[SECURITY] [DSA 6361-1] ffmpeg security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6361-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 22, 2026 https://www.debian.org/security/faq -...

CVE-2026-48110

Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.0, several russh client and server message handlers decoded attacker-controlled SSH strings, name-lists, and byte fields into owned allocations before applying field-specific bounds. A remote SSH peer could se...

CVE-2026-48110 Russh: SSH message fields were decoded through allocation-first parsers before field-specific bounds

Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.0, several russh client and server message handlers decoded attacker-controlled SSH strings, name-lists, and byte fields into owned allocations before applying field-specific bounds. A remote SSH peer could se...

go-billy 安全漏洞

Go-Billy is an open-source file system abstraction library developed by go-git. Versions of Go-Billy prior to 5.9.0 and 6.0.0-alpha.1 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of specially crafted or malformed inputs by multiple components, which cou...

CVE-2026-44502

Bugsink is a self-hosted error tracking tool. Prior to 2.1.3, Bugsink’s webhook URL validation could be partially bypassed because of a mismatch in URL parsing. The original validation logic parsed webhook URLs with Python’s urllib.parse.urlparse, then sent the request with requests.post. For...

EUVD-2026-31855

Bugsink is a self-hosted error tracking tool. Prior to 2.1.3, Bugsink’s webhook URL validation could be partially bypassed because of a mismatch in URL parsing. The original validation logic parsed webhook URLs with Python’s urllib.parse.urlparse, then sent the request with requests.post. For...

CVE-2026-45190

A flaw was found in Net::CIDR::Lite, a Perl module for handling IP address ranges. This vulnerability allows a remote attacker to bypass IP Access Control Lists ACLs due to improper validation of IP address and CIDR Classless Inter-Domain Routing mask inputs. Specifically, inputs containing...

Oracle MySQL Server JSON Component Denial of Service Vulnerability

Oracle MySQL Server is an open source relational database management system that provides data storage, querying and management capabilities. A denial of service vulnerability exists in Oracle MySQL Server. The vulnerability stems from a failure of the Server: JSON component to properly handle...

Markdown 安全漏洞

Markdown is a Go library developed by gomarkdown, which is used to parse Markdown text and render it as HTML. There is a security vulnerability in Markdown, which arises from the use of SmartypantsRenderer when processing malformed inputs containing characters but no subsequent text. This can lea...

JLSEC-2026-84

A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service...

JLSEC-2026-85 A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an...

A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INTMIN...

CVE-2026-5745

A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within the archiveaclfromtextnl function. When processing a malformed ACL string such as a bare "d" or "default" tag without subsequent fields, the function fails to perform...

EulerOS 2.0 SP10 : golang (EulerOS-SA-2026-1310)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the...

CVE-2025-65296

NULL-pointer dereference vulnerabilities in Aqara Hub M2 4.3.60027, Hub M3 4.3.60025, and Camera Hub G3 4.1.90027 in the JSON processing enable denial-of-service attacks through malformed JSON inputs...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: poppler (UTSA-2025-988627)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988627 advisory. A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with...

Important: cuda-nsight-systems-13-0

Issue Overview: NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A successful exploit of this vulnerability may lead to a partial denial of service. CVE-2025-23248 NVIDIA...

CVE-2025-27060

Memory corruption while performing SCM call with malformed inputs...

CVE-2025-27060

Memory corruption while performing SCM call with malformed inputs...

EUVD-2025-33240

Memory corruption while performing SCM call with malformed inputs...

CVE-2025-27060 Untrusted Pointer Dereference in TZ Firmware

Memory corruption while performing SCM call with malformed inputs...