[SECURITY] Fedora 43 Update: python-cron-converter-1.2.2-1.fc43

Cron-converter provides a Cron string parser from string/lists to string/lists and iteration for the datetime object with a cron like format...

HCL iAutomate 安全漏洞

HCL iAutomate is a powerful and intelligent runbook automation product from HCL India. A security vulnerability exists in HCL iAutomate version v6.5.1 and v6.5.2, which stems from using the HTTP GET method to process a request and including sensitive information in the query string, which could...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989590)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989590 advisory. In the Linux kernel, the following vulnerability has been resolved: thermal: core: prevent potential string overflow The dev-id value comes from idaalloc so it's a...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990147)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990147 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Prevent OOB read/write in usbstringcopy Userspace provided string 's' coul...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989787)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989787 advisory. In the Linux kernel, the following vulnerability has been resolved: firmware: armscpi: Fix string overflow in SCPI genpd driver Without the bound checks for...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989668)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989668 advisory. In the Linux kernel, the following vulnerability has been resolved: ethtool: strset: fix message length calculation Outer nest for ETHTOOLASTRSETSTRINGSETS is not...

PT-2025-45150

Name of the Vulnerable Software and Affected Versions HCL iAutomate versions 6.5.1 through 6.5.2 Description HCL iAutomate versions 6.5.1 and 6.5.2 have a sensitive information disclosure issue. The application uses an HTTP GET method to process requests, including sensitive information within th...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990031)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990031 advisory. In the Linux kernel, the following vulnerability has been resolved: thermal: core: prevent potential string overflow The dev-id value comes from idaalloc so it's a...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990329)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990329 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Prevent OOB read/write in usbstringcopy Userspace provided string 's' coul...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988877)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988877 advisory. In the Linux kernel, the following vulnerability has been resolved: ceph: properly put cephstring reference after async create attempt The reference acquired by...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988815)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988815 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Ensure liveliness of nested VM-Enter fail tracepoint message Use the string machinery...

CLSA-2025-1762180717 Fix CVE(s): CVE-2022-2343, CVE-2022-2522

SECURITY UPDATE: Reading past end of completion with a long line and 'infercase' set - debian/patches/CVE-2022-2343.patch: Allocate the string if needed - CVE-2022-2343 SECURITY UPDATE: Accessing uninitialized memory when completing long line - debian/patches/CVE-2022-2522.patch: Terminate string...

Exploit for Cross-site Scripting in Phpmyadmin

CVE-2014-9219 CVE-2014-9219 XSS POC About The vulnerability...

[SECURITY] Fedora 43 Update: qt5-qtbase-5.15.17-6.fc43

Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling...

Astra Linux - уязвимость в iniparser

iniparser v4.1 is vulnerable to NULL Pointer Dereference in function iniparsergetlongint which misses check NULL for function iniparsergetstring's return...

Eval Injection

Overview litdb is an A literature database tool with GPT integration. Affected versions of this package are vulnerable to Eval Injection via the parseschemadsl function in the extract.py file, which unsafely uses the eval function. This allows an attacker to execute arbitrary Python code on the...

[SECURITY] Fedora 42 Update: qt5-qtbase-5.15.17-2.fc42

Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling...

Astra Linux - уязвимость в tcl8.6

In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding...

CVE-2025-61725

The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption. Mitigation Mitigation for this issue is either not available or the currently available options do...

EUVD-2025-37195

Kitware VTK Visualization Toolkit 9.5.0 is vulnerable to Heap Use-After-Free in vtkGLTFImporter::ImportActors. When processing GLTF files with invalid scene node references, the application accesses string members of mesh objects that have been previously freed during actor import operations...