RLSA-2026:18868 Important: linux-sgx security update

The Intel SGX SDK is a collection of APIs, libraries, documentations and tools that allow software developers to create and debug Intel SGX enabled applications in C/C++. Security Fixes: qs: qs: Denial of Service via improper input validation in array parsing CVE-2025-15284 node-tar: tar: node-ta...

qs: qs: Denial of Service via improper input validation in array parsing

A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation e.g., a=value. This bypasses the arrayLimit option, which is designed to limit the size of...

RHEL 10 : linux-sgx (RHSA-2026:18480)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:18480 advisory. The Intel SGX SDK is a collection of APIs, libraries, documentations and tools that allow software developers to create and debug Intel SG...

CVE-2026-7572

Velociraptor (Velocidex Velociraptor) before version 0.76.5 on Windows and Linux contains an off-by-one error (CWE-193) in the EVTX parser, specifically in ConsumeUnit16Array and ConsumeUnit64Array, that allows a local attacker to cause a Denial of Service via a crafted .evtx file sent to the par...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.20.12 bug fix and security update

Red Hat OpenShift Container Platform release 4.20.12 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.20. Red Hat Product Security has rated this update as having a...

ROS-20251006-16

A vulnerability in a library that provides basic functionality for data serialization and deserialization Jackson Core, is related to the fact that when parsing JSON from an array of bytes with offset and length, an exception message is erroneously read from the beginning of the array. exception...

ROS-20251006-14

A vulnerability in a library that provides basic functionality for data serialization and deserialization Jackson Core, is related to the fact that when parsing JSON from an array of bytes with offset and length, an exception message is erroneously read from the beginning of the array. exception...

CVE-2025-32389 NamelessMC Vulnerable to SQL Injections in /user/messaging and /panel/users/reports Pages

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Prior to version 2.1.4, NamelessMC is vulnerable to SQL injection by providing an unexpected square bracket GET parameter syntax. Square bracket GET parameter syntax refers to the structure...

PT-2024-1984 · Unknown · Gguf Library

Name of the Vulnerable Software and Affected Versions: GGUF library affected versions not specified Description: A heap-based buffer overflow vulnerability exists in the GGUF library's GGUF TYPE ARRAY/GGUF TYPE STRING parsing functionality of llama.cpp. This issue is related to integer overflow...

CVE-2021-32765

An integer overflow flaw when parsing array replies was found in hiredis, which leads to a buffer overflow and subsequent code execution. This flaw allows a remote attacker to execute arbitrary commands and craft a malicious payload to execute commands on the system. The highest threat from this...

(Pwn2Own) Sony X800G Smart TV Vewd Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sony X800G Smart TV. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

FreeBSD : bro -- multiple memory allocation issues (2f4fd3aa-32f8-4116-92f2-68f05398348e)

Corelight reports : Bro 2.5.4 primarily fixes security issues Multiple fixes and improvements to BinPAC generated code related to array parsing, with potential impact to all Bro's BinPAC-generated analyzers in the form of buffer over-reads or other invalid memory accesses depending on whether a...

bro -- multiple memory allocation issues

Corelight reports: Bro 2.5.4 primarily fixes security issues Multiple fixes and improvements to BinPAC generated code related to array parsing, with potential impact to all Bro's BinPAC-generated analyzers in the form of buffer over-reads or other invalid memory accesses depending on whether a...

ALPINE-CVE-2018-5686

In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdfparsearray function pdf/pdf-parse.c because EOF is not considered. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file...

Fedora 19 : nodejs-qs-0.6.6-3.fc19 (2014-11399)

The qs module has the ability to create sparse arrays during parsing. By specifying a high index it is possible to create a large array that will eventually take up all the allocated memory of the running process, resulting in a crash. More information:...

PHP 4.x/5.0.1 PHP_Variables Remote Memory Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11334/info A vulnerability is reported to present itself in the array parsing functions of the 'phpvariables.c' PHP source file. The vulnerability occurs when a PHP script is being used to print URI parameters or data, th...

Apple QuickTime FPX Subimage Count Out-of-bounds Counter Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required in that a user must be coerced into opening up a malicious document or visiting a malicious website. The specific flaw exists within the way the...

FreeBSD : php -- php_variables memory disclosure (ad74a1bd-16d2-11d9-bc4a-000c41e2cdad)

Stefano Di Paola reports : Bad array parsing in phpvariables.c could lead to show arbitrary memory content such as pieces of php code and other data. This affects all GET, POST or COOKIES variables. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in th...

90% of programs made in PHP5 and prior Full Path Disclosure vuln.

:Introduction: Normally one of the last steps when accessing to a web-server is to find the url where the web is installed more common in RFD. This may be a hard step, if the RPD is the only bug in that server, but PHP programs have functions that unexpectedly can return lots of errors. ATTENTION...

PHP 4.x/5.0.1 - PHP_Variables Remote Memory Disclosure

source: https://www.securityfocus.com/bid/11334/info A vulnerability is reported to present itself in the array parsing functions of the 'phpvariables.c' PHP source file. The vulnerability occurs when a PHP script is being used to print URI parameters or data, that are supplied by a third party,...