Linux Distros Unpatched Vulnerability : CVE-2025-71116

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libceph: make decodepool more resilient against corrupted osdmaps If the osdmap is maliciously corrupted such that the encoded length of cephpgpool envelope is...

CVE-2026-21899

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, in base64urlDecode, padding-stripping...

Astra Linux – Vulnerability in qtbase-opensource-src

A issue was discovered in the private API function qDecodeDataUrl within QtCore, which is used in QTextDocument and QNetworkReply, and potentially in user code as well. If this function is called with malformed data—for example, a URL that contains a “charset” parameter without a value e.g.,...

MiracleLinux 9 : delve-1.24.1-2.el9_5, golang-1.23.6-2.el9_5 (AXSA:2025-9852:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9852:01 advisory. encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion CVE-2024-34156...

MiracleLinux 9 : php:8.2 (AXSA:2025-10480:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10480:01 advisory. php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with...

MiracleLinux 7 : openssl-1.0.2k-26.0.4.el7.AXS7 (AXSA:2025-10514:03)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10514:03 advisory. CVE-2019-1563: fix information disclosure in PKCS7dataDecode and CMSdecryptset1pkey CVEs: CVE-2019-1563 In situations where an attacker receives automated...

MiracleLinux 8 : python39:3.9 (AXSA:2025-11636:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11636:01 advisory. python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used CVE-2024-5642 python: Virtual environment venv activation scripts...

CVE-2026-21899

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, in base64urlDecode, padding-stripping...

CVE-2026-22697 CryptoLib Has Heap Buffer Overflow Vulnerability in KMC Base64 Decode Handling (KMC JSON base64ciphertext/base64cleartext)

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, CryptoLib’s KMC crypto service integration is...

CVE-2026-22697 CryptoLib Has Heap Buffer Overflow Vulnerability in KMC Base64 Decode Handling (KMC JSON base64ciphertext/base64cleartext)

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, CryptoLib’s KMC crypto service integration is...

CVE-2026-21899 CryptoLib has an out-of-bounds read and crash vulnerability when decoding an empty Base64url string

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, in base64urlDecode, padding-stripping...

CVE-2026-21899

CVE-2026-21899 affects CryptoLib (SDLS-EP) used with cFS ground stations. Prior to v1.4.3, base64urlDecode dereferences input[inputLen-1] before validating inputLen or NULL input, causing an out-of-bounds read at input[-1] when inputLen==0 and potentially a NULL dereference if input==NULL and inp...

CVE-2026-21899 CryptoLib has an out-of-bounds read and crash vulnerability when decoding an empty Base64url string

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, in base64urlDecode, padding-stripping...

Arbitrary Code Injection

Overview uni2ts is an Unified Training of Universal Time Series Forecasting Transformers Affected versions of this package are vulnerable to Arbitrary Code Injection via the decodedistroutput function. An attacker can execute arbitrary code by supplying crafted input that is improperly handled...

CVE-2022-33032

LibreDWG v0.12.4.4608 was discovered to contain a heap-buffer-overflow via the function decodepreR13sectionhdr at decoder11.c...

CVE-2019-20013

An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in decode3dsolid in dwg.spec...

CVE-2024-41126

Contiki-NG is an open-source, cross-platform operating system for IoT devices. An out-of-bounds read of 1 byte can be triggered when sending a packet to a device running the Contiki-NG operating system with SNMP enabled. The SNMP module is disabled in the default Contiki-NG configuration. The...

CLSA-2026-1767864313 kernel: Fix of 46 CVEs

mm: hugetlb: fix UAF in hugetlbhandleuserfault CVE-2022-50630 - drm/amdkfd: fix potential kgdmem UAFs CVE-2023-53816 - net/mlx5e: Fix deadlock in tc route query code CVE-2023-53591 - PCI: Fix pcideviceispresent for VFs by checking PF CVE-2022-50636 - wifi: ath11k: fix monitor mode bringup crash...

CVE-2019-16351

ffjpeg before 2019-08-18 has a NULL pointer dereference in huffmandecodestep at huffman.c...

Atlassian Confluence < 8.5.18 / 8.6.x < 9.2.1 / 9.3.x < 9.3.1 / 9.4.x < 9.5.4 / 10.0.x < 10.0.2 / 10.1.0 (CONFSERVER-101486)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-101486 advisory. - decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS. CVE-2022-38900 Note that Nessus has not tested for this...