Ubuntu: Security Advisory (USN-8160-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

JLSEC-2025-215 In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow ...

In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psaciphergenerateiv and psacipherencrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application...

PT-2025-33280 · Dell +1 · Dell Poweredge Platform +1

Name of the Vulnerable Software and Affected Versions: Dell PowerEdge Platform versions prior to 1.25.0 Description: Dell PowerEdge Platform versions 14G AMD BIOS contains an Access of Memory Location After End of Buffer issue. A local attacker with low privileges could potentially exploit this,...

golang-fips: Golang FIPS zeroed buffer

A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted...

The vulnerabilities of microprogrammed software in Wi-Fi transceivers, Wi-Fi amplifiers, Fiber ONTs, DSL/Ethernet CPE routers allow attackers to cause service interruptions.

The vulnerability of microprogrammed software in Wi-Fi transceivers, Wi-Fi amplifiers, Fiber ONTs, and DSL/Ethernet CPE routers lies in the fact that the operation data is exposed beyond the buffer in memory. Exploiting this vulnerability can allow a malicious actor to cause service failures...

OpenSC 安全漏洞

OpenSC is an open source smart card tool and middleware from OpenSC Open Source. A security vulnerability exists in OpenSC that stems from the system's mishandling of responses to specially constructed APDUs, which could result in incorrect access to the initialized portion of a partially populat...

The software of Kepware KEPServerEX, ThingWorx Industrial Connectivity, OPC-Aggregator, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server is vulnerable. This vulnerability allows attackers to access protected information or cause service failures.

The vulnerabilities of the Kepware KEPServerEX, ThingWorx Industrial Connectivity, OPC-Aggregator, Rockwell Automation KEPServer Enterprise, and GE Digital Industrial Gateway Server software-related programs are related to the exposure of operations outside of the buffer in memory. Exploiting the...

ruby: BasicSocket#read_nonblock method leads to information disclosure

An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocketreadnonblockrequestedsize, buffer, exception: false, the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous valu...

The vulnerabilities in iOS and Mac OS X operating systems allow attackers to trigger service failures or execute arbitrary code in privileged contexts.

The vulnerability of the IOAcceleratorFamily component in iOS and Mac OS X operating systems arises from operations that occur outside of the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in privileged context or cause a service failure memory...