kernel: vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp

In the Linux kernel, the following vulnerability has been resolved: vmxnet3: Fix malformed packet sizing in vmxnet3processxdp vmxnet3 driver's XDP handling is buggy for packet sizes using ring0 that is, packet sizes between 128 - 3k bytes. We noticed MTU-related connectivity issues with Cilium's...

CVE-2025-49795

A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service...

PT-2024-4481 · Smartec +1 · Smartec St-Fr041Me +2

Name of the Vulnerable Software and Affected Versions: ZkTeco ProFace X versions ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others Smartec ST-FR043 versions ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others Smartec ST-FR041ME versions ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others...

K000138953: Python vulnerability CVE-2023-41105

Security Advisory Description An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath, the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for...

SUSE CVE-2023-52513

In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix connection failure handling In case immediate MPA request processing fails, the newly created endpoint unlinks the listening endpoint and is ready to be dropped. This special case was not handled correctly by the co...

Heap Buffer Overflow

libgit2 is vulnerable to Heap Buffer Overflow. The vulnerability is due to improper handling of string paths in the hasdirname function within index.c. This logic in path processing may cause the application to crash, resulting in Denial of Service DoS...

CVE-2023-44186

An Improper Handling of Exceptional Conditions vulnerability in AS PATH processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a BGP update message with an AS PATH containing a large number of 4-byte ASes, leading to a Denial of Service DoS. Continued receipt and...

CVE-2023-44186

An Improper Handling of Exceptional Conditions vulnerability in AS PATH processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a BGP update message with an AS PATH containing a large number of 4-byte ASes, leading to a Denial of Service DoS. Continued receipt and...

SUSE CVE-2021-45930

Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps::growAppend called from QPainterPath::addPath and QPathClipper::intersect...

Updated python-pillow packages fix security vulnerability

pathgetbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. CVE-2022-22815 pathgetbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path. CVE-2022-22816 PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary...

IBM: SQL injection in URL path processing on www.ibm.com

A blind SQL injection in URL path processing on www.ibm.com was reported to IBM, analyzed and has been remediated. Thank you to @asterite. Blind SQL injection was present in URL path processing on www.ibm.com. An interesting thing is that the vulnerability was present in, essentially, any path, o...

OpenJDK: Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

CVE-2018-5888

While processing the system path, an out of bounds access can occur in Android releases from CAF using the linux kernel Android for MSM, Firefox OS for MSM, QRD Android before security patch level 2018-06-05...

git: path_name() integer truncation and overflow leading to buffer overflow

An integer truncation flaw and an integer overflow flaw, both leading to a heap-based buffer overflow, were found in the way Git processed certain path information. A remote attacker could create a specially crafted Git repository that would cause a Git client or server to crash or, possibly,...

Critical: Red Hat Security Advisory: java-1.8.0-ibm security update

Updated java-1.8.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

Critical: Red Hat Security Advisory: java-1.7.0-ibm security update

Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

Critical: Red Hat Security Advisory: java-1.6.0-ibm security update

Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

CentOS 5 / 7 : java-1.7.0-openjdk (CESA-2016:0054) (SLOTH)

Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

Oracle Linux 5 / 7 : java-1.7.0-openjdk (ELSA-2016-0054)

The remote Oracle Linux 5 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-0054 advisory. 1.7.0.95-2.6.4.0.0.1 - Update DISTRONAME in specfile 1:1.7.0.95-2.6.4.0 - Bump to 2.6.4 and u95b00. - Backport tarball creation script from OpenJDK...

java security update

CentOS Errata and Security Advisory CESA-2016:0053 Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS ba...