DEBIAN-CVE-2025-38399

In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix NULL pointer dereference in corescsi3decodespeciport The function corescsi3decodespeciport, in its error code path, unconditionally calls corescsi3lunaclundependitem passing the destsedeve pointer, which may be...

AZL-65720 CVE-2025-38399 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix NULL pointer dereference in corescsi3decodespeciport The function corescsi3decodespeciport, in its error code path, unconditionally calls corescsi3lunaclundependitem passing the destsedeve pointer, which may be...

CLSA-2025-1753209049 Fix CVE(s): CVE-2025-4516

SECURITY UPDATE: improper handling of 'decode' function with 'unicodeescape' encoding in bytes - debian/patches/CVE-2025-4516.patch: Fix use-after-free in the 'unicode- escape' decoder with a non-'strict' error handler - CVE-2025-4516...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference due to insufficient validation of memory allocation before use in the decodeinit function. An attacker can cause an application crash by tricking a user into opening a specially crafted ALS file which leads to...

Security update for python36

This update for python36 fixes the following issues: CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory bsc1244056 CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the...

OESA-2025-1757 qt6-qtbase security update

Qt is a software toolkit for developing applications. Security Fixes: An issue was found in the private API function qDecodeDataUrl in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that...

SUSE-SU-2025:20492-1 Security update for python311

This update for python311 fixes the following issues: - CVE-2025-6069: Avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser bsc1244705. Update to 3.11.13: - Security - gh-135034: Fixes multiple issues that allowed tarfile extraction filters...

CVE-2025-27044

Memory corruption while executing timestamp video decode command with large input values...

CVE-2025-7209

A vulnerability has been found in 9fans plan9port up to 9da5b44 and classified as problematic. Affected by this vulnerability is the function valuedecode in the library src/libsec/port/x509.c. The manipulation leads to null pointer dereference. Local access is required to approach this attack. Th...

CVE-2025-27044

Memory corruption while executing timestamp video decode command with large input values...

CVE-2025-27044 Out-of-bounds Write in Video

Memory corruption while executing timestamp video decode command with large input values...

CVE-2025-27044

CVE-2025-27044 : Memory corruption occurs when executing a timestamp video decode command with large input values in Qualcomm chipsets. Affected component: video decode path in Qualcomm Snapdragon/related chipsets (documented as a buffer/memory corruption vulnerability). Underlying cause: out-of-...

CLSA-2025-1751271968 openssl: Fix of CVE-2019-1563

CVE-2019-1563: fix information disclosure in PKCS7dataDecode and CMSdecryptset1pkey...

HDF5 Heap Buffer Overflow Vulnerability

HDF5 is a library of HDF open source . HDF5 has a heap buffer overflow vulnerability , the vulnerability stems from the H5Fint.c file in the H5Faddrdecodelen function fails to correctly validate the length of the input data size , an attacker can use this vulnerability to cause a denial of servic...

qt6-qtbase: qt5-qtbase: QtCore Assertion Failure Denial of Service

A flaw was found in QtCore's qDecodeDataUrl function. This vulnerability allows an application level denial of service via a malformed data URL with a missing charset value when assertions are enabled...

OSV-2025-485 Use-of-uninitialized-value in pcpp::IDnsResource::decodeName

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=426843906 Crash type: Use-of-uninitialized-value Crash state: pcpp::IDnsResource::decodeName pcpp::IDnsResource::IDnsResource pcpp::DnsLayer::parseResources...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound due to incorrect validity check in the sftpdecodechanneldatatopacket function. An attacker can cause the server to crash by sending specially crafted SFTP packets with payload size field set to value...

DEBIAN-CVE-2025-6516

A vulnerability has been found in HDF5 up to 1.14.6 and classified as critical. This vulnerability affects the function H5Faddrdecodelen of the file /hdf5/src/H5Fint.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to...

Out-of-Bounds

Overview Affected versions of this package are vulnerable to Out-of-Bounds the function H5Faddrdecodelen in the file H5Fint.c. An attacker can execute arbitrary code, cause a denial of service, or potentially alter data by providing specially crafted input that triggers a heap-based overflow...

Medium: python3.9

Issue Overview: There is an issue in CPython when using bytes.decode"unicodeescape", error="ignore|replace". If you are not using the "unicodeescape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the...