CLSA-2026-1776159098 Fix CVE(s): CVE-2025-30258

SECURITY UPDATE: signature verification DoS via malicious subkey - debian/patches/CVE-2025-30258.patch: require signing usage when looking up public key for signature verification, filtering out subkeys without valid backsig. Include upstream regression fixes to preserve verification of signature...

CVE-2026-34374

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the Liveschedule::keyExists method constructs a SQL query by interpolating a stream key directly into the query string without parameterization. This method is called as a fallback from LiveTransmition::keyExists...

CVE-2025-68299

The CVE-2025-68299 entry relates to Linux kernel afs: the delayed allocation of a cell’s anonymous key. A background thread allocated the anonymous key during cell setup, and a bug could trigger oops when afs_parse_source() passes a cell name to afs_lookup_cell() and a key reference is not yet se...

jenkins-2-plugins/subversion: does not restrict the name of a file when looking up a subversion key

An incorrect access restriction vulnerability was found in the Subversion Plugin for Jenkins. An agent's ability to learn the name of a file is not restricted when looking up a subversion key file on the controller. This may allow attackers to control agent processes and read arbitrary files on t...

Django: SQL injection possibility in key and index lookups for JSONField/HStoreField

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to...

Open-Xchange: SSRF - Guard - Unchecked WKS servers

Note This is different vulnerability than HKP lookup 792953, although it does basically same thing and has same problem, these are independent implementations of key lookup and the vulnerable code isn't shared. Description When encrypting an email, one of strategies to lookup recipient's encrypti...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3035)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-3035 advisory. - crypto: aesni - fix memory usage in GCM decryption Stephan Mueller Orabug: 21077385 CVE-2015-3331 - xen/pciback: Don't disable PCICOMMAND on PCI...

Unbreakable Enterprise kernel security update

kernel-uek 3.8.13-68.1.3 - isofs: Fix unchecked printing of ER records Jan Kara Orabug: 20930551 CVE-2014-9584 - KEYS: close race between key lookup and freeing Sasha Levin Orabug: 20930548 CVE-2014-9529 CVE-2014-9529 - mm: memcg: do not allow task about to OOM kill to bypass the limit Johannes...

Dameware Mini Remote Control Version 4.2 – Weak Key Agreement Scheme

Title: Dameware Mini Remote Control Version 4.2 – Weak Key Agreement Scheme Versions: Dameware Mini Remote Control Version 4.2 Vulnerability: The latest version of Dameware’s Mini Remote Control System uses a weak key agreement scheme. The scheme consists of the sharing of pointers into a fixed k...