Triggering and Detecting Exploitable Library Vulnerability from the Client by Directed Greybox Fuzzing

Developers utilize third-party libraries to improve productivity, which also introduces potential security risks. Existing approaches generate tests for public functions to trigger library vulnerabilities from client programs, yet they depend on proof-of-concepts PoCs, which are often unavailable...

iccDEV 安全漏洞

iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.6 contained security vulnerabilities. These vulnerabilities stemmed from the handling of specially crafted ICC configuration files, where invalid enumeratio...

HTSlib 安全漏洞

HTSlib is a C-language library developed by samtools. Versions of HTSlib prior to 1.23.1, 1.22.2, and 1.21.1 have security vulnerabilities. These vulnerabilities stem from the crambytearraylendecode function not verifying the amount of data, which may lead to heap buffer overflows or stack...

RHSA-2026:2486 Red Hat Security Advisory: fence-agents security update

Bulletin has no description...

USN-8017-1 glib2.0 vulnerabilities

It was discovered that GLib incorrectly parsed large Base64 data. An attacker could use this issue to cause GLib to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2026-1484 It was discovered that GLib incorrectly parsed certain treemagic files. An attacker could...

CLEANSTART-2026-OJ15484 SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process

Multiple security vulnerabilities affect the elastic-beats-fips package. SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. See references for individual vulnerability details...

USN-7974-1: libxml2 vulnerabilities

It was discovered that libxml2 incorrectly handled maliciously crafted SGML catalog files. An attacker could possibly use this issue to cause libxml2 to consume excessive resources, leading to a denial of service. CVE-2025-8732 It was discovered that libxml2 incorrectly handled recursive include...

CVE-2025-62582

Delta Electronics DIAView has multiple vulnerabilities...

CVE-2025-62581

Delta Electronics DIAView has multiple vulnerabilities...

K000157990: Multiple LibTIFF vulnerabilities

Security Advisory Description CVE-2023-41175 A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based...

TencentOS Server 3: gd (TSSA-2022:0054)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0054 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

EUVD-2021-2000

Malware in sbrugna...

Amazon Linux 2023 : python3.11-pip, python3.11-pip-wheel (ALAS2023-2025-1097)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1097 advisory. Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgra...

Ubuntu 24.04 LTS / 25.04 : GNU C Library vulnerabilities (USN-7634-1)

The remote Ubuntu 24.04 LTS / 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7634-1 advisory. It was discovered that the GNU C Library incorrectly handled the strcmp implementation optimized for Power10 processors. This could cause...

CVE-2022-43310

An Uncontrolled Search Path Element in Foxit Software released Foxit Reader v11.2.118.51569 allows attackers to escalate privileges when searching for DLL libraries without specifying an absolute path...

SynFuzz: Leveraging Fuzzing of Netlist to Detect Synthesis Bugs

In the evolving landscape of integrated circuit IC design, the increasing complexity of modern processors and intellectual property IP cores has introduced new challenges in ensuring design correctness and security. The recent advancements in hardware fuzzing techniques have shown their efficacy ...

ROS-20250430-09

VBI libzvbi VBI capture and decode library vulnerability is related to an integer overflow in the vbicapturesimloadcaption function in src/io-sim.c. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code on the target system VBI capture and decode...

ROS-20250430-05

Vulnerability of Erlang programming language OTP library set is related to improper packet handling SFTP. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. denial of service Vulnerability of SSH protocol implementation from Erlang/OTP library...

USN-7437-1: CImg library vulnerabilities

It was discovered that the CImg library did not properly check the size of images before loading them. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. CVE-2022-1325 It was discovered that the CImg library did not correctly handle...

Ubuntu 18.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : CImg library vulnerabilities (USN-7437-1)

The remote Ubuntu 18.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7437-1 advisory. It was discovered that the CImg library did not properly check the size of images before loading them. An attacker could...