Vulnerabilities

A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools 1.4.3 package in function remotethread in remote.c. This vulnerability occurs in the remote control functionality when processing malformed input, leading to a stack buffer underflow that can cause application crashes and potentially allow code execution.

An issue in Nodemailer smtp_server before v.3.18.3 allows a remote attacker to cause a denial of service via the SMTPStream._write, lib/smtp-stream.js components

Oinone Pamirs 7.0.0 contains a code execution vulnerability via ScriptRunner. The method ScriptRunner.run(String expression, String type, Map context) evaluates attacker-controlled script expressions through the underlying script engine without sandboxing or allowlist restrictions.

Oinone Pamirs 7.0.0 contains a command injection vulnerability in CommandHelper.executeCommands. The method starts a shell process and writes attacker-controlled command strings directly to the process standard input without sanitization. In affected deployments, this can result in arbitrary operating system command execution.

Oinone Pamirs 7.0.0 contains an XML External Entity (XXE) issue in its XStream-based XML parsing logic. When attacker-controlled XML is passed to framework parsing entry points such as PamirsXmlUtils.fromXML(...) or ViewXmlUtils.fromXML(...), unsafe XML processing can lead to file disclosure or SSRF.

* Countermeasures for DPA within SYMCRYPTO<br /> engine on SixG301xxx devices are not sufficiently random and will<br /> eventually repeat.<br /> * KSU keys using SYMCRYPTO will be<br /> impacted by this vulnerability.

Medical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is vulnerable to Insecure Permissions, which allows arbitrary user password reset.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ptrace: slightly saner &amp;#39;get_dumpable()&amp;#39; logic<br /> <br /> The &amp;#39;dumpability&amp;#39; of a task is fundamentally about the memory image of<br /> the task - the concept comes from whether it can core dump or not - and<br /> makes no sense when you don&amp;#39;t have an associated mm.<br /> <br /> And almost all users do in fact use it only for the case where the task<br /> has a mm pointer.<br /> <br /> But we have one odd special case: ptrace_may_access() uses &amp;#39;dumpable&amp;#39; to<br /> check various other things entirely independently of the MM (typically<br /> explicitly using flags like PTRACE_MODE_READ_FSCREDS). Including for<br /> threads that no longer have a VM (and maybe never did, like most kernel<br /> threads).<br /> <br /> It&amp;#39;s not what this flag was designed for, but it is what it is.<br /> <br /> The ptrace code does check that the uid/gid matches, so you do have to<br /> be uid-0 to see kernel thread details, but this means that the<br /> traditional "drop capabilities" model doesn&amp;#39;t make any difference for<br /> this all.<br /> <br /> Make it all make a *bit* more sense by saying that if you don&amp;#39;t have a<br /> MM pointer, we&amp;#39;ll use a cached "last dumpability" flag if the thread<br /> ever had a MM (it will be zero for kernel threads since it is never<br /> set), and require a proper CAP_SYS_PTRACE capability to override.

PDF Export Module used in DHTMLX&amp;#39;s products Gantt and Scheduler is vulnerable to Remote Code Execution due to lack of "data" parameter sanitization. An unauthenticated attacker can inject the malicious JavaScript code to the parameter whose value is processed by Node.js and subsequently executed. This can lead to server compromise.<br /> <br /> This issue was fixed in PDF Export Module version 0.7.6.

Diagram&amp;#39;s export module is vulnerable to Path Traversal in src attribute due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include<br /> local files from the server and display them in the generated pdf. <br /> <br /> This issue was fixed in version 1.1.1.

PDF Export Module used in DHTMLX&amp;#39;s products Gantt and Scheduler is vulnerable to Path Traversal due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include<br /> local files from the server and display them in the generated PDF. <br /> <br /> This issue was fixed in PDF Export Module version 0.7.6.

Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids.<br /> <br /> Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator returns a SHA-256 hash of the built-in rand() function, the epoch time, and the PID, that is hashed again. These are predictable, low-entropy sources. Predicable session ids could allow an attacker to gain access to systems.<br /> <br /> Note that version 1.3.19 has a fallback without warning to use insecure session generation method if the call to Crypt::URandom::urandom fails. However, this is unlikely as Crypt::URandom is a hardcoded requirement of the module.<br /> <br /> This issue is similar to CVE-2025-40931 for Apache::Session::Generate::MD5.