6009 matches found
Updated python-django packages fix security vulnerabilities
Potential SQL injection in FilteredRelation column aliases on PostgreSQL. CVE-2025-13372 Potential denial-of-service vulnerability in XML serializer text extraction. CVE-2025-64460...
Updated xkbcomp packages fix security vulnerabilities
Endless recursion in xkbcomp/expr.c resulting in a crash. CVE-2018-15853 NULL pointer dereference when parsing invalid atoms in ExprResolveLhs resulting in a crash. CVE-2018-15859 NULL pointer dereference in ExprResolveLhs resulting in a crash. CVE-2018-15861 NULL pointer dereference in...
Updated gnutls packages fix security vulnerability
Stack write buffer overflow. CVE-2025-9820...
Updated libraw, digikam & darktable packages fix security vulnerabilities
In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser. CVE-2025-43961 In LibRaw before 0.21.4, phaseonecorrect in decoders/loadmfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult...
Updated unbound packages fix security vulnerabilities
Possible domain hijacking via promiscuous records in the authority section. CVE-2025-11411. Previous fixes for CVE-2025-11411 released with Unbound 1.24.1 were not complete...
Updated webkit2 packages fix security vulnerabilities
The updated packages fix security vulnerabilities: CVE-2025-43392, CVE-2025-43419, CVE-2025-43425, CVE-2025-43427, CVE-2025-43429, CVE-2025-43430, CVE-2025-43431, CVE-2025-43432, CVE-2025-43434, CVE-2025-43440, CVE-2025-43443, CVE-2025-43421...
Updated cups packages fix security vulnerabilities
The updated packages fix security vulnerabilities and a regression with GTK+ apps caused by the fix for CVE-2025-58436: OpenPrinting CUPS slow client can halt cupsd, leading to a possible DoS attack. CVE-2025-58436 OpenPrinting CUPS vulnerable to stack based out-of-bound write. CVE-2025-61915...
Updated libpng packages fix security vulnerabilities
LIBPNG is vulnerable to a heap buffer overflow in pngdoquantize via malformed palette index. CVE-2025-64505 LIBPNG is vulnerable to a heap buffer over-read in pngwriteimage8bit with grayscale+alpha or RGB/RGBA images. CVE-2025-64506 LIBPNG is vulnerable to a buffer overflow in pngimagereadcomposi...
Updated webkit2 packages fix security vulnerabilities
We are updating webkit2 to version 2.50.1 that has many security fixes since our current version. Please see the links for additional information...
Updated cups-filters packages fix security vulnerability
CUPS rastertopclx Filter Vulnerable to Heap Buffer Overflow Leading to Potential Arbitrary Code Execution. CVE-2025-64524...
Updated ruby-rack packages fix security vulnerabilities
Possible Log Injection in Rack::CommonLogger. CVE-2025-25184 Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection. CVE-2025-27111 Local File Inclusion in Rack::Static. CVE-2025-27610...
Updated kernel, kmod-xtables-addons & kmod-virtualbox packages fix security vulnerabilities
Upstream kernel version 6.6.116 fixes bugs and vulnerabilities. The kmod-virtualbox & kmod-xtables-addons packages have been updated to work with this new kernel...
Updated kernel-linus packages fix security vulnerabilities
Vanilla upstream kernel version 6.6.116 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links...
Updated konsole packages fix security vulnerability
KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers such as a ssh:// or telnet:// or rlogin:// URL. This can be executed regardless of whether the ssh, telnet, or rlogin binary is available. In this mode, there is a code...
Updated redis packages fix security vulnerabilities
A Lua script may lead to remote code execution. CVE-2025-49844 A Lua script may lead to integer overflow and potential RCE. CVE-2025-46817 A Lua script can be executed in the context of another user. CVE-2025-46818 LUA out-of-bound read. CVE-2025-46819...
Updated ffmpeg packages fix security vulnerabilities
FFmpeg v.n6.1-3-g466799d4f5 allows an attacker to trigger use of a parameter of negative size in the avsamplessetsilence function in thelibavutil/samplefmt.c:260:9 component. CVE-2023-50007 FFmpeg v.n6.1-3-g466799d4f5 allows memory consumption when using the colorcorrect filter, in the avmalloc...
Updated thunderbird packages fix security vulnerabilities
Race condition in the Graphics component. CVE-2025-13012 Mitigation bypass in the DOM: Core & HTML component. CVE-2025-13013 CVE-2025-13014: Use-after-free in the Audio/Video component. CVE-2025-13014 Spoofing issue in Firefox. CVE-2025-13015 Incorrect boundary conditions in the JavaScript:...
Updated flatpak & bubblewrap packages fix security vulnerability
Flatpak may allow access to files outside sandbox for certain apps. CVE-2024-42472...
Updated cups-filters packages fix security vulnerabilities
CUPS-Filters has heap-buffer-overflow write in cfImageLut. CVE-2025-57812 cups-filters 1.x: out of bounds write in pdftoraster. CVE-2025-64503...
Updated postgresql15 & postgresql13 packages fix security vulnerabilities
PostgreSQL CREATE STATISTICS does not check for schema CREATE privilege. CVE-2025-12817 PostgreSQL libpq undersizes allocations, via integer wraparound. CVE-2025-12818...
Updated apache packages fix security vulnerabilities
HTTP response splitting. CVE-2024-42516 SSRF with modheaders setting Content-Type header. CVE-2024-43204 modssl error log variable escaping. CVE-2024-47252 modproxyhttp2 denial of service. CVE-2025-49630 modssl access control bypass with session resumption. CVE-2025-23048 modssl TLS upgrade attac...
Updated firefox packages fix security vulnerabilities
Race condition in the Graphics component. CVE-2025-13012 Mitigation bypass in the DOM: Core & HTML component. CVE-2025-13013 CVE-2025-13014: Use-after-free in the Audio/Video component. CVE-2025-13014 Spoofing issue in Firefox. CVE-2025-13015 Incorrect boundary conditions in the JavaScript:...
Updated apache-commons-beanutils packages fix security vulnerability
Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default. CVE-2025-48734...
Updated apache-commons-fileupload packages fix security vulnerability
Apache Commons FileUpload: FileUpload DoS via part headers. CVE-2025-48976...
Updated stardict packages fix security vulnerability
The YouDao plugin for StarDict, as used in stardict 3.0.7+git20220909+dfsg-6 in Debian trixie and elsewhere, sends an X11 selection to the dict.youdao.com and dict.cn servers via cleartext HTTP. CVE-2025-55014...
Updated apache-commons-lang3 & apache-commons-lang packages fix security vulnerability
Apache Commons Lang, Apache Commons Lang: ClassUtils.getClass... can throw a StackOverflowError on very long inputs. CVE-2025-48924...
Updated botan2 packages fix security vulnerability
Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 used in Chacha-Poly1305 and x25519. An addition can be skipped if a carry is not set. This was observed for GCC 11.3.0 with -O2 on MIPS, and GCC on x86-i38...
Updated yelp & yelp-xsl packages fix security vulnerability
The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment. CVE-2025-3155...
Updated python-django packages fix security vulnerability
Potential SQL injection via connector keyword argument in QuerySet and Q objects. CVE-2025-64459...
Updated spdlog packages fix security vulnerability
Spdlog patternformatter-inl.h scopedpadder resource consumption. CVE-2025-6140...
Updated webkit2 packages fix security vulnerabilities
CVE-2024-27838 A maliciously crafted webpage may be able to fingerprint the user. Description: The issue was addressed by adding additional logic. CVE-2024-27851 Processing maliciously crafted web content may lead to arbitrary code execution. Description: The issue was addressed with improved...
Updated python-setuptools packages fix security vulnerability
Setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write. CVE-2025-47273...
Updated ruby packages fix security vulnerabilities
Net::IMAP vulnerable to possible DoS by memory exhaustion. CVE-2025-25186 In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does not impose any limit on the length of the raw cookie value it...
Updated python-py packages fix security vulnerability
The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. CVE-2022-42969...
Updated python-flask-cors packages fix security vulnerabilities
Log Injection Vulnerability in corydolphin/flask-cors. CVE-2024-1681 Improper Access Control in corydolphin/flask-cors. CVE-2024-6221 Improper Regex Path Matching in corydolphin/flask-cors. CVE-2024-6839 Inconsistent CORS Matching Due to Handling of '+' in URL Path in corydolphin/flask-cors...
Updated perl-JSON-XS packages fix security vulnerability
JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact. CVE-2025-40928...
Updated perl-Authen-SASL packages fix security vulnerability
Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. CVE-2025-40918...
Updated perl-Cpanel-JSON-XS packages fix security vulnerability
Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact. CVE-2025-40929...
Updated perl-Crypt-OpenSSL-RSA packages fix security vulnerability
Perl-crypt-openssl-rsa: side-channel attack in pkcs1 v1.5 padding mode marvin attack. CVE-2024-2467...
Updated perl-CPAN & perl-HTTP-Tiny packages fix security vulnerabilities
CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. CVE-2023-31484 HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates...
Updated perl-File-Find-Rule packages fix security vulnerability
File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when grep encounters a crafted file name. CVE-2011-10007...
Updated python-urllib3 & python-pip packages fix security vulnerability
Urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation. CVE-2025-50181...
Updated perl-YAML-LibYAML packages fix security vulnerability
YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified. CVE-2025-40908...
Updated perl packages fix security vulnerabilities
CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. CVE-2023-31484 Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes. CVE-2024-56406 Perl threads have a working directory race condition where file operations may target...
Updated perl-FCGI packages fix security vulnerability
FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 aka fcgi library. CVE-2025-40907...
Updated python-tornado packages fix security vulnerability
Tornado vulnerable to excessive logging caused by malformed multipart form data. CVE-2025-47287...
Updated perl-Data-Entropy packages fix security vulnerability
Data::Entropy for Perl uses insecure rand function for cryptographic functions. CVE-2025-1860...
Updated python3 packages fix security vulnerabilities
URL parser allowed square brackets in domain names. CVE-2025-0938 Mishandling of comma during folding and unicode-encoding of email headers. CVE-2025-1795 Virtual environment venv activation scripts don't quote paths. CVE-2024-9287 Use-after-free in "unicodeescape" decoder with error handler...
Updated unbound packages fix security vulnerability
Several multi-vendor cache poisoning vulnerabilities have been discovered in caching resolvers for non-DNSSEC protected data. Unbound is vulnerable for some of these cases that could lead to domain hijacking CVE-2025-11411...
Updated strongswan packages fix security vulnerability
Buffer Overflow When Handling EAP-MSCHAPv2 Failure Requests. CVE-2025-62291...