38 matches found
DEBIAN-CVE-2026-3634
A flaw was found in libsoup. An attacker controlling the value used to set the Content-Type header can inject a Carriage Return Line Feed CRLF sequence due to improper input sanitization in the soupmessageheaderssetcontenttype function. This vulnerability allows for the injection of arbitrary...
DEBIAN-CVE-2025-64098
Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group . Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an Out-Of-Memory OOM...
BELL-CVE-2026-21932
Bulletin has no description...
BELL-CVE-2025-68328
Bulletin has no description...
DEBIAN-CVE-2025-14957
A vulnerability was identified in WebAssembly Binaryen up to 125. This affects the function IRBuilder::makeLocalGet/IRBuilder::makeLocalSet/IRBuilder::makeLocalTee of the file src/wasm/wasm-ir-builder.cpp of the component IRBuilder. Such manipulation of the argument Index leads to null pointer...
DEBIAN-CVE-2025-68323
In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: fix use-after-free caused by uec-work The delayed work uec-work is scheduled in gaokunucsiprobe but never properly canceled in gaokunucsiremove. This creates use-after-free scenarios where the ucsi and gaokunucs...
DEBIAN-CVE-2025-68297
In the Linux kernel, the following vulnerability has been resolved: ceph: fix crash in processv2sparseread for encrypted directories The crash in processv2sparseread for fscrypt-encrypted directories has been reported. Issue takes place for Ceph msgr2 protocol in secure mode. It can be reproduced...
DLA-4403-1 tzdata - new timezone database
Bulletin has no description...
DEBIAN-CVE-2025-40335
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate userq input args This will help on validating the userq input args, and rejecting for the invalid userq request at the IOCTLs first place...
CVE-2025-9648 Denial of Service in CivetWeb
A vulnerability in the CivetWeb library's function mghandleformrequest allows remote attackers to trigger a denial of service DoS condition. By sending a specially crafted HTTP POST request containing a null byte in the payload, the server enters an infinite loop during form data parsing. Multipl...
MAL-2025-11454 Malicious code in @zalastax/nolb-finn (npm)
The package @zalastax/nolb-finn was found to contain malicious code...
CVE-2024-43340
Cross-Site Request Forgery CSRF vulnerability in Nasirahmed Advanced Form Integration.This issue affects Advanced Form Integration: from n/a through 1.89.4...
BELL-CVE-2024-35894
Bulletin has no description...
CVE-2023-40095
In createDontSendToRestrictedAppsBundle of PendingIntentUtils.java, there is a possible background activity launch due to a missing check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2022-42827
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively...
alphapulldown (>=0.21.2 <=0.22.3), analytics-lib (>=0.0.1 <=0.0.2) +60 more potentially affected by CVE-2021-41204 via tensorflow (>=2.5.0 <=2.5.1)
tensorflow PYPI version =2.5.0, =0.21.2, =0.0.1, =1.1.0, =0.1.6, =0.8.1, =3.3.0, =0.0.24, =1.0.0, =2.0.2, =0.6.0, =0.8.0 and more Source cves: CVE-2021-41204 Source advisory: OSV:GHSA-786J-5QWQ-R36X...
DEBIAN-CVE-2021-39371
An XML external entity XXE injection in PyWPS before 4.4.5 allows an attacker to view files on the application server filesystem by assigning a path to the entity. OWSLib 0.24.1 may also be affected...
@devpodio/application-manager (>=0.3.16 <=0.3.20), @devpodio/bunyan (>=0.3.16 <=0.3.20) +158 more potentially affected by CVE-2018-15685 via electron (>=1.8.1 <=1.8.7)
electron NPM version =1.8.1, =0.3.16, =0.3.16, =0.3.16, =0.3.16, =0.3.16, =0.3.16, =0.3.16, =0.3.16, =0.3.16, =0.3.16, =0.3.16, =0.3.16, =0.3.16, =0.3.16, =0.3.16, =0.3.20 and more Source cves: CVE-2018-15685 Source advisory: OSV:GHSA-HV9C-QWQG-QJ3V...