The vulnerabilities of the functions mbedtls_pem_read_buffer() and mbedtls_pk_parse() in the Mbed TLS software allow a attacker to cause a service failure or disclose protected information.

The vulnerability of the mbedtlspemreadbuffer and mbedtlspkparse functions in Mbed TLS is related to an off-by-one error. Exploiting this vulnerability can allow a remote attacker to cause service failures or expose protected information...

Apple macOS USD CustomLoadImageData Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the USD library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the USD...

GStreamer < 1.26.2 Multiple Vulnerabilities (macOS)

The version of GStreamer installed on the remote host is prior to 1.26.2. It is, therefore, is affected by multiple vulnerabilities, as follows: - A NULL-pointer dereference in the SubRip subtitle parser that can cause crashes for certain input files. CVE-2025-47807 - A NULL-pointer dereference i...

CVE-2020-13439

ffjpeg through 2020-02-24 has a heap-based buffer over-read in jfifdecode in jfif.c...

CVE-2020-6628

Ming aka libming 0.4.8 has a heap-based buffer over-read in the function decompileSWITCH in decompile.c...

Alibaba Cloud Linux 3 : 0088: p11-kit (ALINUX3-SA-2022:0088)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0088 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-29361: An issue was discovered in...

[SECURITY] [DLA 4140-1] libsoup2.4 security update

Debian LTS Advisory DLA-4140-1 [email protected] https://www.debian.org/lts/security/ Andreas Henriksson April 27, 2025 https://wiki.debian.org/LTS Package : libsoup2.4 Version : 2.72.0-2+deb11u2 CVE ID : CVE-2025-2784 CVE-2025-32050 CVE-2025-32052 CVE-2025-32053 CVE-2025-32906...

PT-2025-16744

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A read buffer overflow was possible in the Linux kernel due to the ibmvnic driver printing hex dumps using string formatters. The issue occurred when the buffer size was not a multiple o...

SUSE CVE-2024-0131

NVIDIA GPU kernel driver for Windows and Linux contains a vulnerability where a potential user-mode attacker could read a buffer with an incorrect length. A successful exploit of this vulnerability might lead to denial of service...

AZL-55056 CVE-2024-56769 affecting package kernel for versions less than 6.6.76.1-1

In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: dib3000mb: fix uninit-value in dib3000writereg Syzbot reports 1 an uninitialized value issue found by KMSAN in dib3000readreg. Local u8 rb2 is used in i2ctransfer as a read buffer; in case that call fails, t...

AZL-55082 CVE-2024-56769 affecting package kernel for versions less than 5.15.176.3-1

In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: dib3000mb: fix uninit-value in dib3000writereg Syzbot reports 1 an uninitialized value issue found by KMSAN in dib3000readreg. Local u8 rb2 is used in i2ctransfer as a read buffer; in case that call fails, t...

UBUNTU-CVE-2024-56769

In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: dib3000mb: fix uninit-value in dib3000writereg Syzbot reports 1 an uninitialized value issue found by KMSAN in dib3000readreg. Local u8 rb2 is used in i2ctransfer as a read buffer; in case that call fails, t...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel, which stems from the use of the uninitialized local variable rb as a read buffer in the dvb-frontends/dib3000mb driver of t...

CVE-2024-47776

GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in gstwavparsecuechunk within gstwavparse.c. The vulnerability happens due to a discrepancy between the size of the data buffer and the size value provided to the function. This mismatch...

UBUNTU-CVE-2024-50190

In the Linux kernel, the following vulnerability has been resolved: ice: fix memleak in iceinittxtopology Fix leak of the FW blob DDP pkg. Make icecfgtxtopo const-correct, so iceinittxtopology can avoid copying whole FW blob. Copy just the topology section, and only when needed. Reuse the buffer...

SUSE CVE-2024-50169

In the Linux kernel, the following vulnerability has been resolved: vsock: Update rxbytes on readskb Make sure virtiotransportincrxpkt and virtiotransportdecrxpkt calls are balanced i.e. virtiovsocksock::rxbytes doesn't lie after vsocktransport::readskb. While here, also inform the peer that we'v...

CLSA-2024-1730369378 php: Fix of CVE-2024-8925

CVE-2024-8925: Fix data integrity violation while parsing multipart/form-data boundaries larger than the read buffer...

CLSA-2024-1730369205 php: Fix of CVE-2024-8925

CVE-2024-8925: Fix data integrity violation while parsing multipart/form-data boundaries larger than the read buffer...

CLSA-2024-1730141462 php: Fix of CVE-2024-8925

CVE-2024-8925: Fix data integrity violation while parsing multipart/form-data boundaries larger than the read buffer...

CLSA-2024-1730139582 php: Fix of CVE-2024-8925

CVE-2024-8925: Fix data integrity violation while parsing multipart/form-data boundaries larger than the read buffer...