SUSE: Security Advisory (SUSE-SU-2023:2476-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2025:0062-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

About the security content of Safari18.1

About the security content of Safari18.1 This document describes the security content of Safari 18.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

CVE-2024-45030 igb: cope with large MAX_SKB_FRAGS

In the Linux kernel, the following vulnerability has been resolved: igb: cope with large MAXSKBFRAGS Sabrina reports that the igb driver does not cope well with large MAXSKBFRAG values: setting MAXSKBFRAG to 45 causes payload corruption on TX. An easy reproducer is to run ssh to connect to the...

CVE-2024-45030 igb: cope with large MAX_SKB_FRAGS

In the Linux kernel, the following vulnerability has been resolved: igb: cope with large MAXSKBFRAGS Sabrina reports that the igb driver does not cope well with large MAXSKBFRAG values: setting MAXSKBFRAG to 45 causes payload corruption on TX. An easy reproducer is to run ssh to connect to the...

CVE-2024-45030

The CVE affects the Linux kernel igb NIC driver: when MAX_SKB_FRAG grows large (e.g., 45), payloads can be corrupted on TX because the driver does not correctly account for shared info size while choosing the ring layout and may fit two packets in a single 4K page. Root cause: underestimation of ...

Yaws Web Server Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Yaws Web Server Directory Traversal", 'Description' = %q This module exploits a directory traversal bug in Yaws v1.9.1 or less. The module can on...

SUSE SLES15 Security Update : openssl-3-livepatches (SUSE-SU-2024:2761-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2024:2761-1 advisory. - CVE-2024-5535: Fixed SSLselectnextproto buffer overread bsc1227147. Tenable has extracted the preceding description block directly from the SUSE...

SUSE SLES15 Security Update : python-requests (SUSE-SU-2024:2685-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:2685-1 advisory. - CVE-2023-32681: Fixed unintended leak of Proxy-Authorization header bsc1211674. Tenable has extracted the preceding description block...

OPENSUSE-SU-2024:14135-1 python310-bugzilla-3.2.0-2.3 on GA media

These are all security issues fixed in the python310-bugzilla-3.2.0-2.3 package on the GA media of openSUSE Tumbleweed...

SUSE SLES15 Security Update : freeradius-server (SUSE-SU-2024:2367-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2367-1 advisory. - CVE-2024-3596: Fixed chosen-prefix collision attack against MD5 bsc1223414. Tenable has extracted the preceding description block directly...

OPENSUSE-SU-2024:10664-1 bugzilla-5.0.6-4.2 on GA media

These are all security issues fixed in the bugzilla-5.0.6-4.2 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:10058-1 python-bugzilla-1.2.2-1.1 on GA media

These are all security issues fixed in the python-bugzilla-1.2.2-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2024-5742

A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privilege...

SUSE SLES12 Security Update : poppler (SUSE-SU-2024:1899-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1899-1 advisory. - CVE-2024-4141: Fixed out-of-bounds array write bsc1223375. Tenable has extracted the preceding description block directly from the SUSE...

CVE-2024-5564

A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information...

openSUSE 15 Security Update : qt6-networkauth (openSUSE-SU-2024:0138-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2024:0138-1 advisory. - CVE-2024-36048: Fixed data race and poor seeding in generateRandomString boo1224782. Tenable has extracted the preceding description block directly fro...

CVE-2021-47490 drm/ttm: fix memleak in ttm_transfered_destroy

In the Linux kernel, the following vulnerability has been resolved: drm/ttm: fix memleak in ttmtransfereddestroy We need to cleanup the fences for ghost objects as well. Bug: https://bugzilla.kernel.org/showbug.cgi?id=214029 Bug: https://bugzilla.kernel.org/showbug.cgi?id=214447...

CVE-2021-47490 drm/ttm: fix memleak in ttm_transfered_destroy

In the Linux kernel, the following vulnerability has been resolved: drm/ttm: fix memleak in ttmtransfereddestroy We need to cleanup the fences for ghost objects as well. Bug: https://bugzilla.kernel.org/showbug.cgi?id=214029 Bug: https://bugzilla.kernel.org/showbug.cgi?id=214447...

CVE-2021-47490

CVE-2021-47490 affects the Linux kernel DRM memory management (drm/ttm). The issue is a memleak during ttm_transfered_destroy, and the fix includes cleanup of fences for ghost objects. The available connected advisories/policy notes confirm the vulnerability is fixed by kernel patches; no exploit...