Lucene search
K

280 matches found

OSV
OSV
added 2026/03/17 6:27 p.m.6 views

CLSA-2026-1773772035 Fix CVE(s): CVE-2025-23048

SECURITY UPDATE: SNI validation issue in modssl - debian/patches/CVE-2025-23048.patch: update SNI validation to move the SSL compatibility check after strict SNI hostname verification in modules/ssl/sslenginekernel.c. - CVE-2025-23048...

9.1CVSS7.3AI score0.0097EPSS
Exploits1References1
OSV
OSV
added 2026/03/12 11:51 a.m.5 views

CLSA-2026-1773316266 Fix CVE(s): CVE-2025-14524, CVE-2025-15079, CVE-2025-15224

SECURITY UPDATE: OAuth2 bearer token leak on cross-protocol redirect - debian/patches/CVE-2025-14524.patch: do not use bearer when following redirect unless allowauthtootherhosts is set - CVE-2025-14524 SECURITY UPDATE: libssh global knownhosts override -...

5.3CVSS6.4AI score0.00611EPSS
Exploits3References1
OSV
OSV
added 2026/03/11 7:16 p.m.3 views

DEBIAN-CVE-2026-3949

A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdecpushdata2 of the file libheif/plugins/decodervvdec.cc of the component HEIF File Parser. Executing a manipulation of the argument size can lead to out-of-bounds read. The attack needs to be launched...

4.8CVSS4AI score0.00117EPSS
Exploits0References1
OSV
OSV
added 2026/03/10 11:25 a.m.3 views

CLSA-2026-1773141936 Fix CVE(s): CVE-2026-26269

SECURITY UPDATE: Stack-Based buffer overflow in Netbeans - debian/patches/CVE-2026-26269.patch: fix stack-based buffer overflow in NetBeans integration that could lead to a crash or arbitrary code execution via a malicious server - CVE-2026-26269...

7.5CVSS6.4AI score0.00284EPSS
Exploits0References1
OSV
OSV
added 2026/02/24 3:16 a.m.6 views

DEBIAN-CVE-2026-26284

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick lacks proper boundary checking when processing Huffman-coded data from PCD Photo CD files. The decoder contains an function that has an incorrect...

9.1CVSS7.7AI score0.00404EPSS
Exploits0References1
OSV
OSV
added 2026/02/20 2:26 p.m.3 views

CLSA-2026-1771597605 Fix CVE(s): CVE-2025-15367

SECURITY UPDATE: defect in poplib module, when passed a user-controlled command, commands can be injected using newlines - debian/patches/CVE-2025-15367.patch: Fix command injection by rejecting commands containing control characters - CVE-2025-15367...

5.9CVSS7.1AI score0.00315EPSS
Exploits0References1
OSV
OSV
added 2026/02/17 12:5 p.m.5 views

CLSA-2026-1771329952 Fix CVE(s): CVE-2025-13601

SECURITY UPDATE: Heap-based buffer overflow - debian/patches/CVE-2025-13601.patch: Fix heap-based buffer overflow by correcting buffer size calculation in gescapeuristring - CVE-2025-13601...

7.7CVSS7AI score0.00306EPSS
Exploits1References1
OSV
OSV
added 2026/02/13 11:57 a.m.6 views

ROOT-OS-DEBIAN-12-CVE-2025-1365 CVE-2025-1365 in rootio-elfutils - Patched by Root

Root has patched CVE-2025-1365 in the rootio-elfutils package for Root:Debian:12. Multiple fixed versions available...

7.8CVSS5.4AI score0.00324EPSS
Exploits1
OSV
OSV
added 2026/02/13 11:32 a.m.4 views

CLSA-2026-1770982328 Fix CVE(s): CVE-2025-68973

SECURITY UPDATE: Possible memory corruption in the armor parser - debian/patches/CVE-2025-68973.patch: fix faulty double increment - CVE-2025-68973...

7.8CVSS6.8AI score0.00129EPSS
Exploits1References1
OSV
OSV
added 2026/01/27 9:58 a.m.4 views

CLSA-2026-1769507907 Fix CVE(s): CVE-2024-50349

SECURITY UPDATE: Confusing users into sending their passwords to sites under the attacker’s control using crafted URLs - debian/patches/CVE-2024-50349.patch: also encode : in credentialformat, sanitize the user prompt - CVE-2024-50349...

4.7CVSS7.5AI score0.00643EPSS
Exploits0References1
OSV
OSV
added 2026/01/23 7:3 p.m.4 views

CLSA-2026-1769015071 Fix CVE(s): CVE-2025-68973

SECURITY UPDATE: memory corruption in armor parser - debian/patches/CVE-2025-68973.patch: Fix faulty double increment in armorfilter function. - CVE-2025-68973...

7.8CVSS6.8AI score0.00129EPSS
Exploits1References1
OSV
OSV
added 2026/01/21 8:16 p.m.5 views

DEBIAN-CVE-2025-12781

When passing data to the b64decode, standardb64decode, and urlsafeb64decode functions in the "base64" module the characters "+/" will always be accepted, regardless of the value of "altchars" parameter, typically used to establish an "alternative base64 alphabet" such as the URL safe alphabet. Th...

5.3CVSS5.3AI score0.00513EPSS
Exploits1References1
OSV
OSV
added 2025/12/30 7:6 p.m.4 views

CLSA-2025-1766599555 Fix CVE(s): CVE-2025-14178

SECURITY UPDATE: Heap buffer overflow in arraymerge - debian/patches/CVE-2025-14178.patch: add validation to check if total element count exceeds HTMAXSIZE before allocation. - CVE-2025-14178...

8.2CVSS6.8AI score0.00428EPSS
Exploits1References1
OSV
OSV
added 2025/12/30 6:52 p.m.4 views

CLSA-2025-1767120767 Fix CVE(s): CVE-2025-14178

SECURITY UPDATE: Heap buffer overflow in arraymerge - debian/patches/CVE-2025-14178.patch: add validation to check if total element count exceeds HTMAXSIZE before allocation. - CVE-2025-14178...

8.2CVSS6AI score0.00428EPSS
Exploits1References1
OSV
OSV
added 2025/12/09 1:16 a.m.4 views

DEBIAN-CVE-2023-53812

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: fix decoder disable pm crash Can't call pmruntimedisable when the architecture support sub device for 'dev-pm.dev' is NUll, or will get below crash log. 10.771551 pc : rawspinlockirq+0x4c/0xa0 10.771556 l...

5.2AI score0.00156EPSS
Exploits0References1
OSV
OSV
added 2025/12/08 4:30 p.m.4 views

CLSA-2025-1764321086 Fix CVE(s): CVE-2025-6297

SECURITY UPDATE: Directory permission cleanup vulnerability leading to DoS - debian/patches/CVE-2025-6297.patch: Fix cleanup for control member with restricted directories - CVE-2025-6297...

8.2CVSS7.3AI score0.00347EPSS
Exploits0References1
OSV
OSV
added 2025/12/08 2:15 a.m.4 views

DEBIAN-CVE-2023-53764

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Handle lock during peerid find ath12kpeerfindbyid requires that the caller hold the ab-baselock. Currently the WBM error path does not hold the lock and calling that function, leads to the following lockdepassertin...

5.6AI score0.00145EPSS
Exploits0References1
OSV
OSV
added 2025/12/03 2:53 p.m.4 views

CLSA-2025-1764773600 Fix CVE(s): CVE-2025-62171

SECURITY UPDATE: integer overflow vulnerability in BMP decoder on 32-bit systems - debian/patches/CVE-2025-62171.patch: add extra check to resolve issue on 32-bit systems caused by memory allocation failure - CVE-2025-62171...

7.5CVSS5.9AI score0.00738EPSS
Exploits1References1
OSV
OSV
added 2025/11/28 10:12 a.m.6 views

CLSA-2025-1764324770 Fix CVE(s): CVE-2022-30688

SECURITY UPDATE: insecure regex patterns for interpreter detection - debian/patches/CVE-2022-30688.patch: prevent local privilege escalation by anchoring interpreter regex patterns - CVE-2022-30688...

7.8CVSS7.1AI score0.00405EPSS
Exploits2References1
OSV
OSV
added 2025/11/28 10:9 a.m.4 views

CLSA-2025-1764324579 Fix CVE(s): CVE-2025-62171

SECURITY UPDATE: integer overflow vulnerability in BMP decoder on 32-bit systems - debian/patches/CVE-2025-62171.patch: add extra check to resolve issue on 32-bit systems - CVE-2025-62171...

7.5CVSS5.9AI score0.00738EPSS
Exploits1References1
Rows per page
Query Builder