BIT-PYTHON-MIN-2026-3479 pkgutil.get_data() does not enforce documented restrictions

pkgutil.getdata did not validate the resource argument as documented, allowing path traversals...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987533)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987533 advisory. In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Avoid out of bounds access when parsing CPC data If the NumEntries field in the CPC...

CVE-2025-62672

rplay through 3.3.2 allows attackers to cause a denial of service SIGSEGV and daemon crash or possibly have unspecified other impact. This occurs in memcpy in the RPLAYDATA case in rplayunpack in librplay/rplay.c, potentially reachable via packet data with no authentication...

Linux Distros Unpatched Vulnerability : CVE-2025-38701

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ext4: do not BUG when INLINEDATAFL lacks system.data xattr A syzbot fuzzed image triggered a BUGON in ext4updateinlinedata when an inode had the INLINEDATAFL fl...

Linux Distros Unpatched Vulnerability : CVE-2020-0093

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In exifdatasavedataentry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure...

Linux Distros Unpatched Vulnerability : CVE-2024-26694

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix double-free bug The storage for the TLV PC register data wasn't done like...

Linux Distros Unpatched Vulnerability : CVE-2023-52527

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ipv4, ipv6: Fix handling of transhdrlen in ip,6appenddata Including the transhdrlen in length is a problem when the packet is partially filled e.g. something...

DEBIAN-CVE-2025-21845

In the Linux kernel, the following vulnerability has been resolved: mtd: spi-nor: sst: Fix SST write failure 'commit 18bcb4aa54ea "mtd: spi-nor: sst: Factor out common write operation to sstnorwritedata"' introduced a bug where only one byte of data is written, regardless of the number of bytes...

PT-2024-19151 · Google · Android +1

Name of the Vulnerable Software and Affected Versions: TBD affected versions not specified Description: The issue is related to a missing bounds check in the init data function, which could lead to a possible out of bounds write. This could result in local escalation of privilege with no addition...

CVE-2023-27478

libmemcached-awesome is an open source C/C++ client library and tools for the memcached server. libmemcached could return data for a previously requested key, if that previous request timed out due to a low POLLTIMEOUT. This issue has been addressed in version 1.1.4. Users are advised to upgrade...

SUSE CVE-2018-9305

In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c could result in a crash or information leak, related to the "== 0x1c" case...

tzdata bug fix and enhancement update

The tzdata packages contain data files with rules for various time zones. The tzdata packages have been updated to version 2022a, which addresses recent time zone changes. Notably: In Palestine the daylight saving time DST starts on March 27, 2022, not on March 26. The zdump -v command now output...

Interactsh - An OOB Interaction Gathering Server And Client Library

Interactsh is an Open-Source Solution for Out of band Data Extraction, A tool designed to detect bugs that cause external interactions, For example - Blind SQLi, Blind CMDi, SSRF, etc. Features DNS/HTTP/SMTP Interaction support CLI Client / Web Dashboard support AES encryption with zero logging...

PT-2021-4588 · Libebml +1 · Libebml +1

Name of the Vulnerable Software and Affected Versions: libebml versions prior to 1.4.2 Description: A flaw was found in the implementation of the EbmlString::ReadData and EbmlUnicodeString::ReadData functions in libebml, which can cause a heap overflow error. This issue is related to writing beyo...

DEBIAN-CVE-2020-0093

In exifdatasavedataentry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0...

CVE-2020-12717

The COVIDSafe Australia app 1.0 and 1.1 for iOS allows a remote attacker to crash the app, and consequently interfere with COVID-19 contact tracing, via a Bluetooth advertisement containing manufacturer data that is too short. This occurs because of an erroneous OpenTrace manuData.subdata call. T...

PT-2020-2411 · Php +8 · Php +8

Name of the Vulnerable Software and Affected Versions: PHP versions 7.2.x below 7.2.9 PHP versions 7.3.x below 7.3.16 PHP versions 7.4.x below 7.4.4 Description: The issue is related to the exif read data function in PHP, which can cause the language to read one byte of uninitialized memory while...