1721 matches found
JLSEC-2026-261 Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter...
Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading ...
CVE-2026-39324 vulnerabilities
Vulnerabilities for packages: ruby4.0-rails, ruby3.2-rails, ruby3.4-rails, pact-broker-docker-fips, pact-broker-docker, ruby3.3-rails, logstash...
CVE-2026-34831 vulnerabilities
Vulnerabilities for packages: ruby4.0-rack, gitlab-rails-ce, gitlab-cng, ruby3.2-rack, ruby3.2-rails, ruby3.3-rack, ruby3.4-rails, pact-broker-docker-fips, pact-broker-docker, logstash, gitlab-rails-ce-fips, kube-fluentd-operator, ruby3.4-rack...
GHSA-QV7J-4883-HWH7 vulnerabilities
Vulnerabilities for packages: ruby4.0-rack, gitlab-rails-ce, gitlab-cng, ruby3.2-rack, ruby3.2-rails, ruby3.3-rack, ruby3.4-rails, pact-broker-docker-fips, pact-broker-docker, logstash, gitlab-rails-ce-fips, kube-fluentd-operator, ruby3.4-rack...
CVE-2026-26961 vulnerabilities
Vulnerabilities for packages: ruby4.0-rack, gitlab-rails-ce, gitlab-cng, ruby3.2-rack, ruby3.2-rails, ruby3.3-rack, ruby3.4-rails, pact-broker-docker-fips, pact-broker-docker, logstash, gitlab-rails-ce-fips, kube-fluentd-operator, ruby3.4-rack...
CVE-2018-25253 Termite 3.4 Denial of Service via Settings Buffer Overflow
Termite 3.4 contains a buffer overflow vulnerability in the User interface language settings field that allows local attackers to cause a denial of service by supplying an excessively long string. Attackers can paste a 2000-byte payload into the Settings User interface language field to crash the...
CVE-2018-25253
Termite 3.4 contains a local denial-of-service vulnerability caused by a buffer overflow in the Settings -> User interface language settings field. A 2000-byte payload can crash the application, indicating a vulnerable input handling path in the UI language setting. The available sources descr...
PT-2026-30373
Termite 3.4 contains a buffer overflow vulnerability in the User interface language settings field that allows local attackers to cause a denial of service by supplying an excessively long string. Attackers can paste a 2000-byte payload into the Settings User interface language field to crash the...
Compuphase Termite 缓冲区错误漏洞
Compuphase Termite is a serial terminal tool developed by the Dutch company Compuphase. Version 3.4 of Compuphase Termite contains a buffer overflow vulnerability. This vulnerability stems from an issue with the user interface language settings field, which may lead to local attackers causing the...
Python Library OpenEXR 3.4.x < 3.4.7 Heap Buffer Overflow (OOB Read)
The version of the OpenEXR Python package installed on the remote host is 3.4.x prior to 3.4.7. It is, therefore, affected by a heap buffer overflow vulnerability: - A heap-buffer-overflow out-of-bounds read occurs in the the HTJ2K decoder in OpenEXR when copying decompressed samples from OpenJPH...
K000160557: OpenSSL vulnerability CVE-2025-69418
Security Advisory Description Issue summary: When using the low-level OCB API directly with AES-NI or other hardware-accelerated code paths, inputs whose length is not a multiple of 16 bytes can leave the final partial block unencrypted and unauthenticated. Impact summary: The trailing 1-15 bytes...
CVE-2026-33658 vulnerabilities
Vulnerabilities for packages: gitlab-rails-ce, gitlab-rails-ce-fips, ruby3.4-rails...
CVE-2026-22731
Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under a specific path, already configured for a Health Group additional path. This issue affects Spring Boot: from 4.0 before...
Astra Linux – Vulnerability in OpenSSL
Issue Summary: A TLS 1.3 connection that uses certificate compression can be forced to allocate a large buffer before decompression, without checking against the configured certificate size limit. Impact Summary: An attacker can cause per-connection memory allocations of up to approximately 22 Mi...
Security Bulletin: IBM SPSS Analytic Server is affected by Critical XXE vulnerability in Apache Tika (CVE-2025-66516)
Summary IBM SPSS Analytic Server is affected by Critical XXE vulnerability in Apache Tika CVE-2025-66516. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-66516 DESCRIPTION: Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and...
Siemens SIMATIC S7-1500 Out-of-bounds Write (CVE-2025-68160)
Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out- of-bounds write can cause memory corruption which typically results in a crash, leading...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: openssl (UTSA-2026-005350)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005350 advisory. Issue summary: Processing a malformed PKCS12 file can trigger a NULL pointer dereference in the PKCS12itemdecryptd2iex function. Impact summary: A NULL pointer...
CVE-2025-15468
Issue summary: If an application using the SSLCIPHERfind function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs. Impact summary: A NULL pointer dereference leads to abnormal termination of the running process causing Denial of Servic...
EUVD-2025-206402
Issue summary: PBMAC1 parameters in PKCS12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer or NULL pointer dereference during MAC verification. Impact summary: The stack buffer overflow or NULL pointer dereference may cause a crash leading to Denial o...
Security Bulletin: IBM SPSS Analytic Server is affected by XML External Entity injection vulnerability in Apache Tika (CVE-2025-54988)
Summary IBM SPSS Analytic Server is affected by XML External Entity injection vulnerability in Apache Tika CVE-2025-54988. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-54988 DESCRIPTION: Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika...