CVE-2026-45615

mouse07410/asn1c is an ASN.1 compiler. In 1.4 and earlier, a memory safety vulnerability was identified in the OER decoding skeleton files generated by asn1c specifically INTEGERoer.c. When parsing a maliciously crafted, zero-length OER payload for a variable-length, non-negative INTEGER type, th...

CVE-2026-45615

mouse07410/asn1c is an ASN.1 compiler. In 1.4 and earlier, a memory safety vulnerability was identified in the OER decoding skeleton files generated by asn1c specifically INTEGERoer.c. When parsing a maliciously crafted, zero-length OER payload for a variable-length, non-negative INTEGER type, th...

CVE-2026-43405

In the Linux kernel, the following vulnerability has been resolved: libceph: Use u32 for non-negative values in cephmonmapdecode This patch fixes unnecessary implicit conversions that change signedness of bloblen and nummon in cephmonmapdecode. Currently bloblen and nummon are signed int variable...

CVE-2026-42440 Apache OpenNLP: OOM DoS via Unbounded Array Allocation in AbstractModelReader

OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReader Versions Affected: before 1.9.5 before 2.5.9 before 3.0.0-M3 Description: The AbstractModelReader methods getOutcomes, getOutcomePatterns, and getPredicates each read a 32-bit signed integer count field...

CLSA-2026-1772810768 python3: Fix of CVE-2025-8194

CVE-2025-8194: tarfile: validate archives to ensure non-negative member offsets to prevent infinite loop and resource exhaustion...

CLSA-2026-1772577130 python: Fix of CVE-2025-8194

CVE-2025-8194: tarfile now validates archives to ensure member offsets are non-negative...

python: Fix of CVE-2025-8194

CVE-2025-8194: tarfile now validates archives to ensure member offsets are non-negative...

CLSA-2026-1772576551 python: Fix of CVE-2025-8194

CVE-2025-8194: tarfile now validates archives to ensure member offsets are non-negative...

CVE-2025-68316

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix invalid probe error return value After DME Link Startup, the error return value is set to the MIPI UniPro GenericErrorCode which can be 0 SUCCESS or 1 FAILURE. Upon failure during driver probe, the error code...

EUVD-2018-4030

Malware in sbrugna...

python3 security update

3.6.8-21.0.5 - tarfile now validates archives to ensure member offsets are non-negative Orabug: 38442771CVE-2025-8194...

CLSA-2025-1759248934 python3: Fix of CVE-2025-8194

CVE-2025-8194: tarfile: validate archives to ensure non-negative member offsets...

CLSA-2025-1759246699 python3: Fix of CVE-2025-8194

CVE-2025-8194: tarfile: validate archives to ensure non-negative member offsets...

kernel security update

4.18.0-553.76.110.OL8 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...

CLSA-2025-1758101956 Fix CVE(s): CVE-2025-8194

SECURITY UPDATE: defect in 'tarfile' module leads to infinite loop and deadlock in parsing of maliciously crafted tar archives - debian/patches/CVE-2025-8194.patch: Validate archives to ensure member offsets are non-negative - CVE-2025-8194...

CLSA-2025-1758101854 Fix CVE(s): CVE-2025-8194

SECURITY UPDATE: defect in TarFile module leading to infinite loop and deadlock - debian/patches/CVE-2025-8194.patch: Validate archives to ensure member offsets are non-negative - CVE-2025-8194...

elliptic: Missing Validation in Elliptic's EDDSA Signature Verification

A flaw was found in the Elliptic package. This vulnerability allows attackers to bypass EDDSA signature validation via improper handling of signature values where the S component of the signature is not properly checked for being non-negative or smaller than the curve order...

Unbreakable Enterprise kernel security update

4.14.35-2047.539.5 - Revert 'mm/writeback: fix possible divide-by-zero in wbdirtylimits, again' Jan Kara - net/mlx5e: drop shorter ethernet frames Manjunath Patil Orabug: 36879158 CVE-2024-41090 CVE-2024-41091 4.14.35-2047.539.4 - Fix parsing error in UEK5 kernel-uek-spec Yifei Liu Orabug: 368471...

SUSE SLES15 Security Update : kernel RT (Live Patch 7 for SLE 15 SP4) (SUSE-SU-2023:2367-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2023:2367-1 advisory. This update for the Linux Kernel 5.14.21-1504001528 fixes one issue. The following security issue was fixed: - CVE-2023-23454: Fixed a type-confusion i...

CLSA-2023-1678820123 Fix CVE(s): CVE-2023-1175

SECURITY UPDATE: Illegal memory access when using virtual editing - debian/patches/CVE-2023-1175: Make sure "startspaces" is not negative - CVE-2023-1175...