RHSA-2025:13310 Red Hat Security Advisory: libxml2 security update

Bulletin has no description...

RHSA-2025:13308 Red Hat Security Advisory: libxml2 security update

Bulletin has no description...

RHSA-2025:13307 Red Hat Security Advisory: pcs security update

Bulletin has no description...

Security Bulletin: Vulnerabilities in axios affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in axios has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-57965 DESCRIPTION: In axios...

PT-2025-32243 · Tagfree · Tagfree X-Free Uploader Xfu

Name of the Vulnerable Software and Affected Versions: TAGFREE X-Free Uploader XFU versions 1.0.1.0084 through 1.0.1.0085 TAGFREE X-Free Uploader XFU versions 2.0.1.0034 through 2.0.1.0035 Description: The software contains a Path Traversal flaw that allows unauthorized access. The issue is due t...

Security Bulletin: Cross Site Scripting vulnerabiliies may affect IBM Business Automation Workflow - CVE-2024-47875, CVE-2024-48910

Summary IBM Business Automation Workflow packages a vulnerable copy of DOMPurify. Vulnerability Details CVEID:CVE-2024-47875 DESCRIPTION: DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability i...

Security Bulletin: Vulnerabilities in Netty affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in Netty has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is ...

GHSA-7RX2-769V-HRWF HashiCorp Vault ldap auth method may not have correctly enforced MFA

Vault and Vault Enterprise’s “Vault” ldap auth method may not have correctly enforced MFA if usernameasalias was set to true and a user had multiple CNs that are equal but with leading or trailing spaces. Fixed in Vault Community Edition 1.20.2 and Vault Enterprise 1.20.2, 1.19.8, 1.18.13, and...

RHSA-2025:13120 Red Hat Security Advisory: kernel security update

Bulletin has no description...

RHSA-2025:13104 Red Hat Security Advisory: python-cryptography security update

Bulletin has no description...

RHSA-2025:13029 Red Hat Security Advisory: kernel-rt security update

Bulletin has no description...

CVE-2025-6013

CVE-2025-6013 concerns Vault and Vault Enterprise’s LDAP authentication. The issue is a bypass of MFA enforcement when the LDAP method is configured with username_as_alias=true and a user has multiple equal CNs that include leading or trailing spaces, allowing a user to bypass alias-specific MFA ...

Advisory ROSA-SA-2025-2943

Software: openh264 2.1.1 OS: ROSA-CHROME unaffected versions = openh264-2.1.1-3 affected versions openh264-2.1.1-3 CVE-ID: CVE-2025-27091 BDU-ID: 2025-02022 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the decoding functions of the OpenH264 library is related to a buffer overflow in dynamic...

Advisory ROSA-SA-2025-2940

Software: exfatprogs 1.2.9 OS: ROSA-CHROME unaffected versions = exfatprogs-1.2.9-1 affected versions exfatprogs-1.2.9-1 CVE-ID: CVE-2023-45897 BDU-ID: 2024-03156 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the readfiledentryset function of the exfatprogs user-space utility is related to readi...

Advisory ROSA-SA-2025-2937

software: libxml2 2.9.14 OS: ROSA-CHROME unaffected versions = libxml2-2.9.14-9 affected versions libxml2-2.9.14-9 CVE-ID: CVE-2025-32414 BDU-ID: 2025-05199 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Python API component of the libxml2 library involves incorrect validation of the return val...

Advisory ROSA-SA-2025-2933

software: suricata 6.0.20 WASP: ROSA-CHROME unaffected versions = suricata-6.0.20-3 affected versions suricata-6.0.20-3 CVE-ID: CVE-2024-55626 BDU-ID: 2024-11374 CVE-Crit: LOW CVE-DESC.: A vulnerability in the BPF filter of the Suricata Intrusion Detection and Prevention System is related to an...

Advisory ROSA-SA-2025-2928

software: expat 2.7.1 OS: ROSA-CHROME unaffected versions = expat-2.7.1-1 affected versions expat-2.7.1-1 CVE-ID: CVE-2024-45490 BDU-ID: 2024-07004 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the libexpat XML parsing library is related to an improper restriction of a reference to an external...

Advisory ROSA-SA-2025-2922

software: kanboard 1.2.44 AXIS: ROSA-CHROME unaffected versions = kanboard-1.2.44-0.gitc07304.1-rosa2021.1 affected versions kanboard-1.2.44-0.gitc07304.1-rosa2021.1 CVE-ID: CVE-2024-51748 BDU-ID: 2024-10653 CVE-Crit: HIGH CVE-DESC.: A vulnerability in Kanboard project management software is...

Advisory ROSA-SA-2025-2923

software: util-linux 2.37.4 OS: ROSA-CHROME unaffected versions = util-linux-2.37.4-3 affected versions util-linux-2.37.4-3 CVE-ID: CVE-2024-28085 BDU-ID: 2024-02517 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the util-linux package of the Linux operating system is related to incorrect privile...

CVE-2025-54125

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform Legacy Old Core and XWiki Platform Old Core versions 1.1 through 16.4.6, 16.5.0-rc-1 through 16.10.4 and 17.0.0-rc-1 through 17.1.0, the XML export of a page in XWiki that can b...