2842 matches found
CVE-2025-4516
CVE-2025-4516 describes a crash in CPython when using bytes.decode("unicode_escape", error=...) with the specific encoding and error handler. The connected Debian advisory (DLA-4445-1) notes this affects python3.9 and provides upgrade guidance (python3.9 3.9.2-1+deb11u4) with a patched package av...
NI Circuit Design Suite 安全漏洞
NI Circuit Design Suite is a circuit design suite from National Instruments NI that provides a complete set of tools for circuit design, simulation, verification, and layout. A security vulnerability exists in NI Circuit Design Suite version 14.3.0 and prior versions, which originates from an...
PT-2025-21282
Name of the Vulnerable Software and Affected Versions: CPython affected versions not specified Description: The issue arises when using bytes.decode with the "unicode escape" encoding and an error handler set to "ignore" or "replace". Users not utilizing this specific encoding or error handler ar...
php: Single byte overread with convert.quoted-printable-decode filter
A memory-related vulnerability was found in PHP’s filter handling system, particularly when processing input with convert.quoted-printable-decode filters. This issue can lead to a segmentation fault. This vulnerability is triggered through specific sequences of input data, causing PHP to crash...
php: Single byte overread with convert.quoted-printable-decode filter
A memory-related vulnerability was found in PHP’s filter handling system, particularly when processing input with convert.quoted-printable-decode filters. This issue can lead to a segmentation fault. This vulnerability is triggered through specific sequences of input data, causing PHP to crash...
SUSE CVE-2022-49887
In the Linux kernel, the following vulnerability has been resolved: media: meson: vdec: fix possible refcount leak in vdecprobe v4l2deviceunregister need to be called to put the refcount got by v4l2deviceregister when vdecprobe fails or vdecremove is called...
Security update for libva
This update for libva fixes the following issues: Update to libva version 2.20.0, which includes security fix for: CVE-2023-39929: uncontrolled search path may allow an authenticated user to escalate privilege via local access bsc1224413, jscPED-11066 This includes latest version of one of the...
UBUNTU-CVE-2022-49770
In the Linux kernel, the following vulnerability has been resolved: ceph: avoid putting the realm twice when decoding snaps fails When decoding the snaps fails it maybe leaving the 'firstrealm' and 'realm' pointing to the same snaprealm memory. And then it'll put it twice and could cause random...
Important: runc
Issue Overview: Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid. CVE-2022-1705 Uncontrolled...
php: Single byte overread with convert.quoted-printable-decode filter
A memory-related vulnerability was found in PHP’s filter handling system, particularly when processing input with convert.quoted-printable-decode filters. This issue can lead to a segmentation fault. This vulnerability is triggered through specific sequences of input data, causing PHP to crash...
Improper Validation of Specified Quantity in Input
Overview Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input in the decodeFromBytes function for MRT BGP4MPHeaders in mrt.go. A local attacker can cause unexpected behavior by sending malicious packets. Remediation Upgrade...
Off-by-one Error
Overview Affected versions of this package are vulnerable to Off-by-one Error in the DecodeFromBytes function in bgp.go. The softwareVersionLen parameter is not checked for the case where it is set to 0. As a result, an attacker can trigger a panic by sending a malicious packet with a zero value...
Off-by-one Error
Overview Affected versions of this package are vulnerable to Off-by-one Error in the DecodeFromBytes function in bgp.go. The softwareVersionLen parameter is not checked for the case where it is set to 0. As a result, an attacker can trigger a panic by sending a malicious packet with a zero value...
CVE-2025-29917
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The bytes setting in the decodebase64 keyword is not properly limited. Due to this, signatures using the keyword and setting can cause large memory allocations of up to 4 GiB per...
DEBIAN-CVE-2025-29917
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The bytes setting in the decodebase64 keyword is not properly limited. Due to this, signatures using the keyword and setting can cause large memory allocations of up to 4 GiB per...
UBUNTU-CVE-2025-29917
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The bytes setting in the decodebase64 keyword is not properly limited. Due to this, signatures using the keyword and setting can cause large memory allocations of up to 4 GiB per...
CVE-2025-29917
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The bytes setting in the decodebase64 keyword is not properly limited. Due to this, signatures using the keyword and setting can cause large memory allocations of up to 4 GiB per...
CVE-2025-29917
CVE-2025-29917 affects Suricata. The issue is in the bytes setting of the decode_base64 keyword, where values are not properly limited, allowing signatures using this keyword to cause large memory allocations (up to 4 GiB per thread). Documented impact is where memory usage can be excessive, pote...
hdf5: multiple CVEs
HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5Faddrdecodelen in H5Fint.c, resulting in the corruption of the instruction pointer...
hdf5: multiple CVEs
HDF5 through 1.14.3 contains a stack buffer overflow in H5Rdecodeheap, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution...