23 matches found
CVE-2025-62821
Microsoft HEIF Image Extensions 1.2.22.0 has an out-of-bounds read because CHEIFItemInfoEntryGetDataSize can return success while leaving the reported data size as 0. This causes a caller to make a 1-byte allocation. Later, CopyPixels computes copysize = stride absroiheight but does not check the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: fixed an infinite loop triggered by a zero-sized ATTRLIST. We have identified a bug in the ntfs3 file system that can lead to a Denial-of-Service DoS attack. A malformed NTFS image can cause an infinite loop when the...
CVE-2025-62821
Microsoft HEIF Image Extensions 1.2.22.0 has an out-of-bounds read because CHEIFItemInfoEntryGetDataSize can return success while leaving the reported data size as 0. This causes a caller to make a 1-byte allocation. Later, CopyPixels computes copysize = stride absroiheight but does not check the...
EUVD-2025-208821
In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: fix infinite loop triggered by zero-sized ATTRLIST We found an infinite loop bug in the ntfs3 file system that can lead to a Denial-of-Service DoS condition. A malformed NTFS image can cause an infinite loop when an...
Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS
Scrapy are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occur...
CVE-2026-21977
Vulnerability in the Oracle Zero Data Loss Recovery Appliance Software product of Oracle Zero Data Loss Recovery Appliance component: Security. Supported versions that are affected are 23.1.0-23.1.202509. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...
EUVD-2026-3535
Vulnerability in the Oracle Zero Data Loss Recovery Appliance Software product of Oracle Zero Data Loss Recovery Appliance component: Security. Supported versions that are affected are 23.1.0-23.1.202509. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...
CVE-2026-21977
Vulnerability in the Oracle Zero Data Loss Recovery Appliance Software product of Oracle Zero Data Loss Recovery Appliance component: Security. Supported versions that are affected are 23.1.0-23.1.202509. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...
CVE-2026-21977
Vulnerability in the Oracle Zero Data Loss Recovery Appliance Software product of Oracle Zero Data Loss Recovery Appliance component: Security. Supported versions that are affected are 23.1.0-23.1.202509. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...
PT-2026-3724
Vulnerability in the Oracle Zero Data Loss Recovery Appliance Software product of Oracle Zero Data Loss Recovery Appliance component: Security. Supported versions that are affected are 23.1.0-23.1.202509. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...
Oracle Zero Data Loss Recovery Appliance security vulnerabilities
The Oracle Zero Data Loss Recovery Appliance is a backup and management system developed by Oracle Corporation. There are security vulnerabilities in the Oracle Zero Data Loss Recovery Appliance Software version 23.1.0 through 23.1.202509. These vulnerabilities allow unverified attackers to acces...
kernel: tipc: fix kernel warning when sending SYN message
In the Linux kernel, the following vulnerability has been resolved: tipc: fix kernel warning when sending SYN message When sending a SYN message, this kernel stack trace is observed: ... 13.396352 RIP: 0010:copyfromiter+0xb4/0x550 ... 13.398494 Call Trace: 13.398630 13.398630 ? allocskb+0xed/0x1a...
SUSE CVE-2014-1684
The ASFReadObjectfileproperties function in modules/demux/asf/libasf.c in the ASF Demuxer in VideoLAN VLC Media Player before 2.1.3 allows remote attackers to cause a denial of service divide-by-zero error and crash via a zero minimum and maximum data packet size in an ASF file...
DEBIAN-CVE-2022-47943
An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is an out-of-bounds read and OOPS for SMB2WRITE, when there is a large length in the zero DataOffset case...
UBUNTU-CVE-2022-47943
An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is an out-of-bounds read and OOPS for SMB2WRITE, when there is a large length in the zero DataOffset case...
User Survey 2020 Report Shows Rapid Growth In Apache Pulsar Adoption
For the first time ever, the Apache Pulsar PMC team is publishing a user survey report. The 2020 Apache Pulsar User Survey Report reveals Pulsar's accelerating rate of global adoption, details how organizations are leveraging Pulsar to build real-time streaming applications, and highlights key...
Linux kernel security bypass vulnerability (CNVD-2017-05575)
The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. The Linux kernel suffers from a security bypass vulnerability in which the program fails to detect the zero value of data. A local attacker can exploit this vulnerability by...
DEBIAN-CVE-2016-8646
The hashaccept function in crypto/algifhash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service OOPS by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data...
libarchive: Archive Entry with type 1 (hardlink), but has a non-zero data size file overwrite
A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive...
PT-2016-7538 · Linux +4 · Linux Kernel +4
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.3.6 Description: The issue allows local users to cause a denial of service by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data. This is related to the ha...