Glib-networking: out of bound reads on glib-networking through tls/openssl/gtlscertificate-openssl.c via "g_tls_certificate_openssl_get_property()"

...

Linux Distros Unpatched Vulnerability : CVE-2025-38655

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: pinctrl: canaan: k230: add NULL check in DT parse Add a NULL check for the return value of...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the gtlscertificateopensslgetproperty function. An attacker can access sensitive memory contents or cause a crash by triggering improper handling of return values from BIOwrite. Remediation A fix was pushed into t...

commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like...

commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like...

SUSE CVE-2020-26950

In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox 82.0.3, Firefox ESR 78.4.1, and Thunderbird 78.4.2...

UBUNTU-CVE-2021-26956

An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because bytes from an X server can be interpreted as any data type returned by xcb::xproto::GetPropertyReply::value...

/proc/cpuinfo DoS on some ppc machines

The chrpshowcpuinfo function chrp/setup.c in Linux kernel 2.4.21 through 2.6.18-53, when running on PowerPC, might allow local users to cause a denial of service crash via unknown vectors that cause the ofgetproperty function to fail, which triggers a NULL pointer dereference...