GitHub: PATs without the required scope can leak issues

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with a classic personal access token PAT lacking the repo scope to retrieve issues and commits from private and internal repositories via the search REST API endpoints. The user...

SUSE SLES16 Security Update : libpng16 (SUSE-SU-2026:20030-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:20030-1 advisory. - CVE-2025-64505: heap buffer over-read in pngdoquantize when processing PNG files malformed palette indices bsc1254157. -...

EUVD-2006-2449

Malware in sbrugna...

EUVD-2022-38793

Malicious code in bioql PyPI...

CVE-2024-57952

In the Linux kernel, the following vulnerability has been resolved: Revert "libfs: fix infinite directory reads for offset dir" The current directory offset allocator based on mtreealloccyclic stores the next offset value to return in octx-nextoffset. This mechanism typically returns values that...

GO-2025-3408 WITHDRAWN: DefaultConfig has dangerous defaults causing hung Read in github.com/hashicorp/yamux

This report has been withdrawn with reason: "By request of maintainer in https://github.com/golang/vulndb/issues/3453". The default values for Session.config.KeepAliveInterval and Session.config.ConnectionWriteTimeout of 30s and 10s create the possibility for timed out writes that most aren't...

EulerOS 2.0 SP10 : openssl (EulerOS-SA-2025-1026)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds...

CVE-2020-1821

There are multiple out of bounds OOB read vulnerabilities in the implementation of the Common Open Policy Service COPS protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities...

PHP 8.2.x < 8.2.26 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP installed on the remote host is 8.1.x prior to 8.1.31, 8.2.x prior to 8.2.26, or 8.3.x prior to 8.3.14. It is, therefore, affected by multiple vulnerabilities: - OOB access in ldapescape. CVE-2024-8932 - Leak partial content of the...

SUSE-SU-2023:4663-1 Security update for frr

This update for frr fixes the following issues: - CVE-2023-47235: Fixed denial of service caused by malformed BGP UPDATE message with an EOR is processed bsc1216896. - CVE-2023-47234: Fixed denial of service caused by crafted BGP UPDATE message with a MPUNREACHNLRI attribute bsc1216897. -...

Forgejo Security Breach

Forgejo is a lightweight git service. A security vulnerability exists in Forgejo versions prior to 1.20.5-1. A remote attacker can use this vulnerability to read private issues, read private pull requests, delete issues, and perform other unauthorized actions...

SUSE-SU-2022:4461-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 102.6.0 ESR bsc1206242: - CVE-2022-46880: Use-after-free in WebGL - CVE-2022-46872: Arbitrary file read from a compromised content process - CVE-2022-46881: Memory corruption in WebGL - CVE-2022-46874: Dra...

CVE-2022-42900

Bentley MicroStation and MicroStation-based applications are affected by out-of-bounds read vulnerabilities when opening crafted FBX files. The root cause is an out-of-bounds read in the FBX handling code, leading to potential information disclosure and code execution. Affected versions: MicroSta...

OPENSUSE-SU-2022:2947-1 Security update for zlib

This update for zlib fixes the following issues: - CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field bsc1202175...

SUSE SLES12 Security Update : python36 (SUSE-SU-2020:0302-1)

This update for python36 to version 3.6.10 fixes the following issues : CVE-2017-18207: Fixed a denial of service in Waveread.readfmtchunk bsc1083507. CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ signs bsc1149955. CVE-2019-15903: Fixed a heap-based buffer over-read...

SUSE-SU-2019:1962-1 Security update for openexr

This update for openexr fixes the following issues: Security issue fixed: - CVE-2017-9111: Fixed an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h bsc1040109. - CVE-2017-9113: Fixed an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp...

OPENSUSE-SU-2019:1573-1 Security update for php7

This update for php7 fixes the following issues: Security issues fixed: - CVE-2019-9637: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension bsc1128892. - CVE-2019-9675: Fixed improper implementation of rename function and multiple invalid memory...

MGASA-2017-0180 Updated thunderbird packages fix security vulnerability and bugs

Use-after-free using destroyed node when regenerating trees CVE-2017-5472. Use-after-free during docshell reloading CVE-2017-7749. Use-after-free with track elements CVE-2017-7750. Use-after-free with content viewer listeners CVE-2017-7751. Use-after-free with IME input CVE-2017-7752. Out-of-boun...

SUSE-SU-2017:0967-1 Security update for gstreamer

This update for gstreamer fixes the following security issues: - A crafted AVI file could have caused an invalid memory read, possibly causing DoS or corruption bsc1024051, CVE-2017-5838...

SUSE-SU-2017:0966-1 Security update for gstreamer

This update for gstreamer fixes the following security issues: - A crafted AVI file could have caused an invalid memory read, possibly causing DoS or corruption bsc1024051, CVE-2017-5838...