OESA-2025-1076 podman security update

Podman manages the entire container ecosystem which includes pods, containers, container images, and container volumes using the libpod library. Security Fixes: If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavio...

SUSE CVE-2025-20128

A vulnerability in the Object Linking and Embedding 2 OLE2 decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buff...

SunGrow WiNet-S 安全漏洞

SunGrow WiNet-S is a LAN communication module from SunGrow, China. A security vulnerability exists in SunGrow WiNet-S version V200.001.00.P027 and prior versions, which can be exploited by an attacker to decrypt all firmware updates...

CVE-2024-50697

In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when decrypting MQTT messages, the code that parses specific TLV fields does not have sufficient bounds checks. This may result in a stack-based buffer overflow...

CVE-2024-50690

CVE-2024-50690 affects SunGrow WiNet-SV200.001.00.P027 and older; the root cause is a hardcoded password embedded in the WiNet WebUI that can be used to decrypt all firmware updates. This enables an attacker to decrypt firmware updates, potentially compromising device integrity and exposing updat...

PT-2025-2887 · Sungrow · Sungrow Winet-Sv200

Name of the Vulnerable Software and Affected Versions: SunGrow WiNet-SV200 versions 0.001.00.P027 and earlier Description: The issue arises when decrypting MQTT messages, specifically due to insufficient bounds checks in the code that parses certain TLV fields. This may lead to a stack-based buff...

CVE-2024-50697

In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when decrypting MQTT messages, the code that parses specific TLV fields does not have sufficient bounds checks. This may result in a stack-based buffer overflow...

ECOVACS robot lawnmowers和vacuums 安全漏洞

ECOVACS robot vacuums and ECOVACS robot lawnmowers are both products of the Chinese company ECOVACS.ECOVACS robot vacuums are a line of vacuum cleaners.ECOVACS robot lawnmowers are a line of lawnmowers. A security vulnerability exists in the ECOVACS robot lawnmowers and vacuums that stems from th...

UBUNTU-CVE-2025-20128

A vulnerability in the Object Linking and Embedding 2 OLE2 decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buff...

DEBIAN-CVE-2025-20128

A vulnerability in the Object Linking and Embedding 2 OLE2 decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buff...

CVE-2025-20128 ClamAV OLE2 File Format Decryption Denial of Service Vulnerability

A vulnerability in the Object Linking and Embedding 2 OLE2 decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buff...

CVE-2025-20128 ClamAV OLE2 File Format Decryption Denial of Service Vulnerability

A vulnerability in the Object Linking and Embedding 2 OLE2 decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buff...

CVE-2025-20128

The vulnerability CVE-2025-20128 affects ClamAV’s OLE2 file decryption. An integer underflow in a bounds check allows a heap buffer overflow read via a crafted OLE2 content file, enabling an unauthenticated remote attacker to cause a DoS by terminating the ClamAV scanning process. Cisco’s advisor...

ClamAV 安全漏洞

ClamAV Clam AntiVirus is a free and open source antivirus program from the ClamAV team. The software is used to detect Trojans, viruses, malware and other malicious threats. ClamAV suffers from a security vulnerability that stems from an integer underflow in OLE2 decryption, which allows...

PT-2025-1255

Name of the Vulnerable Software and Affected Versions: ClamAV versions 1.0.0 through 1.4.1 Description: A vulnerability in the Object Linking and Embedding 2 OLE2 decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected...

CVE-2025-24461

In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint...

CVE-2025-24461

In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint...

CVE-2025-24461

In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint...

CVE-2024-22347

IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

CVE-2024-50564

A use of hard-coded cryptographic key in Fortinet FortiClientWindows version 7.4.0, 7.2.x all versions, 7.0.x all versions, and 6.4.x all versions may allow a low-privileged user to decrypt interprocess communication via monitoring named piped...