Astra Linux – Vulnerability in Mariadb 10.3

MariaDB version 10.5.9 allows an application crash in the findfieldintables and findorderinlist functions due to an unused common table expression CTE...

UBUNTU-CVE-2026-25236

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection risk exists in karma queries due to unsafe literal substitution for an IN ... list. This issue has been patched in version 1.33.0...

CVE-2026-25236

CVE-2026-25236 affects the PEAR PHP framework. The vulnerability is a SQL injection risk in karma queries caused by unsafe literal substitution for an IN (...) list. Root cause: unsafe literal handling in Karma DAMBLAN-related queries prior to version 1.33.0. Impact: potential SQL injection. Miti...

PT-2026-6285

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection risk exists in karma queries due to unsafe literal substitution for an IN ... list. This issue has been patched in version 1.33.0...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990292)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990292 advisory. In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Properly hide first-in-list PCIe extended capability There are cases where a PCIe...

EUVD-2005-4728

Malware in sbrugna...

CVE-2022-50245

CVE-2022-50245 concerns a Linux kernel issue in the rapidio driver where a UAF can occur if kfifo_alloc() fails during mport_cdev_open(). The fix removes priv from the chdev->file_list before freeing it to prevent traversal from accessing a freed object (the smatch warning reference). Affected...

CVE-2023-28099

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.9 and 3.2.6, if dsisinlist is used with an invalid IP address string NULL is illegal input, OpenSIPS will attempt to print a string from a random address stack garbage, which could lead to a crash. All user...

CVE-2005-4735

IBM DB2 Universal Database UDB 810 before 8.1 FP10 allows remote authenticated users to cause a denial of service application crash via 1 certain equality predicates that trigger self-removal, aka IY70808; and 2 a query with more than 32000 elements in the IN-list, aka LI70817...

SUSE CVE-2015-7658

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary...

ALPINE-CVE-2021-46661

MariaDB through 10.5.9 allows an application crash in findfieldintables and findorderinlist via an unused common table expression CTE...

PT-2020-1237 · Libyang · Libyang

Name of the Vulnerable Software and Affected Versions: libyang versions prior to 1.0-r1 Description: An invalid memory access flaw is present in the function resolve feature value when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that u...