DEBIAN-CVE-2025-23156

In the Linux kernel, the following vulnerability has been resolved: media: venus: hfiparser: refactor hfi packet parsing logic wordscount denotes the number of words in total payload, while data points to payload of various property within it. When wordscount reaches last word, data can access...

CVE-2025-32593

Missing Authorization vulnerability in Bytes Technolab Add Product Frontend for WooCommerce add-product-frontend-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Add Product Frontend for WooCommerce: from n/a through = 1.0.8...

SUSE CVE-2025-43972

An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec parser by sending fewer than 20 bytes in a certain context...

Improper Validation of Specified Quantity in Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input in the decodeFromBytes function for MRT BGP4MPHeaders in mrt.go. A local attacker can cause unexpected behavior by sending malicious packets. Remediation Upgrade...

Off-by-one Error

Overview Affected versions of this package are vulnerable to Off-by-one Error in the DecodeFromBytes function in bgp.go. The softwareVersionLen parameter is not checked for the case where it is set to 0. As a result, an attacker can trigger a panic by sending a malicious packet with a zero value...

Off-by-one Error

Overview Affected versions of this package are vulnerable to Off-by-one Error in the DecodeFromBytes function in bgp.go. The softwareVersionLen parameter is not checked for the case where it is set to 0. As a result, an attacker can trigger a panic by sending a malicious packet with a zero value...

DEBIAN-CVE-2025-43972

An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec parser by sending fewer than 20 bytes in a certain context...

UBUNTU-CVE-2025-43972

An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec parser by sending fewer than 20 bytes in a certain context...

ion-dotnet 安全漏洞

ion-dotnet is an A.NET implementation of Amazon Ion by amazon-ion open source. A security vulnerability exists in ion-dotnet versions prior to 1.3.1 that stems from the RawBinaryReader class not checking the number of bytes read, which could lead to an infinite loop and denial of service...

Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes

...

CVE-2025-32593

Missing Authorization vulnerability in Bytes Technolab Add Product Frontend for WooCommerce add-product-frontend-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Add Product Frontend for WooCommerce: from n/a through = 1.0.8...

Important: ghostscript

Issue Overview: Fix confusion between bytes and shorts. Data is being copied from a string in multiple of shorts, rather than multiple of bytes, leading to both a read probably benign, given the memory manager and write buffer overflow. Info: https://bugs.ghostscript.com/showbug.cgi?id=708131...

CVE-2024-56406

A flaw was found in Perl. This vulnerability allows a heap buffer overflow, which can lead to denial of service and potential arbitrary code execution on platforms that lack sufficient defenses via specially crafted input to the tr/// transliteration operator containing non-ASCII bytes on the...

USN-7434-1 perl vulnerability

It was discovered that Perl incorrectly handled transliterating non-ASCII bytes. A remote attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code...

Important: ghostscript

Issue Overview: PDF interpreter - Guard against unsigned int overflow. A large Type 4 function definition can overflow the uint counter, causing the allocated buffer to be smaller than required. Info: https://bugs.ghostscript.com/showbug.cgi?id=708253 Patch:...

CVE-2024-56406

A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. When there are non-ASCII bytes in the left-hand-side of the tr operator, Sdotransinvmap can overflow the destination...

AZL-60409 CVE-2024-56406 affecting package perl for versions less than 5.38.2-507

A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. When there are non-ASCII bytes in the left-hand-side of the tr operator, Sdotransinvmap can overflow the destination...

CVE-2024-56406

CVE-2024-56406 is a heap-based buffer overflow in Perl when transliterating non-ASCII bytes with the tr/// operator. Affected are Perl release branches 5.34, 5.36, 5.38 and 5.40, including development versions 5.33.1–5.41.10. IBM AIX advisory confirms impact on AIX 7.3 and VIOS 4.1 with vulnerabl...

CVE-2024-56406 Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes

A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. When there are non-ASCII bytes in the left-hand-side of the tr operator, Sdotransinvmap can overflow the destination...

CVE-2024-56406 Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes

A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. When there are non-ASCII bytes in the left-hand-side of the tr operator, Sdotransinvmap can overflow the destination...