OPENSUSE-SU-2026:20812-1 Security update for cups

This update for cups fixes the following issues - CVE-2026-27447: Authorization bypass via case-insensitive group-member lookup bsc1261572. - CVE-2026-34978: Path traversal in RSS notify-recipient-uri enables file write outside CacheDir/rss bsc1261571. - CVE-2026-34979: Heap overflow in getoption...

SUSE-SU-2026:21871-1 Security update for cups

This update for cups fixes the following issues - CVE-2026-27447: Authorization bypass via case-insensitive group-member lookup bsc1261572. - CVE-2026-34978: Path traversal in RSS notify-recipient-uri enables file write outside CacheDir/rss bsc1261571. - CVE-2026-34979: Heap overflow in getoption...

CVE-2026-42446 NanaZip: Stack out-of-bounds read in NanaZip ZealFS bitmap parser

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a stack-based out-of-bounds read exists in the ZealFS filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted ZealFS v1 filesystem image. An attacker-controlled BitmapSize field in the...

PT-2026-40360

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a stack-based out-of-bounds read exists in the ZealFS filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted ZealFS v1 filesystem image. An attacker-controlled BitmapSize field in the...

CVE-2026-43453

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: fix stack out-of-bounds read in pipapodrop pipapodrop passes rulemapi + 1.n to pipapounmap as the tooffset argument on every iteration, including the last one where i == m-fieldcount - 1. This reads one...

CVE-2026-43453

CVE-2026-43453 is a Linux kernel issue in the netfilter nft_set_pipapo path. The bug is a stack out-of-bounds read in pipapo_drop(), where rulemap[i+1].n is passed to pipapo_unmap() on every iteration, including the last when i == m->field_count-1. This reads past the end of the stack-allocate...

MiracleLinux 9 : glibc-2.34-60.el9.7 (AXSA:2023-6486:05)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6486:05 advisory. glibc: buffer overflow in ld.so leading to privilege escalation CVE-2023-4911 glibc: Stack read overflow in getaddrinfo in no-aaaa mode CVE-2023-452...

MiracleLinux 8 : glibc-2.28-225.el8.6 (AXSA:2023-6476:04)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6476:04 advisory. glibc: buffer overflow in ld.so leading to privilege escalation CVE-2023-4911 glibc: Stack read overflow in getaddrinfo in no-aaaa mode CVE-2023-452...

MiracleLinux 8 : kernel-4.18.0-477.27.1.el8_8 (AXSA:2023-6444:26)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6444:26 advisory. kernel: ipvlan: out-of-bounds write caused by unclear skb-cb CVE-2023-3090 kernel: UAF in nftables when nftsetlookupglobal triggered after handling...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002792)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002792 advisory. The checkstackboundary function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service memory corruption or...

CVE-2025-12829

An uninitialized stack read issue exists in Amazon Ion-C versions v1.1.4 that may allow a threat actor to craft data and serialize it to Ion text in such a way that sensitive data in memory could be exposed through UTF-8 escape sequences. To mitigate this issue, users should upgrade to version...

CVE-2025-12829

An uninitialized stack read issue exists in Amazon Ion-C versions v1.1.4 that may allow a threat actor to craft data and serialize it to Ion text in such a way that sensitive data in memory could be exposed through UTF-8 escape sequences. To mitigate this issue, users should upgrade to version...

CVE-2025-12829

An uninitialized stack read issue exists in Amazon Ion-C versions v1.1.4 that may allow a threat actor to craft data and serialize it to Ion text in such a way that sensitive data in memory could be exposed through UTF-8 escape sequences. To mitigate this issue, users should upgrade to version...

EUVD-2025-38328

An uninitialized stack read issue exists in Amazon Ion-C versions v1.1.4 that may allow a threat actor to craft data and serialize it to Ion text in such a way that sensitive data in memory could be exposed through UTF-8 escape sequences. To mitigate this issue, users should upgrade to version...

CVE-2025-12829

An uninitialized stack read issue exists in Amazon Ion-C versions v1.1.4 that may allow a threat actor to craft data and serialize it to Ion text in such a way that sensitive data in memory could be exposed through UTF-8 escape sequences. To mitigate this issue, users should upgrade to version...

PT-2025-45475

Name of the Vulnerable Software and Affected Versions Amazon Ion-C versions prior to 1.1.4 Description An uninitialized stack read issue exists that may allow an attacker to craft data and serialize it to Ion text. This could expose sensitive data in memory through UTF-8 escape sequences...

EUVD-2017-9004

Malware in sbrugna...

EUVD-2015-8776

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2025-3031

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function. This vulnerability was fixed in Firefox 137 and Thunderbird 137...

Astra Linux – Vulnerability in Firefox

An attacker could read 32 bits of values that were spilled onto the stack in a JIT-compiled function. This vulnerability was fixed in Firefox 137 and Thunderbird 137...