1 week 1 day ago
It was discovered that Postorius did not properly escape HTML in message
subjects when rendering the Held messages pop-up. An attacker could
possibly use this issue to inject arbitrary HTML, resulting in exposure
of sensitive information.
1 week 1 day ago
It was discovered that Apache Commons BeanUtils incorrectly allowed
access to the declaredClass property of Java enum objects when handling
externally supplied property paths. An attacker could possibly use this
issue to execute arbitrary code.
1 week 1 day ago
It was discovered that Papers incorrectly handled PDF /GoToR actions. If a
user were tricked into opening a specially crafted PDF file, an attacker
could use this issue to manipulate command lines and possibly execute
arbitrary code.
1 week 1 day ago
It was discovered that Memcached's SASL password database authentication
had a timing side channel when handling username and password data. A
remote attacker could possibly use this issue to obtain sensitive
information.
1 week 1 day ago
It was discovered that Libgcrypt incorrectly handled crafted ECDH
ciphertext. An attacker could possibly use this issue to cause Libgcrypt to
crash, resulting in a denial of service. (CVE-2026-41989)
It was discovered that Libgcrypt incorrectly handled Dilithium signing. An
attacker could possibly use this issue to cause Libgcrypt to crash,
resulting in a denial of service. This issue only affected Ubuntu 26.04
LTS. (CVE-2026-41990)
1 week 1 day ago
It was discovered that libcaca incorrectly handled certain malformed files.
An attacker could use this issue to cause libcaca to crash, resulting in a
denial of service, or possibly execute arbitrary code.
1 week 1 day ago
FEDORA-2026-dafdad8fd3
Packages in this update:
- perl-Crypt-Argon2-0.031-1.fc44
- perl-Dist-Build-0.028-1.fc44
- perl-ExtUtils-Builder-0.020-1.fc44
- perl-ExtUtils-Builder-Compiler-0.036-1.fc44
Update description:
Update to 0.031 #2477035 #2481131 fixes CVE-2026-8463
1 week 1 day ago
It was discovered that GStreamer Good Plugins incorrectly handled certain
MP4 audio tracks. An attacker could possibly use this issue to cause
GStreamer Good Plugins to crash, resulting in a denial of service.
1 week 1 day ago
It was discovered that MediaWiki incorrectly handled group membership
visibility in the OATHAuth extension. An authenticated attacker could
use this issue to determine if other users had two-factor authentication
enabled. (CVE-2026-34087)
It was discovered that MediaWiki incorrectly handled suppressed log entry
titles in the RecentChanges list. An unauthenticated attacker could use
this issue to view titles of deleted or suppressed pages that should be hidden.
(CVE-2026-34088)
It was discovered that MediaWiki incorrectly handled resource loading timing
information. An attacker could use this issue to determine if certain pages
existed on a wiki. (CVE-2026-34092)
1 week 2 days ago
It was discovered that Expat, vendored in Ayttm, incorrectly handled
certain files. An attacker could possibly use this issue to cause a crash
or execute arbitrary code.
1 week 2 days ago
It was discovered that Expat, vendored in XML-RPC, incorrectly handled
certain files. An attacker could possibly use this issue to cause a crash
or execute arbitrary code.
1 week 2 days ago
1 week 2 days ago
1 week 2 days ago
1 week 2 days ago
1 week 2 days ago
FEDORA-2026-5d15cef372
Packages in this update:
- perl-Crypt-Argon2-0.031-1.fc45
- perl-Dist-Build-0.028-1.fc45
- perl-ExtUtils-Builder-0.020-1.fc45
- perl-ExtUtils-Builder-Compiler-0.036-1.fc45
Update description:
Update perl-Crypt-Argon2 to 0.031 #2477035 #2481131 fixes CVE-2026-8463
1 week 2 days ago
Santos Gallegos discovered that GitPython did not properly validate
paths when resolving certain Git references. An attacker could possibly
use this issue to cause files outside the .git directory to be accessed,
leading to a denial of service. This issue only affected Ubuntu 14.04
LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu
22.04 LTS. (CVE-2023-41040)
Wes Ring discovered that GitPython did not properly block certain unsafe
Git options when they were provided as Python keyword arguments. An
attacker could possibly use this issue to cause arbitrary command
execution. (CVE-2026-42215)
It was discovered that GitPython did not properly validate clone options
before processing them. An attacker could possibly use this issue to
inject unsafe Git configuration, leading to arbitrary command execution
through Git hooks. This issue only affected Ubuntu 20.04 LTS, Ubuntu
22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 26.04 LTS. (CVE-2026-42284)
It was discovered that GitPython did not properly validate reference
paths during reference operations. An attacker could possibly use this
issue to write, overwrite, move, or delete files outside the repository.
(CVE-2026-44243)
Dan Aridor discovered that GitPython did not properly validate
configuration values before writing them to Git configuration files. An
attacker could possibly use this issue to inject unsafe Git
configuration, leading to arbitrary command execution through Git hooks.
(CVE-2026-44244)
1 week 2 days ago
USN-7972-1 fixed a vulnerability in OpenCC. This update provides the
corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that OpenCC incorrectly handled truncated UTF-8 input.
An attacker could possibly use this issue to cause OpenCC to crash,
resulting in a denial of service.
1 week 2 days ago
USN-8063-1 fixed a vulnerability in Protocol Buffers. This update provides
the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that Protocol Buffers incorrectly handled recursion
when the Python google.protobuf.json_format.ParseDict() function is being
used. An attacker could possibly use this issue to cause Protocol Buffers
to consume resources, resulting in a denial of service.
1 week 2 days ago
It was discovered that the Linux kernel algif_aead module did not properly
handle in-place cryptographic operations. This flaw is known as Copy Fail.
A local attacker could use this to escalate privileges, or possibly escape
a container. (CVE-2026-31431)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
- Packet sockets;
- TLS protocol;
(CVE-2026-31504, CVE-2026-31533, CVE-2026-43033, CVE-2026-43077,
CVE-2026-43078)