AZL-61866 CVE-2025-47287 affecting package python-tornado 6.3.3-11

Tornado is a Python web framework and asynchronous networking library. When Tornado's multipart/form-data parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs,...

CVE-2025-47287 Tornado vulnerable to excessive logging caused by malformed multipart form data

Tornado is a Python web framework and asynchronous networking library. When Tornado's multipart/form-data parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs,...

CVE-2025-21631 affecting package kernel for versions less than 5.15.180.1-1

CVE-2025-21631 affecting package kernel for versions less than 5.15.180.1-1. An upgraded version of the package is available that resolves this issue...

Medium: vim

Issue Overview: A vulnerability classified as problematic was found in vim up to 9.1.1096. This vulnerability affects unknown code of the file src/main.c. The manipulation of the argument --log leads to memory corruption. It is possible to launch the attack on the local host. Upgrading to version...

Security Bulletin: IBM Sterling Control Center is affected by improper input validation (CVE-2023-42007)

Summary Improper input validation is impacting IBM Sterling Control Center v6.4.0.0, v6.3.1.0 and v6.2.1.0. User supplied input is getting reflected as it is in the response without being validated at sever end. Customers must upgrade to latest patch below to address this vulnerability...

ts-asn1-der has Incorrect DER Encoding of Numbers Leading to Denial of Service and Incorrect Value Representation

Impact Incorrect number DER encoding can lead to denial on service for absolute values in the range 231 -- 232 - 1. The arithmetic in the numBitLen didn't take into account that values in this range could result in a negative result upon applying the operator, leading to an infinite loop. In...

CVE-2025-30195

An attacker can publish a zone containing specific Resource Record Sets. Processing and caching results for these sets can lead to an illegal memory accesses and crash of the Recursor, causing a denial of service. The remedy is: upgrade to the patched 5.2.1 version. We would like to thank Volodym...

CVE-2025-3016 Open Asset Import Library Assimp MDL File MDLMaterialLoader.cpp ParseTextureColorData resource consumption

A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function Assimp::MDLImporter::ParseTextureColorData of the file code/AssetLib/MDL/MDLMaterialLoader.cpp of the component MDL File Handler. The manipulation of the argument...

CVE-2025-3016 Open Asset Import Library Assimp MDL File MDLMaterialLoader.cpp ParseTextureColorData resource consumption

A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function Assimp::MDLImporter::ParseTextureColorData of the file code/AssetLib/MDL/MDLMaterialLoader.cpp of the component MDL File Handler. The manipulation of the argument...

CVE-2025-2885

CVE-2025-2885 affects the Tough root-metadata handling in the Amazon Tough (Rust) client library. The root metadata version number validation is missing, allowing an attacker to supply an arbitrary version instead of the intended one, which could cause the client to fetch a different or outdated ...

CVE-2025-30222 Shescape has potential environment variable exposure on Windows with CMD

Shescape is a simple shell escape library for JavaScript. Versions 1.7.2 through 2.1.1 are vulnerable to potential environment variable exposure on Windows with CMD. This impact users of Shescape on Windows that explicitly configure shell: 'cmd.exe' or shell: true using any of...

CVE-2025-21680 affecting package kernel for versions less than 6.6.76.1-1

CVE-2025-21680 affecting package kernel for versions less than 6.6.76.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2025-2176 libzvbi io-sim.c vbi_capture_sim_load_caption integer overflow

A vulnerability classified as critical has been found in libzvbi up to 0.2.43. This affects the function vbicapturesimloadcaption of the file src/io-sim.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and...

CVE-2024-53157 affecting package kernel for versions less than 5.15.176.3-1

CVE-2024-53157 affecting package kernel for versions less than 5.15.176.3-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-53151 affecting package kernel for versions less than 5.15.176.3-1

CVE-2024-53151 affecting package kernel for versions less than 5.15.176.3-1. An upgraded version of the package is available that resolves this issue...

Azure Linux 3.0 Security Update: vim (CVE-2024-43802)

The version of vim installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-43802 advisory. - Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the curren...

Security Bulletin: Vulnerability in REXML affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary Potential vulnerability in REXML has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-49761 DESCRIPTION: REXML is an XML toolkit for Ruby...

CVE-2024-50101 affecting package kernel for versions less than 6.6.64.2-1

CVE-2024-50101 affecting package kernel for versions less than 6.6.64.2-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-50169 affecting package kernel for versions less than 6.6.64.2-1

CVE-2024-50169 affecting package kernel for versions less than 6.6.64.2-1. An upgraded version of the package is available that resolves this issue...

SUSE CVE-2025-24034

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Starting in version 0.7.0 and prior to versions 0.7.15 and 0.8.3, Himmelblau is vulnerable to leaking credentials in debug logs. When debug logging is enabled, user access tokens are inadvertently logged, potentially...