Fedora 43 : python-pdfminer (2025-e77e051f0c)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-e77e051f0c advisory. Update to 20251230: security fix for CVE-2025-64512 https://github.com/pdfminer/pdfminer.six/blob/20251230/CHANGELOG.md Tenable has extracted the preceding...

CVE-2026-21692

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in ToXmlCurve at IccXML/IccLibXML/IccMpeXml.cpp. This...

EUVD-2026-1384

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in CIccSegmentedCurveXml::ToXml at...

CVE-2026-21692

Summary: CVE-2026-21692 affects iccDEV libraries that process ICC color profiles. A Type Confusion vulnerability exists in the ToXmlCurve() implementation (IccXML/IccLibXML/IccMpeXml.cpp) for versions prior to 2.3.1.2. A patch is available in 2.3.1.2. The Red Hat and NVD entries corroborate this ...

CVE-2026-21691 iccDEV has Type Confusion in CIccTag:IsTypeCompressed()

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in CIccTag:IsTypeCompressed. This vulnerability affects users o...

CVE-2026-21684 iccDEV has Undefined Behavior in CIccTagSpectralViewingConditions()

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in CIccTagSpectralViewingConditions. This vulnerability affects users of th...

CVE-2026-21679

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap-buffer-overflow in CIccLocalizedUnicode::GetText. This issue has been patched in version 2.3.1.2...

CVE-2026-21504

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap buffer overflow in the ToneMap parser. This issue has been patched in version 2.3.1.2...

CVE-2026-21506 iccDEV is Vulnerable to Null Pointer Dereference in CIccProfileXml::ParseBasic() Leading to Denial of Service

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to Null pointer dereference in CIccProfileXml::ParseBasic, leading to denial of service. This issue has been...

EUVD-2026-1412

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap buffer overflow in the ToneMap parser. This issue has been patched in version 2.3.1.2...

CVE-2026-21500 Stack Overflow in iccDEV XML Calculator Macro Expansion

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to stack overflow in the XML calculator macro expansion. This issue has been patched in version 2.3.1.2...

EUVD-2026-1409

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the signature parser. This issue has been patched in version 2.3.1.2...

CVE-2024-14020

A weakness has been identified in carboneio carbone up to fbcd349077ad0e8748be73eab2a82ea92b6f8a7e. This impacts an unknown function of the file lib/input.js of the component Formatter Handler. Executing a manipulation can lead to improperly controlled modification of object prototype attributes...

CVE-2019-12846

A user without the required permissions could gain access to some JetBrains TeamCity settings. The issue was fixed in TeamCity 2018.2.2...

CVE-2019-12397

Policy import functionality in Apache Ranger 0.7.0 to 1.2.0 is vulnerable to a cross-site scripting issue. Upgrade to 2.0.0 or later version of Apache Ranger with the fix...

Harvest May Expose OS Default SSH Login Password Via SUSE Virtualization Interactive Installer

Impact Projects using the SUSE Virtualization Harvester environment are vulnerable to this exploit if they are using the 1.5.x or 1.6.x interactive installer to either create a new cluster or add new hosts to an existing cluster. The environment is not affected if the PXE boot mechanism is utiliz...

CVE-2025-59158

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Coolify versions prior to and including v4.0.0-beta.420.6 are vulnerable to a stored cross-site scripting XSS attack in the project creation workflow. An authenticated user with low privileges e.g....

jsPDF has Local File Inclusion/Path Traversal vulnerability

Impact User control of the first argument of the loadFile method in the node.js build allows local file inclusion/path traversal. If given the possibility to pass unsanitized paths to the loadFile method, a user can retrieve file contents of arbitrary files in the local file system the node proce...

Android XR Bulletin—January 2026Stay organized with collectionsSave and categorize content based on your preferences.

The XR Security Bulletin contains details of security vulnerabilities affecting the XR platform. The full XR update comprises the security patch level of 2026-01-05 or later from the January 2026 Android Security Bulletin in addition to all issues in this bulletin. We encourage all customers to...

CVE-2026-21484

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to commit e287fab56089cf8fcea9ba579a3ecdeca0daa313, the password recovery endpoint returns different error messages depending on whether a username exists, so enabling...