[SECURITY] Fedora 42 Update: python-pydicom-3.0.2-1.fc42

pydicom is a pure python package for working with DICOM files. It was made for inspecting and modifying DICOM data in an easy "pythonic" way. The modifications can be written again to a new file. pydicom is not a DICOM server, and is not primarily about viewing images. It is designed to let you...

EUVD-2025-4687

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-38478

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - comedi: Fix initialization of data for instructions that write to subdevice Some Comedi subdevice instruction handlers are known to access instruction data...

The vulnerability of the IBM DB2 database management system and the IBM DB2 Connect Server automatic redirection server lies in the improper elimination of special elements in data queries. This allows a malicious actor to cause service failures.

The vulnerability of the IBM DB2 database management system and the IBM DB2 Connect Server automatic redirection server is related to the improper elimination of special elements in data queries. Exploiting this vulnerability can allow a malicious actor to cause service interruptions by sending...

CVE-2025-38478

In the Linux kernel, the following vulnerability has been resolved: comedi: Fix initialization of data for instructions that write to subdevice Some Comedi subdevice instruction handlers are known to access instruction data elements beyond the first insn-n elements in some cases. The doinsnioctl...

The vulnerability of the Atlassian Bamboo continuous integration system lies in the improper elimination of special elements in the output data, allowing attackers to gain access to local server files and execute them.

The vulnerability of the Atlassian Bamboo continuous integration system is related to incorrect elimination of special elements in the output data. Exploiting this vulnerability can allow a malicious actor to gain access to local server files and execute them...

The vulnerability of the DCH-compatible Thunderbolt driver relates to incorrect elimination of special elements in the output data, allowing attackers to increase their privileges.

The vulnerability of the DCH-compatible Thunderbolt driver is related to incorrect elimination of special elements in the output data. Exploiting this vulnerability can allow an attacker to increase their privileges...

The vulnerability of the DCH-compatible Thunderbolt driver, related to incorrect elimination of special elements in the output data, allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the DCH-compatible Thunderbolt driver is related to incorrect elimination of special elements in the output data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

CVE-2023-6519

Exposure of Data Element to Wrong Session vulnerability in Mia Technology Inc. MİA-MED allows Read Sensitive Strings Within an Executable. This issue affects MİA-MED: before 1.0.7...

CVE-2023-31275

An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file. A specially crafted malformed file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability...

WPS Office ET Data use of uninitialized pointer vulnerability

Talos Vulnerability Report TALOS-2023-1748 WPS Office ET Data use of uninitialized pointer vulnerability November 27, 2023 CVE Number CVE-2023-31275 SUMMARY An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel fil...

The vulnerability of Hitachi Vantara Pentaho Business Analytics Server’s server lies in the improper elimination of certain elements in the output data, allowing attackers to execute arbitrary commands.

The vulnerability of Hitachi Vantara Pentaho Business Analytics Server relates to the incorrect elimination of certain elements in the output data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by injecting specially crafted Spring templates...

The vulnerability of Websoft HCM’s automation software for HR processes lies in the lack of procedures for neutralizing special elements in output data, which allows attackers to carry out attacks aimed at altering the query logic in the XQuery language against the database.

The vulnerability of Websoft HCM’s automation software for HR processes is related to deficiencies in the process of eliminating special elements from output data. Exploiting this vulnerability allows a malicious actor to remotely carry out an attack aimed at altering the query logic in the XQuer...

The vulnerability of the SAP Business One resource management system allows a perpetrator to execute arbitrary codes.

The vulnerability of the SAP Business One resource management system is related to insufficient cleaning of special elements in the output data used by the incoming component. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

GHSA-6R5V-HP32-FJQW Improper Access Control in Apache WSS4J

Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks."...

The vulnerability of the software package that implements the Squid caching proxy server’s function relates to incorrect elimination of certain elements in the output data. This allows a hacker to compromise the integrity of the data.

The vulnerability of the software package that implements the Squid caching proxy server lies in the improper elimination of certain elements in the output data. Exploiting this vulnerability allows a remote attacker to compromise the integrity of the data...

The vulnerability of the Adobe Download Manager’s download manager, related to incorrect elimination of special elements in the output data used by the incoming component, allows a hacker to execute arbitrary code.

The vulnerability of the Adobe Download Manager’s download manager is related to the incorrect elimination of certain elements in the output data used by the incoming component. Exploiting this vulnerability can allow a malicious actor to execute arbitrary code remotely...

The vulnerability of the Microsoft Dynamics 365 resource planning software and the integrated enterprise management system Microsoft Dynamics NAV lies in the improper elimination of certain elements in the output data used by the incoming component, allowing an attacker to execute arbitrary code.

The vulnerability of the Microsoft Dynamics 365 resource planning software and the integrated enterprise management system Microsoft Dynamics NAV is related to incorrect elimination of special elements in the output data used by the incoming component. Exploitation of this vulnerability can allow...

wss4j: Apache WSS4J doesn't correctly enforce the requireSignedEncryptedDataElements property

It was found that Apache WSS4J permitted bypass of the requireSignedEncryptedDataElements configuration property via XML Signature wrapping attacks. A remote attacker could use this flaw to modify the contents of a signed request...

wss4j: Apache WSS4J doesn't correctly enforce the requireSignedEncryptedDataElements property

It was found that Apache WSS4J permitted bypass of the requireSignedEncryptedDataElements configuration property via XML Signature wrapping attacks. A remote attacker could use this flaw to modify the contents of a signed request...