5993 matches found
Updated python-django packages fix security vulnerability
An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.striptags function is vulnerable to a potential denial-of-service slow performance when processing inputs containing large sequences of incomplete HTML tags. The template filter...
Updated transfig packages fix security vulnerabilities
Floating point exception in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via getslope function. CVE-2025-31162 Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via putpatternarc function...
Updated libreoffice packages fix security vulnerability
PDF signature forgery with adbe.pkcs7.sha1 SubFilter. CVE-2025-2866...
Updated thunderbird packages fix security vulnerabilities
Process isolation bypass using "javascript:" URI links in cross-origin frames. CVE-2025-4083 Unsafe attribute access during XPath parsing. CVE-2025-4087 Memory safety bugs fixed in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. CVE-2025-4091 Memory safety bug fixed in...
Updated firefox packages fix security vulnerabilities
A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape, CVE-2025-4083. A vulnerability was identified in Firefox...
Updated poppler packages fix security vulnerability
NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries. CVE-2025-43903...
Updated fcgi packages fix security vulnerability
FastCGI fcgi2 aka fcgi 2.x through 2.4.4 has an integer overflow and resultant heap-based buffer overflow via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c. CVE-2025-23016...
Updated tomcat packages fix security vulnerabilities
DoS via malformed HTTP/2 PRIORITYUPDATE frame. CVE-2025-31650 Bypass of rules in Rewrite Valve. CVE-2025-31651...
Updated graphicsmagick packages fix security vulnerabilities
GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c, related to an ImportViewPixelArea call. CVE-2025-32460...
Updated kernel-linus packages fix security vulnerabilities
Vanilla upstream kernel version 6.6.88 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links...
Updated apache-mod_auth_openidc packages fix security vulnerability
modauthopenidc allows OIDCProviderAuthRequestMethod POSTs to leak protected data. CVE-2025-31492...
Updated pam packages fix security vulnerability
libpam vulnerable to leaking hashed passwords. CVE-2024-10041...
Updated kernel, kmod-virtualbox & kmod-xtables-addons packages fix security vulnerabilities
Upstream kernel version 6.6.87 fixes bugs and vulnerabilities. The kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the vulnerabilities see the links...
Updated imagemagick packages fix security vulnerabilities
In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after SetQuantumFormat is used. CVE-2025-43965 In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packetsize is mishandled related to the rendering of all channels in an arbitrary order...
Updated chromium-browser-stable packages fix security vulnerabilities
Heap buffer overflow in Codecs. CVE-2025-3619 Use after free in USB. CVE-2025-3620...
Updated haproxy packages fix security vulnerability
BUG/MEDIUM: sample: fix risk of overflow when replacing multiple regex back-refsAleandro Prudenzano of Doyensec and Edoardo Geraci of Codean Labs reported a bug in sampleconvregsub, which can cause replacements of multiple back-references to overflow the temporary trash buffer. The problem happen...
Updated libxml2 packages fix security vulnerabilities
CVE-2025-32414 Buffer overflow when parsing text streams with Python API CVE-2025-32415 Heap-based Buffer Overflow in xmlSchemaIDCFillNodeTables...
Updated chromium-browser-stable packages fix security vulnerabilities
Use after free in Site Isolation. CVE-2025-3066 Inappropriate implementation in Custom Tabs. CVE-2025-3067 Inappropriate implementation in Intents. CVE-2025-3068 Inappropriate implementation in Extensions. CVE-2025-3069 Insufficient validation of untrusted input in Extensions. CVE-2025-3070...
Updated rust packages fix security vulnerability
The Rust Security Response WG was notified that the Rust standard library did not properly escape arguments when invoking batch files with the bat and cmd extensions on Windows using the Command API. An attacker able to control the arguments passed to the spawned process could execute arbitrary...
Updated giflib packages fix security vulnerability
The giflib open-source component has a buffer overflow vulnerability. CVE-2025-31344...
Updated poppler packages fix security vulnerabilities
A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INTMIN. CVE-2025-32364 Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine...
Updated gnupg2 packages fix security vulnerability
In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS". CVE-2025-30258...
Updated graphicsmagick packages fix security vulnerabilities
ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits. CVE-2025-27795...
Updated atop packages fix security vulnerability
atop through 2.11.0 allows local users to cause a denial of service e.g., assertion failure and application exit or possibly have unspecified other impact by running certain types of unprivileged processes while a different user runs atop. CVE-2025-31160...
Updated xz packages fix security vulnerability
XZ has a heap-use-after-free bug in threaded .xz decoder. CVE-2025-31115...
Updated docker-containerd packages fix security vulnerability
containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a UID:GID larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as roo...
Updated thunderbird packages fix security vulnerabilities
Use-after-free triggered by XSLTProcessor. CVE-2025-3028 URL Bar Spoofing via non-BMP Unicode characters. CVE-2025-3029 Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. CVE-2025-3030...
Updated corosync packages fix security vulnerability
Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orftokenendianconvert in exec/totemsrp.c via a large UDP packet. CVE-2025-30472...
Updated augeas packages fix security vulnerability
Hercules Augeas fa.c recaseexpand null pointer dereference. CVE-2025-2588...
Updated nss & firefox packages fix security vulnerabilities
Use-after-free triggered by XSLTProcessor. CVE-2025-3028 URL Bar Spoofing via non-BMP Unicode characters. CVE-2025-3029 Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. CVE-2025-3030...
Updated microcode packages fix security vulnerability
Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP. CVE-2024-56161...
Updated curl packages fix security vulnerabilities
When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. The fix was included previously as part of MGAA-2025-0004...
Updated upx packages fix security vulnerability
UPX plxelf.cpp unDTINIT heap-based overflow. CVE-2025-2849...
Updated mercurial packages fix security vulnerability
Mercurial SCM Web Interface cross site scripting. CVE-2025-2361...
Updated zvbi packages fix security vulnerabilities
A vulnerability was found in libzvbi up to 0.2.43. It has been classified as problematic. Affected is the function vbistrndupiconvucs2 of the file src/conv.c. The manipulation of the argument srclength leads to uninitialized pointer. It is possible to launch the attack remotely. The exploit has...
Updated elfutils packages fix security vulnerabilities
elfutils v0.189 was discovered to contain a NULL pointer dereference via the handleverdef function at readelf.c. CVE-2024-25260 GNU elfutils eu-readelf readelf.c printstringsection buffer overflow. CVE-2025-1372 GNU elfutils eu-strip strip.c gelfgetsymshndx denial of service. CVE-2025-1377...
Updated chromium-browser-stable packages fix security vulnerability
Use after free in Lens. CVE-2025-2476...
Updated ffmpeg packages fix security vulnerability
FFmpeg NULL Pointer Dereference. CVE-2024-12361...
Updated radare2 packages fix security vulnerabilities
Buffer overflow in the HFS parser from grub2. CVE-2024-56737 Out-of-bounds Write in radare2. CVE-2025-1744 Buffer Overflow and Potential Code Execution in Radare2. CVE-2025-1864...
Updated dcmtk packages fix security vulnerability
DCMTK dcmjpls JPEG-LS Decoder memory corruption. CVE-2025-2357...
Updated bluez packages fix security vulnerabilities
BlueZ Audio Profile AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability. CVE-2023-44431 BlueZ Audio Profile AVRCP avrcpparseattributelist Out-Of-Bounds Read Information Disclosure Vulnerability. CVE-2023-51580 BlueZ Audio Profile AVRCP parsemediaelement Out-Of-Bounds Read...
Updated kernel, kmod-virtualbox & kmod-xtables-addons packages fix security vulnerabilities
Upstream kernel version 6.6.83 fixes bugs and vulnerabilities. The kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the vulnerabilities see the links...
Updated wpa_supplicant & hostapd packages fix security vulnerability
hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS authentications to fail. CVE-2025-24912...
Updated kernel-linus packages fix security vulnerabilities
Vanilla upstream kernel version 6.6.83 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links...
Updated expat packages fix security vulnerability
Improper restriction of xml entity expansion depth in libexpat. CVE-2024-8176 NOTE: upstream deemed this fix incomplete after it was initially pushed. The complete fix was submitted along with the fix for CVE-2025-59375...
Updated libxslt packages fix security vulnerabilities
xsltGetInheritedNsList in libxslt has a use-after-free issue related to exclusion of result prefixes CVE-2024-55549. numbers.c in libxslt has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValu...
Updated freerdp packages fix security vulnerabilities
FreeRDP rdpwritelogoninfov1 NULL access. CVE-2024-32661...
Updated vim packages fix security vulnerability
Vim vulnerable to potential data loss with zip.vim and special crafted zip files. CVE-2025-29768...
Updated tomcat packages fix security vulnerabilities
Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The mitigation for CVE-2024-50379 was incomplete. Users running Tomcat on a case insensiti...
Updated chromium-browser-stable packages fix security vulnerabilities
High CVE-2025-1920: Type Confusion in V8. High CVE-2025-2135: Type Confusion in V8. Medium CVE-2025-2136: Use after free in Inspector. Medium CVE-2025-2137: Out of bounds read in V8...