23140 matches found
CVE-2003-1579
Sun ONE aka iPlanet Web Server 6 on Windows, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing...
CVE-2002-2236
Format string vulnerability in the awplog function in apt-www-proxy 0.1 allows remote attackers to execute arbitrary code...
CVE-2002-2022
Format string vulnerability in Kaffe OpenVM 1.0.6 and earlier allows local users to execute arbitrary code, when a java.lang.NoClassDefFoundError is thrown, via format specifiers in the forName attribute...
CVE-2002-1789
Format string vulnerability in newsx NNTP client before 1.4.8 allows local users to execute arbitrary code via format string specifiers that are not properly handled in a call to the syslog function...
CVE-2005-3666
Multiple unspecified format string vulnerabilities in multiple unspecified implementations of Internet Key Exchange version 1 IKEv1 have multiple unspecified attack vectors and impacts, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of information in the original...
CVE-2009-5141
Format string vulnerability in War FTP Daemon warftpd 1.82 RC 12 allows remote authenticated users to cause a denial of service crash via format string specifiers in a LIST command...
CVE-1999-0794
Microsoft Excel does not warn a user when a macro is present in a Symbolic Link SYLK format file...
AZL-72829 CVE-2025-37938 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: tracing: Verify event formats that have "%p.." The trace event verifier checks the formats of trace events to make sure that they do not point at memory that is not in the trace event itself or in data that will never be freed. I...
CVE-2025-37938
In the Linux kernel, the following vulnerability has been resolved: tracing: Verify event formats that have "%p.." The trace event verifier checks the formats of trace events to make sure that they do not point at memory that is not in the trace event itself or in data that will never be freed. I...
CVE-2025-37938 tracing: Verify event formats that have "%*p.."
In the Linux kernel, the following vulnerability has been resolved: tracing: Verify event formats that have "%p.." The trace event verifier checks the formats of trace events to make sure that they do not point at memory that is not in the trace event itself or in data that will never be freed. I...
CVE-2025-37938
The CVE-2025-37938 entry affects the Linux kernel tracing subsystem. The issue arises in the trace event verifier when formats like "%*p.." are used; if an event references data that is freed before being read, the verifier may dereference freed memory, risking a kernel crash. The description ind...
[SECURITY] Fedora 41 Update: woff-0.20091126-47.fc41
Provides the sfnt2woff and woff2sfnt command-line tools for encoding and decoding Web Open Font Format WOFF files...
[SECURITY] Fedora 42 Update: woff-0.20091126-47.fc42
Provides the sfnt2woff and woff2sfnt command-line tools for encoding and decoding Web Open Font Format WOFF files...
A Private Approximation of the 2nd-Moment Matrix of Any Subsamplable Input
We study the problem of differentially private second moment estimation and present a new algorithm that achieve strong privacy-utility trade-offs even for worst-case inputs under subsamplability assumptions on the data. We call an input $m,α,β$-subsamplable if a random subsample of size $m$ or...
Double Free
Overview Affected versions of this package are vulnerable to Double Free via the archivereadformatrarseekdata function. An attacker can cause memory corruption or potentially execute arbitrary code by triggering a double-free condition through crafted input. Remediation Upgrade libarchive to...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unvalidated inclusion of %p... in tracing. 's event format...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the archivereadsupportformatwarc.c process. An attacker can cause memory corruption or unpredictable program behavior by supplying a specially crafted WARC file with an excessively large content length...
Back to Square Roots: an Optimal Bound on the Matrix Factorization Error for Multi-Epoch Differentially Private SGD
Matrix factorization mechanisms for differentially private training have emerged as a promising approach to improve model utility under privacy constraints. In practical settings, models are typically trained over multiple epochs, requiring matrix factorizations that account for repeated...
OESA-2025-1525 glib2 security update
GLib is a bundle of three formerly five low-level system libraries written in C and developed mainly by GNOME. GLib's code was separated from GTK, so it can be used by software other than GNOME and has been developed in parallel ever since. Security Fixes: A flaw was found in GLib. An integer...
OESA-2025-1514 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: blk-mq: Fix kmemleak in blkmqinitallocatedqueue There is a kmemleak caused by modprobe nullblk.ko unreferenced object 0xffff8881acb1f000 size 1024: comm...