CVE-2023-48031

OpenSupports v4.11.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the comment function, an attacker can bypass security restrictions and upload a .bat file by manipulating the file's magic bytes to masquerade as an allowed type. This can enable the attacker to execute...

CVE-2023-21163

In PMRReadBytes of pmr.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-28579

Memory Corruption in WLAN Host while deserializing the input PMK bytes without checking the input PMK length...

CVE-2023-22460

go-ipld-prime is an implementation of the InterPlanetary Linked Data IPLD spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Encoding data which contains a Bytes kind Node will pass a Bytes token to the JSON...

CVE-2022-33034

LibreDWG v0.12.4.4608 was discovered to contain a stack overflow via the function copybytes at decoder2007.c...

CVE-2021-43766

Odyssey passes to server unencrypted bytes from man-in-the-middle When Odyssey is configured to use certificate Common Name for client authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate...

CVE-2020-36316

In RELIC before 2021-04-03, there is a buffer overflow in PKCS1 v1.5 signature verification because garbage bytes can be present...

CVE-2020-6612

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copycompressedbytes in decoder2007.c...

CVE-2020-15350

RIOT 2020.04 has a buffer overflow in the base64 decoder. The decoding function base64decode uses an output buffer estimation function to compute the required buffer capacity and validate against the provided buffer size. The base64estimatedecodesize function calculates the expected decoded size...

CVE-2020-25579

In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 msdosfs5 was failing to zero-fill a pair of padding fields in the dirent structure, resulting in a leak of three uninitialized bytes...

CLSA-2025-1747926654 binutils: Fix of CVE-2025-0840

CVE-2025-0840: fix stack-buffer-overflow at objdump disassemblebytes...

CVE-2014-4192

The DualECDRBG implementation in EMC RSA BSAFE-C Toolkits aka Share for C and C++ processes certain requests for output bytes by considering only the requested byte count and not the use of cached bytes, which makes it easier for remote attackers to obtain plaintext from TLS sessions by recoverin...

CVE-2019-16652

The BPM component in Genius Bytes Genius Server Genius CDDS 3.2.2 allows remote authenticated users to execute arbitrary commands...

CVE-2002-2415

Allied Telesyn AT-8024 1.3.1 and Rapier 24 switches allow remote authenticated users to cause a denial of service in the management interface via a stream of zero null bytes sent via UDP to a running service...

AZL-62426 CVE-2025-47947 affecting package mod_security 2.9.7-8

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content type is application/json, and there is at...

DEBIAN-CVE-2025-47947

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content type is application/json, and there is at...

UBUNTU-CVE-2025-47947

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content type is application/json, and there is at...

SUSE CVE-2025-37896

In the Linux kernel, the following vulnerability has been resolved: spi: spi-mem: Add fix to avoid divide error For some SPI flash memory operations, dummy bytes are not mandatory. For example, in Winbond SPINAND flash memory devices, the writecache and updatecache operation variants have zero...

UBUNTU-CVE-2025-37984

In the Linux kernel, the following vulnerability has been resolved: crypto: ecdsa - Harden against integer overflows in DIVROUNDUP Herbert notes that DIVROUNDUP may overflow unnecessarily if an ecdsa implementation's -keysize callback returns an unusually large value. Herbert instead suggests for...

CVE-2025-37896

In the Linux kernel, the following vulnerability has been resolved: spi: spi-mem: Add fix to avoid divide error For some SPI flash memory operations, dummy bytes are not mandatory. For example, in Winbond SPINAND flash memory devices, the writecache and updatecache operation variants have zero...