SUSE-SU-2025:20761-1 Security update for kernel-livepatch-MICRO-6-0_Update_6

This update for kernel-livepatch-MICRO-6-0Update6 fixes the following issues: - CVE-2025-38087: net/sched: fix use-after-free in tapriodevnotifier bsc1245505 - CVE-2025-21999: proc: fix UAF in procgetinode bsc1242579 - CVE-2025-38001: netsched: hfsc: Address reentrant enqueue adding class to eltr...

SUSE-SU-2025:03165-1 Security update for the Linux Kernel (Live Patch 37 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-15040024153 fixes several issues. The following security issues were fixed: - CVE-2025-21999: proc: fix UAF in procgetinode bsc1242579. - CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF bsc1237930. - CVE-2025-38001: netsched: hfsc: Address...

Inside Wallarm Security Edge: Instant Protection at the API Edge

APIs are now the beating heart of digital infrastructure. But as they have risen in importance, they’ve also become prime targets for attackers. Complex, often poorly understood API behaviors present rich opportunities for exploitation, and too often, security teams are left scrambling to protect...

Advisory ROSA-SA-2025-2997

software: curl 8.7.1 OS: ROSA-CHROME unaffected versions = curl-8.7.1-4 affected versions curl-8.7.1-4 CVE-ID: CVE-2024-11053 BDU-ID: 2024-11106 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the netrc file handler of the cURL command line utility is related to insufficient protection of servic...

CVE-2025-42929

Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group. This leads to a high impact on integrity and availability of the database...

CVE-2025-42916

Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group. This leads to a high impact on integrity and availability of the database but no impact on...

kernel: ipv6: mcast: extend RCU protection in igmp6_send()

In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: extend RCU protection in igmp6send igmp6send can be called without RTNL or RCU being held. Extend RCU protection so that we can safely fetch the net pointer and avoid a potential UAF. Note that we no longer can use...

SUSE SLES15 Security Update : kernel (Live Patch 50 for SLE 15 SP3) (SUSE-SU-2025:03133-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03133-1 advisory. This update for the Linux Kernel 5.3.18-15030059182 fixes several issues. The following security issues were fixed: - CVE-2025-21999: proc: fi...

SUSE SLES15 Security Update : kernel (Live Patch 58 for SLE 15 SP3) (SUSE-SU-2025:03154-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03154-1 advisory. This update for the Linux Kernel 5.3.18-15030059207 fixes several issues. The following security issues were fixed: - CVE-2025-38001: netsched...

[Extended] Ethics in Computer Security Research: a Data-Driven Assessment of the Past, the Present, and the Possible Future

Ethical questions are discussed regularly in computer security. Still, researchers in computer security lack clear guidance on how to make, document, and assess ethical decisions in research when what is morally right or acceptable is not clear-cut. In this work, we give an overview of the...

CVE-2025-57815

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Admin UI login endpoint relies on a general IP-based rate limit for all API traffic and lacks specific anti-automation controls designed to protect against brute-force attacks. This could allow attackers to...

Security update for the Linux Kernel (Live Patch 58 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059207 fixes several issues. The following security issues were fixed: CVE-2025-38001: netsched: hfsc: Address reentrant enqueue adding class to eltree twice bsc1244235. CVE-2025-38000: schhfsc: Fix qlen accounting bug when using peek in hfscenqueue...

Security update for the Linux Kernel (Live Patch 56 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059201 fixes several issues. The following security issues were fixed: CVE-2025-21999: proc: fix UAF in procgetinode bsc1242579. CVE-2025-38001: netsched: hfsc: Address reentrant enqueue adding class to eltree twice bsc1244235. CVE-2025-38000: schhfsc:...

kernel: ipv6: mcast: extend RCU protection in igmp6_send()

In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: extend RCU protection in igmp6send igmp6send can be called without RTNL or RCU being held. Extend RCU protection so that we can safely fetch the net pointer and avoid a potential UAF. Note that we no longer can use...

Protection Mechanism Failure

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Protection Mechanism Failure via the unsafeglobals check. An attacker can bypass detection of malicious content by crafting malicious pickle...

Security update for the Linux Kernel (Live Patch 57 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059204 fixes several issues. The following security issues were fixed: CVE-2025-21999: proc: fix UAF in procgetinode bsc1242579. CVE-2025-38001: netsched: hfsc: Address reentrant enqueue adding class to eltree twice bsc1244235. CVE-2025-38000: schhfsc:...

Security update for the Linux Kernel (Live Patch 70 for SLE 12 SP5)

This update for the Linux Kernel 4.12.14-122266 fixes one issue. The following security issue was fixed: CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU bsc1246030. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...

SUSE-SU-2025:03146-1 Security update for the Linux Kernel (Live Patch 70 for SLE 12 SP5)

This update for the Linux Kernel 4.12.14-122266 fixes one issue. The following security issue was fixed: - CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU bsc1246030...

SUSE-SU-2025:03143-1 Security update for the Linux Kernel (Live Patch 68 for SLE 12 SP5)

This update for the Linux Kernel 4.12.14-122258 fixes several issues. The following security issues were fixed: - CVE-2025-38000: schhfsc: Fix qlen accounting bug when using peek in hfscenqueue bsc1245775. - CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU bsc1246030...

SUSE-SU-2025:03138-1 Security update for the Linux Kernel (Live Patch 62 for SLE 12 SP5)

This update for the Linux Kernel 4.12.14-122234 fixes several issues. The following security issues were fixed: - CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF bsc1237930. - CVE-2025-38000: schhfsc: Fix qlen accounting bug when using peek in hfscenqueue bsc1245775. - CVE-2025-38212:...