4211 matches found
Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP4)
This update for the Linux Kernel 5.14.21-15040024141 fixes several issues. The following security issues were fixed: CVE-2025-38678: netfilter: nftables: reject duplicate device on updates bsc1249534. CVE-2025-38499: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns...
Security Bulletin: Multiple security vulnerabilities in RedHat UBI affect IBM Robotic Process Automation for Cloud Pak
Summary Multiple vulnerabilities in RedHat UBI affect IBM Robotic Process Automation for Cloud Pak. RedHat UBI is used as base imaged for IBM Robotic Process Automation for Cloud Pak images. This bulletin identifies the fixes required to address the vulnerabilites. Vulnerability Details...
SUSE-SU-2025:3683-1 Security update for the Linux Kernel (Live Patch 51 for SLE 15 SP3)
This update for the Linux Kernel 5.3.18-15030059185 fixes several issues. The following security issues were fixed: - CVE-2025-38499: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns bsc1248673. - CVE-2025-21971: netsched: Prevent creation of classes with TCHROOT...
SUSE-SU-2025:03672-1 Security update for the Linux Kernel (Live Patch 59 for SLE 15 SP3)
This update for the Linux Kernel 5.3.18-15030059211 fixes several issues. The following security issues were fixed: - CVE-2025-38499: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns bsc1248673. - CVE-2025-21971: netsched: Prevent creation of classes with TCHROOT...
SUSE-SU-2025:03662-1 Security update for the Linux Kernel (Live Patch 70 for SLE 12 SP5)
This update for the Linux Kernel 4.12.14-122266 fixes several issues. The following security issues were fixed: - CVE-2022-50386: Bluetooth: L2CAP: Fix user-after-free bsc1250302. - CVE-2025-38499: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns bsc1248673. -...
Security update for the Linux Kernel (Live Patch 70 for SLE 12 SP5)
This update for the Linux Kernel 4.12.14-122266 fixes several issues. The following security issues were fixed: CVE-2022-50386: Bluetooth: L2CAP: Fix user-after-free bsc1250302. CVE-2025-38499: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns bsc1248673. CVE-2025-38644:...
Security update for the Linux Kernel (Live Patch 61 for SLE 12 SP5)
This update for the Linux Kernel 4.12.14-122231 fixes several issues. The following security issues were fixed: CVE-2022-50386: Bluetooth: L2CAP: Fix user-after-free bsc1250302. CVE-2025-38499: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns bsc1248673. CVE-2025-21971:...
JLSEC-2025-66 xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to...
xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc-oldNs...
MAL-2025-48446 Malicious code in deere-ui-namespace (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ac60fab9b04ceb2a6e45e76986b8fa08dcb797e40cb4d7b88cb5d16cfbeec85b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in deere-ui-namespace (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ac60fab9b04ceb2a6e45e76986b8fa08dcb797e40cb4d7b88cb5d16cfbeec85b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
EUVD-2025-34850
Malicious code in deere-ui-namespace npm...
CVE-2025-62159
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. A vulnerability was discovered in the BeyondTrust provider implementation for External Secrets Operator versions 0.10.1 through 0.19.2. The provider previously...
TencentOS Server 3: pam (TSSA-2025:0777)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0777 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
kernel: do_change_type(): refuse to operate on unmounted/not ours mounts
In the Linux kernel, the following vulnerability has been resolved: dochangetype: refuse to operate on unmounted/not ours mounts Ensure that propagation settings can only be changed for mounts located in the caller's mount namespace. This change aligns permission checking with the rest of mount2...
kernel: do_change_type(): refuse to operate on unmounted/not ours mounts
In the Linux kernel, the following vulnerability has been resolved: dochangetype: refuse to operate on unmounted/not ours mounts Ensure that propagation settings can only be changed for mounts located in the caller's mount namespace. This change aligns permission checking with the rest of mount2...
kernel: do_change_type(): refuse to operate on unmounted/not ours mounts
In the Linux kernel, the following vulnerability has been resolved: dochangetype: refuse to operate on unmounted/not ours mounts Ensure that propagation settings can only be changed for mounts located in the caller's mount namespace. This change aligns permission checking with the rest of mount2...
GHSA-C2HV-4PFJ-MM2R Argo Workflow may expose artifact repository credentials
Summary An attacker who has permissions to read logs from pods in a namespace with Argo Workflow can read workflow-controller logs and get credentials to the artifact repository. Details An attacker, by reading the logs of the workflow controller pod, can access the artifact repository, and steal...
JLSEC-2025-53 xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator chara...
xmlparse.c in Expat aka libexpat before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs...
kernel: do_change_type(): refuse to operate on unmounted/not ours mounts
In the Linux kernel, the following vulnerability has been resolved: dochangetype: refuse to operate on unmounted/not ours mounts Ensure that propagation settings can only be changed for mounts located in the caller's mount namespace. This change aligns permission checking with the rest of mount2...
kernel: do_change_type(): refuse to operate on unmounted/not ours mounts
In the Linux kernel, the following vulnerability has been resolved: dochangetype: refuse to operate on unmounted/not ours mounts Ensure that propagation settings can only be changed for mounts located in the caller's mount namespace. This change aligns permission checking with the rest of mount2...