SUSE CVE-2026-6843

A flaw was found in nano. A local user could exploit a format string vulnerability in the statusline function. By creating a directory with a name containing printf specifiers, the application attempts to display this name, leading to a segmentation fault SEGV. This results in a Denial of Service...

[SECURITY] Fedora 43 Update: rpki-client-9.8-1.fc43

The OpenBSD rpki-client is a free, easy-to-use implementation of the Resource Public Key Infrastructure RPKI for Relying Parties RP to facilitate validation of the Route Origin of a BGP announcement. The program queries the RPKI repository system, downloads and validates Route Origin Authorisatio...

OSV-2026-616 Use-of-uninitialized-value in JXRHandlerPrivate::colorSpace

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=505263965 Crash type: Use-of-uninitialized-value Crash state: JXRHandlerPrivate::colorSpace JXRHandlerPrivate::imageFormat JXRHandler::read...

SUSE SLED15 / SLES15 Security Update : libraw (SUSE-SU-2026:1555-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1555-1 advisory. - CVE-2026-5342: out-of-bounds read via LibRaw::nikonloadpaddedpackedraw bsc1261499. - CVE-2026-20884: integer...

CVE-2026-6941 radare2 < 6.1.4 Project Notes Path Traversal via Symlink

radare2 prior to 6.1.4 contains a path traversal vulnerability in its project notes handling that allows attackers to read or write files outside the configured project directory by importing a malicious .zrp archive containing a symlinked notes.txt file. Attackers can craft a .zrp archive with a...

freerdp: FreeRDP: Denial of Service via use-after-free in AUDIN format renegotiation

A use after free flaw was found in FreeRDP. AUDIN format renegotiation frees the active format list while the capture thread continues using audin-format, leading to a use after free in audioformatcompatible. A malicious server can trigger a client‑side heap use after free causing a crash...

SUSE CVE-2026-6846

A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF Extended Common Object File Format object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code execution,...

SUSE CVE-2026-31521

In the Linux kernel, the following vulnerability has been resolved: module: Fix kernel panic when a symbol stshndx is out of bounds The module loader doesn't check for bounds of the ELF section index in simplifysymbols: for i = 1; i shsize / sizeofElfSym; i++ const char name = info-strtab +...

openSUSE 16 Security Update : gnome-remote-desktop (openSUSE-SU-2026:20590-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20590-1 advisory. Update to version 48.3. Security issues fixed: - CVE-2025-5024: an unauthenticated attacker can exhaust system resources bsc1244053. Other updates and...

Unity Linux 20.1050e / 20.1060e Security Update: kernel (UTSA-2026-014300)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014300 advisory. In the Linux kernel, the following vulnerability has been resolved: drm: mxsfb: Fix NULL pointer dereference mxsfb should not ever dereference the NULL pointer which...

PT-2026-34707

Name of the Vulnerable Software and Affected Versions OpenTelemetry dotnet versions 1.13.1 through 1.15.1 Description When exporting telemetry to a back-end or collector over gRPC or HTTP using the OpenTelemetry Protocol OTLP format, unsuccessful requests HTTP 4xx or 5xx result in the response...

SUSE-SU-2026:21382-1 Security update for python-Pillow

This update for python-Pillow fixes the following issue: - CVE-2026-40192: Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attacks bsc1262184...

CVE-2026-41168

pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.1 can craft a PDF which leads to long runtimes. This requires cross-reference streams with wrong large /Size values or object streams with wrong large /N values. This ha...

CVE-2026-41168

pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.1 can craft a PDF which leads to long runtimes. This requires cross-reference streams with wrong large /Size values or object streams with wrong large /N values. This ha...

CVE-2026-31521

A flaw was found in the Linux kernel. The module loader, specifically in the simplifysymbols function, does not properly validate the bounds of the ELF Executable and Linkable Format section index. An attacker could craft a malicious module with an out-of-bounds stshndx value, leading to a kernel...

EUVD-2026-24708

A flaw was found in nano. A local user could exploit a format string vulnerability in the statusline function. By creating a directory with a name containing printf specifiers, the application attempts to display this name, leading to a segmentation fault SEGV. This results in a Denial of Service...

CVE-2026-6845

A flaw was found in binutils, specifically within the readelf utility. This vulnerability allows a local attacker to cause a Denial of Service DoS by tricking a user into processing a specially crafted Executable and Linkable Format ELF file. The exploitation of this flaw can lead to the system...

CVE-2026-6843

A flaw was found in nano. A local user could exploit a format string vulnerability in the statusline function. By creating a directory with a name containing printf specifiers, the application attempts to display this name, leading to a segmentation fault SEGV. This results in a Denial of Service...

CVE-2026-6843

A flaw was found in nano. A local user could exploit a format string vulnerability in the statusline function. By creating a directory with a name containing printf specifiers, the application attempts to display this name, leading to a segmentation fault SEGV. This results in a Denial of Service...

UBUNTU-CVE-2026-6843

A flaw was found in nano. A local user could exploit a format string vulnerability in the statusline function. By creating a directory with a name containing printf specifiers, the application attempts to display this name, leading to a segmentation fault SEGV. This results in a Denial of Service...