3058 matches found
Security Bulletin: Vulnerability in bytes bundled with IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage
Summary IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage include the bytes library, which is affected by an integer overflow vulnerability. CVE-2026-25541 Vulnerability Details CVEID:CVE-2026-25541 DESCRIPTION: Bytes is a utility library for working with bytes. From version 1.2.1 ...
Origin Validation Error
Overview Affected versions of this package are vulnerable to Origin Validation Error via the CookieJar process. An attacker can access or manipulate cookies belonging to other hosts by exploiting improper domain matching for IP-address or bare-numeric domains. Remediation Upgrade guzzlehttp/guzzl...
DEBIAN-CVE-2026-53877
An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. django.contrib.gis.gdal.GDALRaster over-reads its in-memory buffer when constructed from a bytes object, which can disclose adjacent memory or cause service degradation via a potential segmentation fault when the vsibuffer...
DEBIAN-CVE-2011-10043
Module::Load versions before 0.22 for Perl allow arbitrary modules outside of @INC to be loaded. Module names starting with "::" could be passed to the load function to specify arbitrary module paths. Attackers able to influence module names passed to load could use that bug to execute arbitrary...
DEBIAN-CVE-2026-55380
Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile.open read image dimensions from the GD 2.x header and stored them in self.size without calling Image.decompressionbombcheck, allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This iss...
DEBIAN-CVE-2026-58203
pydantic-settings provides settings management using Pydantic. From 2.12.0 until 2.14.2, NestedSecretsSettingsSource reads secret values from files in a configured secretsdir. When secretsnestedsubdir=True, a directory entry inside secretsdir that is a symbolic link pointing outside secretsdir is...
SUSE-SU-2026:2760-1 Security update for libnfs
This update for libnfs fixes the following issue - CVE-2026-53689: integer overflow during a connection to a crafted NFS server bsc1268135. Changes for libnfs: - Add libnfs-CVE-2026-53689.patch: ZDR: check the string size for sanity bsc1268135 CVE-2026-53689...
UBUNTU-CVE-2026-58252
Unknown description...
UBUNTU-CVE-2026-58254
Unknown description...
UBUNTU-CVE-2026-58213
Unknown description...
UBUNTU-CVE-2026-54161
upsmon: remote OS command injection RCE via attacker-controlled ups.alarm in NOTIFYCMD execution...
ROOT-OS-UBUNTU-2404-CVE-2025-37901 CVE-2025-37901 in rootio-linux - Patched by Root
Root has patched CVE-2025-37901 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-DEBIAN-11-CVE-2025-39957 CVE-2025-39957 in rootio-linux - Patched by Root
Root has patched CVE-2025-39957 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...
UBUNTU-CVE-2026-14647
A weakness has been identified in onnx up to 1.21.x. This vulnerability affects the function convPoolShapeInferenceopset19 of the file onnx/defs/nn/old.cc of the component onnxruntime. This manipulation causes out-of-bounds read. It is possible to initiate the attack remotely. The exploit has bee...
DEBIAN-CVE-2026-53360
In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Require in-GHCB scratch area if GHCB v2+ is in use As per the GHCB spec, when using GHCB v2+ require the software scratch area to reside in the GHCB's shared buffer. Note, things like Page State Change PSC requests rely...
DEBIAN-CVE-2026-9079
libcurl had a flaw that when instructed to clear proxy authentication credentials which made it not do so, leaving the old credentials around to get used for subsequent transfers that should not know nor use them...
DEBIAN-CVE-2026-11856
Successfully using libcurl to do a transfer to a specific HTTP origin hostA with Digest authentication and then changing the origin to a different one hostB for a second transfer, reusing the same handle, makes libcurl wrongly pass on the Authorization: header field meant for hostA, to hostB...
BELL-CVE-2026-53350
Bulletin has no description...
BELL-CVE-2026-53353
Bulletin has no description...
BELL-CVE-2026-53339
Bulletin has no description...