6009 matches found
Updated elfutils packages fix security vulnerabilities
elfutils v0.189 was discovered to contain a NULL pointer dereference via the handleverdef function at readelf.c. CVE-2024-25260 GNU elfutils eu-readelf readelf.c printstringsection buffer overflow. CVE-2025-1372 GNU elfutils eu-strip strip.c gelfgetsymshndx denial of service. CVE-2025-1377...
Updated mercurial packages fix security vulnerability
Mercurial SCM Web Interface cross site scripting. CVE-2025-2361...
Updated chromium-browser-stable packages fix security vulnerability
Use after free in Lens. CVE-2025-2476...
Updated radare2 packages fix security vulnerabilities
Buffer overflow in the HFS parser from grub2. CVE-2024-56737 Out-of-bounds Write in radare2. CVE-2025-1744 Buffer Overflow and Potential Code Execution in Radare2. CVE-2025-1864...
Updated dcmtk packages fix security vulnerability
DCMTK dcmjpls JPEG-LS Decoder memory corruption. CVE-2025-2357...
Updated ffmpeg packages fix security vulnerability
FFmpeg NULL Pointer Dereference. CVE-2024-12361...
Updated bluez packages fix security vulnerabilities
BlueZ Audio Profile AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability. CVE-2023-44431 BlueZ Audio Profile AVRCP avrcpparseattributelist Out-Of-Bounds Read Information Disclosure Vulnerability. CVE-2023-51580 BlueZ Audio Profile AVRCP parsemediaelement Out-Of-Bounds Read...
Updated wpa_supplicant & hostapd packages fix security vulnerability
hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS authentications to fail. CVE-2025-24912...
Updated kernel-linus packages fix security vulnerabilities
Vanilla upstream kernel version 6.6.83 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links...
Updated kernel, kmod-virtualbox & kmod-xtables-addons packages fix security vulnerabilities
Upstream kernel version 6.6.83 fixes bugs and vulnerabilities. The kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the vulnerabilities see the links...
Updated libxslt packages fix security vulnerabilities
xsltGetInheritedNsList in libxslt has a use-after-free issue related to exclusion of result prefixes CVE-2024-55549. numbers.c in libxslt has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValu...
Updated expat packages fix security vulnerability
Improper restriction of xml entity expansion depth in libexpat. CVE-2024-8176 NOTE: upstream deemed this fix incomplete after it was initially pushed. The complete fix was submitted along with the fix for CVE-2025-59375...
Updated freerdp packages fix security vulnerabilities
FreeRDP rdpwritelogoninfov1 NULL access. CVE-2024-32661...
Updated tomcat packages fix security vulnerabilities
Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The mitigation for CVE-2024-50379 was incomplete. Users running Tomcat on a case insensiti...
Updated chromium-browser-stable packages fix security vulnerabilities
High CVE-2025-1920: Type Confusion in V8. High CVE-2025-2135: Type Confusion in V8. Medium CVE-2025-2136: Use after free in Inspector. Medium CVE-2025-2137: Out of bounds read in V8...
Updated vim packages fix security vulnerability
Vim vulnerable to potential data loss with zip.vim and special crafted zip files. CVE-2025-29768...
Updated mosquitto packages fix security vulnerability
The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function...
Updated libreoffice packages fix security vulnerability
Macro URL arbitrary script execution. CVE-2025-1080...
Updated quictls packages fix security vulnerability
Timing side-channel in ECDSA signature computation. CVE-2024-13176...
Updated php packages fix security vulnerabilities
Bugs and security with streams have been fixed...
Updated libarchive packages fix security vulnerability
listitemverbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custo...
Updated freetype2 packages fix security vulnerability
An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to parse font subglyph structures related to TrueType GX and variable font files which may result in arbitrary code execution...
Updated man2html packages fix security vulnerability
In man2html 1.6g, a specific string being read in from a file will overwrite the size parameter in the top chunk of the heap. This at least causes the program to segmentation abort if the heap size parameter isn't aligned correctly. In versions before GLIBC version 2.29 and if aligned correctly, ...
Updated ghostscript packages fix security vulnerabilities
This release addresses CVEs: CVE-2025-27835, CVE-2025-27832, CVE-2025-27831, CVE-2025-27836, CVE-2025-27830, CVE-2025-27833, CVE-2025-27837, CVE-2025-27834 The 10.05.0 release deprecates the non-standard operator "selectdevice", all code should now be using the standard "setpagedevice" operator...
Updated opensc packages fix security vulnerabilities
Heap buffer overflow in openpgp driver when generating key. CVE-2024-8443 Usage of uninitialized values in libopensc and pkcs15init. CVE-2024-45615 Uninitialized values after incorrect check or usage of apdu response values in libopensc. CVE-2024-45616 Uninitialized values after incorrect or...
Updated python-django packages fix security vulnerability
An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings. CVE-2025-26699...
Updated firefox & nss packages fix security vulnerabilities
CVE-2024-43097: Overflow when growing an SkRegion's RunArray CVE-2025-1931: Use-after-free in WebTransportChild CVE-2025-1932: Inconsistent comparator in XSLT sorting led to out-of-bounds access CVE-2025-1933: JIT corruption of WASM i32 return values on 64-bit CPUs CVE-2025-1934: Unexpected GC...
Updated thunderbird, thunderbird-l10n packages fix security vulnerabilities
CVE-2024-43097: Overflow when growing an SkRegion's RunArray CVE-2025-1931: Use-after-free in WebTransportChild CVE-2025-1932: Inconsistent comparator in XSLT sorting led to out-of-bounds access CVE-2025-1933: JIT corruption of WASM i32 return values on 64-bit CPUs CVE-2025-1934: Unexpected GC...
Updated python-jinja2 packages fix security vulnerability
Jinja sandbox breakout through attr filter selecting format method. CVE-2025-27516...
Updated chromium-browser-stable packages fix security vulnerabilities
High CVE-2025-1914: Out of bounds read in V8. Medium CVE-2025-1915: Improper Limitation of a Pathname to a Restricted Directory in DevTools. Medium CVE-2025-1916: Use after free in Profiles. Medium CVE-2025-1917: Inappropriate Implementation in Browser UI. Medium CVE-2025-1918: Out of bounds read...
Updated gpac packages fix security vulnerabilities
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2. CVE-2023-5520 Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV. CVE-2024-0321 Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV. CVE-2024-0322...
Updated ffmpeg packages fix security vulnerability
FFmpeg n7.0 is affected by a Double Free via the rkmppretrieveframe function within libavcodec/rkmppdec.c. CVE-2024-35368...
Updated erlang packages fix security vulnerability
SSH SFTP packet size not verified properly in Erlang OTP. CVE-2025-26618...
Updated vim packages fix security vulnerability
Potential code execution with tar.vim and special crafted tar files...
Updated x11-server, x11-server-xwayland & tigervnc packages fix security vulnerabilities
Use-after-free of the root cursor. CVE-2025-26594 Buffer overflow in XkbVModMaskText. CVE-2025-26595 Heap overflow in XkbWriteKeySyms. CVE-2025-26596 Buffer overflow in XkbChangeTypesOfKey. CVE-2025-26597 Out-of-bounds write in CreatePointerBarrierClient. CVE-2025-26598 Use of uninitialized point...
Updated ffmpeg packages fix security vulnerabilities
A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service DoS via opening a crafted AAC file. CVE-2025-22919 A heap buffer overflow vulnerability in FFmpeg before commit 4bf784c allows attackers to trigger a memory corruption via supplyin...
Updated binutils packages fix security vulnerabilities
nm =2.43 is affected by: Incorrect Access Control. The type of exploitation is: local. The component is: nm --without-symbol-version function. CVE-2024-57360 GNU Binutils objdump.c disassemblebytes stack-based overflow. CVE-2025-0840...
Updated radare2 packages fix security vulnerabilities
A vulnerability, which was classified as problematic, was found in radare2. Affected is an unknown function in the library /libr/main/rasm2.c of the component rasm2. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public a...
Updated proftpd packages fix security vulnerability
A buffer overflow vulnerability in Proftpd commit 4017eff8 allows a remote attacker to execute arbitrary code and can cause a denial of service DoS on the FTP service by sending a maliciously crafted message to the ProFTPD service port. CVE-2024-57392...
Updated openssh packages fix security vulnerability
Machine-in-the-middle attack vulnerability if verifyhostkeydns is enabled. CVE-2025-26465...
Updated libcap packages fix security vulnerability
pamcap: Fix potential configuration parsing error. CVE-2025-1390...
Updated iniparser packages fix security vulnerability
A heap-based buffer overflow vulnerability in iniparserdumpsectionini in iniparser allows an attacker to read out-of-bounds memory. CVE-2025-0633...
Updated kernel, kmod-virtualbox & kmod-xtables-addons packages fix security vulnerabilities
Upstream kernel version 6.6.79 fixes bugs and vulnerabilities. The kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the vulnerabilities see the links...
Updated kernel-linus packages fix security vulnerabilities
Vanilla upstream kernel version 6.6.79 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links...
Updated dcmtk packages fix security vulnerabilities
A buffer overflow in DCMTK allows attackers to cause a Denial of Service DoS via a crafted DCM file CVE-2025-25472. DCMTK was discovered to contain a buffer overflow via the component /dcmimgle/diinpxt.h CVE-2025-25474. A NULL pointer dereference in the component /libsrc/dcrleccd.cc of DCMTK allo...
Updated vim packages fix security vulnerability
A heap use-after-free was found in strtoreg in Vim 9.1.1115. CVE-2025-26603...
Updated krb5 packages fix security vulnerability
Overflow when calculating ulog block size. CVE-2025-24528...
Updated emacs packages fix a security vulnerability
A command injection flaw was found which could allow a remote, unauthenticated attacker to execute arbitrary shell commands by tricking users into visiting a specially crafted website or an HTTP URL with a redirect...
Updated gnutls packages fix security vulnerability
Gnutls impacted by inefficient DER decoding in libtasn1 leading to remote DoS. CVE-2024-12243...
Updated libxml2 packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Use-after-free in xmlSchemaIDCFillNodeTables. CVE-2024-56171 Stack-buffer-overflow in xmlSnprintfElements. CVE-2025-24928 Null-deref in xmlPatMatch. CVE-2025-27113...