CVE-2026-39956

A flaw was found in jq, a command line JSON processor. In release builds, the strindices builtin function calls the jvstringindexes function without checking that the arguments are actually strings. This missing validation allows an attacker who can supply non-string inputs to cause an applicatio...

Linux Distros Unpatched Vulnerability : CVE-2023-53742

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - kcsan: Avoid READONCE in readinstrumentedmemory Haibo Li reported: | Unable to handle kernel paging request at virtual address | ffffff802a0d8d7171 | Mem abort...

EulerOS 2.0 SP9 : c-ares (EulerOS-SA-2024-2808)

According to the versions of the c-ares package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/...

Medium: c-ares

Issue Overview: c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files...

SUSE CVE-2017-5504

The jpcundoroi function in libjasper/jpc/jpcdec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service invalid memory read and crash via a crafted image...

SUSE CVE-2017-5845

The gstavidemuxparsencdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service invalid memory read and crash via a ncdt sub-tag that "goes behind" the surrounding tag...

OESA-2022-1596 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: Out-of-bounds Write vulnerability in modsed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52...

ALPINE-CVE-2022-22719

A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier...

AZL-9015 CVE-2022-22719 affecting package httpd for versions less than 2.4.53-1

A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier...

CVE-2022-22719

A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier...

UBUNTU-CVE-2022-22719

A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier...

OESA-2021-1048 gstreamer-plugins-good security update

GStreamer is a pipeline-based multimedia framework that links together a wide variety of media processing systems to complete complex workflows, based on graphs of filters which operate on media data. GStreamer supports a wide variety of media-handling components, such as real-time sound processi...

DEBIAN-CVE-2017-5465

An out-of-bounds read while processing SVG content in "ConvolvePixel". This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and...

ALPINE-CVE-2017-1000257

An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that non-existing data with a pointer and the size zero to the deliver-data function. libcurl's deliver-data function treats zero as a mag...

UBUNTU-CVE-2017-12954

The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service invalid memory read and application crash via a crafted gig file...

minidjvu denial of service vulnerability (CNVD-2017-25770)

minidjvu is a command-line utility for encoding and decoding single-page black-and-white DjVu files with the ability to compress multiple pages, taking advantage of similarities between pages. A denial of service vulnerability exists in the mdjvubitmapgetboundingbox function in base/4bitmap.c in...

UBUNTU-CVE-2017-11662

The WMParseNewMidi function in fmidi.c in WildMIDI 0.4.2 can cause a denial of service invalid memory read and application crash via a crafted mid file...

DEBIAN-CVE-2017-11663

The WMSetupMidiEvent function in internalmidi.c:2315 in WildMIDI 0.4.2 can cause a denial of service invalid memory read and application crash via a crafted mid file...

DEBIAN-CVE-2017-11358

The readsamples function in hcom.c in Sound eXchange SoX 14.4.2 allows remote attackers to cause a denial of service invalid memory read and application crash via a crafted hcom file...

DEBIAN-CVE-2017-9412

The unpackreadsamples function in frontend/getaudio.c in LAME 3.99.5 allows remote attackers to cause a denial of service invalid memory read and application crash via a crafted wav file...