Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the Decoding process of BMP files containing a palette with out-of-range indices. An attacker can cause a panic and potentially disrupt application availability by supplying a crafted BMP file with invalid palette...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of limits on the size of PackBits-compressed data during decompression. An attacker can cause excessive resource consumption by submitting a specially crafted image...

CVE-2018-25306

PDFunite 0.41.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by processing malformed PDF files during merge operations. Attackers can trigger a segmentation fault in the XRef::getEntry function within libpoppler by providing a specially crafted PDF...

CVE-2018-25306 PDFunite 0.41.0 Buffer Overflow via Malformed PDF

PDFunite 0.41.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by processing malformed PDF files during merge operations. Attackers can trigger a segmentation fault in the XRef::getEntry function within libpoppler by providing a specially crafted PDF...

Security Bulletin: NVIDIA Model Optimizer - March 2026

NVIDIA has released a software update for NVIDIA® Model Optimizer. To protect your system, clone or update this software to ModelOpt 0.41.0 Release or later from NVIDIA Github. Go to NVIDIA Product Security. Details The following table summarizes the potential vulnerabilities that this security...

Critical Use-After-Free in Wasmi's Linear Memory

Summary A use-after-free vulnerability has been discovered in the linear memory implementation of Wasmi. This issue can be triggered by a WebAssembly module under certain memory growth conditions, potentially leading to memory corruption, information disclosure, or code execution. Impact -...

EUVD-2018-17328

Malware in sbrugna...

kitty 安全漏洞

kitty is a Python-based GPU terminal emulation software by Kovid Goyal, an individual developer in India. The software provides basic terminal functionality and GPU-based rendering reduces system load, uses OpenGL for rendering, and can be supported on Linux and Mac. A security vulnerability exis...

PT-2024-27064 · Unknown · Strimzi Project

Name of the Vulnerable Software and Affected Versions: STRIMZI Project versions 0.41.0 and earlier Description: The issue is related to incorrect access control in the Kafka Connect REST API, which can be exploited to deny service for Kafka Mirroring. An attacker can potentially mirror topics'...

CVE-2023-5676

In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced into an infinite busy hang on a spinlock or a segmentation fault if a shutdown signal SIGTERM, SIGINT or SIGHUP is received before the JVM has finished initializing...

PT-2023-32256 · Eclipse +4 · Eclipse Openj9 +4

Name of the Vulnerable Software and Affected Versions: Eclipse OpenJ9 versions prior to 0.41.0 Description: The issue is related to a denial of service caused by a flaw when a shutdown signal SIGTERM, SIGINT or SIGHUP is received before the JVM has finished initializing. This can lead to an...

Slack Morphism 安全漏洞

Slack Morphism is a modern asynchronous client library for Rust with support for Slack Web/Events API/Socket Mode and Block Kit. An information disclosure vulnerability exists in Slack Morphism versions prior to 0.41.0, which stems from the potential disclosure of Slack OAuth client information i...

Slack Morphism for Rust before 0.41.0 can leak Slack OAuth client information in application debug logs

Impact Potential/accidental leaking of Slack OAuth client information in application debug logs. Patches More strict and secure debug formatting was introduced in v0.41 for OAuth secret types to avoid the possibility of printing sensitive information in application logs. Workarounds Don't...

Mcrouter Resource Management Error Vulnerability

Mcrouter is a memcached protocol router. A resource management error vulnerability exists in Mcrouter versions prior to v0.41.0, which can be exploited by an attacker to exhaust resources or cause a denial of service...

Rapid7 Komand Information Disclosure Vulnerability

Rapid7 Komand is a suite of IT security automation solutions from Rapid7 USA. The product features task automation, malware identification, vulnerability patching and email threat identification. A security vulnerability exists in Rapid7 Komand 0.41.0 and prior versions. An attacker could exploit...

CVE-2018-5559

In Rapid7 Komand version 0.41.0 and prior, certain endpoints that are able to list the always encrypted-at-rest connection data could return some configurations of connection data without obscuring sensitive data from the API response sent over an encrypted channel. This issue does not affect...

CVE-2018-5559

In Rapid7 Komand version 0.41.0 and prior, certain endpoints that are able to list the always encrypted-at-rest connection data could return some configurations of connection data without obscuring sensitive data from the API response sent over an encrypted channel. This issue does not affect...

CVE-2018-5559

In Rapid7 Komand version 0.41.0 and prior, certain endpoints that are able to list the always encrypted-at-rest connection data could return some configurations of connection data without obscuring sensitive data from the API response sent over an encrypted channel. This issue does not affect...

PDFunite 0.41.0 - .pdf Local Buffer Overflow Exploit

Exploit for windows platform in category dos / poc Exploit Title: PDFunite Malformed pdf buffer overflow Exploit Author: Hamm3r.py Vendor Homepage: https://launchpad.net/ubuntu/artful/+package/poppler-utils Software Link: https://launchpad.net/ubuntu/+source/poppler/0.57.0-2ubuntu4.2 Version:...