6009 matches found
Updated vim packages fix security vulnerabilities
Vim modeline bypass via various options affects Vim 9.2.0276. CVE-2026-34982 Path traversal issue with zip.vim in Vim v9.2.0280. CVE-2026-35177...
Updated xz packages fix security vulnerability
Buffer overflow in lzmaindexappend. CVE-2026-34743...
Updated freerdp packages fix security vulnerabilities
FreeRDP has a heap-buffer-overflow in audinprocessformats. CVE-2026-22852 FreeRDP has a heap-buffer-overflow in driveprocessirpread. CVE-2026-22854 FreeRDP has a heap-buffer-overflow in smartcardunpacksetattribcall. CVE-2026-22855 FreeRDP has a heap-use-after-free in createirpthread. CVE-2026-228...
Updated python-nltk packages fix security vulnerability
nltk Vulnerable to Cross-site Scripting. CVE-2026-33230...
Updated polkit-122 packages fix security vulnerability
Denial of service via unbounded input processing through standard input. CVE-2026-4897...
Updated python-pyasn1 packages fix security vulnerability
pyasn1 Vulnerable to Denial of Service via Unbounded Recursion. CVE-2026-30922...
Updated nss & firefox packages fix security vulnerabilities
Denial-of-service in the XML component. CVE-2025-59375 Race condition, use-after-free in the Graphics: WebRender component. CVE-2026-4684 Incorrect boundary conditions in the Graphics: Canvas2D component. CVE-2026-4685 Incorrect boundary conditions in the Graphics: Canvas2D component. CVE-2026-46...
Updated thunderbird packages fix security vulnerabilities
Denial-of-service in the XML component. CVE-2025-59375 Spoofing issue in Thunderbird. CVE-2026-3889 Race condition, use-after-free in the Graphics: WebRender component. CVE-2026-4684 Incorrect boundary conditions in the Graphics: Canvas2D component. CVE-2026-4685 Incorrect boundary conditions in...
Updated ruby-rack packages fix security vulnerabilities
Rack has a Directory Traversal via Rack:Directory. CVE-2026-22860 Rack's Stored XSS in Rack::Directory via javascript: filenames rendered into anchor href. CVE-2026-25500...
Updated python-ply packages fix security vulnerability
Unsafe pickle file handling in Ply. CVE-2025-56005...
Updated python-openssl packages fix security vulnerabilities
pyOpenSSL allows TLS connection bypass via unhandled callback exception in settlsextservernamecallback. CVE-2026-27448 pyOpenSSL DTLS cookie callback buffer overflow. CVE-2026-27459...
Updated zlib packages fix security vulnerability
zlib before 1.3.2 allows CPU consumption via crc32combine64 and crc32combinegen64 because x2nmodp can do right shifts within a loop that has no termination condition. CVE-2026-27171...
Updated vim packages fix security vulnerability
Vim tabpanel modeline escape affects Vim 9.2.0272...
Updated freeipmi packages fix security vulnerability
ipmi-oem in FreeIPMI before 1.16.17 has exploitable buffer overflows on response messages. CVE-2026-33554...
Updated strongswan packages fix security vulnerability
strongSwan 4.5.0 6.0.5 EAP-TTLS AVP Parsing Integer Underflow. CVE-2026-25075...
Updated python-ujson packages fix security vulnerabilities
CVE-2026-32874 ujson 5.4.0 to 5.11.0 inclusive contains an accumulating memory leak in JSON parsing large outside of the range -2^63, 2^64 - 1 integers. ujson 5.4.0 to 5.11.0 has an integer overflow while handling a large indent which leads to a buffer overflow or infinite loop...
Updated libpng packages fix security vulnerabilities
Use-after-free via pointer aliasing in pngsettRNS and pngsetPLTE. CVE-2026-33416 Out-of-bounds read/write in the palette expansion on ARM Neon. CVE-2026-33636...
Updated nodejs packages fix security vulnerabilities
Incomplete fix for CVE-2026-21637: loadSNI in tlswrap.js lacks try/catch leading to Remote DoS. CVE-2026-21637 Denial of Service via proto header name in req.headersDistinct Uncaught TypeError crashes Node.js process. CVE-2026-21710 Timing side-channel in HMAC verification via memcmp in...
Updated cmake packages fix security vulnerability
cmake cmForEachCommand.cxx ReplayItems assertion. CVE-2025-9301...
Updated xen packages fix security vulnerability
Use after free of paging structures in EPT. CVE-2026-23554...
Updated graphicsmagick packages fix security vulnerabilities
GraphicsMagick has a stack write buffer overflow in MNG encoder. CVE-2026-28690 GraphicsMagick has a Heap Overflow when writing extremely large image profile in the PNG encoder. CVE-2026-30883...
Updated perl-XML-Parser packages fix security vulnerabilities
XML::Parser versions through 2.47 for Perl could overflow the pre-allocated buffer size causing a heap corruption double free or corruption and crashes. CVE-2006-10002 XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in stserialstack. CVE-2006-10003...
Updated roundcubemail packages fix security vulnerabilities
Fix pre-auth arbitrary file write via unsafe deserialization in redis/memcache session handler, reported by y0us. Fix bug where a password could get changed without providing the old password, reported by flydragon777. Fix IMAP Injection + CSRF bypass in mail search, reported by Martila Security...
Updated webkit2 packages fix security vulnerabilities
CVE-2025-43457 Processing maliciously crafted web content may lead to an unexpected Safari crash. A use-after-free issue was addressed with improved memory management. CVE-2026-20608 Processing maliciously crafted web content may lead to an unexpected process crash. This issue was addressed throu...
Updated vim packages fix security vulnerabilities
Command injection via newline in glob affects Vim 9.2.0202. CVE-2026-33412...
Updated trilead-ssh2 packages fix security vulnerabilities
CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity aka Terrapin Attack...
Updated expat packages fix security vulnerabilities
libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content. CVE-2026-32776 libexpat before 2.7.5 allows an infinite loop while parsing DTD content. CVE-2026-32777 libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry...
Updated perl-YAML-Syck packages fix security vulnerabilities
YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. CVE-2026-4177...
Updated graphicsmagick & imagemagick packages fix security vulnerabilities
Division-by-Zero in YUV sampling factor validation leads to crash. CVE-2026-25799...
Updated openssh packages fix security vulnerabilities
ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. CVE-2025-61984...
Updated vim packages fix security vulnerability
NFA regex engine NULL pointer dereference affects Vim 9.2.0137. CVE-2026-32249...
Updated tomcat packages fix security vulnerabilities
Client certificate verification bypass due to virtual host mapping. CVE-2025-66614 Security constraint bypass with HTTP/0.9. CVE-2026-24733 OCSP revocation bypass. CVE-2026-24734...
Updated python-nltk packages fix security vulnerability
Path Traversal in nltk/nltk. CVE-2026-0847...
Updated yt-dlp packages fix security vulnerability
When yt-dlp's --netrc-cmd command-line option or netrccmd Python API parameter is used, an attacker could achieve arbitrary command injection on the user's system with a maliciously crafted URL...
Updated thunderbird packages fix security vulnerabilities
Incorrect boundary conditions in the WebRTC: Audio/Video component. CVE-2026-2757 Use-after-free in the JavaScript: GC component. CVE-2026-2758 Incorrect boundary conditions in the Graphics: ImageLib component. CVE-2026-2759 Sandbox escape due to incorrect boundary conditions in the Graphics:...
Updated coturn packages fix security vulnerability
IPv4-mapped IPv6 ::ffff:0:0/96 bypasses denied-peer-ip ACL. CVE-2026-27624...
Updated rootcerts, nss & firefox packages fix security vulnerabilities
Incorrect boundary conditions in the WebRTC: Audio/Video component. CVE-2026-2757 Use-after-free in the JavaScript: GC component. CVE-2026-2758 Incorrect boundary conditions in the Graphics: ImageLib component. CVE-2026-2759 Sandbox escape due to incorrect boundary conditions in the Graphics:...
Updated python-django packages fix security vulnerability
Potential incorrect permissions on newly created file system objects. CVE-2026-25674...
Updated rsync packages fix security vulnerability
Out of bounds array access via negative index. CVE-2025-10158...
Updated vim packages fix security vulnerabilities
OS Command Injection in netrw affects Vim 9.2.0073. CVE-2026-28417 Heap-based Buffer Overflow in Emacs tags parsing affects Vim 9.2.0074. CVE-2026-28418 Heap-based Buffer Underflow in Emacs tags parsing affects Vim 9.2.0075. CVE-2026-28419 Heap-based Buffer Overflow and OOB Read in :terminal...
Updated gegl packages fix security vulnerabilities
ZDI-CAN-28618: New Vulnerability Report at rgbe.c. CVE-2026-2049 ZDI-CAN-28266: New Vulnerability Report at rgbe.c. CVE-2026-2050...
Updated freerdp packages fix security vulnerabilities
FreeRDP has heap-buffer-overflow in planardecompressplanerle. CVE-2026-23530 FreeRDP has heap-buffer-overflow in cleardecompress. CVE-2026-23531 FreeRDP has heap-buffer-overflow in gdiSurfaceToSurface. CVE-2026-23532 FreeRDP has heap-buffer-overflow in cleardecompressresidualdata. CVE-2026-23533...
Updated gnutls packages fix security vulnerability
Denial of service via excessive resource consumption during certificate verification. CVE-2025-14831...
Updated libvpx packages fix security vulnerability
Heap buffer overflow in libvpx. CVE-2026-2447...
Updated vim packages fix security vulnerability
Vim has a Netbeans specialKeys Stack Buffer Overflow. CVE-2026-26269...
Updated microcode packages fix security vulnerabilities
The updated package updates AMD CPUs microcodes and fixes security vulnerabilities in Intel CPUs microcodes: Incorrect behavior order in transition between executive monitor and SMI transfer monitor STM in some IntelR Processor may allow a privileged user to potentially enable escalation of...
Updated postgresql15 packages fix security vulnerabilities
PostgreSQL oidvector discloses a few bytes of memory. CVE-2026-2003 PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code. CVE-2026-2004 PostgreSQL pgcrypto heap buffer overflow executes arbitrary code. CVE-2026-2005 PostgreSQL missing validation...
Updated usbmuxd packages fix security vulnerability
Local privilege escalation in usbmuxd from arbitrary local user to usbmux. CVE-2025-66004...
Updated dcmtk packages fix security vulnerabilities
OFFIS DCMTK dcmdata dcbytstr.cc makeDicomByteString memory corruption. CVE-2025-14607 OFFIS DCMTK dcmqrscp dcmqrdbi.cc startMoveRequest null pointer dereference. CVE-2025-14841...
Updated libpng packages fix security vulnerability
Heap buffer overflow in pngsetquantize when called with no histogram and a palette larger than twice the requested maximum number of colors. CVE-2026-25646...