Security update for ImageMagick

This update for ImageMagick fixes the following issues: CVE-2026-33899: Denial of Service via out-of-bounds write in XML parsing bsc1262154. CVE-2026-33900: Denial of Service via integer truncation in viff encoder bsc1262156. CVE-2026-33905: Denial of service via out-of-bounds read in -sample...

CVE-2023-53369 net: dcb: choose correct policy to parse DCB_ATTR_BCN

In the Linux kernel, the following vulnerability has been resolved: net: dcb: choose correct policy to parse DCBATTRBCN The dcbnlbcnsetcfg uses erroneous policy to parse tbDCBATTRBCN, which is introduced in commit 859ee3c43812 "DCB: Add support for DCB BCN". Please see the comment in below code...

CVE-2023-53369 net: dcb: choose correct policy to parse DCB_ATTR_BCN

In the Linux kernel, the following vulnerability has been resolved: net: dcb: choose correct policy to parse DCBATTRBCN The dcbnlbcnsetcfg uses erroneous policy to parse tbDCBATTRBCN, which is introduced in commit 859ee3c43812 "DCB: Add support for DCB BCN". Please see the comment in below code...

CVE-2023-53369

CVE-2023-53369 affects the Linux kernel’s DCB BCN parsing (net: dcb) where dcbnl_bcn_setcfg erroneously parsed tb[DCB_ATTR_BCN] attributes using the dcbnl_pfc_up_nest policy. This mismatch could cause parsing to overflow the intended policy bounds and read attributes (DCB_BCN_ATTR_BCNA_0..DCB_BCN...

USN-6760-1 gerbv vulnerability

George-Andrei Iosif and David Fernandez Gonzalez discovered that Gerbv did not properly initialize a data structure when parsing certain nested RS-274X format files. If a user were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of servic...

PT-2024-24921 · Conform · Conform

Name of the Vulnerable Software and Affected Versions: Conform versions prior to 1.1.1 Description: Conform, a type-safe form validation library, allows the parsing of nested objects in the form of object.property. Due to an improper implementation of this feature, an attacker can exploit it to...

qs 安全漏洞

ljharb qs is a query string parser with nesting support by the individual developer Jordan Harband in the United States. A security vulnerability exists in versions prior to qs 6.10.3, which stems from parse ignoring the proto key, and can be exploited by an attacker to place an attack payload in...

OESA-2022-1783 golang security update

The Go Programming Language Security Fixes: When httputil.ReverseProxy.ServeHTTP was called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy would set the client IP as the value of the X-Forwarded-For header, contrary to its documentation. In the more...