Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index via the DecryptBytes function. An attacker can cause the process or goroutine to crash by sending a crafted AES-CBC encrypted assertion with a plaintext of all zero bytes, which triggers a panic due to...

Incorrect Implementation of Authentication Algorithm

Overview Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm due to an error in the protocol implementation when handling the User Supplied Secret USS digest in the LoadApp function. An attacker can cause the Compound Device Identifier CDI to b...

Out-of-bounds Write

Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

GHSA-GC62-2V5P-QPMP ImageMagick has a heap-buffer-overflow in NewXMLTree which could result in crash

The NewXMLTree method contains a bug that could result in a crash due to an out of write bounds of a single zero byte...

ImageMagick has a heap-buffer-overflow in NewXMLTree which could result in crash

The NewXMLTree method contains a bug that could result in a crash due to an out of write bounds of a single zero byte...

CVE-2025-13462

The "tarfile" module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations...

Use After Free

Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

mageMagick has a possible use-after-free write in its PDB decoder

A use-after-free vulnerability exists in the PDB decoder that will use a stale pointer when a memory allocation fails and that could result in a crash or a single zero byte write. ==4033155==ERROR: AddressSanitizer: UNKNOWN SIGNAL on unknown address 0x000000000000 pc 0x5589c1971b24 bp...

Use After Free

Overview Magick.NET-Q8-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the PDB decoder when a memory allocation fails, leading to the use of a stale pointer. An attacker can cause a crash or trigger a single zero byte write by providing specially crafted input files. Remediation A fix was...

GHSA-3J4X-RWRX-XXJ9 mageMagick has a possible use-after-free write in its PDB decoder

A use-after-free vulnerability exists in the PDB decoder that will use a stale pointer when a memory allocation fails and that could result in a crash or a single zero byte write. ==4033155==ERROR: AddressSanitizer: UNKNOWN SIGNAL on unknown address 0x000000000000 pc 0x5589c1971b24 bp...

picklescan vulnerable to arbitrary file create using logging.FileHandler

Summary Unsafe pickle deserialization allows unauthenticated attackers to perform Arbitrary File Creation. By chaining the logging.FileHandler class, an attacker can bypass RCE-focused blocklists to create empty files on the server. The vulnerability allows creating zero-byte files in arbitrary...

GHSA-M7J5-R2P5-C39R picklescan vulnerable to arbitrary file create using logging.FileHandler

Summary Unsafe pickle deserialization allows unauthenticated attackers to perform Arbitrary File Creation. By chaining the logging.FileHandler class, an attacker can bypass RCE-focused blocklists to create empty files on the server. The vulnerability allows creating zero-byte files in arbitrary...

MiracleLinux 9 : c-ares-1.17.1-5.el9.1 (AXSA:2023-6019:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6019:01 advisory. c-ares: 0-byte UDP payload Denial of Service CVE-2023-32067 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 8 : c-ares-1.13.0-6.el8.2 (AXSA:2023-6142:03)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6142:03 advisory. c-ares: 0-byte UDP payload Denial of Service CVE-2023-32067 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 7 : libssh2-1.8.0-3.el7 (AXSA:2019-4034:04)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2019-4034:04 advisory. libssh2: Zero-byte allocation with a specially crafted SFTP packed leading to an out-of-bounds read CVE-2019-3858 libssh2: Out-of-bounds reads with...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000740)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000740 advisory. The hashaccept function in crypto/algifhash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service OOPS by attempting to trigger use of...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003151)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003151 advisory. The hashaccept function in crypto/algifhash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service OOPS by attempting to trigger use of...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002915)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002915 advisory. The hashaccept function in crypto/algifhash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service OOPS by attempting to trigger use of...

PT-2026-28490

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-18 ImageMagick versions prior to 6.9.13-43 Description ImageMagick is software used for editing and manipulating digital images. A flaw exists where a zero-byte out-of-bounds write occurs in the X11 display...