2586 matches found
CVE-2025-15270 FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability
FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit ...
CVE-2025-15270
FontForge SFD File Parsing vulnerabilities (CVE-2025-15270) arise from improper validation of data while parsing SFD files, causing out-of-bounds writes and remote code execution. The connected Mageia advisory confirms a FontForge fix in updated packages; other sources describe the same issue and...
CVE-2025-15270
FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit ...
CVE-2025-15270
FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit ...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992826)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992826 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check gpioid before used as array index WHY & HOW GPIOIDUNKNOWN -1 is not a vali...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993188)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993188 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add array index check for hdcp ddc access Why Coverity reports OVERRUN warning. ...
Linux Distros Unpatched Vulnerability : CVE-2025-15270
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitra...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an array index out-of-bounds, which could lead to out-of-bounds reads...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992647)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992647 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add array index check for hdcp ddc access Why Coverity reports OVERRUN warning. ...
CLSA-2025-1767028399 java-11-openjdk: Fix of 5 CVEs
Upgrade to openjdk-11.0.29+7 GA. The following CVEs were fixed: - CVE-2023-48161: fix buffer overflow vulnerability - CVE-2024-21147: RangeCheckElimination array index overflow - CVE-2025-21587: fix TLS connection support to avoid unauthorized access to critical data - CVE-2025-53057: enhance...
PT-2025-53818
Name of the Vulnerable Software and Affected Versions FontForge affected versions not specified Description A flaw exists in FontForge related to the parsing of SFD files. Insufficient validation of user-supplied data can lead to a write past the end of an allocated array, potentially allowing a...
(0Day) FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SFD files...
SUSE CVE-2023-54090
In the Linux kernel, the following vulnerability has been resolved: ixgbe: Fix panic during XDPTX with 64 CPUs Commit 4fe815850bdc "ixgbe: let the xdpdrv work with more than 64 cpus" adds support to allow XDP programs to run on systems with more than 64 CPUs by locking the XDP TX rings and indexi...
PT-2026-2607
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The rose kill by device function in the Linux kernel incorrectly indexes an array, potentially leading to an out-of-bounds read or an invalid socket pointer dereference. The function...
Improper Validation of Array Index
Overview Affected versions of this package are vulnerable to Improper Validation of Array Index via the DeleteSess and Sess functions in the session lookup/deletion process. An attacker can cause a crash of the service by sending a specially crafted request with a very large SEID value, leading t...
CVE-2025-0657
CVE-2025-0657 describes a vulnerability affecting Automated Logic WebCTRL and Carrier i-Vu Gen5 controllers. The issue arises in BACnet MS/TP communication, where malformed packets can be sent to the device, leading to a fault state that requires a manual power cycle to restore network visibility...
EUVD-2025-198711
Array index error in tlsverifycallback in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSLgetexdataX509STORECTXidx to return -1...
Improper Validation of Array Index
Overview Affected versions of this package are vulnerable to Improper Validation of Array Index via the tlsverifycallback function. An attacker can cause the application to crash by sending a specially crafted DTLS handshake that results in SSLgetexdataX509STORECTXidx returning -1. Remediation...
CVE-2025-65499
Array index error in tlsverifycallback in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSLgetexdataX509STORECTXidx to return -1...
CVE-2025-65499
Array index error in tlsverifycallback in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSLgetexdataX509STORECTXidx to return -1...