grafana-11.3.0-4.1 on GA media (moderate)

grafana-11.3.0-4.1 on GA media Announcement ID: openSUSE-SU-2025:14633-1 Rating: moderate Cross-References: CVE-2024-45337 CVSS scores: CVE-2024-45337 SUSE : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be...

proftpd-1.3.8c-1.1 on GA media (moderate)

proftpd-1.3.8c-1.1 on GA media Announcement ID: openSUSE-SU-2025:14636-1 Rating: moderate Cross-References: CVE-2024-48651 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the proftpd-1.3.8c-1....

frr-10.2.1-1.1 on GA media (moderate)

frr-10.2.1-1.1 on GA media Announcement ID: openSUSE-SU-2025:14632-1 Rating: moderate Cross-References: CVE-2024-55553 CVSS scores: CVE-2024-55553 SUSE : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2024-55553 SUSE : 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N...

perl-Module-ScanDeps-1.370.0-1.1 on GA media (moderate)

perl-Module-ScanDeps-1.370.0-1.1 on GA media Announcement ID: openSUSE-SU-2025:14635-1 Rating: moderate Cross-References: CVE-2024-10224 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

yq-4.44.6-1.1 on GA media (moderate)

yq-4.44.6-1.1 on GA media Announcement ID: openSUSE-SU-2025:14639-1 Rating: moderate Cross-References: CVE-2024-45338 CVSS scores: CVE-2024-45338 SUSE : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2024-45338 SUSE : 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N...

python311-slixmpp-1.8.6-1.1 on GA media (moderate)

python311-slixmpp-1.8.6-1.1 on GA media Announcement ID: openSUSE-SU-2025:14628-1 Rating: moderate Cross-References: CVE-2022-45197 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

CVE-2024-13245 CKEditor 4 LTS - WYSIWYG HTML editor - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-009

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal CKEditor 4 LTS - WYSIWYG HTML editor allows Cross-Site Scripting XSS.This issue affects CKEditor 4 LTS - WYSIWYG HTML editor: from 1.0.0 before 1.0.1...

CVE-2024-13239 Two-factor Authentication (TFA) - Moderately critical - Access bypass - SA-CONTRIB-2024-003

Weak Authentication vulnerability in Drupal Two-factor Authentication TFA allows Authentication Abuse.This issue affects Two-factor Authentication TFA: from 0.0.0 before 1.5.0...

CVE-2024-43662

The .exe or .exe CGI binary can be used to upload arbitrary files to /tmp/upload/ or /tmp/ respectively as any user, although the user interface for uploading files is only shown to the iocadmin user. This issue affects Iocharger firmware for AC models before version 24120701. Likelihood: Moderat...

CVE-2024-43652

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC model chargers before version 24120701 Likelihood: Moderate – The binary does not seem to be used by the web interface, ...

CVE-2024-43651 Authenticated command injection in the <redacted> action leads to full remote code execution as root on the charging station

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC models before version 241207101 Likelihood: Moderate – The binary does not seem to be used by the web interface, so it...

CVE-2024-43661

The CVE-2024-43661 entry describes a buffer overflow in the .so library used by iocharger’s AC-model firmware, exploitable by sending a long file path to the .exe CGI binary or .sh CGI script. The vulnerability affects Iocharger firmware before 24120701. Impact is high: the process (likely OCPP)...

CVE-2024-43661 Buffer overflow in <redacted>.so leads to DoS of OCPP service

The .so library, which is used by , is vulnerable to a buffer overflow in the code that handles the deletion of certificates. This buffer overflow can be triggered by providing a long file path to the action of the .exe CGI binary or to the .sh CGI script. This binary or script will write this fi...

CVE-2024-43661 Buffer overflow in <redacted>.so leads to DoS of OCPP service

The .so library, which is used by , is vulnerable to a buffer overflow in the code that handles the deletion of certificates. This buffer overflow can be triggered by providing a long file path to the action of the .exe CGI binary or to the .sh CGI script. This binary or script will write this fi...

CVE-2024-43662 Authenticated arbitrary file upload to /tmp/ and /tmp/upload/

The .exe or .exe CGI binary can be used to upload arbitrary files to /tmp/upload/ or /tmp/ respectively as any user, although the user interface for uploading files is only shown to the iocadmin user. This issue affects Iocharger firmware for AC models before version 24120701. Likelihood: Moderat...

CVE-2024-43656 A backup can be manipulated and then restored to create arbitrary files inside the <redacted> directory. A CGI script can be added to the web directory this way, allowing for full remote code execution.

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC model chargers before version 24120701. Likelihood: Moderate – It might be difficult for an attacker to identify the fil...

firefox-esr-128.6.0-1.1 on GA media (moderate)

firefox-esr-128.6.0-1.1 on GA media Announcement ID: openSUSE-SU-2025:14619-1 Rating: moderate Cross-References: CVE-2025-0237 CVE-2025-0238 CVE-2025-0239 CVE-2025-0240 CVE-2025-0241 CVE-2025-0242 CVE-2025-0243 Affected Products: openSUSE Tumbleweed An update that solves 7 vulnerabilities can now...

apptainer-1.3.6-2.1 on GA media (moderate)

apptainer-1.3.6-2.1 on GA media Announcement ID: openSUSE-SU-2025:14618-1 Rating: moderate Cross-References: CVE-2024-28180 CVSS scores: CVE-2024-28180 SUSE : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2024-28180 SUSE : 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N...

libopenjp2-7-2.5.3-2.1 on GA media (moderate)

libopenjp2-7-2.5.3-2.1 on GA media Announcement ID: openSUSE-SU-2025:14620-1 Rating: moderate Cross-References: CVE-2024-56826 CVSS scores: CVE-2024-56826 SUSE : 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2024-56826 SUSE : 6.8...

VMSA-2025-0001: VMware Aria automation update addresses a server side request forgery vulnerability (CVE-2025-22215)

Advisory ID: | VMSA-2025-0001 ---|--- Advisory Severity: | Moderate CVSSv3 Range: | 4.3 Synopsis: | VMware Aria Automation update addresses a server side request forgery vulnerability CVE-2025-22215 Issue date: | 2025-01-07 Updated on: | 2025-01-07 CVEs | CVE-2025-22215 1. Impacted Products VMwar...