OSV-2026-720 Heap-buffer-overflow in coap_persist_startup_lkd

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=511948388 Crash type: Heap-buffer-overflow READ 8 Crash state: coappersiststartuplkd persisttarget.c...

CVE-2019-25474

Easy MP3 Downloader 4.7.8.8 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long unlock code. Attackers can generate a file containing 6000 'A' characters and paste the contents into the Unlock Code field during application...

CVE-2019-25474 Easy MP3 Downloader 4.7.8.8 Denial of Service Buffer Overflow

Easy MP3 Downloader 4.7.8.8 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long unlock code. Attackers can generate a file containing 6000 'A' characters and paste the contents into the Unlock Code field during application...

CVE-2019-25474

Product: Easy MP3 Downloader 4.7.8.8. Vulnerability: Buffer overflow that allows a local attacker to crash the application by supplying an excessively long unlock code, triggering a denial of service during startup (e.g., file with 6000 'A' characters). Impact (as stated): Availability impact is ...

CVE-2025-10021

A Use of Uninitialized Variable vulnerability exists in Open Design Alliance Drawings SDK static versions mt before 2026.12. Static object COdaMfcAppApp theApp may access OdString::kEmpty before its initialization. Due to undefined initialization order of static objects across translation units...

CVE-2025-10021

A Use of Uninitialized Variable vulnerability exists in Open Design Alliance Drawings SDK static versions mt before 2026.12. Static object COdaMfcAppApp theApp may access OdString::kEmpty before its initialization. Due to undefined initialization order of static objects across translation units...

CVE-2025-10021

A Use of Uninitialized Variable vulnerability exists in Open Design Alliance Drawings SDK static versions mt before 2026.12. Static object COdaMfcAppApp theApp may access OdString::kEmpty before its initialization. Due to undefined initialization order of static objects across translation units...

CVE-2025-10021

A Use of Uninitialized Variable vulnerability exists in Open Design Alliance Drawings SDK static versions mt before 2026.12. Static object COdaMfcAppApp theApp may access OdString::kEmpty before its initialization. Due to undefined initialization order of static objects across translation units...

PT-2025-52653

Name of the Vulnerable Software and Affected Versions Open Design Alliance Drawings SDK versions prior to 2026.12 Description A Use of Uninitialized Variable issue exists in the software. A static object COdaMfcAppApp theApp may access OdString::kEmpty before its initialization. This is due to...

CVE-2025-12200

No description is available for this CVE. Mitigation No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability. To reduce the risk, restrict write access to the dnsmasq.conf file and related configuration directorie...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaThunderbird (SUSE-SU-2025:03309-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03309-1 advisory. Update to Mozilla Thunderbird 140.3 bsc1249391. Security issues fixed: - MFSA 2025-78...

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 140.3 bsc1249391. Security issues fixed: MFSA 2025-78 CVE-2025-10527: sandbox escape due to use-after-free in the Graphics: Canvas2D component. CVE-2025-10528: sandbox escape due to undefined behavior,...

SUSE-SU-2025:03309-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 140.3 bsc1249391. Security issues fixed: - MFSA 2025-78 CVE-2025-10527: sandbox escape due to use-after-free in the Graphics: Canvas2D component. CVE-2025-10528: sandbox escape due to undefined behavior,...

PT-2025-38268

Name of the Vulnerable Software and Affected Versions Suricata versions prior to 8.0.1 Description Suricata, a network IDS, IPS and NSM engine, contains a flaw where rules utilizing the ldap.responses.attribute type keyword, in conjunction with transforms, can cause a stack buffer overflow. This...

Linux Distros Unpatched Vulnerability : CVE-2023-21136

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In multiple functions of JobStore.java, there is a possible way to cause a crash on startup due to improper input validation. This could lead to local denial of...

SUSE-SU-2025:02475-1 Security update 4.3.16 for Multi-Linux Manager Server

This update fixes the following issues: cobbler: - Prevent crash during Cobbler startup on NFS environments bsc1240666 - Synchronize cobbler add and sync actions bsc1233371 - Exclude disabled profiles from buildiso gen bsc1230908 grafana-formula: - Version 4.3.0: Added SUSE Linux Enterprise Serve...

CVE-2023-21136

In multiple functions of JobStore.java, there is a possible way to cause a crash on startup due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

DEBIAN-CVE-2022-49129

In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: fix crash when startup fails. If the nic fails to start, it is possible that the resetwork has already been scheduled. Ensure the work item is canceled so we do not have use-after-free crash in case cleanup is calle...

libreswan: Missing PreSharedKey for connection can cause crash

A flaw was found in Libreswan. This issue causes Libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use PreSharedKeys authby=secret, and the connection cannot find a matching configured secret. When automatically added on startup using the auto= keyword,...

SUSE-RU-2024:2684-1 Recommended update for mozilla-nss

This update for mozilla-nss fixes the following issues: - Fixed startup crash of Firefox when using FIPS-mode bsc1223724. - Added 'Provides: nss' so other RPMs that require 'nss' can be installed jira PED-6358. - FIPS: added safe memsets bsc1222811 - FIPS: restrict AES-GCM bsc1222830 - FIPS:...