USN-7157-3 php7.0 vulnerabilities

USN-7157-1 fixed vulnerabilities in PHP versions 7.4, 8.1, and 8.3. This update provides the corresponding updates for PHP version 7.0. Original advisory details: It was discovered that PHP incorrectly handled certain inputs when processed with convert.quoted-printable decode filters. An attacker...

Security Bulletin: IBM DataPower Operator vulnerable to DoS due to use of Go (CVE-2024-34155, CVE-2024-34156)

Summary The affected calls are used by DataPower Operator for processing messages exchanged with Kubernetes and IBM DataPower Gateway. Vulnerability Details CVEID:CVE-2024-34156 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a stack exhaustion in Decoder.Decode. By sending...

PT-2025-2374 · Linux Foundation · Magma

Name of the Vulnerable Software and Affected Versions: Linux Foundation Magma versions = 1.8.0 Description: A buffer overflow was discovered in the decode esm message container function at /nas/ies/EsmMessageContainer.cpp. This issue allows attackers to cause a Denial of Service DoS via a crafted...

PT-2025-2368 · Linux Foundation · Magma

Name of the Vulnerable Software and Affected Versions: Linux Foundation Magma versions = 1.8.0 Description: A buffer overflow was discovered in the decode protocol configuration options function at /3gpp/3gpp 24.008 sm ies.c. This issue allows attackers to cause a Denial of Service DoS via a...

Open5GS 安全漏洞

Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. A security vulnerability exists in the Open5GS oainas5gmmdecode function, which can be exploited by an attacker to trigger a denial of service DoS via a crafted NGAP packe...

CVE-2025-23039 Cross Site Scripting on URL decode Tooltip in Caido

Caido is a web security auditing toolkit. A Cross-Site Scripting XSS vulnerability was identified in Caido v0.45.0 due to improper sanitization in the URL decoding tooltip of HTTP request and response editors. This issue could allow an attacker to execute arbitrary scripts, potentially leading to...

OESA-2025-1054 podman security update

Podman manages the entire container ecosystem which includes pods, containers, container images, and container volumes using the libpod library. Security Fixes: Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of...

OESA-2025-1052 podman security update

Podman manages the entire container ecosystem which includes pods, containers, container images, and container volumes using the libpod library. Security Fixes: Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of...

PT-2025-5655 · Opencv · Opencv

Name of the Vulnerable Software and Affected Versions: OpenCV affected versions not specified Description: The issue is related to a heap buffer overflow read in the PngDecoder of OpenCV. The crash occurs in the cv::PngDecoder::readHeader function, which is called by cv::imdecode and cv::imdecode...

PT-2026-2877

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's libceph component where the decode pool function may be susceptible to out-of-bounds reads. This can occur if an osdmap is corrupted, specifically whe...

PT-2026-4360

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a memory leak in the tpm2 load cmd function. This function allocates a temporary blob via tpm2 key decode but does not free it in failure scenarios. The issue i...

PT-2025-30799

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The core scsi3 decode spec i port function may experience a NULL pointer dereference in its error code path when the dest se deve pointer is unset. This occurs when unconditionally calli...

SUSE CVE-2024-56705

In the Linux kernel, the following vulnerability has been resolved: media: atomisp: Add check for rgbydata memory allocation failure In iacss3astatisticsallocate, there is no check on the allocation result of the rgbydata memory. If rgbydata is not successfully allocated, it may trigger the...

SUSE CVE-2024-53146

In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent a potential integer overflow If the tag length is = U32MAX - 3 then the "length + 4" addition can result in an integer overflow. Address this by splitting the decoding into several steps so that decodecbcompound4res...

CVE-2020-1819

There are multiple out of bounds OOB read vulnerabilities in the implementation of the Common Open Policy Service COPS protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities...

CLSA-2024-1735065830 Fix CVE(s): CVE-2024-11233

SECURITY UPDATE: Security vulnerability in package - debian/patches/CVE-2024-11233.patch: fix error in convert.quoted printable-decode filter certain data leading to buffer overread. Fix segfault with streams and invalid data. - CVE-2024-11233...

CLSA-2024-1734543983 php: Fix of CVE-2024-11233

CVE-2024-11233: fix single byte overread with convert.quoted-printable-decode filter...

CLSA-2024-1734368527 php: Fix of CVE-2024-11233

CVE-2024-11233: Fix buffer overread by one byte issue in convert.quoted-printable-decode filter - Fix Bug 74267: segfault with streams and invalid data...

PT-2024-41104 · Git +1 · Libredwg

Name of the Vulnerable Software and Affected Versions: Libdwg affected versions not specified Description: The software contains an index-out-of-bounds issue discovered by OSS-Fuzz. The crash occurs within the dwg decode eed, dwg decode entity, and dwg decode RAY private functions. Recommendation...

USN-7157-2 php7.4 regression

USN-7157-1 fixed vulnerabilities in PHP. The patch for CVE-2024-8932 caused a regression in php7.4. This update fixes the problem. Original advisory details: It was discovered that PHP incorrectly handled certain inputs when processed with convert.quoted-printable decode filters. An attacker coul...