CVE-2025-46121

The CVE-2025-46121 affects CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139. The flaw arises in stamgr_cfg_adpt_addStaFavourite and stamgr_cfg_adpt_addStaIot that pass a client hostname directly to snprintf as the format string, enabling unauthenticated format-string process...

CVE-2025-46123

CVE-2025-46123 affects CommScope Ruckus Unleashed (versions before 200.15.6.212.14 and 200.17.7.0.139) and Ruckus ZoneDirector (before 10.5.1.0.279). The issue arises from an authenticated configuration endpoint (/admin/_conf.jsp) that writes the Wi‑Fi guest password to memory using snprintf with...

IrfanView CADImage Plugin 缓冲区错误漏洞

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user-supplied data when parsing DWG files, which can be exploited by an attacker to execute code in the context of the current...

PT-2025-30285 · Commscope · Ruckus Unleashed +1

Name of the Vulnerable Software and Affected Versions: CommScope Ruckus Unleashed versions prior to 200.15.6.212.14 and 200.17.7.0.139 CommScope Ruckus ZoneDirector versions prior to 10.5.1.0.279 Description: An issue exists where the authenticated configuration endpoint /admin/ conf.jsp writes t...

IrfanView CADImage Plugin 缓冲区错误漏洞

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user-supplied data when parsing DWG files, which can be exploited by an attacker to execute code in the context of the current...

IrfanView CADImage Plugin 缓冲区错误漏洞

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user-supplied data when parsing DXF files, which can be exploited by an attacker to execute code in the context of the current...

IrfanView CADImage Plugin 缓冲区错误漏洞

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user-supplied data when parsing DWG files, which can be exploited by an attacker to execute code in the context of the current...

IrfanView CADImage Plugin 缓冲区错误漏洞

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user-supplied data when parsing DXF files, which can be exploited by an attacker to execute code in the context of the current...

IrfanView CADImage Plugin 缓冲区错误漏洞

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user-supplied data when parsing DXF files, which can be exploited by an attacker to execute code in the context of the current...

CVE-2025-54064

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. The common Rucio helm-charts for the rucio-server, rucio-ui, and rucio-webui define the log format for the apache access log of these components...

OESA-2025-1853 gdb security update

GDB, the GNU Project debugger, allows you to see what is going on inside another program while it executes -- or what another program was doing at the moment it crashed. Security Fixes: GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the functi...

CVE-2025-53622

DSpace open source software is a repository application which provides durable access to digital resources. Prior to versions 7.6.4, 8.2, and 9.1, a path traversal vulnerability is possible during the import of an archive in Simple Archive Format, either from command-line ./dspace import command ...

CVE-2025-54064

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. The common Rucio helm-charts for the rucio-server, rucio-ui, and rucio-webui define the log format for the apache access log of these components...

CVE-2025-54064 rucio-server, rucio-ui, and rucio-webui vulnerable to insertion of X-Rucio-Auth-Token in apache access logfiles

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. The common Rucio helm-charts for the rucio-server, rucio-ui, and rucio-webui define the log format for the apache access log of these components...

PT-2025-29919 · Unknown +2 · Rucio-Webui +3

Name of the Vulnerable Software and Affected Versions: rucio-server versions 37.0.2, 35.0.1, and 32.0.1 rucio-ui versions 37.0.4, 35.0.1, and 32.0.2 rucio-webui versions 37.0.2, 35.1.1, and 32.0.1 Description: Rucio is a software framework used to organize, manage, and access large volumes of...

SUSE CVE-2025-53101

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's magick mogrify command, specifying multiple consecutive %d format specifiers in a filename template causes internal pointer arithmetic to...

Directory Traversal

Overview org.dspace:dspace-api is a DSpace core data model and service APIs. Affected versions of this package are vulnerable to Directory Traversal in the import process when handling Simple Archive Format packages. An attacker can access sensitive files on the server by crafting a malicious...

DSpace is vulnerable to Path Traversal attacks when importing packages using Simple Archive Format

Impact A path traversal vulnerability is possible during the import of an archive in Simple Archive Format, either from command-line ./dspace import command or from the "Batch Import Zip" user interface feature. This vulnerability likely impacts all versions of DSpace 1.x = 7.6.3, 8.0 = 8.1, and...

GHSA-VHVX-8XGC-99WF DSpace is vulnerable to Path Traversal attacks when importing packages using Simple Archive Format

Impact A path traversal vulnerability is possible during the import of an archive in Simple Archive Format, either from command-line ./dspace import command or from the "Batch Import Zip" user interface feature. This vulnerability likely impacts all versions of DSpace 1.x = 7.6.3, 8.0 = 8.1, and...

CVE-2025-53622

DSpace open source software is a repository application which provides durable access to digital resources. Prior to versions 7.6.4, 8.2, and 9.1, a path traversal vulnerability is possible during the import of an archive in Simple Archive Format, either from command-line ./dspace import command ...