appeared first on Security Boulevard.

Michael Vizard

CVE-2019-12749 | dbus up to 1.10.27/1.12.15/1.13.11 /.dbus-keyrings improper authentication (RHSA-2019:1726 / Nessus ID 266270)

Vuldb Updates
1 month 3 weeks ago
A vulnerability has been found in dbus up to 1.10.27/1.12.15/1.13.11 and classified as critical. This affects an unknown part of the file /.dbus-keyrings. The manipulation leads to improper authentication. This vulnerability is documented as CVE-2019-12749. The attack needs to be performed locally. There is not any exploit available. The affected component should be upgraded.
vuldb.com

Managed ad