Security Bulletin: Oracle Outside In Technology (OIT) v8.5.7 BP7 vulnerabilities CVE-2025-29482 (vulnerable), CVE-2024-8176 (not vulnerable) in FileNet Content Manager (FNCM) Content Based Retrieval (CBR) content indexing

Summary Oracle Outside In Technology OIT v8.5.7 BP7 July, 2025 CVE-2025-29482 vulnerable, CVE-2024-8176 affected, not vulnerable security vulnerabilities in FileNet Content Manager FNCM Content Based Retrieval CBR content indexing. Vulnerability Details CVEID:CVE-2024-8176 DESCRIPTION: A stack...

Linux Distros Unpatched Vulnerability : CVE-2025-29482

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer Overflow vulnerability in libheif 1.19.7 allows a local attacker to execute arbitrary code via the SAO Sample Adaptive Offset processing of libde265...

CVE-2025-29482

A flaw was found in the libheif Sample Adaptive Offset SAO processing component. This vulnerability can allow an attacker to trigger a stack-based buffer overflow and achieve code execution or cause a crash via a specially crafted HEIF/HEVC file decoded through libheif using libde265. The issue...

CVE-2025-29482

Buffer Overflow vulnerability in libheif 1.19.7 allows a local attacker to execute arbitrary code via the SAO Sample Adaptive Offset processing of libde265...

CVE-2025-29482

Buffer Overflow vulnerability in libheif 1.19.7 allows a local attacker to execute arbitrary code via the SAO Sample Adaptive Offset processing of libde265...

CVE-2022-29482

'Mobaoku-Auction&Flea Market' App for iOS versions prior to 5.5.16 improperly verifies server certificates, which may allow an attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack...

CVE-2022-29482

'Mobaoku-Auction&Flea Market' App for iOS versions prior to 5.5.16 improperly verifies server certificates, which may allow an attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack...

CVE-2022-29482

The CVE-2022-29482 entry concerns the Mobaoku-Auction & Flea Market iOS app, where improper server certificate verification (CWE-295) in versions prior to 5.5.16 enables a man-in-the-middle to eavesdrop on encrypted traffic. The vulnerability is mitigated by upgrading to version 5.5.16, released ...

Moderate: Red Hat Security Advisory: Release of containers for OSP 16.2.z director operator tech preview

Red Hat OpenStack Platform 16.2 Train director Operator containers are available for technology preview. Release osp-director-operator images Security Fixes: golang: kubernetes: YAML parsing vulnerable to "Billion Laughs" attack, allowing for remote CVE-2019-11253 golang: golang-github-miekg-dns:...

Moderate: Red Hat Security Advisory: OpenShift Virtualization 4.8.0 Images

Red Hat OpenShift Virtualization release 4.8.0 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which give...

CVE-2021-29482

xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. The problem has been fixed in release v0.5.8. As a workaround users can limit the size o...

CVE-2021-29482

CVE-2021-29482 affects the Go xz library (github.com/ulikunitz/xz) used to read xz containers. The issue is in readUvarint where crafted input can cause the loop to fail to terminate, potentially enabling a denial of service. The vulnerability has been fixed in release v0.5.8; a practical workaro...

CVE-2021-29482

xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. The problem has been fixed in release v0.5.8. As a workaround users can limit the size o...

Xen Management Tool DoS (XSA-323)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a denial of service vulnerability due to a bad path name limit in oxenstored. A malicious guest administrator can exploit this, by creating paths in the guest's own namespace that are too...

Fedora 32 : xen (2020-df772b417b)

xenstore watch notifications lacking permission checks XSA-115, CVE-2020-29480 1908091 Xenstore: new domains inheriting existing node permissions XSA-322, CVE-2020-29481 1908095 Xenstore: wrong path length check XSA-323, CVE-2020-29482 1908096 Xenstore: guests can crash xenstored via watchs...

Fedora: Security Advisory for xen (FEDORA-2020-64859a826b)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2020-29482

creationtimestamp| type| source ---|---|--- 2020-12-15 20:46:45+00:00| seen| https://t.me/cibsecurity/20865...

CVE-2020-29482

CVE-2020-29482 affects Xen up to 4.14.x via oxenstored. A guest can create xenstore paths in its own namespace that exceed the pathname limit, because management tools must use absolute paths and oxenstored enforces a limit on the client-specified path. This can cause some management tools and de...