401 matches found
AZL-66716 CVE-2025-58058 affecting package podman 4.1.1-26
xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current...
AZL-66762 CVE-2025-58058 affecting package skopeo for versions less than 1.14.4-6
xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current...
ROS-20250828-01
A vulnerability in the 7-Zip file archiver is related to incorrect symbolic link detection before file access. before accessing a file. Exploitation of the vulnerability allows an attacker to bypass security restrictions A vulnerability in the CopyCoder component of the 7-Zip file archiver is...
Linux Distros Unpatched Vulnerability : CVE-2025-29917
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The bytes setting in the decodebase64...
Linux Distros Unpatched Vulnerability : CVE-2019-14295
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An Integer overflow in the getElfSections function in pvmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service crash via a skewed offset...
Linux Distros Unpatched Vulnerability : CVE-2025-37837
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: iommu/tegra241-cmdqv: Fix warnings due to dmamfreecoherent Two WARNINGs are observed when SM...
CVE-2025-54952
An integer overflow vulnerability in the loading of ExecuTorch models can cause smaller-than-expected memory regions to be allocated, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 8f062d3f661e20bb19b24b767b9a9a46e8359f2b...
CVE-2025-54952
An integer overflow vulnerability in the loading of ExecuTorch models can cause smaller-than-expected memory regions to be allocated, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 8f062d3f661e20bb19b24b767b9a9a46e8359f2b...
CVE-2025-30405
The CVE-2025-30405 entry describes an integer overflow in the loading of ExecuTorch models, causing objects to be placed outside their allocated memory. Affected software is ExecuTorch prior to commit 0830af8207240df8d7f35b984cdf8bc35d74fa73. Reported impact includes potential code execution or o...
PT-2025-32320
Name of the Vulnerable Software and Affected Versions ExecuTorch versions prior to commit 0830af8207240df8d7f35b984cdf8bc35d74fa73 Description An integer overflow vulnerability exists in the loading of ExecuTorch models. This can lead to objects being placed outside of their allocated memory,...
Linux Distros Unpatched Vulnerability : CVE-2024-56706
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: s390/cpumsf: Fix and protect memory allocation of SDBs with mutex Reservation of the PMU...
Linux Distros Unpatched Vulnerability : CVE-2021-46943
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: media: staging/intel-ipu3: Fix setfmt error handling If there in an error during a setfmt, d...
CVE-2025-48074
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, applications trust unvalidated dataWindow size values from file headers, which can lead to excessive memory allocation and performance...
CVE-2025-48074 OpenEXR's Unbounded File Header Values can Lead to Out-Of-Memory Errors
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, applications trust unvalidated dataWindow size values from file headers, which can lead to excessive memory allocation and performance...
CVE-2025-38495 HID: core: ensure the allocated report buffer can contain the reserved report ID
In the Linux kernel, the following vulnerability has been resolved: HID: core: ensure the allocated report buffer can contain the reserved report ID When the report ID is not used, the low level transport drivers expect the first byte to be 0. However, currently the allocated buffer not account f...
CVE-2025-5449
A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed memory allocation and causes the server process to crash,...
CVE-2025-5449 Libssh: integer overflow in libssh sftp server packet length validation leading to denial of service
A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed memory allocation and causes the server process to crash,...
AZL-72929 CVE-2025-38445 affecting package kernel for versions less than 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: md/raid1: Fix stack memory use after return in raid1reshape In the raid1reshape function, newpool is allocated on the stack and assigned to conf-r1biopool. This results in conf-r1biopool.wait.head pointing to a stack address...
CVE-2025-38465 netlink: Fix wraparounds of sk->sk_rmem_alloc.
In the Linux kernel, the following vulnerability has been resolved: netlink: Fix wraparounds of sk-skrmemalloc. Netlink has this pattern in some places if atomicread&sk-skrmemalloc sk-skrcvbuf atomicaddskb-truesize, &sk-skrmemalloc; , which has the same problem fixed by commit 5a465a0da13e "udp:...
CVE-2025-38426
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Add basic validation for RAS header If RAS header read from EEPROM is corrupted, it could result in trying to allocate huge memory for reading the records. Add some validation to header fields...