openSUSE: Security Advisory for vlc (openSUSE-SU-2023:0366-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Withdrawn Advisory: Helm shows secrets in clear text

Withdrawn Advisory This advisory has been withdrawn because the issue describes intended behavior and the output is not exposed to unauthorized users. This link has been maintained to preserve external references. Original Description An issue was discovered in Cloud Native Computing Foundation...

CVE-2019-25210

An issue was discovered in Cloud Native Computing Foundation CNCF Helm through 3.13.3. It displays values of secrets when the --dry-run flag is used. This is a security concern in some use cases, such as a --dry-run call by a CI/CD tool. NOTE: the vendor's position is that this behavior was...

DEBIAN-CVE-2024-26621

In the Linux kernel, the following vulnerability has been resolved: mm: hugememory: don't force huge page alignment on 32 bit commit efa7df3e3bb5 "mm: align larger anonymous mappings on THP boundaries" caused two issues 1 2 reported on 32 bit system or compat userspace. It doesn't make too much...

UBUNTU-CVE-2024-26621

In the Linux kernel, the following vulnerability has been resolved: mm: hugememory: don't force huge page alignment on 32 bit commit efa7df3e3bb5 "mm: align larger anonymous mappings on THP boundaries" caused two issues 1 2 reported on 32 bit system or compat userspace. It doesn't make too much...

CVE-2024-0560

A vulnerability was found in 3Scale, when used with Keycloak 15 or RHSSO 7.5.0 and superiors. When the authtype is use3scaleoidcissuerendpoint, the Token Introspection policy discovers the Token Introspection endpoint from the tokenintrospectionendpoint field, but the field was removed on RH-SSO...

CVE-2023-52453

In the Linux kernel, the following vulnerability has been resolved: hisiaccvfiopci: Update migration data pointer correctly on saving/resume When the optional PRECOPY support was added to speed up the device compatibility check, it failed to update the saving/resuming data pointers based on the f...

DEBIAN-CVE-2023-52453

In the Linux kernel, the following vulnerability has been resolved: hisiaccvfiopci: Update migration data pointer correctly on saving/resume When the optional PRECOPY support was added to speed up the device compatibility check, it failed to update the saving/resuming data pointers based on the f...

CVE-2023-52453 hisi_acc_vfio_pci: Update migration data pointer correctly on saving/resume

In the Linux kernel, the following vulnerability has been resolved: hisiaccvfiopci: Update migration data pointer correctly on saving/resume When the optional PRECOPY support was added to speed up the device compatibility check, it failed to update the saving/resuming data pointers based on the f...

CVE-2023-52453

In the Linux kernel, the following vulnerability has been resolved: hisiaccvfiopci: Update migration data pointer correctly on saving/resume When the optional PRECOPY support was added to speed up the device compatibility check, it failed to update the saving/resuming data pointers based on the f...

SUSE-SU-2024:0577-1 Security update for python-aiohttp, python-time-machine

This update for python-aiohttp, python-time-machine fixes the following issues: python-aiohttp was updated to version 3.9.3: Fixed backwards compatibility breakage in 3.9.2 of ssl parameter when set outside of ClientSession e.g. directly in TCPConnector Improved test suite handling of paths and...

Exploit for Improper Access Control in Joomla Joomla\!

Joomla! options Arguments - url: Root URL base...

CVE-2020-36774

plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a denial of service application crash...

SUSE-SU-2024:0486-1 Security update for SUSE Manager Client Tools

This update fixes the following issues: golang-github-lusitaniae-apacheexporter: - Do not strip if SUSE Linux Enterprise 15 SP3 - Exclude debug for Red Hat Enterprise Linux = 8 - Build with Go = 1.20 when the OS is not Red Hat Enterprise Linux golang-github-prometheus-alertmanager: - Create...

Denial of Service (DoS)

Overview Microsoft.AspNetCore.App.Runtime.win-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS when parsing X509 certificates...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to QOS.ch Sarl Logback denial of service vulnerability ( CVE-2023-6378)

Summary Potential QOS.ch Sarl Logback denial of service vulnerability CVE-2023-6378 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-6378...

Moderate: Red Hat Security Advisory: nss security update

An update for nss is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

SUSE-SU-2024:0444-1 Security update for suse-build-key

This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service bsc1217215 bsc1216410 jscPED-2777. - suse-build-key-import.service -...

rpm security update

4.14.3-28.0.2 - Import additional patches to fix regressions with CVE-2021-35937, CVE-2021-35938 and CVE-2021-35939 patchset Orabug: 36256318 4.14.3-28.0.1 - Fixed infinte loop for dbcreate with error check Orabug: 36202920 4.14.3-28 - Backport file handling code from rpm-4.19 to fix...

SUSE-SU-2024:0279-1 Security update for slurm

This update for slurm fixes the following issues: Security fixes: - CVE-2023-41914: Prevent filesystem race conditions that could let an attacker take control of an arbitrary file, or remove entire directories' contents. bsc1216207 - CVE-2023-49933: Prevent message extension attacks that could...