1366 matches found
Security update for postgresql13 (important)
openSUSE security update: security update for postgresql13 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20449-1 Rating: important References: bsc1253332 bsc1253333 Cross-References: CVE-2025-12817 CVE-2025-12818 CVSS scores: CVE-2025-12817 SUSE :...
SUSE-SU-2026:20986-1 Security update for postgresql13
This update for postgresql13 fixes the following issues: Security fixes: - CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts bsc1253332 -...
USN-8128-1: CryptX vulnerabilities
It was discovered that CryptX did not verify authentication tags while performing GCM and ChaCha20-Poly1305 decryption. An attacker could possibly use this issue to cause CryptX to accept modified ciphertext, leading to data integrity violations or authentication bypass. This issue only affected...
CVE-2026-23395
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix accepting multiple L2CAPECREDCONNREQ Currently the code attempts to accept requests regardless of the command identifier which may cause multiple requests to be marked as pending FLAGDEFERSETUP which can cau...
ALPINE-CVE-2026-32647
NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module module, which might allow an attacker to trigger a buffer over-read or over-write to the NGINX worker memory resulting in its termination or possibly code execution, using a specially crafted MP4 file. This issue affect...
Advisory ROSA-SA-2026-3233
software: libcupsfilters 2.0.0 OS: ROSA-CHROME unaffected versions = libcupsfilters-2.0.0.0-8 affected versions libcupsfilters-2.0.0-8 CVE-ID: CVE-2025-57812 BDU-ID: 2025-15977 CVE-Crit: LOW CVE-DESC.: A vulnerability in the cfFilterImageToRaster function of the CUPS print server is related to...
Metricbeat 8.19.13, 9.2.5 Security Update (ESA-2026-09)
Memory Allocation with Excessive Size Value in Metricbeat Leading to Denial of Service Memory Allocation with Excessive Size Value CWE-789 in the Prometheus remotewrite HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation CAPEC-130. Affected Versions: 8.x: All versions...
CVE-2026-31971
HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. When reading data encoded using the BYTEARRAYLEN method, the crambytearraylendecode failed to validat...
CVE-2026-31968
HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. For the VARINT and CONST encodings, incomplete validation of the context in which the encodings were...
CVE-2026-31968
HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. For the VARINT and CONST encodings, incomplete validation of the context in which the encodings were...
GHSA-C8RR-9GXC-JPRV UltraJSON has an integer overflow handling large indent leads to buffer overflow or infinite loop
Summary ujson.dumps crashes the Python interpreter segmentation fault when the product of the indent parameter and the nested depth of the input exceeds INT32MAX. It can also get stuck in an infinite loop if the indent is a large negative number. Both are caused by an integer overflow/underflow...
HTSlib 安全漏洞
HTSlib is a C-language library developed by samtools. Versions of HTSlib prior to 1.23.1, 1.22.2, and 1.21.1 have security vulnerabilities. These vulnerabilities stem from the crambytearraylendecode function not verifying the amount of data, which may lead to heap buffer overflows or stack...
Improperly Controlled Sequential Memory Allocation
Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Improperly Controlled Sequential Memory Allocation in the Cloud function endpoint. An attacker can cause the server process ...
EulerOS Virtualization 2.12.0 : libarchive (EulerOS-SA-2026-1492)
According to the versions of the libarchive package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libarchive bsdtar before version 3.8.1 in function applysubstitution in file tar/subst.c when...
CVE-2026-3085
GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary...
Linux Distros Unpatched Vulnerability : CVE-2026-32259
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9.13-41, when a memory allocation fails i...
EUVD-2026-11692
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9.13-41, when a memory allocation fails in the sixel encoder it would be possible to write past the end of a buffer on the stack. This vulnerability is fixed in 7.1.2-16 and...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005781)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005781 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Validate the box size for the snooped cursor Invalid userspace dma surface copies cou...
CVE-2026-0028
In pkvmhostshareguest of memprotect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-2913 libvips source.c vips_source_read_to_memory heap-based overflow
A vulnerability was determined in libvips up to 8.19.0. The affected element is the function vipssourcereadtomemory of the file libvips/iofuncs/source.c. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The attack's complexity is rated as...