CVE-2025-46784

The connected advisories confirm CVE-2025-46404, CVE-2025-46705, CVE-2025-46784 and CVE-2025-47151 affect the lasso library (Entr'ouvert Lasso / liblasso) used for Liberty/SAML processing. Descriptions show a mix of denial-of-service via malformed SAML responses causing memory depletion or crashe...

[SECURITY] Fedora 43 Update: rust-interpolator-0.5.0-3.fc43

Runtime format strings, fully compatible with std's macros...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989693)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989693 advisory. In the Linux kernel, the following vulnerability has been resolved: f2fs: avoid format-overflow warning With gcc and W=1 option, there's a warning like this:...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989880)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989880 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/plane: Move range check for formatcount earlier While the check for formatcount 64 in...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989419)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989419 advisory. In the Linux kernel, the following vulnerability has been resolved: f2fs: avoid format-overflow warning With gcc and W=1 option, there's a warning like this:...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989217)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989217 advisory. In the Linux kernel, the following vulnerability has been resolved: udf: Fix preallocation discarding at indirect extent boundary When preallocation extent is the...

PT-2025-46819

Name of the Vulnerable Software and Affected Versions pgAdmin versions up to 9.9 Description pgAdmin is susceptible to a Remote Code Execution RCE issue that arises when operating in server mode and restoring from PLAIN-format dump files. This flaw allows attackers to inject and execute arbitrary...

TencentOS Server 4: lz4 (TSSA-2025:0847)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0847 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

[SECURITY] Fedora 42 Update: rust-interpolator-0.5.0-3.fc42

Runtime format strings, fully compatible with std's macros...

[SECURITY] Fedora 41 Update: rust-interpolator-0.5.0-3.fc41

Runtime format strings, fully compatible with std's macros...

RLSA-2025:19156 Important: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: Libtiff Write-What-Where CVE-2025-9900 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information,...

CVE-2025-57108

Kitware VTK Visualization Toolkit contains a heap use-after-free vulnerability in vtkGLTFDocumentLoader. The vulnerability manifests during mesh object copy operations where vector members are accessed after the underlying memory has been freed, specifically when handling GLTF files with corrupte...

CVE-2025-57107

Kitware VTK Visualization Toolkit contains a heap buffer overflow vulnerability in vtkGLTFDocumentLoader. When processing specially crafted GLTF files, the copy constructor of Accessor objects fails to properly validate buffer boundaries before performing memory read operations...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fixed an out-of-bounds read in sndusbgetaudioformatuac3 In sndusbgetaudioformatuac3, the length value returned from sndusbctlmsg is used directly for memory allocation without validation. This length is controlle...

Astra Linux – Vulnerability in imagemagick

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, using the magick stream command in ImageMagick, specifying multiple consecutive %d format specifiers in a filename template caused a memory leak. Versions...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: BPF: The %p% format string is rejected in bprintf-like helpers. static const char fmt = "%p%"; bpfTracePrintkkernel, fmt, sizeoffmt; The above BPF program is not rejected, but it causes a kernel warning at runtime: “Please remove...

Astra Linux – Vulnerability in Thunderbird

An HTML email containing links to .pdf files can trigger automatic, unsolicited downloads of those files to the user’s desktop or home directory without any prompts, even if auto-saving is disabled. This behavior can be exploited to fill the disk with junk data e.g., using /dev/urandom on Linux o...

libtiff security update

An update is available for libtiff. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libtiff packages contain a library of functions for manipulating Tagged...

Astra Linux - уязвимость в tcl8.6

In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding...

EUVD-2025-37361

Kitware VTK Visualization Toolkit through 9.5.0 contains a heap buffer overflow vulnerability in vtkGLTFDocumentLoader. When processing specially crafted GLTF files, the copy constructor of Accessor objects fails to properly validate buffer boundaries before performing memory read operations...