CVE-2024-2212

In Eclipse ThreadX before 6.4.0, xQueueCreate and xQueueCreateSet functions from the FreeRTOS compatibility API utility/rtoscompatibilitylayers/FreeRTOS/txfreertos.c were missing parameter checks. This could lead to integer wraparound, under-allocations and heap buffer overflows...

Security update for nvidia-open-driver-G06-signed

This update for nvidia-open-driver-G06-signed fixes the following issues: Make sure the correct FW package is installed on non-CUDA. only obsolete 555 CUDA driver/firmware packages For CUDA: update version to 565.57.01 Add 'dummy' firmware package on SLE to work around update issues. On SLE, the...

SUSE-SU-2025:20013-1 Security update for podman

This update for podman fixes the following issues: - CVE-2024-6104: Fixed dependency issue with go-retryablehttp: url might write sensitive information to log file bsc1227052. - Update to version 4.9.5: Bump to v4.9.5 Update release notes for v4.9.5 fix "concurrent map writes" in network ls compa...

CLSA-2025-1738170434 Fix CVE(s): CVE-2024-12747

SECURITY UPDATE: race condition during rsync's handling of symbolic links - debian/patches/CVE-2024-12747.patch: prevent symlink race preventing a normal file from being replaced by a symlink - CVE-2024-12747 debian/rules, debian/patches/series: use series file to manage patches...

[SECURITY] Fedora 41 Update: vaultwarden-1.32.7-4.fc41

Unofficial Bitwarden compatible server...

Security Bulletin: Vulnerability in Elastic Elasticsearch ( CVE-2024-23444) may affect IBM watsonx Assistant for IBM Cloud Pak for Data

Summary A potential sensitive information disclosure vulnerability CVE-2024-23444 has been identified related to Elastic Elasticsearch that may affect IBM watsonx Assistant for IBM Cloud Pak for Data. This vulnerability have been addressed. Refer to details for additional information. Vulnerabili...

CVE-2024-54537

This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2, macOS Ventura 13.7.2. An app may be able to read and write files outside of its sandbox...

synacktiv-rules

synacktiv-rules Public repository of Sigma and YARA/YARA-X ru...

Fedora 40 : glibc (2025-69207650a4)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-69207650a4 advisory. This update addresses two security vulnerabilities: CVE-2025-0395: A buffer overflow may occur in the assert function with certain large program nam...

CVE-2025-22267

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpweaver Weaver Themes Shortcode Compatibility weaver-themes-shortcode-compatibility allows Stored XSS.This issue affects Weaver Themes Shortcode Compatibility: from n/a through = 1.0.4...

CVE-2025-22267 WordPress Weaver Themes Shortcode Compatibility Plugin <= 1.0.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bruce Wampler Weaver Themes Shortcode Compatibility allows Stored XSS. This issue affects Weaver Themes Shortcode Compatibility: from n/a through 1.0.4...

WordPress plugin Weaver Themes Shortcode Compatibility 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exist...

WordPress Weaver Themes Shortcode Compatibility Plugin <= 1.0.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 Patchstack Alliance in WordPress Plugin Weaver Themes Shortcode Compatibility versions = 1.0.4...

[SECURITY] Fedora 41 Update: golang-github-aws-smithy-1.22.1-1.fc41

Smithy code generators for Go in development...

CVE-2024-57839

In the Linux kernel, the following vulnerability has been resolved: Revert "readahead: properly shorten readahead when falling back to dopagecachera" This reverts commit 7c877586da3178974a8a94577b6045a48377ff25. Anders and Philippe have reported that recent kernels occasionally hang when used wit...

USN-7193-1 thunderbird vulnerability

Masato Kinugawa discovered that Thunderbird did not properly validate the CSP policy in the Web Compatibility extension. An attacker could potentially exploit this issue to perform a cross-site scripting attack...

CVE-2025-22275

CVE-2025-22275 affects iTerm2 3.5.6–3.5.10; a vulnerability allows remote attackers to obtain sensitive information from terminal commands by reading /tmp/framer.txt during remote logins with certain it2ssh/SSH Integration configurations (noted when hosts share a Python installation). Root cause ...

PT-2026-2889

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to the handling of ERSPAN traffic in GRE tunnels. Specifically, the options len field within the ip tunnel info structure is not properly...

Security update for vhostmd

This update for vhostmd fixes the following issues: Updated to version 1.2 Fix actions using the 'free' command Fix buffer accounting when generating metric XML Change actions to retrieve vendor and product info Add a 'unit' attribute to the metrics element vif-stats.py: convert to Python3 conf:...

Upgrade Struts to avoid false-positive scanner warnings about CVE-2024-53677

h3. Issue Summary Recent CVE-2024-53677 at Struts triggers vulnerability scanners warning. panel:title=Bamboo is not affected Supported versions of Bamboo 9.2+, 9.6+, 10.2+ are not affected because FileUploadInterceptor doesn't handle uploaded files. panel h3. Steps to Reproduce See WEB-INB/lib...