CBL Mariner 2.0 Security Update: libxml2 (CVE-2025-24928)

The version of libxml2 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-24928 advisory. - libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in...

CVE-2024-53427

decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form ...

AZL-68717 CVE-2022-49610 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Prevent RSB underflow before vmenter On VMX, there are some balanced returns between the time the guest's SPECCTRL value is written, and the vmenter. Balanced returns matched by a preceding call are usually ok, but it's...

UBUNTU-CVE-2022-49611

In the Linux kernel, the following vulnerability has been resolved: x86/speculation: Fill RSB on vmexit for IBRS Prevent RSB underflow/poisoning attacks with RSB. While at it, add a bunch of comments to attempt to document the current state of tribal knowledge about RSB attacks and what exactly i...

CVE-2024-53427

decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form ...

PT-2025-8729

Name of the Vulnerable Software and Affected Versions jq version 1.7.1 Description The issue is related to a stack-buffer-overflow in the decNumberCopy function within decNumber.c. Recommendations For jq version 1.7.1, at the moment, there is no information about a newer version that contains a f...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not populating the RSB during vmexit to prevent IBRS attacks...

CVE-2024-53427

The CVE-2024-53427 issue in jq (through 1.7.1) arises from decNumberCopy in decNumber.c misinterpreting NaN as numeric, leading to a stack-based buffer overflow and out-of-bounds write. Demonstrated by using --slurp with subtraction on certain digit strings containing NaN (e.g., "1 NaN123" follow...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from VMX before vmenter that could lead to an RSB underflow...

Amazon Linux 2023 : zziplib, zziplib-devel, zziplib-utils (ALAS2023-2025-859)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-859 advisory. Heap Buffer Overflow vulnerability in zziplib v0.13.77 allows attackers to cause a denial of service via the zzipparserootdirectory function at /zzip/zip.c. CVE-2024-39133 A Stack Buffer Overfl...

CVE-2024-53427

decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form ...

DEBIAN-CVE-2025-26595

A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size...

AZL-57277 CVE-2025-26595 affecting package xorg-x11-server 1.20.10-6

A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size...

X.Org和Xwayland 安全漏洞

X.Org is an open source free software from the X.Org Foundation.Xwayland is an open source communication protocol from Xwayland that specifies how a display server communicates with its clients. A security vulnerability exists in X.Org and Xwayland that stems from the XkbVModMaskText function...

Medium: zziplib

Issue Overview: Heap Buffer Overflow vulnerability in zziplib v0.13.77 allows attackers to cause a denial of service via the zzipparserootdirectory function at /zzip/zip.c. CVE-2024-39133 A Stack Buffer Overflow vulnerability in zziplibv 0.13.77 allows attackers to cause a denial of service via t...

D-Link DAP-1320 安全漏洞

The D-Link DAP-1320 is a wireless signal extender from China-based AUO D-Link. The D-Link DAP-1320 suffers from a stack buffer overflow vulnerability that originates from the function replacespecialchar in file /storagein.pd-XXXXXX.An attacker can exploit this vulnerability to cause a program cra...

GHSA-5MWF-688X-MR7X Duplicate Advisory: Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vvfq-8hwr-qm4m. This link is maintained to preserve external references. Original Description Summary Nokogiri v1.18.3 upgrades its dependency libxml2 to v2.13.6. libxml2 v2.13.6 addresses: - CVE-2025-24928 -...

[slackware-security] libxml2

New libxml2 packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libxml2-2.11.9-i586-2slack15.0.txz: Rebuilt. This update fixes security issues: Fix stack-buffer-overflow in xmlSnprintfElements. Fix...

GHSA-VVFQ-8HWR-QM4M Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171

Summary Nokogiri v1.18.3 upgrades its dependency libxml2 to v2.13.6. libxml2 v2.13.6 addresses: - CVE-2025-24928 - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/847 - CVE-2024-56171 - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/828 Impact CVE-2025-24928 Stack-buffe...

CVE-2025-24928

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047...