A flaw was found in the QEMU implementation of VMWare’s paravirtual RDMA device. The issue occurs while handling a “PVRDMA_CMD_CREATE_MR” command due to improper memory…

It was found that 3scale’s APIdocs does not validate the access token, in the case of invalid token, it uses session auth instead. This conceivably…

An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and…

In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 – chroma.white.x – chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y…

A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or…

An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users…

A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker…

A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In…

This vulnerability can be exploited by parsing maliciously crafted project files with Horner Automation Cscape EnvisionRV v4.50.3.1 and prior. The issues result from the lack…

GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity (XXE) vulnerability using the DTD parameter entities technique that could result in disclosure…