OPENSUSE-SU-2026:20105-1 Security update for sbctl

This update for sbctl fixes the following issues: Changes in sbctl: - Upgrade the embedded golang.org/x/net to 0.46.0 Fixes: bsc1251399, CVE-2025-47911: various algorithms with quadratic complexity when parsing HTML documents Fixes: bsc1251609, CVE-2025-58190: excessive memory consumption by...

CVE-2021-28499

In Arista's MOS Metamako Operating System software which is supported on the 7130 product line, user account passwords set in clear text could leak to users without any password. This issue affects: Arista Metamako Operating System MOS-0.18 and post releases in the MOS-0.1x train All releases in...

sbctl-0.18-2.1 on GA media (moderate)

sbctl-0.18-2.1 on GA media Announcement ID: openSUSE-SU-2025:15743-1 Rating: moderate Cross-References: CVE-2025-47911 CVE-2025-58190 CVSS scores: CVE-2025-47911 SUSE : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2025-47911 SUSE : 6.9...

Linux Distros Unpatched Vulnerability : CVE-2020-22336

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in pdfcrack 0.17 thru 0.18, allows attackers to execute arbitrary code via a stack overflow in the MD5 function. CVE-2020-22336 Note tha...

WordPress EZ InLinkz linkup plugin <= 0.18 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by theviper17 in WordPress Plugin EZ InLinkz linkup versions = 0.18...

CVE-2025-27329

CVE-2025-27329 concerns the WordPress plugin EZ InLinkz linkup (versions

CVE-2025-27329 WordPress EZ InLinkz linkup plugin <= 0.18 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in inlinkz EZ InLinkz linkup inlinkz-scripter allows DOM-Based XSS.This issue affects EZ InLinkz linkup: from n/a through = 0.18...

WordPress plugin EZ InLinkz linkup 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-7750 · Unknown · Ez Inlinkz Linkup

Name of the Vulnerable Software and Affected Versions: EZ InLinkz linkup versions 0.18 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for DOM-Based Cross-site Scripting XSS. This means that an attacker could potentially...

dbs-arch (>=0.2.2 <=0.2.3), dbs-boot (>=0.3.0 <=0.4.0) +7 more potentially affected by unknown CVE via kvm-ioctls (>=0.10.0 <=0.18.0)

kvm-ioctls CARGO version =0.10.0, =0.2.2, =0.3.0, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =0.0.29, =0.2.0 Source cves: unknown CVE Source advisory: OSV:GHSA-3QX8-RV27-J6GP...

AzuraCast 跨站脚本漏洞

AzuraCast is a simple self-hosted webcast management suite from AzuraCast. A cross-site scripting vulnerability exists in AzuraCast version 0.18 and earlier, which stems from the lack of effective filtering and escaping of user-supplied data in the name field on the Edit Profile page, and can be...

CVE-2023-2191 Cross-site Scripting (XSS) - Stored in azuracast/azuracast

Cross-site Scripting XSS - Stored in GitHub repository azuracast/azuracast prior to 0.18...

CVE-2023-2191 Cross-site Scripting (XSS) - Stored in azuracast/azuracast

Cross-site Scripting XSS - Stored in GitHub repository azuracast/azuracast prior to 0.18...

com.korwe:kordapt-core (>=1.0.1 <=1.1.2), com.korwe:kordapt-gradle-plugin (>=1.0.1 <=1.1.2) +12 more potentially affected by CVE-2012-4446 via org.apache.qpid:qpid-client (>=0.10 <=0.18)

org.apache.qpid:qpid-client MAVEN version =0.10, =1.0.1, =1.0.1, =1.0.1, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =5.8.0-NESS-1, =0.4.0, =2.7.5, =1.0.3, =0.7.0.Final, =0.8.0.Final Source cves: CVE-2012-4446 Source advisory: OSV:GHSA-MRGH-6X42-X6XF...

CVE-2021-28499

In Arista's MOS Metamako Operating System software which is supported on the 7130 product line, user account passwords set in clear text could leak to users without any password. This issue affects: Arista Metamako Operating System MOS-0.18 and post releases in the MOS-0.1x train All releases in...

CVE-2020-12268

jbig2imagecompose in jbig2image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow...

PT-2020-6706 · Artifex +6 · Jbig2Dec +6

Name of the Vulnerable Software and Affected Versions: Artifex jbig2dec versions prior to 0.18 Description: The issue is related to a heap-based buffer overflow in the jbig2 image compose function of the jbig2 image.c component in the Jbig2dec decoder. This allows a remote attacker to access...

PDFResurrect buffer overflow vulnerability (CNVD-2020-16832)

PDFResurrect is a tool for analyzing PDF documents. A buffer error vulnerability exists in the 'pdfloadpageskids' function of the pdf.c file in versions of PDFResurrect prior to 0.18, which can be exploited by an attacker to cause malloc failures and out-of-bounds writes...

Out-of-bounds

An issue was discovered in PDFResurrect before 0.18. pdfloadpageskids in pdf.c doesn't validate a certain size value, which leads to a malloc failure and out-of-bounds write...

CVE-2019-14934

An issue was discovered in PDFResurrect before 0.18. pdfloadpageskids in pdf.c doesn't validate a certain size value, which leads to a malloc failure and out-of-bounds write...