Security Vulnerabilities - CVEs Published In January 2025
Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is required to exploit this vulnerability.
The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-25305.
CVSS Score
6.5
EPSS Score
0.003
Published
2025-01-30
Type confusion in the Zoom Workplace App for Linux before 6.2.10 may allow an authorized user to conduct an escalation of privilege via network access.
CVSS Score
8.8
EPSS Score
0.002
Published
2025-01-30
Out-of-bounds write in the Zoom Workplace App for Linux before version 6.2.5 may allow an unauthorized user to conduct a denial of service via network access.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-01-30
Out-of-bounds write in some Zoom Workplace Apps may allow an authorized user to conduct a loss of integrity via network access.
CVSS Score
3.1
EPSS Score
0.001
Published
2025-01-30
Untrusted search path in the installer for some Zoom Workplace Apps for Windows may allow an authorized user to conduct an escalation of privilege via local access.
CVSS Score
4.6
EPSS Score
0.0
Published
2025-01-30
Symlink following in the installer for Zoom Workplace App for macOS before 6.2.10 may allow an authenticated user to conduct a denial of service via local access.
CVSS Score
3.9
EPSS Score
0.0
Published
2025-01-30
Vulnerabilities in the algorithms used by Fuchsia to populate network protocol header fields, specifically the TCP ISN, TCP timestamp, TCP and UDP source ports, and IPv4/IPv6 fragment ID allow for these values to be guessed under circumstances
CVSS Score
5.3
EPSS Score
0.001
Published
2025-01-30
A weak hashing algorithm and small sizes of seeds/secrets in Google's gVisor allowed for a remote attacker to calculate a local IP address and a per-boot identifier that could aid in tracking of a device in certain circumstances.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-01-30
Weaknesses in the generation of TCP/UDP source ports and some other header values in Google's gVisor allowed them to be predicted by an external attacker in some circumstances.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-01-30
The issue was addressed with improved bounds checks. This issue is fixed in GarageBand 10.4.12. Processing a maliciously crafted image may lead to arbitrary code execution.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-01-30