8 matches found
CVE-2026-33916
Handlebars.js CVE-2026-33916 affects 4.0.0–4.7.8 where resolvePartial() looks up partials via options.partials without guarding prototype traversal. If Object.prototype is polluted with a string key matching a partial, that string becomes the partial body and is rendered unescaped, enabling refle...
openSUSE 16 Security Update : go1.24 (openSUSE-SU-2026:20077-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20077-1 advisory. Update to go1.24.12 released 2026-01-15 bsc1236217 Security fixes: - CVE-2025-61730: crypto/tls: handshake messages may be processed at the...
CVE-2025-38433
In the Linux kernel, the following vulnerability has been resolved: riscv: fix runtime constant support for nommu kernels the runtimefixup32 function does not handle the case where val is zero correctly as might occur when patching a nommu kernel and referring to a physical address below the 4GiB...
Security update for golang-github-prometheus-prometheus
This update for golang-github-prometheus-prometheus fixes the following issues: Security issues fixed: CVE-2023-45288: Require Go = 1.23 for building bsc1236516 CVE-2025-22870: Bump golang.org/x/net to version 0.39.0 bsc1238686 Version was updated to 2.53.4 with the following bug fixes: Runtime:...
Security update for Multi-Linux Manager Client Tools
This update fixes the following issues: golang-github-prometheus-prometheus was updated to version 2.53.4: Security issues fixed: CVE-2023-45288: Require Go = 1.23 for building bsc1236516 CVE-2025-22870: Bumped golang.org/x/net to version 0.39.0 bsc1238686 Other bugs fixes from version 2.53.4:...
Security update for go1.24
This update for go1.24 fixes the following issues: Update to go1.24.3 bsc1236217: Security fixes: CVE-2025-22873: Fixed os.Root permits access to parent directory bsc1242715 Changelog: go73556 go73555 security: fix CVE-2025-22873 os: Root permits access to parent directory go73082 os: Root.Open...
PT-2024-30997 · Apple · Xcode +1
Name of the Vulnerable Software and Affected Versions: Xcode versions prior to 16 Description: A malicious application may gain access to a user's Keychain items. This issue was addressed by enabling hardened runtime. Recommendations: For versions prior to 16, update to Xcode 16 to resolve the...
CVE-2020-36784
CVE-2020-36784 affects the Linux kernel i2c Cadence driver. The vulnerability arises because pm_runtime_get_sync incorrectly increments the PM usage counter even when the operation fails in cdns_i2c_master_xfer and cdns_reg_slave, causing a reference leak. The fix is to replace the finalization w...