CVE-2025-38546 atm: clip: Fix memory leak of struct clip_vcc.

In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix memory leak of struct clipvcc. ioctlATMARPMKIP allocates struct clipvcc and set it to vcc-userback. The code assumes that vccdestroysocket passes NULL skb to vcc-push when the socket is closed, and then clippush...

CLSA-2023-1697740212 glib2: Fix of 5 CVEs

Enable internal tests - Skip several failed tests from the check - CVE-2023-29499: Fix GVariant offset table entry size which is not checked in isnormal - CVE-2023-32611: Fix an issue where gvariantbyteswap can take a long time with some non-normal inputs - CVE-2023-32665: Fix GVariant...

Huawei EulerOS: Security Advisory for glib2 (EulerOS-SA-2023-2540)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2023:2060-1 Security update for glib2

This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant bsc1209714. - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant bsc1209713. The following non-security bug was fixed: - Fix...

GHSA-R96P-V3CR-GFV8 Cross-site Scripting (XSS) in @scullyio/scully

This affects the package @scullyio/scully before 1.0.9. The transfer state is serialised with the JSON.stringify function and then written into the HTML page...

Five Star Restaurant Menu < 2.2.1 - Unauthenticated PHP Object Injection

The plugin unserialised the fdmcart cookie value without any sanitisation or validation first, when the Ordering setting of the plugin was enabled, leading to a PHP object injection which could lead to RCE...

CVE-2018-1000525

openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request variables that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Specially crafted GET request variable containing serialised PHP object. This...

Information disclosure

openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request variables that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Specially crafted GET request variable containing serialised PHP object. This...

OpenText Documentum D2 - Remote Code Execution

OpenText Documentum D2 - Remote Code Execution / CVE Identifier: CVE-2017-5586 Vendor: OpenText Affected products: Documentum D2 version 4.x Researcher: Andrey B. Panfilov Severity Rating: CVSS v3 Base Score: 10.0 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Description: Document D2 contains vulnerable...

Code injection

PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::toString with DateInterval::wakeup...