4066 matches found
CVE-2025-55157
Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1400, When processing nested tuples in Vim script, an error during evaluation can trigger a use-after-free in Vim’s internal tuple reference management. Specifically, the tupleunref function may access alread...
CVE-2025-40920
Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. Data::UUID does not use a strong cryptographic source for generating UUIDs. Data::UUID returns v3 UUIDs, which are generated from known information and are unsuitable...
firefox: thunderbird: Incorrect JavaScript state machine for generators
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: The JavaScript engine did not handle closed generators correctly, and it was possible to resume them, resulting in a nullptr dereference...
GHSA-M3HH-F9GH-74C2 vulnerabilities
Vulnerabilities for packages: quiche...
GHSA-M3HH-F9GH-74C2 vulnerabilities
Vulnerabilities for packages: quiche...
CVE-2025-8843
A vulnerability was found in NASM Netwide Assember 2.17rc0. This affects the function machonodeadstrip of the file outmacho.c. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used...
CVE-2025-8842
A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected by this issue is the function dodirective of the file preproc.c. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used...
CVE-2025-8835
A vulnerability was found in JasPer up to 4.2.5. Affected by this vulnerability is the function jasimagechclrspc of the file src/libjasper/base/jasimage.c of the component Image Color Space Conversion Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack...
CVE-2024-48916 affecting package ceph for versions less than 16.2.10-9
CVE-2024-48916 affecting package ceph for versions less than 16.2.10-9. A patched version of the package is available...
CVE-2025-55188
7-Zip before 25.01 does not always properly handle symbolic links during extraction...
CVE-2025-8736
A vulnerability, which was classified as critical, has been found in GNU cflow up to 1.8. Affected by this issue is the function yylex of the file c.c of the component Lexer. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclose...
CVE-2025-8735
A vulnerability classified as problematic was found in GNU cflow up to 1.8. Affected by this vulnerability is the function yylex of the file c.c of the component Lexer. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to th...
CVE-2025-8734
Removed by vendor...
CVE-2025-8732
A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog of the component xmlcatalog. The manipulation leads to uncontrolled recursion. Attacking locally is a requirement. The exploit has been disclosed to...
[SECURITY] Fedora 42 Update: webkitgtk-2.48.5-1.fc42
WebKitGTK is the port of the WebKit web rendering engine to the GTK platform...
SUSE CVE-2025-50952
openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c...
CVE-2025-47807
In GStreamer through 1.26.1, the subparse plugin's subripunescapeformatting function may dereference a NULL pointer while parsing a subtitle file, leading to a crash...
[SECURITY] Fedora 42 Update: polymake-4.14-2.fc42
Polymake is a tool to study the combinatorics and the geometry of convex polytopes and polyhedra. It is also capable of dealing with simplicial complexes, matroids, polyhedral fans, graphs, tropical objects, and so forth. Polymake can use various computational packages if they are installed. Thos...
CVE-2025-38180 affecting package kernel for versions less than 6.6.96.1-1
CVE-2025-38180 affecting package kernel for versions less than 6.6.96.1-1. A patched version of the package is available...
CVE-2025-38163 affecting package kernel for versions less than 6.6.96.1-1
CVE-2025-38163 affecting package kernel for versions less than 6.6.96.1-1. A patched version of the package is available...