TencentOS Server 4: grafana (TSSA-2025:0594)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0594 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Linux Distros Unpatched Vulnerability : CVE-2024-41029

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: nvmem: core: limit cell sysfs permissions to main attribute ones The cell sysfs attribute...

Malicious code in thingsboard-advanced-attribute-widget (npm)

The package thingsboard-advanced-attribute-widget was found to contain malicious code...

MAL-2025-36813 Malicious code in thingsboard-advanced-attribute-widget (npm)

The package thingsboard-advanced-attribute-widget was found to contain malicious code...

CVE-2025-55166

savg-sanitizer is a PHP SVG/XML sanitizer. Prior to version 0.22.0, the sanitization logic in the cleanXlinkHrefs method only searches for lower-case attribute name, which allows to by-pass the isHrefSafeValue check. As a result this allows cross-site scripting or linking to external domains. Thi...

CVE-2025-54389

AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and/or tamp...

DEBIAN-CVE-2025-54389

AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and/or tamp...

UBUNTU-CVE-2025-54389

AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and/or tamp...

Security update for kubernetes1.26

This update for kubernetes1.26 fixes the following issues: CVE-2025-22872: Properly handle trailing solidus in unquoted attribute value in foreign content bsc1241865. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...

Security update for kubernetes1.23

This update for kubernetes1.23 fixes the following issues: CVE-2025-22872: Properly handle trailing solidus in unquoted attribute value in foreign content bsc1241865. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...

PT-2025-33306

Name of the Vulnerable Software and Affected Versions: AIDE versions prior to 0.19.2 Description: AIDE is susceptible to an improper output neutralization issue. An attacker can create a malicious filename containing terminal escape sequences to conceal file additions or removals from reports and...

CVE-2012-10057

Lattice Semiconductor ispVM System v18.0.2 contains a buffer overflow vulnerability in its handling of .xcf project files. When parsing the version attribute of the ispXCF XML tag, the application fails to properly validate input length, allowing a specially crafted file to overwrite memory on th...

CVE-2012-10057 Lattice Semiconductor ispVM System 18.0.2 XCF File Handling Buffer Overflow

Lattice Semiconductor ispVM System v18.0.2 contains a buffer overflow vulnerability in its handling of .xcf project files. When parsing the version attribute of the ispXCF XML tag, the application fails to properly validate input length, allowing a specially crafted file to overwrite memory on th...

CVE-2012-10057 Lattice Semiconductor ispVM System 18.0.2 XCF File Handling Buffer Overflow

Lattice Semiconductor ispVM System v18.0.2 contains a buffer overflow vulnerability in its handling of .xcf project files. When parsing the version attribute of the ispXCF XML tag, the application fails to properly validate input length, allowing a specially crafted file to overwrite memory on th...

Cross-site Scripting (XSS)

Overview enshrined/svg-sanitize is a SVG sanitizer for PHP Affected versions of this package are vulnerable to Cross-site Scripting XSS via the cleanXlinkHrefs function, which only searches for lower-case attribute names e.g. xlink:href instead of xlink:HrEf and allows to by-pass the...

CVE-2025-55166 svg-sanitizer By-Passing Attribute Sanitization

savg-sanitizer is a PHP SVG/XML sanitizer. Prior to version 0.22.0, the sanitization logic in the cleanXlinkHrefs method only searches for lower-case attribute name, which allows to by-pass the isHrefSafeValue check. As a result this allows cross-site scripting or linking to external domains. Thi...

SUSE-SU-2025:02758-1 Security update for libxml2

This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr bsc1246296...

Linux Distros Unpatched Vulnerability : CVE-2025-21915

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cdx: Fix possible UAF error in driveroverrideshow Fixed a possible UAF problem in driveroverrideshow in drivers/cdx/cdx.c This function driveroverrideshow is pa...

BIT-LIBPHP-2021-21704 Multiple vulnerabilities in Firebird client extension

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute, execute, fetch and others by returning invalid response data that is not...

Linux Distros Unpatched Vulnerability : CVE-2025-21840

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: thermal/netlink: Prevent userspace segmentation fault by adjusting UAPI header The intel-lpm...