Security update for SUSE Manager Client Tools and Salt Bundle

This update for SUSE Manager Client Tools and Salt Bundle the following issues: uyuni-tools: venv-salt-minion: Security fixes on Python 3.11 interpreter: CVE-2024-7592: Fixed quadratic complexity in parsing -quoted cookie values with backslashes bsc1229873, bsc1230059 CVE-2024-8088: Prevent...

MAL-2025-173 Malicious code in com.unity.assetbundlebrowser (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9cc638fbdda6e9a85e316d397fa90e5d3306ab3c17a078ce28307258664d6586 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in bc-bundle (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 21ca742de853894958cf8e34ed10d1e17d9584d7b71e3513b533c66a7a207067 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in bundle-cryp (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 68e5e93c567878bc6b19bc6773caab5b8bb228ebe198a31386e7131754aeb937 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-170 Malicious code in bundle-cryp (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 68e5e93c567878bc6b19bc6773caab5b8bb228ebe198a31386e7131754aeb937 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SUSE CVE-2024-47068

Rollup is a module bundler for JavaScript. Versions prior to 2.79.2, 3.29.5, and 4.22.4 are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from import.meta e.g., import.meta.url in cjs/umd/iife format. The DOM Clobbering gadget can lead to cross-site scripting...

CVE-2024-54268

Missing Authorization vulnerability in SiteOrigin SiteOrigin Widgets Bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteOrigin Widgets Bundle: from n/a through 1.64.0...

CVE-2024-54268

Missing Authorization vulnerability in Greg - SiteOrigin SiteOrigin Widgets Bundle so-widgets-bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteOrigin Widgets Bundle: from n/a through = 1.64.0...

CVE-2023-41649

Missing Authorization vulnerability in Ovic Team Ovic Product Bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ovic Product Bundle: from n/a through 1.1.2...

CVE-2024-54268

CVE-2024-54268 : A Missing Authorization vulnerability in SiteOrigin Widgets Bundle (WordPress plugin) affects versions up to 1.64.0. The root cause is an incorrectly configured access control security level, enabling broken access control. Public sources (Patchstack, Red Hat, CVE listings) descr...

CVE-2024-54268 WordPress SiteOrigin Widgets Bundle plugin <= 1.64.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Greg - SiteOrigin SiteOrigin Widgets Bundle so-widgets-bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteOrigin Widgets Bundle: from n/a through = 1.64.0...

CVE-2024-54268 WordPress SiteOrigin Widgets Bundle plugin <= 1.64.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in SiteOrigin SiteOrigin Widgets Bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteOrigin Widgets Bundle: from n/a through 1.64.0...

CVE-2023-41649 WordPress Ovic Product Bundle plugin <= 1.1.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in hoangkhanh92 Ovic Product Bundle ovic-product-bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ovic Product Bundle: from n/a through = 1.1.2...

CVE-2023-41649 WordPress Ovic Product Bundle plugin <= 1.1.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ovic Team Ovic Product Bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ovic Product Bundle: from n/a through 1.1.2...

WordPress plugin Ovic Product Bundle 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin SiteOrigin Widgets Bundle 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

sigstore has insufficient validation of integration timestamp during verification

Summary Versions of sigstore-python newer than 2.0.0 but prior to 3.6.0 perform insufficient validation of the "integration time" present in "v2" and "v3" bundles during the verification flow: the "integration time" is verified if a source of signed time such as an inclusion promise is present, b...

WordPress SiteOrigin Widgets Bundle plugin <= 1.64.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin SiteOrigin Widgets Bundle versions = 1.64.0...

Malicious code in webpacks-bundle-analyze (npm)

--- -= Per source details. Do not edit below this line.=-...

GHSA-JP26-88MW-89QR sigstore-java has a vulnerability with bundle verification

Summary sigstore-java has insufficient verification for a situation where a bundle provides a invalid signature for a checkpoint. Impact This bug impacts clients using any variation of KeylessVerifier.verify Currently checkpoints are only used to ensure the root hash of an inclusion proof was...