4648 matches found
Infinite loop
Overview Magick.NET-Q8-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package ar...
Infinite loop
Overview Magick.NET-Q16-HDRI-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Infinite loop
Overview Magick.NET-Q8-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Infinite loop
Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Infinite loop
Overview Magick.NET-Q16-HDRI-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...
Allocation of Resources Without Limits or Throttling
Overview Magick.NET-Q16-HDRI-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Allocation of Resources Without Limits or Throttling
Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...
Security update for php8
This update for php8 fixes the following issues CVE-2025-14179: improper handling of NULL bytes by the PDO Firebird driver when preparing SQL queries can lead to SQL injection bsc1264778. CVE-2026-6722: use-after-free in SOAP using Apache map can lead to remote code execution bsc1264776...
Security update for python310
This update for python310 fixes the following issues Security issues: CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF bsc1261969. CVE-2026-3446: base64 decoding stops at first padded quad by default bsc1261970. CVE-2026-4786: incomplete mitigation of , %action expansion fo...
SUSE-SU-2026:1947-1 Security update for python310
This update for python310 fixes the following issues Security issues: - CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF bsc1261969. - CVE-2026-3446: base64 decoding stops at first padded quad by default bsc1261970. - CVE-2026-4786: incomplete mitigation of , %action...
Security update for python3
This update for python3 fixes the following issue: CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF bsc1261969. CVE-2026-3446: base64 decoding stops at first padded quad by default and ignores other information that could be processed bsc1261970. CVE-2026-4786: URLs prefixe...
SUSE-SU-2026:1937-1 Security update for python3
This update for python3 fixes the following issue: - CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF bsc1261969. - CVE-2026-3446: base64 decoding stops at first padded quad by default and ignores other information that could be processed bsc1261970. - CVE-2026-4786: URLs...
OSV-2026-765 Heap-use-after-free in gf_node_get_id
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=513783541 Crash type: Heap-use-after-free READ 8 Crash state: gfnodegetid lsrreadcommandlist lsrdecodelaserunit...
CLSA-2026-1778943258 Fix CVE(s): CVE-2026-6722, CVE-2026-7261, CVE-2026-7262, CVE-2026-7568
SECURITY UPDATE: SOAP use-after-free with SOAPPERSISTENCESESSION - debian/patches/CVE-2026-7261.patch: skip zvalptrdtor on the persisted soapobj after header parsing failure when persistence is SOAPPERSISTENCESESSION - CVE-2026-7261 SECURITY UPDATE: SOAP use-after-free via Apache Map with duplica...
SUSE CVE-2026-42582
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final, when decoding header blocks, the non-Huffman branch of io.netty.handler.codec.http3.QpackDecoderdecodeHuffmanEncodedLiteral may execute new bytelength for a string literal before verifying that length byt...
SUSE CVE-2026-43903
OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, sgiinput.cpp:265,274 use OIIODASSERT for bounds checking in the RLE decode loop. In release builds, OIIODASSERT compiles to voidsizeofx...
phpMyFAQ: SVG Sanitizer Entity Decoding Depth Limit Bypass Leading to Stored XSS
phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in SvgSanitizer::decodeAllEntities that limits recursive entity decoding to 5 iterations, allowing attackers to bypass sanitization. Authenticated users with FAQEDIT permission can upload malicious SVG files with deeply...
CVE-2026-46360 phpMyFAQ - Stored XSS via Entity Decoding Depth Limit Bypass in SVG Sanitizer
phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in SvgSanitizer::decodeAllEntities that limits recursive entity decoding to 5 iterations, allowing attackers to bypass sanitization. Authenticated users with FAQEDIT permission can upload malicious SVG files with deeply...
SUSE CVE-2026-42579
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's DNS codec does not enforce RFC 1035 domain name constraints during either encoding or decoding. This creates a bidirectional attack surface: malicious DNS responses can exploit t...
SUSE CVE-2026-44248
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the MQTT 5 header Properties section is parsed and buffered before any message size limit is applied. Specifically, in MqttDecoder, the decodeVariableHeader method is called before the...