CVE-2025-7008

Heap buffer out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed Windows PE file with .NET metadata may allow Local Execution of Code or Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast...

CVE-2025-7017

Affected product: Avira Antivirus engine. Vulnerability: heap buffer out-of-bounds read when scanning a malformed Windows MSI file. Root cause: out-of-bounds heap read in the engine (details not provided beyond the description). Impact: local code execution or denial-of-service of the antivirus e...

CVE-2025-7009 Avast antivirus heap buffer OOB read when scanning a malformed PE file

Heap buffer out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Local Execution of Code or Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus o...

CVE-2025-7002 Avira antivirus engine heap buffer OOB read when scanning a malformed PDF file (variant 2)

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.68...

CVE-2025-7002

CVE-2025-7002 is a heap buffer out-of-bounds read vulnerability in the Avira Antivirus engine when scanning a malformed PDF, potentially allowing local code execution or crashing the antivirus process. Affected products are Avira Antivirus engines on Windows, macOS, and Linux with builds prior to...

EulerOS 2.0 SP12 : rsync (EulerOS-SA-2026-1410)

According to the versions of the rsync package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array...

ImageMagick 输入验证错误漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 7.1.2-16 contained a vulnerability related to input validation errors. This vulnerability stemmed from...

EulerOS Virtualization 2.13.0 : curl (EulerOS-SA-2025-2607)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : 1. A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target...

Security update for coreutils

This update for coreutils fixes the following issues: CVE-2025-5278: Sort with key character offsets of SIZEMAX, could induce a read of 1 byte before an allocated heap buffer bsc1243767. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

TencentOS Server 4: gstreamer1-plugins-good (TSSA-2025:0705)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0705 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

PT-2025-47316

Name of the Vulnerable Software and Affected Versions rsync affected versions not specified Description A specially crafted client, acting as the receiver during an rsync file transfer, can cause a read error due to accessing memory outside the intended boundaries. This occurs because of a negati...

CVE-2020-15196

In Tensorflow version 2.3.0, the SparseCountSparseOutput and RaggedCountSparseOutput implementations don't validate that the weights tensor has the same shape as the data. The check exists for DenseCountSparseOutput, where both tensors are fully specified. In the sparse and ragged count weights a...

RHEL 6 : libplist (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libplist: Out-of-bounds heap buffer read in plistutil CVE-2017-5545 - The parsedictnode function in...

RHEL 7 : libplist (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libplist: Out-of-bounds heap buffer read in plistutil CVE-2017-5545 - The parsedictnode function in...

CVE-2023-40166

Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer read overflow in FileManager::detectLanguageFromTextBegining . The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. ...

CVE-2023-40166 Notepad++ heap buffer read overflow in FileManager::detectLanguageFromTextBegining

Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer read overflow in FileManager::detectLanguageFromTextBegining . The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. ...

CVE-2023-40166 Notepad++ heap buffer read overflow in FileManager::detectLanguageFromTextBegining

Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer read overflow in FileManager::detectLanguageFromTextBegining . The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. ...

Debian: Security Advisory (DLA-2868-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-2868-1 : advancecomp - LTS security update

The remote Debian 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-2868 advisory. - An out-of-bounds heap buffer read flaw was found in the way advancecomp before 2.1-2018/02 handled processing of ZIP files. An attacker could potentially use thi...

exiv2: heap-based buffer over-read in PngChunk::readRawProfile in pngchunk_int.cpp

In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunkint.cpp may cause a denial of service application crash due to a heap-based buffer over-read via a crafted PNG file...