Astra Linux - уязвимость в firebird3.0

Firebird is a relational database. Prior to versions 3.0.13, 4.0.6, and 5.0.3, there is an XDR message parsing NULL pointer dereference denial-of-service vulnerability in Firebird. This specific flaw exists within the parsing of xdr message from client. It leads to NULL pointer dereference and Do...

Security Bulletin: Vulnerability in protobuf-c affects IBM Netezza Appliance

Summary The protobuf-c package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2022-48468 Vulnerability Details CVEID:CVE-2022-48468 DESCRIPTION: protobuf-c before 1.4.1 has an unsigned integer overflow in parserequiredmember. CWE:CWE-190: Integer...

MiracleLinux 7 : php-5.4.16-48.0.7.el7.AXS7 (AXSA:2025-10750:06)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10750:06 advisory. CVE-2025-1220: error if host contains null bytes in the middle of the string CVEs: CVE-2025-1220 In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3...

PT-2026-2617

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the RDMA/core component related to the handling of netlink responses for RDMA NL LS OP IP RESOLVE queries. Specifically, the code does not correct...

MiracleLinux 9 : ruby-3.0.7-165.el9_5 (AXSA:2025-9915:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9915:02 advisory. CGI: ReDoS in CGI::UtilescapeElement CVE-2025-27220 CGI: Denial of Service in CGI::Cookie.parse CVE-2025-27219 Tenable has extracted the preceding...

MiracleLinux 7 : php-5.4.16-48.0.12.el7.AXS7 (AXSA:2025-10958:11)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10958:11 advisory. CVE-2017-9228: fix heap out-of-bounds write in bitsetsetrange and parsecharclass functions CVEs: CVE-2017-9228 Tenable has extracted the preceding descripti...

OSV-2026-29 Heap-double-free in local_parse_glob

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=474561494 Crash type: Heap-double-free Crash state: localparseglob sshbindconfigparseline sshbindconfigparsestring...

NULL Pointer Dereference

Overview lief is a LIEF - Library to Instrument Executable Formats. Affected versions of this package are vulnerable to NULL Pointer Dereference in the Parser::parsebinary function. An attacker can cause a denial of service by triggering a null pointer dereference through local access. Remediatio...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the Parser::parsebinary function. An attacker can cause a denial of service by triggering a null pointer dereference through local access. Remediation A fix was pushed into the master branch but not yet...

CVE-2025-15504

A security flaw has been discovered in lief-project LIEF up to 0.17.1. Affected by this issue is the function Parser::parsebinary of the file src/ELF/Parser.tcc of the component ELF Binary Parser. The manipulation results in null pointer dereference. The attack must be initiated from a local...

Security update for php8

This update for php8 fixes the following issues: Security fixes: CVE-2025-14177: getimagesize function may leak uninitialized heap memory into the APPn segments when reading images in multi-chunk mode bsc1255710. CVE-2025-14178: heap buffer overflow occurs in arraymerge when the total element cou...

CVE-2023-40083

In parsegapdata of utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation...

CVE-2021-33438

An issue was discovered in mjs mJS: Restricted JavaScript engine, ES6 JavaScript version 6. There is stack buffer overflow in jsonparsearray in mjs.c...

CVE-2022-42743

deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the 'proto' property to be edited...

CVE-2022-35493

A Cross-site scripting XSS vulnerability in json search parse and the json response in wrteam.in, eShop - Multipurpose Ecommerce Store Website version 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the getproducts?search parameter...

CVE-2026-21689

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in CIccProfileXml::ParseBasic at...

CVE-2023-40586

OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Due to the misuse of log.Fatalf, the application using coraza crashed after receiving crafted requests from attackers. The application will immediately crash after receiving a malicious request that triggers an...

CVE-2025-40764

A vulnerability has been identified in Simcenter Femap V2406 All versions V2406.0003, Simcenter Femap V2412 All versions V2412.0002. The affected applications contains an out of bounds read vulnerability while parsing specially crafted BMP files. This could allow an attacker to execute code in th...

CVE-2022-31089

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions certain types of invalid files requests are not handled properly and can crash the server. If you are running multiple Parse Server instances in a cluster, the availability...

CVE-2022-31083

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 4.10.11 and 5.2.2, the certificate in the Parse Server Apple Game Center auth adapter not validated. As a result, authentication could potentially be bypassed by making a fake...