CVE-2026-33055 tar-rs incorrectly ignores PAX size headers if header size is nonzero

tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518, the astral-tokio-tar project was changed to correctly honor PAX size headers in the...

[SECURITY] [DLA 4478-1] tcpflow security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4478-1 [email protected] https://www.debian.org/lts/security/ Paride Legovini February 10, 2026 https://wiki.debian.org/LTS -...

MiracleLinux 3 : tetex-3.0-33.15.1.0.1.AXS3 (AXSA:2012-906:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-906:01 advisory. TeTeX is an implementation of TeX for Linux or UNIX systems. TeX takes a text file and a set of formatting commands as input and creates a...

SUSE-SU-2026:20243-1 Security update for gpg2

This update for gpg2 fixes the following issues: - CVE-2025-68973: out-of-bounds write when processing specially crafted input in the armor parser can lead to memory corruption bsc1255715. Other security fixes: - gpg: Avoid potential downgrade to SHA1 in 3rd party key signatures bsc1256246. - gpg...

MiracleLinux 8 : raptor2-2.0.15-17.el8_10 (AXSA:2025-9547:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9547:01 advisory. raptor: integer underflow when normalizing a URI with the turtle parser CVE-2024-57823 Tenable has extracted the preceding description block directly from th...

TencentOS Server 4: exiv2 (TSSA-2024:0274)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0274 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

SUSE: Security Advisory (SUSE-SU-2025:3779-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EUVD-2017-4513

Malware in sbrugna...

CVE-2025-61600 Unbounded Memory Allocation in Stalwart IMAP parser

Stalwart is a mail and collaboration server. Versions 0.13.3 and below contain an unbounded memory allocation vulnerability in the IMAP protocol parser which allows remote attackers to exhaust server memory, potentially triggering the system's out-of-memory OOM killer and causing a denial of...

Linux Distros Unpatched Vulnerability : CVE-2018-11418

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the litreadcodeunitfromutf8 function via a RegExp\u0020 payload, related t...

CVE-2025-26443

In parseHtml of HtmlToSpannedParser.java, there is a possible way to install apps without allowing installation from unknown sources due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...

Linux Distros Unpatched Vulnerability : CVE-2018-19837

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In LibSass prior to 3.5.5, Sass::Eval::operatorSass::BinaryExpression inside eval.cpp allows attackers to cause a denial-of-service resulting from stack...

Linux Distros Unpatched Vulnerability : CVE-2018-18385

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Asciidoctor in versions 1.5.8 allows remote attackers to cause a denial of service infinite loop. The loop was caused by the fact that Parser.nextblock was not...

Linux Distros Unpatched Vulnerability : CVE-2024-34507

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur...

go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

A flaw was found in the go/build/constraint package of the Golang standard library. Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion...

PYSEC-2024-299

Reachable Assertion in BPv7 parser in µD3TN v0.14.0 allows attacker to disrupt service via malformed Extension Block...

MGASA-2024-0307 Updated clamav packages fix security vulnerabilities

Fixed a possible out-of-bounds read bug in the PDF file parser that could cause a denial-of-service DoS condition. CVE-2024-20505 Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the 'clamd' or 'freshclam'...

JSON-java: parser confusion leads to OOM

A flaw was found in the org.json package. A bug in the parser exists, and an input string may lead to undefined usage of memory, leading to an out-of-memory error, causing a denial of service DoS...

JSON-java: parser confusion leads to OOM

A flaw was found in the org.json package. A bug in the parser exists, and an input string may lead to undefined usage of memory, leading to an out-of-memory error, causing a denial of service DoS...

JSON-java: parser confusion leads to OOM

A flaw was found in the org.json package. A bug in the parser exists, and an input string may lead to undefined usage of memory, leading to an out-of-memory error, causing a denial of service DoS...