PT-2026-47089

Summary The Binary Stream Capture BSC component exposes an unauthenticated HTTP API for dynamically creating packet capture “handlers.” Because the code blindly trusts path‑related form fields, a remote client can: - Bypass the configured log root and direct BSC to log to arbitrary filesystem...

SUSE-SU-2026:21696-1 Security update for the Linux Kernel (Live Patch 10 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise Kernel 6.4.0-32.1 fixes one security issue The following security issue was fixed: - CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags bsc1264459...

Security update for freeipmi

This update for freeipmi fixes the following issue: CVE-2026-33554: improper memory handling and data validation can lead to stack buffer overflows and acceptance of malformed payloads/responses bsc1260414. Patch Instructions: To install this SUSE update use the SUSE recommended installation...

SUSE-SU-2026:21378-1 Security update for tomcat

This update for tomcat fixes the following issues: - CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. - CVE-2026-25854: Occasionally open redirect bsc1261851. - CVE-2026-29129: TLS cipher order is not preserved bsc1261852. - CVE-2026-29145: OCSP checks sometimes soft-fail...

OPENSUSE-SU-2026:20512-1 Security update for pcre2

This update for pcre2 fixes the following issue: - CVE-2025-58050: integer overflow leads to heap buffer overread in matchref due to missing boundary restoration in SCS bsc1248842...

SUSE SLES16 Security Update : cockpit-repos (SUSE-SU-2026:20997-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:20997-1 advisory. This update for cockpit-repos fixes the following issue: - CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive...

SUSE-SU-2026:1178-1 Security update for libsoup

This update for libsoup fixes the following issue: - CVE-2026-0716: improper bounds handling may allow out-of-bounds read bsc1256418...

SUSE-SU-2026:0783-1 Security update for zlib

This update for zlib fixes the following issue: - CVE-2026-27171: Fixed infinite loop via the crc32combine64 and crc32combinegen64 functions due to missing checks for negative lengths bsc1258392...

SUSE-SU-2026:0599-1 Security update for libpng12

This update for libpng12 fixes the following issues: - CVE-2026-25646: heap buffer overflow vulnerability in pngsetdither/pngsetquantize bsc1258020...

openSUSE 16 Security Update : micropython (openSUSE-SU-2026:20199-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20199-1 advisory. Changes in micropython: - CVE-2026-1998: Fixed segmentation fault in mpmaplookup via mpimportall bsc1257803. - Version 1.26.1 esp32: update esptinyusb...

SUSE SLES15 / openSUSE 15 Security Update : python-wheel (SUSE-SU-2026:0460-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:0460-1 advisory. - CVE-2026-24049: Fixed absent path sanitization can cause arbitrary file permission modification bsc1257100. Tenable has...

SUSE-SU-2026:0396-1 Security update for cockpit-machines

This update for cockpit-machines fixes the following issues: - CVE-2025-13465: Update the lodash dependencie to avoid prototype pollution. bsc1257324...

SUSE-SU-2025:4281-1 Security update for the Linux Kernel (Live Patch 43 for SUSE Linux Enterprise 15 SP4)

This update for the SUSE Linux Enterprise kernel 5.14.21-150400.24.173 fixes one security issue The following security issue was fixed: - CVE-2023-53673: Bluetooth: hcievent: call disconnect callback before deleting conn bsc1251983...

SUSE-SU-2025:4191-1 Security update for amazon-ssm-agent

This update for amazon-ssm-agent fixes the following issues: - CVE-2025-47913: Fixed a bug in the client process termination when receiving an unexpected message type in response to a key listing or signing request. bsc1253598...

EUVD-2025-22900

Malicious code in bioql PyPI...

CVE-2025-9003

A vulnerability has been found in D-Link DIR-818LW 1.04. This vulnerability affects unknown code of the file /bsclan.php of the component DHCP Reserved Address Handler. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. This vulnerability on...

D-Link DIR-818LW 代码注入漏洞

D-Link DIR-818LW is a wireless router from China's AUO D-Link. A code injection vulnerability exists in the D-Link DIR-818LW version 1.04, which originates from a cross-site scripting attack due to incorrect manipulation of the parameter Name in the file /bsclan.php...

CVE-2025-8275

A vulnerability, which was classified as problematic, has been found in bsc Peru Cocktails App 1.0.0 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component bsc.devy.perucocktails. The manipulation leads to improper export of android...

CVE-2025-8275

A vulnerability, which was classified as problematic, has been found in bsc Peru Cocktails App 1.0.0 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component bsc.devy.perucocktails. The manipulation leads to improper export of android...

CVE-2025-8275 bsc Peru Cocktails App bsc.devy.peru_cocktails AndroidManifest.xml improper export of android application components

A vulnerability, which was classified as problematic, has been found in bsc Peru Cocktails App 1.0.0 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component bsc.devy.perucocktails. The manipulation leads to improper export of android...