AlmaLinux 9 : libxml2 (ALSA-2025:10699)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:10699 advisory. libxml: Heap use after free UAF leads to Denial of service DoS CVE-2025-49794 libxml: Type confusion leads to Denial of service DoS CVE-2025-49796 libxml...

CVE-2025-7417

A vulnerability has been found in Tenda O3V2 1.0.0.123880 and classified as critical. Affected by this vulnerability is the function fromNetToolGet of the file /goform/setPingInfo of the component httpd. The manipulation of the argument ip leads to stack-based buffer overflow. The attack can be...

CVE-2025-7416

A vulnerability, which was classified as critical, was found in Tenda O3V2 1.0.0.123880. Affected is the function fromSysToolTime of the file /goform/setSysTimeInfo of the component httpd. The manipulation of the argument Time leads to stack-based buffer overflow. It is possible to launch the...

CVE-2025-38315

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: Check dsbr size from EFI variable Since the size of struct btinteldsbr is already known, we can just start there instead of querying the EFI variable size. If the final result doesn't match what we expect also...

CVE-2025-38315

CVE-2025-38315 concerns a Linux kernel Bluetooth driver issue (btintel). The root cause is a mismatch between the EFI variable size and the known struct btintel_dsbr size, which could lead to a stack overflow if the EFI variable is larger than expected. The fix alters the check to rely on the kno...

CVE-2025-38315 Bluetooth: btintel: Check dsbr size from EFI variable

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: Check dsbr size from EFI variable Since the size of struct btinteldsbr is already known, we can just start there instead of querying the EFI variable size. If the final result doesn't match what we expect also...

CVE-2025-38315 Bluetooth: btintel: Check dsbr size from EFI variable

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: Check dsbr size from EFI variable Since the size of struct btinteldsbr is already known, we can just start there instead of querying the EFI variable size. If the final result doesn't match what we expect also...

SUSE SLED15 / SLES15 Security Update : libxml2 (SUSE-SU-2025:02260-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02260-1 advisory. - CVE-2025-49794: Fixed a heap use after free which could lead to denial of service. bsc1244554 -...

CVE-2025-7206

A vulnerability, which was classified as critical, has been found in D-Link DIR-825 2.10. This issue affects the function sub410DDC of the file switchlanguage.cgi of the component httpd. The manipulation of the argument Language leads to stack-based buffer overflow. The attack may be initiated...

AlmaLinux 8 : jq (ALSA-2025:10618)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:10618 advisory. jq: jq has signed integer overflow in jv.c:jvparraywrite CVE-2024-23337 jq: AddressSanitizer: stack-buffer-overflow in jqfuzzexecute jvstringvfmt...

ALSA-2025:10698 Important: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml: Heap use after free UAF leads to Denial of service DoS CVE-2025-49794 libxml: Type confusion leads to Denial of service DoS CVE-2025-49796 libxml2: Integer Overflow in...

RHEL 8 : libxml2 (RHSA-2025:10698)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:10698 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml: Heap use after...

RHEL 10 : libxml2 (RHSA-2025:10630)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:10630 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml: Heap use after...

jq: AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt)

A flaw was found in jq, a command line JSON processor. A specially crafted input can cause a heap-based buffer over-read when formatting an empty string because it was not properly null-terminated, causing a crash and resulting in a denial of service...

Moderate: Red Hat Security Advisory: jq security update

An update for jq is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

jq: AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt)

A flaw was found in jq, a command line JSON processor. A specially crafted input can cause a heap-based buffer over-read when formatting an empty string because it was not properly null-terminated, causing a crash and resulting in a denial of service...

jq: AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt)

A flaw was found in jq, a command line JSON processor. A specially crafted input can cause a heap-based buffer over-read when formatting an empty string because it was not properly null-terminated, causing a crash and resulting in a denial of service...

Adobe Illustrator 安全漏洞

Adobe Illustrator is a set of vector-based image creation software from the American company Audobee Adobe. A stack buffer overflow vulnerability exists in Adobe Illustrator, which can be exploited by an attacker to execute arbitrary code in the context of the current user...

RHEL 8 : jq (RHSA-2025:10618)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:10618 advisory. jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or...

PT-2025-28789 · Adobe · Illustrator

Name of the Vulnerable Software and Affected Versions: Illustrator versions 28.7.6 and earlier Illustrator version 29.5.1 and earlier Description: Illustrator is susceptible to a Stack-based Buffer Overflow that may lead to arbitrary code execution with current user privileges. Successful...