20071 matches found
Security update for python-cbor2 (important)
openSUSE security update: security update for python-cbor2 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2025-20133-1 Rating: important References: bsc1220096 bsc1253746 Cross-References: CVE-2024-26134 CVE-2025-64076 CVSS scores: CVE-2025-64076 SUSE :...
PT-2025-50583
Name of the Vulnerable Software and Affected Versions glib affected versions not specified Description A flaw exists in glib that can lead to a denial-of-service DoS condition. The issue is a heap buffer overflow caused by an integer overflow within the escape byte string function, part of GLib's...
Linux Distros Unpatched Vulnerability : CVE-2025-61729
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string ...
DEBIAN-CVE-2025-65955
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-9 and 6.9.13-34, there is a vulnerability in ImageMagick’s Magick++ layer that manifests when Options::fontFamily is invoked with an empty string. Clearing a font family calls...
CVE-2025-65955
ImageMagick’s Magick++ vulnerability CVE-2025-65955 manifests when Options::fontFamily is invoked with an empty string, causing a use-after-free/dangling font pointer in _drawInfo->font and potentially leading to crashes or heap corruption on cleanup or subsequent updates. The issue arises bec...
CVE-2025-61729
Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can...
AZL-71255 CVE-2025-61729 affecting package golang 1.26.0-1
Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can...
CVE-2025-61729
Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can...
AZL-71305 CVE-2025-61729 affecting package msft-golang 1.24.13-1
Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can...
AZL-78931 CVE-2025-61729 affecting package golang 1.25.7-1
Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can...
UBUNTU-CVE-2025-61729
Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can...
CVE-2025-61729
Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can...
CVE-2025-61729 Excessive resource consumption when printing error string for host certificate validation in crypto/x509
Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can...
CVE-2025-61729 Excessive resource consumption when printing error string for host certificate validation in crypto/x509
Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can...
CVE-2025-61729
CVE-2025-61729 is a DoS in Go components exposed by crafted certificates, tied to excessive resource consumption from unbounded error string construction (HostnameError.Error) and related quadratic runtime. Multiple advisories (ALSA and container tooling) reference this CVE as a security fix targ...
SUSE-SU-2025:21168-1 Security update for python-cbor2
This update for python-cbor2 fixes the following issues: - CVE-2025-64076: Fixed bug in decodedefinitelongstring that causes incorrect chunk length calculation bsc1253746. Already fixed in release 5.6.3: - CVE-2024-26134: Fixed potential crash when hashing a CBORTag bsc1220096...
OPENSUSE-SU-2025:20133-1 Security update for python-cbor2
This update for python-cbor2 fixes the following issues: - CVE-2025-64076: Fixed bug in decodedefinitelongstring that causes incorrect chunk length calculation bsc1253746. Already fixed in release 5.6.3: - CVE-2024-26134: Fixed potential crash when hashing a CBORTag bsc1220096...
CVE-2025-11780
Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'showMeterReport' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf'. The 'GetParametermeter' function retrieves the user input, which is directly incorporated in...
AZL-71311 CVE-2025-10543 affecting package influxdb for versions less than 2.7.5-10
In Eclipse Paho Go MQTT v3.1 library paho.mqtt.golang versions =1.5.0 UTF-8 encoded strings, passed into the library, may be incorrectly encoded if their length exceeds 65535 bytes. This may lead to unexpected content in packets sent to the server for example, part of an MQTT topic may leak into...
Numeric Truncation Error
Overview Affected versions of this package are vulnerable to Numeric Truncation Error due to improper conversion of string length from an int64/int32 to an int16 without checks for overflows. values in the process handling UTF-8 encoded data. An attacker can cause packet corruption or unintended...