CVE-2025-34277

Nagios Log Server versions prior to 2024R1.3.1 contain a code injection vulnerability where malformed dashboard ID values are not properly validated before being forwarded to an internal API. An attacker able to supply crafted dashboard ID values can cause the system to execute attacker-controlle...

OESA-2025-2613 perl-Spreadsheet-ParseExcel security update

The Spreadsheet::ParseExcel module can be used to read information from an Excel 95-2003 file. Security Fixes: Spreadsheet::ParseExcel version 0.65, a Perl module for parsing Excel files, is vulnerable to arbitrary code execution ACE due to passing unvalidated input from a file into a string-type...

OESA-2025-2608 perl-File-Find-Rule security update

File::Find::Rule is a friendlier interface to File::Find. It allows you to build rules which specify the desired files and directories. %package help Summary : Alternative interface to File::Find Provides: perl-File-Find-Rule-doc %description help File::Find::Rule is a friendlier interface to...

OESA-2025-2558 python-asteval security update

ASTEVAL provides a numpy-aware, safeish 'eval' function Security Fixes: ASTEVAL is an evaluator of Python expressions and statements. Prior to version 1.0.6, if an attacker can control the input to the asteval library, they can bypass asteval s restrictions and execute arbitrary Python code in th...

Deserialization of Untrusted Data

Overview cryptidy is a Python high level library for symmetric & asymmetric encryption Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the aesdecryptmessage function. An attacker can execute arbitrary code by supplying crafted data that is deserialized...

EUVD-2025-37218

Nagios Log Server versions prior to 2024R1.3.1 contain a code injection vulnerability where malformed dashboard ID values are not properly validated before being forwarded to an internal API. An attacker able to supply crafted dashboard ID values can cause the system to execute attacker-controlle...

IPFire BE_NAME Parameter Command Injection Vulnerability

IPFire is an open source Linux distribution from the IPFire organization that is primarily used as a router and firewall. A command injection vulnerability exists in the IPFire BENAME parameter, which stems from improper handling of the BENAME parameter when installing a blacklist, and can be...

CVE-2025-61427

A reflected cross-site scripting XSS vulnerability in BEO GmbH BEO Atlas Einfuhr Ausfuhr 3.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the userid and password parameters...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: gstreamer1 (UTSA-2025-988621)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988621 advisory. GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemuxparsetheoraextension withi...

Tenda CH22 fromNatStaticSetting function buffer overflow vulnerability

Tenda CH22 is a network device from Tenda, China. Tenda CH22 version 1.0.0.1 suffers from a buffer overflow vulnerability, which originates from the parameter page of the function fromNatStaticSetting in the file /goform/NatStaticSetting that fails to correctly validate the length of the input...

ROS-20251031-04

Vulnerability of cuobjdump file of parallel computing software tool for GPUs NVIDIA CUDA Toolkit is related to pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denial of service Vulnerability in the cuobjdump file of the NVIDIA CUDA Toolkit GPU parallel...

Tenda CH22 formSetIpBind Function Buffer Overflow Vulnerability

Tenda CH22 is a network device from Tenda, China. Tenda CH22 version 1.0.0.1 suffers from a buffer overflow vulnerability, which originates from the parameter page of the function fromSetIpBind in the file /goform/SetIpBind that fails to correctly validate the length of the input data, and can be...

Tenda CH22 formRouteStatic function buffer overflow vulnerability

Tenda CH22 is a network device from Tenda, China. A buffer overflow vulnerability exists in Tenda CH22 version 1.0.0.1, which originates from the parameter page in the file /goform/RouteStatic that fails to correctly validate the length and size of the input data, and can be exploited by an...

KLA89876 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to spoof user interface, cause denial of service, execute arbitrary code, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Incorrect security UI vulnerability i...

Tenda CH22 fromSafeUrlFilter function buffer overflow vulnerability

Tenda CH22 is a network device from Tenda, China. Tenda CH22 version 1.0.0.1 suffers from a buffer overflow vulnerability, which originates from the parameter page of the function fromSafeUrlFilter in the file /goform/SafeUrlFilter fails to correctly validate the length of the input data, and can...

TOTOLINK A3300R cstecgi.cgi File Buffer Overflow Vulnerability

TOTOLINK A3300R is a dual-band wireless router manufactured by China's Gion Electronics TOTOLINK, mainly used for home and small network environments. The TOTOLINK A3300R suffers from a buffer overflow vulnerability that originates from the parameter ip of the function setDmzCfg in the file...

TOTOLINK A3300R setOpModeCfg function stack buffer overflow vulnerability

TOTOLINK A3300R is a dual-band wireless router manufactured by China's Gion Electronics TOTOLINK, mainly used for home and small network environments. The TOTOLINK A3300R suffers from a stack buffer overflow vulnerability that originates from the parameter opmode in the setOpModeCfg function in t...

Tenda CH22 fromSafeMacFilter function buffer overflow vulnerability

Tenda CH22 is a network device from Tenda, China. A buffer overflow vulnerability exists in the Tenda CH22 version 1.0.0.1, which originates from the failure of the fromSafeMacFilter function parameter page in the /goform/SafeMacFilter file to correctly validate the length of the input data, and...

Tenda CH22 fromSafeClientFilter function buffer overflow vulnerability

Tenda CH22 is a network device from Tenda, China. Tenda CH22 version 1.0.0.1 suffers from a buffer overflow vulnerability, which originates from the parameter page of the function fromSafeClientFilter in the file /goform/SafeClientFilter fails to correctly validate the length of the input data, a...

Tenda CH22 fromP2pListFilter function buffer overflow vulnerability

Tenda CH22 is a network device from Tenda, China. Tenda CH22 version 1.0.0.1 suffers from a buffer overflow vulnerability, which originates from the parameter page of the function fromP2pListFilter in the file /goform/P2pListFilter fails to correctly validate the length of the input data, and can...