29605 matches found
Security update for mariadb
This update for mariadb fixes the following issues: CVE-2026-3494: audit plugin comment handling bypass bsc1259176. CVE-2026-34303: mysql: optimizer unspecified vulnerability bsc1266435. CVE-2026-35549: SHA2 auth plugin crash on large packets bsc1261413. CVE-2026-44168: wsrep SST unsafe parameter...
Updated tor packages fix security issues
This update provides lots of security issues fixed by upstream since our current version. Please see the links for details...
MGASA-2026-0187 Updated tor packages fix security issues
This update provides lots of security issues fixed by upstream since our current version. Please see the links for details...
SUSE CVE-2026-52907
In the Linux kernel, the following vulnerability has been resolved: media: rockchip: rkcif: fix off by one bugs Change these comparisons from vs = to avoid accessing one element beyond the end of the arrays. While at it, use ARRAYSIZE instead of the MAX enum values. fix cosmetic issues...
Apple macOS 安全漏洞
Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS before Monterey 12.4 contained security vulnerabilities. These vulnerabilities were due to consistency issues, which could allow those with access to a Mac to bypass th...
EulerOS 2.0 SP13 : vim (EulerOS-SA-2026-2318)
According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob function on...
CVE-2026-34182 CMS AuthEnvelopedData Processing May Accept Forged Messages
Issue Summary: Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve...
SUSE-SU-2026:2317-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 11 SP4 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2026-23271: perf: Fix perfeventoverflow vs perfremovefromcontext race bsc1260018. - CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache bsc1261638. -...
EUVD-2026-35416
In the Linux kernel, the following vulnerability has been resolved: media: rockchip: rkcif: fix off by one bugs Change these comparisons from vs = to avoid accessing one element beyond the end of the arrays. While at it, use ARRAYSIZE instead of the MAX enum values. fix cosmetic issues...
PT-2026-48599
Name of the Vulnerable Software and Affected Versions OpenEXR versions 3.4.0 through 3.4.11 Description The HTJ2K High-Throughput JPEG 2000 decoder in OpenEXRCore contains a heap-buffer-overflow READ in the ht undo impl function. This occurs because the function copies decoded pixels from a...
OPENSUSE-SU-2026:10988-1 perl-Protocol-HTTP2-1.130.0-1.1 on GA media
These are all security issues fixed in the perl-Protocol-HTTP2-1.130.0-1.1 package on the GA media of openSUSE Tumbleweed...
Microsoft Windows Push Notifications 竞争条件问题漏洞
Microsoft Windows Push Notifications is a push notification service provided by the American company Microsoft. It provides a reliable way to deliver new updates. There are compatibility issues with Microsoft Windows Push Notifications. The following products and versions are affected: Windows...
RHEL 9 : thunderbird (RHSA-2026:24721)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:24721 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Memory safety bugs fixed in Firefox ES...
PT-2026-48609
This update for libheif fixes the following issues Update to 1.23.0: - CVE-2025-68431: heap buffer over-read in HeifPixelImage: overlay via crafted HEIF that exercises the overlay image item bsc1255735. - CVE-2026-3950: manipulation of the component stsz/stts can lead to out-of-bounds read...
PT-2026-48598
Name of the Vulnerable Software and Affected Versions libzypp versions prior to 17.38.13 Description An issue exists where .repo files can contain an optional path that may lead to path traversal attacks. Path traversal is a technique that allows an attacker to access files and directories that a...
OPENSUSE-SU-2026:10983-1 gdk-pixbuf-loader-libheif-1.23.0-2.1 on GA media
These are all security issues fixed in the gdk-pixbuf-loader-libheif-1.23.0-2.1 package on the GA media of openSUSE Tumbleweed...
FreeBSD Security Advisory - FreeBSD-SA-26:35.openssl
FreeBSD Security Advisory - Multiple issues have been reported as part of this advisory with different issues affecting different OpenSSL versions and therefore different FreeBSD versions...
CVE-2026-46384
An integer overflow flaw was found in Go Avro in decoding logic. Multiple decoder paths performs unsafe integer conversions and overflow-prone arithmetic operations on attacker-controlled values from Avro payloads. A remote attacker during Avro decoder operations could exploit this issue using...
PT-2026-48597
Name of the Vulnerable Software and Affected Versions libzypp versions prior to 17.38.13-1.1 Description An issue exists allowing path traversal via the keyhint variable. Recommendations Update to version 17.38.13-1.1...
Important: perl-Archive-Tar
Issue Overview: Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. makespecialfile passes the tar header's linkname to symlink without validating it against absolute paths or .. segments. The secure-extract mode check tha...