Incorrect Input Validation

libfrr.so is vulnerable to Incorrect Input Validation. The vulnerability is caused due to an issue in function bgpattrencap within bgpd/bgpattr.c which does not check the actual remaining stream length before taking the TLV value...

CVE-2024-7079

A flaw was found in the Openshift console. The /API/helm/verify endpoint is tasked to fetch and verify the installation of a Helm chart from a URI that is remote HTTP/HTTPS or local. Access to this endpoint is gated by the authHandlerWithUser middleware function. Contrary to its name, this...

PT-2024-27513 · Ricoh · Ricoh Streamline Nx Pc Client

Name of the Vulnerable Software and Affected Versions: Ricoh Streamline NX PC Client affected versions not specified Description: A use of potentially dangerous function issue exists in the software. If this issue is exploited, files on the PC where the product is installed may be altered...

SUSE CVE-2024-22871

An issue in Clojure versions 1.20 to 1.12.0-alpha5 allows an attacker to cause a denial of service DoS via the clojure.core$partial$fn5920 function...

An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.

...

PT-2023-35956 · Apache · Apache Lucene

Name of the Vulnerable Software and Affected Versions: Apache Lucene affected versions not specified Description: The issue is related to a security exception in the org.apache.lucene.util.automaton.RegExp.toAutomaton function. It involves the java.base/java.util.BitSet.ensureCapacity and...

CVE-2023-38991

An issue in the delete function in the ActModelController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete models created by the Administrator...

SUSE-SU-2023:2973-1 Security update for openssl

This update for openssl fixes the following issues: - CVE-2023-3446: Fixed DHcheck excessive time with over sized modulus bsc1213487...

SUSE-SU-2023:2516-1 Security update for opensc

This update for opensc fixes the following issues: - CVE-2023-2977: Fixed out of bounds read in pkcs15 cardoshaveverifyrcpackage bsc1211894...

PT-2025-18831

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fixed version Description A vulnerability has been resolved in the Linux kernel. The issue is related to the LoongArch architecture and occurs when the get timer irq function is called multiple times in the...

CVE-2021-35370

An issue found in Peacexie Imcat v5.4 allows attackers to execute arbitrary code via the incomplete filtering function...

SUSE CVE-2015-4604

The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service application crash or possibly...

SUSE CVE-2019-14289

An issue was discovered in Xpdf 4.01.01. There is an integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "multiple bytes per line" case...

PT-2023-34931 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.11 Description: A potential issue exists in the Linux Kernel, specifically in the get swap pages function, where the lack of cond resched calls may lead to problems. The actual impact and attack plausibilit...

PT-2023-33661 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.16 Description: The issue is related to the return type of the netcp ndo start xmit function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions...

UBUNTU-CVE-2020-36646

A vulnerability classified as problematic has been found in MediaArea ZenLib up to 0.4.38. This affects the function Ztring::DateFromSeconds1970Local of the file Source/ZenLib/Ztring.cpp. The manipulation of the argument Value leads to unchecked return value to null pointer dereference. Upgrading...

CVE-2022-31795

An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 Control Center devices before 8.1A SP02 P04. The vulnerability resides in the grelfinfo function in grel.php. An attacker is able to influence the username user, password pw, and file-name file parameters and inject special characters...

CVE-2022-29210 Heap buffer overflow due to incorrect hash function in TensorFlow

TensorFlow is an open source platform for machine learning. In version 2.8.0, the TensorKey hash function used total estimated AllocatedBytes, which a is an estimate per tensor, and b is a very poor hash function for constants e.g. int32t. It also tried to access individual tensor bytes through...

GHSA-65HP-4VXR-C356 Arbitrary code execution in Magnolia CMS

An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted CSV/XLS file...

The vulnerability of the slapd server in the LDAP protocol OpenLDAP implementation, related to the lack of use of the assert() function, allows a attacker to cause a service failure.

The vulnerability of the slapd server in the LDAP OpenLDAP implementation is related to the insufficient use of the assert function. Exploiting this vulnerability allows a malicious actor to cause service failures using a malicious package...