Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

Apple多款产品 安全漏洞

Apple iOS and other products are owned by the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

MiracleLinux 7 : java-11-openjdk-11.0.14.0.9-1.el7 (AXSA:2022-3015:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3015:03 advisory. OpenJDK: Incomplete deserialization class filtering in ObjectInputStream Serialization, 8264934 CVE-2022-21248 OpenJDK: Incorrect reading of TIFF...

EUVD-2019-10992

Malware in sbrugna...

EUVD-2019-16236

Malware in sbrugna...

EUVD-2016-4509

Malware in sbrugna...

EUVD-2010-2372

Malware in sbrugna...

EUVD-2023-40774

Malicious code in bioql PyPI...

CVE-2011-0840

Unspecified vulnerability in Oracle PeopleSoft Enterprise PeopleTools 8.49 GA through 8.49.30 allows remote authenticated users to affect confidentiality via unknown vectors related to File Processing...

CVE-2025-37882

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix isochronous Ring Underrun/Overrun event handling The TRB pointer of these events points at enqueue at the time of error occurrence on xHCI 1.1+ HCs or it's NULL on older ones. By the time we are handling the event,...

SUSE-SU-2025:1380-1 Security update for libraw

This update for libraw fixes the following issues: - CVE-2025-43962: Fixed out-of-bounds read when tag 0x412 processing in phaseonecorrect function bsc1241585 - CVE-2025-43964: Fixed tag 0x412 processing in phaseonecorrect does not enforce minimum w0 and w1 values bsc1241584...

CVE-2025-31672

A flaw was found in Apache POI's poi-ooxml component. This vulnerability allows attackers to manipulate file parsing behavior via specially crafted OOXML files containing ZIP entries with duplicate file names. Different systems can interpret these files differently, leading to inconsistent data...

Aim Excessive Data Query Operations in a Large Data Table vulnerability

In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of Text objects and then querying them simultaneously through the web API, the Aim web server becomes unresponsive to other requests for an extended period while processing and returning these...

CVE-2024-40747 [20250101] - Core - XSS vectors in module chromes

Various module chromes didn't properly process inputs, leading to XSS vectors...

Description of version 2 of the security update for Microsoft Exchange Server 2019 and 2016: November 27, 2024 (KB5049233)

Description of version 2 of the security update for Microsoft Exchange Server 2019 and 2016: November 27, 2024 KB5049233 Notice We have re-released the Exchange Server 2019 and 2016 November 12, 2024, security update SU to address the issue where Exchange Server stops processing Exchange Transpor...

CVE-2024-40743

The stripImages and stripIframes methods didn't properly process inputs, leading to XSS vectors...

PT-2022-37245 · Jxl · Jxl

Name of the Vulnerable Software and Affected Versions: jxl affected versions not specified Description: A heap buffer overflow read issue has been identified. The crash occurs in the jxl::N AVX2::BlendingStage::ProcessPaddingRow function, which is part of the...

OPENSUSE-SU-2022:0012-1 Security update for prosody

This update for prosody fixes the following issues: Update to 0.11.12: CVE-2022-0217: util.xml: Do not allow doctypes, comments or processing instructions bsc1194596...

OSV-2020-1516 Use-of-uninitialized-value in ScaleQuantumToChar

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22583 Crash type: Use-of-uninitialized-value Crash state: ScaleQuantumToChar LosslessReduceDepthOK ReadOneMNGImage...

BS.Player 2.56 - .m3u .pls File Processing Multiple Remote Denial of Service Vulnerabilities

BS.Player 2.56 - .m3u .pls File Processing Multiple Remote Denial of Service Vulnerabilities source: https://www.securityfocus.com/bid/43502/info BS.Player is prone to multiple remote denial-of-service vulnerabilities. An attacker can exploit these issues to cause an affected application to crash...