78 matches found
CVE-2025-11782
Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'ShowDownload' function uses “sprintf” to format a string that includes the user-controlled input of 'GetParametermeter' in the fixed-size buffer 'acStack4c' 64 bytes without checking the length. An attacker c...
CVE-2025-11780 Stack-based buffer overflow vulnreability in Circutor SGE-PLC1000/SGE-PLC50
Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'showMeterReport' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf'. The 'GetParametermeter' function retrieves the user input, which is directly incorporated in...
Fedora 41 : perl-Cpanel-JSON-XS (2025-89495f6403)
The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-89495f6403 advisory. This update fixes an issue where a specially-crafted JSON input could cause an integer overflow leading to a crash in the program parsing the JSON...
Linux Distros Unpatched Vulnerability : CVE-2023-53313
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - md/raid10: fix wrong setting of maxcorrreaderrors There is no input check when echo md/maxreaderrors and overflow might occur. Add check of input number...
DEBIAN-CVE-2023-53313
In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix wrong setting of maxcorrreaderrors There is no input check when echo md/maxreaderrors and overflow might occur. Add check of input number...
Linux Distros Unpatched Vulnerability : CVE-2024-26818
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: tools/rtla: Fix clang warning about mountpoint var size clang is reporting this warning: $...
NVIDIA Triton Inference Server 输入验证错误漏洞
Triton Inference Server is a high-performance inference service engine developed by NVIDIA, designed for AI model deployment in production environments, with support for a variety of frameworks TensorFlow, PyTorch, ONNX, etc. and optimized inference performance for GPUs and CPUs. An integer...
OESA-2025-1898 libxml2 security update
This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...
OESA-2025-1867 libxml2 security update
This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...
DEBIAN-CVE-2022-50030
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input Malformed user input to debugfs results in buffer overflow crashes. Adapt input string lengths to fit within internal buffers, leaving space for NUL...
USN-7370-1 smartdns vulnerabilities
It was discovered that SmartDNS did not correctly align certain objects in memory, leading to undefined behaviour. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. CVE-2024-24198, CVE-2024-24199 It was...
The vulnerability of Cobalt Ashlar-Vellum’s parametric automated design and 3D modeling software lies in its ability to copy buffers without checking the size of the input data. This allows a hacker to execute arbitrary code.
The vulnerability of Cobalt Ashlar-Vellum software for parametric automated design and 3D modeling lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows an attacker to execute arbitrary code within the context of the current process...
DEBIAN-CVE-2025-0690
The read command is used to read the keyboard input from the user, while reads it keeps the input length in a 32-bit integer value which is further used to reallocate the line buffer to accept the next character. During this process, with a line big enough it's possible to make this variable to...
DEBIAN-CVE-2024-47072
XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the...
Integer Overflow
tensorflow, tensorflowcpu and tensorflowgpu are vulnerable to Integer Overflow. The vulnerability is caused due to a missing validation where TFLite implementation of concatenation is vulnerable to an integer overflow issue. An attacker can craft a model such that the dimensions of one of the...
The vulnerability in the file src/gif.imageio/gifinput.cpp of the OpenImageIO image processing library allows a attacker to cause a service failure.
The vulnerability in the src/gif.imageio/gifinput.cpp file of the OpenImageIO library relates to the ability to write beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
GTKWave 输入验证错误漏洞
GTKWave is a full-featured, GTK+-based waveform viewer from GTKWave. GTKWave suffers from an integer overflow vulnerability that can be exploited by an attacker to cause arbitrary code execution via a specially crafted fst file...
USN-6449-2 ffmpeg regression
USN-6449-1 fixed vulnerabilities in FFmpeg. Unfortunately that update could introduce a regression in tools using an FFmpeg library, like VLC. This updated fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that FFmpeg incorrectly managed memory...
PT-2023-5766 · D Link · D-Link Dir-823G
Name of the Vulnerable Software and Affected Versions: D-Link DIR-823G version A1V1.0.2B05 Description: The issue is related to a buffer overflow in the SetWanSettings function via the Password parameter. This allows attackers to cause a Denial of Service DoS via a crafted input. The vulnerabilit...
Important: firefox
Issue Overview: Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox 116, Firefox ESR 102.14, and Firefox ESR 115.1. CVE-2023-4045 In some...