Security update for NetworkManager-libreswan (important)

openSUSE Security Update: Security update for NetworkManager-libreswan Announcement ID: openSUSE-SU-2026:0200-1 Rating: important References: 1232040 Cross-References: CVE-2024-9050 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes one vulnerability is now available...

USN-8202-1: jq vulnerabilities

It was discovered that jq did not correctly handle certain string concatenations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue was addressed in Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS...

EUVD-2005-2518

Malware in sbrugna...

CLSA-2025-1759782399 Fix CVE(s): CVE-2025-5372

SECURITY UPDATE: improper return value handling in key derivation function - debian/patches/CVE-2025-5372.patch: reformat sshkdf to fix formatting issue with EVPKDFctrl calls - debian/patches/CVE-2025-5372-1.patch: simplify error checking and handling of return codes in sshkdf - CVE-2025-5372...

BMC Control-M Stack Buffer Overflow Vulnerability

BMC Control-M is an application from BMC Corporation. Simplifies application and data workflow orchestration locally or as a service. BMC Control-M suffers from a stack buffer overflow vulnerability that originates from formatting an error message when SSL/TLS communication is misconfigured, no...

Link field display mode formatter - Moderately critical - Cross site scripting - SA-CONTRIB-2025-024

This module adds a formatter for link fields that displays the current entity with another view mode inside the link. Drupal core does not sufficiently sanitize link element attributes, which can lead to a Cross Site Scripting vulnerability XSS. A separate fix for Drupal core has been released bu...

CVE-2023-49355

decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the " -1.2e-1111111111" input. NOTE: this is not the same as CVE-2023-50246. The CVE-2023-50246 71c2ab5 reference mentions -10E-1000010001, which is not in normalized scientific notation...

DEBIAN-CVE-2022-4915

Inappropriate implementation in URL Formatting in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chromium security severity: Medium...

UBUNTU-CVE-2018-6104

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name...

PSF-2008-8 Multiple integer overflows (Apple)

Multiple integer overflows in the PyOSvsnprintf function in Python/mysnprintf.c in Python 2.5.2 and earlier allow context-dependent attackers to cause a denial of service memory corruption or have unspecified other impact via crafted input to string formatting operations. NOTE: the handling of...