SUSE CVE-2025-57155

NULL pointer dereference in the daapreplygroups function in src/httpddaap.c in owntone-server through commit 5e6f19a newer commit after version 28.2 allows remote attackers to cause a Denial of Service...

Azure Linux 3.0 Security Update: samba (CVE-2021-3738)

The version of samba installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-3738 advisory. - In DCE/RPC it is possible to share the handles cookies for resource state between multiple connections via a...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via improper validation of OIDC token claims after processing through CEL expressions. An attacker can gain unauthorized operator-level read access and perform actions such as suspend, resume, or reconcile by...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via improper validation of OIDC token claims after processing through CEL expressions. An attacker can gain unauthorized operator-level read access and perform actions such as suspend, resume, or reconcile by...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via improper validation of OIDC token claims after processing through CEL expressions. An attacker can gain unauthorized operator-level read access and perform actions such as suspend, resume, or reconcile by...

CVE-2025-57155

NULL pointer dereference in the daapreplygroups function in src/httpddaap.c in owntone-server through commit 5e6f19a newer commit after version 28.2 allows remote attackers to cause a Denial of Service...

PT-2026-3873

Name of the Vulnerable Software and Affected Versions Flux Operator versions 0.36.0 through 0.39.9 Description The Flux Operator, a Kubernetes CRD controller, contains a flaw in its Web UI authentication code. This issue allows an attacker to bypass Kubernetes RBAC impersonation and execute API...

CVE-2025-57155

NULL pointer dereference in the daapreplygroups function in src/httpddaap.c in owntone-server through commit 5e6f19a newer commit after version 28.2 allows remote attackers to cause a Denial of Service...

CVE-2025-57155

NULL pointer dereference in the daapreplygroups function in src/httpddaap.c in owntone-server through commit 5e6f19a newer commit after version 28.2 allows remote attackers to cause a Denial of Service...

CVE-2025-57155

NULL pointer dereference in the daapreplygroups function in src/httpddaap.c in owntone-server through commit 5e6f19a newer commit after version 28.2 allows remote attackers to cause a Denial of Service...

PT-2026-3653

Name of the Vulnerable Software and Affected Versions owntone-server versions prior to the commit after version 28.2 Description A flaw exists in owntone-server due to a NULL pointer dereference within the daap reply groups function, located in src/httpd daap.c. This issue, present through commit...

CVE-2025-57155

NULL pointer dereference in the daapreplygroups function in src/httpddaap.c in owntone-server through commit 5e6f19a newer commit after version 28.2 allows remote attackers to cause a Denial of Service...

OwnTone security vulnerabilities

OwnTone is an open-source Linux/FreeBSD DAAP iTunes, MPD Music Player Daemon, and RSP Roku media server. OwnTone has a security vulnerability that stems from a null pointer dereferencing in the daapreplygroups function, which may lead to a denial-of-service attack...

CVE-2025-57155

Summary: CVE-2025-57155 affects owntone-server due to a NULL pointer dereference in the daap_reply_groups function (src/httpd_daap.c) triggered by a commit 5e6f19a, after version 28.2. This flaw allows remote attackers to cause a Denial of Service. What’s affected: owntone-server builds prior to ...

EUVD-2026-3307

OpenProject is an open-source, web-based project management software. When using groups in OpenProject to manage users, the group members should only be visible to users that have the View Members permission in any project that the group is also a member of. Prior to versions 17.0.1 and 16.6.5, d...

MiracleLinux 8 : kernel-4.18.0-348.20.1.el8_5 (AXSA:2022-3099:05)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3099:05 advisory. kernel: improper initialization of the flags member of the new pipebuffer CVE-2022-0847 kernel: Use After Free in unixgc which could result in a loc...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001473)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001473 advisory. A use-after-free read flaw was found in sockgetsockopt in net/core/sock.c due to SOPEERCRED and SOPEERGROUPS race with listen and connect in the Linux kernel. In thi...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000539)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000539 advisory. The Linux kernel through 3.17.4 does not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allows local users to...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001478)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001478 advisory. An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less...

MiracleLinux 7 : firefox-60.7.0-1.0.1.el7.AXS7 (AXSA:2019-3895:02)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2019-3895:02 advisory. Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 CVE-2019-9800 Mozilla: Cross-origin theft of images with createImageBitmap...