UBUNTU-CVE-2026-35342

The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementation treats the empty string as a valid path. This causes temporary files to be created in the...

CVE-2026-0966 Libssh: libssh: denial of service via zero-length input in ssh_get_hexa()

A flaw was found in libssh. The API function sshgethexa is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication if the server's logging verbosity is se...

CVE-2026-21899

CVE-2026-21899 affects CryptoLib (SDLS-EP) used with cFS ground stations. Prior to v1.4.3, base64urlDecode dereferences input[inputLen-1] before validating inputLen or NULL input, causing an out-of-bounds read at input[-1] when inputLen==0 and potentially a NULL dereference if input==NULL and inp...

CVE-2026-21899 CryptoLib has an out-of-bounds read and crash vulnerability when decoding an empty Base64url string

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, in base64urlDecode, padding-stripping...

CVE-2026-21899 CryptoLib has an out-of-bounds read and crash vulnerability when decoding an empty Base64url string

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, in base64urlDecode, padding-stripping...

os/exec: Unexpected paths returned from LookPath in os/exec

A path handling flaw has been discovered in the os/exec go package. If the PATH environment variable contains paths which are executables rather than just directories, passing certain strings to LookPath "", ".", and "..", can result in the binaries listed in the PATH being unexpectedly returned...

os/exec: Unexpected paths returned from LookPath in os/exec

A path handling flaw has been discovered in the os/exec go package. If the PATH environment variable contains paths which are executables rather than just directories, passing certain strings to LookPath "", ".", and "..", can result in the binaries listed in the PATH being unexpectedly returned...

RUSTSEC-2025-0073 DoS vulnerability on `alloy_dyn_abi::TypedData` hashing

An uncaught panic triggered by malformed input to alloydynabi::TypedData could lead to a denial-of-service DoS via eip712signinghash. Software with high availability requirements such as network services may be particularly impacted. If in use, external auto-restarting mechanisms can partially...

EUVD-2021-0272

Malware in sbrugna...

CVE-2025-47906

The CVE-2025-47906 issue affects Go (golang) tooling, specifically the os/exec LookPath behavior: if PATH contains executable entries, LookPath("", "." , "..") can return binaries from PATH instead of only directories. This is tied to Golang tooling (go-toolset) and affects packages built with Go...

Linux Distros Unpatched Vulnerability : CVE-2019-20393

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A double-free is present in libyang before v1.0-r1 in the function yyparse when an empty description is used. Applications that use libyang to parse untrusted...

os/exec: Unexpected paths returned from LookPath in os/exec

A path handling flaw has been discovered in the os/exec go package. If the PATH environment variable contains paths which are executables rather than just directories, passing certain strings to LookPath "", ".", and "..", can result in the binaries listed in the PATH being unexpectedly returned...

Linux Distros Unpatched Vulnerability : CVE-2025-38077

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Avoid buffer overflow in currentpasswordstore If the 'buf'...

SUSE CVE-2025-38077

In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Avoid buffer overflow in currentpasswordstore If the 'buf' array received from the user contains an empty string, the 'length' variable will be zero. Accessing the 'buf' array element with index...

UBUNTU-CVE-2025-38077

In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Avoid buffer overflow in currentpasswordstore If the 'buf' array received from the user contains an empty string, the 'length' variable will be zero. Accessing the 'buf' array element with index...

CVE-2022-35988

TensorFlow is an open source platform for machine learning. When tf.linalg.matrixrank receives an empty input a, the GPU kernel gives a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit c55b476aa0e0bd4ee99d0f3ad18d9d706cd1260a. The fix...

CVE-2021-29531

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a CHECK fail in PNG encoding by providing an empty input tensor as the pixel data. This is because the...

SUSE CVE-2025-3416

A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string...

DEBIAN-CVE-2025-3416

A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string...

UBUNTU-CVE-2025-3416

A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string...