422 matches found
GPAC 安全漏洞
GPAC is an open source multimedia framework. GPAC has a buffer overflow vulnerability that stems from the vobsubgetsubpicduration function failing to properly validate the length size of the input data, which can be exploited by an attacker to cause a denial of service...
Improper Validation of Syntactic Correctness of Input
Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the email address parameter in the Email Connector. An attacker can cause...
CVE-2021-22760
A CWE-763: Release of invalid pointer or reference vulnerability exists inIGSS Definition Def.exe V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing checks of user-supplied input data, when a malicious CGF file is imported to IGSS Definition...
CVE-2021-22531
A bug exist in the input parameter of Access Manager that allows supply of invalid character to trigger cross-site scripting vulnerability. This affects NetIQ Access Manager 4.5 and 5.0...
Important: qt5-qtdeclarative
Issue Overview: Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text component ...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993120)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993120 advisory. In the Linux kernel, the following vulnerability has been resolved: acpi: nfit: fix narrowing conversion in acpinfitctl Syzkaller has reported a warning in...
CVE-2025-48638
In pkvmloadtracing of trace.c, there is a possible out-of-bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-66305
Grav vulnerability CVE-2025-66305: DoS caused by improper input handling in the Languages submenu of the Grav admin panel (/admin/config/system). The issue arises from dynamically constructing a regex from the Supported field without proper validation/escaping, leading to a fatal preg_match() err...
CVE-2025-12106
Insufficient argument validation in OpenVPN 2.7alpha1 through 2.7rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses...
CVE-2025-61608
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed...
SUSE CVE-2025-40154
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: bytcrrt5640: Fix invalid quirk input mapping When an invalid value is passed via quirk option, currently bytcrrt5640 driver only shows an error message but leaves as is. This may lead to unepxected results like OOB...
CVE-2025-40121 ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: bytcrrt5651: Fix invalid quirk input mapping When an invalid value is passed via quirk option, currently bytcrrt5640 driver just ignores and leaves as is, which may lead to unepxected results like OOB access. This...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an invalid input mapping that could lead to unexpected behavior...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989527)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989527 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: Prevent panic when SDMA is disabled If the hfi1 module is loaded with HFI1CAPSDMA off,...
SUSE CVE-2025-40099
In the Linux kernel, the following vulnerability has been resolved: cifs: parsedfsreferrals: prevent oob on malformed input Malicious SMB server can send invalid reply to FSCTLDFSGETREFERRALS - reply smaller than sizeofstruct getdfsreferralrsp - reply with number of referrals smaller than...
EUVD-2025-36979
In the Linux kernel, the following vulnerability has been resolved: cifs: parsedfsreferrals: prevent oob on malformed input Malicious SMB server can send invalid reply to FSCTLDFSGETREFERRALS - reply smaller than sizeofstruct getdfsreferralrsp - reply with number of referrals smaller than...
CVE-2025-40099
In the Linux kernel, the following vulnerability has been resolved: cifs: parsedfsreferrals: prevent oob on malformed input Malicious SMB server can send invalid reply to FSCTLDFSGETREFERRALS - reply smaller than sizeofstruct getdfsreferralrsp - reply with number of referrals smaller than...
CVE-2025-40099
CVE-2025-40099 affects the Linux kernel CIFS code: cifs: parse_dfs_referrals. Malicious SMB server can send malformed FSCTL_DFS_GET_REFERRALS replies (reply smaller than the expected struct or with a smaller NumberOfReferrals), leading to out-of-bounds processing. The issue is mitigated by return...
CVE-2025-40049
In the Linux kernel, the following vulnerability has been resolved: Squashfs: fix uninit-value in squashfsgetparent Syzkaller reports a "KMSAN: uninit-value in squashfsgetparent" bug. This is caused by openbyhandleat being called with a file handle containing an invalid parent inode number. In...
CVE-2025-36171
IBM Aspera Faspex 5.0.0 through 5.0.13.1 could allow a privileged user to cause a denial of service from improperly validated API input due to excessive resource consumption...