CVE-2026-31454 xfs: save ailp before dropping the AIL lock in push callbacks

In the Linux kernel, the following vulnerability has been resolved: xfs: save ailp before dropping the AIL lock in push callbacks In xfsinodeitempush and xfsqmdquotlogitempush, the AIL lock is dropped to perform buffer IO. Once the cluster buffer no longer protects the log item from reclaim, the...

CVE-2018-25232

Softros LAN Messenger 9.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the custom log files location field. Attackers can input a buffer of 2000 characters in the Log Files Location custom path parameter...

CVE-2019-25587 BulletProof FTP Server 2019.0.0.50 Storage-Path Denial of Service

BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the Storage-Path configuration parameter that allows local attackers to crash the application by supplying an excessively long string value. Attackers can enable the Override Storage-Path setting and paste a buffer o...

CVE-2019-25341 iNetTools for iOS 8.20 - 'Whois' Denial of Service

iNetTools for iOS 8.20 contains a denial of service vulnerability in the Whois feature that allows attackers to crash the application by manipulating input. Attackers can paste a specially crafted 98-character buffer into the Domain Name field to trigger an application crash...

EUVD-2026-2790

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.3.0 to 5.6.1, certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse inpu...

CVE-2022-50406

In the Linux kernel, the following vulnerability has been resolved: iomap: iomap: fix memory corruption when recording errors during writeback Every now and then I see this crash on arm64: Unable to handle kernel NULL pointer dereference at virtual address 00000000000000f8 Buffer I/O error on dev...

CVE-2024-37044

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the vulnerability in the followin...

QNAP Systems QTS和QuTS hero 安全漏洞

QNAP Systems QTS and QNAP Systems QuTS hero are both products of China's Weilian Technology QNAP Systems.QNAP Systems QTS is an operating system used by entry to mid-level QNAP NAS.QNAP Systems QuTS hero is an operating system. A security vulnerability exists in QNAP Systems QTS and QuTS hero tha...

QNAP Systems QTS 安全漏洞

QNAP Systems QTS is an operating system used by China Weilian Technology QNAP Systems for entry to mid-level QNAP NAS. A security vulnerability exists in QNAP Systems QTS version 5.1.6.2722 and earlier, QuTS Hero h5.1.6.2734 and earlier, which stems from a failure to check the buffer copy input...

Tenda AC18 fromAddressNat function stack buffer overflow vulnerability

Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 has a stack buffer overflow vulnerability, which originates from the mitInterface parameter of the fromAddressNat function not checking the...

CVE-2023-45035

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...

QNAP QTS / QuTS hero Multiple Vulnerabilities in QTS and QuTS hero (QSA-23-27)

The version of QNAP QTS / QuTS hero installed on the remote host is affected by multiple vulnerabilities as referenced in the QSA-23-27 advisory. - A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the...

CVE-2023-45039

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...

Input validation

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...

CVE-2023-32972

CVE-2023-32972 affects QNAP QTS/QTS hero/QTScloud line: a buffer copy without input size checking can allow an authenticated administrator to execute code over the network. Root cause is improper input size handling in the affected component; no exploit details are provided in the documents. Affe...

CVE-2023-32971 QTS, QuTS hero, QuTScloud

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...

CVE-2023-23363

A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating system. If exploited, the vulnerability possibly allows remote users to execute code via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 4.3.6.2441 bui...

CVE-2022-23831

CVE-2022-23831 affects AMD μProf. The issue is insufficient validation of the IOCTL input buffer, which can allow an attacker to send an arbitrary buffer and cause a Windows kernel crash, leading to a denial of service. Affected product: AMD μProf across Windows/Linux, per AMD bulletin AMD-SB-104...

Cisco Small Business 缓冲区错误漏洞

Cisco Small Business is a switch from Cisco USA. A buffer error vulnerability exists in the Cisco Small Business RV Series Routers that stems from insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending malicious input to an affected device...

Denial of Service (DoS)

Overview libxmljs is a libxml bindings for v8 javascript engine Affected versions of this package are vulnerable to Denial of Service DoS. When invoking the libxmljs.parseXml function with a non-buffer argument the V8 code will attempt invoking the .toString method of the argument. If the...