121070 matches found
RHEL 9 : vim (RHSA-2026:28049)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28049 advisory. Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: arbitrary command execution via modeline sandbox...
Amazon Linux 2023 : python3.14-pip, python3.14-pip-wheel (ALAS2023-2026-1838)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1838 advisory. A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially...
Amazon Linux 2023 : compat-poppler22, compat-poppler22-cpp (ALAS2023-2026-1851)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1851 advisory. A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the...
[SECURITY] [DSA 6359-1] gst-plugins-good1.0 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6359-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 21, 2026 https://www.debian.org/security/faq -...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound due to improper handling of integer values in the storeAtts function. An attacker can cause memory corruption or potentially execute arbitrary code by providing specially crafted input that triggers the...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the xmlwf process when the -d parameter is used to specify an output directory. An attacker can cause unintended behavior or potentially execute arbitrary code by providing a specially crafted output...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the resolveSystemId function. An attacker can cause unexpected behavior or potentially execute arbitrary code by providing specially crafted input that triggers an integer overflow during processing...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the endDoctypeDecl process when handling NOTATION declarations. An attacker can cause memory corruption or potentially execute arbitrary code by providing specially crafted XML input. Remediation A fix...
[SECURITY] [DSA 6356-1] imagemagick security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6356-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 21, 2026 https://www.debian.org/security/faq -...
CVE-2025-71348
CVE-2025-71348 affects the picklescan utility (pre-0.0.28) where malicious pickle payloads can invoke torch.utils._config_module.load_config during unpickling, bypassing detection and enabling remote code execution in supply-chain contexts. Documents describe a bypass in reduce methods that allow...
CVE-2025-71348 picklescan - Arbitrary Code Execution via torch.utils._config_module.load_config Bypass
picklescan before 0.0.28 fails to detect malicious pickle files that invoke torch.utils.configmodule.loadconfig function within reduce methods. Attackers can craft pickle files embedding arbitrary code that evades detection but executes during pickle.load, enabling remote code execution in supply...
Debian dsa-6356 : imagemagick - security update
The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6356 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6356-1 [email protected] https://www.debian.org/securit...
Debian dsa-6358 : libhttp-daemon-perl - security update
The remote Debian 13 host has a package installed that is affected by a vulnerability as referenced in the dsa-6358 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6358-1 [email protected] https://www.debian.org/security/...
kernel: rxrpc: Fix RxGK token loading to check bounds
A flaw was found in the Linux kernel's rxrpc subsystem. An unprivileged local user could exploit an integer overflow vulnerability in the rxrpcpreparsexdryfsrxgk function. This flaw occurs when processing specially crafted key and ticket lengths, causing an incorrect memory allocation size...
Deserialization of Untrusted Data
Overview stanza is an A Python NLP Library for Many Human Languages, by the Stanford NLP Group Affected versions of this package are vulnerable to Deserialization of Untrusted Data while loading the lemma classifier due to unsafe fallback to torch.load..., weightsonly=False when the safe load...
Insufficient Verification of Data Authenticity
Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the CRI checkpoint import. An attacker can cause arbitrary code execution by crafting a checkpoint image that forces the system to pull a malicious image and assign it an arbitrary local...
kernel: ALSA: aloop: Fix peer runtime UAF during format-change stop
A flaw was found in the Linux kernel's ALSA Advanced Linux Sound Architecture aloop driver. This Use-After-Free UAF vulnerability occurs when loopbackcheckformat stops the capture side during a format change, while a concurrent close operation detaches or frees the runtime. An attacker could...
kernel: ALSA: aloop: Fix peer runtime UAF during format-change stop
A flaw was found in the Linux kernel's ALSA Advanced Linux Sound Architecture aloop driver. This Use-After-Free UAF vulnerability occurs when loopbackcheckformat stops the capture side during a format change, while a concurrent close operation detaches or frees the runtime. An attacker could...
CVE-2016-20090
Comodo Dragon Browser versions up to 52.15.25.663 contain a privilege escalation vulnerability in the DragonUpdater service due to an unquoted service path running with SYSTEM privileges. A local attacker can insert a malicious executable in the service path and execute arbitrary code with elevat...
EUVD-2016-10906
Wise Care 365 4.27 and Wise Disk Cleaner 9.29 contain unquoted service path vulnerabilities in the WiseBootAssistant and SpyHunter 4 Service respectively, allowing local users to execute arbitrary code with SYSTEM privileges. Attackers can insert malicious executables in the system root path that...