SUSE-SU-2026:20762-1 Security update for harfbuzz

This update for harfbuzz fixes the following issues: Update to version 11.4.5: Security fixes: - CVE-2026-22693: Fixed a NULL pointer dereference in SubtableUnicodesCache::create bsc1256459. Other fixes: - Bug fixes for “AAT” shaping, and other shaping micro optimizations. - Fix a shaping...

EUVD-2025-147318

Malicious code in uaragifa-aat-usafar npm...

EUVD-2021-21468

Malware in sbrugna...

CVE-2025-21615

AAT Another Activity Tracker is a GPS-tracking application for tracking sportive activities, with emphasis on cycling. Versions lower than v1.26 of AAT are vulnerable to data exfiltration from malicious apps installed on the same device...

CVE-2021-34821

Cross Site Scripting XSS vulnerability exists in AAT Novus Management System through 1.51.2. The WebUI has wrong HTTP 404 error handling implemented. A remote, unauthenticated attacker may be able to exploit the issue by sending malicious HTTP requests to non-existing URIs. The value of the URL...

CVE-2025-21615

AAT Another Activity Tracker is a GPS-tracking application for tracking sportive activities, with emphasis on cycling. Versions lower than v1.26 of AAT are vulnerable to data exfiltration from malicious apps installed on the same device...

CVE-2025-21615

CVE-2025-21615 affects AAT (Another Activity Tracker) for mobile: versions prior to 1.26 are vulnerable to data exfiltration by other apps installed on the same device. The root cause is data disclosure leakage from the app’s environment, leading to potential confidentiality impact described as h...

CVE-2025-21615 AAT allows data exfiltration by other apps installed on the same device

AAT Another Activity Tracker is a GPS-tracking application for tracking sportive activities, with emphasis on cycling. Versions lower than v1.26 of AAT are vulnerable to data exfiltration from malicious apps installed on the same device...

CVE-2025-21615 AAT allows data exfiltration by other apps installed on the same device

AAT Another Activity Tracker is a GPS-tracking application for tracking sportive activities, with emphasis on cycling. Versions lower than v1.26 of AAT are vulnerable to data exfiltration from malicious apps installed on the same device...

aat-downloader (>=0.0.1 <=0.0.3), audittracker (=0.4.0) +30 more potentially affected by CVE-2022-39227 via python-jwt (>=2.0.1 <=3.3.0)

python-jwt PYPI version =2.0.1, =0.0.1, =1.0.1, =0.1.0.2, =6.0.0a1, =0.0.3, =1.0.3, =3.0.27, =0.0.4, =1.0.0, =1.0.6, =0.0.1, =0.5.0 and more Source cves: CVE-2022-39227 Source advisory: OSV:GHSA-5P8V-58QM-C7FP...

CVE-2021-34821

Cross Site Scripting XSS vulnerability exists in AAT Novus Management System through 1.51.2. The WebUI has wrong HTTP 404 error handling implemented. A remote, unauthenticated attacker may be able to exploit the issue by sending malicious HTTP requests to non-existing URIs. The value of the URL...

CVE-2021-34821

Cross Site Scripting XSS vulnerability exists in AAT Novus Management System through 1.51.2. The WebUI has wrong HTTP 404 error handling implemented. A remote, unauthenticated attacker may be able to exploit the issue by sending malicious HTTP requests to non-existing URIs. The value of the URL...

Cross site scripting

Cross Site Scripting XSS vulnerability exists in AAT Novus Management System through 1.51.2. The WebUI has wrong HTTP 404 error handling implemented. A remote, unauthenticated attacker may be able to exploit the issue by sending malicious HTTP requests to non-existing URIs. The value of the URL...

CVE-2021-34821

CVE-2021-34821 affects AAT Novus Management System (NMS) up to version 1.51.2. The WebUI improperly handles 404s, allowing a remote, unauthenticated attacker to issue requests to non-existent URIs. The vulnerability stems from the URL path filename being copied into the HTML document as plain tex...

CVE-2021-34821

Cross Site Scripting XSS vulnerability exists in AAT Novus Management System through 1.51.2. The WebUI has wrong HTTP 404 error handling implemented. A remote, unauthenticated attacker may be able to exploit the issue by sending malicious HTTP requests to non-existing URIs. The value of the URL...

OSV-2018-199 Heap-buffer-overflow in BEInt<unsigned short, 2>::operator unsigned short

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10986 Crash type: Heap-buffer-overflow READ 1 Crash state: BEInt::operator unsigned short AAT::LookupSegmentSingle ::cmp AAT::LookupSegmentSingle const OT::VarSizedBi...

OSV-2018-159 Use-of-uninitialized-value in AAT::LookupFormat8<OT::IntType<unsigned short, 2u> >::get_value

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10953 Crash type: Use-of-uninitialized-value Crash state: AAT::LookupFormat8 ::getvalue AAT::Lookup ::getvalue AAT::StateTable::getclass...

OSV-2018-119 UNKNOWN READ in AAT::KerxSubTableFormat1<AAT::KerxSubTableHeader>::driver_context_t::transition

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11367 Crash type: UNKNOWN READ Crash state: AAT::KerxSubTableFormat1::drivercontextt::transition void AAT::StateTableDriver::EntryDat AAT::KerxSubTableFormat1::apply...

OSV-2018-116 Heap-buffer-overflow in BEInt<unsigned short, 2>::operator unsigned short

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11060 Crash type: Heap-buffer-overflow READ 1 Crash state: BEInt::operator unsigned short AAT::LookupFormat10 ::sanitize AAT::Lookup ::sanitize...

OSV-2020-484 Heap-buffer-overflow in AAT::KerxSubTableFormat4<AAT::KerxSubTableHeader>::driver_context_t::transition

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12532 Crash type: Heap-buffer-overflow READ 4 Crash state: AAT::KerxSubTableFormat4::drivercontextt::transition void AAT::StateTableDriver::apply...