SUSE SLES15 Security Update : glib2 (SUSE-SU-2026:0458-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0458-1 advisory. - CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing bsc1257354. -...

CVE-2019-25336

SpotAuditor 5.3.2 contains a local buffer overflow vulnerability in the Base64 Encrypted Password tool that allows attackers to execute arbitrary code by crafting a malicious payload. Attackers can generate a specially crafted Base64 encoded payload to trigger a Structured Exception Handler SEH...

CVE-2020-37167

ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through the ClamBC bytecode interpreter that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious...

CVE-2020-37167 ClamAV ClamBC < 0.103.0-rc - 'ClamBC' Executable Regular Expression Error

ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through the ClamBC bytecode interpreter that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious...

CVE-2019-25340 SpotAuditor 5.3.2 - 'Base64' Denial Of Service

SpotAuditor 5.3.2 contains a denial of service vulnerability in its Base64 decryption feature that allows attackers to crash the application by supplying an oversized buffer. Attackers can generate a malformed input file with 2000 repeated characters to trigger an application crash when pasted in...

CVE-2019-25340 SpotAuditor 5.3.2 - 'Base64' Denial Of Service

SpotAuditor 5.3.2 contains a denial of service vulnerability in its Base64 decryption feature that allows attackers to crash the application by supplying an oversized buffer. Attackers can generate a malformed input file with 2000 repeated characters to trigger an application crash when pasted in...

CVE-2019-25336

SpotAuditor 5.3.2 contains a local buffer overflow in the Base64 Encrypted Password tool that can trigger an SEH overwrite and allow execution of shellcode on a vulnerable system. Affected component: Base64 Encrypted Password tool within SpotAuditor. Underlying cause: buffer overflow via crafted ...

CLSA-2026-1770899757 Fix CVE(s): CVE-2026-24515

SECURITY UPDATE: XMLExternalEntityParserCreate failure to copy the encoding handler data can cause a NULL dereference CWE-476 from external entities that declare use of an unknown encoding. The expected impact is denial of service. - debian/patches/CVE-2026-24515.patch: Make...

Security update for glib2

This update for glib2 fixes the following issues: CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing bsc1257354. CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encodi...

SUSE-SU-2026:0458-1 Security update for glib2

This update for glib2 fixes the following issues: - CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing bsc1257354. - CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64...

CVE-2026-25612

The internal locking mechanism of the MongoDB server uses an internal encoding of the resources in order to choose what lock to take. Collections may inadvertently collide with one another in this representation causing unavailability between them due to conflicting locks...

CVE-2026-1866

The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via double HTML-entity encoding in all versions up to, and including, 1.32.0. This is due to the plugin's sanitization function calling htmlentitydecode before wpkses, and then calling htmlentitydecode again on...

Incorrect Length Encoding on KDF Export

Passing values length 65535 to Context::export produces output that disagrees with the RFC 9180 label encoding. In particular the length value is cast to u16 truncating any value exceeding 65535. Impact Applications that use hpke-rs to export very large secrets would experience interoperability...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: postgresql-13 (UTSA-2026-005349)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005349 advisory. Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database...

USN-7954-2: Libtasn1 vulnerabilities

USN-7954-1 fixed vulnerabilities in Libtasn1. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. CVE-2021-46848 only affected Ubuntu 14.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was...

USN-7954-2 libtasn1-6 vulnerabilities

USN-7954-1 fixed vulnerabilities in Libtasn1. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. CVE-2021-46848 only affected Ubuntu 14.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper sanitation of paths received from SCP servers. An attacker can access or modify files outside the intended directory by sending specially crafted file paths. Note: Libssh maintainers strongly discourage...

CVE-2026-25612

The internal locking mechanism of the MongoDB server uses an internal encoding of the resources in order to choose what lock to take. Collections may inadvertently collide with one another in this representation causing unavailability between them due to conflicting locks...

UBUNTU-CVE-2026-25612

The internal locking mechanism of the MongoDB server uses an internal encoding of the resources in order to choose what lock to take. Collections may inadvertently collide with one another in this representation causing unavailability between them due to conflicting locks...

CVE-2026-25612

CVE-2026-25612 concerns the MongoDB server’s internal locking mechanism, which uses an internal resource encoding to decide locks. This can cause collisions between collections in that representation, leading to unavailability due to conflicting locks. Metrics indicate a high availability impact ...