275 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-47192
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - kas's late signature validation may allow unnoticed repository manipulations CVE-2026-47192 Note that Nessus relies on the presence of the package as reported b...
CLSA-2026-1779887887 Fix CVE(s): CVE-2026-7258
SECURITY UPDATE: fix out-of-bounds read in urldecode via signed-char to ctype.h GHSA-m8rr-4c36-8gq4 - debian/patches/CVE-2026-7258.patch: fix out-of-bounds read in urldecode via signed-char to ctype.h GHSA-m8rr-4c36-8gq4 - CVE-2026-7258...
CLSA-2026-1779789531 Fix CVE(s): CVE-2026-9256
SECURITY UPDATE: fix heap buffer overflow in ngxhttprewritemodule with overlapping captures - debian/patches/CVE-2026-9256.patch: fix heap buffer overflow in ngxhttprewritemodule with overlapping captures - CVE-2026-9256...
CLSA-2026-1779788913 Fix CVE(s): CVE-2026-9256
SECURITY UPDATE: fix heap buffer overflow in ngxhttprewritemodule with overlapping captures - debian/patches/CVE-2026-9256.patch: fix heap buffer overflow in ngxhttprewritemodule with overlapping captures - CVE-2026-9256...
CLSA-2026-1777976277 Fix CVE(s): CVE-2022-24834
SECURITY UPDATE: Integer overflow in Lua cmsgpack library - debian/patches/CVE-2022-24834.patch: partial backport hardening deps/lua/src/luacmsgpack.c against integer overflows in mpbufappend and the encode/decode helpers cmsgpack-only; the cjson half of the upstream fix is dead code under...
CLSA-2026-1779129222 Fix CVE(s): CVE-2026-45186
SECURITY UPDATE: fix quadratic complexity in attribute name collision check - debian/patches/CVE-2026-45186.patch: fix quadratic complexity in attribute name collision check - CVE-2026-45186...
CLSA-2026-1779129021 Fix CVE(s): CVE-2026-42050
SECURITY UPDATE: fix stack buffer overflow in XTileImage when loading malicious MIFF in display tool - debian/patches/CVE-2026-42050.patch: fix stack buffer overflow in XTileImage when loading malicious MIFF in display tool - CVE-2026-42050...
Linux Distros Unpatched Vulnerability : CVE-2026-40243
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incus is a system container and virtual machine manager. In versions before 7.0.0, broken TLS validation logic in the OVN database connection logic can allow...
CLSA-2026-1777548617 Fix CVE(s): CVE-2026-4519, CVE-2026-4786
SECURITY UPDATE: webbrowser.open accepts URLs with leading dashes - debian/patches/CVE-2026-4519-CVE-2026-4786.patch: reject URLs whose lstrip starts with '-' in Lib/webbrowser.py; also fix bypass via %action substitution in UnixBrowser.open. - CVE-2026-4519 - CVE-2026-4786...
CLSA-2026-1777456923 Fix CVE(s): CVE-2026-32636
SECURITY UPDATE: fix out-of-bounds write in ConvertUTF16ToUTF8 in NewXMLTree - debian/patches/CVE-2026-32636.patch: fix out-of-bounds write in ConvertUTF16ToUTF8 in NewXMLTree - CVE-2026-32636...
DEBIAN-CVE-2026-40198
Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass. packipv6 does not check that uncompressed IPv6 addresses without :: have exactly 8 hex groups. Inputs like "abcd", "1:2:3", or "1:2:3:4:5:6:7" are accepted and produce packed values of...
ROOT-OS-DEBIAN-13-CVE-2026-21413 CVE-2026-21413 in rootio-libraw - Patched by Root
Root has patched CVE-2026-21413 in the rootio-libraw package for Root:Debian:13. Multiple fixed versions available...
ROOT-OS-DEBIAN-11-CVE-2025-69534 CVE-2025-69534 in rootio-python3.9 - Patched by Root
Root has patched CVE-2025-69534 in the rootio-python3.9 package for Root:Debian:11. Multiple fixed versions available...
CLSA-2026-1774007526 Fix CVE(s): CVE-2026-3731
SECURITY UPDATE: out-of-bounds read in sftp extension name handler - debian/patches/CVE-2026-3731.patch: fix off-by-one bounds check in sftpextensionsgetname and sftpextensionsgetdata - CVE-2026-3731...
CLSA-2026-1773930007 Fix CVE(s): CVE-2026-3731
SECURITY UPDATE: out-of-bounds read from manipulated SFTP extension index - debian/patches/CVE-2026-3731.patch: Fix out-of-bound read in sftp extensions by replacing '' with '=' in index checks; cause: off-by-one error in index comparison allowing idx equal count. - CVE-2026-3731...
CLSA-2026-1773772035 Fix CVE(s): CVE-2025-23048
SECURITY UPDATE: SNI validation issue in modssl - debian/patches/CVE-2025-23048.patch: update SNI validation to move the SSL compatibility check after strict SNI hostname verification in modules/ssl/sslenginekernel.c. - CVE-2025-23048...
CLSA-2026-1773316266 Fix CVE(s): CVE-2025-14524, CVE-2025-15079, CVE-2025-15224
SECURITY UPDATE: OAuth2 bearer token leak on cross-protocol redirect - debian/patches/CVE-2025-14524.patch: do not use bearer when following redirect unless allowauthtootherhosts is set - CVE-2025-14524 SECURITY UPDATE: libssh global knownhosts override -...
DEBIAN-CVE-2026-3949
A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdecpushdata2 of the file libheif/plugins/decodervvdec.cc of the component HEIF File Parser. Executing a manipulation of the argument size can lead to out-of-bounds read. The attack needs to be launched...
CLSA-2026-1773141936 Fix CVE(s): CVE-2026-26269
SECURITY UPDATE: Stack-Based buffer overflow in Netbeans - debian/patches/CVE-2026-26269.patch: fix stack-based buffer overflow in NetBeans integration that could lead to a crash or arbitrary code execution via a malicious server - CVE-2026-26269...
DEBIAN-CVE-2026-26284
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick lacks proper boundary checking when processing Huffman-coded data from PCD Photo CD files. The decoder contains an function that has an incorrect...