EulerOS 2.0 SP13 : python3 (EulerOS-SA-2025-2529)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself ...

EUVD-2023-60175

In the Linux kernel, the following vulnerability has been resolved: ip6vti: fix slab-use-after-free in decodesession6 When ipv6vti device is set to the qdisc of the sfb type, the cb field of the sent skb may be modified during enqueuing. Then, slab-use-after-free may occur when ipv6vti device sen...

CVE-2023-53821

In the Linux kernel, the following vulnerability has been resolved: ip6vti: fix slab-use-after-free in decodesession6 When ipv6vti device is set to the qdisc of the sfb type, the cb field of the sent skb may be modified during enqueuing. Then, slab-use-after-free may occur when ipv6vti device sen...

UBUNTU-CVE-2022-50665

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix failed to find the peer with peerid 0 when disconnected It has a fail log which is ath11kdbg in ath11kdprxprocessmonstatus, as below, it will not print when debugmask is not set ATH11KDBGDATA. ath11kdbgab,...

UBUNTU-CVE-2023-53821

In the Linux kernel, the following vulnerability has been resolved: ip6vti: fix slab-use-after-free in decodesession6 When ipv6vti device is set to the qdisc of the sfb type, the cb field of the sent skb may be modified during enqueuing. Then, slab-use-after-free may occur when ipv6vti device sen...

CVE-2023-53821 ip6_vti: fix slab-use-after-free in decode_session6

In the Linux kernel, the following vulnerability has been resolved: ip6vti: fix slab-use-after-free in decodesession6 When ipv6vti device is set to the qdisc of the sfb type, the cb field of the sent skb may be modified during enqueuing. Then, slab-use-after-free may occur when ipv6vti device sen...

CVE-2023-53821

In the Linux kernel, the following vulnerability has been resolved: ip6vti: fix slab-use-after-free in decodesession6 When ipv6vti device is set to the qdisc of the sfb type, the cb field of the sent skb may be modified during enqueuing. Then, slab-use-after-free may occur when ipv6vti device sen...

CVE-2023-53821 ip6_vti: fix slab-use-after-free in decode_session6

In the Linux kernel, the following vulnerability has been resolved: ip6vti: fix slab-use-after-free in decodesession6 When ipv6vti device is set to the qdisc of the sfb type, the cb field of the sent skb may be modified during enqueuing. Then, slab-use-after-free may occur when ipv6vti device sen...

PT-2025-49712

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.4.0-next-20230707-00001-g84e2cad7f979 Description The Linux kernel contains a flaw within the ipv6 vti module, specifically in the decode session6 function, that can lead to a slab-use-after-free condition. Thi...

Linux Distros Unpatched Vulnerability : CVE-2023-53821

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ip6vti: fix slab-use-after-free in decodesession6 When ipv6vti device is set to the qdisc of the sfb type, the cb field of the sent skb may be modified during...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP5 kernel was updated to fix various security issues The following security issues were fixed: CVE-2022-50327: ACPI: processor: idle: Check acpifetchacpidev return value bsc1249859. CVE-2022-50334: hugetlbfs: fix null-ptr-deref in hugetlbfsparseparam bsc1249857...

SUSE-SU-2025:4320-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP5 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50327: ACPI: processor: idle: Check acpifetchacpidev return value bsc1249859. - CVE-2022-50334: hugetlbfs: fix null-ptr-deref in hugetlbfsparseparam bsc1249857. ...

SUSE-SU-2025:21168-1 Security update for python-cbor2

This update for python-cbor2 fixes the following issues: - CVE-2025-64076: Fixed bug in decodedefinitelongstring that causes incorrect chunk length calculation bsc1253746. Already fixed in release 5.6.3: - CVE-2024-26134: Fixed potential crash when hashing a CBORTag bsc1220096...

OPENSUSE-SU-2025:20133-1 Security update for python-cbor2

This update for python-cbor2 fixes the following issues: - CVE-2025-64076: Fixed bug in decodedefinitelongstring that causes incorrect chunk length calculation bsc1253746. Already fixed in release 5.6.3: - CVE-2024-26134: Fixed potential crash when hashing a CBORTag bsc1220096...

Remote Code Execution (RCE)

Parse is vulnerable to remote code execution RCE. The vulnerability is due to improper handling of malicious payloads in several methods including ParseObject.fromJSON, ParseObject.pin, ParseObject.registerSubclass, and internal encode/decode functions, which allows an attacker to inject data tha...

CVE-2025-64076

A flaw was found in cbor2. This vulnerability allows denial of service through process crashes or memory exhaustion via sending specially-crafted CBOR data containing definite-length text strings with multi-byte UTF-8 characters...

UBUNTU-CVE-2025-66019

pypdf is a free and open-source pure-python PDF library. Prior to version 6.4.0, an attacker who uses this vulnerability can craft a PDF which leads to a memory usage of up to 1 GB per stream. This requires parsing the content stream of a page using the LZWDecode filter. This issue has been patch...

CVE-2025-66019 pypdf manipulated LZWDecode streams can exhaust RAM

pypdf is a free and open-source pure-python PDF library. Prior to version 6.4.0, an attacker who uses this vulnerability can craft a PDF which leads to a memory usage of up to 1 GB per stream. This requires parsing the content stream of a page using the LZWDecode filter. This issue has been patch...

pypdf's LZWDecode streams be manipulated to exhaust RAM

Impact An attacker who uses this vulnerability can craft a PDF which leads to a memory usage of up to 1 GB per stream. This requires parsing the content stream of a page using the LZWDecode filter. This is a follow up to GHSA-jfx9-29x2-rv3j to align the default limit with the one for zlib. Patche...

Malicious code in url-encode-decode (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37ce07aaa237eff3cc95c7bb560f4096191d2d5328de45f176f3f8662ca7cd34 The package url-encode-decode was found to contain malicious code. Source: ghsa-malware...