6765 matches found
CVE-2025-43963
In LibRaw before 0.21.4, phaseonecorrect in decoders/loadmfbacks.cpp allows out-of-buffer access because splitcol and splitrow values are not checked in 0x041f tag processing...
AZL-61780 CVE-2025-43962 affecting package LibRaw 0.21.3-1
In LibRaw before 0.21.4, phaseonecorrect in decoders/loadmfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations...
CVE-2025-43963
In LibRaw before 0.21.4, phaseonecorrect in decoders/loadmfbacks.cpp allows out-of-buffer access because splitcol and splitrow values are not checked in 0x041f tag processing...
CVE-2025-43964
In LibRaw before 0.21.4, tag 0x412 processing in phaseonecorrect in decoders/loadmfbacks.cpp does not enforce minimum w0 and w1 values...
CVE-2025-43963
In LibRaw before 0.21.4, phaseonecorrect in decoders/loadmfbacks.cpp allows out-of-buffer access because splitcol and splitrow values are not checked in 0x041f tag processing...
CVE-2025-43964
In LibRaw before 0.21.4, tag 0x412 processing in phaseonecorrect in decoders/loadmfbacks.cpp does not enforce minimum w0 and w1 values...
Do You Really Need Public Data? Surrogate Public Data for Differential Privacy on Tabular Data
Differentially private DP machine learning often relies on the availability of public data for tasks like privacy-utility trade-off estimation, hyperparameter tuning, and pretraining. While public data assumptions may be reasonable in text and image domains, they are less likely to hold for tabul...
CLSA-2025-1744874696 Fix CVE(s): CVE-2024-7592
SECURITY UPDATE: Quadratic complexity, resulting in excess CPU while parsing - debian/patches/CVE-2024-7592.patch: fix quadratic complexity in parsing "-quoted cookie values with backslashes - CVE-2024-7592...
AZL-60557 CVE-2025-22872 affecting package docker-compose for versions less than 2.27.0-5
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...
AZL-60486 CVE-2025-22872 affecting package containerd2 for versions less than 2.0.0-9
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...
CVE-2025-22872
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...
AZL-60528 CVE-2025-22872 affecting package cert-manager for versions less than 1.12.15-4
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...
AZL-60545 CVE-2025-22872 affecting package cf-cli for versions less than 8.7.11-3
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...
AZL-60479 CVE-2025-22872 affecting package influxdb for versions less than 2.7.5-5
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...
AZL-62788 CVE-2025-23131 affecting package kernel 6.6.126.1-1
In the Linux kernel, the following vulnerability has been resolved: dlm: prevent NPD when writing a positive value to eventdone douevent returns the value written to eventdone. In case it is a positive value, newlockspace would undo all the work, and lockspace would not be set. dlmnewlockspace,...
CVE-2025-22080 fs/ntfs3: Prevent integer overflow in hdr_first_de()
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Prevent integer overflow in hdrfirstde The "deoff" and "used" variables come from the disk so they both need to check. The problem is that on 32bit systems if they're both greater than UINTMAX - 16 then the check does...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a null pointer dereference that may result when dlm handles positive eventdone values...
Security Bulletin: IBM PowerHA SystemMirror for IBM i is vulnerable to multiple vulnerabilities in the PowerHA Web Interface [CVE-2024-55897, CVE-2024-55896]
Summary The IBM PowerHA SystemMirror for IBM i Web Interface is vulnerable to obtaining cookie values CVE-2024-55897 and hijacking the clicking action of users CVE-2024-55896 as described in the vulnerability details section. The PowerHA Web Interface allows easy management of PowerHA operations...
CLSA-2025-1744623473 python3.11: Fix of CVE-2024-7592
CVE-2024-7592: fix quadratic complexity in parsing "-quoted cookie values with backslashes...
CVE-2025-3418
The WPC Admin Columns plugin for WordPress is vulnerable to privilege escalation in versions 2.0.6 to 2.1.0. This is due to the plugin not properly restricting user meta values that can be updated through the ajaxeditsave function. This makes it possible for authenticated attackers, with...