For providers

An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c does not set NumVFs to PCI_SRIOV_TOTAL_VF, and thus interaction with hw/nvme/ctrl.c is mishandled.

An unquoted service path vulnerability in the 12d Synergy Server and File Replication Server components may allow an attacker to gain elevated privileges via the 12d Synergy Server and/or 12d...

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended...

Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to...

An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version...

A weak permission was found in the backup directory in LaborOfficeFree affecting version 19.10. This vulnerability allows any authenticated user to read backup files in the directory...

Encrypted database credentials in LaborOfficeFree affecting version 19.10. This vulnerability allows an attacker to read and extract the username and password from the database of...

Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to perform a brute force attack and easily discover the root password.

Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to calculate the root password of the MySQL database used by LaborOfficeFree using...

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a...