OPENSUSE-SU-2026:20770-1 Security update for git-bug

This update for git-bug fixes the following issues: Changes in git-bug: - CVE-2026-1229: CIRCL had an incorrect calculation in secp384r1 CombinedMult bsc1265416, GO-2026-4550: updated github.com/cloudflare/circl to v1.6.3 - CVE-2026-41506: HTTP authentication credential leak when following...

PT-2026-29156

Name of the Vulnerable Software and Affected Versions go-git versions prior to 5.17.1 Description The go-git library’s index decoder for Git index format version 4 does not properly validate the path name prefix length before applying it to the previously decoded path name. A specially crafted...

CVE-2024-46209

A stored cross-site scripting XSS vulnerability in the component /media/test.html of REDAXO CMS v5.17.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the password parameter...

CVE-2024-46212

An issue in the component /index.php?page=backup/export of REDAXO CMS v5.17.1 allows attackers to execute a directory traversal...

GSD-2022-1001333 netfilter: nf_tables: initialize registers in nft_do_chain()

netfilter: nftables: initialize registers in nftdochain This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.1 by commit...

GSD-2022-1001332 ALSA: oss: Fix PCM OSS buffer allocation overflow

ALSA: oss: Fix PCM OSS buffer allocation overflow This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.1 by commit...

GSD-2022-1001331 ALSA: pcm: Fix races among concurrent hw_params and hw_free calls

ALSA: pcm: Fix races among concurrent hwparams and hwfree calls This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.1 by commit...

GSD-2022-1001330 jbd2: fix use-after-free of transaction_t race

jbd2: fix use-after-free of transactiont race This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.1 by commit...

GSD-2022-1001328 uaccess: fix integer overflow on access_ok()

uaccess: fix integer overflow on accessok This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.1 by commit...

GSD-2022-1001327 ALSA: pcm: Fix races among concurrent prealloc proc writes

ALSA: pcm: Fix races among concurrent prealloc proc writes This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.1 by commit...

GSD-2022-1001304 ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock

ALSA: pcm: Fix potential AB/BA lock with buffermutex and mmaplock This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.2 by commit...