2025-10-29 Daily Vulns
NEW:
| CVE | vendor-product | description | metric | Referenceurl | title | GithubURL | |
|---|---|---|---|---|---|---|---|
| CVE-2024-57412 | n/a - n/a | An issue in SunOS Omnios v5.11 allows attackers to cause a Denial of Service (DoS) via repeatedly sending crafted TCP packets. | CNA n/a CVSS3.1: 7.5 - HIGH | 0 | Exploitation: pocAutomatable: noTechnical Impact: partial | undefined | github |
| CVE-2025-12198 | n/a - dnsmasq | A vulnerability has been found in dnsmasq up to 2.73rc6. Affected is the function parse_hex of the file src/util.c of the component Config File Handler. The manipulation of the argument i leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Eine Schwachstelle wurde in dnsmasq up to 2.73rc6 gefunden. Es betrifft die Funktion parse_hex der Datei src/util.c der Komponente Config File Handler. Dank der Manipulation des Arguments i mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Der Exploit ist öffentlich verfügbar und könnte genutzt werden. | CVSS4.0: 8.5 - HIGH CVSS3.1: 7.8 - HIGH | 0 1 2 3 | Exploitation: pocAutomatable: noTechnical Impact: total | dnsmasq Config File util.c parse_hex heap-based overflow | github |
| CVE-2025-10150 | Softing Industrial Automation GmbH - smartLink HW-PNSofting Industrial Automation GmbH - smartLink HW-DP | Webserver crash caused by scanning on TCP port 80 in Softing Industrial Automation GmbH gateways and switch.This issue affects smartLink HW-PN: from 1.02 through 1.03 smartLink HW-DP: 1.31 | CVSS4.0: 8.7 - HIGH | 0 1 | Exploitation: noneAutomatable: yesTechnical Impact: partial | Webserver crash caused by scanning on TCP port 80 | github |
This post is licensed under CC BY 4.0 by the author.