Advisory ROSA-SA-2025-2842

Software: gdk-pixbuf2 2.36.12 OS: ROSA Virtualization 2.1 packageevrstring: gdk-pixbuf2-2.36.12-6.0.1.rv3 CVE-ID: CVE-2022-48622 BDU-ID: 2024-06670 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the GdkPixbuf image loading library is related to a heap memory corruption in aniloadchunk. Exploitation...

USN-7346-3 opensc vulnerabilities

USN-7346-1 fixed vulnerabilities in OpenSC. The update introduced a regression which broke smartcard based authentication. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that OpenSC did not correctly handle certain memory operations...

The vulnerability of ESET’s command-line scanner for anti-virus protection allows a hacker to execute arbitrary code.

The vulnerability of ESET’s command-line scanner for anti-virus protection is related to an uncontrolled element in the loading process of the version.dll library. Exploiting this vulnerability can allow a hacker to execute arbitrary code...

Important: Red Hat Security Advisory: webkit2gtk3 security update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

The vulnerability of the tarHandler component in the Grub2 operating system’s downloader allows a hacker to bypass the secure download mechanism.

The vulnerability of the tarHandler component in the Grub2 operating system’s loader involves writing beyond the buffer boundaries. Exploiting this vulnerability could allow an attacker to bypass the secure loading mechanism...

The vulnerability of the JPEG file loader for Grub2 operating systems, which allows a hacker to bypass the secure loading mechanism

The vulnerability of JPEG files loaded by Grub2 operating systems is related to writing beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to bypass the secure loading mechanism...

CVE-2025-30673

Sub::HandlesVia for Perl before 0.050002 allows untrusted code from the current working directory '.' to be loaded similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code...

Multiple deserialization vulnerabilities in PyTorch Lightning 2.4.0 and earlier versions

Overview PyTorch Lightning versions 2.4.0 and earlier do not use any verification mechanisms to ensure that model files are safe to load before loading them. Users of PyTorch Lightning should use caution when loading models from unknown or unmanaged sources. Description PyTorch Lightning, a...

Pexip Infinity 安全漏洞

Pexip Infinity Pexip Video Conferencing Cloud Collaboration Platform is a video conferencing cloud collaboration platform from the Norwegian company Pexip. The product provides high quality and secure cloud conferencing capabilities. A security vulnerability exists in Pexip Infinity versions prio...

graphql-ruby: Remote code execution when loading a crafted GraphQL schema

A flaw was found in graphql-ruby. In affected versions of graphq-ruby, loading a malicious schema definition in the GraphQL::Schema.fromintrospection or the GraphQL::Schema::Loader.load can cause remote code execution. Any system that loads a schema by JSON from an untrusted source is vulnerable,...

graphql-ruby: Remote code execution when loading a crafted GraphQL schema

A flaw was found in graphql-ruby. In affected versions of graphq-ruby, loading a malicious schema definition in the GraphQL::Schema.fromintrospection or the GraphQL::Schema::Loader.load can cause remote code execution. Any system that loads a schema by JSON from an untrusted source is vulnerable,...

Cisco IOS XR Data Forgery Issue Vulnerability

Cisco IOS XR is a set of operating systems developed by the American company Cisco Cisco for its network equipment. Cisco IOS XR suffers from a data forgery vulnerability that stems from insufficient module validation during software loading, which could be exploited by an attacker to launch...

The vulnerability of the Inventory module in the GLPI system, which handles requests, incidents, and inventory management of computer equipment, allows a perpetrator to execute arbitrary codes.

The vulnerability of the Inventory module in the GLPI system, which handles requests, incidents, and inventory management of computer equipment, involves unlimited loading of dangerous files. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2025-1385

When the library bridge feature is enabled, the clickhouse-library-bridge exposes an HTTP API on localhost. This allows clickhouse-server to dynamically load a library from a specified path and execute it in an isolated process. Combined with the ClickHouse table engine functionality that permits...

UBUNTU-CVE-2025-1385

When the library bridge feature is enabled, the clickhouse-library-bridge exposes an HTTP API on localhost. This allows clickhouse-server to dynamically load a library from a specified path and execute it in an isolated process. Combined with the ClickHouse table engine functionality that permits...

Remote Code Execution (RCE)

graphql-ruby is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe schema loading due to the ability to execute arbitrary code when processing a malicious schema definition using GraphQL::Schema.fromintrospection or GraphQL::Schema::Loader.load from an untrusted source...

Arbitrary Code Execution via Crafted Keras Config for Model Loading

...

CVE-2024-9157

UNSUPPORTED WHEN ASSIGNED A privilege escalation vulnerability in CxUIUSvc64.exe and CxUIUSvc32.exe of Synaptics audio drivers allows a local authorized attacker to load a DLL in a privileged process. Out of an abundance of caution, this CVE ID is being assigned to better serve our customers and...

Arbitrary Code Execution (ACE)

PickleScan is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to PickleScan failing to detect malicious pickle files when specific ZIP file flag bits are modified, allowing attackers to embed harmful pickle files that remain unnoticed while still being loaded by PyTorch’s...

CVE-2025-27407

A flaw was found in graphql-ruby. In affected versions of graphq-ruby, loading a malicious schema definition in the GraphQL::Schema.fromintrospection or the GraphQL::Schema::Loader.load can cause remote code execution. Any system that loads a schema by JSON from an untrusted source is vulnerable,...