WordPress OSM Map Widget for Elementor plugin <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button URL vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Button URL vulnerability discovered by zer0gh0st in WordPress Plugin OSM Map Widget for Elementor versions = 1.3.0...

NeuVector process with sensitive arguments lead to leakage

Impact When a Java command with password parameters is executed and terminated by NeuVector for Process rule violation. For example, java -cp /app ... Djavax.net.ssl.trustStorePassword= The command with the password appears in the NeuVector security event. To prevent this, NeuVector uses the...

Linux Distros Unpatched Vulnerability : CVE-2019-20628

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a Use- After-Free vulnerability in gfm2tsprocesspmt in...

Linux Distros Unpatched Vulnerability : CVE-2020-25573

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the linked-hash-map crate before 0.5.3 for Rust. It creates an uninitialized NonNull pointer, which violates a non-null constraint...

Linux Distros Unpatched Vulnerability : CVE-2023-51791

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer Overflow vulenrability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavcodec/jpegxlparser.c in genaliasmap...

Linux Distros Unpatched Vulnerability : CVE-2018-1000069

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FreePlane version 1.5.9 and earlier contains a XML External Entity XXE vulnerability in XML Parser in mindmap loader that can result in stealing data from...

Linux Distros Unpatched Vulnerability : CVE-2023-31518

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap use-after-free in the component CDataFileReader::GetItem of teeworlds v0.7.5 allows attackers to cause a Denial of Service DoS via a crafted map file...

Linux Distros Unpatched Vulnerability : CVE-2020-35711

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in the arc-swap crate before 0.4.8 and 1.x before 1.1.0 for Rust. Use of arcswap::access::Map with the Constant test helper or with...

Linux Distros Unpatched Vulnerability : CVE-2020-25574

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the http crate before 0.1.20 for Rust. An integer overflow in HeaderMap::reserve could result in denial of service e.g., an infinite...

Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2019-11135: TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may CVE-2024-36028: mm/hugetlb: fix DEBUGLOCKSWARNON1 when...

SUSE-SU-2025:20620-1 Security update for kernel-livepatch-MICRO-6-0-RT_Update_4

This update for kernel-livepatch-MICRO-6-0-RTUpdate4 fixes the following issues: - CVE-2024-56664: bpf, sockmap: fix race between element replace and close bsc1235250 - CVE-2025-37752: netsched: schsfq: move the limit validation bsc1245776 - CVE-2025-37797: netsched: hfsc: Fix a UAF vulnerability...

SUSE-SU-2025:20610-1 Security update for kernel-livepatch-MICRO-6-0_Update_2

This update for kernel-livepatch-MICRO-6-0Update2 fixes the following issues: - CVE-2024-56664: bpf, sockmap: fix race between element replace and close bsc1235250 - CVE-2025-37752: netsched: schsfq: move the limit validation bsc1245776 - CVE-2025-37797: netsched: hfsc: Fix a UAF vulnerability in...

kernel: i40e: fix MMIO write access to an invalid page in i40e_clear_hw

In the Linux kernel, the following vulnerability has been resolved: i40e: fix MMIO write access to an invalid page in i40eclearhw When the device sends a specific input, an integer underflow can occur, leading to MMIO write access to an invalid page. Prevent the integer underflow by changing the...

A week in security (August 18 &#8211; August 24)

Last week on Malwarebytes Labs: Clickjack attack steals password managers’ secrets Grok chats show up in Google searches All Apple users should update after company patches zero-day vulnerability in all platforms Google settles YouTube lawsuit over kids’ privacy invasion and data collection...

Linux Distros Unpatched Vulnerability : CVE-2008-5135

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - os-prober in os-prober 1.17 allows local users to overwrite arbitrary files via a symlink attack on the 1 /tmp/mounted-map or 2 /tmp/raided-map temporary file...

SUSE CVE-2025-38626

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to trigger foreground gc during f2fsmapblocks in lfs mode w/ "mode=lfs" mount option, generic/299 will cause system panic as below: ------------ cut here ------------ kernel BUG at fs/f2fs/segment.c:2835! Call Trace:...

CVE-2025-38670

In the Linux kernel, the following vulnerability has been resolved: arm64/entry: Mask DAIF in cpuswitchto, callonirqstack cpuswitchto and callonirqstack manipulate SP to change to different stacks along with the Shadow Call Stack if it is enabled. Those two stack changes cannot be done atomically...

AZL-66614 CVE-2025-38626 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to trigger foreground gc during f2fsmapblocks in lfs mode w/ "mode=lfs" mount option, generic/299 will cause system panic as below: ------------ cut here ------------ kernel BUG at fs/f2fs/segment.c:2835! Call Trace:...

UBUNTU-CVE-2025-38626

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to trigger foreground gc during f2fsmapblocks in lfs mode w/ "mode=lfs" mount option, generic/299 will cause system panic as below: ------------ cut here ------------ kernel BUG at fs/f2fs/segment.c:2835! Call Trace:...

CVE-2025-38626 f2fs: fix to trigger foreground gc during f2fs_map_blocks() in lfs mode

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to trigger foreground gc during f2fsmapblocks in lfs mode w/ "mode=lfs" mount option, generic/299 will cause system panic as below: ------------ cut here ------------ kernel BUG at fs/f2fs/segment.c:2835! Call Trace:...