Siemens SIMATIC Devices Improper Validation of Array Index (CVE-2024-35905)

In the Linux kernel, the following vulnerability has been resolved: bpf: Protect against int overflow for stack access size This patch re-introduces protection against the size of access to stack memory being negative; the access size can appear negative as a result of overflowing its signed int...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Improper Validation of Array Index (CVE-2024-49894)

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix index out of bounds in degamma hardware format translation Fixes index out of bounds issue in cmhelpertranslatecurvetodegammahwformat function. The issue could occur when the index 'i' exceeds the number of...

Siemens SIMATIC Devices Improper Validation of Array Index (CVE-2024-38587)

In the Linux kernel, the following vulnerability has been resolved: speakup: Fix sizeof vs ARRAYSIZE bug The buf pointer is an array of u16 values. This code should be using ARRAYSIZE which is 256 instead of sizeof which is 512, otherwise it can the still got out of bounds. This plugin only works...

Siemens SIMATIC Devices Operation on a Resource after Expiration or Release (CVE-2024-57929)

In the Linux kernel, the following vulnerability has been resolved: dm array: fix releasing a faulty array block twice in dmarraycursorend When dmbmreadlock fails due to locking or checksum errors, it releases the faulty block implicitly while leaving an invalid output pointer behind. The caller ...

OSV-2025-852 Heap-buffer-overflow in std::__1::pair<int, arrow::util::RleBitPackedParser::ControlFlow> arrow::util::R

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=454097865 Crash type: Heap-buffer-overflow READ 1 Crash state: std::1::pair arrow::util::R arrow::util::RleBitPackedDecoder::GetBatch auto parquet::DictByteArrayDecoderImpl::DecodeArrowDense...

EUVD-2025-35629

OpenBao is an open source identity-based secrets management system. Prior to version 2.4.2, OpenBao's audit log did not appropriately redact fields when relevant subsystems sent byte response parameters rather than strings. This includes, but is not limited to sys/raw with use of encoding=base64,...

UBUNTU-CVE-2022-50561

In the Linux kernel, the following vulnerability has been resolved: iio: fix memory leak in iiodeviceregistereventset When iiodeviceregistersysfsgroup returns failed, iiodeviceregistereventset needs to free attrs array. Otherwise, kmemleak would scan & report memory leak as below: unreferenced...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to free the attrs array when the iiodeviceregistersysfsgroup call fails in the...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987535)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987535 advisory. In the Linux kernel, the following vulnerability has been resolved: udmabuf: validate ubuf-pagecount Syzbot has reported GPF in sgallocappendtablefrompages. The...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987661)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987661 advisory. In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on curseg-alloctype As Wenqing Liu reported in bugzilla:...

JLSEC-2025-101 FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array Index vulnerability in libavcode...

FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array Index vulnerability in libavcodec/cbsav1.c that can result in Denial of service. This attack appears to be exploitable via specially crafted AV1 file has to be provided as input. This vulnerability appears to have been fixed in...

CVE-2025-11941

A vulnerability was detected in e107 CMS up to 2.3.3. This impacts an unknown function of the file /e107admin/image.php?mode=main&action=avatar of the component Avatar Handler. Performing manipulation of the argument multiaction results in path traversal. It is possible to initiate the attack...

CVE-2025-11941 e107 CMS Avatar image.php path traversal

A vulnerability was detected in e107 CMS up to 2.3.3. This impacts an unknown function of the file /e107admin/image.php?mode=main&action=avatar of the component Avatar Handler. Performing manipulation of the argument multiaction results in path traversal. It is possible to initiate the attack...

Linux Distros Unpatched Vulnerability : CVE-2025-62490

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In quickjs, in jsprintobject, when printing an array, the function first fetches the array length and then loops over it. The issue is, printing a value is not...

GHSA-WVPG-4WRH-5889 PrestaShop Checkout Target PayPal merchant account hijacking from backoffice

Impact Wrong usage of the PHP arraysearch allows bypass of validation. Patches The problem has been patched in versions: - v4.4.1 for PrestaShop 1.7 build number: 7.4.4.1 - v4.4.1 for PrestaShop 8 build number: 8.4.4.1 - v5.0.5 for PrestaShop 1.7 build number: 7.5.0.5 - v5.0.5 for PrestaShop 8...

PrestaShop Checkout Target PayPal merchant account hijacking from backoffice

Impact Wrong usage of the PHP arraysearch allows bypass of validation. Patches The problem has been patched in versions: - v4.4.1 for PrestaShop 1.7 build number: 7.4.4.1 - v4.4.1 for PrestaShop 8 build number: 8.4.4.1 - v5.0.5 for PrestaShop 1.7 build number: 7.5.0.5 - v5.0.5 for PrestaShop 8...

Incomplete List of Disallowed Inputs

Overview Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs involving the PHP arraysearch function. An attacker can gain unauthorized access to a PayPal merchant account. Note: Versions 9.4.3.1 through 9.4.3.3, which used the build numbering scheme prior to...

EUVD-2025-34788

PrestaShop Checkout Target PayPal merchant account hijacking from backoffice...

EUVD-2025-34784

In quickjs, in jsprintobject, when printing an array, the function first fetches the array length and then loops over it. The issue is, printing a value is not side-effect free. An attacker-defined callback could run during jsprintvalue, during which the array could get resized and len1 become ou...

CVE-2025-61924 PrestaShop Checkout Target PayPal merchant account hijacking from backoffice

PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5, the Target PayPal merchant account hijacking from backoffice due to wrong usage of the PHP arraysearch. The vulnerability is fixed in versions 4.4.1 and 5.0.5. No known...