24 matches found
CVE-2026-53257
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: enforce HE/EHT cap/oper consistency Xiang Mei reports that mac80211 could crash if ehtcap is set but ehtoper isn't. Rather than fixing that for the individual users, enforce that both HE/EHT have consistent elemen...
CVE-2026-9918 vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-GQC5-P594-9CHJ vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-VHP9-V4R9-MXWJ vulnerabilities
Vulnerabilities for packages: chromium...
CVE-2026-5903 vulnerabilities
Vulnerabilities for packages: chromium...
yggdrasil security update
0.4.8-3 - Bump release for rebuild...
CVE-2026-32116
Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. From 0.21.0 to before 0.23.0, receiving a file wormhole receive from a malicious party could result in overwriting critical local files, including /.ssh/authorizedkeys and .bashrc. This cou...
CVE-2026-3061 vulnerabilities
Vulnerabilities for packages: chromium...
CVE-2026-21941 affecting package mysql for versions less than 8.0.45-1
CVE-2026-21941 affecting package mysql for versions less than 8.0.45-1. An upgraded version of the package is available that resolves this issue...
CVE-2025-71176
CVE-2025-71176 affects pytest up to 9.0.2 on UNIX: it relies on predictable temporary directories named /tmp/pytest-of-{user}, which can enable a local attacker to cause a denial of service and potentially gain privileges via insecure temporary directory handling. The provided sources describe th...
IBM DB2 Privilege Escalation (7250486) (Unix)
According to its self-reported version number, IBM Db2 on Unix may be affected by a vulnerability: - IBM Db2 12.1.0 through 12.1.3 for Linux, UNIX and Windows includes Db2 Connect Server under specific configurations could allow a local user to execute malicious code that escalate their privilege...
GHSA-9Q78-27F3-2JMH vulnerabilities
Vulnerabilities for packages: zola...
GHSA-9WPW-6VG5-7W9G vulnerabilities
Vulnerabilities for packages: openjdk-25-openj9, openjdk-21-openj9, openjdk-17-openj9, openjdk-11-openj9, openjdk-26-openj9, openjdk-8-openj9...
GHSA-5GMG-GQ5Q-XV3F vulnerabilities
Vulnerabilities for packages: openjdk...
assimp: Open Asset Import Library Assimp ASE File ASEParser.cpp ParseLV4MeshBonesVertices heap-based overflow
A flaw has been found in the Open Asset Import Library assimp. In affected versions, a malformed ASE file may trigger a heap-based buffer overflow, which may lead to an application crash or other undefined behavior...
firefox: thunderbird: Use-after-free in FontFaceSet
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: A use-after-free in FontFaceSet resulted in a potentially exploitable crash...
Updated golang packages fix security vulnerabilities
Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673. os: inconsistent handling of OCREATE|OEXCL on Unix and Windows os.OpenFilepath, os.OCREATE|OEXCL behaved differently on Unix and Windows systems when th...
libreoffice: Improper Input Validation leading to arbitrary gstreamer plugin execution
An improper input validation vulnerability was found in LibreOffice. In versions where filenames are not sufficiently escaped, an attacker can execute arbitrary GStreamer plugins...
Mozilla: Symlinks may resolve to smaller than expected buffers
The Mozilla Foundation Security Advisory describes this flaw as: When resolving a symlink, a race may occur where the buffer passed to readlink may actually be smaller than necessary. This bug only affects Firefox on Unix-based operating systems Android, Linux, MacOS. Windows is unaffected...
SUSE CVE-2023-39321
Processing an incomplete post-handshake message for a QUIC connection can cause a panic...