Important: Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Jaeger) 3.5.3 release

Red Hat OpenShift distributed tracing platform Jaeger 3.5.3 has been released This release of the Red Hat OpenShift distributed tracing platform Jaeger provides security improvements. Breaking changes: Nothing Deprecations: Nothing Technology Preview features: Nothing Enhancements: Nothing Bug...

Updated redis packages fix security vulnerabilities

Updated redis packages to a more recent version to fix security vulnerabilities: Some vulnerabilities have been discovered and fixed. Please note this update is from 7.0 to 7.2 which brings some potentially breaking changes. In most cases this update could be installed without problems. Potential...

MGASA-2025-0211 Updated redis packages fix security vulnerabilities

Updated redis packages to a more recent version to fix security vulnerabilities: Some vulnerabilities have been discovered and fixed. Please note this update is from 7.0 to 7.2 which brings some potentially breaking changes. In most cases this update could be installed without problems. Potential...

SUSE SLES15 / openSUSE 15 Security Update : grafana (SUSE-SU-2025:01991-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:01991-1 advisory. grafana was updated from version 10.4.15 to 11.5.5 jscPED-12918: - Security issues fixed: CVE-2025-4123: Fix cross-site scriptin...

Security update for grafana

This update for grafana fixes the following issues: grafana was updated from version 9.5.18 to 10.4.13 jscPED-11591,jscPED-11649: Security issues fixed: CVE-2024-45337: Prevent possible misuse of ServerConfig.PublicKeyCallback by upgrading golang.org/x/crypto bsc1234554 CVE-2023-3128: Fixed...

SUSE-SU-2025:0545-1 Security update for grafana

This update for grafana fixes the following issues: grafana was updated from version 9.5.18 to 10.4.13 jscPED-11591,jscPED-11649: - Security issues fixed: CVE-2024-45337: Prevent possible misuse of ServerConfig.PublicKeyCallback by upgrading golang.org/x/crypto bsc1234554 CVE-2023-3128: Fixed...

Simulation of Wasmd message can cause crashing

CWA-2024-009 Severity Low Marginal + Likely^1 Affected versions: - wasmd 0.53.1 Patched versions: - wasmd 0.53.2 please note that wasmd 0.53.1 is broken and must not be used Description of the bug Blank for now. We'll add more detail once chains had a chance to upgrade. Mitigations Apart from...

Fedora 40 : uv (2024-075f626765)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-075f626765 advisory. Update uv from 0.4.30 to 0.5.5. This is a significant update. Please see the following notes. ---- By updating to a current release of uv, this update fixes...

SUSE CVE-2024-51744

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

Plate allows arbitrary DOM attributes in element.attributes and leaf.attributes

Impact One longstanding feature of Plate is the ability to add custom DOM attributes to any element or leaf using the attributes property. These attributes are passed to the node component using the nodeProps prop. Note: The attributes prop that is typically rendered alongside nodeProps is...

GHSA-494H-9924-XWW9 Pterodactyl Wings vulnerable to improper isolation of server file access

Impact This vulnerability impacts anyone running the affected versions of Wings. The vulnerability can potentially be used to access files and directories on the host system. The full scope of impact is exactly unknown, but reading files outside of a server's base directory sandbox root is...

SUSE: Security Advisory (SUSE-SU-2023:3867-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-2HM9-H873-PGQH OpenFGA Vulnerable to DoS from circular relationship definitions

Overview OpenFGA is vulnerable to a DoS attack when certain Check calls are executed against authorization models that contain circular relationship definitions. When the call is made, it's possible for the server to exhaust resources and die. Am I Affected? Yes, if your store contains an...

SUSE-SU-2023:3868-1 Security update for SUSE Manager Client Tools

This update fixes the following issues: golang-github-lusitaniae-apacheexporter: - Security issues fixed: CVE-2022-32149: Fix denial of service vulnerability bsc1204501 CVE-2022-41723: Fix uncontrolled resource consumption bsc1208270 CVE-2022-46146: Fix authentication bypass vulnarability...

SUSE-SU-2023:3867-1 Security update for SUSE Manager Client Tools

This update fixes the following issues: golang-github-lusitaniae-apacheexporter: - Security issues fixed: CVE-2022-32149: Fix denial of service vulnerability bsc1204501 CVE-2022-41723: Fix uncontrolled resource consumption bsc1208270 CVE-2022-46146: Fix authentication bypass vulnarability...

RUSTSEC-2022-0070 Unsound API in `secp256k1` allows use-after-free and invalid deallocation from safe code

Because of incorrect bounds on method Secp256k1::preallocatedgennew it was possible to cause use-after-free from safe consumer code. It was also possible to "free" memory not allocated by the appropriate allocator. The method takes a place for storing the context as a mutable reference and return...

PT-2022-24912 · Openfga · Openfga

Name of the Vulnerable Software and Affected Versions: OpenFGA versions prior to 0.2.4 Description: OpenFGA is an authorization/permission engine. The issue concerns authorization bypass under certain conditions, specifically when a relation is defined as a tupleset involving anything other than ...

Confluence: Multiple vulnerabilities in log4j < 1.2.7-atlassian-16

The version of log4j used by Confluence has been updated from version 1.2.7-atlassian-15 to 1.2.7-atlassian-16 to address the following vulnerabilities: CVE-2020-9493|https://vulners.com/cve/CVE-2020-9493 and CVE-2022-23307|https://vulners.com/cve/CVE-2022-23307 Apache Chainsaw is bundled with...

SUSE-FU-2022:1419-1 Feature update for grafana

This update for grafana fixes the following issues: Update from version 7.5.12 to version 8.3.5 jscSLE-23422 - Security: CVE-2022-21702: XSS vulnerability in handling data sources bsc1195726 CVE-2022-21703: cross-origin request forgery vulnerability bsc1195727 CVE-2022-21713: Insecure Direct Obje...

Security update for libredwg (moderate)

openSUSE Security Update: Security update for libredwg Announcement ID: openSUSE-SU-2020:0095-1 Rating: moderate References: 1129868 1129869 1129870 1129873 1129874 1129875 1129876 1129878 1129879 1129881 1154080 1159824 1159825 1159826 1159827 1159828 1159831 1159832 Cross-References:...