91 matches found
vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass
A flaw was found in Vim's zip.vim plugin. A local user could be tricked into opening a specially crafted zip archive, which would allow a path traversal bypass. This vulnerability enables an attacker to overwrite arbitrary files on the system, potentially leading to data integrity issues or furth...
SUSE SLES12 Security Update : amazon-ssm-agent (SUSE-SU-2026:2468-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2468-1 advisory. This update for amazon-ssm-agent fixes the following issues Update to version 3.3.4624.0: - CVE-2025-22869: golang.org/x/crypto/ssh...
SUSE-SU-2026:2467-1 Security update for amazon-ssm-agent
This update for amazon-ssm-agent fixes the following issues Update to version 3.3.4624.0: - CVE-2025-22869: golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh bsc1239342. - CVE-2025-22870: golang.org/x/net/proxy: proxy bypass using IPv6 zone IDs bsc1238702. ...
kernel: crypto: algif_aead - Revert to operating out-of-place
A flaw was found in the Linux kernel's algifaead cryptographic algorithm interface. An incorrect in-place operation causes source and destination data mappings to differ during cryptographic processing. A low-privileged local attacker can exploit this flaw to corrupt the contents of sensitive...
kernel: Linux kernel: Denial of service and memory corruption in RDMA umad
A flaw was found in the Linux kernel's Remote Direct Memory Access RDMA umad User Mode Access Device component. A local user can exploit this vulnerability by manipulating input, causing an integer underflow that leads to an out-of-bounds memory write. This memory corruption can result in a denia...
Security update for python311
This update for python311 fixes the following issues: CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters bsc1257029. CVE-2025-12781: inadequate parameter check can cause data integrity issues bsc1257108. CVE-2025-15282:...
HSEC-2024-0007 Sign extension error in the AArch64 NCG
Sign extension error in the AArch64 NCG Arithmetic operations may result in incorrect runtime results on the native aarch64 backend. For the most part, this bug only causes availability and data integrity issues. However, in some circumstances, it may result in other, more complicated security...
HSEC-2024-0008 Sign extension error in the PPC64le FFI
Sign extension error in the PPC64le FFI Numeric arguments of FFI call on the PPC64le backend may result in incorrect runtime values. For the most part, this bug only causes availability and data integrity issues. However, in some circumstances, it may result in other, more complicated security...
HSEC-2024-0006 fromIntegral: conversion error
fromIntegral: conversion error fromIntegral may result in coercion errors when used with optimization flags -O1 or -O2 in the following situation: - Converting negative Int to Natural does not throw an arithmetic underflow error - Converting large Integer greater than 2^64 to Natural overflow. Fo...
EUVD-2006-7019
Malware in sbrugna...
EUVD-2024-0089
Malicious code in bioql PyPI...
EUVD-2025-10498
Malicious code in bioql PyPI...
EUVD-2022-1066
Malicious code in bioql PyPI...
EUVD-2025-7039
Malicious code in bioql PyPI...
EUVD-2025-8214
Malicious code in bioql PyPI...
ROS-20250929-13
Vulnerability in Mozilla Firefox, Mozilla Firefox ESR, Mozilla Thunderbird email client is related to with an operation exceeding the memory buffer boundaries. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary code Vulnerability in JavaScript Engine...
libvpx: Integer overflow in vpx_img_alloc()
A flaw was found in libvpx. When creating images, libvpx trusts the width, height, and alignment of the user input. However, it does not properly validate the provided values. This flaw allows an attacker to craft user inputs or trick the user into opening crafted files, where these types of valu...
CVE-2025-5987
A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with th...
Hash Collision Attack
vllm is vulnerable to hash collision and data integrity issues. The vulnerability is due to improper image serialization using only raw pixel bytes without metadata, allowing attackers to create images with identical hashes and exploit cache poisoning or access sensitive data...
Amazon Linux 2023 : compat-libpthread-nonshared, glibc, glibc-all-langpacks (ALAS2023-2025-988)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-988 advisory. In iconvdata/iso-2022-jp-3.c in the GNU C Library aka glibc 2.34, remote attackers can force iconv to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an...