JLSEC-2026-566 In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success...

In GnuPG before 2.5.17, a long signature packet length causes parsesignature to return success with sig-data set to a NULL value, leading to a denial of service application crash...

CLSA-2025-1765986482 webkit2gtk3: Fix of 4 CVEs

CVE-2025-13502: fix out of bounds read and integer underflow by adding bounds checking and validating message delimiters - CVE-2025-43430: fix bbq jit compiler writing to wrong stack slots in wasm try/catch blocks - CVE-2025-43421: fix memory handling issues that cause unexpected process crashes...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not checking vector instruction availability, which could lead to an abnormal data crash...

Security update for qt6-base

This update for qt6-base fixes the following issues: CVE-2025-5455: processing of malformed data in qDecodeDataUrl can trigger assertion and cause a crash bsc1243958. CVE-2025-30348: complex algorithm used in encodeText in QDom when processing XML data can cause low performance bsc1239896. Patch...

EUVD-2019-14894

Malware in sbrugna...

EUVD-2016-1598

Malware in sbrugna...

EulerOS 2.0 SP10 : protobuf (EulerOS-SA-2025-2081)

According to the versions of the protobuf packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Any project that uses Protobuf Pure-Python backendto parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups,...

Linux Distros Unpatched Vulnerability : CVE-2023-21875

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Encryption. Supported versions that are affected are 8.0.31 and prior...

CVE-2023-52080

IEIT NF5280M6 UEFI firmware through 8.4 has a pool overflow vulnerability, caused by improper use of the gRT-GetVariable function. Attackers with access to local NVRAM variables can exploit this by modifying these variables on SPI Flash, resulting in memory data being tampered with. When critical...

CVE-2018-17008

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services e.g., inetd, HTTP, DNS, and UPnP via long JSON data for wireless wlanhost2g power...

OESA-2025-1293 pcp security update

PCP provides a range of services that may be used to monitor and manage system performance. These services are distributed and scalable to accommodate the most complex system configurations and performance problems. Security Fixes: A vulnerability was found in Performance Co-Pilot PCP. This flaw...

ASB-A-347735428

In dnglosslessdecoder::HuffDecode of dnglosslessjpeg.cpp, there is a possible way to cause a crash due to uninitialized data. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-21547

Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications component: Opera Servlet. Supported versions that are affected are 5.6.19.20, 5.6.25.8, 5.6.26.6 and 5.6.27.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP t...

DEBIAN-CVE-2024-53856

rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows an attacker to trigger rpgp crashes by providing crafted data. This vulnerability is fixed in 0.14.1...

DEBIAN-CVE-2024-42328

When the webdriver for the Browser object downloads data from a HTTP server, the data pointer is set to NULL and is allocated only in curlwritecb when receiving data. If the server's response is an empty document, then wd-data in the code below will remain NULL and an attempt to read from it will...

pcp: pmcd heap corruption through metric pmstore operations

A vulnerability was found in Performance Co-Pilot PCP. This flaw allows an attacker to send specially crafted data to the system, which could cause the program to misbehave or crash...

SUSE CVE-2017-10237

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to...

CVE-2022-39316 Out of bound read in FreeRDP

FreeRDP is a free remote desktop protocol library and clients. In affected versions there is an out of bound read in ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it likely resulting in a crash. This issue has be...

Improper Handling of Exceptional Conditions in detect-character-encoding

Impact In detect-character-encoding v0.6.0 and earlier, data matching no charset causes the Node.js process to crash. Patches The problem has been patched in detect-character-encoding v0.7.0. CVSS score CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/RL:O/RC:C Base Score: 7.5 High Temporal Score: 7....

SUSE: Security Advisory (SUSE-SU-2016:0174-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...