5551 matches found
pantry
▄▄ ▄▄ ▄█▀▀█▄ █▄ █...
[SECURITY] [DSA 6206-1] gdk-pixbuf security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6206-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 11, 2026 https://www.debian.org/security/faq -...
OESA-2026-1898 gdk-pixbuf2 security update
gdk is written in C but has been designed from the ground up to support a wide range of languages. It provide a complete set of widgets,and suitable for projects ranging from small one-off tools to complete application suites. Security Fixes: A flaw was found in the gdk-pixbuf library. This...
OESA-2026-1896 gdk-pixbuf2 security update
gdk is written in C but has been designed from the ground up to support a wide range of languages. It provide a complete set of widgets,and suitable for projects ranging from small one-off tools to complete application suites. Security Fixes: A flaw was found in the gdk-pixbuf library. This...
OESA-2026-1895 gdk-pixbuf2 security update
gdk is written in C but has been designed from the ground up to support a wide range of languages. It provide a complete set of widgets,and suitable for projects ranging from small one-off tools to complete application suites. Security Fixes: A flaw was found in the gdk-pixbuf library. This...
OESA-2026-1894 gdk-pixbuf2 security update
gdk is written in C but has been designed from the ground up to support a wide range of languages. It provide a complete set of widgets,and suitable for projects ranging from small one-off tools to complete application suites. Security Fixes: A flaw was found in the gdk-pixbuf library. This...
Malicious code in kraken-trader (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4bf5ec6e8a6020de1e122cf07f2dde0f02fa1a484ff984586db379729da75523 The package is a loader of malicious code disguised as remote "credits" code. The remote location, built from the parts in the code, delivers highly obfuscated...
MAL-2026-2517 Malicious code in kraken-trader (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4bf5ec6e8a6020de1e122cf07f2dde0f02fa1a484ff984586db379729da75523 The package is a loader of malicious code disguised as remote "credits" code. The remote location, built from the parts in the code, delivers highly obfuscated...
ROS-20260408-73-0026
A vulnerability in the drivers/soc/qcom/mdtloader.c component of the Linux kernel is related to buffer copying without input data validation. Exploitation of the vulnerability allows an intruder to gain unauthorized access to protected information...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006819)
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006819 advisory. In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect allocation size gcc-14 notices that the allocation with...
CVE-2026-20889
A flaw was found in LibRaw, a library used for processing raw image files. This vulnerability, a heap-based buffer overflow, exists within the x3fthumbloader functionality. A remote attacker could exploit this by tricking a user into opening a specially crafted malicious file. Successful...
CVE-2026-39345
OrangeHRM Open Source versions 5.0–5.8 are affected by a path traversal vulnerability in the Email Template Loader that can allow an authenticated actor who can influence the template path to read arbitrary local files. Root cause: insufficient restriction of template file resolution to the inten...
CVE-2026-39345 OrangeHRM Affected by Arbitrary File Read via Path Traversal in Email Template Loader
OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source fails to restrict email template file resolution to the intended plugins directory, allowing an authenticated actor who can influence the template path to read arbitrary local files. This...
EUVD-2026-19295
Fedify affected by resource exhaustion caused by unbounded redirect following during remote key/document resolution...
Allocation of Resources Without Limits or Throttling
Overview @fedify/vocab-runtime is a Runtime library for code-generated Activity Vocabulary APIs Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the recursive handling of HTTP redirects in the remote and authenticated document loader...
Allocation of Resources Without Limits or Throttling
Overview @fedify/fedify is an An ActivityPub server framework Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the recursive handling of HTTP redirects in the remote and authenticated document loader. An attacker can exhaust server...
GHSA-GM9M-GWC4-HWGP Fedify affected by resource exhaustion caused by unbounded redirect following during remote key/document resolution
Summary @fedify/fedify follows HTTP redirects recursively in its remote document loader and authenticated document loader without enforcing a maximum redirect count or visited-URL loop detection. An attacker who controls a remote ActivityPub key or actor URL can force a server using Fedify to mak...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the x3fthumbloader process. An attacker can execute arbitrary code or cause a denial of service by supplying a specially crafted file. Remediation Upgrade libraw to version 0.22.1 or higher. References ...
EUVD-2026-19620
A heap-based buffer overflow vulnerability exists in the x3fthumbloader functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2026-20889
A heap-based buffer overflow vulnerability exists in the x3fthumbloader functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...