670 matches found
libpng 输入验证错误漏洞
libpng is The PNG Development Group open source a PNG graphics file can be realized on the creation of PNG, read and write operations such as PNG reference library . An input validation error vulnerability exists in libpng versions 1.6.26 through 1.6.53, which stems from an integer truncation in...
CVE-2022-42324
Oxenstored 32-31 bit integer truncation issues Integers in Ocaml are 63 or 31 bits of signed precision. The Ocaml Xenbus library takes a C uint32t out of the ring and casts it directly to an Ocaml integer. In 64-bit Ocaml builds this is fine, but in 32-bit builds, it truncates off the most...
Security Bulletin: IBM Operations Analytics - Log Analysis is affected by improper access control and integer truncation issues due to flaw in Apache Xalan
Summary Apache Xalan in Logstash is used by IBM Operations Analytics - Log Analysis as part of the data transformation and integration. CVE-2014-0107, CVE-2022-34169. Vulnerability Details CVEID:CVE-2014-0107 DESCRIPTION: The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly...
RHEL 8 : spice-client-win (RHSA-2026:0077)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0077 advisory. Spice client MSI installers for Windows clients Security Fixes: sqlite: Integer Truncation in SQLite CVE-2025-6965 libtiff: LibTIFF...
Security Bulletin: Rational Performance Tester contains a vulnerability which could lead to potential remote code execution
Summary Due to the use of the Apache Xalan Java XLST library, Rational Performance Tester contains a vulnerability that could lead to potential remote code execution. Vulnerability Details CVEID:CVE-2022-34169 DESCRIPTION: The Apache Xalan Java XSLT library could allow a remote attacker to execut...
node-forge ASN.1 OID Integer Truncation
...
CVE-2025-66030 node-forge ASN.1 OID Integer Truncation
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be...
CVE-2025-66030 node-forge ASN.1 OID Integer Truncation
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be...
CVE-2025-66030 node-forge ASN.1 OID Integer Truncation
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be...
sqlite security update
An update is available for sqlite. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list SQLite is a C library that implements an SQL database engine. A large subset o...
RLSA-2025:20936 Important: sqlite security update
SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL databas...
AlmaLinux 9 : sqlite (ALSA-2025:20936)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:20936 advisory. sqlite: Integer Truncation in SQLite CVE-2025-6965 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory. Note that...
sqlite: Integer Truncation in SQLite
A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior...
Important: Red Hat Security Advisory: sqlite security update
An update for sqlite is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
Important: sqlite security update
SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL databas...
RHEL 9 : sqlite (RHSA-2025:20936)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:20936 advisory. SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk...
ALSA-2025:20936 Important: sqlite security update
SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL databas...
Updated sqlite3 packages fix security vulnerability
Integer Truncation on SQLite. CVE-2025-6965...
MGASA-2025-0267 Updated sqlite3 packages fix security vulnerability
Integer Truncation on SQLite. CVE-2025-6965...
Mageia: Security Advisory (MGASA-2025-0267)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...