RHEL 8 : OpenEXR (RHSA-2026:12338)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:12338 advisory. OpenEXR is a high dynamic-range HDR image file format developed by Industrial Light & Magic for use in computer imaging applications. This package...

RHEL 8 : OpenEXR (RHSA-2026:12339)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:12339 advisory. OpenEXR is a high dynamic-range HDR image file format developed by Industrial Light & Magic for use in computer imaging applications. This package...

Debian dsa-6239 : chromium - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6239 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6239-1 [email protected]...

RHEL 10 : libtiff (RHSA-2026:12265)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:12265 advisory. The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: libtiff: Arbitra...

CVE-2026-31730

A flaw was found in the Linux kernel's fastrpc component that could lead to a denial of service DoS or potentially arbitrary code execution. This memory corruption vulnerability, specifically a double-free, occurs when the cctx-remoteheap memory is freed twice due to an error handling issue in th...

[SECURITY] [DLA 4559-1] imagemagick security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4559-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès May 01, 2026 https://wiki.debian.org/LTS -...

CVE-2026-43049

A flaw was found in the Linux kernel's logitech-hidpp driver. When the force feedback initialization fails for the Logitech G920 Driving Force Racing Wheel, the driver returns an error before properly tearing down userspace infrastructure. This can lead to a use-after-free UAF vulnerability if...

CVE-2026-43047

A flaw was found in the Linux kernel's Human Interface Device HID multitouch subsystem. A malicious or improperly configured HID device can respond to a feature request with an incorrect report ID. This confusion in the HID core can lead to out-of-bounds writes, potentially allowing a local...

CVE-2026-37539

Buffer overflow vulnerability in cannelloni v2.0.0 in CAN frame parsing in parser.cpp in function parseCANFrame, and decoder.cpp in function decodeFrame allowing remote attackers to cause a denial of service crash or possibly execute arbitrary code via crafted CAN FD frames...

[SECURITY] [DSA 6240-1] imagemagick security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6240-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 01, 2026 https://www.debian.org/security/faq -...

RLSA-2026:12265 Important: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing CVE-2026-4775 For more details about the security issues,...

libtiff security update

An update is available for libtiff. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libtiff packages contain a library of functions for manipulating Tagged...

Deserialization of Untrusted Data

Overview org.apache.mina:mina-core is a network application framework which helps users develop high performance and high scalability network applications easily. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the resolveClass function in AbstractIoBuffe...

UBUNTU-CVE-2026-42779

The fix for CVE-2026-41635 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description: Apache MINA's AbstractIoBuffer.resolveClass contains two branches, one of them for static classes or primitive types does not check the class at all, bypassing the classname...

CVE-2026-7584

The LabOne Q serialization framework uses a class-loading mechanism importcls to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism accepted arbitrary fully-qualified class names from the serialized data without any validation of the target...

CVE-2026-7584 Arbitrary Code Execution via Unsafe Deserialization in LabOne Q

The LabOne Q serialization framework uses a class-loading mechanism importcls to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism accepted arbitrary fully-qualified class names from the serialized data without any validation of the target...

EUVD-2026-26483

The LabOne Q serialization framework uses a class-loading mechanism importcls to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism accepted arbitrary fully-qualified class names from the serialized data without any validation of the target...

CVE-2026-7584

The LabOne Q serialization framework uses a class-loading mechanism importcls to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism accepted arbitrary fully-qualified class names from the serialized data without any validation of the target...

CVE-2026-7584 Arbitrary Code Execution via Unsafe Deserialization in LabOne Q

The LabOne Q serialization framework uses a class-loading mechanism importcls to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism accepted arbitrary fully-qualified class names from the serialized data without any validation of the target...

CVE-2026-7584

The CVE describes an Arbitrary Code Execution in LabOne Q caused by unsafe deserialization: its serialization framework uses a class-loading mechanism (import_cls) that accepted fully-qualified class names without validating targets or restricting modules. An attacker can craft a malicious serial...