FreeType Out-of-Bounds Write Vulnerability

FreeType contains an out-of-bounds write vulnerability when attempting to parse font subglyph structures related to TrueType GX and variable font files that may allow for arbitrary code execution...

CVE-2025-43851 GHSL-2025-021_Retrieval-based-Voice-Conversion-WebUI

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The modelchoose variable takes user input e.g. a path to a model and passes it to the uvr function in vr.py. In uvr , a new instance...

Retrieval-based-Voice-Conversion-WebUI 代码问题漏洞

Retrieval-based-Voice-Conversion-WebUI is an open source voice training modeling tool from RVC-Project. A code issue vulnerability exists in Retrieval-based-Voice-Conversion-WebUI version 2.2.231006 and earlier, which stems from improper handling of the modelchoose variable, and could lead to...

Retrieval-based-Voice-Conversion-WebUI 代码问题漏洞

Retrieval-based-Voice-Conversion-WebUI is an open source voice training modeling tool from RVC-Project. A code issue vulnerability exists in Retrieval-based-Voice-Conversion-WebUI version 2.2.231006 and earlier, which stems from improper handling of the modelchoose variable, and could lead to...

PT-2025-19327 · Intel · Intel Uefi

Name of the Vulnerable Software and Affected Versions: Intel UEFI affected versions not specified Description: A vulnerability in the digital signature verification process does not properly validate variable attributes, which allows an attacker to bypass signature verification by creating a...

CVE-2023-53057

The CVE-2023-53057 entry corresponds to a Linux kernel Bluetooth HCI global-out-of-bounds bug. The issue arises in hci_init_stage_sync() looping a variable-length array, where amp_init1[] and amp_init2[] lacked an intentionally invalid final element, enabling out-of-bounds reads during hci_dev_op...

Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to an arbitrary code execution in logback-core [CVE-2024-12798]

Summary IBM Watson Speech Services Cartridge is vulnerable to an arbitrary code execution in logback-core, caused by a flaw in the JaninoEventEvaluator extension, that allowsve environment variable injection before program execution CVE-2024-12798. Logback-core is used in our Speech microservices...

CVE-2022-49865

In the Linux kernel, the following vulnerability has been resolved: ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network When copying a struct ifaddrlblmsg to the network, ifalreserved remained uninitialized, resulting in a 1-byte infoleak: BUG: KMSAN: kernel-network-infoleak...

PT-2025-18641 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A potential memory leak has been identified in the Linux kernel's NFC subsystem, specifically in the fdp nci send function. This function calls fdp nci i2c write, which does not free t...

Amazon Linux 2 : libreoffice (ALASLIBREOFFICE-2025-007)

The version of libreoffice installed on the remote host is prior to 5.3.6.1-21. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2LIBREOFFICE-2025-007 advisory. Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in The Documen...

CVE-2025-29625

A buffer overflow vulnerability in Astrolog v7.70 allows attackers to execute arbitrary code or cause a Denial of Service DoS via an overly long environment variable passed to FileOpen function...

picklescan 安全漏洞

picklescan is a security scanning program by the individual developer Matthieu Maitre. A security vulnerability exists in picklescan versions prior to 0.0.25, which stems from an insecure global variable that could lead to a data leak...

A Systematic Study on the Design of Odd-Sized Highly Nonlinear Boolean Functions Via Evolutionary Algorithms

This paper focuses on the problem of evolving Boolean functions of odd sizes with high nonlinearity, a property of cryptographic relevance. Despite its simple formulation, this problem turns out to be remarkably difficult. We perform a systematic evaluation by considering three solution encodings...

The vulnerability of software for discrete event simulation and automation in Rockwell Automation Arena, related to errors during initialization of variables, allows a perpetrator to execute arbitrary code.

The vulnerability of the software for discrete event simulation and automation in Rockwell Automation Arena is related to errors during initialization of variables. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created DOE file...

The vulnerability of software for discrete event simulation and automation in Rockwell Automation Arena, related to errors during initialization of variables, allows a perpetrator to execute arbitrary code.

The vulnerability of the software for discrete event simulation and automation in Rockwell Automation Arena is related to errors during initialization of variables. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created DOE file...

The vulnerability of the PSDInput::read_native_scanline() function in the src/psd.imageio/psdinput.cpp module of the OpenImageIO library allows a malicious actor to access protected information or cause a service failure.

The vulnerability of the PSDInput::readnativescanline function in the src/psd.imageio/psdinput.cpp module of the OpenImageIO library is related to the use of an uninitialized variable. Exploiting this vulnerability could allow a malicious actor to gain access to protected information or cause...

The vulnerability of software for discrete event simulation and automation in Rockwell Automation Arena, related to errors during initialization of variables, allows a perpetrator to execute arbitrary code.

The vulnerability of the software for discrete event simulation and automation in Rockwell Automation Arena is related to errors during initialization of variables. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created DOE file...

OESA-2025-1427 golang security update

. Security Fixes: Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied.CVE-2025-22870...

Astrolog 安全漏洞

Astrolog is an astrology software from the individual developer Walter D. Pullen. A security vulnerability exists in Astrolog version 7.70, which stems from a buffer overflow in the FileOpen function when handling an overly long environment variable, which could lead to the execution of arbitrary...

CVE-2025-29625

A buffer overflow vulnerability in Astrolog v7.70 allows attackers to execute arbitrary code or cause a Denial of Service DoS via an overly long environment variable passed to FileOpen function...