GHSA-VRQ3-R879-7M65 vLLM Tool Schema allows DoS via Malformed pattern and type Fields

Summary The vLLM backend used with the /v1/chat/completions OpenAPI endpoint fails to validate unexpected or malformed input in the "pattern" and "type" fields when the tools functionality is invoked. These inputs are not validated before being compiled or parsed, causing a crash of the inference...

SUSE CVE-2025-48797

A flaw was found in GIMP when processing certain TGA image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing a heap buffer overflow...

SUSE CVE-2025-48798

A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues...

ROS-20250528-01

A vulnerability in the acpi component of the Linux kernel is related to the dereferencing of a NULL pointer in the acpiskipsetwakeupaddress function in drivers/acpi/sleep.c. Exploitation of the vulnerability could allow an an attacker to cause a denial of service A vulnerability in the net...

CVE-2025-48798

A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues...

CVE-2025-48797

A flaw was found in GIMP when processing certain TGA image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing a heap buffer overflow...

DEBIAN-CVE-2025-48797

A flaw was found in GIMP when processing certain TGA image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing a heap buffer overflow...

CVE-2025-48798

A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues...

UBUNTU-CVE-2025-48797

A flaw was found in GIMP when processing certain TGA image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing a heap buffer overflow...

UBUNTU-CVE-2025-48798

A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues...

CVE-2025-48798 Gimp: multiple use after free in xcf parser

A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues...

CVE-2025-48798 Gimp: multiple use after free in xcf parser

A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues...

CVE-2025-48797

GIMP is affected by CVE-2025-48797 due to a flaw in the TGA parser that can trigger memory errors and potentially cause a heap buffer overflow when opening specially crafted TGA files. Public advisories (e.g., Mageia MGASA-2026-0012 and Debian DSA-5939-1) confirm multiple GIMP parsing vulnerabili...

CVE-2025-48797 Gimp: multiple heap buffer overflows in tga parser

A flaw was found in GIMP when processing certain TGA image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing a heap buffer overflow...

CVE-2025-48797 Gimp: multiple heap buffer overflows in tga parser

A flaw was found in GIMP when processing certain TGA image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing a heap buffer overflow...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox versions prior to 139, Firefox ESR versions prior to 115.24, and Firefox ESR versions prior to 128.11, which stems from a mishandling of script...

Advisory ROSA-SA-2025-2874

Software: java-1.8.0-openjdk 1.8.0.442.b06 OS: rosa-server79 packageevrstring: java-1.8.0-openjdk-1.8.0.442.b06-1.0.3.res7 CVE-ID: CVE-2025-21587 BDU-ID: 2025-05070 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the JSSE component of the Oracle Java SE software platform, Oracle GraalVM for JDK and...

Oracle Linux 9 : python-tornado (ELSA-2025-8136)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2025-8136 advisory. 6.4.2-2.2 - tests: add citest.fmf + update gating.yaml Related: RHEL-91999 6.4.2-2.1 - httputil: Raise errors instead of logging in multipart/form-data parsing...

Fedora: Security Advisory (FEDORA-2024-256818da09)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for python311

This update for python311 fixes the following issues: Updated to 3.11.12: gh-131809: Updated bundled libexpat to 2.7.1 gh-131261: Upgraded to libexpat 2.7.0 CVE-2025-0938: Fixed functions urllib.parse.urlsplit and urlparse accepting domain names including square brackets bsc1236705 gh-121284: Fix...