PT-2025-27419

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A remotely-triggerable crash can occur in the Linux kernel if a client sends a specially crafted packet to the kernel RPC server. This happens when decoding the RPC reply fails and...

Buffer Over-read

Overview Affected versions of this package are vulnerable to Buffer Over-read via improper output length handling in the GIF LZW decoding process. An attacker can access limited portions of uninitialized memory by providing a specially crafted GIF file that triggers the inclusion of arbitrary...

USN-7570-1 python3.13, python3.12, python3.11, python3.10, python3.9, python3.8, python3.7, python3.6 vulnerabilities

It was discovered that Python incorrectly handled certain unicode characters during decoding. An attacker could possibly use this issue to cause a denial of service. CVE-2025-4516 It was discovered that Python incorrectly handled unicode encoding of email headers with list separators in folded...

USN-7570-1: Python vulnerabilities

It was discovered that Python incorrectly handled certain unicode characters during decoding. An attacker could possibly use this issue to cause a denial of service. CVE-2025-4516 It was discovered that Python incorrectly handled unicode encoding of email headers with list separators in folded...

ALSA-2025:9118 Important: libvpx security update

The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Security Fixes: libvpx: Double-free in libvpx encoder CVE-2025-5283 For more details about the security issues, including the impac...

Medium: libtasn1

Issue Overview: When an input DER data contains a large number of SEQUENCE OF or SET OF elements, decoding the data and searching a specific element in it take quadratic time to complete. This could be utilized for a remote DoS attack by presenting a crafted certificate to the network peer...

Medium: gnutls

Issue Overview: A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send...

BF-Max: an Efficient Bit Flipping Decoder with Predictable Decoding Failure Rate

The Bit-Flipping BF decoder, thanks to its very low computational complexity, is widely employed in post-quantum cryptographic schemes based on Moderate Density Parity Check codes in which, ultimately, decryption boils down to syndrome decoding. In such a setting, for security concerns, one must...

SUSE-SU-2025:00764-1 Security update for gnutls

This update for gnutls fixes the following issues: - CVE-2024-12243: quadratic complexity of DER input decoding in libtasn1 can lead to a DoS bsc1236974...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm, Inc. A security vulnerability exists in Qualcomm Chipsets, which stems from an improper header length when decoding RTP packets could lead to information disclosure...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that stems from a potential information disclosure when decoding network invalid header extension RTP packets...

Medium: libtasn1

Issue Overview: When an input DER data contains a large number of SEQUENCE OF or SET OF elements, decoding the data and searching a specific element in it take quadratic time to complete. This could be utilized for a remote DoS attack by presenting a crafted certificate to the network peer...

Safety Alignment Can Be Not Superficial with Explicit Safety Signals

Recent studies on the safety alignment of large language models LLMs have revealed that existing approaches often operate superficially, leaving models vulnerable to various adversarial attacks. Despite their significance, these studies generally fail to offer actionable solutions beyond data...

RHEL 9 : libtasn1 (RHSA-2025:8021)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:8021 advisory. A library that provides Abstract Syntax Notation One ASN.1, as specified by the X.680 ITU-T recommendation parsing and structures management, and...

RHEL 9 : gnutls (RHSA-2025:7076)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:7076 advisory. The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS...

CVE-2024-32035

ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in image decoders. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit...

CVE-2024-54111

Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability...

CVE-2024-54105

Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability...

CVE-2024-54109

Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability...

CVE-2024-54108

Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability...