K000156692: Multiple ImageMagick vulnerabilities

Security Advisory Description CVE-2016-5010 coders/tiff.c in ImageMagick before 6.9.5-3 allows remote attackers to cause a denial of service out-of-bounds read via a crafted TIFF file. CVE-2016-5687 The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4...

📄 Trivision NC-227WF Username Enumeration

Trivision NC-227WF with firmware version 5.80 build 0141010 has a login mechanism that reveals whether a username exists or not by returning different error messages. CVE-2025-56764 — Trivision NC-227WF Summary Trivision NC-227WF firmware 5.80 build 20141010 login mechanism reveals whether a...

[SECURITY] [DLA 4305-2] firefox-esr regression update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4305-2 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort September 29, 2025 https://wiki.debian.org/LTS -...

CVE-2025-56764

CVE-2025-56764 affects Trivision NC-227WF firmware 5.80 (build 20141010). The login mechanism returns distinct errors for unknown usernames vs. wrong passwords, enabling username enumeration over a network attack surface. Impact is username enumeration, which can facilitate targeted credential st...

FuncPoison: Poisoning Function Library to Hijack Multi-Agent Autonomous Driving Systems

Autonomous driving systems increasingly rely on multi-agent architectures powered by large language models LLMs, where specialized agents collaborate to perceive, reason, and plan. A key component of these systems is the shared function library, a collection of software tools that agents use to...

PT-2025-39869

Name of the Vulnerable Software and Affected Versions Trivision NC-227WF firmware version 5.80 build 20141010 Description The login mechanism in the software allows an attacker to determine if a username is valid by observing different error messages. Specifically, a “Unknown user” message...

USN-7781-1 inetutils vulnerabilities

Matthew Hickey discovered that Inetutils did not correctly handle certain escape characters. An attacker could possibly use this issue to cause a denial of service. CVE-2019-0053 It was discovered that Inetutils did not correctly handle certain memory operations. An attacker could possibly use th...

hwmon: (drivetemp) Fix driver producing garbage data when SCSI errors occur

...

CVE-2025-10868 Business Logic Errors in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.4 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 where certain string conversion methods exhibit performance degradation with large inputs...

CVE-2025-1396

WSO2 username enumeration vulnerability (CVE-2025-1396) occurs when Multi-Attribute Login is enabled across multiple WSO2 products. The login flow returns a distinct error message for non-existing usernames, enabling observers to determine valid user IDs. Impact includes potential for targeted br...

GitLab 17.4 < 18.2.7 / 18.3 < 18.3.3 / 18.4 < 18.4.1 (CVE-2025-10868)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Business Logic Errors in GitLab CVE-2025-10868 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C...

PyTorch 安全漏洞

PyTorch is a Python package open-sourced by PyTorch. PyTorch suffers from a security vulnerability that stems from the bitwiserightshift function mishandling the boundary value of the OTHER parameter, which can be exploited by an attacker to cause an output error...

Cisco IOS XE 安全漏洞

Cisco IOS XE is an operating system from Cisco, Inc. Used as a single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity. A security vulnerability exists in Cisco IOS XE that stems from mishandling of errors...

SUSE SLES12 Security Update : vim (SUSE-SU-2025:03299-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03299-1 advisory. Updated to 9.1.1629: - CVE-2025-53905: Fixed malicious tar archive may causing a path traversal in Vims tar.vim plugin bsc1246604 -...

User Interface (UI) Misrepresentation of Critical Information

Overview Affected versions of this package are vulnerable to User Interface UI Misrepresentation of Critical Information via improper handling of error messages passed through URL parameters. An attacker can manipulate browser-displayed error messages by injecting arbitrary content, potentially...

SUSE-SU-2025:03299-1 Security update for vim

This update for vim fixes the following issues: Updated to 9.1.1629: - CVE-2025-53905: Fixed malicious tar archive may causing a path traversal in Vim’s tar.vim plugin bsc1246604 - CVE-2025-53906: Fixed malicious zip archive may causing a path traversal in Vim’s zip bsc1246602 - CVE-2025-55157:...

CVE-2025-55068

Dover Fueling Solutions ProGauge MagLink LX4 Devices fail to handle Unix time values beyond a certain point. An attacker can manually change the system time to exploit this limitation, potentially causing errors in authentication and leading to a denial-of-service condition...

Linux Distros Unpatched Vulnerability : CVE-2022-50357

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: dwc3: core: fix some leaks in probe The dwc3getproperties function calls: dwc-usbpsy = powersupplygetbynameusbpsyname %NASLMINLEVEL 80900 C Tenable, Inc...

SUSE CVE-2022-50406

In the Linux kernel, the following vulnerability has been resolved: iomap: iomap: fix memory corruption when recording errors during writeback Every now and then I see this crash on arm64: Unable to handle kernel NULL pointer dereference at virtual address 00000000000000f8 Buffer I/O error on dev...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not properly synchronizing the page tables, which could lead to page errors in kernel mode...