CVE-2025-55398

An issue was discovered in mouse07410 asn1c thru 0.9.29 2025-03-20 - a fork of vlm asn1c. In UPER Unaligned Packed Encoding Rules, asn1c-generated decoders fail to enforce INTEGER constraints when the bound is positive and exceeds 32 bits in length, potentially allowing incorrect or malicious inp...

Malicious code in action-schema-compiler (npm)

The package communicates with a domain associated with malicious activity...

MAL-2025-41360 Malicious code in action-schema-compiler (npm)

The package communicates with a domain associated with malicious activity...

CVE-2025-55398

CVE-2025-55398 affects the mouse07410 asn1c fork (through 0.9.29). In UPER decoding, asn1c-generated decoders fail to enforce INTEGER constraints when the bound is positive and exceeds 32 bits, potentially processing malformed input. Affected: decoders in this asn1c fork; impact is high (per CVSS...

asn1c 安全漏洞

asn1c is an ASN.1 compiler by Lev Walkin Personal Developer. A security vulnerability exists in asn1c version 0.9.29 and earlier, which stems from the UPER decoder not properly enforcing the INTEGER constraint, which could lead to processing of malicious input...

TencentOS Server 3: java-21-openjdk (TSSA-2025:0690)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0690 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Shell Script Compiler 安全漏洞

Shell Script Compiler is a shell script compiler by the individual developer Md Jahidul Hamid. A security vulnerability exists in Shell Script Compiler 4.0.3 and earlier versions, which stems from improper handling of environment variables and can lead to os command injection...

CVE-2025-9176 neurobin shc Environment Variable shc.c make os command injection

A security flaw has been discovered in neurobin shc up to 4.0.3. Impacted is the function make of the file src/shc.c of the component Environment Variable Handler. The manipulation results in os command injection. The attack is only possible with local access. The exploit has been released to the...

CVE-2025-9175

A vulnerability was identified in neurobin shc up to 4.0.3. This issue affects the function make of the file src/shc.c. The manipulation leads to stack-based buffer overflow. The attack can only be performed from a local environment. The exploit is publicly available and might be used...

USN-7700-1 gcc-10, gcc-11, gcc-12 vulnerability

It was discovered that the -fstack-protector hardening feature in GCC for AArch64 did not properly protect dynamically-sized local variables such as those created using C99 variable length arrays or alloca. As a result, an attacker who was able to trigger a buffer overflow in such cases could...

Shell Script Compiler 命令注入漏洞

Shell Script Compiler is a Shell Script Compiler by the individual developer Md Jahidul Hamid. A command injection vulnerability exists in Shell Script Compiler version 4.0.3 and earlier, which stems from an os command injection in the file src/shc.c function make in the component Filename Handle...

Shell Script Compiler 安全漏洞

Shell Script Compiler is a Shell Script Compiler by the individual developer Md Jahidul Hamid. A security vulnerability exists in Shell Script Compiler version 4.0.3 and earlier, which stems from a stack buffer overflow in the file src/shc.c function make...

Linux Distros Unpatched Vulnerability : CVE-2025-30691

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in Oracle Java SE component: Compiler. Supported versions that are affected are Oracle Java SE: 21.0.6, 24; Oracle GraalVM for JDK: 21.0.6 and 24...

Linux Distros Unpatched Vulnerability : CVE-2017-5924

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service use-after-free and application crash via a crafted rule that is mishandled ...

Important: golang security update

The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: Go VCS Command Execution Vulnerability CVE-2025-4674 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages...

RHEL 9 : golang (RHSA-2025:13939)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:13939 advisory. The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: Go VCS Command Execution Vulnerability CVE-2025-4674 For...

Intel oneAPI Base Toolkit < 2025.1.0 Multiple Vulnerabilities

Multiple vulnerabilities exist in Intel oneAPI Base Toolkit versions prior to 2025.1.0. See vendor advisory for more details. - Uncontrolled search path for the Instrumentation and Tracing Technology API ITT API software before version 3.25.4 within Ring 3: User Applications may allow an escalati...

Malicious code in rollup-plugin-raptor-compiler (npm)

The package rollup-plugin-raptor-compiler was found to contain malicious code...

MAL-2025-31629 Malicious code in raptor-compiler-core (npm)

The package raptor-compiler-core was found to contain malicious code...

Malicious code in raptor-compiler-core (npm)

The package raptor-compiler-core was found to contain malicious code...