Aggregator

A vulnerability classified as critical has been found in libzvbi up to 0.2.43. This affects the function vbi_capture_sim_load_caption of the file src/io-sim.c. The manipulation leads to integer overflow. This vulnerability is uniquely identified as CVE-2025-2176. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional.

A vulnerability was found in libzvbi up to 0.2.43. It has been rated as problematic. Affected by this issue is the function _vbi_strndup_iconv. The manipulation leads to integer overflow. This vulnerability is handled as CVE-2025-2175. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional.

A vulnerability was found in libzvbi up to 0.2.43. It has been declared as problematic. Affected by this vulnerability is the function vbi_strndup_iconv_ucs2 of the file src/conv.c. The manipulation of the argument src_length leads to integer overflow. This vulnerability is known as CVE-2025-2174. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional.

A vulnerability was found in libzvbi up to 0.2.43. It has been classified as problematic. Affected is the function vbi_strndup_iconv_ucs2 of the file src/conv.c. The manipulation of the argument src_length leads to uninitialized pointer. This vulnerability is traded as CVE-2025-2173. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional.

Submit #512803 / VDB-299206

Submit #512802 / VDB-299205

Submit #512801 / VDB-299204

Submit #512800 / VDB-299203

Submit #512798 / VDB-299202

立即查看漏洞详情

立即查看漏洞详情

立即查看漏洞详情

立即查看漏洞详情

立即查看漏洞详情

立即查看漏洞详情

立即查看漏洞详情

​在 Python JSON Logger 包（python-json-logger）中，发现了一个严重影响版本 3.2.0 和 3.2.1 的重大漏洞，编号为 CVE-2025-27607。

3月1日，以“洞见风险，先知先行”为理念的2025阿里白帽大会在杭州成功举办！

CISOs face mounting pressure to spend wisely on security. Yet, many organizations remain vulnerable due to misplaced priorities and inefficient budgeting. This article explores common pitfalls and offers strategies to strengthen cybersecurity. Recent data highlights a paradox: while cybersecurity budgets rise, security incidents continue unabated. A survey by the Ponemon Institute revealed a 59% increase in cyber budgets year-over-year, yet 61% of organizations experienced a data breach or cybersecurity incident in the past two years. … More →

The post Smart cybersecurity spending and how CISOs can invest where it matters appeared first on Help Net Security.

A vulnerability classified as critical was found in Linux Kernel up to 5.18.2. Affected by this vulnerability is the function pp_funcs. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2022-49529. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.