Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-32439 | 2025-04-16 | N/A | 6.5 MEDIUM | ||
| pleezer is a headless Deezer Connect player. Hook scripts in pleezer can be triggered by various events like track changes and playback state changes. In versions before 0.16.0, these scripts were spawned without proper process cleanup, leaving zombie processes in the system's process table. Even during normal usage, every track change and playback event would leave behind zombie processes. This leads to inevitable resource exhaustion over time as the system's process table fills up, eventually preventing new processes from being created. The issue is exacerbated if events occur rapidly, whether through normal use (e.g., skipping through a playlist) or potential manipulation of the Deezer Connect protocol traffic. This issue has been fixed in version 0.16.0. | |||||
| CVE-2025-30157 | 1 Envoyproxy | 1 Envoy | 2025-04-01 | N/A | 6.5 MEDIUM |
| Envoy is a cloud-native high-performance edge/middle/service proxy. Prior to 1.33.1, 1.32.4, 1.31.6, and 1.30.10, Envoy's ext_proc HTTP filter is at risk of crashing if a local reply is sent to the external server due to the filter's life time issue. A known situation is the failure of a websocket handshake will trigger a local reply leading to the crash of Envoy. This vulnerability is fixed in 1.33.1, 1.32.4, 1.31.6, and 1.30.10. | |||||
| CVE-2024-12289 | 2024-12-12 | N/A | 5.9 MEDIUM | ||
| Boundary Community Edition and Boundary Enterprise (“Boundary”) incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate prematurely. Boundary is only vulnerable to this flaw during the initialization of the Boundary controller, which on average is measured in milliseconds during the Boundary startup process. This vulnerability, CVE-2024-12289, is fixed in Boundary Community Edition and Boundary Enterprise 0.16.4, 0.17.3, 0.18.2. | |||||
| CVE-2024-0316 | 1 Fireeye | 1 Endpoint Security | 2024-11-21 | N/A | 6.8 MEDIUM |
| Improper cleanup vulnerability in exceptions thrown in FireEye Endpoint Security, affecting version 5.2.0.958244. This vulnerability could allow an attacker to send multiple request packets to the containment_notify/preview parameter, which could lead to a service outage. | |||||
| CVE-2023-46393 | 1 Gougucms | 1 Gougucms | 2024-11-21 | N/A | 7.5 HIGH |
| gougucms v4.08.18 was discovered to contain a password reset poisoning vulnerability which allows attackers to arbitrarily reset users' passwords via a crafted packet. | |||||
| CVE-2022-3301 | 1 Ikus-soft | 1 Rdiffweb | 2024-11-21 | N/A | 2.4 LOW |
| Improper Cleanup on Thrown Exception in GitHub repository ikus060/rdiffweb prior to 2.4.8. | |||||
| CVE-2020-14304 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| A memory disclosure flaw was found in the Linux kernel's ethernet drivers, in the way it read data from the EEPROM of the device. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality. | |||||
| CVE-2017-15127 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial of service (BUG). | |||||