23150 matches found
GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec heap-based overflow
...
[SECURITY] Fedora 41 Update: libheif-1.19.5-3.fc41
libheif is an ISO/IEC 23008-12:2017 HEIF and AVIF AV1 Image File Format file format decoder and encoder...
[SECURITY] Fedora 40 Update: libheif-1.19.5-3.fc40
libheif is an ISO/IEC 23008-12:2017 HEIF and AVIF AV1 Image File Format file format decoder and encoder...
CLSA-2025-1739525872 Fix CVE(s): CVE-2024-53104
CVE-url: https://ubuntu.com/security/CVE-2024-53104 - media: uvcvideo: Skip parsing frames of type UVCVSUNDEFINED in uvcparseformat...
CVE-2025-25184
A flaw was found in the rubygem-rack package. When a user provides the authorization credentials via Rack::Auth::Basic, if successful, the username is placed in env'REMOTEUSER' and later used by Rack::CommonLogger for logging purposes. The issue occurs when a server intentionally or unintentional...
jinja2: Jinja has a sandbox breakout through indirect reference to format method
A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...
[SECURITY] Fedora 40 Update: rust-eif_build-0.2.1-3.fc40
This CLI tool provides a low level path to assemble an enclave image format EIF file used in AWS Nitro Enclaves...
curl: Format string vulnerability, curl_msnprintf() function
Summary: A vulnerability has been identified in the curl library’s formatted output functions specifically in curlmsnprintf and its related functions. When a malicious attacker-controlled format string containing the %hn conversion specifier is passed, the function incorrectly attempts to write t...
jinja2: Jinja has a sandbox breakout through indirect reference to format method
A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...
SUSE CVE-2025-1153
A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. Affected by this vulnerability is the function bfdsetformat of the file format.c. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The...
OpenSearch Dashboards Reports 安全漏洞
OpenSearch Dashboards Reports is an OpenSearch open source application. It is used to export and automate PNG, PDF and CSV reports in OpenSearch Dashboard. A security vulnerability exists in OpenSearch Dashboards Reports version 2.19, which stems from the Dashboards Reports module containing a...
CVE-2023-40721
A use of externally-controlled format string vulnerability CWE-134 vulnerability in Fortinet allows a privileged attacker to execute arbitrary code or commands via specially crafted requests...
CVE-2023-40721
A use of externally-controlled format string vulnerability CWE-134 vulnerability in Fortinet allows a privileged attacker to execute arbitrary code or commands via specially crafted requests...
Astra Linux – Vulnerability in hdf5
HDF5 through 1.14.3 contains a heap buffer overflow issue in H5Aattrreleasetable, which leads to the corruption of the instruction pointer and causes denial of service or potential code execution...
BELL-CVE-2025-1152
Bulletin has no description...
Tracker Software PDF-XChange Editor 安全漏洞
Tracker Software PDF-XChange Editor is a suite of software for viewing and editing PDF format files from Tracker Software, a Canadian company. A security vulnerability exists in Tracker Software PDF-XChange Editor that stems from the RTF file parsing module containing a heap-based buffer overflow...
PT-2025-6253 · Fortinet · Fortiproxy +3
Name of the Vulnerable Software and Affected Versions: Fortinet FortiOS versions 7.4.0 through 7.4.1 and prior to 7.2.6 FortiProxy versions 7.4.0 and prior to 7.2.7 FortiPAM versions 1.1.2 and prior to 1.0.3 FortiSwitchManager versions 7.2.0 through 7.2.2 and prior to 7.0.2 Description: A use of...
Tracker Software PDF-XChange Editor 缓冲区错误漏洞
Tracker Software PDF-XChange Editor is a suite of software for viewing and editing documents in PDF format from Tracker Software, a Canadian company. Tracker Software PDF-XChange Editor suffers from a buffer error vulnerability that stems from the JB2 file parsing module containing an out-of-boun...
Fortinet Fortigate - Format string vulnerability in CLI commands (FG-IR-23-261)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-261 advisory. - A use of externally-controlled format string vulnerability CWE-134 in Fortinet FortiOS version 7.4.0 through 7.4.1 and befo...
jinja2: Jinja has a sandbox breakout through indirect reference to format method
A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...