20 matches found
VMware Spring Framework 安全漏洞
VMware Spring Framework is an open-source Java/JavaEE application framework developed by VMware, a US-based company. This framework helps developers build high-quality applications. Versions 7.0.0 to 7.0.7, 6.2.0 to 6.2.18, 6.1.0 to 6.1.27, and 5.3.0 to 5.3.48 of the VMware Spring Framework conta...
[SECURITY] Fedora 43 Update: uriparser-1.0.2-1.fc43
Uriparser is a strictly RFC 3986 compliant URI parsing library written in C. uriparser is cross-platform, fast, supports Unicode and is licensed under the New BSD license...
CVE-2026-31775
In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Don't enumerate SPDIF1 at DAIO initialization The recent refactoring of xfi driver changed the assignment of atc-daios at atcgetresources; now it loops over all enum DAIOTYP entries while it looped formerly only a pa...
VMware Spring Framework 资源管理错误漏洞
VMware Spring Framework is an open-source Java/JavaEE application framework developed by VMware Corporation in the United States. This framework helps developers build high-quality applications. There is a resource management vulnerability in the VMware Spring Framework, which stems from a...
VMware Spring Framework 安全漏洞
VMware Spring Framework is an open-source Java/JavaEE application framework developed by VMware, a US-based company. This framework helps developers build high-quality applications. There is a security vulnerability in the VMware Spring Framework, which stems from caching malicious resources duri...
CVE-2026-35562 Allocation of resources without limits in parsing components in Amazon Athena ODBC driver
Allocation of resources without limits in the parsing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to cause a denial of service by delivering crafted input that triggers excessive resource consumption during the driver's parsing operations. To remediate this...
CVE-2025-64467
There is an out of bounds read vulnerability in NI LabVIEW in LVResFile::FindRsrcListEntry when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted...
CVE-2025-64469 Stack-based Buffer Overflow in LVResource::DetachResource() in NI LabVIEW
There is a stack-based buffer overflow vulnerability in NI LabVIEW in LVResFile::FindRsrcListEntry when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially...
SUSE CVE-2024-43823
In the Linux kernel, the following vulnerability has been resolved: PCI: keystone: Fix NULL pointer dereference in case of DT error in kspciesetuprcappregs If IORESOURCEMEM is not provided in Device Tree due to any error, resourcelistfirsttype will return NULL and pciparserequestofpciranges will...
GHSA-HVP5-5X4F-33FQ JADX file override vulnerability
Summary when jadx parses a resource file, there is an escape problem with the style file, which can overwrite other files in the directory when saving the decompile result. Although I don't think this vulnerability realizes path traversal in the true sense of the word , I reported it anyway Detai...
CVE-2022-41794
A heap based buffer overflow vulnerability exists in the PSD thumbnail resource parsing code of OpenImageIO 2.3.19.0. A specially-crafted PSD file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2022-41794
A heap based buffer overflow vulnerability exists in the PSD thumbnail resource parsing code of OpenImageIO 2.3.19.0. A specially-crafted PSD file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...
OpenImageIO 缓冲区错误漏洞
OpenImageIO is an image read and write library that also provides several tools and applications. a heap buffer overflow vulnerability exists in the PSD thumbnail resource parsing code in OpenImageIO v2.3.19.0. An attacker can exploit this vulnerability to cause arbitrary code execution via...
BIMx Desktop Viewer Resource Parsing Integer Overflow Vulnerability
Talos Vulnerability Report TALOS-2020-1032 BIMx Desktop Viewer Resource Parsing Integer Overflow Vulnerability November 6, 2020 CVE Number CVE-2020-6099 SUMMARY An exploitable code execution vulnerability exists in the file format parsing functionality of Graphisoft BIMx Desktop Viewer 2019.2.232...
CVE-2017-2779
An exploitable memory corruption vulnerability exists in the RSRC segment parsing functionality of LabVIEW 2017, LabVIEW 2016, LabVIEW 2015, and LabVIEW 2014. A specially crafted Virtual Instrument VI file can cause an attacker controlled looping condition resulting in an arbitrary null write. An...
Microsoft .NET Manifest Resource Information Disclosure Vulnerability
Talos Vulnerability Report TALOS-2015-0130 Microsoft .NET Manifest Resource Information Disclosure Vulnerability December 8, 2015 CVE Number CVE-2015-6114 Summary An exploitable information leak or denial of service vulnerability exists in the manifest resource parsing functionality of the .NET...
Secunia Research: Sun Java JDK/JRE Soundbank Resource Parsing Buffer Overflow
====================================================================== Secunia Research 31/03/2010 - Sun Java JDK/JRE Soundbank Resource Parsing Buffer Overflow - ====================================================================== Table of Contents Affected...
Debian DSA-455-1 : libxml - buffer overflows
libxml2 is a library for manipulating XML files. Yuuichi Teranishi Si Xi Yu ? discovered a flaw in libxml, the GNOME XML library. When fetching a remote resource via FTP or HTTP, the library uses special parsing routines which can overflow a buffer if passed a very long URL. If an attacker is abl...
GLSA-200403-01 : Libxml2 URI Parsing Buffer Overflow Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200403-01 Libxml2 URI Parsing Buffer Overflow Vulnerabilities Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6. When the libxml2 library fetches a remote resource via FTP or HTTP, libxml2 uses parsing routine...
Moderate: Red Hat Security Advisory: libxml2 security update
Updated libxml2 packages that fix an overflow when parsing remote resources are now available. libxml2 is a library for manipulating XML files. Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6. When fetching a remote resource via FTP or HTTP, libxml2 uses special parsing...