5993 matches found
Updated libpng packages fix security vulnerabilities
Use-after-free via pointer aliasing in pngsettRNS and pngsetPLTE. CVE-2026-33416 Out-of-bounds read/write in the palette expansion on ARM Neon. CVE-2026-33636...
Updated nodejs packages fix security vulnerabilities
Incomplete fix for CVE-2026-21637: loadSNI in tlswrap.js lacks try/catch leading to Remote DoS. CVE-2026-21637 Denial of Service via proto header name in req.headersDistinct Uncaught TypeError crashes Node.js process. CVE-2026-21710 Timing side-channel in HMAC verification via memcmp in...
Updated cmake packages fix security vulnerability
cmake cmForEachCommand.cxx ReplayItems assertion. CVE-2025-9301...
Updated graphicsmagick packages fix security vulnerabilities
GraphicsMagick has a stack write buffer overflow in MNG encoder. CVE-2026-28690 GraphicsMagick has a Heap Overflow when writing extremely large image profile in the PNG encoder. CVE-2026-30883...
Updated xen packages fix security vulnerability
Use after free of paging structures in EPT. CVE-2026-23554...
Updated vim packages fix security vulnerabilities
Command injection via newline in glob affects Vim 9.2.0202. CVE-2026-33412...
Updated perl-XML-Parser packages fix security vulnerabilities
XML::Parser versions through 2.47 for Perl could overflow the pre-allocated buffer size causing a heap corruption double free or corruption and crashes. CVE-2006-10002 XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in stserialstack. CVE-2006-10003...
Updated trilead-ssh2 packages fix security vulnerabilities
CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity aka Terrapin Attack...
Updated roundcubemail packages fix security vulnerabilities
Fix pre-auth arbitrary file write via unsafe deserialization in redis/memcache session handler, reported by y0us. Fix bug where a password could get changed without providing the old password, reported by flydragon777. Fix IMAP Injection + CSRF bypass in mail search, reported by Martila Security...
Updated webkit2 packages fix security vulnerabilities
CVE-2025-43457 Processing maliciously crafted web content may lead to an unexpected Safari crash. A use-after-free issue was addressed with improved memory management. CVE-2026-20608 Processing maliciously crafted web content may lead to an unexpected process crash. This issue was addressed throu...
Updated expat packages fix security vulnerabilities
libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content. CVE-2026-32776 libexpat before 2.7.5 allows an infinite loop while parsing DTD content. CVE-2026-32777 libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry...
Updated openssh packages fix security vulnerabilities
ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. CVE-2025-61984...
Updated perl-YAML-Syck packages fix security vulnerabilities
YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. CVE-2026-4177...
Updated graphicsmagick & imagemagick packages fix security vulnerabilities
Division-by-Zero in YUV sampling factor validation leads to crash. CVE-2026-25799...
Updated vim packages fix security vulnerability
NFA regex engine NULL pointer dereference affects Vim 9.2.0137. CVE-2026-32249...
Updated python-nltk packages fix security vulnerability
Path Traversal in nltk/nltk. CVE-2026-0847...
Updated tomcat packages fix security vulnerabilities
Client certificate verification bypass due to virtual host mapping. CVE-2025-66614 Security constraint bypass with HTTP/0.9. CVE-2026-24733 OCSP revocation bypass. CVE-2026-24734...
Updated yt-dlp packages fix security vulnerability
When yt-dlp's --netrc-cmd command-line option or netrccmd Python API parameter is used, an attacker could achieve arbitrary command injection on the user's system with a maliciously crafted URL...
Updated thunderbird packages fix security vulnerabilities
Incorrect boundary conditions in the WebRTC: Audio/Video component. CVE-2026-2757 Use-after-free in the JavaScript: GC component. CVE-2026-2758 Incorrect boundary conditions in the Graphics: ImageLib component. CVE-2026-2759 Sandbox escape due to incorrect boundary conditions in the Graphics:...
Updated coturn packages fix security vulnerability
IPv4-mapped IPv6 ::ffff:0:0/96 bypasses denied-peer-ip ACL. CVE-2026-27624...
Updated rootcerts, nss & firefox packages fix security vulnerabilities
Incorrect boundary conditions in the WebRTC: Audio/Video component. CVE-2026-2757 Use-after-free in the JavaScript: GC component. CVE-2026-2758 Incorrect boundary conditions in the Graphics: ImageLib component. CVE-2026-2759 Sandbox escape due to incorrect boundary conditions in the Graphics:...
Updated vim packages fix security vulnerabilities
OS Command Injection in netrw affects Vim 9.2.0073. CVE-2026-28417 Heap-based Buffer Overflow in Emacs tags parsing affects Vim 9.2.0074. CVE-2026-28418 Heap-based Buffer Underflow in Emacs tags parsing affects Vim 9.2.0075. CVE-2026-28419 Heap-based Buffer Overflow and OOB Read in :terminal...
Updated rsync packages fix security vulnerability
Out of bounds array access via negative index. CVE-2025-10158...
Updated python-django packages fix security vulnerability
Potential incorrect permissions on newly created file system objects. CVE-2026-25674...
Updated gegl packages fix security vulnerabilities
ZDI-CAN-28618: New Vulnerability Report at rgbe.c. CVE-2026-2049 ZDI-CAN-28266: New Vulnerability Report at rgbe.c. CVE-2026-2050...
Updated freerdp packages fix security vulnerabilities
FreeRDP has heap-buffer-overflow in planardecompressplanerle. CVE-2026-23530 FreeRDP has heap-buffer-overflow in cleardecompress. CVE-2026-23531 FreeRDP has heap-buffer-overflow in gdiSurfaceToSurface. CVE-2026-23532 FreeRDP has heap-buffer-overflow in cleardecompressresidualdata. CVE-2026-23533...
Updated gnutls packages fix security vulnerability
Denial of service via excessive resource consumption during certificate verification. CVE-2025-14831...
Updated libvpx packages fix security vulnerability
Heap buffer overflow in libvpx. CVE-2026-2447...
Updated vim packages fix security vulnerability
Vim has a Netbeans specialKeys Stack Buffer Overflow. CVE-2026-26269...
Updated microcode packages fix security vulnerabilities
The updated package updates AMD CPUs microcodes and fixes security vulnerabilities in Intel CPUs microcodes: Incorrect behavior order in transition between executive monitor and SMI transfer monitor STM in some IntelR Processor may allow a privileged user to potentially enable escalation of...
Updated postgresql15 packages fix security vulnerabilities
PostgreSQL oidvector discloses a few bytes of memory. CVE-2026-2003 PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code. CVE-2026-2004 PostgreSQL pgcrypto heap buffer overflow executes arbitrary code. CVE-2026-2005 PostgreSQL missing validation...
Updated usbmuxd packages fix security vulnerability
Local privilege escalation in usbmuxd from arbitrary local user to usbmux. CVE-2025-66004...
Updated dcmtk packages fix security vulnerabilities
OFFIS DCMTK dcmdata dcbytstr.cc makeDicomByteString memory corruption. CVE-2025-14607 OFFIS DCMTK dcmqrscp dcmqrdbi.cc startMoveRequest null pointer dereference. CVE-2025-14841...
Updated libpng packages fix security vulnerability
Heap buffer overflow in pngsetquantize when called with no histogram and a palette larger than twice the requested maximum number of colors. CVE-2026-25646...
Updated thunderbird packages fix security vulnerability
CSS-based exfiltration of the content from partially encrypted emails when allowing remote content. CVE-2026-0818...
Updated xrdp packages fix security vulnerability
xrdp improperly checks bounds of domain string length, which leads to Stack-based Buffer Overflow. CVE-2025-68670...
Updated golang packages fix security vulnerabilities
net/http: memory exhaustion in Request.ParseForm. CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives. CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level. CVE-2025-61730 cmd/go: bypass of flag sanitization can lead to...
Updated fontforge packages fix security vulnerabilities
FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability. CVE-2025-15269 FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. CVE-2025-15270 FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability...
Updated nginx packages fix security vulnerability
MitM injection. CVE-2026-1642...
Updated python-django packages fix security vulnerabilities
Username enumeration through timing difference in modwsgi authentication handler. CVE-2025-13473 Potential denial-of-service vulnerability via repeated headers when using ASGI. CVE-2025-14550 Potential SQL injection via raster lookups on PostGIS. CVE-2026-1207 Potential denial-of-service...
Updated expat packages fix security vulnerabilities
In libexpat before 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data. CVE-2026-24515 In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation...
Updated docker-containerd packages fix security vulnerabilities
It was discovered that containerd incorrectly set certain directory path permissions. An attacker could possibly use this issue to achieve unauthorised access to the files. CVE-2024-25621 It was discovered that containerd did not properly handle the execution of the goroutine of container attach...
Updated xen packages fix security vulnerabilities
x86: buffer overrun with shadow paging + tracing. CVE-2025-58150 x86: incomplete IBPB for vCPU isolation. CVE-2026-23553...
Updated gpsd packages fix security vulnerabilities
gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/drivernmea2000.c file. The hnd129540 function, which handles NMEA2000 PGN 129540 GNSS Satellites in View packets, fails to validate the user-supplied satellite count against the size of the skyview...
Updated libxml2 packages fix security vulnerabilities
xmlcatalog xmlParseSGMLCatalog recursion. CVE-2025-8732 Unbounded relaxng include recursion leading to stack overflow. CVE-2026-0989 Denial of service via uncontrolled recursion in xml catalog processing. CVE-2026-0990 Denial of service via crafted xml catalogs. CVE-2026-0992...
Updated openssl packages fix security vulnerabilities
Stack buffer overflow in CMS AuthEnvelopedData parsing. CVE-2025-15467 Heap out-of-bounds write in BIOflinebuffer on short writes. CVE-2025-68160 Unauthenticated/unencrypted trailing bytes with low-level OCB function calls. CVE-2025-69418 Out of bounds write in PKCS12getfriendlyname UTF-8...
Updated java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, and java-latest-openjdk packages fix security vulnerabilities
LIBPNG is vulnerable to a buffer overflow in pngimagereadcomposite via incorrect palette premultiplication. CVE-2025-64720 LIBPNG is vulnerable to a heap buffer overflow in pngcombinerow triggered via pngimagefinishread. CVE-2025-65018 Improve JMX connections. CVE-2026-21925 Improve HttpServer...
Updated ceph packages fix security vulnerability
Updated ceph packages fix a security issue allowing an attacker to make Ceph accept any certificate...
Updated glib2.0 packages fix security vulnerabilities
Glib prior to 2.82.5 is vulnerable to integer overflow and buffer under-read when parsing a very long invalid iso 8601 timestamp with gdatetimenewfromiso8601. CVE-2025-3360 Buffer under-read on glib through glib/gfileutils.c via gettmpfile. CVE-2025-7039 Integer overflow in gescapeuristring...
Updated haproxy packages fix bugs
Haproxy has two major, a few medium and a few minor bugs fixed in the last upstream version 2.8.18 of branch 2.8. Fixed major bugs list: - quic: use ncbmbuf for CRYPTO handling - stream: Force channel analysis on successful synchronous send Fixed medium bugs list: - dns: bind the nameserver...