CVE-2025-54089

CVE-2025-54089 is a cross-site scripting vulnerability in versions of secure access prior to 14.10. Attackers with administrative access to the console can interfere with another administrator’s access to the console. The attack complexity is low; there are no attack requirements. Privileges...

A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading the client to terminate the NBD session. The highest threat from this vulnerability is to system availability.

...

OPENSUSE-SU-2025:15593-1 MozillaFirefox-143.0.3-1.1 on GA media

These are all security issues fixed in the MozillaFirefox-143.0.3-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15594-1 azure-storage-azcopy-10.30.1-1.1 on GA media

These are all security issues fixed in the azure-storage-azcopy-10.30.1-1.1 package on the GA media of openSUSE Tumbleweed...

curl-8.16.0-1.1 on GA media (moderate)

curl-8.16.0-1.1 on GA media Announcement ID: openSUSE-SU-2025:15590-1 Rating: moderate Cross-References: CVE-2025-10148 CVE-2025-9086 CVSS scores: CVE-2025-9086 SUSE : 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Tumbleweed An update that solves 2 vulnerabilities c...

Important: Red Hat Security Advisory: Insights proxy Container Image

Initial GA Release of Red Hat Insights proxy The Insights proxy Container is used by the Insights proxy product RPM and serves as an intermediary between cystomer systems in disconnected networks, air-gapped systems or systems with no outside connections and Insights. The Insights proxy routes al...

CVE-2023-53462 hsr: Fix uninit-value access in fill_frame_info()

In the Linux kernel, the following vulnerability has been resolved: hsr: Fix uninit-value access in fillframeinfo Syzbot reports the following uninit-value access problem. ===================================================== BUG: KMSAN: uninit-value in fillframeinfo net/hsr/hsrforward.c:601 inli...

ROS-20250930-15

Kea open source DHCP server vulnerability is related to availability checking when processing DHCP packets. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

OPENSUSE-SU-2025:15590-1 curl-8.16.0-1.1 on GA media

These are all security issues fixed in the curl-8.16.0-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15592-1 libsuricata8_0_1-8.0.1-1.1 on GA media

These are all security issues fixed in the libsuricata801-8.0.1-1.1 package on the GA media of openSUSE Tumbleweed...

K000156730: Multiple ImageMagick vulnerabilities

Security Advisory Description CVE-2021-20176 A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through a division by zero. The highest threat from...

K000156722: Multiple ImageMagick vulnerabilities

Security Advisory Description CVE-2020-27763 A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to applicati...

Hitachi Energy MACH GWS

SUMMARY Hitachi Energy is aware of these vulnerabilities that affect the MACH GWS product versions listed in this document. An attacker successfully exploiting these vulnerabilities can cause confidentiality, integrity and availability impacts. Please refer to the Recommended Immediate Actions...

NewStart CGSL MAIN 6.06 : c-ares Vulnerability (NS-SA-2025-0226)

The remote NewStart CGSL host, running version MAIN 6.06, has c-ares packages installed that are affected by a vulnerability: - A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Servers can lead to output of wrong hostnames which...

OPENSUSE-SU-2025:15588-1 afterburn-5.9.0.git21.a73f509-2.1 on GA media

These are all security issues fixed in the afterburn-5.9.0.git21.a73f509-2.1 package on the GA media of openSUSE Tumbleweed...

AMD Embedded Processors Security Update

AMD has informed HP of potential vulnerabilities in some AMD Embedded Processors and AMD Chipset Driver for the embedded processors, which might allow arbitrary code execution, denial of service, loss of integrity, loss of availability, or loss of confidentiality. AMD has released firmware and...

Medium: binutils

Issue Overview: A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfdelfsetgroupcontents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The...

OPENSUSE-SU-2025:15584-1 gimp-3.0.4-3.1 on GA media

These are all security issues fixed in the gimp-3.0.4-3.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15587-1 ruby3.4-rubygem-rack-2.2-2.2.18-1.1 on GA media

These are all security issues fixed in the ruby3.4-rubygem-rack-2.2-2.2.18-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2025-59817

This vulnerability allows attackers to execute arbitrary commands on the underlying system. Because the web portal runs with root privileges, successful exploitation grants full control over the device, potentially compromising its availability, confidentiality, and integrity...