Security Bulletin: Oracle Outside In Technology (OIT) v8.5.7 BP9, v8.5.8 BP2 vulnerabilities CVE-2025-54874 (vulnerable), CVE-2025-59375 (vulnerable) in FileNet Content Manager (FNCM) Content Based Retrieval (CBR) content indexing

Summary Oracle Outside In Technology OIT v8.5.7 BP9, v8.5.8 BP2 January, 2025 vulnerabilities CVE-2025-54874 vulnerable, CVE-2025-59375 vulnerable in FileNet Content Manager FNCM Content Based Retrieval CBR content indexing Vulnerability Details CVEID:CVE-2025-54874 DESCRIPTION: OpenJPEG is an...

EUVD-2026-34178

libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table MSAT in readMSAT is not fully initialized before being consumed by ole2validatesectorchain, which may result in application crashe...

ROS-20260529-73-0025

The vulnerability of the JSONSCHEMAVALID function in the MariaDB database management system is related to buffer overflows in dynamic memory. Exploiting this vulnerability can allow an attacker to cause service interruptions and execute arbitrary code by sending a specially crafted JSON file...

DEBIAN-CVE-2026-48735

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.1, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing large XMP metadata, possibly with lots of unnecessary elements. This vulnerability is fixed in 6.12.1...

IBM多款产品 安全漏洞

IBM WebSphere Application Server WAS, among others, are products of the American multinational company IBM. IBM WebSphere Application Server is an application server product. IBM WebSphere Application Server Liberty is a Java application server built upon the Open Liberty project. IBM webMethods...

EUVD-2026-31091

Cleartext Storage of Sensitive Information in Memory vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020...

CVE-2026-0857

Cleartext Storage of Sensitive Information in Memory vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020...

ROS-20260520-73-0052

A vulnerability in the Dawn component of the Google Chrome web browser is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...

Moderate: openssl security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key CVE-2026-317...

Use After Free

Overview Magick.NET-Q16-HDRI-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

CVE-2026-42946 NGINX ngx_http_scgi_module and ngx_http_uwsgi_module vulnerability

A vulnerability exists in the ngxhttpscgimodule and ngxhttpuwsgimodule modules that may result in excessive memory allocation or an over-read of data. When scgipass or uwsgipass is configured, an unauthenticated attacker with man-in-the-middle MITM ability to control responses from an upstream...

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. There is a security vulnerability in Apple macOS, which stems from memory processing issues. This vulnerability may cause damage to process memory when handling maliciously crafted images. The...

Security Bulletin: IBM Automation Decision Services for April 2026- Multiple CVEs addressed

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Automation Decision Services. See full list below. Vulnerability Details CVEID:CVE-2025-12183 DESCRIPTION: Out-of-bounds memory operations in org.lz4:lz4-java 1.8....

BIT-THRIFT-2026-43868 Apache Thrift: Rust implementation vulnerable to CVE-2020-13949 pattern

Memory Allocation with Excessive Size Value vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

PT-2026-38479

Memory Allocation with Excessive Size Value vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

UBUNTU-CVE-2026-43162

In the Linux kernel, the following vulnerability has been resolved: media: tegra-video: Fix memory leak in tegrachanneltryformat The state object allocated by v4l2subdevstatealloc must be freed with v4l2subdevstatefree when it is no longer needed. In tegrachanneltryformat, two error paths return...

UBUNTU-CVE-2026-43218

In the Linux kernel, the following vulnerability has been resolved: media: i2c/tw9903: Fix potential memory leak in tw9903probe In one of the error paths in tw9903probe, the memory allocated in v4l2ctrlhandlerinit and v4l2ctrlnewstd is not freed. Fix that by calling v4l2ctrlhandlerfree on the...

Astra Linux - уязвимость в virglrenderer

A double-free vulnerability exists in the vrendrenderer.c file within virglrenderer up to version 0.8.1. Attackers can exploit this vulnerability to cause a denial of service by triggering texture allocation failures. The reason is that vrendrendererresourceallocatedtexture is not an appropriate...

Astra Linux - уязвимость в firefox

In the lginit function, if several allocations succeed, but one fails, an uninitialized pointer would be freed even though it was never actually allocated. This vulnerability affects Firefox versions earlier than 102...

Astra Linux - уязвимость в opensc

Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process when using the pkcs15-init function. To exploit these vulnerabilities, an attacker must have physical access to the computer system and use a custom-constructed USB device or sma...