GHSA-58CW-G322-P94V Mistune has XSS via unescaped figclass/figwidth in Figure directive

In src/mistune/directives/image.py, the renderfigure function concatenates figclass and figwidth options directly into HTML attributes without escaping lines 152-168. This allows attribute injection and XSS even when HTMLRendererescape=True is used, because these values bypass the inline renderer...

SUSE-SU-2026:0415-1 Security update for java-17-openjdk

This update for java-17-openjdk fixes the following issues: Upgrade to upstream tag jdk-17.0.18+8 January 2026 CPU Security fixes: - CVE-2026-21925: Fixed Oracle Java SE component RMI bsc1257034. - CVE-2026-21932: Fixed Oracle Java SE component AWT and JavaFX bsc1257036. - CVE-2026-21933: Fixed...

[SECURITY] [DLA 4356-1] ublock-origin security update

Debian LTS Advisory DLA-4356-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany October 31, 2025 https://wiki.debian.org/LTS Package : ublock-origin Version : 1.67.0+dfsg-1deb11u1 Debian Bug : 1108878 Ublock-origin is a lightweight and efficient ads, malware and...

Moderate: Red Hat Security Advisory: kernel-rt security update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Mouse cursor disappears in the double dop scenario

The mouse cursor disappears in certain double-hop scenarios or when using the VirtualBox client. There appears to be a bug in the VirtualBox client rendering of 32-bit color cursors, which causes the mouse cursor to disappear. Double-hop scenarios where CWA for Linux versions prior to 2309 and CW...

SUSE-SU-2023:2958-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Firefox was updated to version 115.0.2 ESR bsc1213230: - CVE-2023-3600: Fixed Use-after-free in workers bmo1839703. Bugfixes: - Fixed a startup crash experienced by some Windows users by blocking instances of a malicious injected DLL...

SUSE CVE-2015-2729

The AudioParamTimeline::AudioNodeInputValue function in the Web Audio implementation in Mozilla Firefox before 39.0 and Firefox ESR 38.x before 38.1 does not properly calculate an oscillator rendering range, which allows remote attackers to obtain sensitive information from process memory or caus...

webkitgtk: Websites could reveal browsing history

An issue existed in the drawing of web page elements. The issue was addressed with improved logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website may reveal browsing history...

CVE-2020-6116

An arbitrary code execution vulnerability exists in the rendering functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. When drawing the contents of a page using colors from an indexed colorspace, the application can miscalculate the size of a buffer when allocating space for its colors...

DEBIAN-CVE-2017-12122

An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2image-2.0.2. A specially crafted ILBM image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability...

DEBIAN-CVE-2017-1000044

gtk-vnc 0.4.2 and older doesn't check framebuffer boundaries correctly when updating framebuffer which may lead to memory corruption when rendering...

UBUNTU-CVE-2017-1000044

gtk-vnc 0.4.2 and older doesn't check framebuffer boundaries correctly when updating framebuffer which may lead to memory corruption when rendering...

DEBIAN-CVE-2017-2818

An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger th...

Stable Channel Update

The Stable channel has been updated to 27.0.1453.116 for Windows, Macintosh and Chrome Frame platforms. Security fixes and rewards: Please see the Chromium security page for more information. Note that the referenced bugs may be kept private until a majority of our users are up to date with the...