[SECURITY] Fedora 43 Update: haproxy-3.0.23-2.fc43

HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread load among several servers while assuring server persistence through the use of HTTP cookies - switch to...

PT-2026-29357

Name of the Vulnerable Software and Affected Versions XML Notepad versions prior to 2.9.0.21 Description XML Notepad, a Windows program for editing XML documents, does not disable DTD processing by default before version 2.9.0.21. This allows for the resolution of external entities. An attacker c...

EUVD-2025-20920

Malicious code in bioql PyPI...

Security Bulletin: User Entity Behavior Analytics app for IBM QRadar SIEM includes components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. User Entity Behavior Analytics app for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-29927 DESCRIPTION: Next.js is a...

CVE-2025-54414 Anubis accepts crafted redirect URLs in pass-challenge 'Try Again' buttons

Anubis is a Web AI Firewall Utility that weighs the soul of users' connections using one or more challenges in order to protect upstream resources from scraper bots. In versions 1.21.2 and below, attackers can craft malicious pass-challenge pages that cause a user to execute arbitrary JavaScript...

CVE-2025-38326 aoe: clean device rq_list in aoedev_downdev()

In the Linux kernel, the following vulnerability has been resolved: aoe: clean device rqlist in aoedevdowndev An aoe device's rqlist contains accepted block requests that are waiting to be transmitted to the aoe target. This queue was added as part of the conversion to blkmq. However, the queue w...

CVE-2025-38326

CVE-2025-38326: Linux kernel AOE driver vulnerability where aoe device rq_list isn’t cleaned on down, causing blk_mq_freeze_queue() to sleep and hang. Fix clears the rq_list before blk_mq_freeze_queue(). No exploitation details provided; remediation is the kernel fix.

SUSE CVE-2025-47712

A flaw exists in the nbdkit "blocksize" filter that can be triggered by a specific type of client request. When a client requests block status information for a very large data range, exceeding a certain limit, it causes an internal error in the nbdkit, leading to a denial of service...

kernel: block: don't call rq_qos_ops->done_bio if the bio isn't tracked

A vulnerability was found in the Linux kernel, where improper handling of block I/O requests when a block I/O request bio is not tracked, the kernel erroneously calls the rqqosops-donebio function, potentially leading to use-after-free issues. This situation can occurr when the request queue is...

SUSE CVE-2007-5498

The Xen hypervisor block backend driver for Linux kernel 2.6.18, when running on a 64-bit host with a 32-bit paravirtualized guest, allows local privileged users in the guest OS to cause a denial of service host OS crash via a request that specifies a large number of blocks...

Important: kernel-livepatch-4.14.214-160.339

Issue Overview: A flaw was found in the Linux kernel's implementation of the Linux SCSI target host, where an authenticated attacker could write to any block on the exported SCSI device backing store. This flaw allows an authenticated attacker to send LIO block requests to the Linux system to...

[SECURITY] Fedora 21 Update: haproxy-1.5.4-1.fc21

HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread load among several servers while assuring server persistence through the use of HTTP cookies - switch to...

missing sanity check in xen block backend driver

The Xen hypervisor block backend driver for Linux kernel 2.6.18, when running on a 64-bit host with a 32-bit paravirtualized guest, allows local privileged users in the guest OS to cause a denial of service host OS crash via a request that specifies a large number of blocks...