SUSE-SU-2025:3703-1 Security update for the Linux Kernel (Live Patch 71 for SLE 12 SP5)

This update for the Linux Kernel 4.12.14-122269 fixes several issues. The following security issues were fixed: - CVE-2022-50386: Bluetooth: L2CAP: Fix user-after-free bsc1250302. - CVE-2025-38499: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns bsc1248673. -...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987615)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987615 advisory. In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix leak of nested actions While parsing user-provided actions, openvswitch...

SUSE SLES12 Security Update : kernel (Live Patch 61 for SLE 12 SP5) (SUSE-SU-2025:03653-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03653-1 advisory. This update for the Linux Kernel 4.12.14-122231 fixes several issues. The following security issues were fixed: - CVE-2022-50386: Bluetooth:...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987594)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987594 advisory. In the Linux kernel, the following vulnerability has been resolved: mm: fix unexpected zeroed page mapping with zram swap Two processes under CLONEVM cloning, user...

SUSE SLES12 Security Update : kernel (Live Patch 62 for SLE 12 SP5) (SUSE-SU-2025:03656-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03656-1 advisory. This update for the Linux Kernel 4.12.14-122234 fixes several issues. The following security issues were fixed: - CVE-2022-50386: Bluetooth:...

SUSE SLES15 Security Update : kernel (Live Patch 34 for SLE 15 SP4) (SUSE-SU-2025:3679-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3679-1 advisory. This update for the Linux Kernel 5.14.21-15040024144 fixes several issues. The following security issues were fixed: - CVE-2025-38678: netfilte...

SUSE SLES12 Security Update : kernel (Live Patch 60 for SLE 12 SP5) (SUSE-SU-2025:03652-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03652-1 advisory. This update for the Linux Kernel 4.12.14-122228 fixes several issues. The following security issues were fixed: - CVE-2022-50386: Bluetooth:...

Security update for the Linux Kernel (Live Patch 51 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059185 fixes several issues. The following security issues were fixed: CVE-2025-38499: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns bsc1248673. CVE-2025-21971: netsched: Prevent creation of classes with TCHROOT bsc1245794...

131 Chrome Extensions Caught Hijacking WhatsApp Web for Massive Spam Campaign

Cybersecurity researchers have uncovered a coordinated campaign that leveraged 131 rebranded clones of a WhatsApp Web automation extension for Google Chrome to spam Brazilian users at scale. The 131 spamware extensions share the same codebase, design patterns, and infrastructure, according to...

Security update for the Linux Kernel (Live Patch 58 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059207 fixes several issues. The following security issues were fixed: CVE-2025-38499: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns bsc1248673. CVE-2025-21971: netsched: Prevent creation of classes with TCHROOT bsc1245794...

Security update for the Linux Kernel (Live Patch 69 for SLE 12 SP5)

This update for the Linux Kernel 4.12.14-122261 fixes several issues. The following security issues were fixed: CVE-2022-50386: Bluetooth: L2CAP: Fix user-after-free bsc1250302. CVE-2025-38499: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns bsc1248673. CVE-2025-21971:...

SUSE-SU-2025:03653-1 Security update for the Linux Kernel (Live Patch 61 for SLE 12 SP5)

This update for the Linux Kernel 4.12.14-122231 fixes several issues. The following security issues were fixed: - CVE-2022-50386: Bluetooth: L2CAP: Fix user-after-free bsc1250302. - CVE-2025-38499: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns bsc1248673. -...

EUVD-2025-33396

BBOT's gitclone.py can expose users' GitHub API keys to an attacker-controlled webserver...

GHSA-63WH-P5FX-H4VC BBOT's git_clone.py can expose users' GitHub API keys to an attacker-controlled webserver

Summary Due to unsafe URL handling, bbot's gitclone.py can be made to leak a user's github.com API key to an attacker-controlled webserver. Impact A user who has placed their github.com API key in the configuration for any of the following modules: githubcodesearch githubworkflows gitlab gitclone...

BBOT's git_clone.py can expose users' GitHub API keys to an attacker-controlled webserver

Summary Due to unsafe URL handling, bbot's gitclone.py can be made to leak a user's github.com API key to an attacker-controlled webserver. Impact A user who has placed their github.com API key in the configuration for any of the following modules: githubcodesearch githubworkflows gitlab gitclone...

CVE-2025-10281

BBOT's gitclone module could be abused to disclose a GitHub API key to an attacker controlled server with a malicious formatted git URL...

CVE-2025-10281

BBOT’s git_clone vulnerability stems from unsafe URL handling that can cause exposure of GitHub API keys to an attacker-controlled server when processing a specially crafted git URL. The CVE description and multiple advisories (Red Hat, GHSA, EUVD, OSV, NVD, CVELIST, and Snyk) consistently refere...

PT-2025-41394

Name of the Vulnerable Software and Affected Versions BBOT affected versions not specified Description The git clone module in BBOT may allow an attacker to disclose a GitHub API key to a server they control by using a maliciously formatted git URL. The issue involves the potential exposure of th...

BBOT 安全漏洞

BBOT is a recursive Internet scanner open-sourced by Black Lantern Security. BBOT suffers from a security vulnerability that originates in the gitclone module, where a maliciously formatted git URL could lead to the disclosure of GitHub API keys to an attacker-controlled server...

JLSEC-2025-2 Command injection in `withpasswd()` function in Registrator.jl

Impact If the clone URL returned by GitHub is malicious or can be injected using upstream vulnerabilities, a shell script injection can occur within the withpasswd function. This can then lead to a potential RCE. Patches Users should upgrade immediately to v1.9.5. All prior versions are vulnerabl...