Nimiq 安全漏洞

Nimiq is an open-source implementation of the Albatross protocol in Rust. Prior versions of the Nimiq network-libp2p 1.4.0 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of the kad get-record query, where incorrect validation of records resulted in...

CVE-2026-32697

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 8.9.3, the RecordHandler::getRecord method retrieves any record by module and ID without checking the current user's ACL view permission. The companion saveRecord method...

CVE-2026-32697 SuiteCRM: RecordHandler::getRecord() missing ACLAccess('view') check allows any authenticated user to read any record (IDOR)

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 8.9.3, the RecordHandler::getRecord method retrieves any record by module and ID without checking the current user's ACL view permission. The companion saveRecord method...

EUVD-2026-13380

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 8.9.3, the RecordHandler::getRecord method retrieves any record by module and ID without checking the current user's ACL view permission. The companion saveRecord method...

CVE-2026-32697

CVE-2026-32697 affects SuiteCRM prior to 8.9.3. The vulnerability is in the RecordHandler::getRecord() path, which retrieves a record by module and ID without enforcing the user’s ACL view permission. The companion saveRecord() enforces ACLAccess('save'), but getRecord() omits ACLAccess('view'), ...

CVE-2026-23951 SumatraPDF's Integer Underflow in PalmDbReader Leads to Crash

SumatraPDF is a multi-format reader for Windows. All versions contain an off-by-one error in the validation code that only triggers with exactly 2 records, causing an integer underflow in the size calculation. This bug exists in PalmDbReader::GetRecord when opening a crafted Mobi file, resulting ...

Updated php packages fix security vulnerabilities

Opcache: - Reset global pointers to prevent use-after-free in zendjitstatus. PDO: - Fixed PDO quoting result null deref. Standard: - Fixed Null byte termination in dnsgetrecord - Heap buffer overflow in arraymerge - Information Leak of Memory in getimagesize...

MGASA-2025-0330 Updated php packages fix security vulnerabilities

Opcache: - Reset global pointers to prevent use-after-free in zendjitstatus. PDO: - Fixed PDO quoting result null deref. Standard: - Fixed Null byte termination in dnsgetrecord - Heap buffer overflow in arraymerge - Information Leak of Memory in getimagesize...

EUVD-2014-3980

Malicious code in bioql PyPI...

SUSE CVE-2019-9022

An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dnsgetrecord misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects phpparser...

php: memcpy with negative length via crafted DNS response

An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dnsgetrecord misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects phpparser...

The vulnerability of the “read” function in PHP’s DNS_get_record interpreter, related to reading data beyond the boundaries of the memory buffer, allows attackers to access confidential data.

The vulnerability of the “read” function in the PHP language interpreter’s dnsgetrecord function relates to reading data beyond the boundaries of the allocated memory buffer. Exploiting this vulnerability could allow an attacker to gain access to confidential data during the processing of DNS...

UBUNTU-CVE-2019-9022

An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dnsgetrecord misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects phpparser...

php: multiple buffer over-reads in php_parserr

Multiple buffer over-read flaws were found in the phpparserr function of PHP. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to crash a PHP application that used the dnsgetrecord function to perform a DNS query...

php: multiple buffer over-reads in php_parserr

Multiple buffer over-read flaws were found in the phpparserr function of PHP. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to crash a PHP application that used the dnsgetrecord function to perform a DNS query...

UBUNTU-CVE-2014-4049

Heap-based buffer overflow in the phpparserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service crash and possibly execute arbitrary code via a crafted DNS TXT record, related to the dnsgetrecord function...