GHSA-763J-3P5V-JFC6 androidqf: APK download Path Traversal in device APK paths

Summary During device acquisition, getPathToLocalCopy constructs local filesystem paths for downloaded APKs using a filename component extracted by extractFileName. The extraction splits on ==/ and takes the remainder without sanitization. If a compromised device returns a crafted APK path...

libtiff security update

An update is available for libtiff. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libtiff packages contain a library of functions for manipulating Tagged...

RLSA-2025:20956 Important: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: LibTIFF Use-After-Free Vulnerability CVE-2025-8176 libtiff: Libtiff Write-What-Where CVE-2025-9900 For more details about the security issues, including the impact, a...

grub2 security update

An update is available for grub2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a...

RLSA-2026:3042 Moderate: openssl security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS12 processing CVE-2025-69419...

CVE-2026-43501

A flaw was found in the Linux kernel. A local attacker can exploit an out-of-bounds write vulnerability when the kernel recomputes an IPv6 Source Routing Header SRH. This issue occurs because insufficient headroom is reserved during the recompression process, leading to memory corruption...

CLSA-2026-1779370563 grub2: Fix of CVE-2025-0677

CVE-2025-0677: UFS: Integer overflow may lead to heap based out-of-bounds write when handling symlinks...

Exploit for Improper Handling of Length Parameter Inconsistency in Linux Linux_Kernel

CVE-2026-31635 · DirtyDecrypt !License: MIThttps://img.sh...

CVE-2026-43501

In the Linux kernel, the following vulnerability has been resolved: ipv6: rpl: reserve maclen headroom when recompressed SRH grows ipv6rplsrhrcv decompresses an RFC 6554 Source Routing Header, swaps the next segment into ipv6hdr-daddr, recompresses, then pulls the old header and pushes the new on...

RUSTSEC-2026-0149 WASI path_open(TRUNCATE) bypasses `FilePerms::WRITE` host restriction

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-2r75-cxrj-cmph For more information see the GitHub-hosted security advisory...

WASI path_open(TRUNCATE) bypasses `FilePerms::WRITE` host restriction

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-2r75-cxrj-cmph For more information see the GitHub-hosted security advisory...

CVE-2026-45232

A flaw was found in rsync. A network attacker can exploit an off-by-one out-of-bounds stack write vulnerability in the establishproxyconnection function by sending a malformed HTTP proxy response. This occurs when the RSYNCPROXY environment variable is set and the attacker sends a response line o...

CVE-2026-44065

An off-by-two error in lpwrite in papd in Netatalk 2.0.0 through 4.4.2 allows an adjacent network attacker to modify limited data or cause a minor service disruption via crafted print data...

Rsync < 3.4.3 TOCTOU Race Condition Allows Symlink-Based Arbitrary File Write

...

Rsync < 3.4.3 Off-by-One Stack Write via HTTP Proxy

...

CVE-2026-44065

CVE-2026-44065 affects Netatalk 2.0.0 through 4.4.2, with an off-by-two error in papd lp_write(). The issue allows an adjacent attacker to influence data or cause a minor service disruption via crafted print data; the vulnerability is fixed in Netatalk 4.5.0. Affected versions and the fix are cor...

CVE-2026-44065 Off-by-two in papd lp_write()

An off-by-two error in lpwrite in papd in Netatalk 2.0.0 through 4.4.2 allows an adjacent network attacker to modify limited data or cause a minor service disruption via crafted print data...

CVE-2026-44065 Off-by-two in papd lp_write()

An off-by-two error in lpwrite in papd in Netatalk 2.0.0 through 4.4.2 allows an adjacent network attacker to modify limited data or cause a minor service disruption via crafted print data...

CVE-2026-44060

An integer underflow in dsiwriteinit in Netatalk 1.5.0 through 4.4.2 allows a remote unauthenticated attacker to cause a denial of service via a crafted DSI write request...

CVE-2026-44049 Out-of-bounds write in convert_charset() null termination

An out-of-bounds write due to improper null termination in convertcharset in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service via crafted character data...