Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: Update to Java 8.0 Service Refresh 8 Fix Pack 40 bsc1236470: CVE-2025-21502: unauthenticated attacker can obtain unauthorized read and write access to data through the Hotspot component API bsc1236278. Patch Instructions: To install this SU...

CVE-2024-28736

An issue in Debezium Community debezium-ui v.2.5 allows a local attacker to execute arbitrary code via the refresh page function...

PostgreSQL Vulnerable to Privileged Execution of Arbitrary SQL due to Late Privilege Drop in 'REFRESH MATERIALIZED VIEW CONCURRENTLY'

An authenticated attacker that has created a materialized view could run arbitrary SQL commands on a PostgreSQL server if a victim runs REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker's view. If the victim is a superuser this could result in full compromise of the PostgreSQL server...

drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too

...

CVE-2025-23044

PwnDoc is a penetration test report generator. There is no CSRF protection in pwndoc, allowing attackers to send requests on a logged-in user's behalf. This includes GET and POST requests due to the missing SameSite= attribute on cookies and the ability to refresh cookies. Commit...

CVE-2025-23044 Cross-Site Request Forgery (CSRF) allows creating admin account with POST request

PwnDoc is a penetration test report generator. There is no CSRF protection in pwndoc, allowing attackers to send requests on a logged-in user's behalf. This includes GET and POST requests due to the missing SameSite= attribute on cookies and the ability to refresh cookies. Commit...

MAL-2025-142 Malicious code in next-refresh-token (npm)

This package executes a post-install script to collect system data and sends it to a remote server. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c1d44ee35f1e7a2f1a815de12ce539b2c3ffcb9ef5dc72eb632de64e000cf1b7 Any computer that has this package installed or runni...

WordPress rng-refresh plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin rng-refresh versions = 1.0...

SUSE CVE-2025-22149

JWK Set JSON Web Key Set is a JWK and JWK Set Go implementation. Prior to 0.6.0, the project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use...

DEBIAN-CVE-2024-56369

In the Linux kernel, the following vulnerability has been resolved: drm/modes: Avoid divide by zero harder in drmmodevrefresh drmmodevrefresh is trying to avoid divide by zero by checking whether htotal or vtotal are zero. But we may still end up with a div-by-zero of vtotalhtotal...

AZL-55808 CVE-2024-56369 affecting package kernel for versions less than 5.15.176.3-1

In the Linux kernel, the following vulnerability has been resolved: drm/modes: Avoid divide by zero harder in drmmodevrefresh drmmodevrefresh is trying to avoid divide by zero by checking whether htotal or vtotal are zero. But we may still end up with a div-by-zero of vtotalhtotal...

UBUNTU-CVE-2024-56369

In the Linux kernel, the following vulnerability has been resolved: drm/modes: Avoid divide by zero harder in drmmodevrefresh drmmodevrefresh is trying to avoid divide by zero by checking whether htotal or vtotal are zero. But we may still end up with a div-by-zero of vtotalhtotal...

GO-2025-3376 JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh in github.com/MicahParks/jwkset

JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh in github.com/MicahParks/jwkset...

JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh

The project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use cases that utilize the provided auto-caching HTTP client and where key removal fr...

JWK Set 安全漏洞

JWK Set is a JWK and JWK-Set implementation by the individual developer Micah Parks. An auto-caching JWK-Set HTTP client is provided. A security vulnerability exists in versions prior to JWK Set 0.6.0, which stems from an HTTP client that incorrectly overwrites or appends the local cache when...

PT-2025-51215

Name of the Vulnerable Software and Affected Versions allauth-django versions prior to 65.13.0 Description An issue existed where access and refresh tokens were not rejected after a user was marked as inactive. Specifically, if a user’s account was deactivated is active=False after tokens had...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a TLB refresh operation issue with KASAN shadow virtual addresses in the mm/vmalloc subsystem...

Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: Updated to Java 8.0 Service Refresh 8 Fix Pack 35 with Oracle October 15 2024 CPU bsc1232064: - CVE-2024-21208: Fixed partial DoS in component Networking bsc1231702,JDK-8328286 - CVE-2024-21210: Fixed unauthorized update, insert or delete...

redis:7 security update

7.2.6-1 - rebase to 7.2.6 RHEL-26628 7.0.12-1 - rebase to 7.0.12 2221899 7.0.11-1 - rebase to 7.0.11 for new redis:7 stream 2129826 7.0.11-1 - Upstream 7.0.11 release. 7.0.10-2 - fix modules directory ownership and permissions 2176173 - drop redis-shutdown helper and rely on systemd 2181181...

AsyncHttpClient (AHC) library's `CookieStore` replaces explicitly defined `Cookie`s

Summary When making any HTTP request, the automatically enabled and self-managed CookieStore aka cookie jar will silently replace explicitly defined Cookies with any that have the same name from the cookie jar. For services that operate with multiple users, this can result in one user's Cookie...