DEBIAN-CVE-2025-38528

In the Linux kernel, the following vulnerability has been resolved: bpf: Reject %p% format string in bprintf-like helpers static const char fmt = "%p%"; bpftraceprintkfmt, sizeoffmt; The above BPF program isn't rejected and causes a kernel warning at runtime: Please remove unsupported %\x00 in...

CVE-2011-10012

NetOp now part of Impero Software Remote Control Client v9.5 is vulnerable to a stack-based buffer overflow when processing .dws configuration files. If a .dws file contains a string longer than 520 bytes, the application fails to perform proper bounds checking, allowing an attacker to execute...

PT-2025-33346 · Netbula +1 · Nebula +1

Name of the Vulnerable Software and Affected Versions: Malwarebytes versions prior to 4.6.14.326 Malwarebytes versions prior to 5.1.5.116 Nebula versions 2020-10-21 and later Description: An out-of-bounds read issue exists in the strings detection utilities, leading to system crashes...

CVE-2011-10012

NetOp Remote Control Client (now Impero) v9.5 contains a stack-based buffer overflow when parsing .dws configuration files. If a .dws string exceeds 520 bytes, bounds checking fails, potentially allowing arbitrary code execution when the file is opened. Public references confirm the vulnerable co...

CVE-2011-10015

Cytel Studio version 9.0 and earlier is vulnerable to a stack-based buffer overflow triggered by parsing a malformed .CY3 file. The vulnerability occurs when the application copies user-controlled strings into a fixed-size stack buffer 256 bytes without proper bounds checking. Exploitation allows...

BIT-LIBPHP-2024-2757 PHP mb_encode_mimeheader runs endlessly for some inputs

In PHP 8.3. before 8.3.5, function mbencodemimeheader runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function...

BIT-LIBPYTHON-2020-10735

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int"text", a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits float, decimal, int.frombytes, and int for binary bases 2, 4, 8, 16, and 32 are no...

Linux Distros Unpatched Vulnerability : CVE-2024-31228

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string...

Medium: ImageMagick

Issue Overview: ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the InterpretImageFilename function. The issue stems from an off-by-one error that causes out-of-bounds memory acce...

Medium: ImageMagick

Issue Overview: ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the InterpretImageFilename function. The issue stems from an off-by-one error that causes out-of-bounds memory acce...

[SECURITY] Fedora 42 Update: binutils-2.44-6.fc42

Binutils is a collection of binary utilities, including ar for creating, modifying and extracting from archives, as a family of GNU assemblers, gprof for displaying call graph profile data, ld the GNU linker, nm for listing symbols from object files, objcopy for copying and translating object...

The vulnerability of the device management platform for systems related to heating, ventilation, and air conditioning, lighting, and energy consumption within the Niagara Framework, as well as the Niagara Enterprise Security tools for access control and security, stems from the ability to disclose information through a query string, allowing attackers to compromise the confidentiality of protected information.

The vulnerability of the device management platform for heating, ventilation, and air conditioning systems, lighting, and energy consumption, as well as the Niagara Framework and its access control and security measures, is related to the disclosure of information through query strings. Exploitin...

Vulnerability fixed in SonicWall SonicOS

SonicWall has fixed a vulnerability in SonicOS. The vulnerability is in how SonicOS' SSL VPN interface handles externally controlled formatting strings. This can be exploited by external, unauthenticated attackers, leading to service disruptions. Attackers can exploit this vulnerability to affect...

Security update 5.1.0 GM for Multi-Linux Manager Client Tools

This update fixes the following issues: spacecmd: Version update from 5.1.6-0 to 5.1.8-0 with the following key change: Update translation strings uyuni-tools: Version 5.1.14-0: Fix mgradm backup create handling of images and systemd files bsc1244563 migrate existing TLS certificates from 4.3...

Cross-site Scripting (XSS)

Vue I18n is vulnerable to Cross-site Scripting XSS. The vulnerability is due to incomplete escaping of interpolated parameters caused by the failure of the escapeParameterHtml: true option to prevent tag-based payload execution when rendered using v-html, even with minor HTML in translation strin...

Cross-site Scripting (XSS)

Overview org.webjars.bowergithub.kazupon:vue-i18n is an Internationalization plugin for Vue.js Affected versions of this package are vulnerable to Cross-site Scripting XSS when performing translations with escapeParameterHtml set to true. An attacker can execute arbitrary JavaScript code in the...

CVE-2025-53014

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the InterpretImageFilename function. The issue stems from an off-by-one error that causes out-of-bounds memory access when processi...

CVE-2025-53014

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the InterpretImageFilename function. The issue stems from an off-by-one error that causes out-of-bounds memory access when processi...

Security Bulletin: Using untrusted strings with .replace on Babel-compiled regex named capturing groups can lead to performance degradation, which affects IBM watsonx.data

Summary Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 to compile regular expression named capturing groups, Babel will generate a polyfill for the .replace method that has quadratic complexity on some specific...

OESA-2025-1796 glib2 security update

GLib is a bundle of three formerly five low-level system libraries written in C and developed mainly by GNOME. GLib's code was separated from GTK, so it can be used by software other than GNOME and has been developed in parallel ever since. Security Fixes: A flaw was found in how GLib’s GString...