EulerOS Virtualization 2.10.0 : glib2 (EulerOS-SA-2026-2046)

According to the versions of the glib2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types...

CLSA-2026-1779467653 libssh: Fix of 4 CVEs

CVE-2025-4877: prevent base64 integer overflow and potential OOB write - CVE-2025-4878: initialize stack pointers to mitigate use of uninitialized values in legacy privatekeyfromfile path - CVE-2025-8277: fix DH-GEX packet filter and free unused ephemeral / ECDH keys to prevent memory exhaustion...

libssh: Write beyond bounds in binary to base64 conversion functions

There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to sshgetfingerprinthash function. In such cases the bintobase64 function can experience an integer overflow leading to a memory under allocation, when that happens it's possibl...

Fedora 43 : perl-YAML-Syck (2026-3572f7e01c)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3572f7e01c advisory. YAML::Syck versions up to and including 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YA...

CVE-2019-25336 SpotAuditor 5.3.2 - 'Base64' Local Buffer Overflow (SEH)

SpotAuditor 5.3.2 contains a local buffer overflow vulnerability in the Base64 Encrypted Password tool that allows attackers to execute arbitrary code by crafting a malicious payload. Attackers can generate a specially crafted Base64 encoded payload to trigger a Structured Exception Handler SEH...

MiracleLinux 3 : glib2-2.12.3-4AXS3.1 (AXSA:2009-31:01)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2009-31:01 advisory. GLib is the low-level core library that forms the basis for projects such as GTK+ and GNOME. It provides data structure handling for C, portability wrappers, a...

MiracleLinux 3 : libsoup-2.2.98-2AXS3.1 (AXSA:2009-28:01)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2009-28:01 advisory. Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and...

Mozilla Firefox < 3.5

The version of Firefox installed on the remote Windows host is prior to 3.5. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2009-34 advisory. - The JavaScript engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of...

[SECURITY] [DLA 4385-1] libssh security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4385-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort November 27, 2025 https://wiki.debian.org/LTS -...

EulerOS 2.0 SP13 : libssh (EulerOS-SA-2025-2448)

According to the versions of the libssh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to sshgetfingerprinthash...

EUVD-2025-28257

Malicious code in bioql PyPI...

EulerOS 2.0 SP12 : gdk-pixbuf2 (EulerOS-SA-2025-2034)

According to the versions of the gdk-pixbuf2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw exists in gdkpixbuf within the gdkpixbufjpegimageloadincrement function io-jpeg.c and in glibs gbase64encodestep glib/gbase64.c. When...

DEBIAN-CVE-2025-4877

There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to sshgetfingerprinthash function. In such cases the bintobase64 function can experience an integer overflow leading to a memory under allocation, when that happens it's possibl...

CVE-2025-4877

There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to sshgetfingerprinthash function. In such cases the bintobase64 function can experience an integer overflow leading to a memory under allocation, when that happens it's possibl...

CVE-2025-4877 Libssh: write beyond bounds in binary to base64 conversion functions

There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to sshgetfingerprinthash function. In such cases the bintobase64 function can experience an integer overflow leading to a memory under allocation, when that happens it's possibl...

CVE-2025-4877

CVE-2025-4877 is present in libssh and affects 32-bit builds. The vulnerability arises when a consumer passes an unexpectedly large input buffer to ssh_get_fingerprint_hash(), causing bin_to_base64() to overflow an integer, which can lead to memory under-allocation and an out-of-bounds write resu...

UBUNTU-CVE-2025-4877

There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to sshgetfingerprinthash function. In such cases the bintobase64 function can experience an integer overflow leading to a memory under allocation, when that happens it's possibl...

SUSE CVE-2009-2463

Multiple integer overflows in the 1 PLBase64Decode and 2 PLBase64Encode functions in nsprpub/lib/libc/src/base64.c in Mozilla Firefox before 3.0.12, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service memory corruption and application crash...

aide: heap-based buffer overflow on outputs larger than B64_BUF

A heap-based buffer overflow vulnerability in the base64 functions of AIDE, an advanced intrusion detection system. An attacker could crash the program and possibly execute arbitrary code through large 16k extended file attributes or ACL...

Mozilla Base64 decoding crash

Multiple integer overflows in the 1 PLBase64Decode and 2 PLBase64Encode functions in nsprpub/lib/libc/src/base64.c in Mozilla Firefox before 3.0.12, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service memory corruption and application crash...