SUSE SLES15 Security Update : go1.25-openssl (SUSE-SU-2025:03115-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03115-1 advisory. Update to version 1.25.0 cut from the go1.25-fips-release branch at the revision tagged go1.25.0-1-openssl-fips. jscSLE-18320 Reba...

Linux Distros Unpatched Vulnerability : CVE-2021-42203

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in swftools through 20201222. A heap-use-after-free exists in the function swfFontExtractDefineTextCallback located in swftext.c. It...

Security update for go1.25-openssl

This update for go1.25-openssl fixes the following issues: Update to version 1.25.0 cut from the go1.25-fips-release branch at the revision tagged go1.25.0-1-openssl-fips. jscSLE-18320 Rebase to 1.25.0 Fix HKDF-Extract The latest OpenSSL in c9s/c10s requires nil salt to be passed as a hash length...

SUSE-SU-2025:03115-1 Security update for go1.25-openssl

This update for go1.25-openssl fixes the following issues: Update to version 1.25.0 cut from the go1.25-fips-release branch at the revision tagged go1.25.0-1-openssl-fips. jscSLE-18320 Rebase to 1.25.0 Fix HKDF-Extract The latest OpenSSL in c9s/c10s requires nil salt to be passed as a hash length...

MAL-2025-46122 Malicious code in spectron-mini-css-extract-plugin-mongoose-indus (npm)

The package spectron-mini-css-extract-plugin-mongoose-indus was found to contain malicious code...

Malicious code in changelog-duplex-hermes-mini-css-extract-plugin (npm)

The package changelog-duplex-hermes-mini-css-extract-plugin was found to contain malicious code...

Malicious code in repository-helios-mini-css-extract-plugin-gemini (npm)

The package repository-helios-mini-css-extract-plugin-gemini was found to contain malicious code...

Malicious code in rest-changelog-mini-css-extract-plugin-eslint-plugin (npm)

The package rest-changelog-mini-css-extract-plugin-eslint-plugin was found to contain malicious code...

Malicious code in spectron-mini-css-extract-plugin-mongoose-indus (npm)

The package spectron-mini-css-extract-plugin-mongoose-indus was found to contain malicious code...

MAL-2025-45820 Malicious code in rest-changelog-mini-css-extract-plugin-eslint-plugin (npm)

The package rest-changelog-mini-css-extract-plugin-eslint-plugin was found to contain malicious code...

MAL-2025-45812 Malicious code in repository-helios-mini-css-extract-plugin-gemini (npm)

The package repository-helios-mini-css-extract-plugin-gemini was found to contain malicious code...

MAL-2025-43761 Malicious code in changelog-duplex-hermes-mini-css-extract-plugin (npm)

The package changelog-duplex-hermes-mini-css-extract-plugin was found to contain malicious code...

MAL-2025-45561 Malicious code in pino-pretty-carpo-css-minimizer-webpack-plugin-mini-css-extract-plugin (npm)

The package pino-pretty-carpo-css-minimizer-webpack-plugin-mini-css-extract-plugin was found to contain malicious code...

MAL-2025-45995 Malicious code in semantic-release-metalsmith-mini-css-extract-plugin-framework (npm)

The package semantic-release-metalsmith-mini-css-extract-plugin-framework was found to contain malicious code...

Django: Path traversal via archive.extract - CVE 2021-3281 incomplete patch

A vulnerability was discovered in the "extract" function of the ZipArchive and TarArchive classes in the Django framework. The vulnerability was caused by the use of the "abspath" function, which removes terminating path separators. This made the guard logic protection insufficient to protect...

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to extraction filter issues due to the python package (CVE-2025-4330, CVE-2025-4435)

Summary Python is used by DataStage on Cloud Pak for Data as part of general processing functionality. Vulnerability Details CVEID:CVE-2025-4330 DESCRIPTION: Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of so...

GHSA-438M-6MHW-HQ5W Mautic vulnerable to secret data extraction via elfinder

Summary A user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available. Impact An administrator who usually does not have access to certain parameters, such as database credentials, can disclose them...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the extractImageInfo function for user avatars. An attacker can execute arbitrary scripts in the context of another user by uploading malicious files that are served without proper content type validation...

CVE-2025-9822

SummaryA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available. ImpactAn administrator who usually does not have access to certain parameters, such as database credentials, can disclose them...

CVE-2025-9822

SummaryA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available. ImpactAn administrator who usually does not have access to certain parameters, such as database credentials, can disclose them...