EUVD-2023-2267

Malicious code in bioql PyPI...

AZL-66716 CVE-2025-58058 affecting package podman 4.1.1-26

xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current...

Linux Distros Unpatched Vulnerability : CVE-2025-54799

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Let's Encrypt client and ACME library written in Go Lego. In versions 4.25.1 and below, the github.com/go-acme/lego/v4/acme/api package thus the lego library an...

CVE-2025-8746 GNU libopts __strstr_sse2 memory corruption

A vulnerability, which was classified as problematic, was found in GNU libopts up to 27.6. Affected is the function strstrsse2. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. This issue w...

UBUNTU-CVE-2024-45336

The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however,...

GHSA-MHG9-MM8C-C683 pywasm3 has an Invalid Memory Read, Leading to DoS and Potential Code Execution

wasm3 139076a suffers from Invalid Memory Read, leading to DoS and potential Code Execution...

AZL-48896 CVE-2024-34155 affecting package golang for versions less than 1.18.8-8

Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion...

UBUNTU-CVE-2024-2004

When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been...

Libnbd: crash or misbehaviour when nbd server returns an unexpected block size

...

Oracle Linux 7 : dhcp (ELSA-2019-2060)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-2060 advisory. 12:4.2.5-77.0.1 - Direct users to Oracle Linux support site. 12:4.2.5-77 - Resolves: 1712414 - Reset signal handlers set by isclib 12:4.2.5-76 - Resolves: 17046...

CVE-2022-48566

An issue was discovered in comparedigest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.comparedigest...

Thunderbird: Hang when processing certain OpenPGP messages

The Mozilla Foundation Security Advisory describes this flaw as: Certain malformed OpenPGP messages could trigger incorrect parsing of PKESK/SKESK packets due to a bug in the Ribose RNP library used by Thunderbird up to version 102.9.1, which would cause the Thunderbird user interface to hang. Th...

SUSE CVE-2019-6470

There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All...

CVE-2022-39278 Istio vulnerable to denial of service attack due to Golang Regex Library

Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection. Prior to versions 1.15.2, 1.14.5, and 1.13.9, the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a...

UBUNTU-CVE-2022-2889

Use After Free in GitHub repository vim/vim prior to 9.0.0225...

UBUNTU-CVE-2022-2833

Endless Infinite loop in Blender-thumnailing due to logical bugs...

OESA-2022-1556 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

UBUNTU-CVE-2021-38172

perM 0.4.0 has a Buffer Overflow related to strncpy. Debian initially fixed this in 0.4.0-7...

UBUNTU-CVE-2021-44992

There is an Assertion ''ecmaobjectistypedarray objp'' failed at /jerry-core/ecma/operations/ecma-typedarray-object.c in Jerryscript 3.0.0...

CVE-2022-21708

graphql-go is a GraphQL server with a focus on ease of use. In versions prior to 1.3.0 there exists a DoS vulnerability that is possible due to a bug in the library that would allow an attacker with specifically designed queries to cause stack overflow panics. Any user with access to the GraphQL...