openSUSE 16 Security Update : wireshark (openSUSE-SU-2026:20685-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20685-1 advisory. This update for wireshark fixes the following issues - CVE-2026-3201: missing limit checks in USB HID protocol dissector's parsereportdescriptor...

CVE-2026-41684

Incus is a system container and virtual machine manager. Prior to version 7.0.0, backup.GetInfo trusts the inline backup/index.yaml config when present and only falls back to parsing the legacy backup/container/backup.yaml file if result.Config == nil. As a result, an archive can carry a valid...

InfraRecorder 安全漏洞

InfraRecorder is a tool software developed by InfraRecorder Inc. designed for burning discs and creating disc images. Version 0.53 of InfraRecorder contains a security vulnerability. This vulnerability stems from a denial-of-service attack when importing malicious text files. It is possible for...

CVE-2019-25553 CEWE PHOTO IMPORTER 6.4.3 Denial of Service via Malformed Image

CEWE PHOTO IMPORTER 6.4.3 contains a denial of service vulnerability that allows local attackers to crash the application by importing a specially crafted image file. Attackers can create a malformed JPG file with an oversized buffer and trigger the crash through the import functionality during t...

PT-2026-26895

Encrypt PDF 2.3 contains a buffer overflow vulnerability that allows local attackers to crash the application by inputting excessively long strings into password fields. Attackers can paste a 1000-byte buffer into the User Password or Master Password field in the Settings dialog to trigger an...

CVE-2025-8402

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.10.x = 10.10.0, 10.9.x = 10.9.3 fail to validate import data which allows a system admin to crash the server via the bulk import feature...

SUSE-SU-2025:01660-2 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 128.10.1. Security fixes: - MFSA 2025-34 bsc1243216 CVE-2025-3875: Sender Spoofing via Malformed From Header in Thunderbird. CVE-2025-3877: Unsolicited File Download, Disk Space Exhaustion, and Credential...

CVE-2025-32944

CVE-2025-32944 affects PeerTube where, if user import is enabled, any authenticated user can upload an archive. The vulnerability stems from the yauzl archive reader: when it encounters an illegal filename, it raises an exception that PeerTube does not catch, causing a crash that repeats on start...

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird ESR 128.9 MFSA 2025-24 bsc1240083 CVE-2025-3028: Use-after-free triggered by XSLTProcessor CVE-2025-3029: URL Bar Spoofing via non-BMP Unicode characters CVE-2025-3030: Memory safety bugs fixed in Firefox 137,...

SUSE-SU-2025:1157-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird ESR 128.9 MFSA 2025-24 bsc1240083 CVE-2025-3028: Use-after-free triggered by XSLTProcessor CVE-2025-3029: URL Bar Spoofing via non-BMP Unicode characters CVE-2025-3030: Memory safety bugs fixed in Firefox 137,...

CVE-2023-25742

When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

GHSA-JVHC-5HHR-W3V5 TensorFlow vulnerable to assertion fail on MLIR empty edge names

Impact When mlir::tfg::ConvertGenericFunctionToFunctionDef is given empty function attributes, it crashes. cpp // We pre-allocate the array of operands and populate it using the // outputnametoposition and controloutputtoposition populated // previously. SmallVector retvalsfunc.retsize +...

openssl: use-after-free on invalid EC private key import

A use-after-free flaw was found in the way OpenSSL imported malformed Elliptic Curve private keys. A specially crafted key file could cause an application using OpenSSL to crash when imported...