8850 matches found
Medium: python3.9
Issue Overview: http.cookies.Morsel.jsoutput returns an inline snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie valu...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix a race condition between loginwork and the login thread CVE-2022-50350 In the Linux kernel, the following vulnerability has been resolved: fuse: reject oversized dirents in page cache...
Important: perl-Archive-Tar
Issue Overview: Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. makespecialfile passes the tar header's linkname to symlink without validating it against absolute paths or .. segments. The secure-extract mode check tha...
Medium: jq
Issue Overview: jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvpstringappend and jvpstringcopyreplacebad functions, where concatenating strings with a combined length exceeding 2^31 bytes causes a 32-bit unsigned integer overflow i...
Important: gnutls
Issue Overview: A remotely triggerable underflow in the DTLS reassembly code led to a heap overrun. The issue was reported in the issue tracker as 1811 by Joshua Rogers of AISLE Research Team. CVE-2026-33845 Affected Packages: gnutls Issue Correction: Run dnf update gnutls --releasever...
Important: rsync
Issue Overview: Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outsi...
Medium: perl
Issue Overview: Buffer overflow in Perlstudychunk CVE-2026-8376 Affected Packages: perl Issue Correction: Run dnf update perl --releasever 2023.12.20260608 or dnf update --advisory ALAS2023-2026-1819 --releasever 2023.12.20260608 to update your system. More information on how to update your syste...
Medium: perl-libwww-perl
Issue Overview: LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects. On a 3xx response, the redirect handler strips only Host and Cookie before issuing the follow-up request. Caller-supplied Authorization and Proxy-Authorizatio...
Medium: perl-Template-Toolkit
Issue Overview: emplate::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected. The htmlfilter function did not escape single quotes. HTML attributes inside of single quotes could be have code injected. For example, the variable "var" in would not be properly...
Important: libnvsdm
Issue Overview: NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of this vulnerability might lead to data tampering and denial of service...
Important: nvlink5-580
Issue Overview: NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of this vulnerability might lead to data tampering and denial of service...
Important: libsolv
Issue Overview: A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA 's' MPI into a stack buffer. A remote attacker could craft a malicious Ed25519 PGP signature with mismatched MPI...
Medium: python3.13
Issue Overview: http.cookies.Morsel.jsoutput returns an inline snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie valu...
Important: ruby3.4
Issue Overview: zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstreambufferungets function prepends caller-provided bytes ahead of previously...
Important: 389-ds-base
Issue Overview: A flaw was found in 389-ds-base. The getldapmessagecontrolsext function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of...
Medium: libssh2
Issue Overview: A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauthpassword of the file src/userauth.c. Such manipulation of the argument usernamelen/passwordlen leads to integer overflow. The attack may be launched remotely. The name ...
Important: postgresql16
Issue Overview: Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions...
Important: postgresql18
Issue Overview: Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions...
Important: postgresql15
Issue Overview: Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions...
Important: postgresql17
Issue Overview: Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions...
Important: kernel-livepatch-6.1.168-202.320
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/rds: reset opnents when zerocopy page pin fails CVE-2026-43494 Affected Packages: kernel-livepatch-6.1.168-202.320 Issue Correction: Please ensure you have live patching enabled. Run dnf update...
Important: kernel-livepatch-5.10.253-251.1014
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through pskbcopy CVE-2026-46300 Affected Packages: kernel-livepatch-5.10.253-251.1014 Issue Correction: Please ensure you have live patching enabled. Run yum update...
Important: kernel-livepatch-6.18.25-52.107
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/rds: reset opnents when zerocopy page pin fails CVE-2026-43494 Affected Packages: kernel-livepatch-6.18.25-52.107 Issue Correction: Please ensure you have live patching enabled. Run dnf update...
Important: kernel-livepatch-6.12.79-101.147
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/rds: reset opnents when zerocopy page pin fails CVE-2026-43494 Affected Packages: kernel-livepatch-6.12.79-101.147 Issue Correction: Please ensure you have live patching enabled. Run dnf update...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through frag-transfer helpers CVE-2026-43503 In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through pskbcopy...
Medium: oci-add-hooks
Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...
Important: kernel-livepatch-6.18.16-18.222
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags "Dirty Frag" and other issues in Amazon Linux kernels: https://aws.amazon.com/security/security-bulletins/2026-027-aws/ CVE-2026-43284 Affected Packages:...
Important: composer
Issue Overview: Command injection via malicious Perforce repository definition CVE-2026-40176 Command injection via malicious Perforce source reference/url CVE-2026-40261 Affected Packages: composer Issue Correction: Run dnf update composer --releasever 2023.11.20260427 or dnf update --advisory...
Important: dotnet9.0
Issue Overview: Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network. CVE-2026-26171 Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network. CVE-2026-32178 Stack-based buffer overfl...
Important: gimp
Issue Overview: GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious...
Medium: ecs-service-connect-agent
Issue Overview: Envoy is a cloud-native high-performance edge/middle/service proxy. A security vulnerability in Envoy allows external clients to manipulate Envoy headers, potentially leading to unauthorized access or other malicious actions within the mesh. This issue arises due to Envoy's defaul...
Important: jetty
Issue Overview: In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variable. Upon returning from the initial checks, there are conditions that cause an early return from the JASPIAuthenticator code without clearing those ThreadLocals. A...
Important: flatpak
Issue Overview: A complete sandbox escape vulnerability exists in Flatpak before 1.16.4. The Flatpak portal accepts paths in the sandbox-expose options which can be app-controlled symlinks pointing at arbitrary paths. Flatpak run mounts the resolved host path in the sandbox, giving apps access to...
Low: python-pip
Issue Overview: When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical...
Important: flatpak
Issue Overview: A complete sandbox escape vulnerability exists in Flatpak before 1.16.4. The Flatpak portal accepts paths in the sandbox-expose options which can be app-controlled symlinks pointing at arbitrary paths. Flatpak run mounts the resolved host path in the sandbox, giving apps access to...
Medium: clamav1.4
Issue Overview: A vulnerability in the HTML Cascading Style Sheets CSS module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker...
Medium: clamav1.4
Issue Overview: A vulnerability in the HTML Cascading Style Sheets CSS module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker...
Important: nerdctl
Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...
Important: OpenEXR
Issue Overview: OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, a crafted B44 or B44A EXR file can cause an out-of-bounds write in any application that...
Important: docker
Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...
Important: docker
Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...
Medium: oci-add-hooks
Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...
Medium: oci-add-hooks
Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...
Important: amazon-cloudwatch-agent
Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...
Medium: amazon-ecr-credential-helper
Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...
Important: docker
Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...
Medium: runc
Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...
Important: gdk-pixbuf2
Issue Overview: In GNOME GdkPixbuf aka gdk-pixbuf through 2.42.10, the ANI Windows animated cursor decoder encounters heap memory corruption in aniloadchunk in io-ani.c when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a deni...
Medium: rust-below
Issue Overview: tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518, the astral-tokio-tar project was changed to correctly honor PAX size...
Important: python3.13
Issue Overview: The webbrowser.open API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open. CVE-2026-4519 Affected Packages:...