Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the snappy:Decoder function. An attacker can cause excessive memory consumption and potential out-of-memory errors by sending malformed blocks that bypass request size limits. This...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the snappy:Decoder function. An attacker can cause excessive memory consumption and potential out-of-memory errors by sending malformed blocks that bypass request size limits. This...

VictoriaMetrics' Snappy Decoder DoS Vulnerability is Causing OOM

Impact Affected versions are vulnerable to DoS attacks because the snappy decoder ignored VictoriaMetrics request size limits allowing malformed blocks to trigger excessive memory use. This could lead to OOM errors and service instability. The fix enforces block-size checks based on MaxRequest...

ImageMagick < 6.9.13-32 / 7.0 < 7.1.2-7 Integer Overflow (GGHSA-9pp9-cfwx-54rm)

The remote host has a version of ImageMagick installed that is prior to 6.9.13-32, 7.0 prior to 7.1.2-7. It is, therefore, affected by integer overflow vulnerability as referenced in GGHSA-9pp9-cfwx-54rm advisory. - ImageMagick is an open source software suite for displaying, converting, and...

VictoriaMetrics 安全漏洞

VictoriaMetrics is a time series database open-sourced by VictoriaMetrics. A security vulnerability exists in VictoriaMetrics versions 1.0.0 through 1.110.23 prior, 1.111.0 through 1.122.8 prior, and 1.123.0 through 1.129.1 prior, which stems from a request size limit being ignored by the snappy...

CVE-2025-65092 ESP32-P4 JPEG Decoder Header Parsing Vulnerability

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.1, 5.4.3, and 5.3.4, when the ESP32-P4 uses its hardware JPEG decoder, the software parser lacks necessary validation checks. A specially crafted malicious JPEG image could exploit the parsing routine and trigg...

CVE-2025-65092 ESP32-P4 JPEG Decoder Header Parsing Vulnerability

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.1, 5.4.3, and 5.3.4, when the ESP32-P4 uses its hardware JPEG decoder, the software parser lacks necessary validation checks. A specially crafted malicious JPEG image could exploit the parsing routine and trigg...

CVE-2025-65092 ESP32-P4 JPEG Decoder Header Parsing Vulnerability

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.1, 5.4.3, and 5.3.4, when the ESP32-P4 uses its hardware JPEG decoder, the software parser lacks necessary validation checks. A specially crafted malicious JPEG image could exploit the parsing routine and trigg...

PT-2025-47807

Name of the Vulnerable Software and Affected Versions ESF-IDF versions 5.3.4 through 5.5.1 Description ESF-IDF, the Espressif Internet of Things IOT Development Framework, contains a flaw in its hardware JPEG decoder when used with the ESP32-P4. The software parser does not perform adequate...

Espressif IoT Development Framework 数字错误漏洞

Espressif IoT Development Framework is an open source IoT development framework from Espressif Systems. A numeric error vulnerability exists in the Espressif IoT Development Framework versions 5.5.1, 5.4.3, and 5.3.4, which stems from a lack of validation of the JPEG decoder and could lead to...

Steering in the Shadows: Causal Amplification for Activation Space Attacks in Large Language Models

Modern large language models LLMs are typically secured by auditing data, prompts, and refusal policies, while treating the forward pass as an implementation detail. We show that intermediate activations in decoder-only LLMs form a vulnerable attack surface for behavioral control. Building on...

TencentOS Server 4: librsvg2 (TSSA-2025:0073)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0073 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 3: python27 (TSSA-2023:0113)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0113 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 4: tcpdump (TSSA-2025:0081)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0081 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 3: python38 and python38-devel (TSSA-2023:0112)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0112 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Google Chrome < 3.30.33.15 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 3.30.33.15. It is, therefore, affected by multiple vulnerabilities as referenced in the 201501stable-update advisory. - Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.91 allow attackers to cause a...

TencentOS Server 4: xz (TSSA-2025:0279)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0279 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Ubuntu: Security Advisory (USN-7871-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 25.04 / 25.10 : FFmpeg vulnerability (USN-7871-1)

The remote Ubuntu 25.04 / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7871-1 advisory. It was discovered that FFmpeg incorrectly handled memory allocation in the ALS audio decoder. If a user was tricked into loading a crafted media file, a remot...

Integer Overflow

ImageMagick is vulnerable to an integer overflow. The vulnerability is due to improper integer overflow handling in the BMP decoder when calculating image buffer sizes by multiplying image width with bits per pixel, which allows an attacker to exploit a specially crafted BMP file to cause integer...