CVE-2025-55560

An issue in pytorch v2.7.0 can lead to a Denial of Service DoS when a PyTorch model consists of torch.Tensor.tosparse and torch.Tensor.todense and is compiled by Inductor...

CVE-2025-55554

pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nantonum-.long...

CVE-2025-8869

When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706. Note that upgrading pip to a "fixed" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python versi...

CVE-2025-1131

A local privilege escalation vulnerability exists in the safeasterisk script included with the Asterisk toolkit package. When Asterisk is started via this script common in SysV init or FreePBX environments, it sources all .sh files located in /etc/asterisk/startup.d/ as root, without validating...

GHSA-W7R3-MGWF-4MQQ vulnerabilities

Vulnerabilities for packages: kubernetes-reflector...

ROS-20250923-15

Vulnerability of LDAP protocol implementation of Samba networking software package is related to flaws in access control list ACL based access delimitation. Exploitation of the vulnerability could allow an attacker acting remotely to escalate privileges...

GHSA-33VC-WFWW-VJFV vulnerabilities

Vulnerabilities for packages: langfuse, jitsucom-jitsu...

imagemagick: ImageMagick (WriteBMPImage): 32-bit integer overflow when writing BMP scanline stride → heap buffer overflow

A flaw was found in ImageMagick. In 32-bit builds, the Bitmap encoder miscalculates the stride value when processing images with very large with. Mathematically, the stride value is calculated as width multiplied by 3 but the theoretical limit of such value is 2^32 for 32-bit integers. So, if thi...

GHSA-67V4-38H7-9JJP vulnerabilities

Vulnerabilities for packages: jenkins...

CVE-2025-59475 vulnerabilities

Vulnerabilities for packages: jenkins...

GHSA-QRH5-JG98-CR48 vulnerabilities

Vulnerabilities for packages: jenkins...

SUSE CVE-2025-21575

unknown...

CVE-2025-39853

In the Linux kernel, the following vulnerability has been resolved: i40e: Fix potential invalid access when MAC list is empty listfirstentry never returns NULL - if the list is empty, it still returns a pointer to an invalid object, leading to potential invalid memory access when dereferenced. Fi...

CVE-2025-39851

In the Linux kernel, the following vulnerability has been resolved: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object VXLAN FDB entries can point to either a remote destination or an FDB nexthop group. The latter is usually used in EVPN deployments where learning is disabled...

CVE-2025-39846

In the Linux kernel, the following vulnerability has been resolved: pcmcia: Fix a NULL pointer dereference in iodynfindioregion In iodynfindioregion, pcmciamakeresource is assigned to res and used in pcibusallocresource. There is a dereference of res in pcibusallocresource, which could lead to a...

CVE-2025-39842

In the Linux kernel, the following vulnerability has been resolved: ocfs2: prevent release journal inode after journal shutdown Before calling ocfs2deleteosb, ocfs2journalshutdown has already been executed in ocfs2dismountvolume, so osb-journal must be NULL. Therefore, the following calltrace wil...

CVE-2023-53433

In the Linux kernel, the following vulnerability has been resolved: net: add vlangetprotocolanddepth helper Before blamed commit, pskbmaypull was used instead of skbheaderpointer in vlangetprotocol and friends. Few callers depended on skb-head being populated with MAC header, syzbot caught one of...

CVE-2025-54389 affecting package aide for versions less than 0.18.6-2

CVE-2025-54389 affecting package aide for versions less than 0.18.6-2. A patched version of the package is available...

CVE-2023-53373

In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Handle EBUSY correctly As it is seqiv only handles the special return value of EINPROGERSS, which means that in all other cases it will free data related to the request. However, as the caller of seqiv may specify...

CVE-2022-50359

In the Linux kernel, the following vulnerability has been resolved: media: cx88: Fix a null-ptr-deref bug in bufferprepare When the driver calls cx88riscbuffer to prepare the buffer, the function call may fail, resulting in a empty buffer and null-ptr-deref later in bufferqueue. The following log...