CLSA-2025-1753769031 glib2: Fix of CVE-2025-4373

CVE-2025-4373: fix integer overflow in gstringinsertunichar function to prevent buffer underwrite...

CLSA-2025-1753768865 glib2: Fix of CVE-2025-4373

CVE-2025-4373: fix integer overflow in gstringinsertunichar function to prevent buffer underwrite...

SUSE CVE-2025-38387

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Initialize objevent-objsublist before xainsert The objevent may be loaded immediately after inserted, then if the listhead is not initialized then we may get a poisonous pointer. This fixes the crash below: mlx5core...

CVE-2025-8171

A vulnerability, which was classified as critical, has been found in code-projects Document Management System 1.0. This issue affects some unknown processing of the file /insert.php. The manipulation of the argument uploadedfile leads to unrestricted upload. The attack may be initiated remotely...

AZL-72403 CVE-2025-38387 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Initialize objevent-objsublist before xainsert The objevent may be loaded immediately after inserted, then if the listhead is not initialized then we may get a poisonous pointer. This fixes the crash below: mlx5core...

SUSE-SU-2025:20508-1 Security update for glib2

This update for glib2 fixes the following issues: - CVE-2025-4373: Fixed buffer underflow through glib/gstring.c via function gstringinsertunichar bsc1242844 - CVE-2025-6052: Fixed integer overflow in gstringmaybeexpand leads to potential buffer overflow in GString bsc1244596...

kernel: ext4: fix off-by-one error in do_split

In the Linux kernel, the following vulnerability has been resolved: ext4: fix off-by-one error in dosplit Syzkaller detected a use-after-free issue in ext4insertdentry that was caused by out-of-bounds access due to incorrect splitting in dosplit. BUG: KASAN: use-after-free in...

kernel: ext4: fix off-by-one error in do_split

In the Linux kernel, the following vulnerability has been resolved: ext4: fix off-by-one error in dosplit Syzkaller detected a use-after-free issue in ext4insertdentry that was caused by out-of-bounds access due to incorrect splitting in dosplit. BUG: KASAN: use-after-free in...

itsourcecode Insurance Management System 注入漏洞

itsourcecode Insurance Management System is an insurance management system from itsourcecode open source. An injection vulnerability exists in version 1.0 of itsourcecode Insurance Management System, which is caused by an incorrect manipulation of the parameter nomineeid in the file...

glib: Buffer Underflow on GLib through glib/gstring.c via function g_string_insert_unichar

A flaw was found in GLib, which is vulnerable to an integer overflow in the gstringinsertunichar function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite...

glib: Buffer Underflow on GLib through glib/gstring.c via function g_string_insert_unichar

A flaw was found in GLib, which is vulnerable to an integer overflow in the gstringinsertunichar function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite...

glib: Buffer Underflow on GLib through glib/gstring.c via function g_string_insert_unichar

A flaw was found in GLib, which is vulnerable to an integer overflow in the gstringinsertunichar function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite...

glib: Buffer Underflow on GLib through glib/gstring.c via function g_string_insert_unichar

A flaw was found in GLib, which is vulnerable to an integer overflow in the gstringinsertunichar function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite...

AZL-65004 CVE-2025-38269 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: btrfs: exit after state insertion failure at btrfsconvertextentbit If insertstate state failed it returns an error pointer and we call extentiotreepanic which will trigger a BUG call. However if CONFIGBUG is disabled, which is an...

kernel: ext4: fix off-by-one error in do_split

In the Linux kernel, the following vulnerability has been resolved: ext4: fix off-by-one error in dosplit Syzkaller detected a use-after-free issue in ext4insertdentry that was caused by out-of-bounds access due to incorrect splitting in dosplit. BUG: KASAN: use-after-free in...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the InsertNodeAsParent function in parser.c. An attacker can cause a crash and denial of service by triggering a null pointer dereference through local access. Remediation There is no fixed version for...

DEBIAN-CVE-2025-6496

A vulnerability was found in HTACG tidy-html5 5.8.0. It has been declared as problematic. This vulnerability affects the function InsertNodeAsParent of the file src/parser.c. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been...

HTACG HTML Tidy 安全漏洞

HTACG HTML Tidy is an open source HTML tool from HTML Tidy Advocacy Community Group. A security vulnerability exists in HTACG HTML Tidy version 5.8.0 due to a null pointer dereference in the function InsertNodeAsParent in the file src/parser.c. The vulnerability is caused by the presence of a nul...

CVE-2025-6136

A vulnerability was found in Projectworlds Life Insurance Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /insertPayment.php. The manipulation of the argument reciptno leads to sql injection. The attack may be initiated remotely. The...

CVE-2025-6134

A vulnerability was found in Projectworlds Life Insurance Management System 1.0. It has been classified as critical. This affects an unknown part of the file /insertClient.php. The manipulation of the argument clientid leads to sql injection. It is possible to initiate the attack remotely. The...