SUSE-SU-2026:1660-1 Security update for libheif

This update for libheif fixes the following issues: - CVE-2026-3949: Manipulation of the argument size of a malicious frame can lead to out-of-bounds read bsc1259541...

CLSA-2026-1776791510 nginx: Fix of 5 CVEs

CVE-2017-7529: fix integer overflow in range filter - CVE-2018-16843: fix excessive memory consumption in HTTP/2 - CVE-2018-16844: fix excessive CPU usage in HTTP/2 - CVE-2019-9511: fix excessive memory growth via HTTP/2 DATA frame manipulation - CVE-2019-9513: fix excessive CPU usage via HTTP/2...

nginx: Fix of 5 CVEs

CVE-2017-7529: fix integer overflow in range filter - CVE-2018-16843: fix excessive memory consumption in HTTP/2 - CVE-2018-16844: fix excessive CPU usage in HTTP/2 - CVE-2019-9511: fix excessive memory growth via HTTP/2 DATA frame manipulation - CVE-2019-9513: fix excessive CPU usage via HTTP/2...

CLSA-2026-1776791328 nginx: Fix of 5 CVEs

CVE-2017-7529: fix integer overflow in range filter - CVE-2018-16843: fix excessive memory consumption in HTTP/2 - CVE-2018-16844: fix excessive CPU usage in HTTP/2 - CVE-2019-9511: fix excessive memory growth via HTTP/2 DATA frame manipulation - CVE-2019-9513: fix excessive CPU usage via HTTP/2...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000357)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000357 advisory. An issue was discovered in cancangwrcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that ca...

EUVD-2002-0807

Malware in sbrugna...

PT-2025-26173 · Quiche · Quiche

Name of the Vulnerable Software and Affected Versions: quiche versions prior to 0.24.4 Description: The issue is related to incorrect congestion window growth, which could cause quiche to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can explo...

CVE-2024-22189

quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of NEWCONNECTIONID frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a...

[SECURITY] Fedora 25 Update: pfstools-2.0.6-3.fc25

pfstools is a set of command line programs for reading, writing, manipulating and viewing high-dynamic range HDR images and video frames. All programs in the package exchange data using unix pipes and a simple generic HDR image format pfs. The concept of the pfstools is similar to netpbm package...

CVE-2016-5757

iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow remote users to gain access to authentication credentials...

The vulnerability of Google Chrome browser allows a violator to circumvent existing access restrictions policies.

The vulnerability of the Blink component in Google Chrome’s browser is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to circumvent existing access restrictions by manipulating the FrameLoader.cpp and LocalFrame.cpp files...

FreeBSD : opera -- multiple vulnerabilities (73ec1008-72f0-11dd-874b-0030843d3802)

The Opera Team reports : Scripts are able to change the addresses of framed pages that come from the same site. Due to a flaw in the way that Opera checks what frames can be changed, a site can change the address of frames on other sites inside any window that it has opened. This allows sites to...

Opera Web浏览器9.52版本修复多个安全漏洞

BUGTRAQ ID: 30768 Opera是一款流行的WEB浏览器，支持多种平台。 Opera的9.52之前版本中存在多个安全漏洞，可能允许恶意用户执行欺骗和跨站脚本、泄露敏感信息或完全入侵用户系统。 1 当Opera作为协议处理器执行时存在错误，可能导致崩溃或执行任意代码。这个漏洞仅影响Windows平台上的Opera。 2 网页可以更改弹出窗口中打开的其他站点帧的地址，这可能导致向可信任站点帧中加载恶意内容。 3 处理自定义快捷方式和菜单命令时存在错误，允许以危险的参数执行应用程序。成功利用这个漏洞要求能够诱骗用户修改快捷方式或菜单文件。 4...

Microsoft IE帧位置绕过跨域安全限制漏洞

BUGTRAQ ID: 29986 Internet Explorer是微软发布的非常流行的WEB浏览器。 Internet Explorer没有正确地限制对文档帧的访问。攻击者可以用任意内容替换网页的帧的内容，Internet Explorer看起来仍在强制跨域安全模型限制恶意帧可对父文档所执行的操作。例如，其他域中的帧不可以访问父文档的cookies、HTML内容或其他帧特定的DOM组件，但组件是不受特定域约束的，如onmousedown事件。通过监控这个特殊的事件，IFRAME就可以从父文档捕获键盘输入，或执行其他恶意攻击。 Microsoft Internet Explorer...

Important: Red Hat Security Advisory: mozilla security update

Updated mozilla packages that fix various security issues are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. A bug wa...

CVE-2002-0815

The Javascript "Same Origin Policy" SOP, as implemented in 1 Netscape, 2 Mozilla, and 3 Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the...

CVE-2002-0815

The Javascript "Same Origin Policy" SOP, as implemented in 1 Netscape, 2 Mozilla, and 3 Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the...

raq2.admin.exploit.txt

To replicate this bug you must have Site Administrator access to one of the accounts on the server. When you go into the Site Management for a site and select the User Management option, you get a list of the usernames that have been setup for that account. The green pencil edit icon is a command...