247 matches found
OPENSUSE-SU-2026:20589-1 Security update for tor
This update for tor fixes the following issues: Changes in tor: - update to 0.4.8.23: Fix a memory compare using the wrong length. This could lead to a remote crash when using the conflux subsystem TROVE-2026-004, boo1262302 Fix a series of defense in depth security issues found across the codeba...
CVE-2026-40336
libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have a memory leak in ptpunpackSonyDPD in camlibs/ptp2/ptp-pack.c lines 884–885. When processing a secondary enumeration list introduced in 2024+ Sony cameras, the function overwrites dpd-FORM.Enum.SupportedVal...
PT-2026-49605
Name of the Vulnerable Software and Affected Versions Squid versions prior to 7.6 Description A memory leak issue known as Squidbleed exists in the Squid web proxy. The flaw originates from a 1997 code change in the FTP directory-listing parser, where a misunderstanding of how the strchr function...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007246)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007246 advisory. In the Linux kernel, the following vulnerability has been resolved: tracing/histograms: Add histograms to histvars if they have referenced variables Hist triggers ca...
firefox: thunderbird: Use-after-free in the CSS Parsing and Computation component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the CSS Parsing and Computation component...
Linux Distros Unpatched Vulnerability : CVE-2026-5735
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough...
CVE-2026-5734
Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was...
SUSE-SU-2026:20932-1 Security update for ffmpeg-7
This update for ffmpeg-7 fixes the following issues: - Updated to version 7.1.2: avcodec/librsvgdec: fix compilation with librsvg 2.50.3 libavfilter/affirequalizer: Add check for avmallocarray avcodec/libsvtav1: unbreak build with latest svtav1 avformat/hls: Fix Youtube AAC Various bugfixes...
CVE-2026-4441
Use after free in Base in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...
SUSE CVE-2026-32259
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9.13-41, when a memory allocation fails in the sixel encoder it would be possible to write past the end of a buffer on the stack. This vulnerability is fixed in 7.1.2-16 and...
CLSA-2026-1773047921 kernel: Fix of 70 CVEs
wifi: iwlwifi: mvm: guard against invalid STA ID on removal CVE-2024-36921 - ASoC: topology: Fix references to freed memory CVE-2024-41069 - net/sched: actmirred: don't override retval if we already lost the skb CVE-2024-26739 - drivers: base: Free devm resources when unregistering a device...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : NSS vulnerability (USN-8071-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8071-1 advisory. It was discovered that NSS incorrectly handled memory when performing certain GHASH operations. A remote attacker could use this issue to caus...
RHEL 8 : kernel (RHSA-2026:3360)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3360 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: RDMA/core: Fix KASAN:...
SUSE-SU-2026:0731-1 Security update for the Linux Kernel (Live Patch 31 for SUSE Linux Enterprise 15 SP5)
This update for the SUSE Linux Enterprise kernel 5.14.21-150500.55.124 fixes various security issues The following security issues were fixed: - CVE-2022-50700: wifi: ath10k: Delay the unmapping of the buffer bsc1255577. - CVE-2023-54142: gtp: Fix use-after-free in gtpencapdestroy bsc1256097. -...
OESA-2026-1471 firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global mozdebugprefix /lib/debug %global mozdebugdir /lib/debug/ %global unamem %uname -m %global symbolsfilename -.en-US.-%uname.crashreporter-symbols.zip %global symbolsfilepath...
SUSE CVE-2026-25997
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfclipboardformatequal reads freed lastSentFormats memory because xfclipboardformatsfree called from the cliprdr channel thread during auto-reconnect frees the array while the X11 event thread concurrently...
Missing Release of Memory after Effective Lifetime
Overview Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime in msl.c. An attacker can cause memory exhaustion and disrupt service availability by submitting malicious image files. Remediation A fix was pushed into the master branch but not yet...
Update Chrome now: Zero-day bug allows code execution via malicious webpages
Google has issued a patch for a high‑severity Chrome zero‑day, tracked as CVE‑2026‑2441, a memory bug in how the browser handles certain font features that attackers are already exploiting. CVE-2026-2441 has the questionable honor of being the first Chrome zero-day of 2026. Google considered it...
GHSA-XX7M-69FF-9CRP SurrealDB vulnerable to Denial of Service through scripting function memory edge case
In SurrealDB instances with the scripting capability enabled --allow-scripting, users with the ability to run arbitrary queries can trigger a server crash due to a memory-safety bug in the underlying JS engine. The SurrealDB instance terminates instantly, requiring a manual restart. The query...
ALSA-2026:2378 Moderate: kernel-rt security update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: vsock/vmci: Clear the vmci transport packet properly when initializing it CVE-2025-38403 kernel: net: use dstdevrcu in sksetupcaps...