4670 matches found
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to properly handle buffers when the lat architecture decodes errors, which could lead to null...
GO-2025-3922 Memory leaks when decoding a corrupted multiple LZMA archives in github.com/ulikunitz/xz
Memory leaks when decoding a corrupted multiple LZMA archives in github.com/ulikunitz/xz...
CVE-2023-53360 NFSv4.2: Rework scratch handling for READ_PLUS (again)
In the Linux kernel, the following vulnerability has been resolved: NFSv4.2: Rework scratch handling for READPLUS again I found that the read code might send multiple requests using the same nfspgioheader, but nfs4procreadsetup is only called once. This is how we ended up occasionally...
Medium: mpg123
Issue Overview: An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to...
Amazon Linux 2 : mpg123, --advisory ALAS2-2025-2997 (ALAS-2025-2997)
The version of mpg123 installed on the remote host is prior to 1.32.9-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2997 advisory. An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the...
pentestdb
This is a repository of penetration testing tools and resources, specifically designed for web application security testing. The repository is called "pentestdb" and is maintained by a user named "alpha1e0". The repository contains a variety of tools and resources, including: 1. Exploit systems: ...
SUSE-SU-2025:20716-1 Security update for sevctl
This update for sevctl fixes the following issues: - CVE-2025-3416: openssl: Fixed Use-After-Free in Md::fetch and Cipher::fetch bsc1242618 - CVE-2024-12224: idna: Fixed Punycode labels not producing any non-ASCII when decode bsc1243860...
Security update for sevctl
This update for sevctl fixes the following issues: CVE-2025-3416: openssl: Fixed Use-After-Free in Md::fetch and Cipher::fetch bsc1242618 CVE-2024-12224: idna: Fixed Punycode labels not producing any non-ASCII when decode bsc1243860 Patch Instructions: To install this SUSE update use the SUSE...
[SECURITY] Fedora 41 Update: glycin-1.1.6-3.fc41
Sandboxed and extendable image decoding...
GHSA-4HJH-WCWX-XVWJ Axios is vulnerable to DoS attack through lack of data size check
Summary When Axios runs on Node.js and is given a URL with the data: scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory Buffer/Blob and returns a synthetic 200 response. This path ignores maxContentLength / maxBodyLength which only protect HTTP...
[SECURITY] Fedora 41 Update: loupe-47.4-2.fc41
An image viewer application written with GTK 4, Libadwaita and Rust. Features: - Fast GPU accelerated image rendering with tiled rendering for SVGs - Extendable and sandboxed expect SVG image decoding - Support for more than 15 image formats by default - Extensive support for touchpad and...
[SECURITY] Fedora 42 Update: glycin-1.2.3-5.fc42
Sandboxed and extendable image decoding...
Linux Distros Unpatched Vulnerability : CVE-2022-20203
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In multiple locations of the nanopb library, there is a possible way to corrupt memory when decoding untrusted protobuf files. This could lead to local escalati...
Linux Distros Unpatched Vulnerability : CVE-2020-1893
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient boundary checks when decoding JSON in TryParse reads out of bounds memory, potentially leading to DOS. This issue affects HHVM 4.45.0, 4.44.0,...
Linux Distros Unpatched Vulnerability : CVE-2016-2507
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in codecs/on2/h264dec/source/h264bsdstorage.c in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before...
Linux Distros Unpatched Vulnerability : CVE-2020-1888
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient boundary checks when decoding JSON in handleBackslash reads out of bounds memory, potentially leading to DOS. This issue affects HHVM 4.45.0, 4.44....
Efficient Decoding Methods for Language Models on Encrypted Data
Large language models LLMs power modern AI applications, but processing sensitive data on untrusted servers raises privacy concerns. Homomorphic encryption HE enables computation on encrypted data for secure inference. However, neural text generation requires decoding methods like argmax and...
Linux Distros Unpatched Vulnerability : CVE-2016-2479
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The mm-video-v4l2 vdec component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles a buff...
SUSE CVE-2025-57052
cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decodearrayindexfrompointer function in cJSONUtils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters...
Linux Distros Unpatched Vulnerability : CVE-2022-36032
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ReactPHP HTTP is a streaming HTTP client and server implementation for ReactPHP. In ReactPHP's HTTP server component versions starting with 0.7.0 and prior to...