Windows Projected File System Elevation of Privilege Vulnerability

Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally...

Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

PT-2025-50162

Name of the Vulnerable Software and Affected Versions Windows Projected File System affected versions not specified Description A buffer over-read exists in Windows Projected File System. A successful exploit could allow an authorized attacker to elevate privileges locally. This issue allows...

Amazon Linux 2 : thunderbird, --advisory ALAS2-2025-3091 (ALAS-2025-3091)

The version of thunderbird installed on the remote host is prior to 140.4.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3091 advisory. A heap buffer over-read vulnerability exists in libpng's pngdoquantize function when processing PNG files with...

CVE-2025-14104 Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames

A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam function, affecting SUID Set User ID login-utils utilities writing to the password database...

util-linux 缓冲区错误漏洞

util-linux is an open source package for util-linux. A buffer error vulnerability exists in util-linux that stems from an over-read of the heap buffer when processing a 256-byte username, which could lead to security issues with the SUID login tool...

MongoDB 7.0.x < 7.0.22 / 8.0.x < 8.0.10 / 8.2.0-rc0 (SERVER-101230)

The version of MongoDB installed on the remote host is 7.0 prior to 7.0.22, 8.0 prior to 8.0.10 and 8.2.0-rc0. It is, therefore, affected by a vulnerability as referenced in the SERVER-101230 advisory. - An authorized user may crash the MongoDB server by causing buffer over-read. This can be done...

Advisory ROSA-SA-2025-3088

Software: udisks2 2.8.4 OS: rosa-server79 unaffected versions = udisks2-2.8.4-1.0.1.res7 affected versions udisks2-2.8.4-1.0.1.res7 CVE-ID: CVE-2025-8067 BDU-ID: 2025-11284 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the fdindex fknction of the Udisks storage device query and management program...

ROS-20251202-04

A vulnerability in the V8 JavaScript script handler of Google Chrome browser is related to reading outside the boundaries of the buffer. Exploitation of the vulnerability could allow an attacker acting remotely to impact the availability of protected information Vulnerability in the WebApp Instal...

CVE-2025-12106

Insufficient argument validation in OpenVPN 2.7alpha1 through 2.7rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses...

CVE-2025-12106

Insufficient argument validation in OpenVPN 2.7alpha1 through 2.7rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses...

CVE-2025-12106

Insufficient argument validation in OpenVPN 2.7alpha1 through 2.7rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses...

CVE-2025-12106

Insufficient argument validation in OpenVPN 2.7alpha1 through 2.7rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses...

CVE-2025-12106

Insufficient argument validation in OpenVPN 2.7alpha1 through 2.7rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses...

PT-2025-48441

Name of the Vulnerable Software and Affected Versions OpenVPN versions 2.7 alpha1 through 2.7 rc1 Description A flaw exists in OpenVPN due to inadequate argument validation. This issue allows an attacker to potentially cause a heap buffer over-read when processing IP addresses. Recommendations...

AZL-70856 CVE-2025-64506 affecting package gdal 3.6.3-2

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's pngwriteimage8bit function when processing 8-bit images through t...

AZL-70841 CVE-2025-64506 affecting package fltk 1.3.8-1

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's pngwriteimage8bit function when processing 8-bit images through t...

AZL-70886 CVE-2025-64506 affecting package optipng 0.7.8-5

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's pngwriteimage8bit function when processing 8-bit images through t...

[slackware-security] libpng

New libpng packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libpng-1.6.51-i586-1slack15.0.txz: Upgraded. This update fixes security issues: Fixed CVE-2025-64505 moderate severity: Heap buffer...

CVE-2025-57812

A flaw was found in CUPS-Filters, including libcupsfilters. An attacker on the same local network, with low privileges, could exploit an out-of-bounds read/write vulnerability by submitting a specially crafted TIFF image file as a print job with specific options. This could lead to limited...