PT-2026-49076

A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The event script queries the systemd journal for log entries matching the crashed process and writes the results to files in the dump directory without sanitizing embedded control characters. A...

PT-2026-49159

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=519588196 Crash type: Heap-use-after-free READ 8 Crash state: gf sg reset gf sg del fuzz scene.c...

PT-2026-47120

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=516422427 Crash type: Heap-buffer-overflow READ 1 Crash state: ihevcd sao shift ctb ihevcd process ihevcd parse slice data...

PT-2026-46875

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=516319578 Crash type: Heap-buffer-overflow WRITE 1 Crash state: ihevcd fmt conv 422sp to 420p ihevcd fmt conv ihevcd decode...

OSV-2026-807 Security exception in com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.statement

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=515650237 Crash type: Security exception Crash state: com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.statement java.base/jdk.internal.misc.Unsafe.weakCompareAndSetInt...

PT-2026-45893

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=515663946 Crash type: Container-overflow READ 1 Crash state: OpenBabel::MDLFormat::ReadV3000Block OpenBabel::MDLFormat::ReadMolecule OpenBabel::OBConversion::Read...

OSV-2026-726 Use-after-poison in md_build_attribute

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=512429151 Crash type: Use-after-poison READ 1 Crash state: mdbuildattribute mdprocessallblocks mdparse...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: fixed potential NULL pointer dereferencing in ncmbitrate In Google’s internal bug report 265639009, we received a crash report from a aarch64 GKI 5.10.149-android13 running device. This report is currently...

Linux Distros Unpatched Vulnerability : CVE-2025-14551

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report t...

CVE-2025-14551

In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, Subiquity could include certain user credentials, such as the user's plaintext Wi-Fi password, in the attached logs...

EUVD-2025-209377

In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, ubuntu-desktop-provision could include the user's password hash in the attached logs...

CVE-2025-15480

In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, ubuntu-desktop-provision could include the user's password hash in the attached logs...

CVE-2025-15480 Senstive information disclosure was affecting ubuntu-desktop-provision

In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, ubuntu-desktop-provision could include the user's password hash in the attached logs...

Ubuntu Desktop Provision 安全漏洞

Ubuntu Desktop Provision is an open-source desktop configuration tool developed by Canonical. Version 24.04.4 of Ubuntu Desktop Provision contains a security vulnerability, which stems from improper handling of crash reports and could lead to password hash leaks...

OSV-2026-370 Security exception in com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=490658507 Crash type: Security exception Crash state: com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr java.base/java.lang.System$2.encodeASCII java.base/sun.nio.cs.UTF8$Encoder.encodeArrayLoop...

OSV-2026-357 Heap-buffer-overflow in _cupsRasterAddError

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=489911024 Crash type: Heap-buffer-overflow WRITE 3 Crash state: cupsRasterAddError cupsRasterExecPS fuzzcups.c...

OSV-2026-272 Heap-use-after-free in vcardproperty_get_value

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=485932113 Crash type: Heap-use-after-free READ 8 Crash state: vcardpropertygetvalue vcardpropertygetversion parsevcard...

OSV-2026-189 Global-buffer-overflow in gpsd_poll

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=480975802 Crash type: Global-buffer-overflow READ 1 Crash state: gpsdpoll FuzzDriversStructured.c...

OSV-2026-170 Use-of-uninitialized-value in pcpp::PcapNgFileReaderDevice::getNextPacketInternal

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=479882050 Crash type: Use-of-uninitialized-value Crash state: pcpp::PcapNgFileReaderDevice::getNextPacketInternal pcpp::IFileReaderDevice::getNextPackets FuzzWriter.cpp...

OSV-2026-150 Null-dereference READ in wasm_runtime_invoke_native

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=478557340 Crash type: Null-dereference READ Crash state: wasmruntimeinvokenative wasminterpcallwasm wasmcallfunction...