Ensure That the PATH User Variable Is Strictly Defined

In Linux, the PATH variable defines the path for searching for executable files in the user context of the current user. For example, if a user runs the ls command in any directory, the system searches for the ls command in the directories specified by PATH and executes the command. The PATH...

Ensure That the su Command Inherits the User Environment Variables Without Escalating Privileges

The su command enables a common user to have the permissions of the superuser or other users. It is often used for switching the user from a common user to the root user. The su command provides a convenient way for users to change their identities. However, if the su command is run without...

FreeType Out-of-Bounds Write Vulnerability

FreeType contains an out-of-bounds write vulnerability when attempting to parse font subglyph structures related to TrueType GX and variable font files that may allow for arbitrary code execution...

Azure Linux 3.0 Security Update: kernel (CVE-2025-21996)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21996 advisory. - In the Linux kernel, the following vulnerability has been resolved: drm/radeon: fix uninitialized size issue...

CVE-2025-43851 GHSL-2025-021_Retrieval-based-Voice-Conversion-WebUI

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The modelchoose variable takes user input e.g. a path to a model and passes it to the uvr function in vr.py. In uvr , a new instance...

Retrieval-based-Voice-Conversion-WebUI 代码问题漏洞

Retrieval-based-Voice-Conversion-WebUI is an open source voice training modeling tool from RVC-Project. A code issue vulnerability exists in Retrieval-based-Voice-Conversion-WebUI version 2.2.231006 and earlier, which stems from improper handling of the modelchoose variable, and could lead to...

Retrieval-based-Voice-Conversion-WebUI 代码问题漏洞

Retrieval-based-Voice-Conversion-WebUI is an open source voice training modeling tool from RVC-Project. A code issue vulnerability exists in Retrieval-based-Voice-Conversion-WebUI version 2.2.231006 and earlier, which stems from improper handling of the modelchoose variable, and could lead to...

PT-2025-19327 · Intel · Intel Uefi

Name of the Vulnerable Software and Affected Versions: Intel UEFI affected versions not specified Description: A vulnerability in the digital signature verification process does not properly validate variable attributes, which allows an attacker to bypass signature verification by creating a...

CVE-2023-53057

The CVE-2023-53057 entry corresponds to a Linux kernel Bluetooth HCI global-out-of-bounds bug. The issue arises in hci_init_stage_sync() looping a variable-length array, where amp_init1[] and amp_init2[] lacked an intentionally invalid final element, enabling out-of-bounds reads during hci_dev_op...

Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to an arbitrary code execution in logback-core [CVE-2024-12798]

Summary IBM Watson Speech Services Cartridge is vulnerable to an arbitrary code execution in logback-core, caused by a flaw in the JaninoEventEvaluator extension, that allowsve environment variable injection before program execution CVE-2024-12798. Logback-core is used in our Speech microservices...

CVE-2022-49865

In the Linux kernel, the following vulnerability has been resolved: ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network When copying a struct ifaddrlblmsg to the network, ifalreserved remained uninitialized, resulting in a 1-byte infoleak: BUG: KMSAN: kernel-network-infoleak...

PT-2025-18641 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A potential memory leak has been identified in the Linux kernel's NFC subsystem, specifically in the fdp nci send function. This function calls fdp nci i2c write, which does not free t...

Amazon Linux 2 : libreoffice (ALASLIBREOFFICE-2025-007)

The version of libreoffice installed on the remote host is prior to 5.3.6.1-21. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2LIBREOFFICE-2025-007 advisory. Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in The Documen...

CVE-2025-29625

A buffer overflow vulnerability in Astrolog v7.70 allows attackers to execute arbitrary code or cause a Denial of Service DoS via an overly long environment variable passed to FileOpen function...

picklescan 安全漏洞

picklescan is a security scanning program by the individual developer Matthieu Maitre. A security vulnerability exists in picklescan versions prior to 0.0.25, which stems from an insecure global variable that could lead to a data leak...

A Systematic Study on the Design of Odd-Sized Highly Nonlinear Boolean Functions Via Evolutionary Algorithms

This paper focuses on the problem of evolving Boolean functions of odd sizes with high nonlinearity, a property of cryptographic relevance. Despite its simple formulation, this problem turns out to be remarkably difficult. We perform a systematic evaluation by considering three solution encodings...

The vulnerability of software for discrete event simulation and automation in Rockwell Automation Arena, related to errors during initialization of variables, allows a perpetrator to execute arbitrary code.

The vulnerability of the software for discrete event simulation and automation in Rockwell Automation Arena is related to errors during initialization of variables. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created DOE file...

The vulnerability of software for discrete event simulation and automation in Rockwell Automation Arena, related to errors during initialization of variables, allows a perpetrator to execute arbitrary code.

The vulnerability of the software for discrete event simulation and automation in Rockwell Automation Arena is related to errors during initialization of variables. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created DOE file...

The vulnerability of the PSDInput::read_native_scanline() function in the src/psd.imageio/psdinput.cpp module of the OpenImageIO library allows a malicious actor to access protected information or cause a service failure.

The vulnerability of the PSDInput::readnativescanline function in the src/psd.imageio/psdinput.cpp module of the OpenImageIO library is related to the use of an uninitialized variable. Exploiting this vulnerability could allow a malicious actor to gain access to protected information or cause...

The vulnerability of software for discrete event simulation and automation in Rockwell Automation Arena, related to errors during initialization of variables, allows a perpetrator to execute arbitrary code.

The vulnerability of the software for discrete event simulation and automation in Rockwell Automation Arena is related to errors during initialization of variables. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created DOE file...