13369 matches found
DEBIAN-CVE-2025-62708
pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream of a page using the LZWDecode filter. This has been fixed in pypdf version 6.1.3...
UBUNTU-CVE-2025-62708
pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream of a page using the LZWDecode filter. This has been fixed in pypdf version 6.1.3...
CVE-2025-62708
pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream of a page using the LZWDecode filter. This has been fixed in pypdf version 6.1.3...
curl: Use of Deprecated strcpy() with Fixed-Size Buffers in Progress Time Formatting
Step 2: Locate Vulnerable Code in Progress.c Find exact strcpy usage in toolprogress.c grep -n "strcpy" ./src/toolprogress.c OUTPUT: 94: strcpyr, "--:--:--"; Step 3: Analyze the Vulnerable Function View complete time2str function sed -n '/^static void time2str/,/^/p' ./src/toolprogress.c Vulnerab...
EUVD-2022-55056
In the Linux kernel, the following vulnerability has been resolved: f2fs: use spinlock to avoid hang 14696.634553 task:cat state:D stack: 0 pid:1613738 ppid:1613735 flags:0x00000004 14696.638285 Call Trace: 14696.639038 14696.640032 schedule+0x302/0x930 14696.640969 schedule+0x58/0xd0 14696.64179...
EUVD-2023-60017
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a potential data corruption We must ensure that the subrequests are joined back into the head before we can retransmit a request. If the head was not on the commit lists, because the server wrote it synchronously, we sti...
EUVD-2023-60016
In the Linux kernel, the following vulnerability has been resolved: ARM: 9317/1: kexec: Make smp stop calls asynchronous If a panic is triggered by a hrtimer interrupt all online cpus will be notified and set offline. But as highlighted by commit 19dbdcb8039c "smp: Warn on function calls from...
CVE-2022-50574 drm/omap: dss: Fix refcount leak bugs
In the Linux kernel, the following vulnerability has been resolved: drm/omap: dss: Fix refcount leak bugs In dssinitports and dssuninitports, we should call ofnodeput for the reference returned by ofgraphgetportbyid in fail path or when it is not used anymore...
Malicious Package
Overview js-repack is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious Package
Overview react-medias is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview tailwindcss-awesomefont is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...
GHSA-C8G6-QRWH-M3VP NeuVector Enforcer is vulnerable to Command Injection and Buffer overflow
Impact A vulnerability was identified in NeuVector, where the enforcer used environment variables CLUSTERRPCPORT and CLUSTERLANPORT to generate a command to be executed via popen, without first sanitising their values. The entry process of the enforcer container is the monitor process. When the...
NeuVector Enforcer is vulnerable to Command Injection and Buffer overflow
Impact A vulnerability was identified in NeuVector, where the enforcer used environment variables CLUSTERRPCPORT and CLUSTERLANPORT to generate a command to be executed via popen, without first sanitising their values. The entry process of the enforcer container is the monitor process. When the...
Malicious Package
Overview @jdei/codmi-figma-test is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...
Malicious Package
Overview hash-script is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...
Malicious Package
Overview optional-native-module-abc is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious Package
Overview webpack-css-load-branch is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...
Malicious Package
Overview ggtech2 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987515)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987515 advisory. In the Linux kernel, the following vulnerability has been resolved: net: dsa: bcmsf2: don't use devres for mdiobus As explained in commits: 74b6d7d13307 net: dsa:...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987516)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987516 advisory. In the Linux kernel, the following vulnerability has been resolved: tpm: use trygetops in tpm-space.c As part of the series conversion to remove nested TPM operation...