[SECURITY] [DLA 4344-1] gdk-pixbuf security update

Debian LTS Advisory DLA-4344-1 [email protected] https://www.debian.org/lts/security/ Carlos Henrique Lima Melara October 22, 2025 https://wiki.debian.org/LTS Package : gdk-pixbuf Version : 2.42.2+dfsg-1+deb11u4 CVE ID : CVE-2025-7345 Debian Bug : 1109262 A vulnerability was found in...

Debian dla-4344 : gdk-pixbuf-tests - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4344 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4344-1 [email protected] https://www.debian.org/lts/security/...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libqt5-qtbase (SUSE-SU-2025:3723-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3723-1 advisory. Security issues fixed: - CVE-2025-5455: processing of malformed data in qDecodeDataUrl can trigg...

SUSE CVE-2023-53694

In the Linux kernel, the following vulnerability has been resolved: riscv: ftrace: Fixup panic by disabling preemption In RISCV, we must use an AUIPC + JALR pair to encode an immediate, forming a jump that jumps to an address over 4K. This may cause errors if we want to enable kernel preemption a...

CVE-2025-62705 OpenBao and Vault Leak []byte Fields in Audit Logs

OpenBao is an open source identity-based secrets management system. Prior to version 2.4.2, OpenBao's audit log did not appropriately redact fields when relevant subsystems sent byte response parameters rather than strings. This includes, but is not limited to sys/raw with use of encoding=base64,...

CVE-2025-60280

Cross-Site Scripting XSS vulnerability in Bang Resto v1.0 could allow an attacker to inject malicious JavaScript code into the application's web pages. This vulnerability exists due to insufficient input sanitization or output encoding, allowing attacker-controlled input to be rendered directly i...

UBUNTU-CVE-2023-53694

In the Linux kernel, the following vulnerability has been resolved: riscv: ftrace: Fixup panic by disabling preemption In RISCV, we must use an AUIPC + JALR pair to encode an immediate, forming a jump that jumps to an address over 4K. This may cause errors if we want to enable kernel preemption a...

CVE-2023-53694 riscv: ftrace: Fixup panic by disabling preemption

In the Linux kernel, the following vulnerability has been resolved: riscv: ftrace: Fixup panic by disabling preemption In RISCV, we must use an AUIPC + JALR pair to encode an immediate, forming a jump that jumps to an address over 4K. This may cause errors if we want to enable kernel preemption a...

Quantum Autoencoders for Anomaly Detection in Cybersecurity

Anomaly detection in cybersecurity is a challenging task, where normal events far outnumber anomalous ones with new anomalies occurring frequently. Classical autoencoders have been used for anomaly detection, but struggles in data-limited settings which quantum counterparts can potentially...

EUVD-2025-35187

Cross-Site Scripting XSS vulnerability in Bang Resto v1.0 could allow an attacker to inject malicious JavaScript code into the application's web pages. This vulnerability exists due to insufficient input sanitization or output encoding, allowing attacker-controlled input to be rendered directly i...

CVE-2025-60280

Cross-Site Scripting XSS vulnerability in Bang Resto v1.0 could allow an attacker to inject malicious JavaScript code into the application's web pages. This vulnerability exists due to insufficient input sanitization or output encoding, allowing attacker-controlled input to be rendered directly i...

CVE-2025-60280

Cross-Site Scripting XSS vulnerability in Bang Resto v1.0 could allow an attacker to inject malicious JavaScript code into the application's web pages. This vulnerability exists due to insufficient input sanitization or output encoding, allowing attacker-controlled input to be rendered directly i...

CVE-2025-60280

Cross-Site Scripting XSS vulnerability in Bang Resto v1.0 could allow an attacker to inject malicious JavaScript code into the application's web pages. This vulnerability exists due to insufficient input sanitization or output encoding, allowing attacker-controlled input to be rendered directly i...

CVE-2025-60280

CVE-2025-60280 affects Bang Resto v1.0 and is described as a Cross-Site Scripting (XSS) vulnerability caused by insufficient input sanitization or output encoding. The vulnerability could allow attacker-controlled input to be rendered in the browser, enabling potential theft of session cookies, u...

SUSE-SU-2025:3682-1 Security update for go1.24

This update for go1.24 fixes the following issues: go1.24.9 released 2025-10-13 includes fixes to the crypto/x509 package. bsc1236217 crypto/x509: TLS validation fails for FQDNs with trailing dot go1.24.8 released 2025-10-07 includes security fixes to the archive/tar, crypto/tls, crypto/x509,...

JLSEC-2025-115 libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a simi...

libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the initvlc function, a similar issue to CVE-2013-0868...

JLSEC-2025-72 There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this...

Weak Encoding for Password

Overview @strapi/admin is a Strapi Admin Affected versions of this package are vulnerable to Weak Encoding for Password in to the implementation of password hashing. An attacker can reduce the effective entropy of user passwords and potentially mislead users about the required password length by...

TencentOS Server 4: squid (TSSA-2025:0752)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0752 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 3: postgresql:13 (TSSA-2025:0780)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0780 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...