CVE-2024-53427

A flaw was discovered in the jq package. In affected versions, specially-crafted input may trigger an unsafe memory operation leading to a stack buffer overflow. This can cause an application crash or other unintended behavior...

SUSE CVE-2022-49611

In the Linux kernel, the following vulnerability has been resolved: x86/speculation: Fill RSB on vmexit for IBRS Prevent RSB underflow/poisoning attacks with RSB. While at it, add a bunch of comments to attempt to document the current state of tribal knowledge about RSB attacks and what exactly i...

OSV-2025-169 Stack-buffer-overflow in utf8_in2

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=399228595 Crash type: Stack-buffer-overflow READ 1 Crash state: utf8in2 MatchRule TranslateRules...

DrayTek Vigor 165 安全漏洞

The DrayTek Vigor 165 is a VDSL2 35b super vector modem/router from DrayTek China. A security vulnerability exists in the DrayTek Vigor 165 that originates from a stack buffer overflow in the URL parsing function, which allows remote attackers to execute arbitrary code...

CBL Mariner 2.0 Security Update: libxml2 (CVE-2025-24928)

The version of libxml2 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-24928 advisory. - libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in...

CVE-2024-53427

decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form ...

AZL-68717 CVE-2022-49610 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Prevent RSB underflow before vmenter On VMX, there are some balanced returns between the time the guest's SPECCTRL value is written, and the vmenter. Balanced returns matched by a preceding call are usually ok, but it's...

UBUNTU-CVE-2022-49611

In the Linux kernel, the following vulnerability has been resolved: x86/speculation: Fill RSB on vmexit for IBRS Prevent RSB underflow/poisoning attacks with RSB. While at it, add a bunch of comments to attempt to document the current state of tribal knowledge about RSB attacks and what exactly i...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not populating the RSB during vmexit to prevent IBRS attacks...

CVE-2024-53427

decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form ...

CVE-2024-53427

The CVE-2024-53427 issue in jq (through 1.7.1) arises from decNumberCopy in decNumber.c misinterpreting NaN as numeric, leading to a stack-based buffer overflow and out-of-bounds write. Demonstrated by using --slurp with subtraction on certain digit strings containing NaN (e.g., "1 NaN123" follow...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from VMX before vmenter that could lead to an RSB underflow...

The vulnerability of the delFacebookPic() function in the Tenda W18E router software allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the delFacebookPic function in the Tenda W18E router software is related to buffer overflow in the stack. Exploiting this vulnerability could allow an attacker to execute arbitrary code or cause a service failure...

PT-2025-8729

Name of the Vulnerable Software and Affected Versions jq version 1.7.1 Description The issue is related to a stack-buffer-overflow in the decNumberCopy function within decNumber.c. Recommendations For jq version 1.7.1, at the moment, there is no information about a newer version that contains a f...

CVE-2024-53427

decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form ...

Amazon Linux 2023 : zziplib, zziplib-devel, zziplib-utils (ALAS2023-2025-859)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-859 advisory. Heap Buffer Overflow vulnerability in zziplib v0.13.77 allows attackers to cause a denial of service via the zzipparserootdirectory function at /zzip/zip.c. CVE-2024-39133 A Stack Buffer Overfl...

DEBIAN-CVE-2025-26595

A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size...

AZL-57277 CVE-2025-26595 affecting package xorg-x11-server 1.20.10-6

A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size...

X.Org和Xwayland 安全漏洞

X.Org is an open source free software from the X.Org Foundation.Xwayland is an open source communication protocol from Xwayland that specifies how a display server communicates with its clients. A security vulnerability exists in X.Org and Xwayland that stems from the XkbVModMaskText function...

D-Link DAP-1320 安全漏洞

The D-Link DAP-1320 is a wireless signal extender from China-based AUO D-Link. The D-Link DAP-1320 suffers from a stack buffer overflow vulnerability that originates from the function replacespecialchar in file /storagein.pd-XXXXXX.An attacker can exploit this vulnerability to cause a program cra...