nginx: specially crafted MP4 file may cause denial of service

A flaw was found in the ngxhttpmp4module module of Nginx. Processing a specially crafted MP4 file can trigger a buffer over-read and cause the nginx process to terminate, resulting in a denial of service...

The vulnerability of Mozilla Firefox and Firefox ESR browsers, as well as the Thunderbird email client, stems from an operation that goes beyond the buffer boundaries in memory. This allows attackers to gain unauthorized access to protected information.

The vulnerabilities of Mozilla Firefox and Firefox ESR browsers, as well as the Thunderbird email client, are related to the issue of executing operations beyond the buffer boundaries in memory during the processing of XPath expressions. Exploiting this vulnerability can allow an attacker to gain...

The vulnerability of the detachtasks() function in the kernel/sched/fair.c module of the Linux operating system’s resource management subsystem allows a attacker to compromise the confidentiality and accessibility of protected information.

The vulnerability of the detachtasks function in the kernel/sched/fair.c module of the Linux operating system’s resource management subsystem is related to reading beyond the buffer boundaries. Exploiting this vulnerability could allow an attacker to compromise the confidentiality and accessibili...

The vulnerability of the nft_rhashDestroy() function in the net/netfilter/nft_set_hash.c module of the netfilter component of the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the nftrhashDestroy function in the net/netfilter/nftsethash.c module of the netfilter component of the Linux operating system is related to reading beyond the buffer boundaries. Exploiting this vulnerability could allow an attacker to cause a service failure...

AZL-61739 CVE-2025-4207 affecting package postgresql for versions less than 14.18-1

Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13,...

CVE-2025-1254

Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext Professional Recording Service allows Overflow Buffers, Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42...

CVE-2025-1254 Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext Professional (Recording Service) allows Overflow Buffers, Overread Buffers.

Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext Professional Recording Service allows Overflow Buffers, Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42...

PostgreSQL 安全漏洞

PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features such as foreign keys, triggers, views, and more. A security vulnerability exists in PostgreSQL, which stems from a...

ruby:3.0 security update

An update is available for module.rubygem-pg, rubygem-abrt, rubygem-pg, module.ruby, module.rubygem-abrt, ruby, rubygem-mysql2, module.rubygem-mysql2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Security update for libsoup2

This update for libsoup2 fixes the following issues: CVE-2025-2784: Fixed heap buffer over-read in skipinsignificantspace when sniffing conten bsc1240750 CVE-2025-32050: Fixed integer overflow in appendparamquoted bsc1240752 CVE-2025-32052: Fixed heap buffer overflow in sniffunknown bsc1240756...

CVE-2025-1400 Out-of-bounds Read in libplctag library

Out-of-bounds Read vulnerability in unpackresponse conn.c in libplctag from 2.0 through 2.6.3 allows Overread Buffers via network...

CVE-2025-1399 Out-of-bounds Read in libplctag library

Out-of-bounds Read vulnerability in unpackresponse session.c in libplctag from 2.0 through 2.6.3 allows Overread Buffers via network...

libplctag 缓冲区错误漏洞

libplctag is an open source C library for libplctag that provides a portable and simple API for accessing Allen-Bradley and Modbus PLC data over Ethernet. A buffer error vulnerability exists in libplctag versions 2.0 through 2.6.3, which stems from an out-of-bounds read in the unpackresponse...

libplctag 缓冲区错误漏洞

libplctag is an open source C library for libplctag that provides a portable and simple API for accessing Allen-Bradley and Modbus PLC data over Ethernet. A buffer error vulnerability exists in libplctag versions 2.0 through 2.6.3, which stems from an out-of-bounds read in the unpackresponse...

libsoup: Heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space()

A flaw was found in libsoup. A vulnerability in snifffeedorhtml and skipinsignificantspace functions may lead to a heap buffer over-read...

libsoup: Heap buffer overflow in sniff_unknown()

A flaw was found in libsoup. A vulnerability in the sniffunknown function may lead to heap buffer over-read...

Libsoup: heap buffer over-read in `skip_insignificant_space` when sniffing content

...

The vulnerability of the PCMan FTP Server relates to the occurrence of operations beyond the buffer boundaries in memory. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the PCMan FTP Server relates to the execution of operations beyond the buffer boundaries in memory when processing the ASCII parameter. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected...

The vulnerability of Cobalt Ashlar-Vellum’s software for parametric automated design and 3D modeling lies in its ability to read data beyond the buffer limit in memory, allowing an attacker to execute arbitrary code.

The vulnerability of the Cobalt Ashlar-Vellum software for parametric automated design and 3D modeling lies in the reading of data beyond the buffer limit in memory during the processing of CO files. Exploiting this vulnerability allows an attacker to execute arbitrary code...

The vulnerability of the gf_hevc_read_sps_bs_internal function in the av_parsers.c file of the MP4Box packaging tool for the GPAC multimedia platform allows a hacker to cause a service failure.

The vulnerability of the gfhevcreadspsbsinternal function in the avparsers.c file of the MP4Box package of the GPAC multimedia platform is related to the reading of data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to cause a service failure during...