22 matches found
CVE-2026-32775
libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exifmnotedatagetvalue function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow...
CVE-2026-32775
libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exifmnotedatagetvalue function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow...
UBUNTU-CVE-2026-26066
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted profile contain invalid IPTC data may cause an infinite loop when writing it with IPTCTEXT. Versions 7.1.2-15 and 6.9.13-40 contain a patch...
EUVD-2020-7361
Malware in sbrugna...
EUVD-2023-39177
Malicious code in bioql PyPI...
EUVD-2024-0058
Malicious code in bioql PyPI...
ALPINE-CVE-2025-27465
Certain instructions need intercepting and emulating by Xen. In some cases Xen emulates the instruction by replaying it, using an executable stub. Some instructions may raise an exception, which is supposed to be handled gracefully. Certain replayed instructions have additional logic to set up an...
PT-2025-23136 · Vllm · Vllm
Name of the Vulnerable Software and Affected Versions: vLLM versions 0.7.0 through 0.8.x Description: The issue concerns a security and data integrity problem in the image hashing method of the MultiModalHasher class. Specifically, the method serializes PIL.Image.Image objects using only...
CVE-2023-25819
Discourse is an open source platform for community discussion. Tags that are normally private are showing in metadata. This affects any site running the tests-passed or beta branches = 3.1.0.beta2. The issue is patched in the latest beta and tests-passed version of Discourse...
GHSA-927Q-G9W9-PM54 Panic in mp3-metadata due to the lack of bounds checking
The getid3 methods used by mp3metadata::readfromslice does not perform adequate bounds checking when recreating the tag due to the use of desynchronization. Fixed in Fix index error, released as part of 0.4.0...
PT-2025-19406 · Crates.Io · Mp3-Metadata
The get id3 methods used by mp3 metadata::read from slice does not perform adequate bounds checking when recreating the tag due to the use of desynchronization. Fixed in Fix index error, released as part of 0.4.0...
kernel security update
5.14.0-503.40.15.OL9 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug:...
CVE-2025-43961
In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser...
CVE-2025-43961
In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser...
Linux Distros Unpatched Vulnerability : CVE-2021-20316
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata,...
Cisco Webex Meetings Meeting Information and Metadata Issue June 2024
In early May 2024, Cisco identified bugs in Cisco Webex Meetings that we now believe were leveraged in targeted security research activity allowing unauthorized access to meeting information and metadata in Cisco Webex deployments for certain customers. These bugs have been addressed and a fix ha...
SUSE-SU-2024:1886-1 Security update for gstreamer-plugins-base
This update for gstreamer-plugins-base fixes the following issues: - CVE-2024-4453: Fixed lack of proper validation of user-supplied data when parsing EXIF metadata bsc1224806...
Moderate: Red Hat Security Advisory: Satellite 6.13.1 Async Security Update
Updated Satellite 6.13 packages that fixes important security bugs and several regular bugs are now available for Red Hat Satellite. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet...
PT-2022-33314 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.6 Description: The issue is related to a null pointer dereference in the xfrm policy metadata dst-dev xmit. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux...
USN-4576-1 linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities
Hadar Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2020-16119 Jay Shin...