SUSE-SU-2025:02502-1 Security update for salt

This update for salt fixes the following issues: - Security issues fixed: - CVE-2024-38822: Fixed Minion token validation bsc1244561 - CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 - CVE-2024-38824: Fixed directory traversal...

Security update for salt

This update for salt fixes the following issues: Security issues fixed: CVE-2024-38822: Fixed Minion token validation bsc1244561 CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 CVE-2024-38824: Fixed directory traversal vulnerability...

SUSE-SU-2025:02499-1 Security update 5.0.5 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - Security issues fixed: - CVE-2024-38822: Fixed Minion token validation bsc1244561 - CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 - CVE-2024-38824: Fixed directory...

SUSE-SU-2025:02491-1 Security update 5.0.5 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - Security issues fixed: - CVE-2024-38822: Fixed Minion token validation bsc1244561 - CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 - CVE-2024-38824: Fixed directory...

Malicious code in vue4-google-auth (npm)

The package communicates with a domain associated with malicious activity...

MAL-2025-6135 Malicious code in vue4-google-auth (npm)

The package communicates with a domain associated with malicious activity...

CVE-2025-6704

An arbitrary file writing vulnerability in the Secure PDF eXchange SPX feature of Sophos Firewall versions older than 21.0 MR2 21.0.2 can lead to pre-auth remote code execution, if a specific configuration of SPX is enabled in combination with the firewall running in High Availability HA mode...

CVE-2025-7382

Summary (CVE-2025-7382) : A command-injection vulnerability exists in the WebAdmin component of Sophos Firewall versions older than 21.0 MR2 (21.0.2). If OTP authentication for the admin user is enabled, adjacent attackers can achieve pre-auth code execution on High Availability (HA) auxiliary de...

CVE-2025-7382

A command injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR2 21.0.2 can lead to adjacent attackers achieving pre-auth code execution on High Availability HA auxiliary devices, if OTP authentication for the admin user is enabled...

VulnCheck KEV: CVE-2025-28137

The TOTOLINK A810R V4.1.2cu.5182B20201026 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter...

Malicious code in ipp-auth-service-tools (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 54b42b5695779161ac5d3618b146cd263b9f17a9c1fe517abd5efff7b3ecdc97 Any computer that has this package installed or running should be considered...

MAL-2025-6099 Malicious code in ipp-auth-service-tools (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 54b42b5695779161ac5d3618b146cd263b9f17a9c1fe517abd5efff7b3ecdc97 Any computer that has this package installed or running should be considered...

CVE-2025-54064

CVE-2025-54064 affects Rucio helm charts for rucio-server, rucio-ui, and rucio-webui. The Apache access-log format includes the X-Rucio-Auth-Token header (which may contain Internal Rucio tokens or JWTs), potentially exposing credentials in log lines. Affected versions and patches: rucio-server 3...

CVE-2025-54064 rucio-server, rucio-ui, and rucio-webui vulnerable to insertion of X-Rucio-Auth-Token in apache access logfiles

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. The common Rucio helm-charts for the rucio-server, rucio-ui, and rucio-webui define the log format for the apache access log of these components...

Malicious code in preview-server-auth-poc (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 923e18277dc972e221ab7a161e65c18219ff037b3a347b86f86df7f6cba1bcfb The OpenSSF Package Analysis project identified...

MAL-2025-5993 Malicious code in preview-server-auth-poc (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 923e18277dc972e221ab7a161e65c18219ff037b3a347b86f86df7f6cba1bcfb The OpenSSF Package Analysis project identified...

Rucio Helm Charts 日志信息泄露漏洞

Rucio Helm Charts is a library for Rucio in the rucio open source. Rucio Helm Charts suffers from a log message disclosure vulnerability that stems from logging X-Rucio-Auth-Token, which could lead to credential disclosure...

MAL-2025-5971 Malicious code in vss-web-auth-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 70dc7c0837db09d1f3b1d98483b9ce346b56d8ea5ae46ee6b2d974d8be75ea26 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ado-codespaces-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware acd2e4a00a6fa99e47e9f10ae7238f2faaf2dd65d07678a4f33037a25ef636c2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @subsplash/auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 689eb4db6c52e3ce55d130f22da039b110c816b7a03395db966a87086272fd42 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...