SUSE-SU-2026:0970-1 Security update for the Linux Kernel (Live Patch 73 for SUSE Linux Enterprise 12 SP5)

This update for the SUSE Linux Enterprise Kernel 4.12.14-122.275 fixes various security issues The following security issues were fixed: - CVE-2022-50423: ACPICA: Fix use-after-free in acpiutcopyipackagetoipackage bsc1250785. - CVE-2022-50697: mrp: introduce active flags to prevent UAF when...

SUSE SLES12 Security Update : kernel (Live Patch 70 for SUSE Linux Enterprise 12 SP5) (SUSE-SU-2026:0700-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0700-1 advisory. This update for the SUSE Linux Enterprise kernel 4.12.14-122.266 fixes various security issues The following security issues were fixed: -...

CVE-2025-69020

CVE-2025-69020 affects the WordPress Newsletters (Newsletters Lite) plugin, with vulnerable versions listed as Newsletters

EUVD-2025-14717

Malicious code in bioql PyPI...

EUVD-2023-38778

Malicious code in bioql PyPI...

EUVD-2021-8656

Malicious code in bioql PyPI...

EUVD-2022-50182

Malicious code in bioql PyPI...

CVE-2023-34736

Guantang Equipment Management System version 4.12 is vulnerable to Arbitrary File Upload...

CVE-2023-45830

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.12...

CVE-2021-21292

Traccar is an open source GPS tracking system. In Traccar before version 4.12 there is an unquoted Windows binary path vulnerability. Only Windows versions are impacted. Attacker needs write access to the filesystem on the host machine. If Java path includes a space, then attacker can lift their...

Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to uncontrolled recursion in golang (CVE-2022-30631)

Summary Golang is used by IBM Storage Fusion Data Foundation in mcg and cephcsi. as part of the operator. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2022-30631. Vulnerability Details CVEID:CVE-2022-30631 DESCRIPTION: Golang G...

WordPress Category Discount Woocommerce Plugin <= 4.12 is vulnerable to Broken Access Control

Software Category Discount Woocommerce Type Plugin Vulnerable versions = 4.12 Fixed in 4.13 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0617 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 26f9aa0c44b8 Credits Krzysztof Zając...

WordPress Category Discount Woocommerce Plugin <= 4.11 is vulnerable to Cross Site Request Forgery (CSRF)

Software Category Discount Woocommerce Type Plugin Vulnerable versions = 4.11 Fixed in 4.12 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-0617 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID cff1c97352ca Credits Krzyszto...

libreswan security update

4.12-1.0.1 - Add libreswan-oracle.patch to detect Oracle Linux distro 4.12-1 - Update to 4.12 to fix CVE-2023-38710, CVE-2023-38711, CVE-2023-38712 - Resolves: rhbz2215956 4.9-5 - Just bumping up the version to include bugs for CVE-2023-2295. There is no code fix for it. Fix for it is including t...

WordPress Accessibility Suite by Online ADA Plugin <= 4.12 is vulnerable to SQL Injection

Software Accessibility Suite by Online ADA Type Plugin Vulnerable versions = 4.12 Fixed in 4.13 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-45830 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID f21f42859c29 Credits minhtuanact Required privilege...

CVE-2023-38710

An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALIDSPI is sent back. The notify payload's protocol ID is copied from the incoming packet, but the code that verifies outgoing packets...

CVE-2023-34736

Guantang Equipment Management System version 4.12 is vulnerable to Arbitrary File Upload...

PT-2023-24991 · Unknown · Guantang Equipment Management System

Name of the Vulnerable Software and Affected Versions: Guantang Equipment Management System version 4.12 Description: The Guantang Equipment Management System is affected by an issue that allows Arbitrary File Upload. This could potentially lead to unauthorized access or malicious activities...

GSD-2023-1001913 tracing: Make sure trace_printk() can output as soon as it can be used

tracing: Make sure traceprintk can output as soon as it can be used This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.9 by commit...

Cloud Foundry UAA accepts refresh token as access token on admin endpoints

Cloud Foundry UAA, versions 4.19 prior to 4.19.2 and 4.12 prior to 4.12.4 and 4.10 prior to 4.10.2 and 4.7 prior to 4.7.6 and 4.5 prior to 4.5.7, incorrectly authorizes requests to admin endpoints by accepting a valid refresh token in lieu of an access token. Refresh tokens by design have a longe...