3985 matches found
EUVD-2025-21099
Malicious code in bioql PyPI...
EUVD-2025-21350
Malicious code in bioql PyPI...
EUVD-2021-31803
Malicious code in bioql PyPI...
EUVD-2025-24191
Malicious code in bioql PyPI...
SUSE CVE-2025-43718
Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata such as GTSPDFEVersion of a PDF document, e.g., a regular expression for a long pdfsubver string. This occurs in Dict::lookup, Catalog::getMetadata, and associated...
UBUNTU-CVE-2025-43718
Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata such as GTSPDFEVersion of a PDF document, e.g., a regular expression for a long pdfsubver string. This occurs in Dict::lookup, Catalog::getMetadata, and associated...
SUSE CVE-2025-39900
In the Linux kernel, the following vulnerability has been resolved: netsched: genestimator: fix esttimer vs CONFIGPREEMPTRT=y syzbot reported a WARNING in esttimer 1 Problem here is that with CONFIGPREEMPTRT=y, timer callbacks can be preempted. Adopt preemptdisablenested/preemptenablenested to fi...
DEBIAN-CVE-2025-43718
Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata such as GTSPDFEVersion of a PDF document, e.g., a regular expression for a long pdfsubver string. This occurs in Dict::lookup, Catalog::getMetadata, and associated...
CVE-2025-43718
Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata such as GTSPDFEVersion of a PDF document, e.g., a regular expression for a long pdfsubver string. This occurs in Dict::lookup, Catalog::getMetadata, and associated...
CVE-2025-39900
In the Linux kernel, the following vulnerability has been resolved: netsched: genestimator: fix esttimer vs CONFIGPREEMPTRT=y syzbot reported a WARNING in esttimer 1 Problem here is that with CONFIGPREEMPTRT=y, timer callbacks can be preempted. Adopt preemptdisablenested/preemptenablenested to fi...
UBUNTU-CVE-2025-39900
In the Linux kernel, the following vulnerability has been resolved: netsched: genestimator: fix esttimer vs CONFIGPREEMPTRT=y syzbot reported a WARNING in esttimer 1 Problem here is that with CONFIGPREEMPTRT=y, timer callbacks can be preempted. Adopt preemptdisablenested/preemptenablenested to fi...
CVE-2025-39900 net_sched: gen_estimator: fix est_timer() vs CONFIG_PREEMPT_RT=y
In the Linux kernel, the following vulnerability has been resolved: netsched: genestimator: fix esttimer vs CONFIGPREEMPTRT=y syzbot reported a WARNING in esttimer 1 Problem here is that with CONFIGPREEMPTRT=y, timer callbacks can be preempted. Adopt preemptdisablenested/preemptenablenested to fi...
CVE-2025-43718
CVE-2025-43718 affects Poppler 24.06.1 through 25.x before 25.04.0, where deeply nested PHP/PDF metadata parsing structures can trigger uncontrolled recursion in the regex executor, causing stack exhaustion and a SIGSEGV. The issue involves PDF metadata handling paths such as Dict::lookup and Cat...
CVE-2025-43718
Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata such as GTSPDFEVersion of a PDF document, e.g., a regular expression for a long pdfsubver string. This occurs in Dict::lookup, Catalog::getMetadata, and associated...
Poppler 安全漏洞
Poppler is a PDF rendering library from Poppler open source. A security vulnerability exists in Poppler version 24.06.1 through versions prior to 25.04.0, which stems from a stack consumption when processing deeply nested structures in PDF documents, which could result in a segmentation error...
CVE-2025-43718
Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata such as GTSPDFEVersion of a PDF document, e.g., a regular expression for a long pdfsubver string. This occurs in Dict::lookup, Catalog::getMetadata, and associated...
New $50 Battering RAM Attack Breaks Intel and AMD Cloud Security Protections
A group of academics from KU Leuven and the University of Birmingham has demonstrated a new vulnerability called Battering RAM to bypass the latest defenses on Intel and AMD cloud processors. "We built a simple, $50 interposer that sits quietly in the memory path, behaving transparently during...
ROS-20250930-03
The polkit service vulnerability is related to a boundary validation error when processing XML policies with a nesting depth of 32 or more elements. of 32 or more elements. Exploitation of the vulnerability could allow an attacker to compromise a compromised vulnerable system...
Security Bulletin: Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError.
Summary Passing a heavily nested list to sqlparse.parse leads to a Denial of Service due to RecursionError. Vulnerability Details CVEID:CVE-2024-4340 DESCRIPTION: Passing a heavily nested list to sqlparse.parse leads to a Denial of Service due to RecursionError. CWE:CWE-674: Uncontrolled Recursio...
express-xss-sanitizer has an unbounded recursion depth
Security Advisory: express-xss-sanitizer Overview A vulnerability was discovered in express-xss-sanitizer that allowed unbounded recursion depth during sanitization of nested objects. Affected Versions - All versions prior to 2.0.1 Patched Versions - 2.0.1 and later Description The sanitize...