INSTAR 2K+和INSTAR 4K 安全漏洞

INSTAR 2K+ and INSTAR 4K are both webcams from the German company INSTAR. A security vulnerability exists in INSTAR 2K+ and INSTAR 4K version 3.11.1 Build 1124, which originates from a buffer overflow due to manipulation of the Authorization parameter by the base64decode function of the fcgiserve...

Linux Distros Unpatched Vulnerability : CVE-2025-38399

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scsi: target: Fix NULL pointer dereference in corescsi3decodespeciport The function corescsi3decodespeciport, in its error code path, unconditionally calls...

SUSE SLES15 / openSUSE 15 Security Update : iperf (SUSE-SU-2025:02749-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02749-1 advisory. - update to 3.19.1: CVE-2025-54351: Fixed buffer overflow in net.c bsc1247522 CVE-2025-54350: Fixed Base64Decode assertion failu...

ROS-20250812-04

Vulnerability of decodeComponents function of decode-uri-component URI decoder is related to insufficient input data validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial of service...

Linux Distros Unpatched Vulnerability : CVE-2021-23973

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed...

BIT-LIBPHP-2024-11233 Single byte overread with convert.quoted-printable-decode filter

In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas...

BIT-LIBPYTHON-2025-4516 Use-after-free in "unicode_escape" decoder with error handler

There is an issue in CPython when using bytes.decode"unicodeescape", error="ignore|replace". If you are not using the "unicodeescape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode call in ...

CVE-2025-8837

A vulnerability was identified in JasPer up to 4.2.5. This affects the function jpcdecdump of the file src/libjasper/jpc/jpcdec.c of the component JPEG2000 File Handler. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public...

SUSE-SU-2025:02749-1 Security update for iperf

This update for iperf fixes the following issues: - update to 3.19.1: CVE-2025-54351: Fixed buffer overflow in net.c bsc1247522 CVE-2025-54350: Fixed Base64Decode assertion failure and application exit upon a malformed authentication attempt bsc1247520 CVE-2025-54349: Fixed off-by-one error and...

SUSE CVE-2025-46646

In Artifex Ghostscript before 10.05.0, decodeutf8 in base/gputf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for CVE-2024-46954...

AZL-66057 CVE-2025-54350 affecting package iperf3 for versions less than 3.17.1-3

In iperf before 3.19.1, iperfauth.c has a Base64Decode assertion failure and application exit upon a malformed authentication attempt...

UBUNTU-CVE-2025-54350

In iperf before 3.19.1, iperfauth.c has a Base64Decode assertion failure and application exit upon a malformed authentication attempt...

OSV-2025-589 Heap-buffer-overflow in isvcd_decode_recon_tfr_nmb_base_lyr

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=435086517 Crash type: Heap-buffer-overflow READ 1 Crash state: isvcddecoderecontfrnmbbaselyr isvcdparseinterslicedatacabac isvcdparsepslice...

PT-2025-32558 · Git · Libavc

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=434978682 Crash type: Heap-buffer-overflow READ 2 Crash state: isvcd mark err slice skip isvcd video decode Codec::decodeFrame...

XML Entity Expansion

Overview Affected versions of this package are vulnerable to XML Entity Expansion via the messagemaxbytesize setting configured in the decoderawsaml function. An attacker can cause resource exhaustion by submitting a specially crafted large SAML response that is validated for Base64 format before...

SUSE CVE-2024-32664

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, specially crafted traffic or datasets can cause a limited buffer overflow. This vulnerability is fixed in 7.0.5 and 6.0.19. Workarounds include not use...

SUSE CVE-2025-29917

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The bytes setting in the decodebase64 keyword is not properly limited. Due to this, signatures using the keyword and setting can cause large memory allocations of up to 4 GiB per...

qt6-qtbase: qt5-qtbase: QtCore Assertion Failure Denial of Service

A flaw was found in QtCore's qDecodeDataUrl function. This vulnerability allows an application level denial of service via a malformed data URL with a missing charset value when assertions are enabled...

zip

This is a robust ZIP decoder with defenses against various types of malicious archive signatures, including dangerous compression ratios, spec deviations, and ambiguous UTF-8 filenames. The decoder is implemented in JavaScript and is designed to be used in a Node.js environment. It provides a ran...

AZL-73016 CVE-2025-38399 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix NULL pointer dereference in corescsi3decodespeciport The function corescsi3decodespeciport, in its error code path, unconditionally calls corescsi3lunaclundependitem passing the destsedeve pointer, which may be...