45 matches found
SUSE-SU-2026:20847-1 Security update for the Linux Kernel RT (Live Patch 5 for SUSE Linux Enterprise Micro 6.0)
This update for the SUSE Linux Enterprise Kernel 6.4.0-25.1 fixes various security issues The following security issues were fixed: - CVE-2025-21738: ata: libata-sff: ensure that we cannot write outside the allocated buffer bsc1257118. - CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to...
stellar-xdr's StringM::from_str bypasses max length validation
Impact StringM::fromstr does not validate that the input length is within the declared maximum MAX. Calling StringM::::fromstrs where s is longer than N bytes succeeds and returns an Ok value instead of ErrError::LengthExceedsMax, producing a StringM that violates its length invariant. This affec...
SUSE-SU-2026:20705-1 Security update for the Linux Kernel RT (Live Patch 5 for SUSE Linux Enterprise Micro 6.0)
This update for the SUSE Linux Enterprise kernel 6.4.0-25.1 fixes one security issue The following security issue was fixed: - CVE-2025-38129: pagepool: fix use-after-free in pagepoolrecycleinring bsc1258139...
PT-2026-23612
Name of the Vulnerable Software and Affected Versions stellar-xdr versions prior to 25.0.1 Description The StringM::from str function does not properly validate the length of input strings. When calling StringM::::from strs with a string s exceeding the maximum allowed length N, the function...
CVE-2026-26997 ClipBucket v5 has Stored XSS via Collection name
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 59, a normal authenticated user can store the XSS payload. The payload is triggered by administrator. Version 5.5.3 59 fixes the issue...
GHSA-FJ3W-JWP8-X2G3 fast-xml-parser has stack overflow in XMLBuilder with preserveOrder
Impact Application crashes with stack overflow when user use XML builder with prserveOrder:true for following or similar input 'foo': 'bar': '@V': 'baz' Cause: arrToStr was not validating if the input is an array or a string and treating all non-array values as text content. What kind of...
EUVD-2026-5207
Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Shipping Categories Name &...
SUSE-SU-2026:0247-1 Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise 15 SP7)
This update for the SUSE Linux Enterprise kernel 6.4.0-150700.53.19 fixes various security issues The following security issues were fixed: - CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in liotargetnaclinfoshow bsc1251787. - CVE-2025-40204: sctp: Fix MAC comparison to be constant-tim...
SUSE-SU-2026:20392-1 Security update for the Linux Kernel RT (Live Patch 5 for SUSE Linux Enterprise Micro 6.0)
This update for the SUSE Linux Enterprise kernel 6.4.0-25.1 fixes various security issues The following security issues were fixed: - CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in liotargetnaclinfoshow bsc1251787. - CVE-2025-38476: rpl: Fix use-after-free in rpldosrhinline bsc125120...
EUVD-2025-205866
CBORDecoder reuse can leak shareable values across decode calls...
CVE-2025-65012
Kirby is an open-source content management system. From versions 5.0.0 to 5.1.3, attackers could change the title of any page or the name of any user to a malicious string. Then they could modify any content field of the same model without saving, making the model a candidate for display in the...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in torch-2.6.0-cp313-cp313-manylinux1_x86_64.whl
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of torch-2.6.0-cp313-cp313-manylinux1x8664.whl Vulnerability Details CVEID:CVE-2025-4287 DESCRIPTION: A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function...
SUSE-SU-2025:03123-1 Security update for the Linux Kernel RT (Live Patch 5 for SLE 15 SP6)
This update for the Linux Kernel 6.4.0-1506001017 fixes several issues. The following security issues were fixed: - CVE-2025-38087: net/sched: fix use-after-free in tapriodevnotifier bsc1245504. - CVE-2025-21999: proc: fix UAF in procgetinode bsc1242579. - CVE-2025-38001: netsched: hfsc: Address...
Security update for the Linux Kernel (Live Patch 60 for SLE 12 SP5)
This update for the Linux Kernel 4.12.14-122228 fixes several issues. The following security issues were fixed: CVE-2024-8805: Bluetooth: hcievent: Align BR/EDR JUSTWORKS paring with LE bsc1240840. CVE-2024-56650: netfilter: xtables: fix LED ID check in ledtgcheck bsc1235431. Patch Instructions: ...
Security update for the Linux Kernel RT (Live Patch 5 for SLE 15 SP6)
This update for the Linux Kernel 6.4.0-1506001017 fixes several issues. The following security issues were fixed: CVE-2024-53237: Bluetooth: fix use-after-free in deviceforeachchild bsc1235008. CVE-2024-53082: virtionet: Add hashkeylength check bsc1233677. CVE-2024-56650: netfilter: xtables: fix...
Security update for the Linux Kernel RT (Live Patch 5 for SLE 15 SP6)
This update for the Linux Kernel 6.4.0-1506001017 fixes one issue. The following security issue was fixed: CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVCVSUNDEFINED in uvcparseformat bsc1236783. Patch Instructions: To install this SUSE update use the SUSE recommended installatio...
CVE-2024-8190
An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability...
DEBIAN-CVE-2022-24806
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can exploit an Improper Input Validation vulnerability when SETing malformed OIDs in master agent and subagent simultaneously. Version 5.9.2 contains a...
Multiple server-side request forgery vulnerabilities in Trend Micro Apex Central (July 2023)
Overview Trend Micro Apex Central is vulnerable to multiple server-side request forgeries. Trend Micro Incorporated has released Patch 5 build 6481 for Trend Micro Apex Central. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN. Impact...
GHSA-273R-MGR4-V34F Uncaught Exception in engine.io
Impact A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. RangeError: Invalid WebSocket frame: RSV2 and RSV3 must be clear at Receiver.getInfo /.../nodemodules/ws/lib/receiver.js:176:14 at Receiver.startLoop...