CVE-2026-39836

The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL 0...

CLSA-2026-1778082886 libssh: Fix of CVE-2026-0966

CVE-2026-0966: avoid 1-byte heap buffer underflow in sshgethexa on NULL/zero-length input...

CLSA-2026-1778003186 libssh: Fix of CVE-2026-0966

CVE-2026-0966: fix heap buffer underflow in sshgethexa on NULL or zero-length input, remotely reachable via GSSAPI authentication logging...

CLSA-2026-1777939266 libssh: Fix of CVE-2026-0966

CVE-2026-0966: fix heap buffer underflow in sshgethexa on NULL or zero-length input, remotely reachable via GSSAPI authentication logging...

CVE-2026-39979

jq is a command-line JSON processor. In commits before 2f09060afab23fe9390cce7cb860b10416e1bf5f, the jvparsesized API in libjq accepts a counted buffer with an explicit length parameter, but its error-handling path formats the input buffer using %s in jvstringfmt, which reads until a NUL terminat...

CVE-2026-39979

jq is a command-line JSON processor. In commits before 2f09060afab23fe9390cce7cb860b10416e1bf5f, the jvparsesized API in libjq accepts a counted buffer with an explicit length parameter, but its error-handling path formats the input buffer using %s in jvstringfmt, which reads until a NUL terminat...

EUVD-2018-10909

Malware in sbrugna...

Unity Linux 20.1070e Security Update: glibc (UTSA-2025-680651)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-680651 advisory. In iconvdata/iso-2022-jp-3.c in the GNU C Library aka glibc 2.34, remote attackers can force iconv to emit a spurious '\0' character via crafted ISO-2022-JP-3 data...

EUVD-2025-25563

Malicious code in bioql PyPI...

RHEL 7 : uriparser (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - uriparser: Out-of-bounds read in uriParseEx CVE-2018-20721 - An issue was discovered in uriparser before...

RHEL 7 : uriparser (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - uriparser: Out-of-bounds read in uriParseEx CVE-2018-20721 - An issue was discovered in uriparser before...

Ubuntu 16.04 ESM : uriparser vulnerability (USN-5172-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5172-2 advisory. USN-5172-1 fixed vulnerabilities in uriparser. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Tenable has...

SUSE CVE-2018-19200

An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri function...

Google TensorFlow 安全漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A security vulnerability exists in Google TensorFlow, which stems from the GPU kernel failing to assert when tf.linalg.matrixrank receives a null input a, which can be used to trigger a denial-of-servic...

fribidi 代码问题漏洞

fribidi is an open source implementation of a bi-directional Unicode algorithm. A code issue vulnerability exists in fribidi that stems from a crash caused by incorrectly handling null input when removing tokens from a unicode string. An attacker exploiting this vulnerability could cause FriBidi ...

Ubuntu 18.04 LTS : uriparser vulnerabilities (USN-5172-1)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5172-1 advisory. It was discovered that uriparser mishandled certain input. An attacker could use this vulnerability to cause uriparser to crash or possibly execute...

openssl: Read buffer overruns processing ASN.1 strings

It was found that openssl assumed ASN.1 strings to be NUL terminated. A malicious actor may be able to force an application into calling openssl function with a specially crafted, non-NUL terminated string to deliberately hit this bug, which may result in a crash of the application, causing a...

GHSA-V768-W7M9-2VMM Reference binding to nullptr in shape inference

Impact An attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.SparseFillEmptyRows: python import tensorflow as tf tf.compat.v1.disablev2behavior tf.rawops.SparseFillEmptyRows indices = tf.constant, shape=0, 0, dtype=tf.int64, values = tf.constant, shape=0,...

CVE-2021-37681

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of SVDF in TFLite is vulnerable to a null pointer error. The GetVariableInput function can return a null pointer but GetTensorData assumes that the argument is always a valid tensor...

OPENSUSE-SU-2019:0165-1 Security update for uriparser

This update for uriparser fixes the following issues: Security issues fixed: - CVE-2018-20721: Fixed an out-of-bounds read for incomplete URIs with IPv6 addresses with embedded IPv4 address bsc1122193. - CVE-2018-19198: Fixed an out-of-bounds write that was possible via the uriComposeQuery or...