Apache Tomcat 9.0.0-M1 < 9.0.107 Multiple Vulnerabilities

The version of Apache Tomcat installed on the remote host is 9.0.0-M1 prior to 9.0.107, 10.1.0-M1 prior to 10.1.43 or 11.0.0-M1 prior to 11.0.9. It is, therefore, affected by multiple vulnerabilities : - A race condition on connection close could trigger a JVM crash when using the APR/Native...

CVE-2025-41236

VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter. A malicious actor with local administrative privileges on a virtual machine with VMXNET3 virtual network adapter may exploit this issue to execute code on the host. Non VMXNET3...

CVE-2025-40913

Net::Dropbear versions through 0.16 for Perl contains a dependency that may be susceptible to an integer overflow. Net::Dropbear embeds a version of the libtommath library that is susceptible to an integer overflow associated with CVE-2023-36328...

CVE-2025-40913

Net::Dropbear versions through 0.16 for Perl contains a dependency that may be susceptible to an integer overflow. Net::Dropbear embeds a version of the libtommath library that is susceptible to an integer overflow associated with CVE-2023-36328...

CVE-2025-40913

CVE-2025-40913 concerns Net::Dropbear (through 0.16) for Perl, which embeds the libtommath library vulnerable to an integer overflow that is associated with CVE-2023-36328. Connected sources also reference a related CVE-2025-40914 affecting Perl CryptX and indicate the same underlying libtommath ...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : xwayland (SUSE-SU-2025:02191-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:02191-1 advisory. - CVE-2025-49176: Fixed the integer overflow in Big Requests Extension bsc1244084. Tenable has extracted...

PT-2025-27546 · Intelbras · Intelbras Rx1500 Router

Name of the Vulnerable Software and Affected Versions: Intelbras RX1500 Router versions 2.2.17 and earlier Description: An integer overflow exists in the websReadEvent function when processing the command field of the HTTP header. This can allow a remote attacker to execute arbitrary code or caus...

CVE-2025-5478 Sony XAV-AX8500 Bluetooth SDP Protocol Integer Overflow Remote Code Execution Vulnerability

Sony XAV-AX8500 Bluetooth SDP Protocol Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability. The...

Integer Overflow

github.com/cosmwasm/wasmd is vulnerable to integer overflow. The vulnerability is due to a contract error being ignored during IBC channel initialization, allowing the channel to open despite the error...

[slackware-security] libxml2

New libxml2 packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libxml2-2.11.9-i586-4slack15.0.txz: Rebuilt. This update fixes an integer overflow wraparound vulnerability in the xmlBuildQName...

CVE-2025-6021

A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input...

CVE-2025-40914

A critical integer overflow vulnerability has been discovered in the CPAN CryptX module. This flaw is inherited from an underlying dependency within the module. If successfully exploited, this vulnerability could lead to arbitrary code execution, allowing an attacker to gain full control over the...

CVE-2025-40914

CVE-2025-40914 affects Perl CryptX prior to 0.087, which embeds libtommath vulnerable to an integer overflow in mp_grow (CVE-2023-36328). Connected sources corroborate an integer overflow in libtommath, with Astra Linux noting the mp_grow overflow can enable arbitrary code execution and DoS. The ...

SUSE-SU-2025:01880-1 Security update for glib2

This update for glib2 fixes the following issues: - CVE-2025-4373: integer overflow in the gstringinsertunichar function can lead to buffer underwrite and memory corruption bsc1242844...

GO-2025-3726 IO::Compress::Brotli versions prior to 0.007 for Perl have an integer overflow in the bundled Brotli C library in github.com/google/brotli

IO::Compress::Brotli versions prior to 0.007 for Perl have an integer overflow in the bundled Brotli C library in github.com/google/brotli...

CVE-2024-52035

An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2024-52035

An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability...

Catdoc utilities OLE Document Parser File Allocation Table 32-bit integer overflow vulnerability

Talos Vulnerability Report TALOS-2024-2131 Catdoc utilities OLE Document Parser File Allocation Table 32-bit integer overflow vulnerability June 2, 2025 CVE Number CVE-2024-52035 SUMMARY An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of...

CVE-2024-21905

An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions: QTS...

CVE-2024-46669

An Integer Overflow or Wraparound vulnerability CWE-190 in version 7.4.4 and below, version 7.2.10 and below; FortiSASE version 23.4.b FortiOS tenant IPsec IKE service may allow an authenticated attacker to crash the IPsec tunnel via crafted requests, resulting in potential denial of service...