Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : ImageMagick vulnerabilities (USN-8007-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8007-1 advisory. It was discovered that ImageMagick incorrectly handled image depth values when processing MIF...

ALSA-2026:1913 Moderate: util-linux security update

The util-linux packages contain a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, these include the fdisk configuration tool and the login program. Security Fixes: util-linux: util-linux: Heap buffer overread in setpwnam when processing...

PT-2026-6330

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.3 Description iccDEV is a set of libraries and tools for interacting with ICC color management profiles. A flaw exists in the color management module due to improper array bounds validation when processing ICC...

CVE-2026-25223 Fastify's Content-Type header tab character allows body validation bypass

Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.2, a validation bypass vulnerability exists in Fastify where request body validation schemas specified by Content-Type can be completely circumvented. By appending a tab character \t followed by arbitrary content ...

CVE-2025-47402

Transient DOS when processing a received frame with an excessively large authentication information element...

CVE-2025-47398

Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers...

CVE-2025-47397

Memory Corruption when initiating GPU memory mapping using scatter-gather lists due to unchecked IOMMU mapping errors...

CVE-2026-25150 Prototype Pollution via FormData Processing in Qwik City

Qwik is a performance focused javascript framework. Prior to version 1.19.0, a prototype pollution vulnerability exists in the formToObj function within @builder.io/qwik-city middleware. The function processes form field names with dot notation e.g., user.name to create nested objects, but fails ...

Prototype Pollution via FormData Processing in Qwik City

Summary A Prototype Pollution vulnerability exists in the formToObj function within @builder.io/qwik-city middleware. The function processes form field names with dot notation e.g., user.name to create nested objects, but fails to sanitize dangerous property names like proto, constructor, and...

CVE-2025-64438

Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group . Prior to versions 3.4.1, 3.3.1, and 2.6.11, a remotely triggerable Out-of-Memory OOM denial-of-service exists in Fast -DDS when processing RTPS GAP submessages under RELIABLE QoS. B...

CVE-2026-1285

A flaw was found in Django. A remote attacker can exploit this vulnerability by providing crafted inputs containing a large number of unmatched HTML end tags to the django.utils.text.Truncator.chars and Truncator.words methods when html=True, or through the truncatecharshtml and truncatewordshtml...

CVE-2025-64438 Fast-DDS: Unbounded GAP range triggers OOM DoS under RELIABLE QoS

Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group . Prior to versions 3.4.1, 3.3.1, and 2.6.11, a remotely triggerable Out-of-Memory OOM denial-of-service exists in Fast -DDS when processing RTPS GAP submessages under RELIABLE QoS. B...

CVE-2025-64438

CVE-2025-64438 affects Fast DDS, a C++ implementation of the DDS standard. The issue is an Out-of-Memory (OOM) denial-of-service triggered remotely when processing RTPS GAP submessages under RELIABLE QoS: sending a GAP packet with a huge gap range causes StatefulReader::processGapMsg() to loop un...

CVE-2026-1285

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. django.utils.text.Truncator.chars and Truncator.words methods with html=True and the truncatecharshtml and truncatewordshtml template filters allow a remote attacker to cause a potential denial-of-service via...

USN-8008-1: Keystone Middleware vulnerability

Grzegorz Grasza discovered that the Keystone Middleware incorrectly sanitized authentication headers before processing OAuth 2.0 tokens. An attacker could possibly use this issue to escalate privileges or impersonate other users...

CLSA-2026-1770116781 java-1.8.0-openjdk: Fix of 5 CVEs

CVE-2026-21945: security component vulnerability allowing unauthenticated attackers with network access to cause denial of service - CVE-2026-21933: networking component vulnerability allowing unauthenticated attackers with network access to compromise confidentiality and integrity -...

USN-8007-1 imagemagick vulnerabilities

It was discovered that ImageMagick incorrectly handled image depth values when processing MIFF image files. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. CVE-2025-43965 It was discovered that ImageMagick incorrectly processed SVG images and MSL...

CVE-2026-1788

: Out-of-bounds Write vulnerability in Xquic Project Xquic Server xquic on Linux QUIC protocol implementation, packet processing module modules allows : Buffer Manipulation.This issue affects Xquic Server: through 1.8.3...

CVE-2025-67479

A flaw was found in Wikimedia Foundation MediaWiki and Cite. This vulnerability is associated with the software's parsing and sanitization functions, specifically within CoreParserFunctions.Php and Sanitizer.Php. While the exact method of exploitation and its consequences are not fully detailed,...

CVE-2026-1788 Buffer Overflow in Xquic Server

: Out-of-bounds Write vulnerability in Xquic Project Xquic Server xquic on Linux QUIC protocol implementation, packet processing module modules allows : Buffer Manipulation.This issue affects Xquic Server: through 1.8.3...