Astra Linux - уязвимость в glibc

The deprecated compatibility function svcunixcreate in the sunrpc module of the GNU C Library aka glibc through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or if an application is not...

CVE-2026-41503

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an out-of-bounds read vulnerability in bacnet-stack's ReadPropertyMultiple service property decoder allows unauthenticated remote attackers to read past allocated buffer boundaries by sending an RP...

SUSE CVE-2025-71096

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Check for the presence of LSNLATYPEDGID correctly The netlink response for RDMANLLSOPIPRESOLVE should always have a LSNLATYPEDGID attribute, it is invalid if it does not. Use the nl parsing logic properly and call...

EUVD-2018-13357

Malware in sbrugna...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the privatekeyfromfile function. An attacker can potentially access sensitive information or modify data, under certain circumstances such as the specified filename not existing. Note: The vulnerable function has been...

CVE-2023-49587

SAP Solution Manager - version 720, allows an authorized attacker to execute certain deprecated function modules which can read or modify data of same or other component without user interaction over the network...

Insecure Temporary File

Overview Affected versions of this package are vulnerable to Insecure Temporary File through the use of the deprecated mktemp function, there is a risk of race conditions. This occurs because the function generates a temporary file name without ensuring exclusive access, allowing an opportunity f...

CVE-2024-23913

Use of Out-of-range Pointer Offset vulnerability in Merge DICOM Toolkit C/C++ on Windows. When deprecated MCXMLToMessage function is used to read a malformed DICOM XML file, it might result in memory access violation...

Merative Merge DICOM Toolkit 安全漏洞

The Merative Merge DICOM Toolkit is a comprehensive API from Merative that complies with the latest DICOM standards. A security vulnerability exists in Merative Merge DICOM Toolkit C/C++ versions v5.6.0 through v.5.17.0, which stems from a memory access conflict that can be caused when reading an...

CVE-2023-49587 Command Injection vulnerability in SAP Solution Manager

SAP Solution Manager - version 720, allows an authorized attacker to execute certain deprecated function modules which can read or modify data of same or other component without user interaction over the network...

Insecure Temporary File

transformers is vulnerable to Insecure Temporary Files. The vulnerability exists inside downloadurl due to the use of deprecated function tempfile.mktemp which creates temporary file names that are fundamentally insecure, as they do not ensure exclusive access to a file with the temporary name th...

SUSE CVE-2018-20815

In QEMU 3.1.0, loaddevicetree in devicetree.c calls the deprecated loadimage function, which has a buffer overflow risk...

Upgraded Q -> M from #258 [1674661917738]

Judge has assessed an item in Issue 258 as M risk. The relevant finding follows: L-03 Use of deprecated functions Impact The contract uses deprecated function latestAnswer. Such functions might suddenly stop working if no longer supported. Impact: Deprecated API stops working. Prices cannot be...

Insecure Temporary File

Description transformers package is using the deprecated function tempfile.mktemp which is not secure. Because a different process may create a file with this name in the time between the call to mktemp and the subsequent attempt to create the file by the first process. Functions that create...

call() should be used instead of transfer() on an address payable

Lines of code Vulnerability details Impact call should be used instead of transfer on an address payable Proof of Concept The use of the deprecated transfer function for an address will inevitably make the transaction fail when: 1. The claimer smart contract does not implement a payable function...

call() should be used instead of transfer() on address payable

Lines of code Vulnerability details Proof of Concept The use of the deprecated transfer function for an address will inevitably make the transaction fail when: 1. The claimer smart contract does not implement a payable function. 2. The claimer smart contract does implement a payable fallback whic...

Deprecated ChainLink API

Lines of code Vulnerability details Impact According to Chainlink's documentation, the latestAnswer function is deprecated. This function might suddenly stop working if Chainlink stop supporting deprecated APIs. And the old API can return stale data. Proof of Concept function latestAnswer externa...

CALL() should be used instead of TRANSFER() on an address payable

Lines of code Vulnerability details Impact The use of the deprecated transfer function for an address will inevitably make the transaction fail when: 1 The claimer smart contract does not implement a payable function. 2 The claimer smart contract does implement a payable fallback which uses more...

Usage of deprecated transfer to send ETH

Lines of code%20%7B-,payablemsg.sender.transfer,-msg.valueL183 Vulnerability details Impact The use of the deprecated transfer function for an address will inevitably make the transaction fail when: The claimer smart contract does not implement a payable function. The claimer smart contract does...

Call() should be used instead of transfer() on an address payable

Lines of code Vulnerability details Impact The use of the deprecated transfer function for an address will inevitably make the transaction fail when : 1. The withdrawer smart contract does not implement a payable fallback function. 2. The withdrawer smart contract implements a payable fallback...