6009 matches found
Updated golang packages fix security vulnerabilities
net/http: memory exhaustion in Request.ParseForm. CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives. CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level. CVE-2025-61730 cmd/go: bypass of flag sanitization can lead to...
Updated thunderbird packages fix security vulnerability
CSS-based exfiltration of the content from partially encrypted emails when allowing remote content. CVE-2026-0818...
Updated xrdp packages fix security vulnerability
xrdp improperly checks bounds of domain string length, which leads to Stack-based Buffer Overflow. CVE-2025-68670...
Updated fontforge packages fix security vulnerabilities
FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability. CVE-2025-15269 FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. CVE-2025-15270 FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability...
Updated nginx packages fix security vulnerability
MitM injection. CVE-2026-1642...
Updated python-django packages fix security vulnerabilities
Username enumeration through timing difference in modwsgi authentication handler. CVE-2025-13473 Potential denial-of-service vulnerability via repeated headers when using ASGI. CVE-2025-14550 Potential SQL injection via raster lookups on PostGIS. CVE-2026-1207 Potential denial-of-service...
Updated expat packages fix security vulnerabilities
In libexpat before 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data. CVE-2026-24515 In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation...
Updated docker-containerd packages fix security vulnerabilities
It was discovered that containerd incorrectly set certain directory path permissions. An attacker could possibly use this issue to achieve unauthorised access to the files. CVE-2024-25621 It was discovered that containerd did not properly handle the execution of the goroutine of container attach...
Updated gpsd packages fix security vulnerabilities
gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/drivernmea2000.c file. The hnd129540 function, which handles NMEA2000 PGN 129540 GNSS Satellites in View packets, fails to validate the user-supplied satellite count against the size of the skyview...
Updated xen packages fix security vulnerabilities
x86: buffer overrun with shadow paging + tracing. CVE-2025-58150 x86: incomplete IBPB for vCPU isolation. CVE-2026-23553...
Updated libxml2 packages fix security vulnerabilities
xmlcatalog xmlParseSGMLCatalog recursion. CVE-2025-8732 Unbounded relaxng include recursion leading to stack overflow. CVE-2026-0989 Denial of service via uncontrolled recursion in xml catalog processing. CVE-2026-0990 Denial of service via crafted xml catalogs. CVE-2026-0992...
Updated openssl packages fix security vulnerabilities
Stack buffer overflow in CMS AuthEnvelopedData parsing. CVE-2025-15467 Heap out-of-bounds write in BIOflinebuffer on short writes. CVE-2025-68160 Unauthenticated/unencrypted trailing bytes with low-level OCB function calls. CVE-2025-69418 Out of bounds write in PKCS12getfriendlyname UTF-8...
Updated java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, and java-latest-openjdk packages fix security vulnerabilities
LIBPNG is vulnerable to a buffer overflow in pngimagereadcomposite via incorrect palette premultiplication. CVE-2025-64720 LIBPNG is vulnerable to a heap buffer overflow in pngcombinerow triggered via pngimagefinishread. CVE-2025-65018 Improve JMX connections. CVE-2026-21925 Improve HttpServer...
Updated ceph packages fix security vulnerability
Updated ceph packages fix a security issue allowing an attacker to make Ceph accept any certificate...
Updated glib2.0 packages fix security vulnerabilities
Glib prior to 2.82.5 is vulnerable to integer overflow and buffer under-read when parsing a very long invalid iso 8601 timestamp with gdatetimenewfromiso8601. CVE-2025-3360 Buffer under-read on glib through glib/gfileutils.c via gettmpfile. CVE-2025-7039 Integer overflow in gescapeuristring...
Updated haproxy packages fix bugs
Haproxy has two major, a few medium and a few minor bugs fixed in the last upstream version 2.8.18 of branch 2.8. Fixed major bugs list: - quic: use ncbmbuf for CRYPTO handling - stream: Force channel analysis on successful synchronous send Fixed medium bugs list: - dns: bind the nameserver...
Updated python-pyasn1 packages fix security vulnerability
pyasn1 has a DoS vulnerability in decoder. CVE-2026-23490...
Updated glibc packages fix security vulnerabilities
Integer overflow in memalign leads to heap corruption. CVE-2026-0861 getnetbyaddr and getnetbyaddrr leak stack contents to DNS resovler. CVE-2026-0915 wordexp with WRDEREUSE and WRDEAPPEND may return uninitialized memory. CVE-2025-15281...
Updated iperf packages fix security vulnerabilities
In iperf before 3.19.1, iperfauth.c has an off-by-one error and resultant heap-based buffer overflow. CVE-2025-54349 In iperf before 3.19.1, iperfauth.c has a Base64Decode assertion failure and application exit upon a malformed authentication attempt. CVE-2025-54350...
Updated kernel-linus packages fix security vulnerabilities
Vanilla upstream kernel version 6.6.120 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links...
Updated kernel, kmod-virtualbox & kmod-xtables-addons packages fix security vulnerabilities
Upstream kernel version 6.6.120 fixes bugs and vulnerabilities. The kmod-virtualbox & kmod-xtables-addons packages have been updated to work with this new kernel...
Updated avahi packages fix security vulnerabilities
Avahi has a reachable assertion in avahiwideareascancache. CVE-2025-68276 Avahi has a reachable assertion in lookupmulticastcallback. CVE-2025-68468 Avahi has a reachable assertion in lookupstart. CVE-2025-68471...
Updated harfbuzz packages fix security vulnerability
Null Pointer Dereference in SubtableUnicodesCache::create leading to DoS. CVE-2026-22693...
Updated nss & firefox packages fix security vulnerabilities
Mitigation bypass in the DOM: Security component. CVE-2026-0877 Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. CVE-2026-0878 Sandbox escape due to incorrect boundary conditions in the Graphics component. CVE-2026-0879 Sandbox escape due to integer...
Updated thunderbird packages fix security vulnerabilities
Mitigation bypass in the DOM: Security component. CVE-2026-0877 Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. CVE-2026-0878 Sandbox escape due to incorrect boundary conditions in the Graphics component. CVE-2026-0879 Sandbox escape due to integer...
Updated python-urllib3 packages fix security vulnerabilities
urllib3 allows an unbounded number of links in the decompression chain. CVE-2025-66418 urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects streaming API. CVE-2026-21441...
Updated libpng packages fix security vulnerabilities
LIBPNG has a heap buffer over-read in pngimagereaddirectscaled regression from CVE-2025-65018 fix. CVE-2026-22695 LIBPNG has an integer truncation causing heap buffer over-read in pngimagewrite. CVE-2026-22801...
Updated nodejs packages fix security vulnerabilities
Node.js HTTP/2 server crashes with unhandled error when receiving malformed HEADERS frame. CVE-2025-59465 Uncatchable "Maximum call stack size exceeded" error on Node.js via asynchooks leads to process crashes bypassing error handlers. CVE-2025-59466 Bypass File System Permissions using crafted...
Updated gimp packages fix security vulnerabilities
XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. CVE-2025-2760 FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. CVE-2025-2761 Multiple heap buffer overflows in tga parser. CVE-2025-48797 Multiple use after free in xcf parser. CVE-2025-48798 XWD File...
Updated net-snmp packages fix security vulnerability
Net-SNMP snmptrapd crash. CVE-2025-68615...
Updated libtasn1 packages fix security vulnerability
Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1expendoctetstring. CVE-2025-13151...
Updated zlib packages fix security vulnerability
zlib = 1.3.1.2 untgz Global Buffer Overflow in TGZfname. CVE-2026-22184...
Updated wget2 packages fix security vulnerability
Arbitrary File Write via Metalink Path Traversal in GNU Wget2. CVE-2025-69194...
Updated libpcap packages fix security vulnerability
OOBR and OOBW in pcapetheraton in libpcap. CVE-2025-11961...
Updated curl packages fix security vulnerabilities
curl is susceptible to a number of low severity security vulnerabilities: CVE-2025-14524: bearer token leak on cross-protocol redirect CVE-2025-14819: OpenSSL partial chain store policy bypass CVE-2025-15079: libssh knownhosts file vulnerability CVE-2025-15224: libssh key passphrase bypass...
Updated sodium packages fix security vulnerability
Libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group. CVE-2025-69277...
Updated cups packages fix bug & security vulnerabilities
cups has Authentication bypass with AuthType Negotiate. CVE-2025-58060 cups: Remote DoS via null dereference. CVE-2025-58364...
Updated ceph packages fix security vulnerability
RGW DoS attack with empty HTTP header in S3 object copy. CVE-2024-47866...
Updated ruby-rack packages fix security vulnerabilities
Unbounded-Parameter DoS in Rack::QueryParser. CVE-2025-46727 ReDoS Vulnerability in Rack::Multipart handlemimehead. CVE-2025-49007 Rack QueryParser has an unsafe default allowing paramslimit bypass via semicolon-separated parameters. CVE-2025-59830 Rack's unbounded multipart preamble buffering...
Updated roundcubemail packages fix security vulnerabilities
Fix Cross-Site-Scripting vulnerability via SVG's animate tag reported by Valentin T., CrowdStrike. Fix Information Disclosure vulnerability in the HTML style sanitizer reported by somerandomdev...
Updated php packages fix security vulnerabilities
Opcache: - Reset global pointers to prevent use-after-free in zendjitstatus. PDO: - Fixed PDO quoting result null deref. Standard: - Fixed Null byte termination in dnsgetrecord - Heap buffer overflow in arraymerge - Information Leak of Memory in getimagesize...
Updated webkit2 packages fix security vulnerabilities
CVE-2025-43501 Processing maliciously crafted web content may lead to an unexpected process crash. Description: A buffer overflow issue was addressed with improved memory handling. VE-2025-43531Processing maliciously crafted web content may lead to an unexpected process crash. Description: A race...
Updated ffmpeg packages fix security vulnerabilities
Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed...
Updated nspr, nss & firefox packages fix security vulnerabilities
Use-after-free in the WebRTC: Signaling component. CVE-2025-14321 Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. CVE-2025-14322 Privilege escalation in the DOM: Notifications component. CVE-2025-14323 JIT miscompilation in the JavaScript Engine: JIT...
Updated thunderbird packages fix security vulnerabilities
Use-after-free in the WebRTC: Signaling component. CVE-2025-14321 Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. CVE-2025-14322 Privilege escalation in the DOM: Notifications component. CVE-2025-14323 IT miscompilation in the JavaScript Engine: JIT...
Updated golang packages fix security vulnerabilities
Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509. CVE-2025-61727 Excessive resource consumption when printing error string for host certificate validation in crypto/x509. CVE-2025-61729...
Updated python3 packages fix security vulnerabilities
Excessive read buffering DoS in http.client. CVE-2025-13836 Out-of-memory when loading Plist. CVE-2025-13837 Quadratic complexity in node ID cache clearing. CVE-2025-12084...
Updated webkit2 packages fix security vulnerabilities
A website may be able to exfiltrate sensitive system information. Description: The issue was addressed through improved state checks - CVE-2025-13947. Processing maliciously crafted web content may lead to an unexpected process crash. Description: Multiple issues were addressed by disabling array...
Updated apache packages fix security vulnerabilities
Apache HTTP Server: modmd ACME, unintended retry intervals. CVE-2025-55753 Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives. CVE-2025-58098 Apache HTTP Server: CGI environment...
Updated libpng packages fix security vulnerability
LIBPNG has an out-of-bounds read in pngimagereadcomposite. CVE-2025-66293...