28 matches found
Siemens (CVE-2025-49796)
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined...
RLSA-2026:7675 Important: nodejs24 security update
Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...
EulerOS Virtualization 2.12.1 : libxml2 (EulerOS-SA-2026-1442)
According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an over...
SUSE CVE-2020-37167
ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through the ClamBC bytecode interpreter that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious...
CVE-2020-37167
CVE-2020-37167 affects ClamAV before 0.103.0-rc, where the ClamBC bytecode interpreter mishandles function name processing due to weak input validation in function name encoding. This can allow manipulation of bytecode function names and potentially execute malicious bytecode or cause unexpected ...
EulerOS 2.0 SP13 : libxml2 (EulerOS-SA-2025-2301)
According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML...
EUVD-2015-4063
Malware in sbrugna...
EUVD-2021-9807
Malicious code in bioql PyPI...
EUVD-2022-44230
Malicious code in bioql PyPI...
libxml: Type confusion leads to Denial of service (DoS)
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined...
CLSA-2025-1753303283 libxml2: Fix of 2 CVEs
CVE-2025-49794: fix memory safety issues in xmlSchematronReportOutput when parsing XPath elements - CVE-2025-49796: fix memory corruption issue triggered by processing sch:name elements in input XML file...
CLSA-2025-1752654760 libxml2: Fix of 3 CVEs
CVE-2025-49794: fix use-after-free issue triggered by processing certain elements in input XML file. - CVE-2025-49796: fix memory corruption issue triggered by processing certain sch:name elements in input XML file. - CVE-2025-6021: fix integer overflow in buffer size calculations to prevent...
The vulnerability in the ZendTo web application for transferring files involves an incorrect restriction on the path to the restricted directory. This allows a malicious actor to gain read and write access to data, or cause a service failure.
The vulnerability in the web application for transferring files via ZendTo is related to an incorrect restriction on the path to the restricted directory during the processing of the tmpname parameter. Exploiting this vulnerability can allow an attacker to gain read and modify access to data, or...
The vulnerability of the Git-based software platform for collaborative code development on GitLab, related to unlimited resource distribution, allows a hacker to cause a service failure.
The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to the unlimited distribution of resources when processing token names. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures...
CVE-2025-49796
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined...
CVE-2021-22671
Multiple integer overflow issues exist while processing long domain names, which may allow an attacker to remotely execute code on the SimpleLink Wi-Fi MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 and prior, CC13X0 SDK versions prior to v4.10.03, CC13X2 and CC26XX SDK versions prio...
PT-2024-26403 · Unknown · Campcodes Online Event Management System
Name of the Vulnerable Software and Affected Versions: Campcodes Online Event Management System version 1.0 Description: A problematic issue has been found in the system, affecting the processing of the file /views/process.php. The manipulation of the name argument leads to cross-site scripting...
UBUNTU-CVE-2023-4273
A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file...
The vulnerability of Huawei 535-232a router’s micro-programming software, related to access control errors when processing domain names, allows a hacker to intercept packets.
The vulnerability of Huawei 535-232a router’s microprogramming software is related to access control errors during the processing of domain names. Exploiting this vulnerability allows a remote attacker to intercept packets...
The vulnerability of the Cgo module in the Go programming language, allowing attackers to execute arbitrary code
The vulnerability of the Cgo module in the Go programming language is related to incorrect code generation during the processing of directory names. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...