DEBIAN-CVE-2025-64486

calibre is an e-book manager. In versions 8.13.0 and prior, calibre does not validate filenames when handling binary assets in FB2 files, allowing an attacker to write arbitrary files on the filesystem when viewing or converting a malicious FictionBook file. This can be leveraged to achieve...

UBUNTU-CVE-2025-64486

calibre is an e-book manager. In versions 8.13.0 and prior, calibre does not validate filenames when handling binary assets in FB2 files, allowing an attacker to write arbitrary files on the filesystem when viewing or converting a malicious FictionBook file. This can be leveraged to achieve...

CVE-2025-58148

A flaw was found in Xen. Hypercalls using any input format can cause sendipi to read d-vcpu out-of-bounds, and operate on a wild vCPU pointer. A buggy or malicious guest can cause Denial of Service DoS affecting the entire host, information leaks, or elevation of privilege...

OESA-2025-2620 poppler security update

Poppler is a free software utility library for rendering Portable Document Format PDF documents. \ Its development is supported by freedesktop.org. It is commonly used on Linux systems,and is used by \ the PDF viewers of the open source GNOME and KDE desktop environments. Security Fixes: An issue...

mingw-libtiff security update

An update is available for mingw-libtiff. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libtiff package contains a library of functions for manipulating TI...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990412)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990412 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/plane: Move range check for formatcount earlier While the check for formatcount 64 in...

Updated binutils packages fix security vulnerabilities

GNU Binutils format.c bfdsetformat memory corruption. CVE-2025-1153 GNU Binutils ld elflink.c bfdelfgcmarkrsec heap-based overflow. CVE-2025-1176 GNU Binutils ld libbfd.c bfdputl64 memory corruption. CVE-2025-1178 GNU Binutils ld elflink.c bfdelfgcmarkrsec memory corruption. CVE-2025-1181 GNU...

Security update for tiff

This update for tiff fixes the following issues: Update to 4.7.1: CVE-2025-8851: Fixed stack-based buffer overflow bsc1248278. CVE-2025-9900: Fixed write-what-where via TIFFReadRGBAImageOriented bsc1250413. Patch Instructions: To install this SUSE update use the SUSE recommended installation...

CVE-2025-46784

A denial of service vulnerability exists in the lassonodeinitfrommessagewithformat functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a memory depletion, resulting in denial of service. An attacker can send a malformed SAML response to trigger this vulnerabili...

CVE-2025-46784

The connected advisories confirm CVE-2025-46404, CVE-2025-46705, CVE-2025-46784 and CVE-2025-47151 affect the lasso library (Entr'ouvert Lasso / liblasso) used for Liberty/SAML processing. Descriptions show a mix of denial-of-service via malformed SAML responses causing memory depletion or crashe...

[SECURITY] Fedora 43 Update: rust-interpolator-0.5.0-3.fc43

Runtime format strings, fully compatible with std's macros...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989217)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989217 advisory. In the Linux kernel, the following vulnerability has been resolved: udf: Fix preallocation discarding at indirect extent boundary When preallocation extent is the...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989693)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989693 advisory. In the Linux kernel, the following vulnerability has been resolved: f2fs: avoid format-overflow warning With gcc and W=1 option, there's a warning like this:...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989880)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989880 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/plane: Move range check for formatcount earlier While the check for formatcount 64 in...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989419)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989419 advisory. In the Linux kernel, the following vulnerability has been resolved: f2fs: avoid format-overflow warning With gcc and W=1 option, there's a warning like this:...

PT-2025-46819

Name of the Vulnerable Software and Affected Versions pgAdmin versions up to 9.9 Description pgAdmin is susceptible to a Remote Code Execution RCE issue that arises when operating in server mode and restoring from PLAIN-format dump files. This flaw allows attackers to inject and execute arbitrary...

TencentOS Server 4: lz4 (TSSA-2025:0847)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0847 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

[SECURITY] Fedora 42 Update: rust-interpolator-0.5.0-3.fc42

Runtime format strings, fully compatible with std's macros...

[SECURITY] Fedora 41 Update: rust-interpolator-0.5.0-3.fc41

Runtime format strings, fully compatible with std's macros...

RLSA-2025:19156 Important: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: Libtiff Write-What-Where CVE-2025-9900 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information,...