329 matches found
EUVD-2022-54609
Malicious code in bioql PyPI...
Security Bulletin: Vulnerability in libxml2 library (CVE-2025-32414) affects Power HMC.
Summary The libxml2 library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-32414 DESCRIPTION: In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API Python bindings...
Amazon Linux 2 : LibRaw (ALAS-2025-2954)
The version of LibRaw installed on the remote host is prior to 0.19.4-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2954 advisory. In LibRaw before 0.21.4, tag 0x412 processing in phaseonecorrect in decoders/loadmfbacks.cpp does not enforce minimum w0 and w1...
CVE-2025-23277
NVIDIA Display Driver for Linux and Windows contains a vulnerability in the kernel mode driver, where an attacker could access memory outside bounds permitted under normal use cases. A successful exploit of this vulnerability might lead to denial of service, data tampering, or information...
CVE-2025-38382 btrfs: fix iteration of extrefs during log replay
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix iteration of extrefs during log replay At inodeaddref when processing extrefs, if we jump into the next label we have an undefined value of victimname.len, since we haven't initialized it before we did the goto. This...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to out of bounds memory access due to the libssh2 package (CVE-2020-22218)
Summary libssh2 is used by DataStage on Cloud Pak for Data as part of secure communications. Vulnerability Details CVEID:CVE-2020-22218 DESCRIPTION: An issue was discovered in function libssh2packetadd in libssh2 1.10.0 allows attackers to access out of bounds memory. CWE:CWE-787: Out-of-bounds...
CVE-2025-54070
OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 5.2.0 and prior to version 5.4.0, the lastIndexOfbytes,byte,uint256 function of the Bytes.sol library may access uninitialized memory when the following two conditions hold: 1 the provided buffer length...
CVE-2025-54070 OpenZeppelin Contracts's Bytes's lastIndexOf function with position argument performs out-of-bound memory access on empty buffers
OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 5.2.0 and prior to version 5.4.0, the lastIndexOfbytes,byte,uint256 function of the Bytes.sol library may access uninitialized memory when the following two conditions hold: 1 the provided buffer length...
CVE-2025-54070 OpenZeppelin Contracts's Bytes's lastIndexOf function with position argument performs out-of-bound memory access on empty buffers
OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 5.2.0 and prior to version 5.4.0, the lastIndexOfbytes,byte,uint256 function of the Bytes.sol library may access uninitialized memory when the following two conditions hold: 1 the provided buffer length...
PT-2025-29948 · Openzeppelin · Openzeppelin Contracts
Name of the Vulnerable Software and Affected Versions: OpenZeppelin Contracts versions 5.2.0 through 5.3.9 Description: The lastIndexOfbytes,byte,uint256 function within the Bytes.sol library may access uninitialized memory under specific conditions. This occurs when the provided buffer length is...
CVE-2025-53014
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the InterpretImageFilename function. The issue stems from an off-by-one error that causes out-of-bounds memory access when processi...
CBL Mariner 2.0 Security Update: libxml2 (CVE-2025-32414)
The version of libxml2 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-32414 advisory. - In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API...
Azure Linux 3.0 Security Update: glibc (CVE-2023-4806)
The version of glibc installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-4806 advisory. - A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function May access memor...
CVE-2025-38340
In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Fix OOB memory read access in KUnit test KASAN reported out of bounds access - csdspmockbinaddnameorinfo, because the source string length was rounded up to the allocation size...
CVE-2025-38340
In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Fix OOB memory read access in KUnit test KASAN reported out of bounds access - csdspmockbinaddnameorinfo, because the source string length was rounded up to the allocation size...
CVE-2025-38330
In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Fix OOB memory read access in KUnit test ctl cache KASAN reported out of bounds access - csdspctlcacheinitmultipleoffsets. The code uses mockcoefftemplate.lengthbytes 4 bytes for register value allocations. But...
CVE-2025-38330 firmware: cs_dsp: Fix OOB memory read access in KUnit test (ctl cache)
In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Fix OOB memory read access in KUnit test ctl cache KASAN reported out of bounds access - csdspctlcacheinitmultipleoffsets. The code uses mockcoefftemplate.lengthbytes 4 bytes for register value allocations. But...
CVE-2025-38269
CVE-2025-38269 affects the Linux kernel, specifically the btrfs path. When exit after a state insertion failure occurs in btrfs_convert_extent_bit(), if insert_state() fails and CONFIG_BUG is disabled, the code falls through to cache_state() and dereferences the error pointer, causing an invalid ...
CVE-2025-43580 Audition | Access of Memory Location After End of Buffer (CWE-788)
Audition versions 25.2, 24.6.3 and earlier are affected by an Access of Memory Location After End of Buffer vulnerability that could result in application denial-of-service. An attacker could leverage this vulnerability to crash the application or disrupt its functionality. Exploitation of this...
CVE-2025-38226
CVE-2025-38226 targets the Linux kernel, specifically the media/v4l2-tpg path used by vivid. The issue is a KASAN-detected vmalloc-out-of-bounds access in tpg_fill_plane_pattern and tpg_fill_plane_buffer (v4l2-tpg-core.c:2608 and 2705), causing a write of size 1440 to a kernel address during vivi...