CLSA-2026-1776163577 ncurses: Fix of CVE-2025-69720

CVE-2025-69720: add a limit-check in infocmp -i option's analyzestring function to prevent stack-based buffer overflow from upstream ncurses 6.5 patchlevel 20251213...

CLSA-2026-1777445825 ncurses: Fix of CVE-2025-69720

CVE-2025-69720: add a limit-check in infocmp -i option's analyzestring function to prevent stack-based buffer overflow from upstream ncurses 6.5 patchlevel 20251213...

qs's arrayLimit bypass in comma parsing allows denial of service

Summary The arrayLimit option in qs does not enforce limits for comma-separated values when comma: true is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This is a bypass of the array limit enforcement, similar to the bracket notation bypass addressed in...

Outray cli is vulnerable to race conditions in tunnels creation

Summary A TOCTOU race condition vulnerability allows a user to exceed the set number of active tunnels in their subscription plan. Details Affected conponent: apps/web/src/routes/api/tunnel/register.ts - /tunnel/register endpoint code-: ts // Check if tunnel already exists in database const...

EUVD-2023-60176

In the Linux kernel, the following vulnerability has been resolved: loop: loopsetstatusfrominfo check before assignment In loopsetstatusfrominfo, lo-looffset and lo-losizelimit should be checked before reassignment, because if an overflow error occurs, the original correct value will be changed t...

UBUNTU-CVE-2023-53820

In the Linux kernel, the following vulnerability has been resolved: loop: loopsetstatusfrominfo check before assignment In loopsetstatusfrominfo, lo-looffset and lo-losizelimit should be checked before reassignment, because if an overflow error occurs, the original correct value will be changed t...

UBUNTU-CVE-2025-22117

In the Linux kernel, the following vulnerability has been resolved: ice: fix using untrusted value of pktlen in icevcfdirparseraw Fix using the untrusted value of proto-raw.pktlen in function icevcfdirparseraw by verifying if it does not exceed the VIRTCHNLMAXSIZERAWPACKET value...

UBUNTU-CVE-2022-49067

In the Linux kernel, the following vulnerability has been resolved: powerpc: Fix virtaddrvalid for 64-bit Book3E & 32-bit mpe: On 64-bit Book3E vmalloc space starts at 0x8000000000000000. Because of the way pa works we have: pa0x8000000000000000 == 0, and therefore virttopfn0x8000000000000000 == ...

CVE-2022-48847 watch_queue: Fix filter limit check

In the Linux kernel, the following vulnerability has been resolved: watchqueue: Fix filter limit check In watchqueuesetfilter, there are a couple of places where we check that the filter type value does not exceed what the typefilter bitmap can hold. One place calculates the number of bits by: if...

SUSE CVE-2021-47548

In the Linux kernel, the following vulnerability has been resolved: ethernet: hisilicon: hns: hnsdsafmisc: fix a possible array overflow in hnsdsafgesrstbyport The if statement: if port = DSAFGENUM return; limits the value of port less than DSAFGENUM i.e., 8. However, if the value of port is 6 or...

CVE-2024-34149

CVE-2024-34149 affects Bitcoin Core up to version 27.0 and Bitcoin Knots up to 25.1.knots20231115, where tapscript lacks a policy size limit check. Root cause: missing policy size limit in tapscript. The connected Red Hat/CVE entries confirm the same description with no additional exploit details...

CVE-2023-24603

OX App Suite before backend 7.10.6-rev37 does not check size limits when downloading, e.g., potentially allowing a crafted iCal feed to provide an unlimited amount of data...

ALPINE-CVE-2018-20194

There is a stack-based buffer underflow in the third instance of the calculategain function in libfaad/sbrhfadj.c in Freeware Advanced Audio Decoder 2 FAAD2 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because limiting the additional noise energy...

DEBIAN-CVE-2017-17915

In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadMNGImage in coders/png.c, related to accessing one byte before testing whether a limit has been reached...

PHPB2B某处sql注入#5

简要描述： PHPB2B某处sql注入5 详细说明： 官网下载的最新版本 PHPB2B某处sql注入 virtual-office/favor.php 25-45行 ifisset$POST'do' && isset$POST'id' //check limit $typeid = 1; $flimit = $pdb-GetOne$sql = "SELECT countid FROM $tbprefixfavorites WHERE typeid='".$typeid."' AND memberid=".$thememberid; if...

Gzip Memory Bomb Denial Of Service

This module generates and hosts a 10MB single-round gzip file that decompresses to 10GB. Many applications will not implement a length limit check and will eat up all memory and eventually die. This can also be used to kill systems that download/parse content from a user-provided URL...

CVE-2011-1675

mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMITFSIZE value, a related issue to CVE-2011-1089...