CVE-2022-49520 arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall

In the Linux kernel, the following vulnerability has been resolved: arm64: compat: Do not treat syscall number as ESRELx for a bad syscall If a compat process tries to execute an unknown system call above the ARMNRCOMPATEND number, the kernel sends a SIGILL signal to the offending process...

CVE-2022-49158 scsi: qla2xxx: Fix warning message due to adisc being flushed

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix warning message due to adisc being flushed Fix warning message due to adisc being flushed. Linux kernel triggered a warning message where a different error code type is not matching up with the expected type. A...

CVE-2022-49129

In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: fix crash when startup fails. If the nic fails to start, it is possible that the resetwork has already been scheduled. Ensure the work item is canceled so we do not have use-after-free crash in case cleanup is calle...

Important: Red Hat Security Advisory: RHTAS 1.1.1 - Red Hat Trusted Artifact Signer Release

The 1.1.1 release of Red Hat Trusted Artifact Signer OpenShift Operator. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.1 The RHTAS Operator can be used with OpenShift Container Platform 4.14, 4.15, 4.16 and...

OpenH264 Rust API Openh264 Decoding Functions Heap Overflow Vulnerability

OpenH264 recently reported a heap overflow that was fixed in upstream 63db555 and integrated into our 0.6.6 release. For users relying on Cisco's pre-compiled DLL, we also published 0.8.0, which is compatible with their latest fixed DLL version 2.6.0. In other words: - if you rely on our source...

Security update for qemu

This update for qemu fixes the following issues: CVE-2024-8612: Fixed information leak in virtio devices bsc1230915. CVE-2024-7409: Fixed denial of service via improper synchronization in QEMU NBD Server during socket closure bsc1229007. CVE-2024-3447: Fixed heap buffer overflow in...

CVE-2025-25196

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.4 Helm chart openfga-0.2.22, docker v.1.8.4 are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Users on OpenFGA...

CVE-2024-45778

A stack overflow flaw was found when reading a BFS file system. A crafted BFS filesystem may lead to an uncontrolled loop, causing grub2 to crash...

CVE-2025-26466

A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to ...

CVE-2025-24875

SAP Commerce, by default, sets certain cookies with the SameSite attribute configured to None SameSite=None. This includes authentication cookies utilized in SAP Commerce Backoffice. Applying this setting reduces defense in depth against CSRF and may lead to future compatibility issues...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Wifi: cfg80211: Set correct chandef when starting CAC When starting CAC in a mode other than AP mode, it returns a message: “WARNING: CPU: 0 PID: 63 at cfg80211chandefdfsusable+0x20/0xaf cfg80211” This issue is caused by the...

CVE-2025-24875

CVE-2025-24875 corresponds to SAP Commerce where the Backoffice authentication cookies are by default configured with SameSite=None. Root cause: cookies set to None, weakening CSRF protections. Impact: CSRF risk with potential confidentiality/integrity concerns; exploitation status not detailed i...

SAP Commerce 跨站请求伪造漏洞

SAP Commerce is a suite of cloud-based e-commerce platforms from Germany's SAP. It supports sales management, marketing management, order management and operations management. A cross-site request forgery vulnerability exists in SAP Commerce, which stems from a misconfiguration that can lead to...

thunderbird security update

128.7.0-1.0.1 - Fix prefs for new nss Orabug: 37079813 - Add Oracle prefs 128.7.0 - Add OpenELA debranding 128.7.0-1 - Update to 128.2.0 build1...

Curl 7.10.5 < 8.12.0 Integer Overflow (CVE-2025-0725)

When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the CURLOPTACCEPTENCODING option, using zlib 1.2.0.3 or older, an attacker-controlled integer overflow would make libcurl perform a buffer overflow. Note that Nessus has not tested for this issue...

Azure Linux 3.0 Security Update: kernel (CVE-2024-50038)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-50038 advisory. - In the Linux kernel, the following vulnerability has been resolved: netfilter: xtables: avoid NFPROTOUNSPEC...

OPENSUSE-SU-2025:0056-1 Security update for trivy

This update for trivy fixes the following issues: Update to version 0.58.2 boo1234512, CVE-2024-45337, boo1235265, CVE-2024-45338: fixmisconf: allow null values only for tf variables backport: release/v0.58 8238 fixsuse: SUSE - update OSType constants and references for compatility backport:...

CVE-2025-23811

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ghasemy14 WP2APP wp2appir allows Reflected XSS.This issue affects WP2APP: from n/a through = 2.6.2...

CVE-2022-41934

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights on commonly accessible documents including the menu macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki...

CVE-2024-27935

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.35.1 and prior to version 1.36.3, a vulnerability in Deno's Node.js compatibility runtime allows for cross-session data contamination during simultaneous asynchronous reads from Node.js streams sourced from sockets o...