CVE-2025-14819

When doing TLS related transfers with reused easy or multi handles and altering the CURLSSLOPTNOPARTIALCHAIN option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcur...

CVE-2025-14819

CVE-2025-14819 concerns libcurl. When performing TLS transfers with reused easy/multi handles and altering CURLSSLOPT_NO_PARTIALCHAIN, libcurl could reuse a CA store cached in memory where the partial-chain setting was reversed, causing it to accept a trust chain it would otherwise reject. This i...

Security Bulletin: Remote Exploitable Java SE Serialization Weakness Causing Partial DoS, affects watsonx.data

Summary Vulnerability in Java SE component: Serialization. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of...

libpng: LIBPNG out-of-bounds read in png_image_read_composite

An out of bounds read vulnerability has been discovered in libpng. This vulnerability is in libpng's simplified API allows reading up to 1012 bytes beyond the pngsRGBbase512 array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger...

libpng: LIBPNG out-of-bounds read in png_image_read_composite

An out of bounds read vulnerability has been discovered in libpng. This vulnerability is in libpng's simplified API allows reading up to 1012 bytes beyond the pngsRGBbase512 array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger...

libpng: LIBPNG out-of-bounds read in png_image_read_composite

An out of bounds read vulnerability has been discovered in libpng. This vulnerability is in libpng's simplified API allows reading up to 1012 bytes beyond the pngsRGBbase512 array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger...

libpng: LIBPNG out-of-bounds read in png_image_read_composite

An out of bounds read vulnerability has been discovered in libpng. This vulnerability is in libpng's simplified API allows reading up to 1012 bytes beyond the pngsRGBbase512 array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger...

libpng: LIBPNG out-of-bounds read in png_image_read_composite

An out of bounds read vulnerability has been discovered in libpng. This vulnerability is in libpng's simplified API allows reading up to 1012 bytes beyond the pngsRGBbase512 array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger...

CURL-CVE-2025-14819 OpenSSL partial chain store policy bypass

When doing TLS related transfers with reused easy or multi handles and altering the CURLSSLOPTNOPARTIALCHAIN option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcur...

OpenSSL partial chain store policy bypass

When doing TLS related transfers with reused easy or multi handles and altering the CURLSSLOPTNOPARTIALCHAIN option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcur...

CVE-2025-14819

When doing TLS related transfers with reused easy or multi handles and altering the CURLSSLOPTNOPARTIALCHAIN option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcur...

UBUNTU-CVE-2025-14819

When doing TLS related transfers with reused easy or multi handles and altering the CURLSSLOPTNOPARTIALCHAIN option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcur...

PT-2026-4491

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The free choose arg map function may dereference a NULL pointer if its caller fails after a partial allocation. Specifically, in the decode choose args function, if the allocation of arg...

PT-2026-34167

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox version 7.2.6 Description An issue in the Core component of Oracle VM VirtualBox allows a high privileged attacker with logon access to the infrastructure where the software executes to compromise the system. Successful...

PT-2026-5540

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s etas es58x CAN driver where a partial allocation of RX URBs could lead to a memory leak. Specifically, the es58x alloc rx urbs function, when failing ...

PT-2026-34088

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26 Oracle GraalVM for JDK versions 17.0.18, 21.0.10 Oracle GraalVM Enterprise Edition version 21.3.17 Description An issue in the JSSE component allows an...

PT-2026-34086

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26 Oracle GraalVM for JDK versions 17.0.18, 21.0.10 Oracle GraalVM Enterprise Edition version 21.3.17 Description An issue in the Libraries component allo...

CVE-2025-64528

Discourse is an open source discussion platform. Prior to versions 3.5.3, 2025.11.1, and 2025.12.0, an attacker who knows part of a username can find the user and their full name via UI or API, even when enablenames is disabled. Versions 3.5.3, 2025.11.1, and 2025.12.0 contain a fix...

CVE-2025-15103

DVP-12SE11T - Authentication Bypass via Partial Password Disclosure...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993204)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993204 advisory. In the Linux kernel, the following vulnerability has been resolved: xen/gntdev: Prevent leaking grants Prior to this commit, if a grant mapping operation failed...