OESA-2025-2290 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

OESA-2025-2289 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

OESA-2025-2288 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

Moderate: Red Hat Security Advisory: php:8.2 security update

An update for the php:8.2 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

php: Single byte overread with convert.quoted-printable-decode filter

A memory-related vulnerability was found in PHP’s filter handling system, particularly when processing input with convert.quoted-printable-decode filters. This issue can lead to a segmentation fault. This vulnerability is triggered through specific sequences of input data, causing PHP to crash...

Moderate: php:8.2 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with convert.quoted-printable-decode filter CVE-2024-11233 php: Configuring ...

Linux Distros Unpatched Vulnerability : CVE-2018-18828

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There exists a heap-based buffer overflow in vc1decodeiblockadv in vc1block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted a...

Linux Distros Unpatched Vulnerability : CVE-2017-17127

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The vc1decodeframe function in libavcodec/vc1dec.c in Libav 12.2 allows remote attackers to cause a denial of service NULL pointer dereference and application...

Linux Distros Unpatched Vulnerability : CVE-2017-7208

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The decoderesidual function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service buffer over-read or obtain sensitive information fr...

Linux Distros Unpatched Vulnerability : CVE-2018-19128

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Libav 12.3, there is a heap-based buffer over-read in decodeframe in libavcodec/lcldec.c that allows an attacker to cause denial-of-service via a crafted avi...

cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters.

...

MAL-2025-46637 Malicious code in wind-decode-serialize-balance-xml (npm)

The package wind-decode-serialize-balance-xml was found to contain malicious code...

Malicious code in wind-decode-serialize-balance-xml (npm)

The package wind-decode-serialize-balance-xml was found to contain malicious code...

Security update for iperf

This update for iperf fixes the following issues: Update to 3.19.1: CVE-2025-54349: Fixed off-by-one error and resultant heap-based buffer overflow bsc1247519. CVE-2025-54350: Fixed Base64Decode assertion failure and application exit upon a malformed authentication attempt bsc1247520...

In iperf before 3.19.1, iperf_auth.c has a Base64Decode assertion failure and application exit upon a malformed authentication attempt.

...

scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port()

...

HDF5 H5Fint.c H5F_addr_decode_len heap-based overflow

...

Stack exhaustion in Decoder.Decode in encoding/gob

...

ALPINE-CVE-2025-57052

cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decodearrayindexfrompointer function in cJSONUtils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters...

DEBIAN-CVE-2025-57052

cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decodearrayindexfrompointer function in cJSONUtils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters...