phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.2 contained security vulnerabilities. These vulnerabilities stemmed from the AbstractAdministrationController::userHasPermission function, which did not terminate execution...

OpenSSH 安全漏洞

OpenSSH OpenBSD Secure Shell is a set of open-source connection tools developed by OpenBSD in Canada for secure access to remote computers. This tool is an open-source implementation of the SSH protocol, supporting encryption of all transmissions. It effectively prevents eavesdropping, connection...

CVE-2025-13878

Malformed BRID/HHIT records can cause named to terminate unexpectedly. This issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9.21.12 through 9.21.16, 9.18.40-S1 through 9.18.43-S1, and 9.20.13-S1 through 9.20.17-S1...

SUSE SLES12 Security Update : amazon-ssm-agent (SUSE-SU-2025:4244-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:4244-1 advisory. - CVE-2025-47913: Fixed a bug in the client process termination when receiving an unexpected message type in response to a key listing or...

openSUSE Security Advisory (SUSE-SU-2025:4245-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-381607)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-381607 advisory. In the Linux kernel, the following vulnerability has been resolved: clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays The frequency table arrays are...

Linux Distros Unpatched Vulnerability : CVE-2024-36288

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix loop termination condition in gssfreeintokenpages The intoken-pages array is not...

Apple iOS和Apple iPadOS 安全漏洞

Apple iOS and Apple iPadOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS prior to 18.4 and Apple iPadOS prior to 18.4, which stems from an...

SUSE CVE-2025-22003

In the Linux kernel, the following vulnerability has been resolved: can: ucan: fix out of bound read in strscpy source Commit 7fdaf8966aae "can: ucan: use strscpy to instead of strncpy" unintentionally introduced a one byte out of bound read on strscpy's source argument which is kind of ironic...

UBUNTU-CVE-2023-46586

cgi.c in weborf .0.17, 0.18, 0.19, and 0.20 before 1.0 lacks '\0' termination of the path for CGI scripts because strncpy is misused...

CVE-2024-34092

An issue was discovered in Archer Platform 6 before 2024.04. Authentication was mishandled because lock did not terminate an existing session. 6.14 P3 6.14.0.3 is also a fixed release...

CVE-2022-2466

It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictable behavior...

DEBIAN-CVE-2020-12460

OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarcxmlparse that can result in a one-byte heap overflow in opendmarcxml when parsing a specially crafted DMARC aggregate report. This can cause remote memory corruption when a '\0' byte...

UBUNTU-CVE-2015-6241

The prototreeaddbytesitem function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 does not properly terminate a data structure after a failure to locate a number within a string, which allows remote attackers to cause a denial of service application crash vi...

DEBIAN-CVE-2007-2488

The IAX2 channel driver chaniax2 in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss of transmitted data, and possibly obtain sensitive information memory contents or cause a denial of service application crash, by sending a frame that...