curl: TFTP upload ignores --continue-at / CURLOPT_RESUME_FROM and leaks skipped local file prefix

Summary TFTP uploads ignore the configured resume offset. When a caller runs curl -C N -T file tftp://... or uses libcurl with CURLOPTUPLOAD and CURLOPTRESUMEFROM, curl should skip the first N bytes of the local source before uploading. Instead, the TFTP code sends the complete local file from by...

Important: Red Hat Security Advisory: Multicluster Global Hub 1.3.4 security update

Multicluster Global Hub v1.3.4 general availability release images, which provide security fixes, bug fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues The following security issues were fixed: CVE-2022-49979: net: fix refcount bug in skpsockget bsc1245109. CVE-2023-20585: x86/CPU: Fix FPDSS on Zen1 bsc1243603. CVE-2026-23239: espintcp: Fix race condition in...

CVE-2026-10583

A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. Affected by this issue is the function Import of the file internal/http/ttsconfig.go of the component TTS Configuration Endpoint. The manipulation leads to server-side request forgery. It is possible to initiate t...

CVE-2026-10583

A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. Affected by this issue is the function Import of the file internal/http/ttsconfig.go of the component TTS Configuration Endpoint. The manipulation leads to server-side request forgery. It is possible to initiate t...

CVE-2026-10583 nextlevelbuilder GoClaw TTS Configuration Endpoint tts_config.go import server-side request forgery

A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. Affected by this issue is the function Import of the file internal/http/ttsconfig.go of the component TTS Configuration Endpoint. The manipulation leads to server-side request forgery. It is possible to initiate t...

SUSE CVE-2026-10200

A vulnerability was found in Assimp up to 6.0.4. This affects the function glTFCommon::CopyValue in the library glTFCommon.h of the component 4x4 Matrix Parser. Performing a manipulation results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit has bee...

SUSE CVE-2026-10201

A vulnerability was determined in Assimp up to 6.0.4. This vulnerability affects the function FBXExporter::WriteObjects of the file FBXExporter.cpp of the component UV Channel Handler. Executing a manipulation can lead to divide by zero. The attack needs to be launched locally. The exploit has be...

SUSE CVE-2026-10229

A vulnerability was determined in Assimp up to 6.0.4. This affects the function HL1MDLLoader::readmeshes of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been...

SUSE CVE-2026-10233

A security vulnerability has been detected in Assimp up to 6.0.4. Affected by this issue is the function HL1MDLLoader::readsequenceinfos of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. The manipulation of the argument aiString leads to out-of-bounds read. The attack needs to...

SUSE CVE-2026-45372

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, when cpp-httplib's server parses an incoming request, it applies percent-decoding to every header value except Location and Referer. The validity check isfieldvalue is run before decoding, so encode...

PT-2026-46589

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A type confusion issue exists in ANGLE, which could allow a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. Type confusion occurs when a program...

SUSE SLES15 Security Update : kernel (Live Patch 17 for SUSE Linux Enterprise 15 SP6) (SUSE-SU-2026:2199-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2199-1 advisory. This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.78 fixes various security issues The following security issues were fixed: -...

TencentOS Server 4: kernel (TSSA-2026:0409)

"The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0409 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilitie...

PT-2026-46436

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An out of bounds write occurs in ANGLE, which is a compatibility layer that allows OpenGL ES to run on various graphics APIs. This issue allows a remote attacker to potentially exploit...

PT-2026-45821

Name of the Vulnerable Software and Affected Versions GoClaw versions prior to 3.11.4 Description An issue in the Webhook Verification Handler component allows for missing authentication. This occurs within the resolveAuth function located in the internal/http/auth.go file, enabling remote...

Security update for rqlite (important)

openSUSE security update: security update for rqlite ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20854-1 Rating: important References: bsc1265706 bsc1266544 Cross-References: CVE-2026-33814 CVE-2026-39821 CVSS scores: CVE-2026-33814 SUSE : 7.5...

CVE-2026-48682

FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read in the IPv4 packet parser. In src/simplepacketparserng.cpp, after validating that the packet contains at least sizeofipv4headert bytes 20 bytes, the code advances the localpointer by '4 ipv4header-getihl' line 164 without...

Security update for ffmpeg-4 (important)

openSUSE security update: security update for ffmpeg-4 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20855-1 Rating: important References: bsc1234030 bsc1237561 bsc1249393 bsc1249431 Cross-References: CVE-2024-35366 CVE-2024-35368 CVE-2024-36618...

SUSE SLES15 Security Update : kernel RT (Live Patch 10 for SUSE Linux Enterprise 15 SP7) (SUSE-SU-2026:2131-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2131-1 advisory. This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.34 fixes various security issues The following security issues were fixed: -...