4783 matches found
ALSA-2025:4051 Moderate: gnutls security update
The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: GnuTLS Impacted by Inefficient DER Decoding in libtasn1 Leading to Remote DoS CVE-2024-12243 For more details...
vLLM vulnerable to Denial of Service by abusing xgrammar cache
Impact This report is to highlight a vulnerability in XGrammar, a library used by the structured output feature in vLLM. The XGrammar advisory is here: https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-389x-67px-mjg3 The xgrammar library is the default backend used by vLLM to support...
GHSA-HF3C-WXG2-49Q9 vLLM vulnerable to Denial of Service by abusing xgrammar cache
Impact This report is to highlight a vulnerability in XGrammar, a library used by the structured output feature in vLLM. The XGrammar advisory is here: https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-389x-67px-mjg3 The xgrammar library is the default backend used by vLLM to support...
CVE-2025-29917
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The bytes setting in the decodebase64 keyword is not properly limited. Due to this, signatures using the keyword and setting can cause large memory allocations of up to 4 GiB per...
encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion
A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635...
OESA-2025-1355 zvbi security update
The ZVBI library provides functions to read from Linux V4L, V4L2 and FreeBSD BKTR raw VBI capture devices, from Linux DVB devices and from a VBI proxy to share V4L and V4L2 VBI devices between multiple applications. It can demodulate raw to sliced VBI data in software, with support for a wide ran...
CVE-2024-7407
Use of a custom password encoding algorithm in Streamsoft Prestiż software allows straightforward decoding of passwords using their encoded forms, which are stored in the application's database. One has to know the encoding algorithm, but it can be deduced by observing how password are transforme...
OESA-2025-1332 zvbi security update
The ZVBI library provides functions to read from Linux V4L, V4L2 and FreeBSD BKTR raw VBI capture devices, from Linux DVB devices and from a VBI proxy to share V4L and V4L2 VBI devices between multiple applications. It can demodulate raw to sliced VBI data in software, with support for a wide ran...
CVE-2024-7407
CVE-2024-7407 concerns Streamsoft Prestiż, where a custom password encoding algorithm allows decoding of stored passwords from encoded forms under observer-informed conditions. The vulnerable element is the password encoding/transform process in the application’s database storage. The impact, as ...
CVE-2024-7407 Weak password encoding in Streamsoft Prestiż
Use of a custom password encoding algorithm in Streamsoft Prestiż software allows straightforward decoding of passwords using their encoded forms, which are stored in the application's database. One has to know the encoding algorithm, but it can be deduced by observing how password are...
The vulnerability of the OpenJPEG library for image encoding and decoding, related to buffer overflow in dynamic memory, allows attackers to execute arbitrary code.
The vulnerability of the OpenJPEG library for image encoding and decoding is related to buffer overflow in dynamic memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
Security update for gnutls
This update for gnutls fixes the following issues: CVE-2024-12243: Fixed inefficient DER decoding in libtasn1 which could lead to a remote denial-of-service bsc1236974. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...
SUSE-SU-2025:20157-1 Security update for gnutls
This update for gnutls fixes the following issues: - CVE-2024-12243: Fixed inefficient DER decoding in libtasn1 which could lead to a remote denial-of-service bsc1236974...
PT-2025-12028
Name of the Vulnerable Software and Affected Versions Horovod versions up to and including v0.28.1 Description The issue is due to improper handling of base64-encoded data in the ElasticRendezvousHandler, a subclass of KVStoreHandler. Specifically, the put value method in ElasticRendezvousHandler...
PYSEC-2025-223
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. The outlines library is one of the backends used by vLLM to support structured output a.k.a. guided decoding. Outlines provides an optional cache for its compiled grammars on the local filesystem. This cache has...
PYSEC-2025-223
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. The outlines library is one of the backends used by vLLM to support structured output a.k.a. guided decoding. Outlines provides an optional cache for its compiled grammars on the local filesystem. This cache has...
GSS-NTLMSSP vulnerable to incorrect free when decoding target information
...
GSS-NTLMSSP vulnerable to memory corruption when decoding UTF16 strings
...
GSS-NTLMSSP vulnerable to out-of-bounds read when decoding target information
...
GSS-NTLMSSP vulnerable to multiple out-of-bounds reads when decoding NTLM fields
...