Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : XML-RPC for C and C++ vulnerabilities (USN-8313-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8313-1 advisory. It was discovered that Expat, vendored in XML-RPC, incorrectly handled certain files. An...

Astra Linux - уязвимость в binutils

A vulnerability was discovered in cp-demangle.c of GNU libiberty, as part of GNU Binutils 2.31. There is a stack consumption vulnerability caused by infinite recursion in the functions nextistypequal and cplusdemangletype in cp-demangle.c. Remote attackers could exploit this vulnerability to caus...

[SECURITY] Fedora 44 Update: qt6-qtscxml-6.10.3-1.fc44

The Qt SCXML module provides functionality to create state machines from SCXM L files. This includes both dynamically creating state machines loading the SCXML file and instantiating states and transitions and generating a C++ file that has a class implementing the state machine. It also contains...

[SECURITY] Fedora 42 Update: libopenmpt-0.8.6-1.fc42

libopenmpt is a cross-platform C++ and C library to decode tracked music files modules into a raw PCM audio stream. libopenmpt is based on the player code of the OpenMPT project Open ModPlug Tracker. In order to avoid code base fragmentation, libopenmpt is developed in the same source code...

[SECURITY] Fedora 43 Update: cpp-httplib-0.38.0-1.fc43

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include the httplib.h file in your code!...

CVE-2026-32725

SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass when processing path-based scopes in tokens. The library normalizes the scope path from the token before authorization and collapses "....

Fedora 43 : insight (2026-0106837085)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-0106837085 advisory. New upstream snapshot. Fixes CVEs 2025-11494, 2025-11495, 2026-2341, 2026-3441, 2026-3442. Fixes CVEs 2025-69644, 2025-69645, 2025-69646. Fixes FTBF...

CVE-2026-28435 Payload size limit bypass via gzip decompression in ContentReader (streaming) allows oversized request bodies in cpp-httplib

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, cpp-httplib httplib.h does not enforce Server::setpayloadmaxlength on the decompressed request body when using HandlerWithContentReader streaming ContentReader with Content-Encoding: gzip or other...

PYSEC-2026-113

Use After Free vulnerability in Apache Arrow C++.This issue affects Apache Arrow C++ from 15.0.0 through 23.0.0. It can be triggered when reading an Arrow IPC file but not an IPC stream with pre-buffering enabled, if the IPC file contains data with variadic buffers such as Binary View and String...

CVE-2026-25087

Use After Free vulnerability in Apache Arrow C++. This issue affects Apache Arrow C++ from 15.0.0 through 23.0.0. It can be triggered when reading an Arrow IPC file but not an IPC stream with pre-buffering enabled, if the IPC file contains data with variadic buffers such as Binary View and String...

libiberty 安全漏洞

libiberty is a collection of subroutines used by GNU programs within the American GNU community. There is a security vulnerability in libiberty, which can cause applications to crash due to a specially crafted C++ symbol deconstruction...

SUSE-SU-2026:0412-1 Security update for abseil-cpp

This update for abseil-cpp fixes the following issues: Update to 20240116.3 - CVE-2025-0838: Fixed potential integer overflow in hash container create/resize bsc1237543...

SUSE-SU-2026:0338-1 Security update for abseil-cpp

This update for abseil-cpp fixes the following issues: - CVE-2025-0838: Fixed heap buffer overflow in sized constructors, reserve, and rehash methods of absl:flat,nodehashset,map bsc1237543...

Important: ecs-service-connect-agent

Issue Overview: There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with transmit zero copy enabled through the channel arg GRPCARGTCPTXZEROCOPYENABLED can experience data corruption issues. The data sent by the application may be corrupted before transmission...

Amazon Linux 2 : ecs-service-connect-agent, --advisory ALAS2ECS-2025-093 (ALASECS-2025-093)

The version of ecs-service-connect-agent installed on the remote host is prior to v1.34.4.2-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2025-093 advisory. There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with...

CVE-2026-21428

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.0, the writeheaders function does not check for CR & LF characters in user supplied headers, allowing untrusted header value to escape header lines. This vulnerability allows attackers to add...

[SECURITY] Fedora 43 Update: tinygltf-2.9.7-1.fc43

TinyGLTF is a header only C++11 glTF 2.0 library...

CVE-2025-59461

CVE-2025-59461 is an externally exploitable issue described as a remote, unauthenticated access via an unauthenticated C++ API that can disclose/modify sensitive data and disrupt services. Connected docs associate the vulnerability with the SICK TLOC100-100 product and reflect ER/Red Hat/NVD entr...

AudioFile 安全漏洞

AudioFile is a simple C++ library containing only header files by the individual developer Adam Stark in the UK. It is used to read and write audio files. A security vulnerability exists in AudioFile version v0.3.7, which stems from a null pointer dereference in the ModuleState::setup function...

Linux Distros Unpatched Vulnerability : CVE-2018-9138

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling functions...