UBUNTU-CVE-2022-50479

In the Linux kernel, the following vulnerability has been resolved: drm/amd: fix potential memory leak This patch fix potential memory leak clksrc when function run into last return NULL. s/free/kfree/ - Alex...

EUVD-2022-1402

Malicious code in bioql PyPI...

CLSA-2025-1757691233 libssh: Fix of CVE-2025-5318

CVE-2025-5318: fix out-of-bounds read in sftphandle function...

UBUNTU-CVE-2025-9732

A vulnerability was identified in DCMTK up to 3.6.9. This affects an unknown function in the library dcmimage/include/dcmtk/dcmimage/diybrpxt.h of the component dcm2img. Such manipulation leads to memory corruption. Local access is required to approach this attack. The name of the patch is...

Security Bulletin: IBM® Db2® federated server is affected by a vulnerability in the netty library (CVE-2025-24970)

Summary Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which...

CVE-2025-8224 GNU Binutils BFD Library elf.c bfd_elf_get_str_section null pointer dereference

A vulnerability has been found in GNU Binutils 2.44 and classified as problematic. This vulnerability affects the function bfdelfgetstrsection of the file bfd/elf.c of the component BFD Library. The manipulation leads to null pointer dereference. Local access is required to approach this attack...

CLSA-2025-1751900234 sudo: Fix of CVE-2025-32462

CVE-2025-32462: fix privilege escalation vulnerability by restricting unauthorized users from gaining elevated system privileges via the Sudo host option...

CLSA-2025-1751271625 httpd: Fix of CVE-2020-35452

CVE-2020-35452: modauthdigest: Fix single zero byte stack overflow...

CLSA-2025-1749743304 php: Fix of CVE-2017-8923

CVE-2017-8923: fix integer overflow in string concatenation - Fix heap buffer overflow via strrepeat...

CLSA-2025-1748451788 Fix CVE(s): CVE-2021-3583

SECURITY UPDATE: template Injection Vulnerability - debian/patches/CVE-2021-3583.patch: fix unsafe preservation across newlines to ensure always having unsafe - CVE-2021-3583...

auth-js Vulnerable to Insecure Path Routing from Malformed User Input

Impact The library functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require the user supplied values to be valid UUIDs. This could lead to a URL path traversal, resulting in the wrong API function being called. Implementations that follow security best...

CLSA-2025-1744628407 dnsmasq: Fix of CVE-2023-28450

CVE-2023-28450: Set the default maximum DNS UDP packet size to 1232...

CVE-2025-3016

A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function Assimp::MDLImporter::ParseTextureColorData of the file code/AssetLib/MDL/MDLMaterialLoader.cpp of the component MDL File Handler. The manipulation of the argument...

CLSA-2025-1737471454 Fix CVE(s): CVE-2024-12085

SECURITY UPDATE: possible information leak via checksum comparison - debian/patches/CVE-2024-12085.patch: fix issue with checksum length manipulation leading to uninitialized memory leak - CVE-2024-12085...

CLSA-2024-1735064231 Fix CVE(s): CVE-2024-11234

SECURITY UPDATE: Security vulnerability - debian/patches/CVE-2024-11234.patch: Fix stream HTTP fulluri CRLF injection issue - CVE-2024-11234...

CLSA-2024-1734039943 php: Fix of CVE-2024-11234

CVE-2024-11234: fix stream HTTP fulluri CRLF injection...

AZL-54345 CVE-2024-45337 affecting package docker-buildx for versions less than 0.14.0-2

Applications and libraries which misuse connection.serverAuthenticate via callback field ServerConfig.PublicKeyCallback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is...

CLSA-2024-1729628050 Fix CVE(s): CVE-2023-27043

SECURITY UPDATE: Incorrect parsing of email addresses containing special characters - debian/patches/CVE-2023-27043.patch: Fix email address parsing errors by adding optional 'strict' parameter to getaddresses and parseaddr functions - debian/patches/fix-urllib2-test.patch: Fix error in...

CLSA-2024-1729626489 php: Fix of CVE-2024-8927

CVE-2024-8927: Fix bypass of cgi.forceredirect configuration...

CLSA-2024-1727895166 Fix CVE(s): CVE-2024-6232, CVE-2024-7592

SECURITY UPDATE: Regular expressions that allowed excessive backtracking during tarfile - debian/patches/CVE-2024-6232.patch: fix regexp handling in tarfile - CVE-2024-6232 SECURITY UPDATE: Algorithm with quadratic complexity using excess CPU resources while parsing the cookie value -...