PT-2025-13566

Name of the Vulnerable Software and Affected Versions HDF5 versions up to 1.14.6 Description A problematic issue has been found in HDF5, affecting the function H5F addr encode len of the file src/H5Fint.c. The manipulation of the argument pp leads to a heap-based buffer overflow. This issue...

CLSA-2025-1742923385 ghostscript: Fix of CVE-2023-28879

CVE-2023-28879: Fix buffer overflow in base/sbcp.c by correctly handling write buffer for BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode functions...

UBUNTU-CVE-2025-2721

A vulnerability was found in GNOME libgsf up to 1.14.53. It has been classified as critical. This affects the function gsfbase64encodesimple. The manipulation of the argument sizet leads to heap-based buffer overflow. An attack has to be approached locally. The vendor was contacted early about th...

SUSE CVE-2025-1788

A vulnerability, which was classified as critical, was found in rizinorg rizin up to 0.8.0. This affects the function rzutf8encode in the library /librz/util/utf8.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the...

Linux Distros Unpatched Vulnerability : CVE-2023-6879

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1looprestorationdealloc. CVE-2023-6879...

Linux Distros Unpatched Vulnerability : CVE-2021-41945

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Encode OSS httpx 0.23.0 is affected by improper input validation in httpx.URL, httpx.Client and some functions using httpx.URL.copywith. CVE-2021-41945 Note tha...

CLSA-2025-1738853271 Fix of 54 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-26595 - mlxsw: spectrumacltcam: Fix NULL pointer dereference in error path CVE-url: https://ubuntu.com/security/CVE-2024-38553/CVE-2024-38597 - netpoll: make ndopollcontroller optional - bonding: use netpollpolldev helper - netpoll: do not test...

SUSE CVE-2024-57924

In the Linux kernel, the following vulnerability has been resolved: fs: relax assertions on failure to encode file handles Encoding file handles is usually performed by a filesystem encodefh method that may fail for various reasons. The legacy users of exportfsencodefh, namely, nfsd and...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the ovlencodefh function failing when an alias cannot be found, resulting in the FANDELETESELF event not bei...

Security update for SUSE Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security fixes on Python 3.11 interpreter: CVE-2024-7592: Fixed quadratic complexity in parsing -quoted cookie values with backslashes bsc1229873, bsc1230059 CVE-2024-8088: Prevent malformed payload to cause infinite loops in zipfile.Path...

Medium: python3-idna

Issue Overview: python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode CVE-2024-3651 Affected Packages: python3-idna Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2...

Medium: python-idna

Issue Overview: python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode CVE-2024-3651 Affected Packages: python-idna Issue Correction: Run dnf update python-idna --releasever 2023.6.20241111 or dnf update --advisory ALAS2023-2024-763 --releasever...

CLSA-2024-1731431059 kernel: Fix of 31 CVEs

driver core: bus: Fix double free in driver API busregister CVE-2024-50055 - net: tun: Fix use-after-free in tundetach CVE-2022-49014 - memcg: fix possible use-after-free in memcgwriteeventcontrol CVE-2022-48988 - ppp: fix pppasyncencode illegal access CVE-2024-50035 - drivers: media:...

kernel: KEYS: trusted: Fix memory leak in tpm2_key_encode()

in linux kernel, tpm2keyencode has a memory leak due to 'scratch' never being freed. This can lead to denial of service...

Deserialization of Untrusted Data

Overview whoogle-search is a Self-hosted, ad-free, privacy-respecting metasearch engine Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the encodepreferences function, which relies on pickle for deserializaion. An attacker can execute commands by sending a...

DEBIAN-CVE-2024-50084

In the Linux kernel, the following vulnerability has been resolved: net: microchip: vcap api: Fix memory leaks in vcapapiencoderuletest Commit a3c1e45156ad "net: microchip: vcap: Fix use-after-free error in kunit test" fixed the use-after-free error, but introduced below memory leaks by removing...

UBUNTU-CVE-2024-50084

In the Linux kernel, the following vulnerability has been resolved: net: microchip: vcap api: Fix memory leaks in vcapapiencoderuletest Commit a3c1e45156ad "net: microchip: vcap: Fix use-after-free error in kunit test" fixed the use-after-free error, but introduced below memory leaks by removing...

SUSE CVE-2024-50035

In the Linux kernel, the following vulnerability has been resolved: ppp: fix pppasyncencode illegal access syzbot reported an issue in pppasyncencode 1 In this case, pppoesendmsg is called with a zero size. Then pppasyncencode is called with an empty skb. BUG: KMSAN: uninit-value in pppasyncencod...

AZL-51242 CVE-2024-50035 affecting package kernel for versions less than 6.6.57.1-1

In the Linux kernel, the following vulnerability has been resolved: ppp: fix pppasyncencode illegal access syzbot reported an issue in pppasyncencode 1 In this case, pppoesendmsg is called with a zero size. Then pppasyncencode is called with an empty skb. BUG: KMSAN: uninit-value in pppasyncencod...

AZL-51111 CVE-2024-50035 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: ppp: fix pppasyncencode illegal access syzbot reported an issue in pppasyncencode 1 In this case, pppoesendmsg is called with a zero size. Then pppasyncencode is called with an empty skb. BUG: KMSAN: uninit-value in pppasyncencod...