AZL-57636 CVE-2025-1744 affecting package gpsbabel 1.8.0-4

Out-of-bounds Write vulnerability in radareorg radare2 allows heap-based buffer over-read or buffer overflow.This issue affects radare2: before 5.9.9...

AZL-57639 CVE-2025-1744 affecting package gdal 3.6.3-2

Out-of-bounds Write vulnerability in radareorg radare2 allows heap-based buffer over-read or buffer overflow.This issue affects radare2: before 5.9.9...

AZL-57533 CVE-2025-1744 affecting package ceph for versions less than 16.2.10-7

Out-of-bounds Write vulnerability in radareorg radare2 allows heap-based buffer over-read or buffer overflow.This issue affects radare2: before 5.9.9...

AZL-57633 CVE-2025-1744 affecting package openjpeg2 2.3.1-12

Out-of-bounds Write vulnerability in radareorg radare2 allows heap-based buffer over-read or buffer overflow.This issue affects radare2: before 5.9.9...

AZL-57501 CVE-2025-1744 affecting package ceph for versions less than 18.2.2-6

Out-of-bounds Write vulnerability in radareorg radare2 allows heap-based buffer over-read or buffer overflow.This issue affects radare2: before 5.9.9...

RockyLinux 8 : mysql:8.0 (RLSA-2025:1673)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:1673 advisory. openssl: SSLselectnextproto buffer overread CVE-2024-5535 krb5: GSS message token handling CVE-2024-37371 curl: libcurl: ASN.1 date parser overread...

Siemens SIMATIC and SCALANCE Devices Exposure of Sensitive Information to an Unauthorized Actor (CVE-2024-5535)

Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. A buffer overread can have a range of potential consequences such as unexpected application beahviour or a crash. In particular this iss...

The vulnerability of the iio component in the Linux operating system allows a hacker to execute arbitrary code.

The vulnerability of the iio component in the Linux operating system’s kernel involves reading beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

curl: libcurl: ASN.1 date parser overread

A flaw was found in libcurl, where libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the time fraction, leading to a strlen performed on a pointer to a heap...

openssl: SSL_select_next_proto buffer overread

A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSLselectnextproto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called...

openssl: SSL_select_next_proto buffer overread

A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSLselectnextproto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called...

UBUNTU-CVE-2024-45776

When reading the language .mo file in grubmofileopen, grub2 fails to verify an integer overflow when allocating its internal buffer. A crafted .mo file may lead the buffer size calculation to overflow, leading to out-of-bound reads and writes. This flaw allows an attacker to leak sensitive data o...

The vulnerability of the Linux operating system’s USB kernel component, which allows a hacker to increase their privileges within the system

The vulnerability of the Linux operating system’s USB kernel component relates to the operation of data beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to gain elevated privileges within the system...

The vulnerability of component AsoC in the Linux operating system’s kernel allows a hacker to execute arbitrary code.

The vulnerability of component AsoC in the Linux operating system’s kernel is related to reading beyond the buffer boundaries in memory within the function sndsocputvolswsx. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of the WebContentFilter filter in operating systems such as iOS, iPadOS, Mac OS, and visionOS allows a hacker to trigger a service failure.

The vulnerability of the WebContentFilter filter in operating systems such as iOS, iPadOS, Mac OS, and visionOS relates to reading data beyond the buffer in memory. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...

libarchive 安全漏洞

libarchive is a multi-format archive and compression library open-sourced by libarchive. A security vulnerability exists in libarchive 3.7.7 and earlier versions, which stems from a heap-based buffer over-read due to incorrect handling of truncation in the middle of GNU long link names...

The vulnerability of the setUmountUSBPartition function in the microprogramming software for wireless Wi-Fi routers Tenda W30E allows a hacker to execute arbitrary commands.

The vulnerability of the setUmountUSBPartition function in the microprogramming software for Tenda W30E wireless Wi-Fi routers is related to reading data beyond the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the setFixTools function in the microprogramming software for wireless Wi-Fi routers Tenda W30E allows a hacker to execute arbitrary commands.

The vulnerability of the setFixTools function in the microprogramming software for Tenda W30E wireless Wi-Fi routers lies in the reading of data beyond the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

SUSE CVE-2024-11233

In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas...

Nozomi Networks TCP/IP Gateway 安全漏洞

Nozomi Networks TCP/IP Gateway is a gateway program from Nozomi Networks, USA. A security vulnerability exists in Nozomi Networks TCP/IP Gateway version 12h, which stems from the presence of a buffer over-read that could allow a remote attacker to obtain an authentication token and bypass...