uutils coreutils 安全漏洞

uutils coreutils is a cross-platform core command-line toolset developed by Uutils Open Source. There is a security vulnerability in uutils coreutils. This vulnerability stems from the dd utility suppressing errors during file truncation operations by unconditionally calling Result::ok. Although...

CVE-2025-58147

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Some Viridian hypercalls can specify a mask of vCPU IDs as an input, in one of three formats. Xen has boundary checking bugs with all three formats, which can cause...

EUVD-2021-9783

Malicious code in bioql PyPI...

EUVD-2023-31634

Malicious code in bioql PyPI...

RHEL 8 : git (RHSA-2025:11794)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:11794 advisory. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a...

CVE-2025-27776 Applio allows SSRF and file write in model_download.py

Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery SSRF and file write in modeldownload.py line 240 in 3.2.7. The blind SSRF allows for sending requests on behalf of Applio server and can be leveraged to probe for other vulnerabilities on the...

CVE-2024-52938

Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to subvert reconstruction activities to trigger a write of data outside the Guest's virtualised GPU memory...

Litestar 安全漏洞

Litestar is a powerful, flexible but stubborn ASGI framework open-sourced by Litestar. A security vulnerability exists in Litestar version 2.10.0 and prior versions that stems from vulnerability to environment variable injection attacks, leading to confidentiality disclosure and repository...

CVE-2024-26622 tomoyo: fix UAF write bug in tomoyo_write_control()

In the Linux kernel, the following vulnerability has been resolved: tomoyo: fix UAF write bug in tomoyowritecontrol Since tomoyowritecontrol updates head-writebuf when write of long lines is requested, we need to fetch head-writebuf after head-iosem is held. Otherwise, concurrent write requests c...

SUSE-SU-2024:0435-1 Security update for netpbm

This update for netpbm fixes the following issues: - CVE-2017-5849: Fixed out-of-bound read and write issue that can occur in function putgreytile and put1bitbwtile bsc1022790, bsc1022791...

SUSE-SU-2023:4597-1 Security update for gstreamer-plugins-bad

This update for gstreamer-plugins-bad fixes the following issues: - CVE-2023-40474: Fixed integer overflow causing out of bounds writes when handling invalid uncompressed video bsc1215796. - CVE-2023-40476: Fixed possible overflow using maxsublayersminus1 bsc1215793...

CVE-2023-28576

The buffer obtained from kernel APIs such as cammemgetcpubuf may be readable/writable in userspace after kernel accesses it. In other words, user mode may race and modify the packet header e.g. header.count, causing checks e.g. size checks in kernel code to be invalid. This may lead to...

RHEL 8 : kernel (RHSA-2023:4515)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4515 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Use-after-free vulnerability i...

openSUSE 15 Security Update : stellarium (openSUSE-SU-2023:0097-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2023:0097-1 advisory. - In Stellarium through 1.2, attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal...

PT-2025-13341 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to the fix of the instruction simulation of JALR Description: The issue is related to the instruction simulation of JALR in the Linux kernel, specifically when setting a kprobe at 'jalr 1140ra' of vfs write. This...

MGASA-2021-0573 Updated x11-server packages fix security vulnerabilities

Updated x11-server packages fix security vulnerabilities: The handler for the CompositeGlyphs request of the Render extension does not properly validate the request length leading to out of bounds memory write CVE-2021-4008. The handler for the CreatePointerBarrier request of the XFixes extension...

SUSE-SU-2021:4136-1 Security update for xorg-x11-server

This update for xorg-x11-server fixes the following issues: - CVE-2021-4009: The handler for the CreatePointerBarrier request of the XFixes extension does not properly validate the request length leading to out of bounds memory write. bsc1190487 - CVE-2021-4010: The handler for the Suspend reques...

SUSE-SU-2019:1963-1 Security update for openexr

This update for openexr fixes the following issues: Security issues fixed: - CVE-2017-9111: Fixed an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h bsc1040109. - CVE-2017-9113: Fixed an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp...

SUSE-SU-2019:1962-1 Security update for openexr

This update for openexr fixes the following issues: Security issue fixed: - CVE-2017-9111: Fixed an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h bsc1040109. - CVE-2017-9113: Fixed an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp...

Security vulnerabilities fixed in Firefox ESR 45.9 — Mozilla

A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash. A use-after-free vulnerability occurs during transaction processing in t...