OESA-2025-2050 libtiff security update

This provides support for the Tag Image File Format TIFF, a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff...

[SECURITY] Fedora 42 Update: libtiff-4.7.0-7.fc42

The libtiff package contains a library of functions for manipulating TIFF Tagged Image File Format image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if yo...

HCL BigFix SaaS Authentication Service 安全漏洞

HCL BigFix SaaS Authentication Service is an endpoint management platform from HCL India. A security vulnerability exists in HCL BigFix SaaS Authentication Service that stems from the image upload feature not adequately validating the image format, which could lead to cross-site scripting attacks...

PT-2025-33486 · Autodesk · Autocad

Name of the Vulnerable Software and Affected Versions: Autodesk AutoCAD affected versions not specified Description: A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can trigger an Out-of-Bounds Read issue. A malicious actor can exploit this to cause a crash, read...

PT-2025-33487 · Autodesk · Autocad

Name of the Vulnerable Software and Affected Versions: Autodesk AutoCAD affected versions not specified Description: A maliciously crafted DGN file, when parsed through Autodesk AutoCAD, can trigger an uninitialized variable issue. A malicious actor can leverage this to cause a crash, read...

Linux Distros Unpatched Vulnerability : CVE-2025-38226

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: vivid: Change the siize of the composing syzkaller found a bug: BUG: KASAN: vmalloc-out-of-bounds in tpgfillplanepattern...

Linux Distros Unpatched Vulnerability : CVE-2019-11719

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When importing a curve25519 private key in PKCS8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services...

Malicious code in browser-html-to-rtf (npm)

The package browser-html-to-rtf was found to contain malicious code...

brick-node (>=0.0.0 <=0.0.17), change-object (=0.0.0) +8 more potentially affected by unknown CVE via stream-format (=0.0.3)

stream-format NPM version =0.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on stream-format and may be impacted: - brick-node =0.0.0, =1.16.0, =0.0.0, =1.0.1 Source cves: unknown CVE Source advisory: OSV:MAL-2025-34079...

@quailjs/quail-core (>=0.0.17 <=0.0.21), assume (>=0.0.10 <=1.4.0) +62 more potentially affected by unknown CVE via format-text (>=0.0.3 <=2.0.0)

format-text NPM version =0.0.3, =0.0.17, =0.0.10, =7.1.0, =0.0.0, =0.0.0, =0.0.0, =0.0.0, =0.0.0, =0.5.0-alpha.2, =0.0.0, =0.0.0, =2.3.0 - codemirror-console-ui =1.0.0 and more Source cves: unknown CVE Source advisory: OSV:MAL-2025-20789...

Malicious code in style-format (npm)

The package style-format was found to contain malicious code...

Malicious code in stream-format (npm)

The package stream-format was found to contain malicious code...

brick-node (>=0.0.0 <=0.0.17), change-object (=0.0.0) +9 more potentially affected by unknown CVE via pause-function (=0.0.1)

pause-function NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on pause-function and may be impacted: - brick-node =0.0.0, =1.16.0, =0.0.0, =1.0.1 - stream-format =0.0.3 Source cves: unknown CVE Source advisory: OSV:MAL-2025-28923...

MAL-2025-15528 Malicious code in bb-babelfish-format (npm)

The package bb-babelfish-format was found to contain malicious code...

MAL-2025-34079 Malicious code in stream-format (npm)

The package stream-format was found to contain malicious code...

Malicious code in format-text (npm)

The package format-text was found to contain malicious code...

assume (>=0.0.10 <=1.4.0), atomify (>=7.1.0 <=7.3.1) +32 more potentially affected by unknown CVE via style-format (>=0.0.0 <=2.0.0)

style-format NPM version =0.0.0, =0.0.10, =7.1.0, =0.0.8, =0.0.0, =0.0.0, =0.0.0, =1.0.0, =0.0.0, =0.0.2 - fd-select =1.0.0 - frp-tick =1.0.0 - generator-freekerneljs =0.6.0 - hearing-aid =1.0.0 and more Source cves: unknown CVE Source advisory: OSV:MAL-2025-34115...

alert (>=0.0.0 <=0.0.1), background-image (=0.0.0) +40 more potentially affected by unknown CVE via new-format (>=0.0.1 <=2.0.0)

new-format NPM version =0.0.1, =0.0.0, =0.0.0, =0.0.0, =0.0.0, =0.3.0, =0.0.0, =0.0.10, =0.0.0, =0.0.0, =0.0.0, =0.0.13 and more Source cves: unknown CVE Source advisory: OSV:MAL-2025-27361...

Malicious code in bb-babelfish-format (npm)

The package bb-babelfish-format was found to contain malicious code...

Malicious code in new-format (npm)

The package new-format was found to contain malicious code...