2972 matches found
SUSE CVE-2025-40026
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Don't recheck L1 intercepts when completing userspace I/O When completing emulation of instruction that generated a userspace exit for I/O, don't recheck L1 intercepts as KVM has already finished that phase of instructi...
PT-2025-44314
Name of the Vulnerable Software and Affected Versions Wazuh versions prior to 4.10.2 Description Wazuh, a free and open source platform for threat prevention, detection, and response, contains a heap-based out-of-bounds write issue in the decode win permissions function. This flaw allows a...
Wazuh 安全漏洞
Wazuh is a Wazuh open source application. It is used to collect, aggregate, index and analyze security data to help organizations detect intrusions, threats and behavioral anomalies. A security vulnerability exists in Wazuh that stems from the presence of heap-based out-of-bounds writes in...
Wazuh 安全漏洞
Wazuh is a Wazuh open source application. It is used to collect, aggregate, index and analyze security data to help organizations detect intrusions, threats and behavioral anomalies. A security vulnerability exists in Wazuh versions prior to 4.10.2, which stems from a buffer over-read in the...
EUVD-2025-36441
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Don't recheck L1 intercepts when completing userspace I/O When completing emulation of instruction that generated a userspace exit for I/O, don't recheck L1 intercepts as KVM has already finished that phase of instructi...
CVE-2025-40026
The CVE-2025-40026 entry concerns the Linux kernel KVM on x86. The issue arises when completing userspace I/O emulation: KVM should not recheck L1 intercepts because it has already completed that phase, but if the I/O permission bitmaps are modified during the exit to userspace, KVM may treat the...
CVE-2025-40026 KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Don't recheck L1 intercepts when completing userspace I/O When completing emulation of instruction that generated a userspace exit for I/O, don't recheck L1 intercepts as KVM has already finished that phase of instructi...
DEBIAN-CVE-2025-62707
pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires parsing the content stream of a page which has an inline image using the DCTDecode filter. This has been fixed in...
DEBIAN-CVE-2025-62708
pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream of a page using the LZWDecode filter. This has been fixed in pypdf version 6.1.3...
CVE-2025-62708
pypdf (Python PDF library) prior to version 6.1.3 is affected by CVE-2025-62708: an attacker can craft a PDF that triggers large memory usage when parsing a page content stream using the LZWDecode filter. The issue has been fixed in pypdf 6.1.3. This is documented in the CVE entry and corroborate...
CVE-2025-62708 pypdf manipulated LZWDecode streams can exhaust RAM
pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream of a page using the LZWDecode filter. This has been fixed in pypdf version 6.1.3...
CVE-2025-62708 pypdf manipulated LZWDecode streams can exhaust RAM
pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream of a page using the LZWDecode filter. This has been fixed in pypdf version 6.1.3...
CVE-2025-62708
pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream of a page using the LZWDecode filter. This has been fixed in pypdf version 6.1.3...
CVE-2025-62707
pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires parsing the content stream of a page which has an inline image using the DCTDecode filter. This has been fixed in...
pypdf can exhaust RAM via manipulated LZWDecode streams
Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream of a page using the LZWDecode filter. Patches This has been fixed in pypdf==6.1.3. Workarounds If you cannot upgrade yet, consider applying the changes from P...
Infinite loop
Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Infinite loop in the parsing of content streams containing inline images with the DCTDecode filter when the end-of-file marker is...
CVE-2023-53729
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: qmiencdec: Restrict string length in decode The QMI TLV value for strings in a lot of qmi element info structures account for null terminated strings with MAXLEN + 1. If a string is actually MAXLEN + 1 length, this wil...
DEBIAN-CVE-2023-53729
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: qmiencdec: Restrict string length in decode The QMI TLV value for strings in a lot of qmi element info structures account for null terminated strings with MAXLEN + 1. If a string is actually MAXLEN + 1 length, this wil...
CVE-2023-53729
CVE-2023-53729 affects the Linux kernel’s QMI handling for Qualcomm (soc: qcom: qmi_encdec). The issue arises when decoding QMI TLV strings: the code accounts for null-terminated strings with MAX_LEN + 1, and if a string is actually MAX_LEN + 1, NULL termination leads to an out-of-bounds access. ...
CVE-2023-53729 soc: qcom: qmi_encdec: Restrict string length in decode
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: qmiencdec: Restrict string length in decode The QMI TLV value for strings in a lot of qmi element info structures account for null terminated strings with MAXLEN + 1. If a string is actually MAXLEN + 1 length, this wil...