SUSE-SU-2025:02350-2 Security update for kubernetes1.28

This update for kubernetes1.28 fixes the following issues: - CVE-2025-22872: Properly handle trailing solidus in unquoted attribute value in foreign content bsc1241865...

libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may acce...

RLSA-2025:4443 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: thunderbird: Privilege escalation in Firefox Updater CVE-2025-2817 firefox: thunderbird: Unsafe attribute access during XPath parsing CVE-2025-4087 firefox:...

FreeBSD : Mozilla -- cookie shadowing (5abc2187-685e-11f0-a12d-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 5abc2187-685e-11f0-a12d-b42e991fc52e advisory. [email protected] reports: Setting a nameless cookie with an equals sign in the value shadowed other...

CVE-2025-0253

HCL IEM is affected by a cookie attribute not set vulnerability due to inconsistency of certain security-related configurations which could increase exposure to potential vulnerabilities...

Linkify Allows Prototype Pollution & HTML Attribute Injection (XSS)

Prototype Pollution in internal assign helper in Linkify allows remote attackers to execute arbitrary JavaScript Stored or Reflected XSS via injection of event handlers through unfiltered proto property. This issue affects Linkify version 4.3.1 and is fixed in 4.3.2...

GHSA-95JQ-XPH2-CX9H Linkify Allows Prototype Pollution & HTML Attribute Injection (XSS)

Prototype Pollution in internal assign helper in Linkify allows remote attackers to execute arbitrary JavaScript Stored or Reflected XSS via injection of event handlers through unfiltered proto property. This issue affects Linkify version 4.3.1 and is fixed in 4.3.2...

CVE-2025-8101 Linkify 4.3.1 - Prototype Pollution & HTML Attribute Injection (XSS)

Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' vulnerability in Linkify linkifyjs allows XSS Targeting HTML Attributes and Manipulating User-Controlled Variables.This issue affects Linkify: from 4.3.1 before 4.3.2...

CVE-2025-8101 Linkify 4.3.1 - Prototype Pollution & HTML Attribute Injection (XSS)

Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' vulnerability in Linkify linkifyjs allows XSS Targeting HTML Attributes and Manipulating User-Controlled Variables.This issue affects Linkify: from 4.3.1 before 4.3.2...

CVE-2014-125114

CVE-2014-125114 affects i-Ftp v2.20. The root cause is a stack-based buffer overflow due to improper handling of the Time attribute in Schedule.xml, which can occur when a crafted Schedule.xml is parsed during scheduled downloads. This can lead to arbitrary code execution or a crash, as described...

CVE-2025-0253

HCL IEM is affected by a cookie attribute not set vulnerability due to inconsistency of certain security-related configurations which could increase exposure to potential vulnerabilities...

CVE-2025-0253

HCL IEM is affected by a cookie attribute not set vulnerability due to inconsistency of certain security-related configurations which could increase exposure to potential vulnerabilities...

CVE-2025-0253 HCL IEM is affected by a cookie attribute not set vulnerability

HCL IEM is affected by a cookie attribute not set vulnerability due to inconsistency of certain security-related configurations which could increase exposure to potential vulnerabilities...

CVE-2025-0253

CVE-2025-0253 affects HCL IEM and is described as a cookie attribute not set vulnerability caused by inconsistent security-related configurations, leading to potential information exposure. Affected software: HCL IEM (cookie handling/configuration). Underlying issue: cookie attributes not set, en...

CVE-2025-0253 HCL IEM is affected by a cookie attribute not set vulnerability

HCL IEM is affected by a cookie attribute not set vulnerability due to inconsistency of certain security-related configurations which could increase exposure to potential vulnerabilities...

Pablo Software Solutions i-Ftp 安全漏洞

Pablo Software Solutions i-Ftp is an FTP client software from Pablo Software Solutions. A security vulnerability exists in Pablo Software Solutions i-Ftp version 2.20, which stems from improper handling of the Time attribute in Schedule.xml, and could lead to a stack buffer overflow and arbitrary...

PT-2025-30716 · Hcl · Hcl Iem

Name of the Vulnerable Software and Affected Versions: HCL IEM affected versions not specified Description: HCL IEM is affected by a cookie attribute not set vulnerability resulting from inconsistent security-related configurations. This issue could increase exposure to potential vulnerabilities...

CVE-2025-46198

CVE-2025-46198 affects Grav CMS versions 1.7.46–1.7.48. The vulnerability is a Cross-Site Scripting flaw that allows an attacker to execute arbitrary code through the onerror attribute of the img element. Root cause is an unvalidated onerror attribute, enabling script execution in contexts honori...

SUSE CVE-2025-8037

Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the Secure attribute. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

CVE-2025-8037

Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the Secure attribute. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...