EulerOS Virtualization 2.13.1 : qemu (EulerOS-SA-2026-2156)

According to the versions of the qemu packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in QEMU. A specially crafted VMDK image could trigger an out-of-bounds read vulnerability, potentially leading to a...

PT-2026-46964

7-Zip is a file archiver with a high compression ratio. Versions 9.34 through 26.00 contain a heap memory disclosure via SquashFS fragment offset integer overflow on 32-bit builds. 32-bit integer overflow in the SquashFS ReadBlock function allows an attacker-controlled node.Offset value to bypass...

GHSA-48CH-P4GQ-X46X Vikunja Missing Authorization on CalDAV Task Read

Summary The CalDAV GetResource and GetResourcesByList methods fetch tasks by UID from the database without verifying that the authenticated user has access to the task's project. Any authenticated CalDAV user who knows or guesses a task UID can read the full task data from any project on the...

CVE-2025-12899

A flaw in Zephyr’s network stack allows an IPv4 packet containing ICMP type 128 to be misclassified as an ICMPv6 Echo Request. This results in an out-of-bounds memory read and creates a potential information-leak vulnerability in the networking subsystem...

CVE-2025-12899 net: icmp: Out of bound memory read

A flaw in Zephyr’s network stack allows an IPv4 packet containing ICMP type 128 to be misclassified as an ICMPv6 Echo Request. This results in an out-of-bounds memory read and creates a potential information-leak vulnerability in the networking subsystem...

FUSE-Rust: Uninitalized memory read and leak caused by fuser crate

During the creation of a new libfuse session with fusesessionnew, the operation list was passed as NULL incorrectly. libfuse expects this argument to always point to list of operations. This caused uninitialized memory read and leaks in libfuse.so...

xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Data Leak in XFIXES Extension's XFixesSetClientDisconnectMode

A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests...

CVE-2019-2162

In libxaac there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112713720...