CVE-2025-54070

OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 5.2.0 and prior to version 5.4.0, the lastIndexOfbytes,byte,uint256 function of the Bytes.sol library may access uninitialized memory when the following two conditions hold: 1 the provided buffer length...

File-Find-Rule: Shell Injection

Background File-Find-Rule is an alternative interface to File::Find. Description File-Find-Rule uses the legacy '2-arg' open call which is susceptible to shell injection via malicious filenames. Impact Shell injection may be used to execute arbitrary code using a malicious filename. Workaround...

Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups

Impact When using Babel to compile regular expression named capturing groups, Babel will generate a polyfill for the .replace method that has quadratic complexity on some specific replacement pattern strings i.e. the second argument passed to .replace. Your generated code is vulnerable if all the...

Debian dla-4078 : firefox-esr - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4078 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4078-1 [email protected]...

Security Bulletin: Vulnerability in Service Assistant affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (CVE-2018-1775)

Summary A vulnerability in the Service Assistant GUI affects IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 and 9100 family products. Vulnerability Details CVEID:...

CVE-2020-15212 Out of bounds access in tensorflow-lite

In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to segmentidsdata can alter outputindex and then write to outside of outputdata...

FaceSentry Access Control System 6.4.8 Cleartext Password Storage

FaceSentry Access Control System 6.4.8 Cleartext Password Storage Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568 Algorithm A14 Firmware 5.7.0 build 539 Algorithm A14 Summary: FaceSentry 5AN is a...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM SONAS

Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, that is used by IBM SONAS. IBM SONAS has addressed the applicable CVEs. Vulnerability Details SONAS is shipped with Java. Java is required for SONAS administration, for executing SONAS specific commands on the...

Security Bulletin: Java vulnerability on IBM FlashSystem V840 product model number AC0 node (CVE-2014-0411)

Summary Java vulnerability could allow decryption of long GUI session Vulnerability Details CVEID: CVE-2014-0411 DESCRIPTION: Java is used in the system’s GUI.Timing differences based on the validity of messages can be exploited to decrypt the entire session. The exploit is not trivial, requiring...

Mozilla Firefox ESR Multiple Vulnerabilities-01 (Windows)

The host is installed with Mozilla firefox ESR and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillafirefoxesrmultvuln01oct12win.nasl 6115 2017-05-12 09:03:25Z teissa $ Mozilla Firefox ESR Multiple Vulnerabilities-01 Windows Authors: Arun Kallavi Copyright: Copyright...

FreeBSD mbuf本地权限提升漏洞

BUGTRAQ ID: 41577 CVE ID: CVE-2010-2693 FreeBSD就是一种运行在Intel平台上、可以自由使用的开放源码Unix类系统。 mbuf是FreeBSD内核进程间通讯和联网子系统中的基础内存管理单元。网络报文和套接字缓冲区依赖于mbuf进行存储。 在复制mbuf缓冲区引用时没有正确地拷贝只读标志，如果使用sendfile2系统调用在回环接口上传输数据，就可能导致修改所传送数据的后端内存页，造成数据破坏。本地攻击者可以通过精心控制系统文件的破坏情况来利用这种数据破坏提升权限。请注意攻击者可以破坏任意可读访问的文件。 FreeBSD FreeBSD 8....

Mozilla Products Firefox/Seamonkey Multiple Vulnerabilities (Jun 2010) - Windows

Mozilla Firefox/Seamonkey is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 200612-11 (emul-linux-x86-baselibs)

The remote host is missing updates announced in advisory GLSA 200612-11. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-1162)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-1004-1 : vlc - buffer overflow

Simon Kilvington discovered that specially crafted PNG images can trigger a heap overflow in libavcodec, the multimedia library of ffmpeg, which may lead to the execution of arbitrary code. The vlc media player links statically against libavcodec. %NASLMINLEVEL 70300 C Tenable Network Security,...

libpng: Numerous vulnerabilities

Background libpng is a standard library used to process PNG Portable Network Graphics images. It is used by several other programs, including web browsers and potentially server processes. Description libpng contains numerous vulnerabilities including null pointer dereference errors and boundary...

Buffer Overflow in Lotus Domino Mail Server

Overview Lotus Domino R5 SMTP Server Contains a Buffer Overflow Description The Lotus Domino R5 SMTP server allows an administrator to restrict the domains from which the server will accept mail. In versions of Domino R5 prior to version 5.0.6 with domain restrictions enabled an intruder may be...