MGASA-2026-0148 Updated perl-YAML-Syck package fixes security vulnerability

YAML::Syck versions before 1.38 for Perl have an out-of-bounds read...

Updated perl-YAML-Syck package fixes security vulnerability

YAML::Syck versions before 1.38 for Perl have an out-of-bounds read...

CVE-2026-5089 YAML::Syck versions before 1.38 for Perl has an out-of-bounds read

YAML::Syck versions before 1.38 for Perl has an out-of-bounds read. The base60 sexagesimal parsing code in perlsyck.h has a buffer underflow bug in both intbase60 and floatbase60 handlers. When processing the leftmost segment of a colon-separated value e.g., the 1 in 1:30:45, the inner while loop...

YAML::Syck 安全漏洞

YAML::Syck is a Perl library open-sourced by CPAN authors. Versions of YAML::Syck prior to 1.38 contained security vulnerabilities. These vulnerabilities stemmed from the base60 parsing code in perlsyck.h, which experienced a buffer underflow. When processing the leftmost segment of colon-separat...

CVE-2024-53828

Ericsson Packet Core Controller PCC versions prior to 1.38 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation...

CVE-2024-53828

Ericsson Packet Core Controller PCC versions prior to 1.38 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation...

PT-2026-29507

Ericsson Packet Core Controller PCC versions prior to 1.38 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation...

EUVD-2025-208690

Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 allow a low privileged user to read an administrator's password by directly accessing a specific resource inaccessible via a graphical interface. This issue has been fixed in firmware versions: 1.36 for tcPDU, 1.67 for LK3...

CVE-2025-11500 Credentials exposure in tinycontrol devices

Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 have two separate authentication mechanisms - one solely for interface management and one for protecting all other server resources. When the latter is turned off which is a default setting, an unauthenticated attacker on...

CVE-2025-15587 Credentials exposure in tinycontrol devices

Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 allow a low privileged user to read an administrator's password by directly accessing a specific resource inaccessible via a graphical interface. This issue has been fixed in firmware versions: 1.36 for tcPDU, 1.67 for LK3...

CVE-2025-15587

Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 allow a low privileged user to read an administrator's password by directly accessing a specific resource inaccessible via a graphical interface. This issue has been fixed in firmware versions: 1.36 for tcPDU, 1.67 for LK3...

PT-2026-25662

Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 allow a low privileged user to read an administrator's password by directly accessing a specific resource inaccessible via a graphical interface. This issue has been fixed in firmware versions: 1.36 for tcPDU, 1.67 for LK3...

BROther BRAgent security vulnerabilities

Brother BRAgent is a component of the printing management software developed by the American company Brother. Version 1.38 of Brother BRAgent contains a security vulnerability. This vulnerability stems from the WBAAgentClient service having a service path that is not enclosed in quotes, which may...

EUVD-2025-11894

Malicious code in bioql PyPI...

CVE-2022-40011

Typora through 1.3.8 allows XSS if a document containing an SVG element with an attacker-controlled onload attribute is exported and then used at a victim's origin...

z80pack 信息泄露漏洞

z80pack is a Zilog Z80 with Intel 8080 system emulation by the individual developer Udo Munk. An information disclosure vulnerability exists in z80pack version 1.38 and earlier, which stems from the makefile-ubuntu.yml workflow file potentially disclosing GITHUBTOKEN...

br.net.woodstock.rockframework:rockframework-core (>=1.2.1 <=1.2.2), com.alanpoi:alanpoi-all (>=1.3.5 <=3.0.0) +126 more potentially affected by CVE-2024-30171 via org.bouncycastle:bcprov-jdk14 (>=1.38 <=1.77)

org.bouncycastle:bcprov-jdk14 MAVEN version =1.38, =1.2.1, =1.3.5, =1.3.5, =2.0, =1.0, =1.6.1.P24, =1.7, =0.0.1, =1.0, =1.1 - com.github.lkkushan101.RestAssuredPDFReport:com.github.lkkushan101.RestAssuredPDFReport =1.00 - com.github.lkkushan101.appiumlocator:com.github.lkkushan101.appiumlocator...

br.com.swconsultoria:java-cte (>=3.00.4 <=3.00.8), br.com.swconsultoria:java-mdfe (>=3.00.3 <=3.00.4) +1215 more potentially affected by CVE-2023-33202 via org.bouncycastle:bcprov-jdk16 (>=1.38 <=1.46)

org.bouncycastle:bcprov-jdk16 MAVEN version =1.38, =3.00.4, =3.00.3, =4.00.10, =1.0, =2.0, =1.2.4, =2.0.0, =2.1, =2.1, =2.10.0, =2.10.0, =2.11.0 and more Source cves: CVE-2023-33202 Source advisory: OSV:GHSA-WJXJ-5M7G-MG7Q...

CVE-2022-41766

An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. Upon an action=rollback operation, the alreadyrolled message can leak a user name when the user has been revision deleted/suppressed...

CVE-2023-28390

Privilege escalation vulnerability in SR-7100VN firmware Ver.1.38N and earlier and SR-7100VN 31 firmware Ver.1.21 and earlier allows a network-adjacent attacker with administrative privilege of the affected product to obtain an administrative privilege of the OS Operating System. As a result, an...