FreeBSD : ejabberd -- Potential DDoS in XML Parser (82064ab5-3d76-11f1-89ab-901b0e9408dc)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 82064ab5-3d76-11f1-89ab-901b0e9408dc advisory. ejabberd team reports: This release adds new options that limit max memory used by XML parser used to...

OESA-2026-1994 thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.CVE-2025-59375 Spoofing issue in Thunderbird. This vulnerability was fixed ...

CVE-2026-4371

A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking...

CVE-2026-4371

A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking...

SUSE SLES12 Security Update : gpg2 (SUSE-SU-2026:0378-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:0378-1 advisory. - CVE-2025-68973: Fixed possile memory corruption in the armor parser T7906 bsc1255715 - Fixed GnuPG Accepting Path Separators and Path Traversals in...

Security update for gpg2

This update for gpg2 fixes the following issues: CVE-2025-68973: Fix possible memory corruption in the armor parser gpg.fail/memcpybsc1255715. Avoid potential downgrade to SHA1 in 3rd party key signatures gpg.fail/sha1 bsc1256246. Error out on unverified output for non-detached signatures...

firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing

A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input 250 KiB can cause the parser to allocate hundreds of megabytes, leading to denial-of-service DoS through memory exhaustion...

EUVD-2017-1485

Malware in sbrugna...

EUVD-2021-10091

Malware in sbrugna...

opentelemetry-collector security update

An update is available for opentelemetry-collector. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Collector with the supported components for a Rocky Enterpri...

Linux Distros Unpatched Vulnerability : CVE-2021-46337

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is an Assertion 'pagep != NULL' failed at /parser/js/js-parser-mem.cparserlistget in JerryScript 3.0.0. CVE-2021-46337 Note that Nessus relies on the...

Azure Linux 3.0 Security Update: gdk-pixbuf2 (CVE-2025-6199)

The version of gdk-pixbuf2 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-6199 advisory. - A flaw was found in the GIF parser of GdkPixbuf's LZW decoder. When an invalid symbol is encountered...

CVE-2025-6199

A flaw was found in the GIF parser of GdkPixbuf’s LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output size to the full buffer length rather than the actual number of written bytes. This logic error results in uninitialized sections of the...

CVE-2024-42358

PDFio is a simple C library for reading and writing PDF files. There is a denial of service DOS vulnerability in the TTF parser. Maliciously crafted TTF files can cause the program to utilize 100% of the Memory and enter an infinite loop. This can also lead to a heap-buffer-overflow vulnerability...

CVE-2021-46337

There is an Assertion 'pagep != NULL' failed at /parser/js/js-parser-mem.cparserlistget in JerryScript 3.0.0...

UBUNTU-CVE-2025-22060

In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: Prevent parser TCAM memory corruption Protect the parser TCAM/SRAM memory, and the cached shadow SRAM information, from concurrent modifications. Both the TCAM and SRAM tables are indirectly accessed by configuring an...

CVE-2025-22060 net: mvpp2: Prevent parser TCAM memory corruption

In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: Prevent parser TCAM memory corruption Protect the parser TCAM/SRAM memory, and the cached shadow SRAM information, from concurrent modifications. Both the TCAM and SRAM tables are indirectly accessed by configuring an...

CVE-2022-3957 GPAC SVG Parser svg_attributes.c svg_parse_preserveaspectratio memory leak

A vulnerability classified as problematic was found in GPAC. Affected by this vulnerability is the function svgparsepreserveaspectratio of the file scenegraph/svgattributes.c of the component SVG Parser. The manipulation leads to memory leak. The attack can be launched remotely. The name of the...

UBUNTU-CVE-2021-46337

There is an Assertion 'pagep != NULL' failed at /parser/js/js-parser-mem.cparserlistget in JerryScript 3.0.0...

JerryScript 安全漏洞

JerryScript is a lightweight JavaScript engine from the JerryScript project.JerryScript has a denial-of-service vulnerability in version 3.0.0, which stems from an assertion failure in /parser/js/js-parser-mem.c. An attacker could use this vulnerability to launch a denial of service...