17 matches found
Amazon Linux 2 : libpng, --advisory ALAS2-2026-3266 (ALAS-2026-3266)
The version of libpng installed on the remote host is prior to 1.5.13-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3266 advisory. Use-after-free in pngsetPLTE, pngsettRNS and pngsethIST in libpng before 1.6.57. Passing a pointer returned by the corresponding...
PT-2026-33852
Name of the Vulnerable Software and Affected Versions gnu C Library versions prior to 2.44 Description Calling the ungetwc function on a FILE stream with wide characters encoded in a character set with overlaps between single byte and multi-byte character encodings can lead to an attempt to read...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: php (UTSA-2026-005379)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005379 advisory. In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containin...
MiracleLinux 7 : php-5.4.16-48.0.5.el7.AXS7 (AXSA:2025-9709:01)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9709:01 advisory. CVE-2024-8929: fix various heap buffer over-reads CVEs: CVE-2024-8929 In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, a hostile...
Linux Distros Unpatched Vulnerability : CVE-2025-62493
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability exists in the QuickJS engine's BigInt string conversion logic jsbiginttostring1 due to an incorrect calculation of the required number of digit...
UBUNTU-CVE-2025-62493
A vulnerability exists in the QuickJS engine's BigInt string conversion logic jsbiginttostring1 due to an incorrect calculation of the required number of digits, which in turn leads to reading memory past the allocated BigInt structure. The function determines the number of characters ndigits...
PT-2025-42490
Name of the Vulnerable Software and Affected Versions QuickJS affected versions not specified Description An issue exists in the QuickJS engine’s BigInt string conversion logic within the js bigint to string1 function. This is due to an incorrect calculation of the required number of digits,...
Linux Distros Unpatched Vulnerability : CVE-2016-9573
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2ktoimage tool. Converting a specially crafted JPEG2000 file to another format could...
CVE-2020-0143
In nfadmndeffindnexthandler of nfadmndef.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure of heap data via compromised device firmware with System execution privileges needed. User interaction is not needed for...
BIT-PHP-MIN-2024-8929 Leak partial content of the heap through heap buffer over-read in mysqlnd
In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server...
AZL-40520 CVE-2024-27282 affecting package ruby for versions less than 3.3.3-1
An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3.1...
Facebook Hermes 资源管理错误漏洞
Facebook Hermes is a JavaScript engine from Facebook Inc. in the United States. The engine is targeted at React Native applications to improve the performance of mobile client application apps, but not for server-side infrastructures such as browsers & Node.js. Facebook Hermes suffers from a...
openSUSE 15 Security Update : stb (openSUSE-SU-2022:0018-1)
The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE-SU-2022:0018-1 advisory. - An issue was discovered in stb stbimage.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA, leading ...
ALPINE-CVE-2019-12528
An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes...
CVE-2016-9573
An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2ktoimage tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap...
DEBIAN-CVE-2016-9573
An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2ktoimage tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap...
PT-2018-5094 · Openjpeg +4 · Openjpeg +4
Name of the Vulnerable Software and Affected Versions: OpenJPEG version 2.1.2 Description: An out-of-bounds read issue was found in the j2k to image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from t...