OpenClaw: BlueBubbles beta plugin webhook auth hardening (remove passwordless fallback)

Summary BlueBubbles webhook auth in the optional beta iMessage plugin allowed a passwordless fallback path. In some reverse-proxy/local routing setups, this could allow unauthenticated webhook events. Affected Component and Scope - Component: extensions/bluebubbles webhook handler - Scope: only...

CVE-2025-15469

Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error. Impact summary: A user signing or verifying files larger than 16MB with one-shot algorithms such as Ed25519, Ed448, or ML-DSA m...

CVE-2023-53606

The CVE-2023-53606 issue concerns the Linux kernel nfsd COPY codepath, where potential refcount leaks of nfsd_file could occur in COPY codepaths (embedded and async copies). The embedded nfsd4_copy cleanup is updated to always release nfsd_file refs before nfsd4_copy returns, and cleanup_async_co...

SUSE CVE-2025-39677

In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix backlog accounting in qdiscdequeueinternal This issue applies for the following qdiscs: hhf, fq, fqcodel, and fqpie, and occurs in their change handlers when adjusting to the new limit. The problem is the following...

Linux Distros Unpatched Vulnerability : CVE-2024-46779

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Free pvrvmgpuva after unlink This caused a measurable memory leak. Although...

CVE-2024-46779 drm/imagination: Free pvr_vm_gpuva after unlink

In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Free pvrvmgpuva after unlink This caused a measurable memory leak. Although the individual allocations are small, the leaks occurs in a high-usage codepath remapping or unmapping device memory so they add up...

CVE-2023-52909

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix handling of cached open files in nfsd4open codepath Commit fb70bf124b05 "NFSD: Instantiate a struct file when creating a regular NFSv4 file" added the ability to cache an open fd over a compound. There are a couple of...

CVE-2023-5175

During process shutdown, it was possible that an ImageBitmap was created that would later be used after being freed from a different codepath, leading to a potentially exploitable crash. This vulnerability affects Firefox 118...

PT-2025-40769

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel has a flaw related to the handling of nfsd file reference counts within the Network File System NFS copy codepath. Specifically, there is a potential for reference count...

Missing unlock in XENMEM_acquire_resource error path

ISSUE DESCRIPTION The RCU Read, Copy, Update mechanism is a synchronisation primitive. A buggy error path in the XENMEMacquireresource exits without releasing an RCU reference, which is conceptually similar to forgetting to unlock a spinlock. IMPACT A buggy or malicious HVM stubdomain can cause a...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Tealeaf Customer Experience

Summary OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM Tealeaf Customer Experience. IBM Tealeaf Customer Experience has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-6304 DESCRIPTION: OpenSSL is vulnerable ...