SUSE CVE-2026-20691

An authorization issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. A maliciously crafted webpage may be able to fingerprint the user...

SUSE CVE-2026-24028

An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses newDNSPacketOverlay to parse DNS packets. The out-of-bounds read might trigger a crash, leading to a denial of service, or access unrelated memory, leading to potential...

SUSE CVE-2026-24029

When the earlyacldrop earlyACLDrop in Lua option is disabled default is enabled on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skipped, allowing all clients to send DoH queries regardless of the configured ACL...

SUSE CVE-2026-24030

An attacker might be able to trick DNSdist into allocating too much memory while processing DNS over QUIC or DNS over HTTP/3 payloads, resulting in a denial of service. In setups with a large quantity of memory available this usually results in an exception and the QUIC connection is properly...

SUSE CVE-2026-27853

An attacker might be able to trigger an out-of-bounds write by sending crafted DNS responses to a DNSdist using the DNSQuestion:changeName or DNSResponse:changeName methods in custom Lua code. In some cases the rewritten packet might become larger than the initial response and even exceed 65535...

SUSE CVE-2026-27854

An attacker might be able to trigger a use-after-free by sending crafted DNS queries to a DNSdist using the DNSQuestion:getEDNSOptions method in custom Lua code. In some cases DNSQuestion:getEDNSOptions might refer to a version of the DNS packet that has been modified, thus triggering a...

SUSE CVE-2026-28857

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may lead to an unexpected process crash...

SUSE CVE-2026-28859

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A malicious website may be able to process restricted web content outside the sandbox...

SUSE CVE-2026-28861

A logic issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. A malicious website may be able to access script message handlers intended for other origins...

SUSE CVE-2026-28871

A logic issue was addressed with improved checks. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4. Visiting a maliciously crafted website may lead to a cross-site scripting attack...

SUSE CVE-2026-32714

SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the KeyCache class in scitokens was vulnerable to SQL Injection because it used Python's str.format to construct SQL queries with user-supplied data such as issuer and keyid. This allowed an attacker to...

SUSE CVE-2026-32716

SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the Enforcer incorrectly validates scope paths by using a simple prefix match startswith. This allows a token with access to a specific path e.g., /john to also access sibling paths that start with the sa...

SUSE CVE-2026-32727

SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.7, the Enforcer is vulnerable to a path traversal attack where an attacker can use dot-dot .. in the scope claim of a token to escape the intended directory restriction. This occurs because the library...

SUSE CVE-2026-33952

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, an unvalidated authlength field read from the network triggers a WINPRASSERT failure in rtsreadauthverifiernochecks, causing any FreeRDP client connecting through a malicious RDP Gateway to crash with SIGABR...

SUSE CVE-2026-33977

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a malicious RDP server can crash the FreeRDP client by sending audio data in IMA ADPCM format with an invalid initial step index value = 89. The unvalidated step index is read directly from the network and...

SUSE CVE-2026-33982

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, there is a heap-buffer-overflow READ vulnerability at 24 bytes before the allocation, in winpralignedoffsetrecalloc. This issue has been patched in version 3.24.2...

SUSE CVE-2026-33983

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, progressivedecompresstileupgrade detects a mismatch via progressiverfxquantcmpequal but only emits WLogWARN, execution continues. The wrapped value 247 is used as a shift exponent, causing undefined behavior...

SUSE CVE-2026-33984

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in resizevbarentry in libfreerdp/codec/clear.c, vBarEntry-size is updated to vBarEntry-count before the winpralignedrecalloc call. If realloc fails, size is inflated while pixels still points to the old,...

SUSE CVE-2026-33985

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, pixel data from adjacent heap memory is rendered to screen, potentially leaking sensitive data to the attacker. This issue has been patched in version 3.24.2...

SUSE CVE-2026-33986

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in yuvensurebuffer in libfreerdp/codec/h264.c, h264-width and h264-height are updated before the reallocation loop. If any winpralignedrecalloc call fails, the function returns FALSE but width/height are...

SUSE CVE-2026-33987

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in persistentcachereadentryv3 in libfreerdp/cache/persistent.c, persistent-bmpSize is updated before winpralignedrecalloc. If realloc fails, bmpSize is inflated while bmpData points to the old buffer. This...

SUSE CVE-2026-33995

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a double-free vulnerability in kerberosAcceptSecurityContext and kerberosInitializeSecurityContextA WinPR, winpr/libwinpr/sspi/Kerberos/kerberos.c can cause a crash in any FreeRDP clients on systems where...

SUSE CVE-2026-34041

act is a project which allows for local running of github actions. Prior to version 0.2.86, act unconditionally processes the deprecated ::set-env:: and ::add-path:: workflow commands, which was disabled due to environment injection risks. When a workflow step echoes untrusted data to stdout, an...

SUSE CVE-2026-34042

act is a project which allows for local running of github actions. Prior to version 0.2.86, act's built in actions/cache server listens to connections on all interfaces and allows anyone who can connect to it including someone anywhere on the internet to create caches with arbitrary keys and...

SUSE CVE-2026-34714

Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %expr injection occurs with tabpanel lacking PMLE...

SUSE CVE-2016-20038

yTree 1.94-1.1 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an excessively long argument to the application. Attackers can craft a malicious command-line argument containing shellcode and a return address to overwrite the...

SUSE CVE-2016-20044

PInfo 0.6.9-5.1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -m parameter. Attackers can craft a malicious input string with 564 bytes of padding followed by a return address to overwrite the...

SUSE CVE-2017-20229

MAWK 1.3.3-17 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Attackers can craft malicious input that overflows the stack buffer and execute a return-oriented programmi...

SUSE CVE-2026-3945

An integer overflow vulnerability in the HTTP chunked transfer encoding parser in tinyproxy up to and including version 1.11.3 allows an unauthenticated remote attacker to cause a denial of service DoS. The issue occurs because chunk size values are parsed using strtol without properly validating...

SUSE CVE-2026-4176

Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib. Compress::Raw::Zlib is included in the Perl package as a dual-life core module, and is vulnerable to CVE-2026-3381 due to a vendored version of...

SUSE CVE-2026-5037

A vulnerability was determined in mxml up to 4.0.4. This issue affects the function indexsort of the file mxml-index.c of the component mxmlIndexNew. Executing a manipulation of the argument tempr can lead to stack-based buffer overflow. The attack is restricted to local execution. The exploit ha...

SUSE CVE-2026-5107

A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function processtype2route of the file bgpd/bgpevpn.c of the component EVPN Type-2 Route Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack is considered to ha...

SUSE CVE-2026-5119

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...

SUSE CVE-2026-27876

A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact RCE. This is enabled by a feature in Grafana OSS, so all users are always recommended to update to avoid future attack vectors going this path. Only instances with the...

SUSE CVE-2026-27877

When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve...

SUSE CVE-2026-27879

A resample query can be used to trigger out-of-memory crashes in Grafana...

SUSE CVE-2026-27880

The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes...

SUSE CVE-2026-28375

A testdata data-source can be used to trigger out-of-memory crashes in Grafana...

SUSE CVE-2026-32241

Flannel is a network fabric for containers, designed for Kubernetes. The Flannel project includes an experimental Extension backend that allows users to easily prototype new backend types. In versions of Flannel prior to 0.28.2, this Extension backend is vulnerable to a command injection that...

SUSE CVE-2026-33433

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.42, 3.6.11, and 3.7.0-ea.3, when headerField is configured with a non-canonical HTTP header name e.g., x-auth-user instead of X-Auth-User, an authenticated attacker can inject their own canonical version of that header to...

SUSE CVE-2026-33748

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is...

SUSE CVE-2026-33870

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Versions 4.1.132.Final and 4.2.10.Final fi...

SUSE CVE-2026-33871

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on the number of...

SUSE CVE-2026-33936

The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdDSA Edwards-curve Digital Signature Algorithm and ECDH Elliptic Curve Diffie-Hellman. Prior to version 0.19.2, an issue in the low-level D...

SUSE CVE-2019-8400

ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/fallbacks/error errorhint parameter...

SUSE CVE-2020-14391

A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface. This flaw allows a local attacker to discover the Red Hat Custom...

SUSE CVE-2026-23400

In the Linux kernel, the following vulnerability has been resolved: rustbinder: call setnotificationdone without proc lock Consider the following sequence of events on a death listener: 1. The remote process dies and sends a BRDEADBINDER message. 2. The local process invokes the...

SUSE CVE-2025-59028

When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes hea...

SUSE CVE-2025-59031

Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip-style attachments. Attacker can use specially crafted OOXML documents to cause unintended files on the system to be indexed and subsequently ending up in FTS indexes. Do not use the provided...

SUSE CVE-2025-59032

ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access to ManageSieve port, or disable the service if it's not needed. Alternatively upgrade to a fixed...