[SECURITY] Fedora 42 Update: valkey-8.0.3-3.fc42

Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...

[SECURITY] Fedora 40 Update: valkey-8.0.3-1.fc40

Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...

Linux Distros Unpatched Vulnerability : CVE-2024-26630

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: mm: cachestat: fix folio read-after- free in cache walk In cachestat, we access the folio fr...

CVE-2025-22149 JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh

JWK Set JSON Web Key Set is a JWK and JWK Set Go implementation. Prior to 0.6.0, the project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use...

CVE-2024-26630

In the Linux kernel, the following vulnerability has been resolved: mm: cachestat: fix folio read-after-free in cache walk In cachestat, we access the folio from the page cache's xarray to compute its page offset, and check for its dirty and writeback flags. However, we do not hold a reference to...

CVE-2023-20592

A flaw was found in some of AMD CPU's due to improper or unexpected behavior of the INVD. This issue may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU, potentially leading to a loss of guest virtual machine VM memory integrity. Mitigation...

CVE-2023-20592

Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine VM memory integrity...

CVE-2023-20592

Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine VM memory integrity...

spring-boot: Spring Boot Welcome Page DoS Vulnerability

A flaw was found in Spring Boot, occurring prominently in Spring MVC with a reverse proxy cache. This issue requires Spring MVC to have auto-configuration enabled and the application to use Spring Boot's welcome page support, either static or templated, resulting in the application being deployed...

SUSE-SU-2021:1930-1 Security update for ucode-intel

This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20210608 release. - CVE-2020-24513: A domain bypass transient execution vulnerability was discovered on some Intel Atom processors that use a micro-architectural incident channel. INTEL-SA-00465 bsc1179833 See...

Ruby on Rails: File writing by Directory traversal at actionpack-page_caching and RCE by it

I found a directory traversal in actionpack-pagecaching. Some code may lead to RCE. https://github.com/rails/actionpack-pagecaching/blob/master/lib/actioncontroller/caching/pages.rbL143 ruby def cachefilepath, extension if path.empty? || path = %r\A/+\z name = "/index" else name =...

SUSE-SU-2017:2937-1 Security update for sssd

This update for sssd provides the following fixes: Security issues fixed: - CVE-2017-12173: Fixed unsanitized input when searching in local cache database bsc1061832. Non security issues fixed: - Fixed a segfault issue in ldaprfc2307fallbacktolocalusers. bsc1055123 - Install /var/lib/sss/mc...