SUSE-SU-2026:0700-1 Security update for the Linux Kernel (Live Patch 70 for SUSE Linux Enterprise 12 SP5)

This update for the SUSE Linux Enterprise kernel 4.12.14-122.266 fixes various security issues The following security issues were fixed: - CVE-2022-50700: wifi: ath10k: Delay the unmapping of the buffer bsc1255577. - CVE-2022-50717: nvmet-tcp: add bounds check on Transfer Tag bsc1255845...

SUSE-SU-2026:0698-1 Security update for the Linux Kernel (Live Patch 67 for SUSE Linux Enterprise 12 SP5)

This update for the SUSE Linux Enterprise kernel 4.12.14-122.255 fixes various security issues The following security issues were fixed: - CVE-2022-50700: wifi: ath10k: Delay the unmapping of the buffer bsc1255577. - CVE-2022-50717: nvmet-tcp: add bounds check on Transfer Tag bsc1255845...

@activeboxes/piece-sftp (=0.2.6), @activepieces/piece-apify (=0.2.1) +25 more potentially affected by CVE-2026-27699 via basic-ftp (>=5.0.2 <=5.1.0)

basic-ftp NPM version =5.0.2, =0.2.6, =1.0.0, =1.0.0, =2.0.18, =1.9.2, =1.2.0, =4.6.0-blowfish, =1.0.3, =1.0.4, =0.1.1, =0.2.0 and more Source cves: CVE-2026-27699 Source advisory: SNYK:JS-BASICFTP-15366428...

CVE-2026-23749

Golioth Firmware SDK version 0.19.1 prior to 0.22.0, fixed in commit 0e788217, contain an out-of-bounds read due to improper null termination of a blockwise transfer path. blockwisetransferinit accepts a path whose length equals CONFIGGOLIOTHCOAPMAXPATHLEN and copies it using strncpy without...

SUSE-SU-2026:0696-1 Security update for the Linux Kernel (Live Patch 65 for SUSE Linux Enterprise 12 SP5)

This update for the SUSE Linux Enterprise kernel 4.12.14-122.247 fixes various security issues The following security issues were fixed: - CVE-2022-50700: wifi: ath10k: Delay the unmapping of the buffer bsc1255577. - CVE-2022-50717: nvmet-tcp: add bounds check on Transfer Tag bsc1255845...

SUSE-SU-2026:0683-1 Security update for freerdp2

This update for freerdp2 fixes the following issues: - CVE-2026-22855: heap-buffer-overflow in smartcardunpacksetattribcall bsc1256721. - CVE-2026-22857: heap-use-after-free in irpthreadfunc bsc1256723. - CVE-2026-23533: improper validation can lead to heap buffer overflow in...

CVE-2026-27954

Live Helper Chat is an open-source application that enables live support websites. In versions up to and including 4.52, three chat action endpoints holdaction.php, blockuser.php, and transferchat.php load chat objects by ID without calling erLhcoreClassChat::hasAccessToRead, allowing operators t...

SUSE CVE-2026-28295

A flaw was found in the FTP GVfs backend. A malicious FTP server can exploit this vulnerability by providing an arbitrary IP address and port in its passive mode PASV response. The client unconditionally trusts this information and attempts to connect to the specified endpoint, allowing the...

EUVD-2026-8861

A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation vulnerability by supplying specially crafted file paths containing carriage return and line feed CRLF sequences. These unsanitized sequences allow the attacker to terminate intended FTP commands and...

EUVD-2026-8869

Golioth Firmware SDK version 0.19.1 prior to 0.22.0, fixed in commit 0e788217, contain an out-of-bounds read due to improper null termination of a blockwise transfer path. blockwisetransferinit accepts a path whose length equals CONFIGGOLIOTHCOAPMAXPATHLEN and copies it using strncpy without...

GO-2026-4559 Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net

Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic...

CVE-2026-23749

Golioth Firmware SDK version 0.19.1 prior to 0.22.0, fixed in commit 0e788217, contain an out-of-bounds read due to improper null termination of a blockwise transfer path. blockwisetransferinit accepts a path whose length equals CONFIGGOLIOTHCOAPMAXPATHLEN and copies it using strncpy without...

CVE-2026-23749

Golioth Firmware SDK version 0.19.1 prior to 0.22.0, fixed in commit 0e788217, contain an out-of-bounds read due to improper null termination of a blockwise transfer path. blockwisetransferinit accepts a path whose length equals CONFIGGOLIOTHCOAPMAXPATHLEN and copies it using strncpy without...

CVE-2026-23749

Golioth Firmware SDK version 0.19.1 prior to 0.22.0, fixed in commit 0e788217, contain an out-of-bounds read due to improper null termination of a blockwise transfer path. blockwisetransferinit accepts a path whose length equals CONFIGGOLIOTHCOAPMAXPATHLEN and copies it using strncpy without...

CVE-2026-23749 Golioth Firmware SDK < 0.22.0 Blockwise Transfer Path Out-of-Bounds Read

Golioth Firmware SDK version 0.19.1 prior to 0.22.0, fixed in commit 0e788217, contain an out-of-bounds read due to improper null termination of a blockwise transfer path. blockwisetransferinit accepts a path whose length equals CONFIGGOLIOTHCOAPMAXPATHLEN and copies it using strncpy without...

CVE-2026-23749 Golioth Firmware SDK < 0.22.0 Blockwise Transfer Path Out-of-Bounds Read

Golioth Firmware SDK version 0.19.1 prior to 0.22.0, fixed in commit 0e788217, contain an out-of-bounds read due to improper null termination of a blockwise transfer path. blockwisetransferinit accepts a path whose length equals CONFIGGOLIOTHCOAPMAXPATHLEN and copies it using strncpy without...

CVE-2026-23749

CVE-2026-23749 - Golioth Firmware SDK : The vulnerability affects Golioth Firmware SDK versions 0.19.1 prior to 0.22.0. The root cause is an out-of-bounds read caused by improper null termination when copying the blockwise transfer path in blockwise_transfer_init(). If the input path length equal...

DEBIAN-CVE-2026-28296

A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation vulnerability by supplying specially crafted file paths containing carriage return and line feed CRLF sequences. These unsanitized sequences allow the attacker to terminate intended FTP commands and...

CVE-2026-28296

A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation vulnerability by supplying specially crafted file paths containing carriage return and line feed CRLF sequences. These unsanitized sequences allow the attacker to terminate intended FTP commands and...

UBUNTU-CVE-2026-28296

A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation vulnerability by supplying specially crafted file paths containing carriage return and line feed CRLF sequences. These unsanitized sequences allow the attacker to terminate intended FTP commands and...