SUSE SLED15 / SLES15 / openSUSE 15 Security Update : wireshark (SUSE-SU-2025:0754-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0754-1 advisory. Update to version 4.2.11: - CVE-2025-1492: uncontrolled recursion leading to a stack buffer overflow can...

CVE-2024-53427

A flaw was discovered in the jq package. In affected versions, specially-crafted input may trigger an unsafe memory operation leading to a stack buffer overflow. This can cause an application crash or other unintended behavior...

OSV-2025-169 Stack-buffer-overflow in utf8_in2

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=399228595 Crash type: Stack-buffer-overflow READ 1 Crash state: utf8in2 MatchRule TranslateRules...

DrayTek Vigor 165 安全漏洞

The DrayTek Vigor 165 is a VDSL2 35b super vector modem/router from DrayTek China. A security vulnerability exists in the DrayTek Vigor 165 that originates from a stack buffer overflow in the URL parsing function, which allows remote attackers to execute arbitrary code...

CBL Mariner 2.0 Security Update: libxml2 (CVE-2025-24928)

The version of libxml2 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-24928 advisory. - libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in...

CVE-2024-53427

decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form ...

CVE-2024-53427

decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form ...

CVE-2024-53427

The CVE-2024-53427 issue in jq (through 1.7.1) arises from decNumberCopy in decNumber.c misinterpreting NaN as numeric, leading to a stack-based buffer overflow and out-of-bounds write. Demonstrated by using --slurp with subtraction on certain digit strings containing NaN (e.g., "1 NaN123" follow...

PT-2025-8729

Name of the Vulnerable Software and Affected Versions jq version 1.7.1 Description The issue is related to a stack-buffer-overflow in the decNumberCopy function within decNumber.c. Recommendations For jq version 1.7.1, at the moment, there is no information about a newer version that contains a f...

Amazon Linux 2023 : zziplib, zziplib-devel, zziplib-utils (ALAS2023-2025-859)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-859 advisory. Heap Buffer Overflow vulnerability in zziplib v0.13.77 allows attackers to cause a denial of service via the zzipparserootdirectory function at /zzip/zip.c. CVE-2024-39133 A Stack Buffer Overfl...

CVE-2024-53427

decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form ...

Medium: zziplib

Issue Overview: Heap Buffer Overflow vulnerability in zziplib v0.13.77 allows attackers to cause a denial of service via the zzipparserootdirectory function at /zzip/zip.c. CVE-2024-39133 A Stack Buffer Overflow vulnerability in zziplibv 0.13.77 allows attackers to cause a denial of service via t...

D-Link DAP-1320 安全漏洞

The D-Link DAP-1320 is a wireless signal extender from China-based AUO D-Link. The D-Link DAP-1320 suffers from a stack buffer overflow vulnerability that originates from the function replacespecialchar in file /storagein.pd-XXXXXX.An attacker can exploit this vulnerability to cause a program cra...

GHSA-5MWF-688X-MR7X Duplicate Advisory: Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vvfq-8hwr-qm4m. This link is maintained to preserve external references. Original Description Summary Nokogiri v1.18.3 upgrades its dependency libxml2 to v2.13.6. libxml2 v2.13.6 addresses: - CVE-2025-24928 -...

[slackware-security] libxml2

New libxml2 packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libxml2-2.11.9-i586-2slack15.0.txz: Rebuilt. This update fixes security issues: Fix stack-buffer-overflow in xmlSnprintfElements. Fix...

GHSA-VVFQ-8HWR-QM4M Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171

Summary Nokogiri v1.18.3 upgrades its dependency libxml2 to v2.13.6. libxml2 v2.13.6 addresses: - CVE-2025-24928 - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/847 - CVE-2024-56171 - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/828 Impact CVE-2025-24928 Stack-buffe...

CVE-2025-24928

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047...

OSV-2025-133 Stack-buffer-overflow in se_read_conf

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=396958482 Crash type: Stack-buffer-overflow READ 1 Crash state: sereadconf runconfighandler snmpconfigwhen...

MicroWorld eScan Antivirus 安全漏洞

MicroWorld eScan Antivirus is an antivirus software from MicroWorld. A security vulnerability exists in MicroWorld eScan Antivirus version 7.0.32, which originates in the VirusPopUp component strcpy function that causes a stack buffer overflow...

CVE-2024-53311

A Stack buffer overflow in the arguments parameter in Immunity Inc. Immunity Debugger v1.85 allows attackers to execute arbitrary code via a crafted input that exceeds the buffer size...