Panda Security多款产品 代码问题漏洞

Panda Security Antivirus and others are products of the Spanish company Panda Security.Panda Security Antivirus is a suite of antivirus programs.Panda Security Internet Security is a suite of cloud-based antivirus programs. Panda Security Free Antivirus is a free antivirus program. A security...

OESA-2025-1794 qt6-qtimageformats security update

Security Fixes: When loading a specifically crafted ICNS format image file in QImage then it will trigger a crash. This issue affects Qt from versions 6.3.0 through 6.5.9, from 6.6.0 through 6.8.4, 6.9.0. This is fixed in 6.5.10, 6.8.5 and 6.9.1.CVE-2025-5683...

The vulnerability of BitLocker’s data protection function in the Microsoft Windows operating system allows attackers to circumvent existing security restrictions.

The vulnerability of BitLocker’s data protection function in the Microsoft Windows operating system relates to the loading of unreliable external data alongside reliable data. Exploiting this vulnerability could allow an attacker to circumvent existing security restrictions...

ExecuTorch vulnerable to Heap-based Buffer Overflow attack

A heap-buffer-overflow vulnerability in the loading of ExecuTorch methods can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 93b1a0c15f7eda49b2bc46b5b4c49557b4e9810f...

ExecuTorch vulnerable to Heap-based Buffer Overflow attack

A heap-buffer-overflow vulnerability in the loading of ExecuTorch methods can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 93b1a0c15f7eda49b2bc46b5b4c49557b4e9810f...

Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2025-1774)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MAL-2025-191743 Malicious code in gpu-free-ai (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0846b9b18e7af4ddef44ca9cb92d5543ace58ee3f171080b1570c3f044749dec Code attempts to exfiltrate any env variable containing "key" in name. This action is triggered on multiple occasions thanks to overwriting module loading and...

Malicious code in gpu-free-ai (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0846b9b18e7af4ddef44ca9cb92d5543ace58ee3f171080b1570c3f044749dec Code attempts to exfiltrate any env variable containing "key" in name. This action is triggered on multiple occasions thanks to overwriting module loading and...

CVE-2025-38295

Consolidated data shows CVE-2025-38295 affects the Linux kernel Amlogic Meson DDR PMU driver (meson_ddr_pmu_create) where smp_processor_id() was used in a preemptible context. This caused kernel warnings during module loading. The root cause is unsafe CPU-ID retrieval in preemptible code; the fix...

EulerOS 2.0 SP10 : glibc (EulerOS-SA-2025-1774)

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of...

EulerOS 2.0 SP10 : glibc (EulerOS-SA-2025-1797)

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of...

USN-7623-1 ghostscript vulnerabilities

It was discovered that OpenJPEG, vendored in Ghostscript did not correctly handle large image files. If a user or system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu...

gdk-pixbuf 缓冲区错误漏洞

gdk-pixbuf is an image loading library in the GNOME open source. A buffer error vulnerability exists in gdk-pixbuf, which stems from a heap buffer overflow in the gdkpixbufjpegimageloadincrement function and the gbase64encodestep function when processing a specially crafted JPEG image, which coul...

Security update for apache2

This update for apache2 fixes the following issues: CVE-2024-38477: Fixed null pointer dereference in modproxy bsc1227270. CVE-2024-39573: Fixed source code disclosure with handlers configured via AddType bsc1227271. CVE-2024-39884: Fixed source code disclosure of local content bsc1227353...

SUSE-SU-2025:02241-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2024-38477: Fixed null pointer dereference in modproxy bsc1227270. - CVE-2024-39573: Fixed source code disclosure with handlers configured via AddType bsc1227271. - CVE-2024-39884: Fixed source code disclosure of local content bsc1227353. ...

CLSA-2025-1751891683 glibc: Fix of CVE-2025-4802

CVE-2025-4802: fix untrusted LDLIBRARYPATH environment variable vulnerability by properly sanitizing the dynamic shared library loading...

GHSA-JJPH-296X-MRCR Transformers vulnerable to ReDoS attack through its get_imports() function

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically in the getimports function within dynamicmoduleutils.py. This vulnerability affects versions 4.49.0 and is fixed in version 4.51.0. The issue arises from a regular...

Transformers vulnerable to ReDoS attack through its get_imports() function

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically in the getimports function within dynamicmoduleutils.py. This vulnerability affects versions 4.49.0 and is fixed in version 4.51.0. The issue arises from a regular...

CVE-2025-3264 Regular Expression Denial of Service (ReDoS) in huggingface/transformers

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically in the getimports function within dynamicmoduleutils.py. This vulnerability affects versions 4.49.0 and is fixed in version 4.51.0. The issue arises from a regular...

CVE-2025-3264

CVE-2025-3264 (Hugging Face Transformers) is a ReDoS in get_imports() of dynamic_module_utils.py. The issue stems from a regex used to filter out Python try/except blocks: \stry\s :.?except. ?:, which can cause catastrophic backtracking and excessive CPU usage. Affected versions are 4.49.0; fixed...