207 matches found
LibTIFF 安全漏洞
LibTIFF is a LibTIFF open source library for reading and writing TIFF Tagged Image File Format files. The library contains some command line tools for working with TIFF files. A security vulnerability exists in LibTIFF that stems from the ability to perform arbitrary write operations...
K000152366: XZ Utils vulnerability CVE-2025-31115
Security Advisory Description XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and...
[SECURITY] Fedora 41 Update: xen-4.19.2-3.fc41
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...
[SECURITY] Fedora 41 Update: woff-0.20091126-47.fc41
Provides the sfnt2woff and woff2sfnt command-line tools for encoding and decoding Web Open Font Format WOFF files...
[SECURITY] Fedora 42 Update: woff-0.20091126-47.fc42
Provides the sfnt2woff and woff2sfnt command-line tools for encoding and decoding Web Open Font Format WOFF files...
[SECURITY] Fedora 42 Update: xen-4.19.2-4.fc42
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...
[SECURITY] Fedora 42 Update: cri-tools1.29-1.29.0-11.fc42
CLI and validation tools for Kubelet Container Runtime Interface CRI...
CVE-2025-31115 XZ has a heap-use-after-free bug in threaded .xz decoder
XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on t...
postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation
A flaw was found in PostgreSQL. Due to improper neutralization of quoting syntax, affected versions potentially allow a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the affected function's result to constru...
[SECURITY] Fedora 40 Update: xen-4.18.4-2.fc40
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...
Important: libpq
Issue Overview: Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the...
OESA-2025-1154 postgresql security update
PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine a...
postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation
A flaw was found in PostgreSQL. Due to improper neutralization of quoting syntax, affected versions potentially allow a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the affected function's result to constru...
ALPINE-CVE-2025-1094
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the...
CVE-2024-47611
CVE-2024-47611 affects XZ Utils on Windows platforms built with MinGW-w64 or MSVC for the command-line tools in versions 5.6.2 and earlier. The underlying issue is command-line argument handling where Unicode characters that do not exist in the legacy code page are converted to similar-looking ch...
CVE-2024-47611 XZ Utils on Microsoft Windows platform are vulnerable to argument injection
XZ Utils provide a general-purpose data-compression library plus command-line tools. When built for native Windows MinGW-w64 or MSVC, the command line tools from XZ Utils 5.6.2 and older have a command line argument injection vulnerability. If a command line contains Unicode characters for exampl...
Medium: openssl
Issue Overview: Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that ar...
[SECURITY] Fedora 39 Update: xen-4.17.4-2.fc39
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...
Number withdrawn
LibTIFF is a LibTIFF open source library for reading and writing TIFF Tagged Image File Format files. The library contains a number of command line tools for working with TIFF files. This CVE number has been withdrawn...
Fedora: Security Advisory (FEDORA-2024-4357ec611d)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...