CVE-2025-47815 – GNU PSPP Heap-Based Buffer Overflow Vulnerability

May 10, 2025

CVE ID : CVE-2025-47815

Published : May 10, 2025, 10:15 p.m. | 2 hours, 9 minutes ago

Description : libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a heap-based buffer overflow in inflate_read (called indirectly from zip_member_read_all) in zip-reader.c.

Severity: 4.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-47816 – GNU PSPP XML Processing Out-of-Bounds Read Vulnerability

Next Article CVE-2025-47817 – BlueWave Checkmate Role Parameter Injection Vulnerability

Highlights

CVE-2025-54576 – OAuth2-Proxy Regex Pattern Bypass Authentication Vulnerability

July 30, 2025

CVE ID : CVE-2025-54576

Published : July 30, 2025, 8:15 p.m. | 3 hours, 29 minutes ago

Description : OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load balancer setups. In versions 7.10.0 and below, oauth2-proxy deployments are vulnerable when using the skip_auth_routes configuration option with regex patterns. Attackers can bypass authentication by crafting URLs with query parameters that satisfy configured regex patterns, allowing unauthorized access to protected resources. The issue stems from skip_auth_routes matching against the full request URI. Deployments using skip_auth_routes with regex patterns containing wildcards or broad matching patterns are most at risk. This issue is fixed in version 7.11.0. Workarounds include: auditing all skip_auth_routes configurations for overly permissive patterns, replacing wildcard patterns with exact path matches where possible, ensuring regex patterns are properly anchored (starting with ^ and ending with $), or implementing custom validation that strips query parameters before regex matching.

Severity: 9.1 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Stanford Researchers Propose FramePack: A Compression-based AI Framework to Tackle Drifting and Forgetting in Long-Sequence Video Generation Using Efficient Context Management and Sampling

April 21, 2025

Variables and Outputs: Enhancing Terraform Flexibility

July 28, 2025

CVE-2025-3090 – Cisco Device Authentication Bypass Vulnerability

June 24, 2025

Coded Smorgasbord: High Strung

Chainguard launches trusted collection of verified JavaScript libraries

CData launches Connect AI to provide agents access to enterprise data sources

PostgreSQL 18 adds asynchronous I/O to improve performance

Distribution Release: Neptune 9.0

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

Development Release: MX Linux 25 Beta 1

PHP 8.5.0 RC 1 available for testing

PHP 8.5.0 RC 1 available for testing

Terraform Code Generator Using Ollama and CodeGemma

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

Distribution Release: Neptune 9.0

Distribution Release: Neptune 9.0

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

Distribution Release: Kali Linux 2025.3

CVE-2025-47815 – GNU PSPP Heap-Based Buffer Overflow Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

Containerizzazione: Apple presenta il suo strumento per eseguire distribuzioni GNU/Linux in contenitori

The Ten-Year Ascent: A Blueprint for Achieving Billionaire Status from Zero Capital

April 2025: All AI updates from the past month

Best Bread brand Hyderabad

CVE-2025-54576 – OAuth2-Proxy Regex Pattern Bypass Authentication Vulnerability

Stanford Researchers Propose FramePack: A Compression-based AI Framework to Tackle Drifting and Forgetting in Long-Sequence Video Generation Using Efficient Context Management and Sampling

Variables and Outputs: Enhancing Terraform Flexibility

CVE-2025-3090 – Cisco Device Authentication Bypass Vulnerability

CVE-2025-47815 – GNU PSPP Heap-Based Buffer Overflow Vulnerability

Related Posts