python315-3.15.0~a3-1.1 on GA media (moderate)

python315-3.15.0a3-1.1 on GA media Announcement ID: openSUSE-SU-2025:15840-1 Rating: moderate Cross-References: CVE-2025-12084 CVE-2025-13836 CVE-2025-13837 CVSS scores: CVE-2025-12084 SUSE : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2025-12084 SUSE : 6.3...

kernel: net: sched: sfb: fix null pointer access issue when sfb_init() fails

A null pointer dereference exists in the linux kernel, such that when sfbinit fails qdisc is NULL, and it will cause gpf issue, leading to damage to the availability of the system...

OPENSUSE-SU-2025:15841-1 zk-0.15.2-1.1 on GA media

These are all security issues fixed in the zk-0.15.2-1.1 package on the GA media of openSUSE Tumbleweed...

MozillaFirefox-146.0.1-1.1 on GA media (moderate)

MozillaFirefox-146.0.1-1.1 on GA media Announcement ID: openSUSE-SU-2025:15833-1 Rating: moderate Cross-References: CVE-2025-14860 CVE-2025-14861 Affected Products: openSUSE Tumbleweed An update that solves 2 vulnerabilities can now be installed. Description: These are all security issues fixed i...

SUSE CVE-2024-2182

A flaw was found in the Open Virtual Network OVN. In OVN clusters where BFD is used between hypervisors for high availability, an attacker can inject specially crafted BFD packets from inside unprivileged workloads, including virtual machines or containers, that can trigger a denial of service...

CVE-2025-14955

Open5GS up to 2.7.5 is affected by a PFCP component issue: ogs_pfcp_handle_create_pdr in lib/pfcp/handler.c can cause improper initialization. The vulnerability allows remote launching and is noted as high complexity, with exploits public. A patch is available (commit 773117aa5472af26fc9f80e608d3...

CVE-2025-40898

A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in arbitrary path...

ROS-20251219-7303

A vulnerability in the MongoDB database management system server is related to the use of assert or a similar operator. Exploitation of the vulnerability could allow a remote attacker to affect the availability of protected information...

OPENSUSE-SU-2025:15832-1 coredns-for-k8s1.35-1.13.1-2.1 on GA media

These are all security issues fixed in the coredns-for-k8s1.35-1.13.1-2.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15830-1 alloy-1.12.0-2.1 on GA media

These are all security issues fixed in the alloy-1.12.0-2.1 package on the GA media of openSUSE Tumbleweed...

CVE-2025-40892

A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing a JavaScript payload, or a victim can be socially engineered to import a...

CVE-2025-40898

A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in arbitrary path...

CVE-2025-40898

A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in arbitrary path...

EUVD-2025-204258

A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in arbitrary path...

PT-2025-52222

A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in arbitrary path...

Path traversal in Import Arc data archive functionality in Guardian/CMC before 25.5.0

Summary A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. Impact An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in...

OPENSUSE-SU-2025:15826-1 coredns-for-k8s1.34-1.12.1-2.1 on GA media

These are all security issues fixed in the coredns-for-k8s1.34-1.12.1-2.1 package on the GA media of openSUSE Tumbleweed...

EulerOS Virtualization 2.13.0 : EDK2 (EulerOS-SA-2025-2571)

According to the versions of the EDK2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : EDK2 contains a vulnerability in BIOS where an attacker may cause 'Protection Mechanism Failure' by local access. Successful...

EulerOS Virtualization 2.13.1 : libtiff (EulerOS-SA-2025-2550)

According to the versions of the libtiff package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability classified as problematic was found in libtiff 4.6.0. This vulnerability affects the function PSLvl2page of the fil...

kernel: ip6mr: Fix skb_under_panic in ip6mr_cache_report()

A buffer underwrite vulnerability exists in the linux kernel in the function skbunderpanic in ip6mrcachereport, leading to an attacker, via crafting a payload, could result in damage to system availability and integrity...