CVE-2025-25472

A buffer overflow in DCMTK git master v3.6.9+ DEV allows attackers to cause a Denial of Service DoS via a crafted DCM file...

CVE-2025-25473

FFmpeg git master before commit c08d30 was discovered to contain a memory leak in the avformatfreecontext function in libavutil/mem.c...

CVE-2025-27113

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c...

CVE-2025-1378

A vulnerability, which was classified as problematic, was found in radare2 5.9.9 33286. Affected is an unknown function in the library /libr/main/rasm2.c of the component rasm2. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to...

CVE-2025-1369

A vulnerability classified as critical was found in MicroWord eScan Antivirus 7.0.32 on Linux. Affected by this vulnerability is an unknown functionality of the component USB Password Handler. The manipulation leads to os command injection. The attack needs to be approached locally. The complexit...

CVE-2025-1365

A vulnerability, which was classified as critical, was found in GNU elfutils 0.192. This affects the function processsymtab of the file readelf.c of the component eu-readelf. The manipulation of the argument D/a leads to buffer overflow. Local access is required to approach this attack. The explo...

CVE-2024-57970

libarchive through 3.7.7 has a heap-based buffer over-read in headergnulonglink in archivereadsupportformattar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname...

CVE-2025-26519

musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8...

ROS-20250212-09

A vulnerability in the PHP Smarty templating engine is related to incorrect input validation when processing the attribute "extends-tag" attribute. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary PHP code on the target system. arbitrary PHP code on t...

ROS-20250212-07

Vulnerability of JxlEncoderAddJPEGFrame function of JPEG XL decoder of Libjxl library is related to operation outside of memory buffer boundaries. operation beyond the buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of...

CVE-2025-1215

A vulnerability classified as problematic was found in vim up to 9.1.1096. This vulnerability affects unknown code of the file src/main.c. The manipulation of the argument --log leads to memory corruption. It is possible to launch the attack on the local host. Upgrading to version 9.1.1097 is abl...

CVE-2024-45336 affecting package golang for versions less than 1.22.7-2

CVE-2024-45336 affecting package golang for versions less than 1.22.7-2. A patched version of the package is available...

CVE-2025-21699

In the Linux kernel, the following vulnerability has been resolved: gfs2: Truncate address space when flipping GFS2DIFJDATA flag Truncate an inode's address space when flipping the GFS2DIFJDATA flag: depending on that flag, the pages in the address space will either use buffer heads or...

Updated python-twisted packages fix security vulnerabilities

Twisted.web has disordered HTTP pipeline response. CVE-2023-46137 Twisted.web has disordered HTTP pipeline response. CVE-2024-41671 HTML injection in HTTP redirect body. CVE-2024-41810...

CVE-2024-12797

Issue summary: Clients using RFC7250 Raw Public Keys RPKs to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSLVERIFYPEER verification mode is set. Impact summary: TLS and DTLS connections using raw public keys m...

CVE-2025-21693

In the Linux kernel, the following vulnerability has been resolved: mm: zswap: properly synchronize freeing resources during CPU hotunplug In zswapcompress and zswapdecompress, the per-CPU acompctx of the current CPU at the beginning of the operation is retrieved and used throughout. However, sin...

CVE-2024-12243

A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially...

[SECURITY] Fedora 41 Update: rust-afterburn-5.7.0-3.fc41

A simple cloud provider agent...

CVE-2021-27017

Utilization of a module presented a security risk by allowing the deserialization of untrusted/user supplied data. This is resolved in the Puppet Agent 7.4.0 release...

CVE-2025-23419

When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...