CVE-2026-6238

A flaw was found in glibc GNU C Library. The deprecated functions nsprintrrf, nsprintrr, and fpnquery do not properly validate the length of RDATA Resource Record Data in a DNS Domain Name System response when processing specific record types like LOC, CERT, TKEY, or TSIG. A remote attacker could...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: fbdev: hypervfb: Fix hang in kdump kernel when on Hyper-V Gen 2 VMs Gen 2 Hyper-V VMs boot via EFI and have a standard EFI framebuffer device. When the kdump kernel runs in such a VM, loading the efifb driver may hang because of...

RockyLinux 8 : xorg-x11-server (RLSA-2026:11692)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:11692 advisory. xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling CVE-2026-33999 xorg: xwayland: X.Org X server:...

php: heap-based buffer overflow in array_merge()

A flaw was found in PHP. A heap-based buffer overflow occurs in the arraymerge function when the total element count of packed arrays exceeds the 32-bit limit or the internal HTMAXSIZE due to an integer overflow in the precomputation of element counts using the zendhashnumelements function, causi...

php: heap-based buffer overflow in array_merge()

A flaw was found in PHP. A heap-based buffer overflow occurs in the arraymerge function when the total element count of packed arrays exceeds the 32-bit limit or the internal HTMAXSIZE due to an integer overflow in the precomputation of element counts using the zendhashnumelements function, causi...

CVE-2025-52870

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 2026/01/20 and...

USN-7945-1 libxslt vulnerability

Ivan Fratric discovered that Libxslt was vulnerable to type confusion when performing XML transformations. An attacker could possibly use this issue to cause Libxslt to crash or corrupt memory, causing a denial of service or undefined behavior...

CVE-2025-52872

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS...

HSEC-2025-0003 Use after free in multithreaded lzma (.xz) decoder

Use after free in multithreaded lzma .xz decoder In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash CVE-2025-31115. The effects include heap use after free and writing to an address based on the null pointer plus ...

EUVD-2019-15295

Malware in sbrugna...

EUVD-2017-18285

Malware in sbrugna...

EUVD-2004-1005

Malware in sbrugna...

EUVD-2015-5725

Malware in sbrugna...

EUVD-2014-9525

Malware in sbrugna...

EUVD-2022-15492

Malicious code in bioql PyPI...

K000152672: SQLite vulnerabilities CVE-2024-0232 and CVE-2025-29088

Security Advisory Description CVE-2024-0232 A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a cras...

MGASA-2025-0167 Updated sqlite3 packages fix security vulnerability

In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3dbconfig in the C-language API can cause a denial of service application crash. An sznBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect. CVE-2025-29088...

DEBIAN-CVE-2025-21977

In the Linux kernel, the following vulnerability has been resolved: fbdev: hypervfb: Fix hang in kdump kernel when on Hyper-V Gen 2 VMs Gen 2 Hyper-V VMs boot via EFI and have a standard EFI framebuffer device. When the kdump kernel runs in such a VM, loading the efifb driver may hang because of...

RHEL 8 : webkit2gtk3 (RHSA-2025:0279)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:0279 advisory. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: WebKitGTK: Processing maliciously...

[SECURITY] [DSA 5835-1] webkit2gtk security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5835-1 [email protected] https://www.debian.org/security/ Alberto Garcia December 25, 2024 https://www.debian.org/security/faq -...