Suricata 安全漏洞

Suricata is a network IDS, IPS and NSM engine from the Open Information Security Foundation. A security vulnerability exists in Suricata that stems from an improper setting of the decodebase64 keyword, which could lead to large memory allocations...

RubyGems: Memory leak in gem decode logic can allow attacker to take down Rubygems.org application

A memory leak vulnerability was discovered in the gem decode logic of the Rubygems.org application. The vulnerability allowed an attacker with a valid API key to set arbitrary instance variables during the decoding of gem metadata, which would cause the server to exhaust its memory. The issue was...

CLSA-2025-1742923385 ghostscript: Fix of CVE-2023-28879

CVE-2023-28879: Fix buffer overflow in base/sbcp.c by correctly handling write buffer for BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode functions...

Medium: python-pillow

Issue Overview: Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library PIL 1.1.7 and earlier allows remote attackers to cause a denial of service crash via a crafted PhotoCD file. CVE-2016-2533 Affected Packages: python-pillow Note: This...

BIT-MODSECURITY-2025-27110 Libmodsecurity3 has possible bypass of encoded HTML entities

Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. A bug that exists only in Libmodsecurity3 version 3.0.13 means that, in 3.0.13, Libmodsecurit...

Medium: php8.2

Issue Overview: The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system, particularly when processing input with convert.quoted-printable-decode filters, leads to a segmentation fault. This vulnerability is triggered through specific...

Medium: python-pillow

Issue Overview: Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file. CVE-2016-0740 Affected Packages: python-pillow Note: This advisory is applicable to Amazon Linux 2 AL2 Core...

Linux Distros Unpatched Vulnerability : CVE-2022-38900

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS. CVE-2022-38900 Note that Nessus relies on the presence of the package as...

Malicious code in decode-a-gif (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 189852f75090ee4074de6d69b443a1ce458fa720fb8e18267f6923c5c97bc2c7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2037 Malicious code in decode-a-gif (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 189852f75090ee4074de6d69b443a1ce458fa720fb8e18267f6923c5c97bc2c7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SUSE CVE-2022-49280

In the Linux kernel, the following vulnerability has been resolved: NFSD: prevent underflow in nfssvcdecodewriteargs Smatch complains: fs/nfsd/nfsxdr.c:341 nfssvcdecodewriteargs warn: no lower bound on 'args-len' Change the type to unsigned to prevent this issue...

CVE-2022-49218 drm/dp: Fix OOB read when handling Post Cursor2 register

In the Linux kernel, the following vulnerability has been resolved: drm/dp: Fix OOB read when handling Post Cursor2 register The linkstatus array was not large enough to read the Adjust Request Post Cursor2 register, so remove the common helper function to avoid an OOB read, found with a...

OESA-2025-1123 etcd security update

%expand: Security Fixes: encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.CVE-2022-24675 regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.CVE-2022-24921 The gener...

OESA-2025-1122 etcd security update

%expand: Security Fixes: encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.CVE-2022-24675 regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.CVE-2022-24921 The gener...

CVE-2022-34144

Transient DOS due to reachable assertion in Modem during OSI decode scheduling...

CVE-2022-2529

sflow decode package does not employ sufficient packet sanitisation which can lead to a denial of service attack. Attackers can craft malformed packets causing the process to consume large amounts of memory resulting in a denial of service...

CVE-2024-7755

The EWON FLEXY 202 transmits credentials using a weak encoding method base64. An attacker who is present in the network can sniff the traffic and decode the credentials...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc. from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices SMR Jan-2025 Release 1, which originates from an out-of-bounds write issue contained in the...

Important: gstreamer1-plugins-good

Issue Overview: GStreamer is a library for constructing graphs of media-handling components. The program attempts to reallocate the memory pointed to by stream-samples to accommodate stream-nsamples + samplescount elements of type QtDemuxSample. The problem is that samplescount is read from the...

SUSE-SU-2025:20011-1 Security update for qemu

This update for qemu fixes the following issues: - Update to version 8.2.5: target/loongarch: fix a wrong print in cpu dump ui/sdl2: Allow host to power down screen target/i386: fix SSE and SSE2 feature check target/i386: fix xsave.flat from kvm-unit-tests disas/riscv: Decode all of the pmpcfg an...