Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the opencc::MaxMatchSegmentation and Conversion::Convertconst char functions. An attacker can achieve unauthorized access to memory and potentially execute arbitrary code by providing specially crafted inp...

GHSA-5PR6-CRVP-2J9F Open Chinese Convert has Out-of-bounds Write

A weakness has been identified in BYVoid OpenCC up to 1.1.9. This vulnerability affects the function opencc::MaxMatchSegmentation of the file src/MaxMatchSegmentation.cpp. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been made...

Open Chinese Convert has Out-of-bounds Write

A weakness has been identified in BYVoid OpenCC up to 1.1.9. This vulnerability affects the function opencc::MaxMatchSegmentation of the file src/MaxMatchSegmentation.cpp. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been made...

Open Chinese Convert security vulnerability

Open Chinese Convert is a conversion software for traditional Chinese and Simplified Chinese developed by Carbo Kuo. Versions of BYVoid OpenCC 1.1.9 and earlier contained security vulnerabilities. These vulnerabilities stemmed from a heap buffer overflow in the opencc::MaxMatchSegmentation functi...

hwmon: (w83791d) Convert macros to functions to avoid TOCTOU

...

CVE-2025-15506

A vulnerability was found in AcademySoftwareFoundation OpenColorIO up to 2.5.0. This issue affects the function ConvertToRegularExpression of the file src/OpenColorIO/FileRules.cpp. Performing a manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has...

CVE-2022-37257

Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the requestedVersion variable in npm-convert.js...

CVE-2017-18450

cPanel before 64.0.21 allows certain file-chmod operations via /scripts/convertroundcubemysql2sqlite SEC-255...

EUVD-2026-1160

Logging Redactor is a Python library designed to redact sensitive data in logs based on regex patterns and / or dictionary keys. Prior to version 0.0.6, non-string types are converted into string types, leading to type errors in %d conversions. The problem has been patched in version 0.0.6. No...

PT-2026-4494

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A reference count leak exists in the bpf prog test run xdp function within the Linux kernel. The issue stems from an error handling path introduced by commit 1c1949982524, which failed t...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993182)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993182 advisory. In the Linux kernel, the following vulnerability has been resolved: ACPICA: check null return of ACPIALLOCATEZEROED in acpidbconverttopackage ACPICA commit...

Unity Linux 20.1070e Security Update: poppler (UTSA-2025-993335)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993335 advisory. An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service DoS via crafted .pdf file to...

CVE-2023-54311

In the Linux kernel, the following vulnerability has been resolved: ext4: fix deadlock when converting an inline directory in nojournal mode In no journal mode, ext4finishconvertinlinedir can self-deadlock by calling ext4handledirtydirblock when it already has taken the directory lock. There is a...

CVE-2022-50699

In the Linux kernel, the following vulnerability has been resolved: selinux: enable use of both GFPKERNEL and GFPATOMIC in convertcontext The following warning was triggered on a hardware environment: SELinux: Converting 162 SID table entries... BUG: sleeping function called from invalid context ...

SUSE CVE-2022-50699

In the Linux kernel, the following vulnerability has been resolved: selinux: enable use of both GFPKERNEL and GFPATOMIC in convertcontext The following warning was triggered on a hardware environment: SELinux: Converting 162 SID table entries... BUG: sleeping function called from invalid context ...

CVE-2019-25258

LogicalDOC Enterprise 7.7.4 contains multiple post-authentication file disclosure vulnerabilities that allow attackers to read arbitrary files through unverified 'suffix' and 'fileVersion' parameters. Attackers can exploit directory traversal techniques in /thumbnail and /convertpdf endpoints to...

CVE-2025-14927

A flaw was found in the Hugging Face Transformers library. The convertconfig function fails to validate a user-supplied string before using it to execute Python code. An attacker can exploit this flaw by providing a malicious SEW-D model checkpoint, causing arbitrary code execution in the context...

CVE-2022-50699

In the Linux kernel, the following vulnerability has been resolved: selinux: enable use of both GFPKERNEL and GFPATOMIC in convertcontext The following warning was triggered on a hardware environment: SELinux: Converting 162 SID table entries... BUG: sleeping function called from invalid context ...

UBUNTU-CVE-2022-50699

In the Linux kernel, the following vulnerability has been resolved: selinux: enable use of both GFPKERNEL and GFPATOMIC in convertcontext The following warning was triggered on a hardware environment: SELinux: Converting 162 SID table entries... BUG: sleeping function called from invalid context ...

CVE-2022-50699 selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context()

In the Linux kernel, the following vulnerability has been resolved: selinux: enable use of both GFPKERNEL and GFPATOMIC in convertcontext The following warning was triggered on a hardware environment: SELinux: Converting 162 SID table entries... BUG: sleeping function called from invalid context ...