ROOT-OS-UBUNTU-2404-CVE-2025-38711 CVE-2025-38711 in rootio-linux - Patched by Root

Root has patched CVE-2025-38711 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

ROOT-OS-UBUNTU-2204-CVE-2025-38331 CVE-2025-38331 in rootio-linux - Patched by Root

Root has patched CVE-2025-38331 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

SUSE CVE-2026-42250

bzip2 contains an off-by-one error in the bzip2recover utility. When processing a specially crafted file, the application performs an out-of-bounds write to a global buffer, resulting in memory corruption and a crash denial of service. This issue was fixed in bzip2 patch...

DEBIAN-CVE-2026-42250

bzip2 contains an off‑by‑one error in the bzip2recover utility. When processing a specially crafted file, the application performs an out‑of‑bounds write to a global buffer, resulting in memory corruption and a crash denial of service. This issue was fixed in bzip2...

PT-2026-42125

Name of the Vulnerable Software and Affected Versions NLnet Labs Unbound versions 1.19.1 through 1.25.0 Description A flaw in the DNSSEC validator allows for denial of service and potential remote code execution. The issue occurs during the deep copying of a data structure when DS sub-queries...

GHSA-6X44-W3XG-HQQF Coder: PKCS#7 signature bypass in Azure instance identity allows unauthenticated agent token theft

Summary azureidentity.Validate verifies that the PKCS7 signer certificate chains to a trusted Azure CA but never verifies the PKCS7 signature itself. An attacker can embed a legitimate Azure certificate alongside arbitrary content e.g. "vmId":"" and the forged vmId will be accepted returning the...

gitverify has improper tag signature verification

gitverify is still a prototype. Impact The bug is related to requireSignedTags which is on by default: an unsigned annotated tag would pass the verification. The commit pointed to by the tag would still have to be signed by a maintainer or a contributor. Patches Since the initial commit, fixed in...

CVE-2026-34534

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a heap-buffer-overflow HBO in CIccMpeSpectralMatrix::Describe. The issue is observable under AddressSanitizer as an out-of-bounds heap read when...

SUSE CVE-2026-33150

libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a use-after-free vulnerability in the iouring subsystem of libfuse allows a local attacker to crash FUSE filesystem processes and potentially execute arbitrary code. When iouring thread creati...

CVE-2026-29085 Hono: SSE Control Field Injection via CR/LF in writeSSE()

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using streamSSE in Streaming Helper, the event, id, and retry fields were not validated for carriage return \r or newline \n characters. Because the SSE protocol uses line breaks as...

CVE-2026-27821

GPAC is an open-source multimedia framework. In versions up to and including 26.02.0, a stack buffer overflow occurs during NHML file parsing in src/filters/dmxnhml.c. The value of the xmlHeaderEnd XML attribute is copied from att-value into szXmlHeaderEnd1000 using strcpy without any length...

GHSA-4JVR-VJ2C-8Q37 EVE Seals Vault Key With SHA1 PCRs

Impact The vault key is sealed using SHA1 PCRs instead of SHA256 PCRs Thus an attacker with physical access to an EVE-OS device can try to brute force creating a kernel or rootfs image which produces the same SHA1 PCR but with malicious content. Patches Fixed in 9.4.3-lts and 10.1.0 Workarounds N...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38193)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38193 advisory. - In the Linux kernel, the following vulnerability has been resolved: netsched: schsfq: reject invalid perturb...

CVE-2025-15539

A vulnerability was determined in Open5GS up to 2.7.6. Impacted is the function sgwcs11handledownlinkdatanotificationack of the file src/sgwc/s11-handler.c of the component sgwc. This manipulation causes denial of service. The attack can be initiated remotely. The exploit has been publicly...

EUVD-2025-26117

Malicious code in bioql PyPI...

PT-2025-40577

Name of the Vulnerable Software and Affected Versions QNAP versions prior to QTS 5.2.6.3195 build 20250715 QNAP versions prior to QuTS hero h5.2.6.3195 build 20250715 Description A NULL pointer dereference issue exists in QNAP operating systems. A remote attacker gaining administrator access can...

Linux Distros Unpatched Vulnerability : CVE-2021-47017

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ath10k: Fix a use after free in ath10khtcsendbundle In ath10khtcsendbundle, the bundleskb...

Linux Distros Unpatched Vulnerability : CVE-2024-40934

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: HID: logitech-dj: Fix memory leak in logidjrecvswitchtodjmode Fix a memory leak on...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Stop amdgpudm initialization when the number of links is greater than maxlinks. Reason The Coverity report indicates an OVERRUN warning. There are only maxlinks elements within dc-links. The number of links can...

GHSA-8QFF-QR5Q-5PR8 OpenPGP.js's message signature verification can be spoofed

Impact A maliciously modified message can be passed to either openpgp.verify or openpgp.decrypt, causing these functions to return a valid signature verification result while returning data that was not actually signed. This flaw allows signature verifications of inline non-detached signed messag...