Security Bulletin: Oracle Outside In Technology (OIT) v8.5.7 BP9, v8.5.8 BP2 vulnerabilities CVE-2025-54874 (vulnerable), CVE-2025-59375 (vulnerable) in FileNet Content Manager (FNCM) Content Based Retrieval (CBR) content indexing

Summary Oracle Outside In Technology OIT v8.5.7 BP9, v8.5.8 BP2 January, 2025 vulnerabilities CVE-2025-54874 vulnerable, CVE-2025-59375 vulnerable in FileNet Content Manager FNCM Content Based Retrieval CBR content indexing Vulnerability Details CVEID:CVE-2025-54874 DESCRIPTION: OpenJPEG is an...

Advisory ROSA-SA-2026-3202

Software: tcpdump 4.9.3 OS: ROSA Virtualization 2.1 unaffected versions = tcpdump-4.9.3-5.rv3 affected versions tcpdump-4.9.3-5.rv3 CVE-ID: CVE-2021-41043 BDU-ID: 2025-16161 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the extractslice function of the network traffic analysis software tcpdump i...

RLSA-2025:21974 Important: mingw-expat security update

Expat is a C library for parsing XML documents. The mingw-expat packages provide a port of the Expat library for MinGW. Security Fixes: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing CVE-2025-59375 For more...

ALSA-2025:21030 Important: expat security update

Expat is a C library for parsing XML documents. Security Fixes: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing CVE-2025-59375 For more details about the security issues, including the impact, a CVSS score,...

Amazon Linux 2023 : xmlrpc-c, xmlrpc-c-apps, xmlrpc-c-c++ (ALAS2023-2025-1229)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1229 advisory. libexpat through 2.5.0 allows a denial of service resource consumption because many full reparsings are required in the case of a large token for which multiple buffer fills are needed...

EUVD-2017-16304

Malware in sbrugna...

EUVD-2014-1954

Malware in sbrugna...

CVE-2025-29917

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The bytes setting in the decodebase64 keyword is not properly limited. Due to this, signatures using the keyword and setting can cause large memory allocations of up to 4 GiB per...

CVE-2025-29917 Suricata decode_base64: signature can do large memory allocation

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The bytes setting in the decodebase64 keyword is not properly limited. Due to this, signatures using the keyword and setting can cause large memory allocations of up to 4 GiB per...

CVE-2021-47170

In the Linux kernel, the following vulnerability has been resolved: USB: usbfs: Don't WARN about excessively large memory allocations Syzbot found that the kernel generates a WARNing if the user tries to submit a bulk transfer through usbfs with a buffer that is way too large. This isn't a bug in...

Huawei EulerOS: Security Advisory for libplist (EulerOS-SA-2020-2288)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2168-1] libplist security update

Package : libplist Version : 1.11-3+deb8u1 CVE ID : CVE-2017-5209 CVE-2017-5545 CVE-2017-5834 CVE-2017-5835 CVE-2017-6435 CVE-2017-6436 CVE-2017-6439 CVE-2017-7982 Debian Bug : 851196 852385 854000 860945 libplist is a library for reading and writing the Apple binary and XML property lists format...

Design/Logic Flaw

C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Faceboo...

Memory corruption

The ASN.1 parser in Bouncy Castle Crypto aka BC Java 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64...

LIM OpenEXR Denial of Service Vulnerability (CNVD-2017-32289)

LIM OpenEXR is an image file format developed by Industrial Light and Magic LIM in the United States for high dynamic range HDR images. A security vulnerability exists in the 'Header::readfrom' function in the IlmImf/ImfHeader.cpp file in LIM OpenEXR version 2.2.0. A remote attacker can exploit...

GraphicsMagick 'ReadSUNImage' Function Denial of Service Vulnerability

GraphicsMagick is a simple set of image processing tools. The tool provides resizing, rotating, highlighting and other functions to images. A security vulnerability exists in the 'ReadSUNImage' function in the coders/sun.c file in GraphicsMagick version 1.3.26. An attacker can exploit this...

CVE-2017-9040

GNU Binutils 2017-04-03 allows remote attackers to cause a denial of service NULL pointer dereference and application crash, related to the processmipsspecific function in readelf.c, via a crafted ELF file that triggers a large memory-allocation attempt...

CVE-2017-9040

GNU Binutils 2017-04-03 allows remote attackers to cause a denial of service NULL pointer dereference and application crash, related to the processmipsspecific function in readelf.c, via a crafted ELF file that triggers a large memory-allocation attempt...

CVE-2017-9040

GNU Binutils 2017-04-03 allows remote attackers to cause a denial of service NULL pointer dereference and application crash, related to the processmipsspecific function in readelf.c, via a crafted ELF file that triggers a large memory-allocation attempt...

DEBIAN-CVE-2017-7275

The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service attempted large memory allocation and application crash via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866...